Kernel Mode Prevention

Can someone briefly explain how prebuild works when executed in kernel mode?

It works just like any other context switch. When an interrupt occurs in pre-released code, the CPU jumps to the appropriate interrupt handler and leaves some stack information (usually the RIP / CS / EFLAGS / RSP / SS registers of the interrupted task) so that it can return to pre later.

So, when the system call is made, the software interrupt will switch the thread to kernel mode and it will work as needed. Now let's say that its time slice has already been inserted - and another user thread starts up and wants to execute in kernel space as well. (Or it could be h / w interrupt). How does the kernel maintain the integrity of any structures it modified for T1 when it was interrupted?

Let's call the first (previously missed) task T1 and the new task T2. If T1 accessed some data structures, then T1 must first acquire locks. All kernel data structures that can be accessed by multiple threads at the same time are (almost) locked. If T2 tried to access the same data structure then it will not be able to acquire the lock as T1 still has it, as a result T2 locks and returns the CPU by another task. After a while, T1 will start executing again, release its locks, sleep again, go back to T2, T2 will acquire the lock, execute it, release the lock, etc.

If multiple threads are trying to access the same protected data at the same time, only the first thread will have access, usually all other threads will wait.