vproc memory monitoring
Hi folks,
I am working on additional security mechanisms for the dragonfly
vkernel and I want to monitor all in-memory copies (like intel asm
"mov" and its derivates) of a running vproc in order to check if the
vproc is allowed to copy data to the resp. memory segment.
My first approach was to use a technique similar to the implementation
used in the emulation of the modified bit in the vkernel: If a vproc
request a mapping for a page, the hostkernel disallows writes in the
pagetable entry that it instantiates. Afterwards, during handling the
resulting pagefault, the permissions of the resp. page should be
checked.
I think it is obvious that this approach consumes significantly more
time to handle every single memory copy of a vproc as a pagefault. Do
you have any idea to monitor in-memory copies without such a
performance overhead? As far as I know, there are some Linux binary
analysis tools (like "Valgrind") wich could be used for memory-
monitoring of a given process. Are there any similar approaches for
the dragonfly vkernel which I could use?
Greetings,
Pablo
討論串 (同標題文章)