@Bikram sir, I think option B is correct. Following is the explanation(please correct me if I am wrong).
In case of CPU with explicit I/O instruction, protection is provided by having I/O instruction privileged. So that if user process executes an I/O instruction then it will result in a hardware trap as it is not in kernel mode.
Now, thinking in the same line if we consider case of memory mapped I/O. Here we have some address range which is used to access I/O device, so we can do I/O operation by simple memory access operations. Now, in order to provide I/O protection we should not allow any user process to access that region of address. This can be implemented by using two registers (limit and base), such that if any address produced by a user process lies between limit and base then it produces a harware trap. But if it is accessed by kernel process then it should not result in a trap (as it is kernel mode).
ultimately in both cases we want to protect user process from directly doing I/O, and we want it to leave off burden of doing I/O task to os.