The joy of a modular kernel

What is a modular kernel?

Modern modular kernels use a relatively small core that contains only the bare minimum code required to get a computer up and running. The core then loads additional required kernel modules as it detects and identifies devices attached to the system.

Kernel modules are units of code required to enable functionality of a specific hardware device such as USB and nvme memory, wireless, GPUs, network interfaces, and more. Kernel modules can also support non-hardware functionality for things like encryption, digital rights management (DRM), virtualization for tools like VirtualBox, TCP/IP packet tracking and identification for firewalls, and so on.

Most Unix-like operating systems, including Linux, use modular kernels. This allows the core to be small enough to run on tiny devices such as Raspberry Pi, Arduino, and thousands of IOT devices, while being flexible enough to run the largest and most complex supercomputers on the planet.

The OSDev.org website has an excellent article about modular kernels,and that article has links to descriptions of other types of kernels.

The problem

After installing some recent updates on my primary workstation, VirtualBox failed to launch a VM I needed. I’m working on my next book¹ and use that VM to design the experiments that provide hands-on experience for my readers.

The VirtualBox Manager displayed the message, “VirtualBox can’t operate in VMX root mode. Please disable the KVM kernel extension, recompile your kernel and reboot (VERR_VMX_IN_VMX_ROOT_MODE).” The KVM kernel extension is a loadable kernel module in Linux.

However, I have compiled the kernel in one of the Red Hat courses I took — and taught. It’s really not that difficult, but I’ve never found it necessary as a SysAdmin. Fortunately it isn’t in this case, either.

The solution

A single Internet search resulted in several hits. One from Oracle’s VirtualBox forums dated 2010, and another from June of 2024, addressed this problem. The one from 2010 gave me the answer I needed. The more recent one was too general and had no indication of the result.

Let’s look at the kvm module before removing it, because there is one for AMD and one for Intel CPUs. You can run the lsmod command as a non-root user. This command lists all currently loaded kernel modules but we’ve run it through grep to view only those modules with kvm in them. It shows that I have the kvm_intel kernel module, which makes sense as my system uses an Intel i9 processor.

$ lsmod | grep kvm
kvm_intel             446464  0
kvm                  1449984  1 kvm_intel

Try the lsmod command without grepping for kvm to see a complete list of all the kernel modules.

The command, modprobe -r kvm_intel or modprobe -r kvm_amd, resolves this problem — at least temporarily. It simply removes the offending kernel module from memory. As the root user, I removed the module from my running Intel system with this command.

# modprobe -r kvm_intel

Some of the information I found on the web indicates the use of the rmmod command. However the rmmod man page indicates it’s better to use the modprobe command because that also removes dependent modules rather than leaving them in memory.

Making it persistent

As it stands, this solution will work until the host is rebooted. But we do need to make this change persistent through reboots.

This persistent fix — for Fedora — relies upon the fact that the kernel module loader examines the files in the /etc/modprobe.d directory. Other distros may use the /etc/sysconfig/modules directory for configuration.

Create a new file in /etc/modprobe.d to contain the needed configuration line. I named mine disabled.conf, but the name itself doesn’t matter as all files in this directory are parsed by modprobe during Linux startup. Use kvm_intel or kvm_amd depending upon your processor type.

blacklist kvm_intel

I tested this multiple times and it works perfectly, allowing VirtualBox to load and run virtual machines.

Summary

Part of the beauty of the Linux kernel is that we don’t really need to recompile the kernel for most situations. In this case, all we need do is remove the offending kernel module. No reboot was required, nor was it necessary to recompile the kernel. Then we added a new file in /etc/modprobe.d so that the module doesn’t load during boot.

I found a lot of incorrect information about the Linux kernel on the Internet, in which it was said that Linux has a monolithic kernel. This is demonstrably untrue, as you’ve seen in this article. Else why would Linux provide multiple tools for management of those modules by SysAdmins? You did use lsmod to view the entire list of installed modules, didn’t you? And, of course, that doesn’t list the modules that are not loaded or even installed.

Windows supposedly has a hybrid kernel which consists of a very large core that contains a lot of code that could have been modular had it been designed that way from scratch. It does have a relatively small number of modules compared to Linux, Unix, and other Unix-like operating systems. As far as I can tell, Windows has no functionality like we’ve seen in this article, so the admin has much less control.

1. Sorry — I can’t disclose the details about my next book just yet. ↩︎