On Tue, 11 Sep 2007 14:35:40 +0100
Andrew Doran <ad@NetBSD.org> wrote:

> Seconded, and I think that spending time enhancing 'config' further
> is a waste of time. What are the problems with LKMs? I can think of
> some:
> 
> - LKMs need to be compiled to match the kernel, MULTIPROCESSOR and so
> on. I have been working on this, and expect that it won't be a
> problem any more in a couple of months time.
> 
> - LKMs depend on kernel data structures which change often. Again I've
>   been working on this one, e.g. the recent callout changes although
> there's a lot of work to be done on this.
> 
> - The kernel needs to be able to load modules itself, and that means
> an in-kernel linker.
> 
> - The autoconfiguration framework isn't suited to loading device
> drivers. The drivers have to do some quite odd things in order to
> find a device to drive and get attached.
> 
> - Mechanisms to prevent in-use modules from being unloaded are
> missing. For example, a syscall module can be unloaded while its
> syscall is in use.
> 
> What other problems are there?
> 
Security -- it's much easier to plant a rootkit in a running system
with an LKM.  That said, loading drivers at boot-time -- as FreeBSD can
do -- wouldn't have that risk.


		--Steve Bellovin, http://www.cs.columbia.edu/~smb