LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

loadable kernel modules are evil

loadable kernel modules are evil

Posted Dec 2, 2011 19:15 UTC (Fri) by giraffedata (subscriber, #1954)
In reply to: Quotes of the week by gidoca
Parent article: Quotes of the week

Right. In addition to saying not to compile modules you don't use, he said to statically link the ones that you do compile into the base kernel. With the reduced amount, that is practical and it has the benefit that no hacker can change the code.

I'm sure he didn't mean for it to apply to someone developing the module, though.

Also, it seems like a poor idea to test kernel code on a system important enough to care about security. I always use a separate expendable, impotent, minimal test system for that. In fact, it's about as quick and easy to reboot that test system as to reload a module.

(Log in to post comments)

loadable kernel modules are evil

Posted Dec 2, 2011 21:52 UTC (Fri) by marcH (subscriber, #57642) [Link]

> I'm sure he didn't mean for it to apply to someone developing the module, though.

What makes you sure? Other quotes?

> In fact, it's about as quick and easy to reboot that test system as to reload a module

How long is that?

loadable kernel modules are evil

Posted Dec 2, 2011 22:41 UTC (Fri) by giraffedata (subscriber, #1954) [Link]

I'm sure he didn't mean for it to apply to someone developing the module, though.
What makes you sure? Other quotes?
Only that I credit Linus with common sense and because Linus, like most people, but more, often makes terse, sweeping generalizations that aren't intended to cover every corner case.
In fact, it's about as quick and easy to reboot that test system as to reload a module
How long is that?

Now that you make me think about it, my own experience doesn't make the point. I use loadable modules, and I'm including in the time to reload the module the time it takes to generate it. If I have to reboot, the system is generally insmod-ready by the time I have the next iteration of the module ready. (On my ancient hardware, it's 20 seconds).

On modern hardware, I suspect I could get a kernel test system up in a few seconds. Maybe that changes the equation to where statically binding your test code into the base kernel is as fast and easy as loading it dynamically.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds