Abhik Sarkar's avatar
Back to Concepts
linuxkerneloperating-systemssystem-programmingarchitecture

Linux Kernel Architecture: Core Subsystems Deep Dive

25 min

Master the Linux kernel architecture through interactive visualizations. Explore kernel layers, memory management, process scheduling, VFS, and the complete boot process.

Best viewed on desktop for optimal interactive experience

The Linux Kernel: Heart of the Operating System

The Linux kernel is a monolithic kernel that serves as the core of all Linux distributions. It manages hardware resources, provides essential services to applications, and ensures secure, efficient operation of the entire system.

Interactive Kernel Architecture Explorer

Explore the complete Linux kernel architecture with interactive visualizations:

Linux Kernel Architecture Explorer

Deep dive into the Linux kernel subsystems, memory management, and process scheduling

Linux Kernel Architecture

Protection Rings

  • Ring 0: Kernel mode - full hardware access
  • Ring 3: User mode - restricted access
  • System calls transition from Ring 3 to Ring 0

Key Subsystems

  • Process & thread management
  • Memory allocation & paging
  • Device drivers & I/O
  • Network protocol stack

Linux Kernel Key Concepts

Monolithic Kernel

All kernel services run in kernel space with direct hardware access

Loadable Modules

Extend kernel functionality without recompilation using kernel modules

Everything is a File

Unified interface for devices, processes, and system information

Kernel Architecture Overview

Monolithic Design

Linux uses a monolithic kernel architecture where all kernel services run in kernel space with direct hardware access. This design offers:

  • Performance: Direct function calls instead of message passing
  • Efficiency: Minimal overhead for system operations
  • Complexity: All components tightly integrated
  • Flexibility: Loadable kernel modules for extensibility

Protection Rings

The x86 architecture provides four privilege levels (rings):

Ring 0 (Kernel Mode):
- Full hardware access
- All CPU instructions available
- Direct memory manipulation
- Device driver execution

Ring 3 (User Mode):
- Restricted instruction set
- Virtual memory access only
- System calls for kernel services
- Process isolation enforced

Rings 1 and 2 are rarely used in modern Linux systems.

Core Kernel Subsystems

1. Process Management

The kernel creates, schedules, and manages all processes:

struct task_struct {
    volatile long state;      // Process state
    void *stack;              // Kernel stack
    unsigned int flags;       // Process flags
    int prio, static_prio;    // Priority values
    struct mm_struct *mm;     // Memory descriptor
    pid_t pid;               // Process ID
    pid_t tgid;              // Thread group ID
    struct task_struct *parent;  // Parent process
    struct list_head children;   // Child processes
    // ... many more fields
};

Key Components:

  • Scheduler: CFS (Completely Fair Scheduler) for normal processes
  • Fork/Exec: Process creation and program execution
  • Signals: Inter-process communication
  • Threads: Lightweight processes sharing resources

2. Memory Management

Linux implements sophisticated virtual memory management:

Virtual Address Space Layout:

0xFFFFFFFFFFFFFFFF ┌─────────────────┐
                   │  Kernel Space   │ (Ring 0)
0xFFFF800000000000 ├─────────────────┤
                   │      Hole       │
0x00007FFFFFFFFFFF ├─────────────────┤
                   │     Stack       │ ↓ grows down
                   ├─────────────────┤
                   │  Memory Mapped  │
                   │     Files       │
                   ├─────────────────┤
                   │      Heap       │ ↑ grows up
                   ├─────────────────┤
                   │      BSS        │ (uninitialized data)
                   ├─────────────────┤
                   │      Data       │ (initialized data)
                   ├─────────────────┤
                   │      Text       │ (code)
0x0000000000400000 └─────────────────┘

Memory Zones:

  • ZONE_DMA: First 16MB for legacy ISA devices
  • ZONE_DMA32: First 4GB for 32-bit DMA devices
  • ZONE_NORMAL: Normal addressable pages
  • ZONE_HIGHMEM: Memory above 896MB (32-bit only)

3. Virtual File System (VFS)

The VFS provides a unified interface for all filesystems:

struct file_operations {
    loff_t (*llseek) (struct file *, loff_t, int);
    ssize_t (*read) (struct file *, char __user *, size_t, loff_t *);
    ssize_t (*write) (struct file *, const char __user *, size_t, loff_t *);
    int (*open) (struct inode *, struct file *);
    int (*release) (struct inode *, struct file *);
    // ... more operations
};

Key Abstractions:

  • Superblock: Filesystem metadata
  • Inode: File metadata
  • Dentry: Directory entry cache
  • File: Open file descriptor

4. Network Stack

Complete TCP/IP implementation in kernel space:

Application Layer    │ Sockets API
─────────────────────┼──────────────
Transport Layer      │ TCP, UDP, SCTP
─────────────────────┼──────────────
Network Layer        │ IPv4, IPv6, ICMP
─────────────────────┼──────────────
Link Layer          │ Ethernet, WiFi
─────────────────────┼──────────────
Device Drivers      │ Hardware NICs

5. Device Drivers

Interface between kernel and hardware:

Driver Types:

  • Character devices: Stream of bytes (serial ports, terminals)
  • Block devices: Random access (hard drives, SSDs)
  • Network devices: Network interfaces

System Call Interface

System calls are the API between user space and kernel space:

// User space
int fd = open("/etc/passwd", O_RDONLY);

// Transitions to kernel space via:
// 1. Software interrupt (int 0x80) - legacy
// 2. SYSENTER/SYSCALL - modern fast path

// Kernel space
SYSCALL_DEFINE3(open, const char __user *, filename,
                int, flags, umode_t, mode) {
    // Kernel implementation
}

Linux Boot Process

Watch the complete boot sequence from power-on to login:

Linux Boot Process Visualization

Watch the complete Linux boot sequence from power-on to login prompt

System Ready

Boot Sequence

BIOS/UEFI
Bootloader (GRUB)
Kernel Loading
initramfs/initrd
Init System
Runlevel/Target
Login Prompt

Boot Log

0 messages
Waiting for boot to start...

Boot Methods

  • BIOS: Legacy boot using Master Boot Record
  • UEFI: Modern boot with GPT partitioning
  • Secure Boot: Cryptographic verification of boot components

Init Systems

  • systemd: Modern parallel init system
  • SysV init: Traditional sequential init
  • Upstart: Event-based init system

Common Boot Issues

GRUB Rescue Mode:

Boot configuration missing or corrupted. Use rescue commands to manually boot.

Kernel Panic:

Critical error during kernel initialization. Check hardware and kernel parameters.

Failed to Mount Root:

Root filesystem not found. Verify UUID in GRUB configuration.

Emergency Mode:

System cannot reach default target. Check systemd service failures.

Boot Sequence Details

1. BIOS/UEFI Phase

  • Power-On Self Test (POST)
  • Hardware initialization
  • Boot device detection
  • Load bootloader from MBR/EFI partition

2. Bootloader (GRUB2)

  • Stage 1: Loaded from MBR (512 bytes)
  • Stage 1.5: Filesystem drivers
  • Stage 2: Full GRUB with menu
  • Load kernel and initramfs into memory

3. Kernel Initialization

start_kernel() {
    setup_arch();           // Architecture-specific setup
    mm_init();             // Memory management
    sched_init();          // Scheduler initialization
    init_IRQ();            // Interrupt handling
    init_timers();         // Timer subsystem
    console_init();        // Early console
    rest_init();          // Start init process
}

4. initramfs/initrd

  • Temporary root filesystem in RAM
  • Contains essential drivers and tools
  • Mounts real root filesystem
  • Pivots to real root

5. Init System (systemd)

# systemd boot sequence
systemd (PID 1)
├── basic.target
├── sysinit.target
├── network.target
├── multi-user.target
└── graphical.target (if GUI)

6. User Space

  • Start system services
  • Configure networking
  • Mount filesystems
  • Start login manager

Kernel Configuration

Building Custom Kernels

# Download kernel source
wget https://kernel.org/pub/linux/kernel/v6.x/linux-6.6.tar.xz
tar -xf linux-6.6.tar.xz
cd linux-6.6

# Configure kernel
make menuconfig  # or xconfig, oldconfig

# Build kernel
make -j$(nproc)
make modules_install
make install

# Update bootloader
grub-mkconfig -o /boot/grub/grub.cfg

Kernel Parameters

# Common boot parameters
quiet           # Suppress verbose messages
splash          # Show splash screen
init=/bin/bash  # Emergency shell
single          # Single user mode
nomodeset       # Disable kernel mode setting

Kernel Modules

Extend kernel functionality without recompilation:

#include <linux/init.h>
#include <linux/module.h>
#include <linux/kernel.h>

static int __init hello_init(void) {
    printk(KERN_INFO "Hello, Kernel!\n");
    return 0;
}

static void __exit hello_exit(void) {
    printk(KERN_INFO "Goodbye, Kernel!\n");
}

module_init(hello_init);
module_exit(hello_exit);

MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("Simple kernel module");

Module Management

# List loaded modules
lsmod

# Load module
insmod module.ko
modprobe module_name

# Remove module
rmmod module_name

# Module information
modinfo module.ko

Performance and Debugging

Kernel Tracing

# Function tracing
echo function > /sys/kernel/debug/tracing/current_tracer
cat /sys/kernel/debug/tracing/trace

# System calls
strace -c ./application

# Kernel events
perf record -e syscalls:* ./application
perf report

/proc Filesystem

/proc/cpuinfo       # CPU information
/proc/meminfo       # Memory statistics
/proc/modules       # Loaded modules
/proc/kallsyms      # Kernel symbols
/proc/sys/          # Kernel tunables

sysfs Interface

/sys/class/         # Device classes
/sys/devices/       # Device hierarchy
/sys/module/        # Module parameters
/sys/kernel/        # Kernel subsystems

Security Features

Linux Security Modules (LSM)

  • SELinux: Mandatory Access Control
  • AppArmor: Path-based MAC
  • SMACK: Simplified MAC

Kernel Hardening

# Security options
kernel.kptr_restrict=2       # Hide kernel pointers
kernel.dmesg_restrict=1      # Restrict dmesg
kernel.yama.ptrace_scope=1   # Limit ptrace
kernel.unprivileged_bpf_disabled=1  # Disable unprivileged BPF

Modern Kernel Features

cgroups (Control Groups)

# CPU limitation
echo 50000 > /sys/fs/cgroup/cpu/mygroup/cpu.cfs_quota_us

# Memory limitation
echo 1G > /sys/fs/cgroup/memory/mygroup/memory.limit_in_bytes

Namespaces

  • PID: Process isolation
  • Network: Network stack isolation
  • Mount: Filesystem mount points
  • UTS: Hostname and domain
  • IPC: Inter-process communication
  • User: User and group IDs

eBPF (Extended Berkeley Packet Filter)

// BPF program example
int xdp_prog(struct xdp_md *ctx) {
    // Process network packets
    return XDP_PASS;
}

Best Practices

Kernel Development

  1. Follow Linux coding style
  2. Use appropriate locking mechanisms
  3. Minimize time in interrupt context
  4. Avoid blocking in atomic context
  5. Test thoroughly with different configs

System Administration

  1. Keep kernel updated for security
  2. Use LTS kernels for stability
  3. Monitor kernel logs (dmesg, journalctl)
  4. Tune kernel parameters appropriately
  5. Document custom configurations

Conclusion

The Linux kernel is a masterpiece of software engineering, managing complex hardware while providing a stable, secure platform for applications. Understanding its architecture helps in:

  • System administration and troubleshooting
  • Performance optimization
  • Security hardening
  • Driver development
  • Container and virtualization technologies

Master these concepts to become proficient in Linux system programming and administration.

If you found this explanation helpful, consider sharing it with others.

Mastodon