[ale] Monolithic vs Modularised Kernels

J.M. Taylor jtaylor at onlinea.com
Wed Jul 9 10:02:40 EDT 2003


Seconded, if only I could go 'round converting people to *nix!! :)

My take on the kernel question is one of security, surprise.
Seems to me if you can disable dynamic module loading, then nobody can
trick your kernel into loading an evil module.  Just seems to be a prudent
just-in-case thing to me, but as always I could be misguided. :)

I've run both and not noticed any performance difference between the two,
but I've never done anything with real high performance machines or
machines that needed anything other than a kernel built with bare minimum
options.

Would be very interested to know what you decide to do, and why...it's a
good question that I'm sure has lots of strong opinions on either side.

Cheers
jenn

> Raju -
>
> Wish I had your job!
>
> I'd be interested to see others' views, but it's my understanding that
> the whole GNU/Linux operating system has been set up such that,
> performance-wise, there is virtually no distinction one way or the
> other.  There may be other differences, but their results/symptoms are
> unlikely to affect you.
>
> I understand - and please, someone correct me if I'm wrong - that
> selecting "module" for any given kernel config option does not have an
> associated memory impact if the feature in question is not used but it
> defintely will if it's compiled in, whether it's used or not.  This
> issue might come into play if you are trying to squeeze every last bit
> of performance out of a system (i.e., you plan to have it half beat
> itself to death as a matter of routine); my take is that a smaller
> kernel is better than a larger kernel not so much because of the
> percentage of total RAM taken up by the kernel but because you want your
> system's L1 and L2 caches to give you as much help as possible; the less
> there is to shove into them, the more likely they're going to contain
> something the processor(s) need, and, as you probably already know, the
> whole point of having L1 and L2 cache in the first place is that they
> are faster than the system RAM - a LOT faster.
>
> - Jeff

>> The Client that I am doing for is finally pushing Linux into the
>> enterprise. Amazing how chap11 can actually help promote better and
>> much more superior technologies ;-). I am feverishly replacing a lot
>> of the servers with Linux (Redhat) that use to the run the piece of
>> sh!%$^%$ NT , but using a vanilla kernel with the grsecurity patch.
>> Some examples are, Samba for the PDC, WINS, Print Server, and even the
>>  production database running Sybase (HP-UX) will soon be on Linux. My
>> question is whether to build a Monolithic or Modularised Kernel. Read
>> several arguments on google, but wanted to see your views. Thanks.
>>
>> -Raju
>> mr at securenet.com



_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale





More information about the Ale mailing list