Linux kernel module information

Managing Linux Kernel Modules

The Linux kernel is the core of the Linux operating system. It contains the main components to address the hardware and allows both communication and interaction between the user and the hardware. The Linux kernel is not a monolithic system but quite flexible, and the kernel is extended by so-called kernel modules.

What is a kernel module?

In general, a kernel module is a “piece of code that can be loaded and unloaded into the kernel upon demand. They extend the functionality of the kernel without the need to reboot the system” [1]. This leads to very great flexibility during operation.

Furthermore, “a kernel module can be configured as built-in or loadable. To dynamically load or remove a module, it has to be configured as a loadable module in the kernel configuration” [1]. This is done in the kernel source file /usr/src/linux/.config [2]. Built-in modules are marked with “y” and loadable modules with “m”. As an example, listing 1 demonstrates this for the SCSI module:

Listing 1: SCSI module usage declaration

CONFIG_SCSI =y # built-in module

CONFIG_SCSI =m # loadable module

# CONFIG_SCSI # variable is not set

We do not recommend editing the configuration file directly, but to use either the command “make config”, “make menuconfig”, or “make xconfig” to define the usage of the corresponding module in the Linux kernel.

Module commands

The Linux system comes with a number of different commands to handle kernel modules. This includes listing the modules currently loaded into the Linux kernel, displaying module information, as well as loading and unloading kernel modules. Below we will explain these commands in more detail.

For the current Linux kernels, the following commands are provided by the kmod package [3]. All the commands are symbolic links to kmod.

The list currently loaded modules with lsmod

We start with the lsmod command. lsmod abbreviates “list modules” and displays all modules currently loaded into the Linux kernel by nicely formatting the contents of the file /proc/modules. Listing 2 shows its output that consists of three columns: module name, the size used in memory, and other kernel modules that use this specific one.

snd_seq_device 13132 1 snd_seq

Find available modules for your current kernel

There might be kernel modules available that you are not aware of yet. They are stored in the directory /lib/modules. With the help of find, combined with the uname command, you can print a list of these modules. “uname -r” just prints the version of the currently running Linux kernel. Listing 3 demonstrates this for an older 3.16.0-7 Linux

kernel, and shows modules for IPv6 and IRDA.

Listing 3: Displaying available modules (selection)

$ find / lib / modules / $ ( uname -r ) -name ‘*.ko’

/ lib / modules / 3.16.0- 7 -amd64 / kernel / net / ipv6 / ip6_vti.ko

/ lib / modules / 3.16.0- 7 -amd64 / kernel / net / ipv6 / xfrm6_tunnel.ko

/ lib / modules / 3.16.0- 7 -amd64 / kernel / net / ipv6 / ip6_tunnel.ko

/ lib / modules / 3.16.0- 7 -amd64 / kernel / net / ipv6 / ip6_gre.ko

/ lib / modules / 3.16.0- 7 -amd64 / kernel / net / irda / irnet / irnet.ko

/ lib / modules / 3.16.0- 7 -amd64 / kernel / net / irda / irlan / irlan.ko

/ lib / modules / 3.16.0- 7 -amd64 / kernel / net / irda / irda.ko

/ lib / modules / 3.16.0- 7 -amd64 / kernel / net / irda / ircomm / ircomm.ko

/ lib / modules / 3.16.0- 7 -amd64 / kernel / net / irda / ircomm / ircomm-tty.ko

Display module information using modinfo

The command modinfo tells you more about the requested kernel module (“module information”). As a parameter, modinfo requires either the full module path or simply the module name. Listing 4 demonstrates this for the IrDA kernel module dealing with the Infrared Direct Access protocol stack.

Listing 4: Display module information

filename: / lib / modules / 3.16.0- 7 -amd64 / kernel / net / irda / irda.ko

description: The Linux IrDA Protocol Stack

author: Dag Brattli < dagb @ cs.uit.no >& Jean Tourrilhes

vermagic: 3.16.0- 7 -amd64 SMP mod_unload modversions

The output contains different information fields such as the full path for the kernel module, its alias name, software license, module description, authors, as well as kernel internals. The field “depends” shows which other kernel modules it depends on.

The information fields differ from module to module. In order to limit the output to a specific information field, modinfo accepts the parameter “-F” (short for “–field”) followed by the field name. In Listing 5, the output is limited to the license information made available using the license field.

Listing 5: Display a specific field only.

$ / sbin / modinfo -F license irda

In newer Linux kernels, a useful security feature is available. This covers cryptographically signed kernel modules. As explained on the Linux kernel project website [4], “this allows increased kernel security by disallowing the loading of unsigned modules or modules

signed with an invalid key. Module signing increases security by making it harder to load a malicious module into the kernel. The module signature checking is done by the kernel so that it is not necessary to have “trusted userspace bits.” The figure below shows this for the

parport_pc module.