What is the difference between user mode and kernel mode?

Modern CPUs support (at minimum) two protection levels: User mode (ring 3 in x86): restricted execution environment for user applications. Cannot directly access hardware, cannot execute privileged instructions. If a user-mode program tries to access kernel memory or execute privileged instructions → CPU generates a protection fault → OS kills the process. Kernel mode (ring 0 in x86): privileged execution for the OS kernel. Full access to hardware, all memory, all instructions. No restrictions — can crash the entire system if buggy. Why the distinction? Security and stability — user programs can't interfere with the kernel or each other's protected data. One buggy app doesn't bring down the system. Mode switching: user programs request OS services via system calls (syscalls). When a process calls read(), write(), malloc() (which calls brk/mmap), etc.: (1) User mode: execute system call instruction (SYSCALL on x86-64, int 0x80 older); (2) CPU switches to kernel mode; (3) Kernel validates parameters, performs the operation; (4) Returns result; (5) CPU switches back to user mode. Context switch cost: mode switch (user↔kernel) is cheap (~50 cycles). Process context switch is expensive (100s of ns). x86 protection rings: Ring 0 (kernel), Ring 1 (device drivers — rarely used), Ring 2 (device drivers — rarely used), Ring 3 (user applications). Linux and Windows only use Ring 0 and Ring 3. Hypervisor (Ring -1): virtualization introduces Ring -1 for the hypervisor — runs below even the guest OS kernel.