Home PC Games Linux Windows Database Network Programming Server Mobile  
  Home \ Programming \ Linux module mechanism of     - SecureCRT 7.0 Log Ubuntu 12.04 server via SSH service under Vmware (Server)

- Installation Flow N Play- interface stylized video player on Ubuntu (Linux)

- Shell Script: Bulk add users, and set the random character password (Programming)

- How to Use Nmap security scanner tool on Linux (Linux)

- Effect MongoDB plan cache (Database)

- Java environment to build a number of issues (Linux)

- Nine artifact control disk partition under Linux (Linux)

- To set up the printer use Nagios Monitoring Server (Server)

- Oracle Listener can not start (TNS-12555, TNS-12560, TNS-00525) (Database)

- Linux iptables firewall settings to use (Linux)

- Java executable file to read information from a database copy (Programming)

- Linux C programming and Shell Programming in the development of practical tools similarities summary (Programming)

- Ubuntu 14.04 compile and install Apache (Server)

- Linux, grep, sed usage (Linux)

- Linux System Getting Started Learning: modify environment variables in Linux PATH (Linux)

- MySQL query optimization: profile function (Database)

- Shell command line operation (Linux)

- CentOS iptables firewall enabled (Linux)

- MySQL bulk insert data script (Database)

- Oracle rebuild index script (Database)

  Linux module mechanism of
  Add Date : 2018-11-21      
  Linux allows users to insert the module, the core purpose of the intervention. All along, the module mechanism of linux are not clear enough, so this paper loading mechanism for kernel module for simple analysis.

Module Hello World!

We tested this by creating a simple module. The first is the source file main.c and Makefile.

florian @ florian-pc: ~ / module $ cat main.c




static int __init init (void)


    printk ( "Hi module n!");

    return 0;



static void __exit exit (void)


    printk ( "! Bye module n");



module_init (init);

module_exit (exit);

Init module which is the entry function is called when the module is loaded executed, exit to exit function module, the module unload is called.

florian @ florian-pc: ~ / module $ cat Makefile

obj-m + = main.o

#generate the path

CURRENT_PATH: = $ (shell pwd)

#the current kernel version number

LINUX_KERNEL: = $ (shell uname -r)

#the absolute path

LINUX_KERNEL_PATH: = / usr / src / linux-headers - $ (LINUX_KERNEL)

#complie object


    make -C (LINUX K ERNEL P ATH) M = (CURRENT_PATH) modules



    make -C (LINUX K ERNEL P ATH) M = (CURRENT_PATH) clean

Wherein, obj-m specifies the name of the target file, the file name and need the same source file name (except extension) to automatically derive to make.

Then use the make command to compile the module, the module files get main.ko.

florian @ florian-pc: ~ / module $ make

make -C /usr/src/linux-headers-2.6.35-22-generic M = / home / florian / module modules

make [1]: moving into the directory `/usr/src/linux-headers-2.6.35-22-generic '

  Building modules, stage 2.

  MODPOST 1 modules

make [1]: Leaving directory `/usr/src/linux-headers-2.6.35-22-generic '

Using insmod and rmmod command module loading and unloading operations, and use the dmesg prints the kernel log.

florian @ florian-pc: ~ / module $ sudo insmod main.ko; dmesg | tail -1

[31077.810049] Hi module!


florian @ florian-pc: ~ / module $ sudo rmmod main.ko; dmesg | tail -1

[31078.960442] Bye module!

By kernel log information, you can see the entry function and exit function modules are properly called.

Module file

Use readelf check command module file main.ko information.

florian @ florian-pc: ~ / module $ readelf -h main.ko

ELF Header:

  Magic: 7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00

  Class: ELF32

  Data: 2's complement, little endian

  Version: 1 (current)

  OS / ABI: UNIX - System V

  ABI Version: 0

  Type: REL (Relocatable file)

  Machine: Intel 80386

  Version: 0x1

  Entry point address: 0x0

  Start of program headers: 0 (bytes into file)

  Start of section headers: 1120 (bytes into file)

  Flags: 0x0

  Size of this header: 52 (bytes)

  Size of program headers: 0 (bytes)

  Number of program headers: 0

  Size of section headers: 40 (bytes)

  Number of section headers: 19

  Section header string table index: 16

We found main.ko file type is relocatable object files, and this general object file format without any distinction. We know that the target file can not be executed directly, it needs to go through the link's address space allocation, symbol resolution and relocation process into an executable file to run.

Then, after loading the kernel will main.ko, whether it be a link?

Module data structure

First, we look at the kernel data structure of the module.

linux3.5.2 / kernel / module.h: 220

struct module



    / * Startup function. * /

    int (* init) (void);


    / * Destruction function. * /

    void (* exit) (void);



init and exit module function pointer data structures record of our custom module entry function and exit function.

Module is loaded

Module is loaded by the kernel calls init_module complete system.

linux3.5.2 / kernel / module.c: 3009

/ * This is where the real work happens * /

SYSCALL_DEFINE3 (init_module, void __user *, umod,

      unsigned long, len, const char __user *, uargs)


    struct module * mod;

    int ret = 0;


    / * Do all the hard work * /

    mod = load_module (umod, len, uargs); // load module


    / * Start the module * /

    if (mod-> init! = NULL)

      ret = do_one_initcall (mod-> init); // init module function calls


    return 0;


System call init_module by the SYSCALL_DEFINE3 (init_module ...) implementation, which has two key function calls. load_module means for loading, do_one_initcall for init callback module.

Load_module implemented as a function.

linux3.5.2 / kernel / module.c: 2864

/ * Allocate and load the module: note that size of section 0 is always

  zero, and we rely on this for optional sections. * /

static struct module * load_module (void __user * umod,

                unsigned long len,

                const char __user * uargs)


    struct load_info info = {NULL,};

    struct module * mod;

    long err;


    / * Copy in the blobs from userspace, check they are vaguely sane. * /

    err = copy_and_check (& ​​info, umod, len, uargs); // copy the kernel

    if (err)

      return ERR_PTR (err);

    / * Figure out module layout, and allocate all the memory. * /

    // Address space allocation; mod = layout_and_allocate (& info)

    if (IS_ERR (mod)) {

      err = PTR_ERR (mod);

      goto free_copy;



    / * Fix up syms, so that st_value is a pointer to location. * /

    err = simplify_symbols (mod, & info); // symbol resolution

    if (err <0)

      goto free_modinfo;

    err = apply_relocations (mod, & info); // Relocation

    if (err <0)

      goto free_modinfo;



There are four key functions within load_module function calls. copy_and_check module is copied from user space to kernel space, layout_and_allocate for the module address space allocation, simplify_symbols the module symbol resolution, apply_relocations the module relocation.

Thus, when the module is loaded, the kernel module file for the process carried out main.ko link!

As a function of do_one_initcall implementation is relatively simple.

linux3.5.2 / kernel / init.c: 673

int __init_or_module do_one_initcall (initcall_t fn)


    int count = preempt_count ();

    int ret;

    if (initcall_debug)

      ret = do_one_initcall_debug (fn);


      ret = fn (); // call init module


    return ret;


That calls the entry function init module.

Module unload

Module unload call delete_module completed by the kernel.

linux3.5.2 / kernel / module.c: 768

SYSCALL_DEFINE2 (delete_module, const char __user *, name_user,

        unsigned int, flags)


    struct module * mod;

    char name [MODULE_NAME_LEN];

    int ret, forced = 0;


    / * Final destruction now no one is using it. * /

    if (mod-> exit! = NULL)

      mod-> exit (); // calls exit module


    free_module (mod); // unload the module



Exit through a callback function to complete the export function module, the module unload free_module last call.

in conclusion

It seems that the kernel module is not mysterious. Traditional user program needs to be compiled into an executable program to perform, and the module needs to be compiled only program in the form of object files can be loaded into the kernel, there are links to kernel modules to achieve, it will be transformed into executable code. At the same time, the kernel loading and unloading process, the entry function and exit function modules by user-defined callback module, the corresponding function.
- Talk about the Linux ABI compatibility Application (Linux)
- How to convert images, audio and video formats on Ubuntu (Linux)
- Fedora 22 installation and configuration optimization (Linux)
- How to achieve SSH without password login (Server)
- Memcached distributed caching (Server)
- Binary tree to the next node (Programming)
- Disable unnecessary services under Linux (Linux)
- Sysdig: system troubleshooting tool (Linux)
- How to use the TF / SD card making Exynos 4412 u-boot boot disk in Mac (Linux)
- Linux, MySQL root privilege escalation another method (Linux)
- Build Docker based MongoDB replication cluster environment (Database)
- grep command usage (Linux)
- Memory leak analysis using Android studio (Programming)
- MySQL backup tool to back up mydumper (Database)
- Oracle query start with connect by tree (Database)
- CentOS7 install MySQL5.6.22 (Linux)
- Distributed File System FastDFS deployment (Server)
- CentOS 6.5 can not connect to the network under VMware (Linux)
- How to build Memcached Docker container (Server)
- Git delete files (Linux)
  CopyRight 2002-2020 newfreesoft.com, All Rights Reserved.