Linux kernal some notes

naruto · Dec 21, 2025 Public

1. What the Kernel Is

  • Core of OS: manages CPU, memory, devices, filesystems, networking
  • Runs in kernel space (privileged)
  • Linux = monolithic kernel (modular via loadable modules)

2. Kernel Space vs User Space

  • User space: apps, shells (no hardware access)
  • Kernel space: drivers, scheduler, memory mgmt
  • Transition via system calls (syscalls)

3. Kernel Architecture (Main Subsystems)

  • Scheduler – CPU time allocation
  • Memory Management – virtual memory, paging
  • VFS – filesystem abstraction
  • Block I/O – disks
  • Network Stack – TCP/IP
  • Device Drivers – hardware interface
  • IPC – signals, pipes, shared memory

4. Process Management

  • Process = program in execution
  • Created by: fork()exec()
  • States: running, sleeping, stopped, zombie
  • Scheduler: CFS (Completely Fair Scheduler)

5. Scheduling

  • Preemptive, multitasking
  • Priorities:
    • Normal (CFS)
    • Real-time: SCHED_FIFO, SCHED_RR
  • Inspect: ps, top, htop

6. Memory Management

  • Virtual memory per process
  • Paging + demand paging
  • Swap used when RAM is full
  • Page cache for files
  • OOM Killer kills processes on memory exhaustion

7. System Calls

  • Controlled entry to kernel
  • Examples:
    • read(), write()
    • open()
    • fork(), execve()
  • Trace: strace

8. Kernel Modules

  • Loadable code at runtime
  • No reboot required

  • Commands:

    lsmod modprobe <module> rmmod <module>

9. Device Model

  • Everything as files: /dev
  • Character vs block devices
  • udev handles device nodes dynamically

10. Interrupts & Context Switching

  • Interrupt: hardware signal to CPU
  • Context switch: save/restore process state
  • Expensive → minimize in performance-critical paths

11. Filesystems (VFS)

  • VFS = abstraction layer
  • Supports: ext4, xfs, btrfs, nfs
  • Mounting connects FS to directory tree

12. Networking (Kernel Side)

  • Full TCP/IP stack in kernel
  • Netfilter handles firewall (iptables/nftables)
  • Sockets implemented in kernel

13. Kernel Boot Flow

  1. BIOS/UEFI
  2. Bootloader (GRUB)
  3. Kernel load
  4. initramfs
  5. systemd (PID 1)

14. Kernel Logs & Debugging

  • View logs:

    dmesg journalctl -k

  • Panic = fatal kernel error

15. Tuning & Parameters

  • Runtime config via sysctl

    sysctl -a sysctl vm.swappiness=10

  • Exposed in /proc and /sys

16. Security

  • Capabilities (drop root privileges)
  • LSM: SELinux, AppArmor
  • Namespaces + cgroups (containers)

17. Kernel Versions

  • LTS recommended for servers

  • Check version:

    uname -r

Absolute must-know for interviews

  • Syscalls vs library calls
  • Fork–exec model
  • Virtual memory & paging
  • CFS scheduler
  • Monolithic ≠ non-modular
Created before 2 months, 3 weeks ago