Nobody should ever need to patch the kernel!!

ROAR!!

I admit I don't know much on linux modules but there is one thing I really hate: the need to patch the kernel. This is INSANE!

I accept that to fit a new driver into linux I have to compile the driver source against my kernel's headers, and then do modprobe. This is fine.

What I consider INSANE is when I need to patch and then recompile the kernel to insert a driver or an extended the kernel functionality!?!?

WHY IS THAT NEEDED? Could't kernel developers agree on some extensibility paradigm so that we would just need the module compile and the modprobe?!!? I don't care if the driver would result in 5% slower, and for many slow devices even a 5000% slower could be fine.

What, if I need two additional "drivers/features" I need to patch the kernel twice? It is not even guaranteed that this is possible, the patch system can refuse to apply the second patch if a certain file is already modified by the first patch.

And hear hear, I hereby want to show that this insane method of patching really affects security negatively:

You are a maintainer, and you have some older kernel on a machine. Now there is a new kernel out, but you have applied say 5 patches to the old kernel, had to fight to make that work etc... now the new kernel minor revision comes out but the (5!) patches don't apply exactly anymore and you badly need the features you patched... what do you do? In a real world situation you know what you do? You DON'T upgrade the kernel!! That's it! And in a couple of years you are vulnerable to some hack, and unless you read security reports everyday thoroughly (LOTS of time lost), you will soon be hacked.

Another nasty situation: mine: Under Windows I can monitor the filesystems access with filemon (not even an installation, just doubleclick on the program). Under linux there is no way: you need a kernel patch to have that feature!!!! (UNBELIEVABLE!!) This would provide useful to me for debugging in certain circumstances when some program doesn't work, but I have a laptop with a P3-1ghz and little disk space left. The new kernel recompile would take a lot of space and many hours of compile time. And if I upgrade the kernel afterwards I need to re-patch that to the new kernel. Do you think I am doing that? No way. I do without the feature.

But this sucks.

If I am mistaken, please tell me.

And please make me understand what happens at low level, that is, why in some cases I can do simply a compile and modprobe (e.g. nvidia driver) and why in others this is not sufficient and I need to patch the kernel (e.g. file monitoring)???
.

Relevant Pages

  • [PATCH 2.6] Wireless Extension v17 for Linus
    ... WE-17 for kernel 2.6.X. ... The patch already ... included feedback from various driver maintainers, ... * This file define the new driver API for Wireless Extensions ...
    (Linux-Kernel)
  • Re[2]: Where did find_bus() go in 2.6.18?
    ... to query bus set in the kernel was just removed, ... driver here. ... if kernel no longer wants us to enumerate ... So, we won't be posting our 8Mb+ patch just tomorrow, and of course ...
    (Linux-Kernel)
  • Re: broken dpt_i2o in 2.6.23 (was: ext2_check_page: bad entry in directory)
    ... Anders Henke wrote: ... I've manually replaced the dpt_i2o driver by the 2.6.19 one by copying ... kernel; using this kernel fixed the issue for me. ... that the smallest patch actually seams to be the broken one. ...
    (Linux-Kernel)
  • Re: Evaluation of High Precision Event Timer Driver for userland timer facility
    ... I wrote a patch to add following features into acpi_hpet timer driver ... than not, requires kernel privileges. ... Without userland access to the timekeeping hardware, ...
    (freebsd-current)
  • Re: RT patch acceptance
    ... judge the complexity of a design for that type of system. ... claim that you cannot judge the complexity of a kernel modification. ... Since the patch in question doesn't actually need that information to ... nanokernel's API up to date with additions to Linux's API that RT people ...
    (Linux-Kernel)