| @@ -1,14 +1,14 @@ | | | @@ -1,14 +1,14 @@ |
| 1 | .\" $NetBSD: module.4,v 1.1 2010/12/12 19:29:01 pgoyette Exp $ | | 1 | .\" $NetBSD: module.4,v 1.2 2010/12/12 22:11:02 wiz Exp $ |
| 2 | .\" | | 2 | .\" |
| 3 | .\" Copyright (c) 1993 Christopher G. Demetriou | | 3 | .\" Copyright (c) 1993 Christopher G. Demetriou |
| 4 | .\" All rights reserved. | | 4 | .\" All rights reserved. |
| 5 | .\" | | 5 | .\" |
| 6 | .\" Redistribution and use in source and binary forms, with or without | | 6 | .\" Redistribution and use in source and binary forms, with or without |
| 7 | .\" modification, are permitted provided that the following conditions | | 7 | .\" modification, are permitted provided that the following conditions |
| 8 | .\" are met: | | 8 | .\" are met: |
| 9 | .\" 1. Redistributions of source code must retain the above copyright | | 9 | .\" 1. Redistributions of source code must retain the above copyright |
| 10 | .\" notice, this list of conditions and the following disclaimer. | | 10 | .\" notice, this list of conditions and the following disclaimer. |
| 11 | .\" 2. Redistributions in binary form must reproduce the above copyright | | 11 | .\" 2. Redistributions in binary form must reproduce the above copyright |
| 12 | .\" notice, this list of conditions and the following disclaimer in the | | 12 | .\" notice, this list of conditions and the following disclaimer in the |
| 13 | .\" documentation and/or other materials provided with the distribution. | | 13 | .\" documentation and/or other materials provided with the distribution. |
| 14 | .\" 3. All advertising materials mentioning features or use of this software | | 14 | .\" 3. All advertising materials mentioning features or use of this software |
| @@ -40,27 +40,27 @@ | | | @@ -40,27 +40,27 @@ |
| 40 | .Nd Kernel Modules interface | | 40 | .Nd Kernel Modules interface |
| 41 | .Sh SYNOPSIS | | 41 | .Sh SYNOPSIS |
| 42 | .Cd "options MODULAR" | | 42 | .Cd "options MODULAR" |
| 43 | .Sh DESCRIPTION | | 43 | .Sh DESCRIPTION |
| 44 | Kernel modules allow the system administrator to | | 44 | Kernel modules allow the system administrator to |
| 45 | dynamically add and remove functionality from a running system. | | 45 | dynamically add and remove functionality from a running system. |
| 46 | This ability also helps software developers to develop | | 46 | This ability also helps software developers to develop |
| 47 | new parts of the kernel without constantly rebooting to | | 47 | new parts of the kernel without constantly rebooting to |
| 48 | test their changes. | | 48 | test their changes. |
| 49 | .Pp | | 49 | .Pp |
| 50 | Additionally, the kernel may automatically load software modules as | | 50 | Additionally, the kernel may automatically load software modules as |
| 51 | needed to perform requested operations. | | 51 | needed to perform requested operations. |
| 52 | For example, an xyzfs module can be loaded automatically when an | | 52 | For example, an xyzfs module can be loaded automatically when an |
| 53 | attempt is made to mount an xyzfs filesystem. | | 53 | attempt is made to mount an xyzfs file system. |
| 54 | Modules can also depend on other modules, and dependant modules are | | 54 | Modules can also depend on other modules, and dependant modules are |
| 55 | automatically loaded. | | 55 | automatically loaded. |
| 56 | When a module is no longer needed, it can be automatically unloaded. | | 56 | When a module is no longer needed, it can be automatically unloaded. |
| 57 | .Pp | | 57 | .Pp |
| 58 | An in-kernel linker resolves symbol references between the module | | 58 | An in-kernel linker resolves symbol references between the module |
| 59 | and the rest of the kernel. | | 59 | and the rest of the kernel. |
| 60 | .Pp | | 60 | .Pp |
| 61 | The | | 61 | The |
| 62 | .Nm | | 62 | .Nm |
| 63 | interface is accessed with the | | 63 | interface is accessed with the |
| 64 | .Xr modctl 2 | | 64 | .Xr modctl 2 |
| 65 | system call. | | 65 | system call. |
| 66 | Normally all operations involving | | 66 | Normally all operations involving |
| @@ -96,27 +96,26 @@ emulation module also be loaded. | | | @@ -96,27 +96,26 @@ emulation module also be loaded. |
| 96 | .Ss Miscellaneous modules | | 96 | .Ss Miscellaneous modules |
| 97 | Miscellaneous modules are modules for which there are not currently | | 97 | Miscellaneous modules are modules for which there are not currently |
| 98 | well-defined or well-used interfaces for extension. | | 98 | well-defined or well-used interfaces for extension. |
| 99 | They are provided for extension, and the user-provided module | | 99 | They are provided for extension, and the user-provided module |
| 100 | initialization routine is expected to install the necessary "hooks" | | 100 | initialization routine is expected to install the necessary "hooks" |
| 101 | into the rest of the operating system. | | 101 | into the rest of the operating system. |
| 102 | An example of a "miscellaneous module" might be a loader for | | 102 | An example of a "miscellaneous module" might be a loader for |
| 103 | card-specific VGA drivers or alternate terminal emulations in | | 103 | card-specific VGA drivers or alternate terminal emulations in |
| 104 | an appropriately layered console driver. | | 104 | an appropriately layered console driver. |
| 105 | .Ss Security-Model modules | | 105 | .Ss Security-Model modules |
| 106 | Alternate system security models may loaded using the | | 106 | Alternate system security models may loaded using the |
| 107 | .Nm | | 107 | .Nm |
| 108 | facility. | | 108 | facility. |
| 109 | .Pp | | | |
| 110 | .Sh NOTES | | 109 | .Sh NOTES |
| 111 | .Ss Security considerations | | 110 | .Ss Security considerations |
| 112 | Kernel modules can do anything with kernel structures. | | 111 | Kernel modules can do anything with kernel structures. |
| 113 | There is no memory protection between modules and the rest of the kernel. | | 112 | There is no memory protection between modules and the rest of the kernel. |
| 114 | Hence, a potential attacker with access to the | | 113 | Hence, a potential attacker with access to the |
| 115 | .Xr modctl 2 | | 114 | .Xr modctl 2 |
| 116 | system call can acquire complete and total control over the system. | | 115 | system call can acquire complete and total control over the system. |
| 117 | .Pp | | 116 | .Pp |
| 118 | To avoid associated security risks, new modules can only be loaded when | | 117 | To avoid associated security risks, new modules can only be loaded when |
| 119 | .Pa securelevel | | 118 | .Pa securelevel |
| 120 | is less than or equal to zero, or if the kernel was built with | | 119 | is less than or equal to zero, or if the kernel was built with |
| 121 | .Cd options INSECURE . | | 120 | .Cd options INSECURE . |
| 122 | .Ss Module might crash system | | 121 | .Ss Module might crash system |
| @@ -125,42 +124,42 @@ system. | | | @@ -125,42 +124,42 @@ system. |
| 125 | Since the module becomes part of kernel, a code error is much more | | 124 | Since the module becomes part of kernel, a code error is much more |
| 126 | fatal than for userland programs. | | 125 | fatal than for userland programs. |
| 127 | .Ss Modules need to be updated when the kernel is updated | | 126 | .Ss Modules need to be updated when the kernel is updated |
| 128 | Kernel modules are built to operate only with a specific version of the | | 127 | Kernel modules are built to operate only with a specific version of the |
| 129 | Operating System kernel. | | 128 | Operating System kernel. |
| 130 | When you update the kernel to a new version, you should also update the | | 129 | When you update the kernel to a new version, you should also update the |
| 131 | contents of the | | 130 | contents of the |
| 132 | .Pa /stand/${ARCH}/${VERSION}/modules/ | | 131 | .Pa /stand/${ARCH}/${VERSION}/modules/ |
| 133 | directory with all required modules. | | 132 | directory with all required modules. |
| 134 | (This location has been the subject of much discussion, and may change | | 133 | (This location has been the subject of much discussion, and may change |
| 135 | in future versions of the | | 134 | in future versions of the |
| 136 | .Nx | | 135 | .Nx |
| 137 | operating system.) | | 136 | operating system.) |
| 138 | .Ss Missing filesystem modules may prevent the system from booting | | 137 | .Ss Missing file system modules may prevent the system from booting |
| 139 | If you attempt to boot the operating system from a filesystem for | | 138 | If you attempt to boot the operating system from a file system for |
| 140 | which the module is not built into the kernel, the boot may fail | | 139 | which the module is not built into the kernel, the boot may fail |
| 141 | with the message | | 140 | with the message |
| 142 | .Dq "Cannot mount root, error 79" . | | 141 | .Dq "Cannot mount root, error 79" . |
| 143 | On certain architectures (currently, i386 and amd64), you may be able to | | 142 | On certain architectures (currently, i386 and amd64), you may be able to |
| 144 | recover from this error by using the | | 143 | recover from this error by using the |
| 145 | .Dq "load xxxfs" | | 144 | .Dq "load xxxfs" |
| 146 | command before trying to boot. | | 145 | command before trying to boot. |
| 147 | This command is only available on newer bootloaders. | | 146 | This command is only available on newer bootloaders. |
| 148 | .Pp | | 147 | .Pp |
| 149 | Since the absence of required modules, or the inability of the bootloader | | 148 | Since the absence of required modules, or the inability of the bootloader |
| 150 | to load the modules, is a common reason for a | | 149 | to load the modules, is a common reason for a |
| 151 | .Dv MODULAR | | 150 | .Dv MODULAR |
| 152 | kernel's failure to boot, you might want to maintain a non-MODULAR | | 151 | kernel's failure to boot, you might want to maintain a non-MODULAR |
| 153 | kernel in the root filesystem for recovery purposes. | | 152 | kernel in the root file system for recovery purposes. |
| 154 | .Sh SEE ALSO | | 153 | .Sh SEE ALSO |
| 155 | .Xr modctl 2 , | | 154 | .Xr modctl 2 , |
| 156 | .Xr modload 8 , | | 155 | .Xr modload 8 , |
| 157 | .Xr modstat 8 , | | 156 | .Xr modstat 8 , |
| 158 | .Xr modunload 8 , | | 157 | .Xr modunload 8 , |
| 159 | .Xr module 9 | | 158 | .Xr module 9 |
| 160 | .Sh HISTORY | | 159 | .Sh HISTORY |
| 161 | The | | 160 | The |
| 162 | .Nm | | 161 | .Nm |
| 163 | facility was designed to be similar in functionality | | 162 | facility was designed to be similar in functionality |
| 164 | to the loadable kernel modules facility provided by | | 163 | to the loadable kernel modules facility provided by |
| 165 | .Tn "SunOS 4.1.3" . | | 164 | .Tn "SunOS 4.1.3" . |
| 166 | The current | | 165 | The current |