[$] Two approaches to tightening restrictions on loadable modules

The kernel's loadable-module facility allows code to be loaded into (and
sometimes removed from) a running kernel.  Among other things, loadable
modules make it possible to run a kernel with only the subsystems needed
for the system's hardware and workload.  Loadable modules can also make it
easy for out-of-tree code to access parts of the kernel that developers
would prefer to keep private; this has led to https://lwn.net/Kernel/Index/#Modules-Exported_symbols
 in the
past.  The topic has returned to the kernel's mailing lists with two
different patch sets aimed at further tightening the restrictions applied
to loadable modules.

https://lwn.net/Articles/998221/