The idea of kernel-space user-space separation always was that kernel code is validated and safe; but errors in kernel-space often are fatal to the system. On the other hand user-space is considered un-trusted; errors are fatal to the application but not to the system. Introducing kernel code potentially breaks this trusted-code concept. If a decision is made to introduce kernel code in a project, carrying out a security evaluation is required, which again requires that a security policy is available. Since the kernel is one flat address space and it is non pre-emptive in principal, deadlock prevention is up to the programmer.