Hubbry Logo
Loadable kernel moduleLoadable kernel moduleMain
Open search
Loadable kernel module
Community hub
Loadable kernel module
logo
7 pages, 0 posts
0 subscribers
Be the first to start a discussion here.
Be the first to start a discussion here.
Contribute something
Loadable kernel module
Loadable kernel module
Loadable kernel module
View on Wikipedia
from Wikipedia

A loadable kernel module (LKM) is an executable library that extends the capabilities of a running kernel, or so-called base kernel, of an operating system. LKMs are typically used to add support for new hardware (as device drivers) and/or filesystems, or for adding system calls. When the functionality provided by an LKM is no longer required, it can be unloaded in order to free memory and other resources.

Most current Unix-like systems and Windows support loadable kernel modules but with different names, such as kernel loadable module (kld) in FreeBSD, kernel extension (kext) in macOS (although support for third-party modules is being dropped[1]),[2] kernel extension module in AIX, dynamically loadable kernel module in HP-UX,[3] kernel-mode driver in Windows NT[4] and downloadable kernel module (DKM) in VxWorks. They are also known as kernel loadable module (KLM), or simply as kernel module (KMOD).

Advantages

[edit]

Without loadable kernel modules, an operating system would have to include all possible anticipated functionality compiled directly into the base kernel. Much of that functionality would reside in memory without being used, wasting memory [citation needed], and would require that users rebuild and reboot the base kernel every time they require new functionality.

Disadvantages

[edit]

One minor criticism of preferring a modular kernel over a static kernel is the so-called fragmentation penalty. The base kernel is always unpacked into real contiguous memory by its setup routines; thus, the base kernel code is never fragmented. Once the system is in a state in which modules may be inserted, for example once the filesystems have been mounted that contain the modules, it is likely that any new kernel code insertion will cause the kernel to become fragmented, thereby introducing a minor performance penalty by using more TLB entries, causing more TLB misses.[citation needed]

Implementations in different operating systems

[edit]

Linux

[edit]

Loadable kernel modules in Linux are loaded (and unloaded) by the modprobe command. They are located in /lib/modules or /usr/lib/modules and have had the extension .ko ("kernel object") since version 2.6 (previous versions used the .o extension).[5] The lsmod command lists the loaded kernel modules. In emergency cases, when the system fails to boot due to e.g. broken modules, specific modules can be enabled or disabled by modifying the kernel boot parameters list (for example, if using GRUB, by pressing 'e' in the GRUB start menu, then editing the kernel parameter line).

License issues

[edit]

In the opinion of Linux maintainers, LKM are derived works of the kernel[citation needed]. The Linux maintainers tolerate the distribution of proprietary modules (such as NVIDIA GPU drivers),[citation needed] but allow only GNU General Public License (GPL) modules to merge to kernel tree of mainline Linux kernel.

Loading a proprietary or non-GPL-compatible module will set a 'taint' flag[6][7] in the running kernel—meaning that any problems or bugs experienced will be less likely to be investigated by the maintainers.[8][9] LKMs effectively become part of the running kernel, so can corrupt kernel data structures and produce bugs that may not be able to be investigated if the module is indeed proprietary.

Linuxant controversy

[edit]

In 2004, Linuxant, a consulting company that releases proprietary device drivers as loadable kernel modules, attempted to abuse a null terminator in their MODULE_LICENSE, as visible in the following code excerpt: 

MODULE_LICENSE("GPL\0for files in the \"GPL\" directory; for others, only LICENSE file applies");

The string comparison code used by the kernel at the time tried to determine whether the module was GPLed stopped when it reached a null character (\0), so it was fooled into thinking that the module was declaring its license to be just "GPL".[10]

FreeBSD

[edit]

Kernel modules for FreeBSD are stored within /boot/kernel/ for modules distributed with the operating system, or usually /boot/modules/ for modules installed from FreeBSD ports or FreeBSD packages, or for proprietary or otherwise binary-only modules. FreeBSD kernel modules usually have the extension .ko. Once the machine has booted, they may be loaded with the kldload command, unloaded with kldunload, and listed with kldstat. Modules can also be loaded from the loader before the kernel starts, either automatically (through /boot/loader.conf) or by hand.

macOS

[edit]

Some loadable kernel modules in macOS can be loaded automatically. Loadable kernel modules can also be loaded by the kextload command. They can be listed by the kextstat command. Loadable kernel modules are located in bundles with the extension .kext. Modules supplied with the operating system are stored in the /System/Library/Extensions directory; modules supplied by third parties are in various other directories.

NetWare

[edit]

A NetWare kernel module is referred to as a NetWare Loadable Module (NLM). NLMs are inserted into the NetWare kernel by means of the LOAD command, and removed by means of the UNLOAD command; the modules command lists currently loaded kernel modules. NLMs may reside in any valid search path assigned on the NetWare server, and they have .NLM as the file name extension.

VxWorks

[edit]

A downloadable kernel module (DKM) type project can be created to generate a ".out" file which can then be loaded to kernel space using "ld" command. This downloadable kernel module can be unloaded using "unld" command.

Solaris

[edit]

Solaris has a configurable kernel module load path, which defaults to /platform/platform-name/kernel /kernel /usr/kernel. Most kernel modules live in subdirectories under /kernel; those not considered necessary to boot the system to the point that init can start are often (but not always) found in /usr/kernel. When running a DEBUG kernel build the system actively attempts to unload modules.

Binary compatibility

[edit]

Linux does not provide a stable API or ABI for kernel modules. This means that there are differences in internal structure and function between different kernel versions, which can cause compatibility problems. In an attempt to combat those problems, symbol versioning data is placed within the .modinfo section of loadable ELF modules. This versioning information can be compared with that of the running kernel before loading a module; if the versions are incompatible, the module will not be loaded.

Other operating systems, such as Solaris, FreeBSD, macOS, and Windows keep the kernel API and ABI relatively stable, thus avoiding this problem. For example, FreeBSD kernel modules compiled against kernel version 6.0 will work without recompilation on any other FreeBSD 6.x version, e.g. 6.4. However, they are not compatible with other major versions and must be recompiled for use with FreeBSD 7.x, as API and ABI compatibility is maintained only within a branch.

Security

[edit]

While loadable kernel modules are a convenient method of modifying the running kernel, this can be abused by attackers on a compromised system to prevent detection of their processes or files, allowing them to maintain control over the system. Many rootkits make use of LKMs in this way. Note that, on most operating systems, modules do not help privilege elevation in any way, as elevated privilege is required to load a LKM; they merely make it easier for the attacker to hide the break-in.[11]

Linux

[edit]

Linux allows disabling module loading via sysctl option /proc/sys/kernel/modules_disabled.[12][13] An initramfs system may load specific modules needed for a machine at boot and then disable module loading. This makes the security very similar to a monolithic kernel. If an attacker can change the initramfs, they can change the kernel binary.

macOS

[edit]

In OS X Yosemite and later releases, a kernel extension has to be code-signed with a developer certificate that holds a particular "entitlement." Such a developer certificate is only provided by Apple on request and not automatically given to Apple Developer members. This feature, called "kext signing", is enabled by default and it instructs the kernel to stop booting if unsigned kernel extensions are present.[14] In OS X El Capitan and later releases, it is part of System Integrity Protection.

In older versions of macOS, or if kext signing is disabled, a loadable kernel module in a kernel extension bundle can be loaded by non-root users if the OSBundleAllowUserLoad property is set to True in the bundle's property list.[15] However, if any of the files in the bundle, including the executable code file, are not owned by root and group wheel, or are writable by the group or "other", the attempt to load the kernel loadable module will fail.[16]

Solaris

[edit]

Kernel modules can optionally have a cryptographic signature ELF section which is verified on load depending on the Verified Boot policy settings. The kernel can enforce that modules are cryptographically signed by a set of trusted certificates; the list of trusted certificates is held outside of the OS in the ILOM on some SPARC based platforms. Userspace initiated kernel module loading is only possible from the Trusted Path when the system is running with the Immutable Global Zone feature enabled.

See also

[edit]

References

[edit]
Revisions and contributorsEdit on WikipediaRead on Wikipedia

Loadable kernel module

View on Grokipedia
from Grokipedia
A loadable kernel module (LKM) is an containing code that extends the functionality of the kernel of an operating at runtime by being dynamically loaded into or unloaded from kernel upon demand, without requiring a or kernel recompilation. The term is most commonly associated with , where LKMs form a core component of the kernel's modular architecture, enabling the addition of features such as device drivers, filesystem support, and network protocols only when needed, which optimizes usage and flexibility. This design contrasts with built-in kernel components, which are statically compiled into the kernel image and cannot be removed without rebuilding the entire kernel. Common examples include hardware drivers for peripherals like graphics cards or USB devices, which can be loaded via user-space tools. Analogous dynamic loading mechanisms exist in other operating systems such as and Solaris, as covered in later sections. In , LKMs run in kernel space with full privileges, and modern kernels (as of version 3.7) include module signing to mitigate security risks from malicious code.

Overview

Definition and Purpose

A loadable kernel module (LKM) is an containing code that can be dynamically loaded into an operating 's kernel to extend its functionality at runtime, without requiring a . These modules execute in kernel space, providing them with privileged access to hardware and resources equivalent to the base kernel. In contrast to statically linked kernels, where all components are compiled into a single during the build process, LKMs enable modular extensions that integrate seamlessly upon loading. The primary purpose of LKMs is to support the addition of specialized components, such as device drivers, file systems, or network protocols, on an as-needed basis, thereby enhancing kernel flexibility and reducing the core kernel's size. This dynamic approach allows operating systems to adapt to new hardware or software requirements efficiently, avoiding the downtime associated with recompiling and restarting the entire kernel. By loading only relevant code into memory, LKMs promote resource efficiency while maintaining the performance of a architecture. Key characteristics of LKMs include their form as relocatable binary objects, which are loaded via kernel interfaces or user-space tools and must match the running kernel's version for compatibility. Upon insertion, modules register callbacks or hooks with the kernel to handle events, ensuring proper initialization and integration. For example, a USB driver module might be loaded automatically when a peripheral is detected, enabling immediate device support, or a module could be invoked to mount volumes using formats like ext4.

Historical Development

Loadable kernel modules (LKMs) originated in the late amid efforts to enhance the modularity of Unix kernels, particularly in commercial variants seeking to support diverse hardware without static compilation of all extensions. The concept emerged as a response to the limitations of monolithic kernels, allowing extensions like s to be loaded dynamically. A pioneering implementation appeared in 4.1, released by in 1990, which introduced support for loadable drivers across all supported architectures, enabling developers to attach modules to a running without rebuilding the kernel or rebooting. This feature was detailed in Sun's official documentation, marking a shift toward greater flexibility in environments. In the early , BSD variants adopted similar mechanisms, influenced by the modular design principles of earlier Unix research but adapted for practical performance in monolithic kernels. introduced loadable kernel module code in version 0.9, released on August 23, 1993, as part of significant enhancements to kernel configurability and filesystem support. , drawing from the same BSD lineage, formalized its kernel loadable module (kld) facility in version 3.0, released on October 16, 1998, building on the LKM framework to enable runtime extensions for drivers and protocols. Meanwhile, the added LKM support in early 1995 with version 1.1.85, a development led by that allowed modular components like filesystems and network protocols to be integrated without core kernel modifications. These milestones reflected broader influences from architectures, prioritizing efficiency by keeping essential code in the base kernel while offloading optional features. The drive for evolution stemmed from the explosive growth of personal computing hardware in the PC era, where frequent upgrades demanded adaptable operating systems, coupled with the burgeoning open-source movement that encouraged collaborative development. However, the saw controversies over LKM stability, as poorly written modules could destabilize the entire system, prompting refinements to loading interfaces and error handling in subsequent releases. By the early , LKMs had solidified as a standard feature across systems, integral to distributions like 2.6 and various BSDs. In the post-2010 era, focus intensified on security, driven by threats that exploited LKM loading to hide malicious code—early examples like the Knark rootkit in the late highlighted these risks—leading to measures such as mandatory module signing introduced in the 3.7 in 2012.

Benefits and Limitations

Advantages

Loadable kernel modules enhance the of operating systems by permitting the addition of kernel functionality, such as device drivers or file systems, without requiring a complete kernel rebuild or recompilation. This approach allows developers and distributors to provide a compact core kernel image separately from optional extensions, facilitating easier customization and deployment across diverse hardware configurations. By supporting on-demand loading at runtime, these modules reduce the initial of the kernel, as only necessary components are incorporated into active memory. For instance, a module can remain unloaded until a task arises, thereby conserving RAM for other system operations and improving overall resource efficiency. The hot-swappable nature of loadable kernel modules enables seamless updates for hardware additions, bug fixes, or feature enhancements without necessitating system downtime or reboots, which is particularly beneficial for plug-and-play support in desktop and server environments. This dynamic capability streamlines maintenance and adaptability in production settings. From a development perspective, loadable kernel modules accelerate iteration cycles for components like drivers and file systems by allowing isolated testing and outside the full kernel build , which minimizes errors and shortens development time. In open-source ecosystems, this promotes the sharing and reuse of modules, fostering collaborative contributions and rapid innovation. Within designs, loadable modules deliver extensibility comparable to s—such as modular service addition—while avoiding the overhead that can degrade performance in microkernel architectures, thus maintaining high efficiency in execution speed.

Disadvantages

Loadable kernel modules (LKMs) operate within the kernel's , lacking the isolation provided to user-space processes, which exposes the entire to risks from faulty code. A bug in an LKM, such as a dereference or invalid memory access, can trigger a and crash the , as modules execute with full kernel privileges without containment mechanisms. This shared execution environment amplifies the impact of even minor errors compared to statically compiled kernel components. Debugging LKMs presents significant challenges due to their integration with the kernel's core, where standard user-space tools like gdb are ineffective without specialized adaptations. Issues in loaded modules are difficult to trace because kernel code runs asynchronously and independently of user processes, often requiring kernel debuggers like kgdb or , which demand hardware support or virtualized environments for safe reproduction. Unlike static kernel code, dynamically loaded modules complicate error isolation, as faults may manifest only under specific loads or timings, and excessive logging can overwhelm system resources without providing clear insights. While LKMs offer flexibility, they introduce a slight overhead from dynamic linking and unlinking operations, including latency in module initialization and minor usage for resolution during loading. This overhead, though typically negligible for most workloads, contrasts with the zero-cost integration of built-in kernel code and expands the for by allowing runtime . Additionally, LKMs often depend on specific kernel versions and application binary interfaces (ABIs), which lack stability guarantees; kernel updates can alter internal structures, causing module loading failures or breakage without recompilation. Resource management in LKMs can lead to persistent issues, particularly memory leaks, if unloading is incomplete due to unresolved references or races during removal. Failed unloads prevent module cleanup, accumulating allocated resources in long-running systems and potentially exhausting kernel over time. Proper and are essential but error-prone, exacerbating reliability concerns in extended deployments.

Implementations Across Operating Systems

Linux

In the Linux kernel, loadable kernel modules are compiled into object files with the .ko extension using the Kbuild build system, which integrates with the kernel's Makefile infrastructure to produce relocatable binaries from C source code. These modules are dynamically loaded into the running kernel using commands such as insmod, which inserts a module directly from its file path, or modprobe, which resolves dependencies and handles configuration more intelligently. Key features of Linux kernel modules include support for runtime parameters, which allow users to configure module behavior via the kernel command line or sysfs interface after loading, using macros like module_param() to expose options such as integers, strings, or booleans. Modules also incorporate versioning through symbol CRC checks enabled by the CONFIG_MODVERSIONS configuration option, ensuring ABI compatibility by generating checksums for exported symbols in Module.symvers during the kernel build. Additionally, automatic dependency resolution is provided by tools from the module-init-tools package (now integrated into kmod), where depmod generates dependency maps in modules.dep.bin that modprobe uses to load prerequisite modules sequentially. License considerations play a central role in Linux module compatibility, as the kernel itself is licensed under the GNU General Public License version 2 (GPL-2.0-only), requiring modules to declare their license via the MODULE_LICENSE() macro to access core kernel symbols. Non-GPL modules, often proprietary, were historically tolerated if they avoided deriving from kernel code but faced limitations in accessing GPL-only exports; this stance evolved in the early 2000s with stricter enforcement, such as restricting security module hooks to GPL-licensed code in 2002, reflecting the community's emphasis on open-source purity. A notable controversy arose in 2004 involving Linuxant, a vendor of proprietary audio drivers, which was found to have falsely declared its modules as GPL-licensed using the MODULE_LICENSE("GPL") macro to gain unauthorized access to GPL-only kernel symbols and data structures, prompting kernel developers to highlight the practice as a violation and reinforcing tainting mechanisms for non-compliant modules. The Linux kernel ecosystem features a vast repository of modules integrated directly into the source tree, spanning directories like drivers/net and drivers/usb with thousands of open-source implementations for hardware and functionality. Adaptations for Android leverage this by basing the kernel on long-term support (LTS) versions with Generic Kernel Image (GKI) policies, where loadable modules are separated into Google-provided GKI modules for core features and vendor-specific modules for mobile hardware like SoCs, ensuring compatibility via the Kernel Module Interface (KMI).

FreeBSD

In FreeBSD, loadable kernel modules are managed through the Kernel Linker Daemon (kld) framework, which enables and unloading of kernel extensions without requiring a . This was introduced in FreeBSD 2.0 in 1995, incorporating NetBSD's port of Terry Lambert's loadable kernel module support, with contributions from David Greenman for core implementation, Garrett Wollman for loadable filesystems, and Søren Schmidt for loadable execution classes. Modules are compiled as object files with the .ko extension, typically built alongside the kernel using configuration files in /usr/src/sys and the make(1) utility, and stored in /boot/kernel. They are loaded using the kldload(8) utility and unloaded with kldunload(8), both part of the kld(4) interface, which supports a.out(5) or ELF formats and requires a kernel level below 1 for operation. The framework emphasizes modularity for device drivers and file systems, allowing hardware support and additional kernel functionality to be added on demand. For instance, network interface drivers like ath(4) or input devices like psm(4) can be loaded dynamically, with automatic creation and destruction of device nodes in /dev via integration with devfs(5). This devfs coupling enables userland tools like devd(8) to respond to device events, facilitating seamless hardware detection and configuration. Modules can also be preloaded at boot by adding entries such as "if_ath_load=YES" to /boot/loader.conf, ensuring essential components are available without manual intervention. FreeBSD's development model treats modules as kernel extensions leveraging machine-independent (MI) code layers, which abstract hardware-specific details to promote portability across architectures like x86, , and PowerPC. This MI/MD (machine-dependent) split simplifies porting drivers and reduces architecture-specific recompilations, contrasting with more monolithic approaches by keeping modules lightweight and minimizing interdependencies. A distinctive feature is the framework, which monitors lock acquisitions and releases within modules to detect potential deadlocks through order violation checks, potentially triggering kernel panics or debugger entry for diagnostics. These modules find practical application in embedded variants of , such as , where the kernel includes FreeBSD drivers for network and hardware offload features like the Chelsio via t4_tom.ko. Maintenance occurs through the FreeBSD ports collection, where third-party or additional kernel modules are packaged as ports using the USES=kmod directive, allowing volunteers to submit and update them via standard porting processes without special privileges. This approach avoids the complex dependency chains seen in other systems, enabling straightforward updates and builds from source.

macOS

In macOS, loadable kernel modules are known as kernel extensions (KEXTs), introduced with in 2001 as part of the Darwin kernel, which derives from BSD and incorporates the hybrid kernel architecture. These extensions enable dynamic loading of code into the kernel to support hardware and system services, leveraging the IOKit framework for object-oriented driver development that matches hardware via personality matching in the IOKit registry. KEXTs are structured as bundle directories with a .kext extension, containing a compiled Mach-O executable binary and an Info.plist file that specifies metadata such as the extension's bundle identifier, version, and IOKit personality definitions. Developers build KEXTs using Xcode, incorporating C++ code compatible with the kernel environment, and the bundles can include resources like localized strings or additional libraries. Loading occurs manually via the kextload command-line utility, which validates and injects the extension into the running kernel, or automatically through launchd by configuring plist files in /Library/LaunchDaemons to execute kextload at boot or on demand. A significant evolution began with macOS 10.15 (Catalina) in 2019, when Apple introduced the DriverKit framework alongside System Extensions, allowing many driver functionalities to migrate to user space for improved stability and isolation from kernel crashes. This shift deprecated traditional KEXTs, with macOS 11 () in 2020 introducing restrictions where the kernel does not load KEXTs using deprecated kernel programming interfaces (KPIs) by default, requiring a transition to DriverKit for functionalities relying on unsupported APIs like those for HID or USB. As a result, new KEXT development is limited to legacy or specialized cases, with Apple encouraging all third-party extensions to adopt the System Extension model. Unique to macOS, KEXTs require digital signing by Apple using a Developer ID certificate to ensure authenticity and integrity before loading, a policy enforced since macOS 10.10 (Yosemite) and tightened in later versions. This integrates with (SIP), introduced in macOS 10.11 (), which safeguards critical system files and the kernel by blocking unsigned or tampered KEXTs from loading, even with root privileges, unless SIP is explicitly disabled in Recovery Mode. On Apple silicon Macs, additional boot-time verification in One True Recovery mode further restricts KEXT enabling for enhanced . KEXTs have been primarily utilized for hardware drivers, such as those managing processing units (GPUs) for display and network interfaces for connectivity. Before the transition to DriverKit, third-party KEXTs were widely used to support non-Apple peripherals, including adapters from vendors like and Atheros, as well as USB devices and storage controllers, often distributed via developer tools or updates. This era saw extensive adoption in enterprise and creative workflows, though it introduced risks mitigated by the subsequent user-space paradigm.

Solaris and Other Unix-like Systems

In Solaris, loadable kernel modules were introduced with Solaris 2.0 in July 1992, enabling dynamic extension of the with relocatable object files for drivers, file systems, and other components. The system uses tools like modload to manually load modules from object files compiled with the -r flag for relocatability, while modunload handles unloading; configuration occurs via .conf files in directories such as /kernel/drv/ or /etc/driver/drv/, which define properties like device aliases and tunable parameters. Automatic loading is managed at or runtime through kernel mechanisms, often triggered by device access or entries in /etc/system, reducing the core kernel size to essential functions. A key feature in Solaris is support for the framework, which allows loadable modules to process network and character device I/O in a modular, layered manner; these modules implement entry points like _init, _info, and _fini for integration. Modules integrate with Solaris Zones, a technology, where global zone-loaded modules become available to non-global zones without per-zone duplication, enabling isolated environments to share kernel extensions efficiently. Other Unix-like systems in the SVR4 lineage, such as AIX and , also employ loadable kernel modules for enterprise environments, particularly to support legacy hardware without full reboots. In AIX, the cfgmgr command configures and loads device drivers by executing programs from the Configuration Rules object class in the ODM database, allowing dynamic installation during boot or runtime. HP-UX uses Dynamically Loadable Kernel Modules (DLKM) via tools like kmadmin for loading and unloading subsystems and drivers, with autoload support for on-demand activation. These implementations prioritize enterprise stability, often handling specialized hardware like mainframes or proprietary I/O in production settings. Following Oracle's acquisition of Sun Microsystems in 2010, Solaris 11 (released in 2011) emphasized modular kernel updates through the Image Packaging System (IPS), enabling faster, safer upgrades of loadable components with rollback capabilities, contrasting with Linux's more frequent but potentially disruptive module cycles by focusing on long-term stability. For example, the ZFS file system operates as a dynamically loadable module, allowing pools and file systems to be created and managed without kernel recompilation. Some traditional diagnostic modules have been deprecated in favor of the Fault Management Architecture (FMA), which uses its own loadable diagnosis engines for error detection and isolation.

Real-time and Embedded Systems

In real-time operating systems (RTOS) like , loadable kernel modules are implemented as relocatable kernel modules and real-time processes (RTPs), which support into a running system using tools such as the linker (ld) for building executable images. Developed by Wind River since the , has enabled this capability for embedded applications, allowing RTPs to be loaded from file systems like RomFS or NFS without rebooting the target. These modules are particularly vital for device drivers in safety-critical domains such as and automotive systems, where they extend kernel functionality for hardware interfaces while maintaining real-time . Predictability in is enhanced by design practices that prohibit dynamic memory allocation in critical paths, preventing fragmentation and unbounded latencies that could violate timing constraints. A notable legacy example is Novell's , which from the late 1980s through the 1990s utilized NetWare Loadable Modules (NLMs) in versions like NetWare 3.x to provide modular extensions for server operations. NLMs functioned similarly to Unix executables, containing code, data, and relocation information, and were loaded dynamically to implement device drivers, file systems, and other services within the kernel's address space. This architecture supported efficient multitasking on 80x86 hardware, evolving from NetWare's origins in the early . However, NLMs and the platform were phased out in the post-2000s era, with official support for NetWare 6.5 ending in 2015 as shifted focus to Linux-based alternatives. In embedded adaptations, real-time extensions like the patch for optimize loadable kernel modules for low-latency environments, enabling their use in resource-constrained systems such as automotive electronic control units (ECUs). For instance, these modules can dynamically load drivers for engine management or body control, reducing worst-case latencies by 37%-72% compared to standard preemptive kernels while supporting modular hardware integration. Similarly, employs dynamically loadable resource managers—user-space servers acting as device drivers—to achieve microsecond-level latencies in embedded setups, leveraging its architecture for predictable message-passing without traditional modules. Loadable modules in real-time and embedded systems face challenges including constraints from flash storage, which limits module size and update frequency due to wear-leveling and read-only boot partitions common in ECUs. Hot-swapping of modules is rare owing to certification requirements, as dynamic replacement can introduce unpredictable latencies or stability risks in deterministic environments like controls.

Technical Considerations

Binary Compatibility

Binary compatibility of loadable kernel modules refers to the ability of a compiled module to load and function correctly with a specific kernel version without recompilation. The core challenge arises from changes in the kernel's Application Binary Interface (ABI), which encompasses function prototypes, data structures, and exported symbols used by modules. When kernel developers update these elements—such as altering the signature of a function exported via EXPORT_SYMBOL—modules compiled against an older kernel version may fail to load due to mismatched interfaces, leading to runtime errors or crashes. In Linux, the primary solution for mitigating these issues is module versioning through the CONFIG_MODVERSIONS option, which performs an ABI consistency check using (CRC) values computed on exported prototypes. During kernel compilation, the Module.symvers file records names, CRCs, and namespaces; modules reference this file to embed matching CRCs, and the module loader verifies them at runtime to prevent loading incompatible binaries. This mechanism, introduced in 1.1.85 and refined over time with tools like genksyms for checksum generation, ensures that ABI changes are detected explicitly. As of 6.11 (merged in 2024), a new tool called gendwarfksyms has been introduced to replace genksyms. It leverages debugging to generate versions, improving support for languages like that lack preprocessing compatibility with genksyms. While this enhances multi-language module development, it requires kernels to be built with debug , potentially increasing compilation time, and changes to checksums may break compatibility with older modules. In contrast, aims to maintain kernel ABI stability within major release versions (e.g., between 13.0 and 13.9), though it does not guarantee full across minor updates, requiring modules to be rebuilt less frequently than in but still periodically. These compatibility requirements have significant impacts on system maintenance, as kernel updates often necessitate recompiling third-party modules, particularly for vendor-supplied drivers like NVIDIA's modules, which depend on matching kernel headers and frequently lag behind new releases due to their closed-source nature. For instance, transitions such as from 2.6 to 3.x series introduced ABI alterations in core subsystems, causing widespread module failures and forcing users to rebuild or wait for vendor patches. To enhance flexibility, techniques like weak symbols—declared with __weak to allow optional resolution without linking errors—permit modules to gracefully handle missing kernel features, while open-source practices avoid binary blobs to facilitate recompilation. Modern kernels further employ symbol namespaces to partition the export surface, scoping symbols to specific subsystems and reducing unintended ABI breakage by limiting global visibility.

Loading and Unloading Mechanisms

The loading of a loadable kernel module typically begins with a or utility that interfaces with the kernel linker to incorporate the module's code into the running kernel. In , the init_module loads an ELF image from a user-space buffer into kernel space, performing necessary symbol relocations to resolve dependencies on kernel or other module symbols, allocating memory for the module's structures, and executing the module's initialization function if defined. Similarly, in FreeBSD, the kldload utility invokes the kernel linker to load a .ko , handling symbol resolution against the kernel and loaded modules, allocating kernel memory, and running the module's initialization routine. These processes ensure the module integrates seamlessly without requiring a kernel , though they demand elevated privileges such as CAP_SYS_MODULE in . Unloading reverses this integration by invoking cleanup routines and freeing resources, but only if the module is safe to remove. In Linux, the delete_module system call checks the module's reference count—maintained via functions like try_module_get and module_put to track active users—and, if zero, executes the module's exit function before deallocating memory and removing the code. The rmmod command interfaces with this syscall, but forced unloading (via flags like O_TRUNC) bypasses reference checks, taints the kernel, and risks system instability if the module is in use. In FreeBSD, kldunload removes the module by identifier or name, calling its cleanup function if available; the -f option forces unloading despite usage, potentially leading to crashes or data corruption. Reference counting in FreeBSD is implicit through module dependencies and usage tracking, preventing removal while active. Kernel modules register their entry and exit points using platform-specific APIs to facilitate these operations. In , developers use the module_init macro to designate the initialization function, which runs upon loading or boot (for built-in modules), and module_exit for the cleanup function, ensuring proper resource management without conditional compilation. Dependency graphs, which map inter-module symbol requirements, are resolved prior to loading by tools like modprobe, which consults the modules.dep.bin file generated by depmod to automatically load prerequisites. modules similarly declare init and fini functions within their code, with the kernel linker resolving dependencies during kldload; bare module names rely on the kern.module_path for lookup. Error handling during loading and unloading emphasizes robustness to prevent kernel panics. Failures such as unresolved s—due to version mismatches or missing exports—result in return codes like -1 with errno set to EFAULT or ENOEXEC in , logged via kernel messages from [printk](/page/Printk). Symbol conflicts trigger explicit errors during relocation, halting the process and reporting via [dmesg](/page/Dmesg). In , kldload returns non-zero on failures like invalid formats or resolution issues, with verbose output via the -v flag; unloading errors, such as active usage, are reported similarly. These mechanisms allow administrators to diagnose issues without full system disruption. Optimizations enhance efficiency in module management. In , udev automates loading by monitoring hardware events and invoking modprobe to resolve and insert modules on demand, reducing boot times and manual intervention. For status monitoring, commands like lsmod display loaded modules and reference counts. In , kldstat provides detailed status of loaded modules, including IDs, references, memory addresses, and sizes, aiding in verification and . These tools collectively support dynamic kernel extension while minimizing overhead.

Security Aspects

General Risks

Loadable kernel modules (LKMs) introduce significant security risks because they execute in kernel mode, granting them unrestricted access to system resources and bypassing user-space security mechanisms such as memory isolation and privilege rings. This elevated privilege level allows malicious modules to serve as an entry point for rootkits and , enabling attackers to hook system calls, manipulate kernel data structures, and evade detection tools. For instance, once loaded, a compromised module can intercept network traffic, alter operations, or inject arbitrary code directly into the kernel's . Historically, LKMs have been exploited in notable s, such as the Adore rootkit released in 1999, which used module hooks to conceal files, processes, and network connections from administrators, thereby maintaining unauthorized access. More recent threats, like the PUMAKIT rootkit discovered in 2024, demonstrate how attackers load unsigned or malicious modules to achieve persistence, often by modifying boot processes or autoloading configurations to survive system reboots. These exploits highlight the ongoing danger of LKMs as vectors for stealthy, kernel-level intrusions that can remain undetected for extended periods. Common vulnerability types in LKMs include buffer overflows, particularly in device drivers, where insufficient bounds checking on input data can lead to memory corruption and within the kernel. Additionally, if module loading permissions are not strictly controlled—such as allowing non-root users or unsigned code—attackers can achieve , elevating from user-level access to full kernel control. Such flaws have been documented in real-world kernel components, where overflows in parameter parsing or data handling routines expose systems to exploitation. To mitigate these risks, the principle of least privilege should be applied by restricting module loading to trusted, verified sources and minimizing the scope of privileges granted to loaded code, such as through capability-based access controls that limit kernel interactions. Auditing module sources prior to loading is essential, involving code reviews, static analysis, and integrity checks to identify potential backdoors or vulnerabilities before deployment. The impact of compromised LKMs is severe, as they can facilitate data theft by accessing sensitive memory regions, including encryption keys, user credentials, and application data, without triggering user-space alerts. Furthermore, attackers can ensure beyond reboots by integrating hooks into boot-time module loading or modifying initramfs configurations, allowing reinfection and prolonged system compromise.

Platform-Specific Protections

In Linux, Secure Boot integration requires kernel modules to be cryptographically signed using X.509 certificates, ensuring only verified modules load to prevent tampering or unauthorized code injection during boot and runtime. Module blacklisting is implemented via configuration files in /etc/modprobe.d/, where administrators can specify directives like install module_name /bin/true to block automatic or manual loading of specific modules, enhancing control over potentially risky drivers. Additionally, mandatory access control systems such as SELinux and AppArmor enforce fine-grained policies that restrict which processes or users can invoke modprobe or insmod to load modules, with SELinux using types like modutils_t for domain transitions during loading operations. On macOS, kernel extensions (KEXTs) have mandated digital signing since version 10.10 (Yosemite) in 2014, verified against Apple's root certificates or developer identities to block unsigned or revoked extensions from loading, thereby mitigating supply-chain attacks. The T2 security chip, introduced in 2018 with certain Mac models, provides hardware-enforced verification by storing and checking kernel code signatures in its Secure Enclave, preventing runtime modifications to loaded modules even if the main CPU is compromised. Furthermore, since macOS 10.15 (Catalina), Apple's DriverKit framework relocates most new drivers to sandboxed user-space processes using XPC services and entitlements, isolating them from the kernel core to limit the of faulty or malicious code. Solaris implements module signing through the elfsign utility, which applies cryptographic signatures to loadable kernel modules using RSA or ECDSA algorithms, with verification performed at load time against a system keyring to ensure authenticity. The Service Management Facility (SMF) integrates protections by defining services that gate module loading via dependencies and authorizations, requiring administrative privileges or specific roles to enable module-related services. Complementing this, the auditd daemon logs kernel module events, such as loading and unloading via modload and modunload, capturing attributes like timestamps, user IDs, and module paths for post-incident forensics and compliance auditing. In , security policies for kernel loadable (kld) modules are configurable via variables and module-specific tunables, allowing restrictions on loading from untrusted paths or by non-privileged users to prevent . Capsicum's capability-based sandboxing extends protections to module interactions by confining user-space loaders like kldload, limiting file access and calls that could indirectly affect kernel module deployment. Cross-platform measures include firmware-based (TPM) attestation, where the TPM 2.0 hardware measures and attests to the integrity of the boot chain, including loaded kernel modules, by extending Platform Configuration Registers (PCRs) with module hashes for remote verification. In specifically, the Integrity Measurement Architecture (IMA) performs runtime integrity checks on kernel modules during loading, computing and attesting SHA-1 or stronger hashes against a policy-defined appraisal list to detect alterations before execution.

Module Signing and Verification

Module signing employs certificates to cryptographically sign loadable kernel modules, ensuring their authenticity and integrity before loading into the kernel. In , this feature is enabled via the CONFIG_MODULE_SIG kernel configuration option, introduced in version 3.7 released in December 2012, which allows modules to be signed using a private key during the build or installation . The signing typically involves generating a public-private key pair compliant with standards, supporting algorithms such as RSA or ECDSA with hashes like SHA-256 or SHA-512. In November 2025, patches were proposed to remove support for the insecure hash in module signing to mitigate collision vulnerabilities. Tools like the scripts/sign-file utility from the source tree facilitate manual signing by appending a to the module file, requiring the hash algorithm, private key, public key certificate, and the target module as inputs. During module loading, the kernel verifies the signature against trusted public keys stored in its built-in keyring, such as .builtin_trusted_keys, rejecting any unsigned or invalidly signed modules if enforcement is enabled via CONFIG_MODULE_SIG_FORCE. In Secure Boot environments, unsigned modules can be temporarily allowed through tools like mokutil, which manages Machine Owner Keys (MOKs) for enrolling custom keys during boot, though this requires user intervention and reduces security. This verification occurs at load time to prevent tampering, but it can be disabled at runtime via kernel parameters like module.sig_enforce=0, albeit not recommended for production systems. Adoption of module signing has become widespread across operating systems to mitigate attacks. In Windows, kernel-mode drivers have been mandated to undergo attestation signing through the Windows Hardware Developer Center Dashboard since and , requiring an Extended Validation (EV) code-signing certificate from a trusted before applies its signature. Linux distributions like have enforced signed modules with Secure Boot since Fedora 24 in 2016, integrating automatic signing for third-party modules via akmods and blacklisting revoked keys in the system blacklist keyring. In macOS, kernel extensions (kexts) must be signed with a Developer ID certificate issued under Apple's root CA, ensuring only approved extensions load on systems with enabled. For handling compromised keys, revocation mechanisms vary but focus on blacklisting rather than dynamic CRL fetching to avoid runtime dependencies. In , revoked public keys are added to the .system_keyring_blacklist, preventing modules signed with them from loading, as implemented in distributions like and . Tools such as pesign can generate signatures for EFI-related components, but core module revocation relies on static keyring updates during kernel builds or boot. The primary benefit of module signing is enhanced kernel integrity, as it blocks the loading of unauthorized or altered modules, thereby reducing the against rootkits and . However, it does not guarantee bug-free code or protect against vulnerabilities in signed modules themselves. In open-source environments, poses significant challenges, including secure distribution of signing keys across distributions, potential key exposure in public repositories, and the need for coordinated revocation without disrupting legitimate updates.

Integration in Modern Kernels

In contemporary kernel architectures, loadable kernel modules remain integral to and ecosystems, particularly for enabling hypervisors like the (KVM). KVM operates through dedicated kernel modules, such as the core kvm.ko and architecture-specific variants like kvm-intel.ko or kvm-amd.ko, which transform the into a type-1 capable of hosting multiple virtual machines with near-native performance on hardware supporting virtualization extensions. This modular design facilitates dynamic resource allocation in environments, where modules can be loaded on demand to support scalable without rebooting the host system. Containerized deployments have further evolved module usage through technologies like the extended (eBPF), fully integrated since Linux kernel 4.4 in 2015. eBPF enables the of verified, sandboxed programs directly into the kernel, bypassing traditional modules for tasks such as network filtering, tracing, and security monitoring in container orchestrators like . This approach enhances modularity in hybrid environments by allowing runtime extensions without modifying kernel or risking system instability from full module loads. Hybrid models are reducing direct kernel module dependencies by shifting functionality to user space where possible. For example, the (FUSE) framework uses a kernel bridge module to expose user-space filesystem logic, enabling developers to implement custom storage solutions without embedding complex code in the kernel core. Similarly, Android's Generic Kernel Image (GKI) initiative, launched with in 2020 and enforced for all devices on kernel 5.10 and higher starting with in 2021, standardizes the while isolating SoC and board-specific drivers as loadable vendor modules. This separation promotes faster security updates and reduces fragmentation across diverse hardware. Performance optimizations in modern kernels leverage advanced techniques for module efficiency. Research into just-in-time (JIT) compilation targets in-kernel domain-specific languages, such as , where automated synthesis of JIT compilers generates optimized at runtime, improving execution speed for packet processing and tasks without compromising kernel safety. For AI workloads, specialized loadable modules under the compute accelerators subsystem support hardware like GPUs and neural processing units (NPUs), enabling dynamic driver loading to accelerate and directly in kernel . These enhancements ensure modules adapt to emerging hardware demands while maintaining low-latency operations. Security challenges persist in integrating modularity with protective mechanisms, notably the kernel lockdown feature introduced in 5.4 in 2019. In lockdown mode—activated via the lockdown boot parameter with integrity or confidentiality levels—unsigned modules cannot be loaded, and operations like or are restricted to prevent tampering with the running kernel. This balance requires careful module signing and verification to preserve extensibility in secure environments without exposing vulnerabilities. Future trends point toward safer, verified modules tailored for IoT and , where resource constraints amplify risks from traditional loads. eBPF's verifier-enforced sandboxing is driving adoption as a preferred mechanism for edge extensions, offering crash-resistant programmability for real-time data processing on low-power devices. In networking specifically, eBPF is supplanting conventional modules for hooks like XDP () and TC (Traffic Control), providing safer, hot-swappable alternatives that reduce kernel bloat and enhance performance in distributed edge networks.

References

  1. https://docs.kernel.org/kbuild/modules.html
  2. https://tldp.org/HOWTO/Module-HOWTO/
  3. https://docs.kernel.org/kbuild/makefiles.html
  4. https://docs.kernel.org/admin-guide/module-signing.html
  5. https://linux-kernel-labs.github.io/refs/heads/master/labs/kernel_modules.html
  6. https://docs.oracle.com/cd/E36784_01/html/E36866/emjjr.html
  7. https://tldp.org/HOWTO/Module-HOWTO/x73.html
  8. https://man.freebsd.org/cgi/man.cgi?query=kld&sektion=4
  9. https://tldp.org/HOWTO/Module-HOWTO/individual.html
  10. https://bitsavers.org/pdf/sun/sunos/4.1/800-3851-10A_Writing_Device_Drivers_199003.pdf
  11. https://www.netbsd.org/changes/changes-0.9.html
  12. https://www.sans.org/blog/linux-incident-response-introduction-to-rootkits/
  13. https://www.kernel.org/doc/html/v4.15/admin-guide/module-signing.html
  14. http://www.cs.cmu.edu/~410-s07/lectures/L31_Structure.pdf
  15. https://www.andrew.cmu.edu/user/fts/master_thesis.pdf
  16. https://static.lwn.net/images/pdf/LDD3/ch04.pdf
  17. https://pdxscholar.library.pdx.edu/compsci_fac/251/
  18. https://www.academia.edu/125276313/Implementation_of_Loadable_Kernel_Modules_in_JOS
  19. https://www.kernel.org/doc/Documentation/process/stable-api-nonsense.rst
  20. https://lwn.net/Articles/986892/
  21. http://web.cecs.pdx.edu/~zhenkun/pub/cod-saner20.pdf
  22. https://lkml.indiana.edu/hypermail/linux/kernel/0303.1/0151.html
  23. http://csl.skku.edu/papers/spe10.pdf
  24. https://www.kernel.org/doc/man-pages/online/pages/man8/modprobe.8.html
  25. https://docs.kernel.org/admin-guide/kernel-parameters.html
  26. https://docs.kernel.org/process/license-rules.html
  27. https://lwn.net/Articles/13398/
  28. https://www.osnews.com/story/6860/linux-abusing-the-modulelicense-macro/
  29. https://www.kernel.org/
  30. https://source.android.com/docs/core/architecture/kernel
  31. https://www.freebsd.org/releases/2.0/notes/
  32. https://docs.freebsd.org/en/books/[handbook](/page/Handbook)/kernelconfig/
  33. https://man.freebsd.org/cgi/man.cgi?kldload
  34. https://docs.freebsd.org/en/books/handbook/kernelconfig/
  35. https://docs.freebsd.org/en/books/arch-handbook/driverbasics/
  36. https://man.freebsd.org/cgi/man.cgi?query=witness&sektion=4
  37. https://doc.pfsense.org/index.php/Tuning_and_Troubleshooting_Network_Cards
  38. https://docs.freebsd.org/en/books/porters-handbook/book/
  39. https://www.apriorit.com/dev-blog/430-macos-kext-development
  40. https://developer.apple.com/library/archive/documentation/Darwin/Conceptual/KernelProgramming/IOKit/IOKit.html
  41. https://developer.apple.com/documentation/systemextensions/implementing-drivers-system-extensions-and-kexts
  42. https://man.cx/kextload
  43. https://superuser.com/questions/47233/how-can-i-force-a-mac-os-x-kext-to-load-prior-to-login
  44. https://developer.apple.com/videos/play/wwdc2019/702/
  45. https://developer.apple.com/support/kernel-extensions/
  46. https://support.apple.com/guide/deployment/system-extensions-in-macos-depa5fb8376f/web
  47. https://support.apple.com/guide/security/securely-extending-the-kernel-sec8e454101b/web
  48. https://developer.apple.com/documentation/security/disabling-and-enabling-system-integrity-protection
  49. https://the-sequence.com/guide-for-apple-it-macos-system-and-kernel-extensions
  50. https://ldapwiki.com/wiki/Wiki.jsp?page=Solaris%20versions
  51. https://docs.oracle.com/cd/E88353_01/html/E72487/modload-8.html
  52. https://docs.oracle.com/cd/E26502_01/html/E29006/gdvku.html
  53. https://docs.oracle.com/cd/E19455-01/805-6331/sysdev-1/index.html
  54. https://docs.oracle.com/cd/E36784_01/html/E36867/kermod9-35590.html
  55. https://docs.oracle.com/en/operating-systems/solaris/oracle-solaris/11.4/kernel-zones/software-requirements-oracle-solaris-kernel-zones.html
  56. https://www.ibm.com/docs/ssw_aix_72/c_commands/cfgmgr.htm
  57. https://man.freebsd.org/cgi/man.cgi?query=kmadmin&sektion=1m&manpath=HP-UX%2B11.22
  58. https://www.oracle.com/technetwork/server-storage/solaris-all/1solaris11overview-1401005.pdf
  59. https://docs.oracle.com/cd/E19253-01/819-5461/6n7ht6r2k/index.html
  60. https://prefetch.net/presentations/SolarisFaultManagement_Presentation.pdf
  61. https://prex.jlab.org/wiki/images/8/86/Vxworks_programmers_guide5.5.pdf
  62. https://docs.raima.com/rdm/15_2/ug/dev/_vxw/vxw7Overview.htm
  63. https://labs.windriver.com/downloads/wrsdk-vxworks7-docs/Application-Developer-Guide.html
  64. https://home.mit.bme.hu/~meszaros/edu/embedded_systems/literature_files/3787.pdf
  65. https://www.usenix.org/legacy/publications/library/proceedings/sf94/full_papers/minshall.pdf
  66. https://ntrs.nasa.gov/api/citations/20200002390/downloads/20200002390.pdf
  67. https://publications.lib.chalmers.se/records/fulltext/124152.pdf
  68. https://www.qnx.com/developers/docs/7.1/#com.qnx.doc.neutrino.sys_arch/topic/dll.html
  69. http://www.qnx.net/developers/docs/6.4.0/neutrino/sys_arch/kernel.html
  70. https://bootlin.com/blog/managing-flash-storage-with-linux/
  71. https://ir.lib.nycu.edu.tw/bitstream/11536/12641/1/000235818400002.pdf
  72. https://www.oreilly.com/library/view/linux-device-drivers/0596000081/ch11s03.html
  73. https://wiki.freebsd.org/KernelModulePackages
  74. https://forums.developer.nvidia.com/t/linux-kernel-vs-nvidia-driver-version/287029
  75. https://docs.kernel.org/core-api/symbol-namespaces.html
  76. https://man7.org/linux/man-pages/man2/init_module.2.html
  77. https://man.freebsd.org/cgi/man.cgi?query=kldload&sektion=8
  78. https://linux.die.net/man/2/delete_module
  79. https://www.kernel.org/doc/html/latest/driver-api/basics.html
  80. https://man.freebsd.org/cgi/man.cgi?query=kldunload&sektion=8
  81. https://man7.org/linux/man-pages/man8/modprobe.8.html
  82. https://tldp.org/HOWTO/Module-HOWTO/basekerncompat.html
  83. https://man.freebsd.org/cgi/man.cgi?query=kldstat&sektion=8
  84. https://sites.cs.ucsb.edu/~chris/research/doc/2004_04.pdf
  85. https://www.giac.org/paper/gsec/935/kernel-rootkits/101864
  86. https://attack.mitre.org/techniques/T1547/006/
  87. https://inst.eecs.berkeley.edu/~cs161/fa06/Notes/cs161.1127.pdf
  88. https://www.elastic.co/security-labs/declawing-pumakit
  89. https://www.usenix.org/event/sec08/tech/full_papers/dalton/dalton.pdf
  90. https://www.isec.tugraz.at/wp-content/uploads/2024/09/09-kernel-exploitation.pdf
  91. https://ieeexplore.ieee.org/document/8729327/
  92. https://blog.cloudflare.com/linux-kernel-hardening/
  93. https://www.linuxjournal.com/content/most-critical-linux-kernel-breaches-2025-so-far
  94. https://www.kernel.org/doc/html/latest/admin-guide/module-signing.html
  95. https://support.apple.com/guide/security/kernel-extension-security-overview-secc1b4f2b1d/web
  96. https://docs.oracle.com/cd/E53394_01/html/E54828/sysauth-vb.html
  97. https://www.phoronix.com/news/MTIwNzk
  98. https://www.phoronix.com/news/Linux-Patch-Drop-SHA1-Mod-Sign
  99. https://docs.fedoraproject.org/en-US/fedora/f40/system-administrators-guide/kernel-module-driver-configuration/Working_with_Kernel_Modules/
  100. https://learn.microsoft.com/en-us/windows-hardware/drivers/install/driver-signing
  101. https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/7/html/kernel_administration_guide/chap-documentation-kernel_administration_guide-working_with_kernel_modules
  102. https://github.com/rhboot/pesign
  103. https://docs.kernel.org/virt/kvm/index.html
  104. https://aws.amazon.com/what-is/kvm/
  105. https://www.tigera.io/learn/guides/ebpf/
  106. https://ebpf.io/what-is-ebpf/
  107. https://github.com/libfuse/libfuse
  108. https://source.android.com/docs/core/architecture/kernel/generic-kernel-image
  109. https://pmc.ncbi.nlm.nih.gov/articles/PMC7363179/
  110. https://docs.kernel.org/accel/introduction.html
  111. https://www.kernel.org/doc/html/latest/admin-guide/kernel-parameters.html
  112. https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/8/html/configuring_and_managing_networking/assembly_understanding-the-ebpf-features-in-rhel-8_configuring-and-managing-networking
Add your contribution
Related Hubs
Contribute something
User Avatar
No comments yet.