Re: A question about kernel modules
> > http://packetstorm.decepticons.org/papers/unix/bsdkern.htm Btw, the article about "(nearly) Complete Linux Loadable Kernel Modules", which is often being referred to by the BSD Kernel article can be found at http://blacksun.box.sk/lkm.html. (the URL given in the BSD article is no longer valid). signature.asc Description: Digital signature
Re: A question about kernel modules
Matthias Buelow wrote: Bill Moran writes: First would be historical. BSD is historically a monolithic kernel. The more you rely on modules, the more the kernel acts like a microkernel. I suspect The kernel will still not be a microkernel.. it doesn't really matter at what time the stuff is linked; a microkernel generally uses message passing between mostly independent server processes, which is not what the BSD kernel does. I made two seperate comments here, and you stretched them into something I didn't mean. Comment 1: KLDs are more microkernlish than compiled-in modules Comment 2: Looking into my crystal ball, I think that one day the FreeBSD kernel will be a microkernel. This doesn't mean that I think making things into KLDs makes the kernel a microkernel. I understand that there are other characteristics of microkernels that are seperate from the simple idea of loadable kernel modules. All I'm saying is that KLDs are a move away from the traditional compiled-in monolithic kernel. That move is in the direction of microkernel. It's a long ways away yet, but it's pointing that direction. Whether comment #2 ever becomes reality or not remains to be seen. Besides, Windows claims to be a microkernel and it doesn't act like one at all ... hell, any change you make requires a reboot. And they get away with calling it a microkernel. -- Bill Moran Potential Technologies http://www.potentialtech.com To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: A question about kernel modules
On Friday 07 March 2003 06:18 pm, Simon Barner wrote: > > So optimal security would be have every > > needed component compiled in, and turn off the ability to load any > > modules. I have no idea if this can be done or how in FreeBSD. > > This is what securelevel(8) is about: ahh yes, that seems pretty obvious in retrospect. :) Thanks. Another example of my incredible ability to understand the conceptual side of info sec., and not be able to implement much of it. oh well, it helps when you have nothing terribly important to protect! :) > > http://packetstorm.decepticons.org/papers/unix/bsdkern.htm > > Ah, interesting one! Thanks :-) np Tim To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: A question about kernel modules
Bill Moran writes: >First would be historical. BSD is historically a monolithic kernel. The >more >you rely on modules, the more the kernel acts like a microkernel. I suspect The kernel will still not be a microkernel.. it doesn't really matter at what time the stuff is linked; a microkernel generally uses message passing between mostly independent server processes, which is not what the BSD kernel does. -- Matthias Buelow To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: A question about kernel modules
On 2003-03-07 15:06, Bill Moran <[EMAIL PROTECTED]> wrote: >Damien Tougas wrote: >>Is there any advantage/disadvantage to using kernel moduls >>vs. staticly linking stuff in the kernel? I would like to eliminate >>everything from my kernel config that can be loaded as a module, >>then load them at boot using loader.conf. Is there any reason I >>would not want to do that? It seems to me that it would make things >>much easier. > > I would guess there are a number of reasons ... First would be > historical. BSD is historically a monolithic kernel. The more you > rely on modules, the more the kernel acts like a microkernel. I > suspect that some day, FreeBSD will be a microkernel, but I don't > expect that to be for many, many releases. The change involves a > lot. For now, though, FreeBSD is still a monolithic kernel, and > people treat it that way even when need does not require it. The > other reason I've heard is that KLDs don't run as fast and use more > memory than the same functionality compiled into the kernel. I've > never tested this, but I'm guessing that the difference is > negligible on modern hardware. > >> Why does FreeBSD not do this by default for the GENERIC kernel? > > Not sure. The GENERIC kernel needs to support release CD-ROMs. Looking at the logs of GENERIC since day 1, it sems that there are various reasons for putting things "in" GENERIC and not in modules. a) Some things are put into GENERIC because it's hard to make them work as modules. INET, device ether, etc. b) Other things are absolutely necessary to be able to boot into the installation program. FFS support, MD_ROOT, NFSCLIENT and NFS_ROOT, atapi, scsi and usb device drivers (imagine the frustration of trying to install with a USB keyboard, but without USB support). If I'm wrong, I'm sure someone with better knowledge of the kernel internals will correct me[?]. Bearing this in mind, in 5.X there is now a third floppy disk when installing from floppies. The 'drivers' floppy contains a lot of drivers as modules... so, some effort is being done to modularise things as much as possible :-) - Giorgos To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: A question about kernel modules
> So optimal security would be have every > needed component compiled in, and turn off the ability to load any modules. > I have no idea if this can be done or how in FreeBSD. This is what securelevel(8) is about: [...] 1 Secure mode - the system immutable and system append-only flags may not be turned off; disks for mounted file systems, /dev/mem, and /dev/kmem may not be opened for writing; kernel modules (see kld(4)) may not be loaded or unloaded. [...] > http://packetstorm.decepticons.org/papers/unix/bsdkern.htm Ah, interesting one! Thanks :-) Simon signature.asc Description: Digital signature
Re: A question about kernel modules
On Friday 07 March 2003 11:55 am, Damien Tougas wrote: > Is there any advantage/disadvantage to using kernel moduls vs. staticly > linking stuff in the kernel? I would like to eliminate everything from my > kernel config that can be loaded as a module, then load them at boot using > loader.conf. Should be possible for a lot of things. Though it seems many need to stay in the kernel, as it is currently written. kld(4) and the pages it refers to should be at least somewhat instructive in figuring out what all can be put in a module. Try reading the developers handbook, it has some of what you're looking for. > Is there any reason I would not want to do that? It seems to > me that it would make things much easier. > > Why does FreeBSD not do this by default for the GENERIC kernel? Only things I can think of as to why most things are compiled in are 1) the costs of running a module, instead of compiled in. I don't know how to quantify those. And I didn't see anything in the developer's handbook to answer that. Maybe checking there more carefully would yield some answers. 2) security. In theory for max security you should minimize the interfaces to the kernel. Any loadable module could be a trojan, packet filter, or compromise security in another way. So optimal security would be have every needed component compiled in, and turn off the ability to load any modules. I have no idea if this can be done or how in FreeBSD. kld manpage didn't seem to say anything about this. Keep in mind this is extreme security which isn't terribly important till you get the practical stuff taken care of first. Here is the (in)famous article on it: http://packetstorm.decepticons.org/papers/unix/bsdkern.htm You may want to check the -hackers mailing list archives, as this has been discussed there. If this is really important for you to figure out, after reading the archives, ask there. Tim To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: A question about kernel modules
Damien Tougas wrote: Is there any advantage/disadvantage to using kernel moduls vs. staticly linking stuff in the kernel? I would like to eliminate everything from my kernel config that can be loaded as a module, then load them at boot using loader.conf. Is there any reason I would not want to do that? It seems to me that it would make things much easier. I would guess there are a number of reasons ... First would be historical. BSD is historically a monolithic kernel. The more you rely on modules, the more the kernel acts like a microkernel. I suspect that some day, FreeBSD will be a microkernel, but I don't expect that to be for many, many releases. The change involves a lot. For now, though, FreeBSD is still a monolithic kernel, and people treat it that way even when need does not require it. The other reason I've heard is that KLDs don't run as fast and use more memory than the same functionality compiled into the kernel. I've never tested this, but I'm guessing that the difference is negligible on modern hardware. Why does FreeBSD not do this by default for the GENERIC kernel? Not sure. -- Bill Moran Potential Technologies http://www.potentialtech.com To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
A question about kernel modules
Is there any advantage/disadvantage to using kernel moduls vs. staticly linking stuff in the kernel? I would like to eliminate everything from my kernel config that can be loaded as a module, then load them at boot using loader.conf. Is there any reason I would not want to do that? It seems to me that it would make things much easier. Why does FreeBSD not do this by default for the GENERIC kernel? Thanks. -- Damien Tougas To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message