4.3.2 Kernel modules

Understanding Kernel Modules

A kernel module is a piece of code that can be loaded into (and unloaded from) the running Linux kernel at runtime, without rebooting and without recompiling the whole kernel.

Typical examples of functionality provided as modules:

Device drivers (network cards, GPUs, sound cards, USB controllers)
Filesystem drivers (e.g., vfat, xfs, btrfs on some distros)
Network protocols and packet filters (e.g., nf_tables, ip_tables)
Hardware monitoring and sensors
Cryptographic algorithms

Modules allow you to:

Keep the core kernel smaller.
Load support for hardware only when present.
Replace or update specific parts of kernel functionality more easily.

In this chapter you will learn how to inspect, load, unload, configure and persist kernel modules on a running system.

Listing and Inspecting Loaded Modules

Viewing all loaded modules with `lsmod`

lsmod shows you which modules are currently loaded:

lsmod

Sample output:

Module                  Size  Used by
iwlwifi               335872  1 iwlmvm
iwlmvm                458752  0
uvcvideo              102400  0
snd_hda_intel          49152  4

Key columns:

Module: Module name (used when loading/unloading).
Size: Size of the module in bytes.
Used by: How many references exist to this module and which other modules depend on it.

If a module is “in use”, unloading it will usually fail until users or dependent modules are stopped or removed.

Detailed information with `modinfo`

Use modinfo to inspect information about a specific module:

modinfo iwlwifi

Typical fields:

filename: Path of the module file, usually under /lib/modules/$(uname -r)/…
version: Module version (may differ from kernel version)
license: License string (must be compatible with the kernel to avoid taint)
description: Short explanation of what the module does
author: Author/maintainer
alias: Hardware aliases, used for automatic loading via udev
depends: Other modules that must be loaded first
parm: Module parameters that can be set at load time, e.g.:

  parm: debug:Enable debug output (bool)
  parm: tx_power:Default TX power (int)

This is how you discover tunable knobs for a module.

Loading and Unloading Modules

Loading modules with `modprobe`

modprobe is the standard tool for loading modules. It understands dependencies and configuration files.

Basic usage:

sudo modprobe MODULE_NAME

Examples:

Load the vfat filesystem module:

  sudo modprobe vfat

Load a network driver:

  sudo modprobe e1000e

modprobe will:

Read module dependency information (modules.dep) under /lib/modules/$(uname -r)/.
Load required dependency modules first.
Apply module options from configuration files in /etc/modprobe.d/ (explained later).

You can test without making persistent changes; a reboot will remove non-built-in modules unless configured to load automatically.

`insmod` vs `modprobe`

insmod is a low-level tool that inserts a single module file:

sudo insmod ./mymodule.ko

Limitations:

Requires a full path to the .ko file.
Does NOT resolve dependencies.
Ignores configuration files.

This is mainly useful for debugging or testing your own freshly built module. For normal administration, always prefer modprobe.

Removing modules with `modprobe -r` and `rmmod`

To unload a module:

sudo modprobe -r MODULE_NAME

or:

sudo rmmod MODULE_NAME

modprobe -r is safer:

It will try to remove dependent modules that are no longer needed.
It respects configuration like aliases.

Unloading can fail with errors like:

Module in use: Some process, device, or another module is still using it.

Stop services, unmount filesystems, or detach devices first.

Operation not permitted: You need root privileges, or the module is flagged as non-removable.

You can check usage with:

lsmod | grep MODULE_NAME

The second column (Used by) should be 0 before unloading.

Kernel Module Files and Locations

Modules are stored under:

/lib/modules/$(uname -r)/

Useful subdirectories:

kernel/drivers/ – Device drivers (block, net, gpu, etc.)
kernel/fs/ – Filesystem modules
kernel/net/ – Networking protocols
kernel/crypto/ – Cryptographic algorithms

You normally don’t manipulate these files directly. Package management and depmod manage them for you.

You can search for a module file with:

modinfo -n MODULE_NAME

or:

find /lib/modules/$(uname -r) -name 'e1000e*.ko*'

depmod (usually run automatically on kernel or module package updates) generates dependency metadata like:

modules.dep: which modules depend on which others
modules.alias: alias -> real module mappings

modprobe relies on these.

Module Parameters

Modules often expose parameters to tune their behavior. These can be set:

At load time (modprobe MODULE param=value)
Persistently via /etc/modprobe.d/
For built-in modules, via kernel command line (covered elsewhere in the kernel parameters chapter)

Discovering available parameters

Use modinfo and look for parm: lines:

modinfo snd_hda_intel | grep ^parm

Example output:

parm:   power_save:Automatic power-saving timeout (in seconds) (int)
parm:   enable_msi:Enable Message Signaled Interrupts (int)

Each parameter has a name, description, and type (e.g. int, bool).

Setting parameters at load time

You can set parameters when loading:

sudo modprobe snd_hda_intel power_save=10 enable_msi=1

This is temporary; once you unload/reload or reboot, settings are lost unless you make them persistent.

Persistent Module Configuration (`/etc/modprobe.d`)

To keep settings across reboots, use configuration files for modprobe.

Files in:

/etc/modprobe.d/*.conf

influence loading behavior. Common types of lines:

options – Set module parameters
blacklist – Prevent auto-loading of a module
alias – Rename or map an alias to a module
install/remove – Override what happens on load/unload

Setting persistent options

Create a configuration file, e.g.:

sudo nano /etc/modprobe.d/snd_hda_intel.conf

Add:

options snd_hda_intel power_save=10 enable_msi=1

Then either:

Reboot, or
Reload the module:

  sudo modprobe -r snd_hda_intel
  sudo modprobe snd_hda_intel

Check current behavior (for modules that expose state) under /sys/module/MODULE_NAME/parameters/:

cat /sys/module/snd_hda_intel/parameters/power_save

For many modules you can change parameters by writing to these files at runtime:

echo 20 | sudo tee /sys/module/snd_hda_intel/parameters/power_save

This changes the setting until reboot; the config file handles persistence.

Blacklisting Modules

Sometimes you want to prevent a module from being loaded automatically:

It interferes with another driver.
You are replacing it with an out-of-tree module.
You want to disable specific hardware functionality.

Basic blacklisting

Create a file like:

sudo nano /etc/modprobe.d/blacklist.conf

Add:

blacklist nouveau

This marks the nouveau module (open-source NVIDIA driver) as blacklisted.

Notes:

Blacklisting prevents autoloading via aliases and udev.
It does not prevent manual loading via insmod or modprobe by name.

To be sure it’s not loaded early in boot, you might also need to:

Regenerate the initramfs if the module is included there (distro-specific tools like update-initramfs, dracut, or mkinitcpio).
Pass additional kernel command-line parameters for some problematic modules (described in the kernel parameters / boot process chapters).

Replacing a module with another

When using a proprietary driver in place of a default one (e.g., GPU or Wi-Fi), common steps are:

Blacklist the built-in/open-source driver.
Install the new module via your package manager or vendor script.
Regenerate initramfs if needed.
Reboot.

The exact procedure depends on your distribution and driver source.

Module Autoloading

Modules are usually loaded automatically when needed, driven by:

Hardware detection (via udev)
Filesystem or protocol usage
Kernel requests for specific features

Mechanism outline:

Hardware presents an ID (PCI ID, USB ID, etc.).
udev matches that ID against modules.alias under /lib/modules/$(uname -r)/.
It finds a matching module (e.g., pci:v00008086d00001059* -> e1000e).
modprobe is invoked to load the module.

This explains why drivers “just appear” when you plug in a device or boot with new hardware.

You normally don’t need to configure autoloading explicitly, but if something doesn’t load:

Check lsmod to confirm.
Inspect dmesg or journalctl -k for driver errors.
Use modprobe manually to test loading.
Verify the hardware ID mapping:

  lspci -nn
  lsusb

and search aliases:

  grep -i 8086 /lib/modules/$(uname -r)/modules.alias

Security and Stability Considerations

Kernel modules run in kernel space; bugs or malicious behavior can compromise the entire system.

Key points:

Only load modules from trusted sources.
Avoid random third-party .ko files from the internet.
Prefer distribution-packaged modules where possible.
Keep modules and kernel versions in sync (out-of-tree modules may break after kernel updates).
Some kernels support module signing, allowing only signed modules to be loaded (controlled by kernel configuration and secure boot settings).

The kernel tracks certain conditions as “taints” when modules are loaded, such as:

Proprietary (non-GPL-compatible) modules
Forcibly loaded modules
Modules causing certain types of errors

You can see taint status (among other info) via:

cat /proc/sys/kernel/tainted

The bitmask interpretation is usually documented in Documentation/admin-guide/tainted-kernels.rst in the kernel source or online.

Working with Out-of-Tree and Custom Modules (Admin View)

The development process for creating modules is covered in other material; here we’ll focus on the administrator’s perspective when dealing with non-standard modules.

Common scenarios:

Vendor-supplied drivers (e.g., for RAID controllers, network cards, or GPUs).
Locally built modules using a framework such as DKMS (Dynamic Kernel Module Support).

DKMS-managed modules

DKMS automates rebuilding modules when the kernel is updated.

Typical workflow:

Install DKMS and the module source package from your distribution or vendor.
DKMS registers the module and builds it for your current kernel.
When you upgrade the kernel, DKMS automatically rebuilds the module for the new kernel version.
Module files are placed under /lib/modules/$(uname -r)/extra/ or similar.

As an admin you should:

Check DKMS status after kernel upgrades:

  sudo dkms status

Confirm that the desired module is loaded with lsmod.
Monitor for build errors (usually logged in /var/lib/dkms/ or system logs).

Version compatibility

A module must be built against headers for the exact kernel version it runs on:

The toolchain uses headers in /lib/modules/$(uname -r)/build/.
Mismatched versions typically cause load failures with messages like “Invalid module format”.

You can see the compiled-for version via:

modinfo -F vermagic MODULE_NAME

If your kernel version (uname -r) and vermagic don’t match sufficiently, rebuild or reinstall the module.

Troubleshooting Kernel Modules

Common issues and approaches:

Module fails to load

Run:

sudo modprobe MODULE_NAME
dmesg | tail

or:

journalctl -k -b | tail

Typical error messages:

Unknown symbol: Missing dependency or wrong kernel version.
Invalid module format: Compiled for a different kernel; rebuild.
Module signature verification failed: Signature enforcement is on (e.g., Secure Boot), and module is unsigned or improperly signed.

Device not working despite module loaded

Steps:

Confirm module is present:

   lsmod | grep MODULE_NAME

Check dmesg/journalctl -k for initialization errors.
Verify device node appears under /dev (if relevant).
Inspect parameters in /sys/module/MODULE_NAME/parameters/ and adjust via modprobe options or /etc/modprobe.d/.
Look for conflicting modules:

Use lsmod to spot multiple drivers for similar hardware.
Blacklist the wrong one if needed.

Preventing unwanted autoload

If a problematic module keeps loading:

Identify it with lsmod and dmesg.
Add a blacklist MODULE_NAME line to a file in /etc/modprobe.d/.
Regenerate initramfs if necessary.
Reboot and verify it’s no longer loaded.

Summary

Kernel modules extend the running kernel with additional functionality such as drivers and filesystems.
lsmod, modinfo, modprobe, and /etc/modprobe.d/ are the core tools and locations for managing modules.
Parameters can be set at load time or persistently via options in .conf files.
blacklist entries prevent automatic loading of undesired modules.
Autoloading is driven by hardware IDs and aliases managed under /lib/modules/$(uname -r)/.
Out-of-tree and vendor modules require attention to kernel version compatibility and, often, DKMS or similar tools.
Logs (dmesg, journalctl -k) are your primary source for diagnosing module-related problems.

Comments

Please login to add a comment.

Don't have an account? Register now!