The Kernel#

Concepts#

What Does the Kernel Do?#

The kernel is the core of the operating system. It sits between hardware and user-space programs:

Applications (bash, firefox, python)
        │
        ▼
    System calls (open, read, write, fork, exec)
        │
        ▼
    ┌──────────────────────────────────┐
    │           Linux Kernel            │
    │  Process management               │
    │  Memory management                │
    │  Filesystem access                │
    │  Device drivers                   │
    │  Networking                       │
    │  Security / permissions           │
    └──────────────────────────────────┘
        │
        ▼
      Hardware (CPU, RAM, disk, network, GPU)

The kernel:

  • Manages processes: creates, schedules, and terminates them
  • Manages memory: allocates RAM, handles virtual memory and swap
  • Controls hardware: through device drivers (built-in or modules)
  • Provides filesystems: ext4, xfs, tmpfs, procfs, sysfs
  • Handles networking: TCP/IP stack, routing, firewalling
  • Enforces security: file permissions, capabilities, namespaces

Kernel Version# 

# Current kernel version
uname -r
# Example: 6.8.0-40-generic

# Breakdown:
# 6        — major version
# 8        — minor version  
# 0        — patch level
# 40       — Ubuntu/Debian build number
# generic  — kernel flavor (generic = standard)

# More system info
uname -a     # everything
uname -s     # kernel name (Linux)
uname -m     # architecture (x86_64)

# Distribution-specific kernel info
cat /proc/version

Ubuntu ships its own kernel builds (based on mainline Linux with patches). Kernel updates come through apt as part of regular updates. Debian ships stable kernels with security backports. Debian stable kernels change rarely within a release.

Kernel Modules#

The kernel is modular — not all drivers and features are built into the kernel binary. Instead, many are modules (.ko files) that can be loaded and unloaded at runtime.

# List loaded modules
lsmod
lsmod | head -20

# Module info
modinfo ext4
modinfo snd_hda_intel

# Load a module
sudo modprobe vfat            # load the FAT filesystem module

# Unload a module (if not in use)
sudo modprobe -r vfat

# Module files on disk
ls /lib/modules/$(uname -r)/kernel/
# drivers/  fs/  net/  sound/  crypto/  ...

Automatic Module Loading#

The kernel loads modules automatically when hardware is detected or a feature is needed. For example:

  • Plug in a USB device → kernel loads the appropriate driver module
  • Mount a VFAT filesystem → kernel loads vfat module
  • Use iptables → kernel loads netfilter modules

Blacklisting Modules#

To prevent a module from loading:

# Create a blacklist file
echo "blacklist nouveau" | sudo tee /etc/modprobe.d/blacklist-nouveau.conf

# Rebuild initramfs
sudo update-initramfs -u

# Reboot for it to take effect

Common reason: blacklisting nouveau (open-source NVIDIA driver) when installing the proprietary NVIDIA driver.

It goes without saying but be careful when blacklisting modules as you really don’t want to blacklist the wrong module.

/proc — Process and Kernel Information#

/proc is a virtual filesystem — it doesn’t exist on disk. The kernel generates its contents on the fly, exposing internal state as files:

# CPU information
cat /proc/cpuinfo | head -20
# or just: lscpu

# Memory information
cat /proc/meminfo | head -10
# or just: free -h

# Kernel version
cat /proc/version

# Kernel command line (boot parameters)
cat /proc/cmdline

# Uptime (seconds)
cat /proc/uptime

# Per-process info
ls /proc/1/           # PID 1 (systemd)
cat /proc/1/cmdline   # command that started it
cat /proc/1/status    # process status
ls -l /proc/1/fd/     # open file descriptors

/sys — Hardware and Device Information#

/sys is another virtual filesystem exposing the kernel’s device model:

# Block devices
ls /sys/block/

# CPU info
ls /sys/devices/system/cpu/

# Network interfaces
ls /sys/class/net/

# Power settings
cat /sys/class/power_supply/BAT0/capacity 2>/dev/null   # battery %

dmesg — Kernel Message Buffer#

The kernel logs hardware events, driver loading, and errors to a ring buffer. dmesg reads it:

# View kernel messages
dmesg | head -30

# Follow new messages in real time
dmesg -w

# Human-readable timestamps
dmesg -T | tail -20

# Filter by priority (err and above)
dmesg --level=err

# USB-related messages
dmesg | grep -i usb

# Disk-related messages
dmesg | grep -i "sd[a-z]"

# Network-related messages
dmesg | grep -i eth

sysctl — Runtime Kernel Parameters#

sysctl reads and modifies kernel parameters at runtime (without recompiling or rebooting):

# View all parameters
sysctl -a | head -20

# View a specific parameter
sysctl net.ipv4.ip_forward
sysctl vm.swappiness

# Change a parameter (until reboot)
sudo sysctl vm.swappiness=10
sudo sysctl net.ipv4.ip_forward=1

# Make permanent — add to /etc/sysctl.conf or /etc/sysctl.d/*.conf
echo "vm.swappiness=10" | sudo tee /etc/sysctl.d/99-custom.conf

# Apply configuration files
sudo sysctl --system

Common parameters:

Parameter Description
vm.swappiness How aggressively to use swap (0-100)
net.ipv4.ip_forward Enable IP forwarding (router/gateway)
fs.file-max Maximum number of open files system-wide
net.core.somaxconn Maximum socket listen backlog

Hardware Information Commands# 

# CPU
lscpu

# Memory
free -h

# PCI devices (graphics, network, USB controllers)
lspci
lspci | grep -i vga       # graphics card
lspci | grep -i network   # network card

# USB devices
lsusb

# Block devices
lsblk

# All hardware summary
sudo lshw -short 2>/dev/null

Lab#

Exercise 1: Kernel Info# 

uname -r
uname -a
cat /proc/version
cat /proc/cmdline

Exercise 2: Explore Modules# 

# Count loaded modules
lsmod | wc -l

# Find the most used modules (by dependents)
lsmod | sort -k3 -rn | head -10

# Get info on a specific module
modinfo ext4 | head -10

Exercise 3: Explore /proc and /sys# 

# CPU count
grep -c "^processor" /proc/cpuinfo

# Total RAM
grep MemTotal /proc/meminfo

# Current boot parameters
cat /proc/cmdline

# Network interfaces via /sys
ls /sys/class/net/

# Block devices
ls /sys/block/

Exercise 4: dmesg and sysctl# 

# Recent kernel messages
dmesg -T | tail -20

# Any errors?
dmesg --level=err 2>/dev/null || dmesg | grep -i error | tail -10

# Current swappiness
sysctl vm.swappiness

# List file-related parameters
sysctl -a 2>/dev/null | grep "fs.file"

Exercise 5: Hardware Info# 

lscpu | head -15
free -h
lsblk
lspci | head -10
lsusb 2>/dev/null

Review#

1. What does the Linux kernel do?

It manages processes, memory, hardware (through drivers), filesystems, networking, and security. It sits between user-space applications and hardware, handling all system calls.

2. What are kernel modules?

Loadable pieces of kernel code (.ko files) — typically device drivers or filesystem support. They can be loaded and unloaded at runtime with modprobe, avoiding the need to compile everything into the kernel.

3. What is /proc?

A virtual filesystem generated by the kernel. It exposes process information (/proc/PID/) and kernel state (/proc/cpuinfo, /proc/meminfo, etc.) as readable files. Nothing in /proc exists on disk.

4. What is dmesg used for?

Reading the kernel’s message buffer — hardware detection, driver loading, errors, and warnings. Useful for diagnosing hardware problems, driver issues, or disk errors.

5. How do you change a kernel parameter at runtime?

sudo sysctl parameter=value (e.g., sudo sysctl vm.swappiness=10). To make it permanent, add it to /etc/sysctl.d/*.conf and run sudo sysctl --system.

Previous: The Boot Process | Next: Performance and Troubleshooting