Skip to content
Unix System Programming

7.1 LKM

https://www.geeksforgeeks.org/insmod-command-in-linux-with-examples/

https://www.geeksforgeeks.org/difference-between-printk-and-printf-in-linux/

https://blog.sourcerer.io/writing-a-simple-linux-kernel-module-d9dc3762c234

1. Loadable Kernel Module (LKM) ?

LKM stands for Loadable Kernel Module. It’s a way to add functionality to the Linux kernel without rebooting or recompiling the whole kernel. You can think of it like a plugin for the kernel — you load it when you need it, and unload it when you’re done.

🧠 Why use LKM?

  • Add device drivers (e.g. USB or network drivers)
  • Extend kernel functionality (e.g. file systems, system calls)
  • Debugging or monitoring tools

1.1 ✅ Simple Example: “Hello, Kernel!”

This is a minimal example of a kernel module that prints a message when it’s loaded and unloaded.

hello.c
#include <linux/module.h>   // Needed by all modules
#include <linux/kernel.h>   // Needed for KERN_INFO
#include <linux/init.h>     // Needed for the macros


static int __init hello_init(void) {
    printk(KERN_INFO "Hello, Kernel!\n");
    return 0;
}


static void __exit hello_exit(void) {
    printk(KERN_INFO "Goodbye, Kernel!\n");
}


module_init(hello_init);
module_exit(hello_exit);


MODULE_LICENSE("GPL");
MODULE_AUTHOR("You");
MODULE_DESCRIPTION("A simple Hello World LKM");

🔧 To Compile:

Create a Makefile:

obj-m += hello.o


all:
  make -C /lib/modules/$(shell uname -r)/build M=$(PWD) modules


clean:
  make -C /lib/modules/$(shell uname -r)/build M=$(PWD) clean

Then run:

Terminal window
make

📦 To Load and Unload:

Terminal window
sudo insmod hello.ko   # Load the module
dmesg | tail           # Check kernel log


sudo rmmod hello       # Remove the module
dmesg | tail           # See unload message

2. Useful Commands

2.1 lsmod

  • Used for: Listing currently loaded kernel modules.
  • Details: Shows module name, size, and usage count. Useful to check if a module is already active.

2.2 insmod

  • Used for: Inserting (loading) a kernel module into the Linux kernel.
  • Details: Loads a .ko (kernel object) file into the kernel. Requires root privileges. Does not resolve dependencies.

2.3 rmmod

  • Used for: Removing a kernel module from the Linux kernel.
  • Details: Unloads a module that was loaded with insmod. Must not be in use by anything (use lsmod to check).

2.4 printk()

  • Used for: Printing messages from the kernel (like printf() in user-space).
  • Details: Outputs to the kernel log buffer, viewable via dmesg or /var/log/syslog. Useful for kernel debugging.

2.5 struct sk_buff

  • Used for: Representing network packets in the Linux kernel networking stack.
  • Details: Short for “socket buffer”. It’s a central data structure in kernel networking code, handling data transmission and reception.

2.6 tail -f

  • Used for: Continuously monitoring the end of a file.
  • Details: Commonly used to live-view log files, like /var/log/syslog. Keeps showing new lines as they are added.

2.7 /var/log/syslog

  • Used for: Storing general system logs.
  • Details: Contains messages from the kernel and various system services. Essential for debugging and monitoring system behavior.

2.8 dmesg

  • Used for: Displaying the kernel ring buffer (kernel messages).
  • Details: Shows boot-time messages and kernel-level logs like device initialization, driver messages, and printk() output.