Abhik Sarkar's avatar
Back to Concepts
linuxkerneldrivers

Linux Kernel Modules: Extending the Kernel at Runtime

12 min

Master Linux kernel modules through interactive visualizations. Learn how to load, unload, develop, and debug kernel modules that extend Linux functionality.

Best viewed on desktop for optimal interactive experience

The Kernel's Plugin System

Imagine if you had to rebuild your entire operating system kernel every time you wanted to add support for a new device or filesystem. That was the reality in early Unix systems. Linux kernel modules changed everything by introducing a plugin system for the kernel - allowing you to extend kernel functionality on the fly without rebooting.

Kernel modules are like LEGO blocks for your operating system. Each module is a piece of code that can be snapped into the running kernel to add new capabilities - device drivers, filesystems, network protocols, or security features. When you plug in a USB device or mount an exotic filesystem, kernel modules spring into action, dynamically extending your kernel's abilities.

This modular architecture makes Linux incredibly flexible. Your distribution can ship with a generic kernel that works on countless hardware configurations, loading only the specific modules needed for your system.

Interactive Kernel Modules Visualization

Explore how kernel modules work, their lifecycle, and development process:

Linux Kernel Modules

What are Kernel Modules?

Kernel modules are pieces of code that can be loaded and unloaded into the kernel on demand. They extend kernel functionality without requiring a reboot.

Dynamic Loading
Load drivers and features as needed
Memory Efficient
Only load what you need
No Reboot Required
Add/remove features on the fly
Kernel Space Access
Full hardware and kernel access
Common Module Types
Filesystems
Device Drivers
Security
Network

Module Management Commands

lsmod
List loaded modules
modinfo module_name
Show module information
insmod module.ko
Insert module (low-level)
modprobe module_name
Load module with dependencies
rmmod module_name
Remove module
depmod -a
Generate module dependencies
Module Locations
/lib/modules/$(uname -r)/
# Current kernel modules
/lib/modules/$(uname -r)/kernel/
# Built-in kernel modules
/lib/modules/$(uname -r)/updates/
# Updated modules
/lib/modules/$(uname -r)/extra/
# Third-party modules

Understanding Kernel Modules

Loadable kernel modules (.ko files) extend kernel functionality at runtime. Run in kernel space with full privileges. Each module has:

  • Metadata: License, author, description, version
  • Init function: Called when loaded
  • Exit function: Called when unloaded
# List loaded modules
lsmod

# Module information
modinfo ext4
# Shows: filename, description, license, dependencies

Module Management

# Load/unload modules
insmod module.ko           # Manual load
rmmod module_name          # Remove
modprobe module_name       # Smart load with dependencies
modprobe -r module_name    # Remove with dependencies

# View dependencies
modprobe --show-depends ext4
depmod -a                  # Rebuild dependency database

Configuration

# /etc/modprobe.d/blacklist.conf - Prevent loading
blacklist pcspkr

# /etc/modprobe.d/options.conf - Set parameters
options i915 enable_fbc=1

# /etc/modules-load.d/modules.conf - Load at boot
nvidia

Developing Kernel Modules

Basic structure: Include kernel headers, define init/exit functions, register with module_init() and module_exit().

Building: Use kernel build system with simple Makefile.

obj-m += mydriver.o
all:
	make -C /lib/modules/$(shell uname -r)/build M=$(PWD) modules

Module parameters: Pass configuration at load time.

insmod mymodule.ko debug_level=3
# Or configure persistently in /etc/modprobe.d/

Debugging

Kernel logging: Use printk() with log levels (KERN_INFO, KERN_ERR, etc.). Modern alternative: pr_info(), pr_err().

# View logs
dmesg | tail -50
journalctl -k -f

# Enable debug messages
echo 'module mymodule +p' > /sys/kernel/debug/dynamic_debug/control

Advanced tools: ftrace, SystemTap, GDB with kcore.

Module Types

Device Drivers:

  • Character devices (serial, terminals)
  • Block devices (disks, SSDs)
  • Network devices (NICs)

Filesystem Modules: Register with register_filesystem(), implement mount/unmount operations.

Network Protocol Modules: Handle custom packet types, integrate with network stack.

Security

Module Signing: Cryptographically sign modules to prevent loading untrusted code. Enforced with CONFIG_MODULE_SIG_FORCE=y.

# Check signing enforcement
cat /sys/module/module/parameters/sig_enforce

Capabilities: Modules can check user capabilities before granting access (CAP_SYS_ADMIN, CAP_NET_ADMIN, etc.).

Performance

Memory Management:

  • kmalloc()/kfree(): Small allocations
  • vmalloc()/vfree(): Large allocations
  • kmem_cache: Object pools for frequent allocations

Locking:

  • Spinlocks: Short critical sections, cannot sleep
  • Mutexes: Can sleep, heavier
  • RW locks: Multiple readers, exclusive writer
  • RCU: Read-Copy-Update for scalability

Troubleshooting

# Version mismatch
modprobe: ERROR: Exec format error
# Solution: Rebuild against current kernel

# Unknown symbols
dmesg | tail  # Check missing dependencies

# Module in use
lsmod | grep module
# Stop processes using it before rmmod

# Tainted kernel
cat /proc/sys/kernel/tainted
# Non-zero = tainted (proprietary, unsigned, forced modules)

Best Practices

  1. Always check return values and handle errors
  2. Use proper locking to prevent race conditions
  3. Validate all user input - never trust userspace
  4. Clean up resources in exit function
  5. Follow kernel coding style
  6. Test with various kernel configs

See Kernel Architecture for how modules integrate with the kernel.

If you found this explanation helpful, consider sharing it with others.

Mastodon