Loadable kernel module

From Wikipedia, the free encyclopedia

This article may require cleanup to meet Wikipedia's quality standards. Please improve this article if you can. (June 2006)

In computing, a loadable kernel module, or an LKM, is an object file that contains code to extend the running kernel, or so-called base kernel, of an operating system. Most current Unix-like systems, and Microsoft Windows, support loadable kernel modules, although they might use a different name for them, such as "kernel extension" ("kext") in Mac OS X. LKM's are typically used to add support for new hardware and/or filesystems, or for adding system calls. When the functionality provided by an LKM is no longer required, it can be unloaded in order to free memory.

Contents 1 Description 2 Linux modules 3 License issues 3.1 Linux 3.1.1 Tainting 3.1.2 Linuxant controversy 4 Binary compatibility 5 Fragmentation penalty 6 Security 7 See also 8 References

[edit] Description

Without loadable kernel modules, an operating system would have to have all possible anticipated functionality already compiled directly into the base kernel. Much of that functionality would reside in memory without being used, wasting memory, and would require that users rebuild and reboot the base kernel every time new functionality is desired. Most OSes supporting loadable kernel modules will include modules to support most desired functionality.

[edit] Linux modules

Main article: modprobe

Modules in Linux are a collection of routines that perform a system-level function. They can be device modules that is a non-linked driver which contain device specific system routines and fills in non-boot gaps in the kernel. ^[1]

Linux modules are located in /lib/modules and they have had the extension ".ko" since version 2.6.

To see what a kernel module can do, one can use this command (it parses the Kconfig files -displayed when using make menuconfig- found in your kernel source directory):

module="<module name>"; find -name 'Kconfig' -type f -exec awk 'BEGIN {RS="\nconfig|\nsource"}/'"$module"'/' {} \;

[edit] License issues

[edit] Linux

In the opinion of Linux maintainers, LKM are derived works of the kernel. The Linux maintainers tolerate the distribution of proprietary modules, but allow symbols to be marked as only available to GPL modules.

[edit] Tainting

Loading a proprietary LKM will 'taint' the running kernel—meaning that any problems or bugs experienced will be less likely to be investigated by the maintainers. LKMs effectively become part of the running kernel, so can corrupt kernel data structures and produce bugs that cannot be investigated due to the proprietary nature of the module.

[edit] Linuxant controversy

In 2001, Linuxant—a consulting company that releases proprietary device drivers as loadable kernel modules—attempted to bypass GPLONLY symbol restrictions by abusing a NULL terminator in their MODULE_LICENSE.

MODULE_LICENSE("GPL\0for files in the \"GPL\" directory; for others, only LICENSE file applies");

The string comparison code used by the kernel at the time to determine whether the module was GPLed stopped when it reached a null character (\0), so it would be fooled into thinking that the module was declaring its licence to be just "GPL". The GPL directory referred to in the rest of the licence string was empty.^[2]

[edit] Binary compatibility

Because of the intimate relationship between loadable kernel modules and the base kernel, relatively minor differences in internal structures or methods can result in problems.

On Linux, in an attempt to mitigate this problem, symbol versioning is used and placed within the .modinfo section of ELF modules. This versioning information can be compared to the running kernel; if incompatible, the module will not be loaded.

[edit] Fragmentation penalty

One minor criticism of preferring a modular kernel over a static kernel is the so-called Fragmentation Penalty. The base kernel is always unpacked into real contiguous memory by its setup routines; so, the base kernel code is never fragmented. Once the system is in a state where modules may be inserted—for example, once the filesystems have been mounted that contain the modules—it is probable that any new kernel code insertion will cause the kernel to become fragmented, thereby introducing a minor performance penalty.^{[citation needed]}

[edit] Security

While loadable kernel modules are a convenient method of modifying the running kernel, this can be abused by an attacker on a compromised system to prevent detection of his processes or files, allowing him to maintain control over the system. Many rootkits make use of LKMs in this way.

[edit] See also

• modprobe

[edit] References

1. ^ Debian - Package Search Results - makedev
2. ^ Further discussion here

v • d • e The Linux operating system General Adoption · Comparison of Windows and Linux · Criticism · GNU Project · History · Linux Foundation · Kernel (portability) · Linus's Law · GNU/Linux naming controversy · Tux Linux Portal Distribution Distribution (comparison) · Live CD (comparison) · Live USB · Mini Linux · Package formats Applications ALSA · Desktop · Devices · Embedded · Gaming · LAMP · Thin client People Jono Bacon · Benjamin Mako Hill · Pamela Jones · Ari Lemmke · Andrew Morton · Ian Murdock · Hans Reiser · Scott James Remnant · Daniel Robbins · Mark Shuttleworth · Richard Stallman · Linus Torvalds · Patrick Volkerding · Warren Woodford · Matt Zimmerman Media Enterprise open source journal · Free Software Magazine · Linux.com · Linux Format · Linux Gazette · Linux Journal · Linux-Magazin · Linux Magazine · Linux Medical News · LWN.net · O3 Magazine · Phoronix Lists Devices · Distributions · LiveDistros Mobile Access Linux Platform · Android · LiMo Platform · Mobilinux · Moblin project · Ubuntu Mobile and Embedded Edition · Linux Phone Standards Forum Other topics Linux malware · Linux Users' Group (LUG) · Linux Standard Base · Revolution OS · SCO and Linux · Tanenbaum-Torvalds debate

v • d • e Operating system Kernel Microkernel, Monolithic kernel, Hybrid kernel, Kernel space, Loadable kernel module, Nanokernel, device driver, User space, Userland (computing) Process management Process (computing), Multiprogramming, Interrupt, Protected mode, Supervisor mode, Computer multitasking, Process management (computing), Scheduling (computing), Context switch, Cooperative multitasking, Preemptive multitasking, CPU modes Memory management Memory protection, Segmentation, Paging, Memory management unit, Segmentation fault, General protection fault Examples AmigaOS, Microsoft Windows, Linux, GNU, UNIX, Mac OS, MS-DOS Miscellaneous concepts Boot loader, API, VFS, Computer network, GUI, History of operating systems, HAL