Communicating between userland and kernel space (KEXT) on MacOS
Clash Royale CLAN TAG#URR8PPP
In order to make it easier to develop a kernel module, I am considering Loadable kernel modules (LKMs) on MacOS. This way you have a base kernel module and your main kernel module which is an LKM which you can somehow load into the base one without having to rebuild and redeploy the kernel module every change (which sounds cumbersome and time consuming).
But first, LKM seems to be a Linux concept, and it seems KEXT (Kernel Extensions) are the Mac equivalent ("Dynamically loadable modules for extending the kernel"). So it sounds like you get the benefit of dynamically loading kernel modules by default on MacOS.
I would then like to visualize some of the data retrieved from the KEXT. An example might be like LittleSnitch visualizing the processes and their properties, or GDB visualizing the current snapshot of a process' evaluation. I am wondering if I could do this in HTML/JavaScript. This would mean I am communicating between kernel space and user land I'd imagine. So it would work something like this:
// (X)
KEXT
fetch_processes()
pause_process()
Userland browser stuff
<button onclick="pauseProcess()">Pause Process</button>
function pauseProcess()
// http request to node.js
Userland node.js stuff
/process/:id/pause (req) ->
KEXT.pauseProcess(req.params.id)
KEXT =
pauseProcess: function(id)
// (Y)
// Somehow make call to native KEXT
The spots marked X
and Y
are where I'm wondering. The Y
spot is in a Node.js/JavaScript server. From my understanding this is in "userland". The X
is kernel space.
There are a few ways to access the "kernel-land" space from userland:
- Custom syscalls.
- netlink (don't know anything about yet)
- Virtual file systems
- polling
I am not sure how to do any of these yet, and am wondering what the best approach is here to maintain the security imposed by the kernel/user separation. Maybe I move more kernel code to the userspace and keep the kernel space thin as well.
I am aware of the potential use of C bindings in node. However, for the moment only considering perhaps connecting to the kernel module through command-line invocation like my_kext_project pause 123
.
Mainly I am wondering the best way to communicate between these two layers and still maintain security (and have good performance if possible).
kernel users kernel-modules syscalls
add a comment |
In order to make it easier to develop a kernel module, I am considering Loadable kernel modules (LKMs) on MacOS. This way you have a base kernel module and your main kernel module which is an LKM which you can somehow load into the base one without having to rebuild and redeploy the kernel module every change (which sounds cumbersome and time consuming).
But first, LKM seems to be a Linux concept, and it seems KEXT (Kernel Extensions) are the Mac equivalent ("Dynamically loadable modules for extending the kernel"). So it sounds like you get the benefit of dynamically loading kernel modules by default on MacOS.
I would then like to visualize some of the data retrieved from the KEXT. An example might be like LittleSnitch visualizing the processes and their properties, or GDB visualizing the current snapshot of a process' evaluation. I am wondering if I could do this in HTML/JavaScript. This would mean I am communicating between kernel space and user land I'd imagine. So it would work something like this:
// (X)
KEXT
fetch_processes()
pause_process()
Userland browser stuff
<button onclick="pauseProcess()">Pause Process</button>
function pauseProcess()
// http request to node.js
Userland node.js stuff
/process/:id/pause (req) ->
KEXT.pauseProcess(req.params.id)
KEXT =
pauseProcess: function(id)
// (Y)
// Somehow make call to native KEXT
The spots marked X
and Y
are where I'm wondering. The Y
spot is in a Node.js/JavaScript server. From my understanding this is in "userland". The X
is kernel space.
There are a few ways to access the "kernel-land" space from userland:
- Custom syscalls.
- netlink (don't know anything about yet)
- Virtual file systems
- polling
I am not sure how to do any of these yet, and am wondering what the best approach is here to maintain the security imposed by the kernel/user separation. Maybe I move more kernel code to the userspace and keep the kernel space thin as well.
I am aware of the potential use of C bindings in node. However, for the moment only considering perhaps connecting to the kernel module through command-line invocation like my_kext_project pause 123
.
Mainly I am wondering the best way to communicate between these two layers and still maintain security (and have good performance if possible).
kernel users kernel-modules syscalls
add a comment |
In order to make it easier to develop a kernel module, I am considering Loadable kernel modules (LKMs) on MacOS. This way you have a base kernel module and your main kernel module which is an LKM which you can somehow load into the base one without having to rebuild and redeploy the kernel module every change (which sounds cumbersome and time consuming).
But first, LKM seems to be a Linux concept, and it seems KEXT (Kernel Extensions) are the Mac equivalent ("Dynamically loadable modules for extending the kernel"). So it sounds like you get the benefit of dynamically loading kernel modules by default on MacOS.
I would then like to visualize some of the data retrieved from the KEXT. An example might be like LittleSnitch visualizing the processes and their properties, or GDB visualizing the current snapshot of a process' evaluation. I am wondering if I could do this in HTML/JavaScript. This would mean I am communicating between kernel space and user land I'd imagine. So it would work something like this:
// (X)
KEXT
fetch_processes()
pause_process()
Userland browser stuff
<button onclick="pauseProcess()">Pause Process</button>
function pauseProcess()
// http request to node.js
Userland node.js stuff
/process/:id/pause (req) ->
KEXT.pauseProcess(req.params.id)
KEXT =
pauseProcess: function(id)
// (Y)
// Somehow make call to native KEXT
The spots marked X
and Y
are where I'm wondering. The Y
spot is in a Node.js/JavaScript server. From my understanding this is in "userland". The X
is kernel space.
There are a few ways to access the "kernel-land" space from userland:
- Custom syscalls.
- netlink (don't know anything about yet)
- Virtual file systems
- polling
I am not sure how to do any of these yet, and am wondering what the best approach is here to maintain the security imposed by the kernel/user separation. Maybe I move more kernel code to the userspace and keep the kernel space thin as well.
I am aware of the potential use of C bindings in node. However, for the moment only considering perhaps connecting to the kernel module through command-line invocation like my_kext_project pause 123
.
Mainly I am wondering the best way to communicate between these two layers and still maintain security (and have good performance if possible).
kernel users kernel-modules syscalls
In order to make it easier to develop a kernel module, I am considering Loadable kernel modules (LKMs) on MacOS. This way you have a base kernel module and your main kernel module which is an LKM which you can somehow load into the base one without having to rebuild and redeploy the kernel module every change (which sounds cumbersome and time consuming).
But first, LKM seems to be a Linux concept, and it seems KEXT (Kernel Extensions) are the Mac equivalent ("Dynamically loadable modules for extending the kernel"). So it sounds like you get the benefit of dynamically loading kernel modules by default on MacOS.
I would then like to visualize some of the data retrieved from the KEXT. An example might be like LittleSnitch visualizing the processes and their properties, or GDB visualizing the current snapshot of a process' evaluation. I am wondering if I could do this in HTML/JavaScript. This would mean I am communicating between kernel space and user land I'd imagine. So it would work something like this:
// (X)
KEXT
fetch_processes()
pause_process()
Userland browser stuff
<button onclick="pauseProcess()">Pause Process</button>
function pauseProcess()
// http request to node.js
Userland node.js stuff
/process/:id/pause (req) ->
KEXT.pauseProcess(req.params.id)
KEXT =
pauseProcess: function(id)
// (Y)
// Somehow make call to native KEXT
The spots marked X
and Y
are where I'm wondering. The Y
spot is in a Node.js/JavaScript server. From my understanding this is in "userland". The X
is kernel space.
There are a few ways to access the "kernel-land" space from userland:
- Custom syscalls.
- netlink (don't know anything about yet)
- Virtual file systems
- polling
I am not sure how to do any of these yet, and am wondering what the best approach is here to maintain the security imposed by the kernel/user separation. Maybe I move more kernel code to the userspace and keep the kernel space thin as well.
I am aware of the potential use of C bindings in node. However, for the moment only considering perhaps connecting to the kernel module through command-line invocation like my_kext_project pause 123
.
Mainly I am wondering the best way to communicate between these two layers and still maintain security (and have good performance if possible).
kernel users kernel-modules syscalls
kernel users kernel-modules syscalls
edited Jan 10 at 9:53
user10869858
asked Jan 10 at 9:47
user10869858user10869858
234
234
add a comment |
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f493648%2fcommunicating-between-userland-and-kernel-space-kext-on-macos%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f493648%2fcommunicating-between-userland-and-kernel-space-kext-on-macos%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown