01—Linux ArchitectureThe Linux architecture can be divided into user space and kernel space, which interact with each other through the system call interface.The so-called System Call Interface is a mature interface predefined by the Linux kernel for user space applications. User applications can call the services provided by the operating system kernel through these interfaces.
02—Linux Kernel ModulesLinux kernel modules are custom code snippets that can be loaded into or unloaded from the kernel on demand, allowing the kernel’s capabilities to be extended without rebooting the operating system.Custom code snippets can be added to the Linux kernel in two ways:
The most basic method is to add the code to the kernel source tree and recompile the kernel.
A more efficient way is to add the code while the kernel is running, which is usually referred to as Loadable Kernel Modules (LKM).
2.1—Uses of Kernel ModulesLKM has multiple uses, the most common being:
Device Drivers: Typically designed for specific hardware devices, the kernel can communicate with hardware devices through device drivers without needing to understand the specific workings of the hardware..
File System Drivers: The kernel uses file system drivers to parse the contents of files or directories stored on the disk in different file systems.
System Calls: The existing types of system calls in the kernel can be extended through LKM, or existing system call interfaces can be overridden to provide custom implementations.
2.1—Uses of Kernel ModulesLKM has multiple uses, the most common being:
Device Drivers: Typically designed for specific hardware devices, the kernel can communicate with hardware devices through device drivers without needing to understand the specific workings of the hardware..
File System Drivers: The kernel uses file system drivers to parse the contents of files or directories stored on the disk in different file systems.
System Calls: The existing types of system calls in the kernel can be extended through LKM, or existing system call interfaces can be overridden to provide custom implementations.
2.2—Advantages of Kernel Modules
When adding support for new devices or upgrading old devices in the kernel, there is no need to rebuild the kernel code, saving time and avoiding introducing defects into the kernel code.
LKM is flexible and can be loaded or unloaded with a simple command, and loaded on demand to save memory space.
2.3—LKM vs User Programs
LKM has an independent address space: the former runs in kernel space, while the latter runs in user space.
LKM has higher execution privileges.
LKM code is typically not executed sequentially; it usually registers itself with the kernel to serve future requests.
The header files used by both are different.
2.4—LKM vs Kernel Drivers
LKM is a type of code that can be dynamically inserted into the kernel during kernel operation (insmod or modprobe).
Kernel drivers are codes running in the kernel that interact with hardware devices, where the so-called “driver” makes the hardware device work. Usually, each type of hardware device requires a corresponding kernel driver.
2.5—LKM vs Kernel Hot PatchingKernel hot patching technology refers to dynamically applying patches to the running kernel without restarting the system. These patches are usually used to fix security vulnerabilities, performance issues, or other kernel bugs without interrupting the running system.The main differences between LKM and kernel hot patching are as follows:
Implementation Method: Kernel hot patching modifies the running kernel by dynamically applying patches, while kernel modules extend kernel functionality by loading and unloading loadable code.
Applicable Scenarios: Kernel hot patching is typically used to fix kernel vulnerabilities or performance issues, while kernel modules are used to dynamically extend kernel functionality.
Complexity of Operation: The implementation of kernel hot patching is relatively complex and requires consideration of more factors, while the use of kernel modules is relatively simple.
Impact on the System: Kernel hot patching can avoid system downtime and improve system availability, while loading and unloading kernel modules may consume some system resources.
03—Linux Device DriversDevice drivers are a special type of system software that enables interaction with hardware devices. Without specific device drivers, the corresponding hardware devices cannot function.Device drivers are usually bound to specific operating systems and have hardware dependencies. They act as “translators” between hardware devices and the programs or operating systems that use those hardware devices..3.1—Types of Device Drivers
Character Devices: These read and write data one byte at a time, such as keyboards, mice, and serial printers. These devices generally allow only one user to access them at a time, and are usually used for communication/interactivity purposes.
Block Devices: These read and write data in blocks, such as mechanical hard drives, USBs, and CD-ROMs. These devices generally write data asynchronously and are usually used to store data on physical hardware, and can be mounted to access previously written data.
Network Devices: The Linux network subsystem mainly concerns network devices, which can be used to send and receive network packets. They are usually physical devices, such as Ethernet cards, with the exception of the loopback device, which is a purely software-implemented device used to send data to itself.
