Product SiteDocumentation Site

Chapter 23. Working with Kernel Modules

23.1. Listing Currently-Loaded Modules
23.2. Displaying Information About a Module
23.3. Loading a Module
23.4. Unloading a Module
23.5. Setting Module Parameters
23.6. Persistent Module Loading
23.7. Signing Kernel Modules for Secure Boot
23.7.1. Prerequisites
23.7.2. Kernel Module Authentication
23.7.3. Generating a Public and Private X.509 Key Pair
23.7.4. Enrolling Public Key on Target System
23.7.5. Signing Kernel Module with the Private Key
23.7.6. Loading Signed Kernel Module
23.8. Additional Resources
The Linux kernel is modular, which means it can extend its capabilities through the use of dynamically-loaded kernel modules. A kernel module can provide:
Like the kernel itself, modules can take parameters that customize their behavior, though the default parameters work well in most cases. User-space tools can list the modules currently loaded into a running kernel; query all available modules for available parameters and module-specific information; and load or unload (remove) modules dynamically into or from a running kernel. Many of these utilities, which are provided by the kmod package, take module dependencies into account when performing operations so that manual dependency-tracking is rarely necessary.
On modern systems, kernel modules are automatically loaded by various mechanisms when the conditions call for it. However, there are occasions when it is necessary to load or unload modules manually, such as when one module is preferred over another although either could provide basic functionality, or when a module is misbehaving.
This chapter explains how to:

Installing the kmod package

In order to use the kernel module utilities described in this chapter, first ensure the kmod package is installed on your system by running, as root:
~]# dnf install kmod
For more information on installing packages with DNF, see Section 6.2.4, “Installing Packages”.

23.1. Listing Currently-Loaded Modules

You can list all kernel modules that are currently loaded into the kernel by running the lsmod command, for example:
~]$ lsmod
Module                  Size  Used by
tcp_lp                 12663  0 
bnep                   19704  2 
bluetooth             372662  7 bnep
rfkill                 26536  3 bluetooth
fuse                   87661  3 
ip6t_rpfilter          12546  1 
ip6t_REJECT            12939  2 
ipt_REJECT             12541  2 
xt_conntrack           12760  7 
ebtable_nat            12807  0 
ebtable_broute         12731  0 
bridge                110196  1 ebtable_broute
stp                    12976  1 bridge
llc                    14552  2 stp,bridge
ebtable_filter         12827  0 
ebtables               30913  3 ebtable_broute,ebtable_nat,ebtable_filter
ip6table_nat           13015  1 
nf_conntrack_ipv6      18738  5 
nf_defrag_ipv6         34651  1 nf_conntrack_ipv6
nf_nat_ipv6            13279  1 ip6table_nat
ip6table_mangle        12700  1 
ip6table_security      12710  1 
ip6table_raw           12683  1 
ip6table_filter        12815  1 
ip6_tables             27025  5 ip6table_filter,ip6table_mangle,ip6table_security,ip6table_nat,ip6table_raw
iptable_nat            13011  1 
nf_conntrack_ipv4      14862  4 
nf_defrag_ipv4         12729  1 nf_conntrack_ipv4
nf_nat_ipv4            13263  1 iptable_nat
nf_nat                 21798  4 nf_nat_ipv4,nf_nat_ipv6,ip6table_nat,iptable_nat
[output truncated]
Each row of lsmod output specifies:
  • the name of a kernel module currently loaded in memory;
  • the amount of memory it uses; and,
  • the sum total of processes that are using the module and other modules which depend on it, followed by a list of the names of those modules, if there are any. Using this list, you can first unload all the modules depending the module you want to unload. For more information, see Section 23.4, “Unloading a Module”.
Finally, note that lsmod output is less verbose and considerably easier to read than the content of the /proc/modules pseudo-file.