Home PC Games Linux Windows Database Network Programming Server Mobile  
  Home \ Programming \ Linux module mechanism of     - Process safety monitoring and protection under the Linux operating system (Linux)

- Tomcat installation under Linux (Server)

- rsync server set up (Server)

- To install the iNode client on UbuntuKylin 13.10 (Linux)

- Node.js form --formidable (Programming)

- Linux operating system security can not be ignored (Linux)

- Depth study and understanding for individual users suicide DDoS attacks (Linux)

- Java polymorphic methods inside constructors complete analysis (Programming)

- Apache Mina framework Practice (Programming)

- Android Action Compendium (Programming)

- CentOS 6.6 shortcut command execution (Linux)

- Linux Variable content removal and replacement (Linux)

- RHEL5.x RHEL6.x replace CentOS yum source (Linux)

- Analysis of native Java keywords (Programming)

- Linux environment SSH login password instead of using the RSA Certificate (Linux)

- C ++ Learning Notes: references (Programming)

- Ubuntu 14.04 installed NVIDIA graphics driver (Linux)

- Linux system security knowledge (Linux)

- DBCA Error: ORA-19809: limit exceeded for recovery files process (Database)

- SecureCRT 7.0 Log Ubuntu 12.04 server via SSH service under Vmware (Server)

  Linux module mechanism of
  Add Date : 2018-11-21      
  Linux allows users to insert the module, the core purpose of the intervention. All along, the module mechanism of linux are not clear enough, so this paper loading mechanism for kernel module for simple analysis.

Module Hello World!

We tested this by creating a simple module. The first is the source file main.c and Makefile.

florian @ florian-pc: ~ / module $ cat main.c




static int __init init (void)


    printk ( "Hi module n!");

    return 0;



static void __exit exit (void)


    printk ( "! Bye module n");



module_init (init);

module_exit (exit);

Init module which is the entry function is called when the module is loaded executed, exit to exit function module, the module unload is called.

florian @ florian-pc: ~ / module $ cat Makefile

obj-m + = main.o

#generate the path

CURRENT_PATH: = $ (shell pwd)

#the current kernel version number

LINUX_KERNEL: = $ (shell uname -r)

#the absolute path

LINUX_KERNEL_PATH: = / usr / src / linux-headers - $ (LINUX_KERNEL)

#complie object


    make -C (LINUX K ERNEL P ATH) M = (CURRENT_PATH) modules



    make -C (LINUX K ERNEL P ATH) M = (CURRENT_PATH) clean

Wherein, obj-m specifies the name of the target file, the file name and need the same source file name (except extension) to automatically derive to make.

Then use the make command to compile the module, the module files get main.ko.

florian @ florian-pc: ~ / module $ make

make -C /usr/src/linux-headers-2.6.35-22-generic M = / home / florian / module modules

make [1]: moving into the directory `/usr/src/linux-headers-2.6.35-22-generic '

  Building modules, stage 2.

  MODPOST 1 modules

make [1]: Leaving directory `/usr/src/linux-headers-2.6.35-22-generic '

Using insmod and rmmod command module loading and unloading operations, and use the dmesg prints the kernel log.

florian @ florian-pc: ~ / module $ sudo insmod main.ko; dmesg | tail -1

[31077.810049] Hi module!


florian @ florian-pc: ~ / module $ sudo rmmod main.ko; dmesg | tail -1

[31078.960442] Bye module!

By kernel log information, you can see the entry function and exit function modules are properly called.

Module file

Use readelf check command module file main.ko information.

florian @ florian-pc: ~ / module $ readelf -h main.ko

ELF Header:

  Magic: 7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00

  Class: ELF32

  Data: 2's complement, little endian

  Version: 1 (current)

  OS / ABI: UNIX - System V

  ABI Version: 0

  Type: REL (Relocatable file)

  Machine: Intel 80386

  Version: 0x1

  Entry point address: 0x0

  Start of program headers: 0 (bytes into file)

  Start of section headers: 1120 (bytes into file)

  Flags: 0x0

  Size of this header: 52 (bytes)

  Size of program headers: 0 (bytes)

  Number of program headers: 0

  Size of section headers: 40 (bytes)

  Number of section headers: 19

  Section header string table index: 16

We found main.ko file type is relocatable object files, and this general object file format without any distinction. We know that the target file can not be executed directly, it needs to go through the link's address space allocation, symbol resolution and relocation process into an executable file to run.

Then, after loading the kernel will main.ko, whether it be a link?

Module data structure

First, we look at the kernel data structure of the module.

linux3.5.2 / kernel / module.h: 220

struct module



    / * Startup function. * /

    int (* init) (void);


    / * Destruction function. * /

    void (* exit) (void);



init and exit module function pointer data structures record of our custom module entry function and exit function.

Module is loaded

Module is loaded by the kernel calls init_module complete system.

linux3.5.2 / kernel / module.c: 3009

/ * This is where the real work happens * /

SYSCALL_DEFINE3 (init_module, void __user *, umod,

      unsigned long, len, const char __user *, uargs)


    struct module * mod;

    int ret = 0;


    / * Do all the hard work * /

    mod = load_module (umod, len, uargs); // load module


    / * Start the module * /

    if (mod-> init! = NULL)

      ret = do_one_initcall (mod-> init); // init module function calls


    return 0;


System call init_module by the SYSCALL_DEFINE3 (init_module ...) implementation, which has two key function calls. load_module means for loading, do_one_initcall for init callback module.

Load_module implemented as a function.

linux3.5.2 / kernel / module.c: 2864

/ * Allocate and load the module: note that size of section 0 is always

  zero, and we rely on this for optional sections. * /

static struct module * load_module (void __user * umod,

                unsigned long len,

                const char __user * uargs)


    struct load_info info = {NULL,};

    struct module * mod;

    long err;


    / * Copy in the blobs from userspace, check they are vaguely sane. * /

    err = copy_and_check (& ​​info, umod, len, uargs); // copy the kernel

    if (err)

      return ERR_PTR (err);

    / * Figure out module layout, and allocate all the memory. * /

    // Address space allocation; mod = layout_and_allocate (& info)

    if (IS_ERR (mod)) {

      err = PTR_ERR (mod);

      goto free_copy;



    / * Fix up syms, so that st_value is a pointer to location. * /

    err = simplify_symbols (mod, & info); // symbol resolution

    if (err <0)

      goto free_modinfo;

    err = apply_relocations (mod, & info); // Relocation

    if (err <0)

      goto free_modinfo;



There are four key functions within load_module function calls. copy_and_check module is copied from user space to kernel space, layout_and_allocate for the module address space allocation, simplify_symbols the module symbol resolution, apply_relocations the module relocation.

Thus, when the module is loaded, the kernel module file for the process carried out main.ko link!

As a function of do_one_initcall implementation is relatively simple.

linux3.5.2 / kernel / init.c: 673

int __init_or_module do_one_initcall (initcall_t fn)


    int count = preempt_count ();

    int ret;

    if (initcall_debug)

      ret = do_one_initcall_debug (fn);


      ret = fn (); // call init module


    return ret;


That calls the entry function init module.

Module unload

Module unload call delete_module completed by the kernel.

linux3.5.2 / kernel / module.c: 768

SYSCALL_DEFINE2 (delete_module, const char __user *, name_user,

        unsigned int, flags)


    struct module * mod;

    char name [MODULE_NAME_LEN];

    int ret, forced = 0;


    / * Final destruction now no one is using it. * /

    if (mod-> exit! = NULL)

      mod-> exit (); // calls exit module


    free_module (mod); // unload the module



Exit through a callback function to complete the export function module, the module unload free_module last call.

in conclusion

It seems that the kernel module is not mysterious. Traditional user program needs to be compiled into an executable program to perform, and the module needs to be compiled only program in the form of object files can be loaded into the kernel, there are links to kernel modules to achieve, it will be transformed into executable code. At the same time, the kernel loading and unloading process, the entry function and exit function modules by user-defined callback module, the corresponding function.
- Ubuntu 15.04 installation Powercommands 2.0 (Linux)
- Redis logging system (Database)
- Use OpenSSL carried BASE64 encoding and decoding (Linux)
- Sudo and Root Account in Ubuntu related (Linux)
- Recover accidentally deleted Nginx logs (Server)
- Linux folder and extract the differential file comparison techniques -rsync Magical (Linux)
- Linux Operating System Security Management Experience (Linux)
- To setup Cocos2dx project under Ubuntu (Linux)
- Getting Started with Linux: Learn how to upgrade Docker in Ubuntu (Server)
- GCC and gfortran write MEX program (Matlab2012a) under Ubuntu 14.04 (Programming)
- Java implementation chain store binary tree (Programming)
- About ORA-02391 solution (Database)
- Ubuntu configuration SVN and http mode access (Server)
- Using Vagrant to build multi-platform environment (Server)
- Ubuntu Control Panel to resolve network-manager icon display issue (Linux)
- LVM basic concepts, management (Linux)
- Change CentOS 7 NIC name eno16777736 to eth0 (Linux)
- Nginx Keepalived Nginx monitoring scripts (Server)
- KVM virtualization of nested virtualization (Linux)
- Analysis of Java in the deep copy and shallow copy (Programming)
  CopyRight 2002-2022 newfreesoft.com, All Rights Reserved.