Abhik Sarkar's avatar

Linux Kernel Modules: Extending the Kernel at Runtime

Master Linux kernel modules through interactive visualizations. Learn how to load, unload, develop, and debug kernel modules that extend Linux functionality.

15 min|linuxkerneldrivers
Best viewed on desktop for optimal interactive experience

The Kernel's Plugin System

Imagine if you had to rebuild your entire operating system kernel every time you wanted to add support for a new device or filesystem. That was the reality in early Unix systems. Linux kernel modules changed everything by introducing a plugin system for the kernel—allowing you to extend kernel functionality on the fly without rebooting.

Kernel modules are like LEGO blocks for your operating system. Each module is a piece of code that can be snapped into the running kernel to add new capabilities: device drivers, filesystems, network protocols, or security features. When you plug in a USB device or mount an exotic filesystem, kernel modules spring into action.

Module vs Built-in: The Trade-off

When configuring a Linux kernel, you face a choice for each feature: compile it into the kernel (y), build as a module (m), or leave it out (n). This decision has real consequences.

Module vs Built-in: The Trade-off

Understanding kernel configuration choices (y/m/n)

In make menuconfig:
[*] yBuilt-in
[M] mModule
[ ] nDisabled
y

Built-in

Compiled into vmlinuz

Boot Impact

Adds ~200KB to kernel

Runtime Performance

Zero load time

Memory Usage

Always in memory (~300KB)

Flexibility

Requires kernel recompile

Best For

Root filesystem (must be available at boot)

m

Module

Separate .ko file

Boot Impact

Not loaded at boot

Runtime Performance

~5ms to load

Memory Usage

Only when mounted

Flexibility

Update without reboot

Best For

Secondary storage, external drives

The Decision Rule

Use built-in when the feature must be available before the root filesystem is mounted (root fs driver, essential boot hardware). Use modules for everything else—they keep your kernel smaller and more flexible.

Most distributions compile almost everything as modules for maximum hardware compatibility.

Interactive Kernel Modules Explorer

Explore how kernel modules work, their lifecycle, dependencies, and development process:

Linux Kernel Modules

What are Kernel Modules?

Kernel modules are pieces of code that can be loaded and unloaded into the kernel on demand. They extend kernel functionality without requiring a reboot.

Dynamic Loading
Load drivers and features as needed
Memory Efficient
Only load what you need
No Reboot Required
Add/remove features on the fly
Kernel Space Access
Full hardware and kernel access
Common Module Types
Filesystems
Device Drivers
Security
Network

Module Management Commands

lsmod
List loaded modules
modinfo module_name
Show module information
insmod module.ko
Insert module (low-level)
modprobe module_name
Load module with dependencies
rmmod module_name
Remove module
depmod -a
Generate module dependencies
Module Locations
/lib/modules/$(uname -r)/
# Current kernel modules
/lib/modules/$(uname -r)/kernel/
# Built-in kernel modules
/lib/modules/$(uname -r)/updates/
# Updated modules
/lib/modules/$(uname -r)/extra/
# Third-party modules

Module Security and Signing

Modern systems with Secure Boot won't load unsigned modules. This is why your freshly compiled module might fail with "Required key not available". Here's what's happening and how to fix it:

Module Signing with Secure Boot

How unsigned modules fail and how to sign them

Secure Boot:
1. Compile Module

Build module from source

$ make -C /lib/modules/$(uname -r)/build M=$PWD
2. Generate MOK

Create Machine Owner Key pair

$ openssl req -new -x509 -newkey rsa:2048 -keyout MOK.priv -out MOK.der
3. Sign Module

Sign with MOK private key

$ /usr/src/linux/scripts/sign-file sha256 MOK.priv MOK.der hello.ko
4. Enroll Key

Import MOK into UEFI

$ mokutil --import MOK.der
5. Reboot & Accept

Accept key in shim menu

$ # System reboot → MokManager → Enroll MOK
6. Load Module

Module loads successfully

$ insmod hello.ko

Without Signing:

$ insmod hello.ko
insmod: ERROR: could not insert module hello.ko:
Required key not available

Secure Boot requires all kernel modules to be signed with a trusted key. Click "Animate" to see the full signing process.

What is MOK?

Machine Owner Key is your personal signing key that you enroll in UEFI. It extends the Secure Boot trust chain to include your own modules without disabling security.

DKMS Auto-Signs

Many distributions automatically sign DKMS modules (like VirtualBox, NVIDIA) during installation. If you use DKMS, signing is often handled for you.

The Tainted Kernel Mystery

Ever seen a number after cat /proc/sys/kernel/tainted and wondered what it means? That number is a bitmap of "taint flags" that indicate unusual conditions in your kernel.

The Tainted Kernel Mystery

Understanding what kernel taint flags mean

$ cat /proc/sys/kernel/tainted
4097
PO

Click flags to toggle

Common flags are highlighted

Active Taint Flags Explained

PProprietary

Proprietary module loaded

Example: nvidia, broadcom-wl

OOut-of-tree

Out-of-tree module loaded

Example: vboxdrv, zfs, custom modules

Why Taint Matters

  • • Kernel bug reports may be ignored
  • • Support from distro vendors limited
  • • Some features may refuse to work
  • • Debugging becomes harder

Common and Harmless

  • P - nvidia/broadcom drivers (normal)
  • O - VirtualBox, ZFS (expected)
  • E - DKMS modules (typical)
  • I - ACPI workarounds (benign)

Real-World Tip

Seeing P+O+E on a desktop with NVIDIA graphics and VirtualBox is completely normal. Kernel developers only worry about taint flags when debugging kernel crashes—for daily use, these are fine.

Quick Reference: Module Commands

# List loaded modules
lsmod

# Module information
modinfo ext4

# Load/unload modules
insmod module.ko           # Manual load (no dependency handling)
rmmod module_name          # Remove module
modprobe module_name       # Smart load with dependencies
modprobe -r module_name    # Remove with dependencies

# Rebuild dependency database
depmod -a

Module Configuration

# Blacklist a module (/etc/modprobe.d/blacklist.conf)
blacklist pcspkr

# Set module parameters (/etc/modprobe.d/options.conf)
options i915 enable_fbc=1

# Load at boot (/etc/modules-load.d/modules.conf)
nvidia

Debugging Modules

# View kernel messages
dmesg | tail -50
journalctl -k -f

# Enable dynamic debug
echo 'module mymodule +p' > /sys/kernel/debug/dynamic_debug/control

# Check module state
cat /proc/modules

Common Issues

ErrorCauseSolution
FATAL: Module not foundModule not installedCheck /lib/modules/$(uname -r)/
Required key not availableSecure Boot enforcementSign module or disable Secure Boot
Unknown symbolMissing dependencyLoad required modules first
Module in useReference count > 0Stop processes using the module
Exec format errorVersion mismatchRebuild against current kernel

Key Takeaways

Kernel Modules Essentials

• Dynamic Loading: Add features without reboot

• Module vs Built-in: Trade-off between flexibility and boot requirements

• Secure Boot: Requires signed modules or MOK enrollment

• Taint Flags: P+O+E is normal for desktops

• Use modprobe: Handles dependencies automatically

• Check dmesg: First place to look when things go wrong

Kernel Architecture

How modules integrate with core kernel subsystems

Init Systems

Boot-time module loading with systemd

Filesystems

Filesystem modules like ext4, xfs, btrfs

FUSE Filesystem

Userspace filesystems that bypass kernel modules

If you found this explanation helpful, consider sharing it with others.

Mastodon