An idea to capture kernel memory access

Tue, 20 May 2014 00:42:12 -0700 

Hello
I have an idea, to add some changes to the kernel, like the kmemcheck, to help 
to check the kernel memory.


 I call it kernel_module_check_framework, it can check the memory buffer 
overflow errors and others.
The memory buffer is what the user want to monitor, not the whole system's 
memory. User can add/delete the memory buffers to the framework.
The framework provide four interface, register/unregister functions, add/delete 
functions. User can utilize the interface to do some works.


When user add/delete a memory buffer, the framework will store the memory 
information and set the all the pages which contains the memory buffer 
none-present .
Then, when an access to this page, the framework will check whether the access 
is in the monitored buffers. If it is hit, the framework will set the page 
present and execute the interface function(or the hook function), at last 
change the regs->flags to make the CPU to be the single step debugging mode. If 
not, let the kernel to handle it.
Cause the single step debugging  mode, kernel will step into the do_debug 
functions in the traps.c file, and make the page none-present again, at last 
restore the regs->flags.
There, the framework can catch the another access in the same page.
When unregister, the framework will recovery all the pages, and show something.


As mentioned above, the interface function(or the hook function), it is a 
function pointer, at first is NULL, when the user register to the framework, 
the pointer will change to the user's handler. So, the framework's main handler 
is implemented by users.


To implement the framework, I will change the fault.c, traps.c and will add new 
files. It sounds like the kmemcheck, but not the same, my framework intents to 
capture each access in the memory buffers that are dynamically added or deleted 
by users, and let user to handler it. For example, the user can write a module 
to monitor a process's specified memory buffers with the framework, can 
statistic the buffer write,read times and somethings. Or user can develop a 
module to check memory access overflow errors with it.


I don't know whether the design is feasible?  Any one can give some advises?


Thanks, 
HeChuan
_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

Reply via email to