Difference between revisions of "LKM"
Line 4: | Line 4: | ||
{{warning|LKMs interact with your system on the kernel level, executing with the highest possible level of privilege. A poorly-designed kernel module may make your OS unstable, corrupt your filesystem and even brick your computer. You have been warned.}} | {{warning|LKMs interact with your system on the kernel level, executing with the highest possible level of privilege. A poorly-designed kernel module may make your OS unstable, corrupt your filesystem and even brick your computer. You have been warned.}} | ||
− | + | , in the kernel. | |
__TOC__ | __TOC__ | ||
Line 34: | Line 34: | ||
== Differences from normal C programming == | == Differences from normal C programming == | ||
+ | |||
+ | Although written in C, there are several differences you should keep in mind before you begin writing your first module. | ||
+ | |||
+ | *There is no standard entry point for an LKM - no main() function. Instead, an initialiation function runs and terminates when the module is first loaded, setting itself up to handle any requests it receives - an event-driven model. | ||
+ | |||
+ | *LKMs operate at a much higher level of privilege than userland programs. In addition to being able to do and access more, this means that they are assigned higher priority when handing out CPU cycles and resources. A poorly-written LKM can easily consume too much of a machine's processing power for anything else to function properly. | ||
= Creating character devices = | = Creating character devices = |
Revision as of 21:44, 21 June 2016
LKM stands for "Linux Kernel Module" or "Loadable Kernel Module". As the name implies, it is a way to allow code to interact directly with the kernel and extend its functionality. The ability to insert modular components into the kernel allows it to remain relatively lightweight, as it does not need to include every driver ever created. The ability to load modules on-the-fly also saves us from having to recompile every time a change needs to be made.
It goes without saying that you need root to modify the kernel. With this restriction in mind, however, LKMs can be very powerful if used correctly, since the kernel operates under significantly elevated privileges compared to userland. In particular, the functionality provided by extending the kernel can be used to great effect in the development of Rootkits.
LKMs interact with your system on the kernel level, executing with the highest possible level of privilege. A poorly-designed kernel module may make your OS unstable, corrupt your filesystem and even brick your computer. You have been warned. |
, in the kernel.
Contents
You can see a list of currently loaded kernel modules in two ways:
$ lsmod $ cat /proc/modules |
You can (as root) add new modules to your kernel with the insmod and rmmod commands:
$ insmod modname.ko $ rmmod modname |
These two utilities provide a simple, clean way to insert or remove modules from the kernel. If you need more advanced control over the insertion, removal and alteration of modules in the kernel, use the more fully-featured modprobe utility instead.
Writing a basic LKM
Linux kernel modules are written in C and compiled from one or more source files into a kernel object (.ko) file. In order to write an LKM, you will need a strong grasp of the fundamentals of C programming and at least a basic understanding of the way linux manages files, processes and devices.
Differences from normal C programming
Although written in C, there are several differences you should keep in mind before you begin writing your first module.
- There is no standard entry point for an LKM - no main() function. Instead, an initialiation function runs and terminates when the module is first loaded, setting itself up to handle any requests it receives - an event-driven model.
- LKMs operate at a much higher level of privilege than userland programs. In addition to being able to do and access more, this means that they are assigned higher priority when handing out CPU cycles and resources. A poorly-written LKM can easily consume too much of a machine's processing power for anything else to function properly.
Creating character devices
Device operations
Hooking system calls
See also
The Linux Kernel Module Programming Guide- an outdated but solid tutorial covering many of the concepts that will help you to understand the linux kernel.