Share to: share facebook share twitter share wa share telegram print page

Loadable kernel module

In computing, a loadable kernel module (LKM) is an object file that contains code to extend the running kernel, or so-called base kernel, of an operating system. LKMs are typically used to add support for new hardware (as device drivers) and/or filesystems, or for adding system calls. When the functionality provided by an LKM is no longer required, it can be unloaded in order to free memory and other resources.

Most current Unix-like systems and Microsoft Windows support loadable kernel modules under different names, such as kernel loadable module (kld) in FreeBSD, kernel extension (kext) in macOS (although support for third-party modules is being dropped[1]),[2] kernel extension module in AIX, dynamically loadable kernel module in HP-UX,[3] kernel-mode driver in Windows NT[4] and downloadable kernel module (DKM) in VxWorks. They are also known as kernel loadable modules (or KLM), and simply as kernel modules (KMOD).

Advantages

Without loadable kernel modules, an operating system would have to include all possible anticipated functionality compiled directly into the base kernel. Much of that functionality would reside in memory without being used, wasting memory [citation needed], and would require that users rebuild and reboot the base kernel every time they require new functionality.

Disadvantages

One minor criticism of preferring a modular kernel over a static kernel is the so-called fragmentation penalty. The base kernel is always unpacked into real contiguous memory by its setup routines; thus, the base kernel code is never fragmented. Once the system is in a state in which modules may be inserted, for example once the filesystems have been mounted that contain the modules, it is likely that any new kernel code insertion will cause the kernel to become fragmented, thereby introducing a minor performance penalty by using more TLB entries, causing more TLB misses.[citation needed]

Implementations in different operating systems

Linux

Loadable kernel modules in Linux are loaded (and unloaded) by the modprobe command. They are located in /lib/modules or /usr/lib/modules and have had the extension .ko ("kernel object") since version 2.6 (previous versions used the .o extension).[5] The lsmod command lists the loaded kernel modules. In emergency cases, when the system fails to boot due to e.g. broken modules, specific modules can be enabled or disabled by modifying the kernel boot parameters list (for example, if using GRUB, by pressing 'e' in the GRUB start menu, then editing the kernel parameter line).

License issues

In the opinion of Linux maintainers, LKM are derived works of the kernel[citation needed]. The Linux maintainers tolerate the distribution of proprietary modules,[citation needed] but allow symbols to be marked as only available to GNU General Public License (GPL) modules.

Loading a proprietary or non-GPL-compatible module will set a 'taint' flag[6][7] in the running kernel—meaning that any problems or bugs experienced will be less likely to be investigated by the maintainers.[8][9] LKMs effectively become part of the running kernel, so can corrupt kernel data structures and produce bugs that may not be able to be investigated if the module is indeed proprietary.

Linuxant controversy

In 2004, Linuxant, a consulting company that releases proprietary device drivers as loadable kernel modules, attempted to abuse a null terminator in their MODULE_LICENSE, as visible in the following code excerpt:

MODULE_LICENSE("GPL\0for files in the \"GPL\" directory; for others, only LICENSE file applies");

The string comparison code used by the kernel at the time tried to determine whether the module was GPLed stopped when it reached a null character (\0), so it was fooled into thinking that the module was declaring its license to be just "GPL".[10]

FreeBSD

Kernel modules for FreeBSD are stored within /boot/kernel/ for modules distributed with the operating system, or usually /boot/modules/ for modules installed from FreeBSD ports or FreeBSD packages, or for proprietary or otherwise binary-only modules. FreeBSD kernel modules usually have the extension .ko. Once the machine has booted, they may be loaded with the kldload command, unloaded with kldunload, and listed with kldstat. Modules can also be loaded from the loader before the kernel starts, either automatically (through /boot/loader.conf) or by hand.

macOS

Some loadable kernel modules in macOS can be loaded automatically. Loadable kernel modules can also be loaded by the kextload command. They can be listed by the kextstat command. Loadable kernel modules are located in bundles with the extension .kext. Modules supplied with the operating system are stored in the /System/Library/Extensions directory; modules supplied by third parties are in various other directories.

NetWare

A NetWare kernel module is referred to as a NetWare Loadable Module (NLM). NLMs are inserted into the NetWare kernel by means of the LOAD command, and removed by means of the UNLOAD command; the modules command lists currently loaded kernel modules. NLMs may reside in any valid search path assigned on the NetWare server, and they have .NLM as the file name extension.

VxWorks

A downloadable kernel module (DKM) type project can be created to generate a ".out" file which can then be loaded to kernel space using "ld" command. This downloadable kernel module can be unloaded using "unld" command.

Solaris

Solaris has a configurable kernel module load path, which defaults to /platform/platform-name/kernel /kernel /usr/kernel. Most kernel modules live in subdirectories under /kernel; those not considered necessary to boot the system to the point that init can start are often (but not always) found in /usr/kernel. When running a DEBUG kernel build the system actively attempts to unload modules.

Binary compatibility

Linux does not provide a stable API or ABI for kernel modules. This means that there are differences in internal structure and function between different kernel versions, which can cause compatibility problems. In an attempt to combat those problems, symbol versioning data is placed within the .modinfo section of loadable ELF modules. This versioning information can be compared with that of the running kernel before loading a module; if the versions are incompatible, the module will not be loaded.

Other operating systems, such as Solaris, FreeBSD, macOS, and Windows keep the kernel API and ABI relatively stable, thus avoiding this problem. For example, FreeBSD kernel modules compiled against kernel version 6.0 will work without recompilation on any other FreeBSD 6.x version, e.g. 6.4. However, they are not compatible with other major versions and must be recompiled for use with FreeBSD 7.x, as API and ABI compatibility is maintained only within a branch.

Security

While loadable kernel modules are a convenient method of modifying the running kernel, this can be abused by attackers on a compromised system to prevent detection of their processes or files, allowing them to maintain control over the system. Many rootkits make use of LKMs in this way. Note that, on most operating systems, modules do not help privilege elevation in any way, as elevated privilege is required to load a LKM; they merely make it easier for the attacker to hide the break-in.[11]

Linux

Linux allows disabling module loading via sysctl option /proc/sys/kernel/modules_disabled.[12][13] An initramfs system may load specific modules needed for a machine at boot and then disable module loading. This makes the security very similar to a monolithic kernel. If an attacker can change the initramfs, they can change the kernel binary.

macOS

In OS X Yosemite and later releases, a kernel extension has to be code-signed with a developer certificate that holds a particular "entitlement." Such a developer certificate is only provided by Apple on request and not automatically given to Apple Developer members. This feature, called "kext signing", is enabled by default and it instructs the kernel to stop booting if unsigned kernel extensions are present.[14] In OS X El Capitan and later releases, it is part of System Integrity Protection.

In older versions of macOS, or if kext signing is disabled, a loadable kernel module in a kernel extension bundle can be loaded by non-root users if the OSBundleAllowUserLoad property is set to True in the bundle's property list.[15] However, if any of the files in the bundle, including the executable code file, are not owned by root and group wheel, or are writable by the group or "other", the attempt to load the kernel loadable module will fail.[16]

Solaris

Kernel modules can optionally have a cryptographic signature ELF section which is verified on load depending on the Verified Boot policy settings. The kernel can enforce that modules are cryptographically signed by a set of trusted certificates; the list of trusted certificates is held outside of the OS in the ILOM on some SPARC based platforms. Userspace initiated kernel module loading is only possible from the Trusted Path when the system is running with the Immutable Global Zone feature enabled.

See also

References

  1. ^ "Deprecated Kernel Extensions and System Extension Alternatives". Apple Inc. Retrieved 13 March 2021.
  2. ^ "Kernel Extension Programming Topics: Introduction". Apple Inc. September 1, 2010. Archived from the original on May 4, 2013. Retrieved May 5, 2013.
  3. ^ "Managing and Developing DynamicallyLoadable Kernel Modules". Hewlett-Packard. June 7, 2001.
  4. ^ "What Determines When a Driver Is Loaded". Microsoft Developer Network. Microsoft. November 21, 2012. Archived from the original on March 6, 2013. Retrieved May 5, 2013.
  5. ^ "The Linux Kernel Module Programming Guide, section 2.2 "Compiling Kernel Modules"". Retrieved 2020-10-05.
  6. ^ Linus Torvalds; et al. (2011-06-21). "Documentation/oops-tracing.txt". kernel.org. Archived from the original on 2011-10-02. Retrieved 2011-10-03.
  7. ^ "Tainted kernels". The Linux kernel user’s and administrator’s guide.
  8. ^ Jonathan Corbet (2006-03-24). "Tainting from user space". LWN.net. Archived from the original on 2011-11-16. Retrieved 2011-10-03.
  9. ^ "Novell support documentation: Tainted kernel". 2007-07-26. Retrieved 2011-10-03.
  10. ^ Jonathan Corbet (April 27, 2004). "Being honest with MODULE_LICENSE". LWN.net. Archived from the original on November 2, 2012. Retrieved October 30, 2012.
  11. ^ Exploiting Loadable Kernel Modules Archived 2012-02-04 at the Wayback Machine
  12. ^ "Sysctl/kernel.txt". Archived from the original on April 15, 2013. Retrieved January 4, 2013.
  13. ^ Kees Cook (2012-11-28). "Clean module disabling". outflux.net. Retrieved 2020-10-05.
  14. ^ "Kernel Extensions". Mac Developer Library. Apple. September 16, 2015. Archived from the original on August 17, 2016. Retrieved September 29, 2016.
  15. ^ "Info.plist Properties for Kernel Extensions". Apple Inc. Archived from the original on September 26, 2012. Retrieved September 27, 2012.
  16. ^ kextload(8) – Darwin and macOS System Manager's Manual

Baca informasi lainnya yang berhubungan dengan : article

Article 19 Article 20

Read other articles:

  لمعانٍ أخرى، طالع باجة (توضيح). 38°00′56″N 7°51′55″W / 38.015555555556°N 7.8652777777778°W / 38.015555555556; -7.8652777777778   باجة (البرتغال)   باجة (البرتغال) باجة (البرتغال) تقسيم إداري البلد البرتغال  [1][2] عاصمة لـ باجةطائفة باجة ويابرة  التقسيم الأعلى باجة (القرن 20–)ألي…

Date A LiveMusim 4Key visualNegara asalJepangRilisTanggal tayang8 April (2022-04-08) –24 Juni 2022 (2022-6-24)Kronologi Musim← SebelumnyaDate A Live III Selanjutnya →Date A Live V Daftar episode Date A Live Musim keempat dari serial anime Date A Live, berjudul Date A Live IV (デート・ア・ライブIVcode: ja is deprecated , Dēto A Raibu IV),[1][2] diproduksi oleh Geek Toys dan disutradarai oleh Jun Nakagawa. Seperti seri lainnya, ini mengi…

יש לערוך ערך זה. הסיבה היא: כתוב כמו יומן מלחמה. אתם מוזמנים לסייע ולערוך את הערך. אם לדעתכם אין צורך בעריכת הערך, ניתן להסיר את התבנית. ייתכן שתמצאו פירוט בדף השיחה. עריכה יש לערוך ערך זה. הסיבה היא: כתוב כמו יומן מלחמה. אתם מוזמנים לסייע ולערוך את הערך. אם לדעתכם אין צורך בעריכת …

الدوري الفنلندي الممتاز تاريخ الإنشاء 1990  الرياضة كرة القدم  البلد فنلندا  مستوى الدوري 1   هبوط دوري الدرجة الثانية الفنلندي  [لغات أخرى]‏  الموقع الإلكتروني الموقع الرسمي  دوري البطولة الإنجليزية  [لغات أخرى]‏    تعديل مصدري - تعديل   دو

У Вікіпедії є статті про інші значення цього терміна: Луїш. Луїш-Філіпе Луїш-Філіпе принц Португалії 19 жовтня 1889 — 1 лютого 1908 Попередник: Карлуш I Наступник: Афонсу, герцог Порту   Народження: 21 березня 1887(1887-03-21)Лісабон, Португалія Смерть: 1 лютого 1908(1908-02-01) (20 рок…

アントレANTRE 地図 店舗概要所在地 〒410-0801沼津市大手町一丁目1-1開業日 1973年(昭和48年)施設管理者 静岡ターミナル開発株式会社店舗数 27営業時間 2F 10:00 - 20:001F 9:00 - 20:00(サンマルクカフェ 7:00 - 21:00)(ヴィ・ド・フランス 7:30 - 20:00)外部リンク 公式ウェブサイトテンプレートを表示 アントレ(ANTRE)は、静岡県沼津市にある東海旅客鉄道(JR東海)沼津駅の南口にある駅…

대한민국大韓民國 Daehan MingukRepública da Coreia República ←  ← 1948 – 1960 → Bandeira Hino nacional 애국가 Aegukga Localização de Coreia do Sul Continente Ásia Região Extremo Oriente País Coreia do Sul Capital Seul 37° 35' N 127° E Língua oficial Coreano Governo Presidencialismo Presidente Syngman Rhee Vice-presidente  • 1948–1951 I Siyeong  • 1951–1952 Gim Seongsu  • 1952–1956 Ham Taeyeong  • 1956–1960 Jang My…

2023 soundtrack album by A. R. Rahman Ponniyin Selvan: IIAlbum coverSoundtrack album by A. R. RahmanReleased29 March 2023Recorded2019–2023StudioPanchathan Record Inn and AM Studios, ChennaiPanchathan Hollywood Studios, Los AngelesAbbey Road Studios, LondonGenreFeature film soundtrackLanguageTamilLabelTipsProducerA. R. RahmanA. R. Rahman chronology Pathu Thala(2023) Ponniyin Selvan: II(2023) Maamannan(2023) Singles from Ponniyin Selvan: II Aga NagaReleased: 20 March 2023 Ponniyin Selvan: II…

Luca GuadagninoLuca Guadagnino di Festival Film Internasional Berlin tahun 2017LahirAgustus 1971 (umur 52)Palermo, ItaliaKebangsaanItaliaPekerjaanSutradara, produser, penulis naskahTahun aktif1997–sekarang Luca Guadagnino (lahir tanggal 10 Agustus 1971) merupakan seorang sutradara film Italia.[1] Ia dikenal sebagai sutradara film Melissa P. tahun 2005. Ia berkolaborasi dengan Tilda Swinton beberapa kali dalam film The Protagonists (1999), I Am Love (2010), A Bigger Splas…

Pada awalnya komposisi entremet biasanya tidak lebih rumit daripada frumenty, semacam bubur dari biji-bijian, yang diwarnai dengan kuma-kuma atau kuning telur. Entremet atau entremets (/ˈɑːntrəmeɪ/; dari bahasa Prancis Kuno, secara harfiah berarti di antara sajian-sajian) dalam masakan Prancis modern berupa sebuah hidangan makanan kecil yang disajikan di antara sajian menu-menu, atau sekadar sebuah dessert (di Indonesia sering diterjemahkan menjadi hidangan penutup). Pada awalnya merupakan …

Boeing P-29 dan XF7B-1 merupakan upaya untuk menghasilkan versi yang lebih canggih dari P-26 yang sangat sukses. Meskipun sedikit keuntungan dibuat dalam kinerja, US Army Air Corps dan US Navy tidak memesan pesawat. Boeing YP-29 berasal sebagai Model 264, yang dikembangkan sebagai usaha swasta di bawah kontrak bailment negosiasi dengan Angkatan Darat AS. Pengembangan tiga prototipe dimulai pada interval antara pengujian XP-936 (prototipe P-26, perusahaan Model 248) dan pengiriman pertama P-26A (…

Ibnu KhaldunNama dalam bahasa asli(ar) عبد الرحمٰن بن مُحمَّد بن خلدون الحضرمي BiografiKelahiran27 Mei 1332 Tunis Kematian17 Maret 1406 (73 tahun)Kairo   Hakim  Data pribadiAgamaIslam PendidikanUniversitas Zaitunah KegiatanSpesialisasiEkonomi, sosiologi, filsafat, antropologi dan politikus PekerjaanAntropolog, sejarawan, hakim, otobiografer, sosiolog, ekonom, filsuf, politikus, penulis dan penyair Karya kreatifKarya terkenal(1363) Book of Lessons (…

Томас Соренсен Томас Соренсен Особисті дані Повне ім'я Томас Ловендаль Соренсен Народження 12 червня 1976(1976-06-12)[1][2] (47 років)   Фредерісія, Вайле[d], Данія Зріст 193 см Вага 89 кг Громадянство  Данія Позиція воротар Інформація про клуб Поточний клуб «Мельбурн…

Polish communist politician (1898–1937) You can help expand this article with text translated from the corresponding article in Polish. (July 2015) Click [show] for important translation instructions. View a machine-translated version of the Polish article. Machine translation, like DeepL or Google Translate, is a useful starting point for translations, but translators must revise errors as necessary and confirm that the translation is accurate, rather than simply copy-pasting machine-tra…

Identity for lesbians, with feminine characteristics For other uses, see Femme (disambiguation). Part of a series onLesbian feminism Women's liberation movement People Paula Gunn Allen Dorothy Allison Ti-Grace Atkinson Alison Bechdel Evelyn Torton Beck Miriam Ben-Shalom Julie Bindel Ivy Bottini Charlotte Bunch Cheryl Clarke Michelle Cliff Kate Clinton Jeanne Córdova Mary Daly Max Dashu Diane DiMassa Alix Dobkin Andrea Dworkin Elana Dykewomon Lillian Faderman Ferron Marilyn Frye Michiyo Fukaya C…

The recorded history of climbing of the Eiger mountain in Switzerland starts in the 1800s. It is split between the pre-north face era, when the main summits and easier ridges and faces were climbed, and the post-north face era, when it became one of the greatest prizes in mountaineering. At least sixty-four climbers have died while attempting the ascent (mainly via the north face). First ascents (pre-north face era) Brawand, Maki, Steuri and Amatter after their ascent of the Mittellegi ridge 185…

Monument to Olimp group in Wrocław, on the corners of the Zelwerowicza i Sokolnicza street. The inscription states: In the years 1941-1942 in the house on the corners of Sokolnicza and Zelwerowicza street members of the Polish resistance group Olimp gathered in secrecy. Poles from Rodło and Poles with the sign of P were deported for forced labour gave their lives for Polish Wrocław. Friends-your sacrifice was not in vain-Wrocław Polish forever. Olimp was a Polish anti-Nazi resistance organiz…

Rauw Alejandro discographyRauw Alejandro in 2022Studio albums4Live albums1EPs2Singles46 Puerto Rican singer Rauw Alejandro has released four studio albums, one live album and two extended plays (EP). He also released 47 singles, including 19 promotional singles and 26 as featured artist. He was the top new Latin artist of 2021 and the second top Latin artist of the year overall, according to Billboard. His debut EP, Trap Cake, Vol. 1 was released in 2019, and his debut studio album, Afrodisíaco…

This article needs additional citations for verification. Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed.Find sources: Duchess of York – news · newspapers · books · scholar · JSTOR (April 2017) (Learn how and when to remove this template message) Duchess of York is the principal courtesy title held by the wife of the Duke of York. Three of the eleven Dukes of York either did not m…

Regional subsidiary of British Airways BA CityFlyer IATA ICAO Callsign CJ[1] CFE FLYER Founded25 March 2007; 16 years ago (2007-03-25)AOC #2314Operating basesLondon–CitySouthamptonFrequent-flyer programExecutive ClubAllianceOneworld (affiliate)Fleet size20Destinations26Parent companyBritish AirwaysHeadquartersManchester, England, United KingdomKey peopleTom Stoddart (Managing Director)Websitewww.britishairways.com BA CityFlyer is a British regional airline, and a…

Kembali kehalaman sebelumnya