Loading...

VONDS ©

Lab 108: Kernel Module Fundamentals

Back to Lab Index

Inspect loaded kernel modules, read module metadata, and load and unload a safe module using standard tooling. Verify module state using direct module listings and kernel-exposed sources.

kernel modules core

Scenario

Your team needs a repeatable workflow for validating kernel module state during troubleshooting. You will list loaded modules, inspect module metadata, load and unload a safe module, and verify state changes using standard tools.

Operator context

Treat module operations as a controlled change. Unloading the wrong module can impact storage, networking, graphics, or security controls.

Objective

  • View loaded kernel modules and interpret the output.
  • Inspect a module’s metadata using modinfo .
  • Load a safe module using modprobe .
  • Verify module presence using lsmod and /proc/modules .
  • Practice passing a module parameter during load.
  • Remove the module safely and confirm removal.

Concepts

  • Module visibility and dependency signals from lsmod output (name, size, use count).
  • Module metadata as your source of truth: modinfo (filename, description, license, parameters, aliases).
  • Dependency-aware load and removal with modprobe and modprobe -r .
  • Kernel-exported module state via /proc/modules for alternate validation and scripting.
  • Parameter passing patterns and why changes usually require a reload to apply.

Walkthrough

Step 1 : Show the first 10 lines of loaded kernel modules.
Command 
lsmod | head -n 10

lsmod shows what is loaded right now. The Used by count helps you estimate whether a module is likely to unload cleanly and what else may depend on it. 

Module                  Size  Used by
xfs                   999424  1
e1000                 155648  0
Step 2 : Display metadata for the loop module.
Command 
modinfo loop

modinfo answers “what is this module,” “where is it on disk,” and “what options does it accept.” Use this to confirm you are operating on the correct module before loading it or debugging why it will not load. 

# Example fields to confirm:
filename:       /lib/modules/.../kernel/drivers/block/loop.ko
description:    Loopback block device
license:        GPL
parm:           max_loop:int
Step 3 : Load the loop module into the kernel.
Command 
sudo modprobe loop

modprobe loads the module and resolves dependencies automatically. If the module is already loaded or built into the kernel, you may see no output. 

# No output is normal on success.
Step 4 : Confirm that loop is loaded.
Command 
lsmod | grep -E '^loop(\s|$)'

Filtering lsmod output is the fastest way to prove the module is present. If it does not appear, confirm whether the module is built-in or inspect errors from the load attempt. 

loop                   45056  0
Alternate 
grep -E '^loop ' /proc/modules

/proc/modules is a kernel-exported view of module state and can be used as an alternate verification source.

Step 5 : Load with a module parameter.
Parameter behavior

Parameters apply at load time. If the module is already loaded, the new value may not take effect until the module is unloaded and loaded again.

Command 
sudo modprobe loop max_loop=8

This demonstrates the parameter syntax. Use modinfo output to confirm supported parameter names and expected types before applying them. 

# If you need to apply a parameter reliably:
sudo modprobe -r loop && sudo modprobe loop max_loop=8
Step 6 : Remove the loop module and confirm removal.
Safety note

A module may refuse to unload if it is in use. That failure is a safety feature. Confirm dependencies before retrying removal.

Command 
sudo modprobe -r loop

modprobe -r removes the module with dependency awareness. If the module is still needed, the command may fail with an “in use” message. 

# Verify removal:
lsmod | grep -E '^loop(\s|$)'
Alternate 
sudo rmmod loop

rmmod removes a module directly and does not resolve dependencies. Prefer modprobe -r for normal operations.

Common breakpoints

modprobe fails: “module not found”

The module is not available for the running kernel. Confirm your kernel version and module path, then verify that module packages are installed for that kernel.

modprobe -r fails: “module is in use”

A dependency or active consumer is preventing removal. Identify what is using the module, stop the dependent service or workload, then retry. Do not force removal without understanding impact.

lsmod does not show the module after load

The module may be built into the kernel or the load failed. Re-check modinfo and validate state via /proc/modules . If needed, inspect recent kernel messages for load errors.

Parameter changes do not appear to apply

Parameters are applied at load time. If the module was already loaded, unload it and reload with the parameter to ensure the new value is applied.

Cleanup checklist

This lab changes kernel state only if you loaded the module. Your cleanup is ensuring the module is removed (if you loaded it) and that module state looks normal afterward.

Commands 
lsmod | grep -E '^loop(\s|$)'
grep -E '^loop ' /proc/modules || true
Success signal

You can prove module load state, inspect supported parameters, and perform a safe load/unload workflow without guessing.

Reference

  • lsmod : Lists currently loaded kernel modules.
    • Output includes module name, size, and “Used by” count.
  • modinfo <module> : Displays metadata for a kernel module.
    • Common fields include filename , description , license , and parm entries for parameters.
  • modprobe <module> [param=value] : Loads a module and resolves dependencies.
    • Parameters apply at load time and may require a reload to take effect.
  • modprobe -r <module> : Unloads a module (if not in use).
    • -r : Removes (unloads) the module.
  • rmmod <module> : Removes a module directly without dependency resolution.
  • /proc/modules : Kernel-exported view of loaded modules (name, size, use count).
  • grep -E <regex> <file> : Filters lines that match a regex.
    • -E : Enables extended regular expressions.