OS: Pengertian Kernel Modul

Sumber: http://en.wikipedia.org/wiki/Kernel_module

Dalam dunia komputasi, Loadable Kernel Module (atauLKM) adalah sebuah object file yang berisi code yang memperluas fungsi kernel yang berjalan, atau biasa disebut base kernel, dari sebuah sistem operasi. LKM biasanya digunakan untuk dukungan bagi hardware baru atau filesystem baru, atau menambahkan system call. Saat fungsi yang diberikan oleh LKM tidak lagi dibutuhkan, kita dapat meng-unload LKM tersebut untuk membebaskan memory maupun sumber daya lainnya.

Sebagian besar sistem Unix-like yang baru dan Microsoft Windows mendukung loadable kernel modules, meskipun mereka akan menggunakan nama lain, seperti kernel loadable module (kld) di FreeBSD, kernel extension (kext) di OS X dan kernel-mode driver di Windows NT. Dia juga sering dikenali sebagai Kernel Loadable Module (atau KLM), atau hanya Kernel Module (KMOD).

Keuntungan

Tanpa loadable kernel module, sebuah sistem operasi harus memasukan semua fungsi yang mungkin nantinya akan digunakan ke dalam base kernel. Sebagian besar fungsi tersebut akan mengambil memory tanpa kita gunakan untuk apa-apa. Dengan kata lain, memboroskan memory, dan membutuhkan user membuat ulang dan reboot base kernel setiap kali user membutuhkan fungsi baru. Kebanyakan sistem operasi mendukung loadable kernel module akan memasukan modul untuk mendukung fungsi yang paling di butuhkannya.

Kerugian

Sedikit kritik bagi mereka yang lebih suka pada kernel yang modular daripada kernel statik adalah Fragmentation Penalty. base kernel selalu masuk ke dalam memory (RAM) tanpa putus / contiguous oleh routine setup-nya; oleh karena-nya base kernel tidak pernah terfragmentasi / terputus. Saat sistem mengijinkan bahwa modul dapat di masukan / di insert, sangat mungkin bahwa kernel code yang di insert / di masukan akan menyebabkan kernel menjadi fragmented / terputus, ini kemungkinan akan menyebabkan pengorbanan / penalty performance.

Implementasi di berbagai sistem operasi

Linux

Loadable kernel module di Linux di load (dan di unload) menggunakan perintah modprobe. Sejak versi 2.6, kernel modul berlokasi di /lib/modules dan mempunyai extension .ko ("kernel object"), versi sebelumnya menggunakan extension .o). Perintah lsmod memperlihatkan kernel modul yang di load ke memory. Pada saat emergency, saat sistem gagal di booting karena, misalnya, modul rusak, modul tertentu dapat di enable atau disable dengan cara memodifikasi daftar parameter boot kernel (contoh, jika menggunakan GRUB, dengan menekan 'e' di GRUB start menu, kemudian mengedit kalimat kernel parameter).

License issues

In the opinion of Linux maintainers, LKM are derived works of the kernel. The Linux maintainers tolerate the distribution of proprietary modules,Template:Citation needed but allow symbols to be marked as only available to GNU General Public License (GPL) modules.

Loading a proprietary or non-GPL-compatible LKM will set a 'taint' flag in the running kernel—meaning that any problems or bugs experienced will be less likely to be investigated by the maintainers. LKMs effectively become part of the running kernel, so can corrupt kernel data structures and produce bugs that may not be able to be investigated if the module is indeed proprietary.

Linuxant controversy

In 2004, Linuxant—a consulting company that releases proprietary device drivers as loadable kernel modules—attempted to bypass GPLONLY symbol restrictions by abusing a NULL terminator in their MODULE_LICENSE:

<source lang="text"> MODULE_LICENSE("GPL\0for files in the \"GPL\" directory; for others, only LICENSE file applies"); </source>

The string comparison code used by the kernel at the time tried to determine whether the module was GPLed stopped when it reached a null character (\0), so it would be fooled into thinking that the module was declar ing its license to be just "GPL".

FreeBSD

Kernel module untuk FreeBSD di simpan di /boot/kernel/ untuk modul yang di distribusikan dengan Sistem Operasi, atau di /boot/modules/ untuk modul yang di instalasi dari FreeBSD ports atau FreeBSD packages, atau untuk proprietary atau modul yang hanya tersedia dalam bentuk binary saja. Kernel modul FreeBSD biasanya mempunyai extension .ko. Sesudah mesin di booting, kernel modul ini dapat diload menggunakan perintah kldload, unload dengan kldunload, dan melihat daftar dengan perintah kldstat. Module dapat di load dari loader sebelum kernel start, baik secara automatik (melalui /boot/loader.conf) atau dengan tangan.

OS X

Some loadable kernel modules in OS X can be loaded automatically. Loadable kernel modules can also be loaded by the kextload command. They can be listed by the kextstat command. Loadable kernel modules are located in application bundles with the extension .kext. Modules supplied with the operating system are stored in the /System/Library/Extensions directory; modules supplied by third parties are in various other directories.

Binary compatibility

Linux does not provide a stable API or ABI for kernel modules. This means that there are differences in internal structure and function between different kernel versions, which can cause compatibility problems. In an attempt to combat those problems, symbol versioning data is placed within the .modinfo section of loadable ELF modules. This versioning information can be compared with that of the running kernel before loading a module; if the versions are incompatible, the module will not be loaded.

Other operating systems, such as Solaris, FreeBSD, OS X, and Windows keep the kernel API and ABI relatively stable, thus avoiding this problem. For example, FreeBSD kernel modules compiled against kernel version 6.0 will work without recompilation on any other FreeBSD 6.x version, e.g. 6.4. However, they are not compatible with other major versions and must be recompiled for use with FreeBSD 7.x, as API and ABI compatibility is maintained only within a branch.

Security

While loadable kernel modules are a convenient method of modifying the running kernel, this can be abused by attackers on a compromised system to prevent detection of their processes or files, allowing them to maintain control over the system. Many rootkits make use of LKMs in this way. Note that on most operating systems modules do not help privilege elevation in any way, as elevated privilege is required to load a LKM; they merely make it easier for the attacker to hide the break-in.

Linux

Linux allows disabling module loading via sysctl option /proc/sys/kernel/modules_disabled. An initramfs system may load specific modules needed for a machine at boot and then disable module loading. This makes the security very similar to a monolithic kernel. If an attacker can change the initramfs, they can change the kernel binary.

OS X

On OS X, a loadable kernel module in a kernel extension bundle can be loaded by non-root users if the OSBundleAllowUserLoad property is set to True in the bundle's property list. However, if any of the files in the bundle, including the executable code file, are not owned by root and group wheel, or are writable by the group or "other", the attempt to load the kernel loadable module will fail.

External links

• IBM DeveloperWorks in-depth article on LKM
• Online kext database for OSX / Hackintosh
• Ori Pomerantz, Linux Kernel Module Programming Guide
• Copyright Considerations With LKMsTemplate:Dead link
• "Kernel Extension Programming Topics" document for OS X
• What Is A Loadable Kernel Module (LKM)?

Referensi

• http://en.wikipedia.org/wiki/Kernel_module