| @@ -1,14 +1,14 @@ | | | @@ -1,14 +1,14 @@ |
1 | .\" $NetBSD: module.4,v 1.1 2010/12/12 19:29:01 pgoyette Exp $ | | 1 | .\" $NetBSD: module.4,v 1.2 2010/12/12 22:11:02 wiz Exp $ |
2 | .\" | | 2 | .\" |
3 | .\" Copyright (c) 1993 Christopher G. Demetriou | | 3 | .\" Copyright (c) 1993 Christopher G. Demetriou |
4 | .\" All rights reserved. | | 4 | .\" All rights reserved. |
5 | .\" | | 5 | .\" |
6 | .\" Redistribution and use in source and binary forms, with or without | | 6 | .\" Redistribution and use in source and binary forms, with or without |
7 | .\" modification, are permitted provided that the following conditions | | 7 | .\" modification, are permitted provided that the following conditions |
8 | .\" are met: | | 8 | .\" are met: |
9 | .\" 1. Redistributions of source code must retain the above copyright | | 9 | .\" 1. Redistributions of source code must retain the above copyright |
10 | .\" notice, this list of conditions and the following disclaimer. | | 10 | .\" notice, this list of conditions and the following disclaimer. |
11 | .\" 2. Redistributions in binary form must reproduce the above copyright | | 11 | .\" 2. Redistributions in binary form must reproduce the above copyright |
12 | .\" notice, this list of conditions and the following disclaimer in the | | 12 | .\" notice, this list of conditions and the following disclaimer in the |
13 | .\" documentation and/or other materials provided with the distribution. | | 13 | .\" documentation and/or other materials provided with the distribution. |
14 | .\" 3. All advertising materials mentioning features or use of this software | | 14 | .\" 3. All advertising materials mentioning features or use of this software |
| @@ -40,27 +40,27 @@ | | | @@ -40,27 +40,27 @@ |
40 | .Nd Kernel Modules interface | | 40 | .Nd Kernel Modules interface |
41 | .Sh SYNOPSIS | | 41 | .Sh SYNOPSIS |
42 | .Cd "options MODULAR" | | 42 | .Cd "options MODULAR" |
43 | .Sh DESCRIPTION | | 43 | .Sh DESCRIPTION |
44 | Kernel modules allow the system administrator to | | 44 | Kernel modules allow the system administrator to |
45 | dynamically add and remove functionality from a running system. | | 45 | dynamically add and remove functionality from a running system. |
46 | This ability also helps software developers to develop | | 46 | This ability also helps software developers to develop |
47 | new parts of the kernel without constantly rebooting to | | 47 | new parts of the kernel without constantly rebooting to |
48 | test their changes. | | 48 | test their changes. |
49 | .Pp | | 49 | .Pp |
50 | Additionally, the kernel may automatically load software modules as | | 50 | Additionally, the kernel may automatically load software modules as |
51 | needed to perform requested operations. | | 51 | needed to perform requested operations. |
52 | For example, an xyzfs module can be loaded automatically when an | | 52 | For example, an xyzfs module can be loaded automatically when an |
53 | attempt is made to mount an xyzfs filesystem. | | 53 | attempt is made to mount an xyzfs file system. |
54 | Modules can also depend on other modules, and dependant modules are | | 54 | Modules can also depend on other modules, and dependant modules are |
55 | automatically loaded. | | 55 | automatically loaded. |
56 | When a module is no longer needed, it can be automatically unloaded. | | 56 | When a module is no longer needed, it can be automatically unloaded. |
57 | .Pp | | 57 | .Pp |
58 | An in-kernel linker resolves symbol references between the module | | 58 | An in-kernel linker resolves symbol references between the module |
59 | and the rest of the kernel. | | 59 | and the rest of the kernel. |
60 | .Pp | | 60 | .Pp |
61 | The | | 61 | The |
62 | .Nm | | 62 | .Nm |
63 | interface is accessed with the | | 63 | interface is accessed with the |
64 | .Xr modctl 2 | | 64 | .Xr modctl 2 |
65 | system call. | | 65 | system call. |
66 | Normally all operations involving | | 66 | Normally all operations involving |
| @@ -96,27 +96,26 @@ emulation module also be loaded. | | | @@ -96,27 +96,26 @@ emulation module also be loaded. |
96 | .Ss Miscellaneous modules | | 96 | .Ss Miscellaneous modules |
97 | Miscellaneous modules are modules for which there are not currently | | 97 | Miscellaneous modules are modules for which there are not currently |
98 | well-defined or well-used interfaces for extension. | | 98 | well-defined or well-used interfaces for extension. |
99 | They are provided for extension, and the user-provided module | | 99 | They are provided for extension, and the user-provided module |
100 | initialization routine is expected to install the necessary "hooks" | | 100 | initialization routine is expected to install the necessary "hooks" |
101 | into the rest of the operating system. | | 101 | into the rest of the operating system. |
102 | An example of a "miscellaneous module" might be a loader for | | 102 | An example of a "miscellaneous module" might be a loader for |
103 | card-specific VGA drivers or alternate terminal emulations in | | 103 | card-specific VGA drivers or alternate terminal emulations in |
104 | an appropriately layered console driver. | | 104 | an appropriately layered console driver. |
105 | .Ss Security-Model modules | | 105 | .Ss Security-Model modules |
106 | Alternate system security models may loaded using the | | 106 | Alternate system security models may loaded using the |
107 | .Nm | | 107 | .Nm |
108 | facility. | | 108 | facility. |
109 | .Pp | | | |
110 | .Sh NOTES | | 109 | .Sh NOTES |
111 | .Ss Security considerations | | 110 | .Ss Security considerations |
112 | Kernel modules can do anything with kernel structures. | | 111 | Kernel modules can do anything with kernel structures. |
113 | There is no memory protection between modules and the rest of the kernel. | | 112 | There is no memory protection between modules and the rest of the kernel. |
114 | Hence, a potential attacker with access to the | | 113 | Hence, a potential attacker with access to the |
115 | .Xr modctl 2 | | 114 | .Xr modctl 2 |
116 | system call can acquire complete and total control over the system. | | 115 | system call can acquire complete and total control over the system. |
117 | .Pp | | 116 | .Pp |
118 | To avoid associated security risks, new modules can only be loaded when | | 117 | To avoid associated security risks, new modules can only be loaded when |
119 | .Pa securelevel | | 118 | .Pa securelevel |
120 | is less than or equal to zero, or if the kernel was built with | | 119 | is less than or equal to zero, or if the kernel was built with |
121 | .Cd options INSECURE . | | 120 | .Cd options INSECURE . |
122 | .Ss Module might crash system | | 121 | .Ss Module might crash system |
| @@ -125,42 +124,42 @@ system. | | | @@ -125,42 +124,42 @@ system. |
125 | Since the module becomes part of kernel, a code error is much more | | 124 | Since the module becomes part of kernel, a code error is much more |
126 | fatal than for userland programs. | | 125 | fatal than for userland programs. |
127 | .Ss Modules need to be updated when the kernel is updated | | 126 | .Ss Modules need to be updated when the kernel is updated |
128 | Kernel modules are built to operate only with a specific version of the | | 127 | Kernel modules are built to operate only with a specific version of the |
129 | Operating System kernel. | | 128 | Operating System kernel. |
130 | When you update the kernel to a new version, you should also update the | | 129 | When you update the kernel to a new version, you should also update the |
131 | contents of the | | 130 | contents of the |
132 | .Pa /stand/${ARCH}/${VERSION}/modules/ | | 131 | .Pa /stand/${ARCH}/${VERSION}/modules/ |
133 | directory with all required modules. | | 132 | directory with all required modules. |
134 | (This location has been the subject of much discussion, and may change | | 133 | (This location has been the subject of much discussion, and may change |
135 | in future versions of the | | 134 | in future versions of the |
136 | .Nx | | 135 | .Nx |
137 | operating system.) | | 136 | operating system.) |
138 | .Ss Missing filesystem modules may prevent the system from booting | | 137 | .Ss Missing file system modules may prevent the system from booting |
139 | If you attempt to boot the operating system from a filesystem for | | 138 | If you attempt to boot the operating system from a file system for |
140 | which the module is not built into the kernel, the boot may fail | | 139 | which the module is not built into the kernel, the boot may fail |
141 | with the message | | 140 | with the message |
142 | .Dq "Cannot mount root, error 79" . | | 141 | .Dq "Cannot mount root, error 79" . |
143 | On certain architectures (currently, i386 and amd64), you may be able to | | 142 | On certain architectures (currently, i386 and amd64), you may be able to |
144 | recover from this error by using the | | 143 | recover from this error by using the |
145 | .Dq "load xxxfs" | | 144 | .Dq "load xxxfs" |
146 | command before trying to boot. | | 145 | command before trying to boot. |
147 | This command is only available on newer bootloaders. | | 146 | This command is only available on newer bootloaders. |
148 | .Pp | | 147 | .Pp |
149 | Since the absence of required modules, or the inability of the bootloader | | 148 | Since the absence of required modules, or the inability of the bootloader |
150 | to load the modules, is a common reason for a | | 149 | to load the modules, is a common reason for a |
151 | .Dv MODULAR | | 150 | .Dv MODULAR |
152 | kernel's failure to boot, you might want to maintain a non-MODULAR | | 151 | kernel's failure to boot, you might want to maintain a non-MODULAR |
153 | kernel in the root filesystem for recovery purposes. | | 152 | kernel in the root file system for recovery purposes. |
154 | .Sh SEE ALSO | | 153 | .Sh SEE ALSO |
155 | .Xr modctl 2 , | | 154 | .Xr modctl 2 , |
156 | .Xr modload 8 , | | 155 | .Xr modload 8 , |
157 | .Xr modstat 8 , | | 156 | .Xr modstat 8 , |
158 | .Xr modunload 8 , | | 157 | .Xr modunload 8 , |
159 | .Xr module 9 | | 158 | .Xr module 9 |
160 | .Sh HISTORY | | 159 | .Sh HISTORY |
161 | The | | 160 | The |
162 | .Nm | | 161 | .Nm |
163 | facility was designed to be similar in functionality | | 162 | facility was designed to be similar in functionality |
164 | to the loadable kernel modules facility provided by | | 163 | to the loadable kernel modules facility provided by |
165 | .Tn "SunOS 4.1.3" . | | 164 | .Tn "SunOS 4.1.3" . |
166 | The current | | 165 | The current |