Kernel
1) What is a kernel?
- The kernel is the core of an operating system. It sits between your apps and the hardware and controls everything: CPU, memory, disks, network cards, etc.
- Think of it as a traffic controller: it decides which program runs, how memory is shared, and how devices are used—safely and efficiently.
[ Your Apps ] → [ System Calls ] → [ KERNEL ] → [ CPU | RAM | Disk | NIC | GPU | Devices ]
(user space) (kernel space) (hardware)
2) What the kernel actually does (core responsibilities)
1. Process & Thread Management
o Creates/destroys processes (fork/exec/exit), switches the CPU between them (context switch).
o Scheduler decides who runs next. Linux uses CFS (Completely Fair Scheduler) to share CPU fairly.
2. Memory Management
o Gives each process its own virtual address space (isolation).
o Handles paging (moving memory pages between RAM and disk), page cache, and allocation.
o Prevents one buggy app from corrupting others.
3. Device & Driver Management
o Talks to hardware through device drivers (keyboard, disk, Wi-Fi, camera, GPU…).
o Provides a uniform interface so apps don’t need to know device details.
4. Filesystems & I/O
o Provides a common API to read/write files (through VFS—Virtual File System).
o Supports ext4, XFS, Btrfs, FAT, NTFS, etc.
5. Security & Isolation
o Enforces permissions, user/group IDs, capabilities (fine-grained root powers).
o Optional frameworks: SELinux/AppArmor for policy-based control.
o Process isolation, address-space isolation, syscall filtering (e.g., seccomp).
6. Networking
o Implements the network stack (TCP/IP), routing, firewalls (netfilter/iptables/nftables).
7. System Call Interface
o Apps request services via system calls (e.g., read, write, open, socket).
o These calls switch from user space → kernel space safely.
3) User space vs Kernel space
- User space: where your programs run (limited power → safer).
- Kernel space: full control of hardware (powerful but risky).
- Programs must use system calls to ask the kernel for resources (no direct hardware access).
4) Linux kernel design: monolithic + loadable modules
- Linux is a monolithic kernel: most services run in kernel space (fast communication).
- It supports Loadable Kernel Modules (LKMs): you can add/remove drivers without reboot.
- View loaded modules: lsmod
- Load/unload: sudo modprobe <module>, sudo modprobe -r <module>
- This gives performance (monolithic) + flexibility (modules).
5) Boot overview (how the kernel starts)
1. Firmware (UEFI/BIOS) runs hardware checks, loads the bootloader.
2. Bootloader (e.g., GRUB) loads the Linux kernel (and initramfs).
3. Kernel initializes hardware, mounts root filesystem.
4. Starts PID 1 (e.g., systemd) → launches services and your login.
Check your kernel version:
uname -r
6) Key kernel subsystems (quick tour)
- Scheduler (CFS): balances CPU time across tasks; supports priorities/nice levels.
- Memory manager: virtual memory, demand paging, page cache, NUMA awareness.
- VFS layer: one API for many filesystems; caches dentries/inodes for speed.
- Block layer & I/O scheduler: optimizes reads/writes to storage.
- Networking stack: sockets, routing, QoS, firewall hooks.
- Interrupt handlers & softirqs: respond to device events (keyboard press, NIC packet).
- Timers & high-res timers: schedule future work precisely.
- eBPF: safe in-kernel programs for tracing, networking, security (advanced, but good to know).
7) How apps talk to the kernel (system calls)
- Example idea: when you do printf("Hi"), the C library eventually calls the write syscall to send bytes to a file/terminal.
- You can observe syscalls with:
strace -o trace.txt ls
less trace.txt
(You’ll see openat, read, write, close, etc.)
8) Files that expose kernel state
- /proc → virtual files showing processes and kernel info (e.g., /proc/cpuinfo, /proc/meminfo).
- /sys → device and driver information (sysfs).
- sysctl → tune kernel parameters at runtime:
sysctl vm.swappiness
sudo sysctl -w vm.swappiness=10 # lower swapping tendency (temporary)
(Permanent tuning: add to /etc/sysctl.conf.)
9) Security basics tied to the kernel
- Permissions & ownership: rwx for user/group/others (chmod, chown).
- Capabilities: split root powers (e.g., CAP_NET_ADMIN).
- Mandatory Access Control: SELinux/AppArmor confine services even if compromised.
- Namespaces & cgroups: container isolation and resource limits (used by Docker/Kubernetes).
10) Practical commands you’ll use in labs
uname -a # full kernel info
lsmod # list kernel modules
lspci / lsusb # list PCI/USB hardware (needs pciutils/usbutils)
dmesg | less # kernel message buffer
journalctl -k # kernel logs via systemd-journald
cat /proc/cpuinfo
cat /proc/meminfo
cat /proc/interrupts
11) Typical first-year lab ideas (1–2 hours each)
1. Observe the scheduler
yes > /dev/null & # start a busy loop
top # watch CPU usage
renice +10 <PID> # lower priority and observe the change
kill %1 # stop the 'yes' job
2. Explore memory & procfs
free -h
cat /proc/meminfo | head
grep -E '^(processor|model name)' /proc/cpuinfo
3. See syscalls in action
strace -c ls # syscall summary with counts and time
4. Play with modules (read-only inspection)
lsmod | head
modinfo <module_name> # e.g., modinfo e1000e
5. Networking stack quick check
ip a
ping -c 3 8.8.8.8
ss -tuna # show sockets
12) Versions, LTS, and updates
- Kernel versions look like 6.8.0-xyz. Many distros ship LTS kernels (stable, long-supported).
- Update via distro tools (e.g., apt upgrade) instead of compiling your own—perfect for first year.
13) Summary (exam-ready points)
- Definition: Kernel = core program managing CPU, memory, devices, files, and security.
- Boundary: System calls bridge user space and kernel space.
- Linux specifics: Monolithic design + loadable modules for flexibility.
- Key subsystems: Scheduler (CFS), VM, VFS, networking, drivers, security.
- Why it matters: Performance, stability, isolation—foundation for OS, networks, DBMS, security, and cloud courses.
If you want, I can turn this into a 1-page revision sheet or a lab handout with checkboxes for your class.