Communicating between userland and kernel space (KEXT) on MacOS

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP












0















In order to make it easier to develop a kernel module, I am considering Loadable kernel modules (LKMs) on MacOS. This way you have a base kernel module and your main kernel module which is an LKM which you can somehow load into the base one without having to rebuild and redeploy the kernel module every change (which sounds cumbersome and time consuming).



But first, LKM seems to be a Linux concept, and it seems KEXT (Kernel Extensions) are the Mac equivalent ("Dynamically loadable modules for extending the kernel"). So it sounds like you get the benefit of dynamically loading kernel modules by default on MacOS.



I would then like to visualize some of the data retrieved from the KEXT. An example might be like LittleSnitch visualizing the processes and their properties, or GDB visualizing the current snapshot of a process' evaluation. I am wondering if I could do this in HTML/JavaScript. This would mean I am communicating between kernel space and user land I'd imagine. So it would work something like this:



// (X)
KEXT
fetch_processes()

pause_process()


Userland browser stuff
<button onclick="pauseProcess()">Pause Process</button>

function pauseProcess()
// http request to node.js



Userland node.js stuff
/process/:id/pause (req) ->
KEXT.pauseProcess(req.params.id)


KEXT =
pauseProcess: function(id)
// (Y)
// Somehow make call to native KEXT





The spots marked X and Y are where I'm wondering. The Y spot is in a Node.js/JavaScript server. From my understanding this is in "userland". The X is kernel space.



There are a few ways to access the "kernel-land" space from userland:



  1. Custom syscalls.

  2. netlink (don't know anything about yet)

  3. Virtual file systems

  4. polling

I am not sure how to do any of these yet, and am wondering what the best approach is here to maintain the security imposed by the kernel/user separation. Maybe I move more kernel code to the userspace and keep the kernel space thin as well.



I am aware of the potential use of C bindings in node. However, for the moment only considering perhaps connecting to the kernel module through command-line invocation like my_kext_project pause 123.



Mainly I am wondering the best way to communicate between these two layers and still maintain security (and have good performance if possible).










share|improve this question




























    0















    In order to make it easier to develop a kernel module, I am considering Loadable kernel modules (LKMs) on MacOS. This way you have a base kernel module and your main kernel module which is an LKM which you can somehow load into the base one without having to rebuild and redeploy the kernel module every change (which sounds cumbersome and time consuming).



    But first, LKM seems to be a Linux concept, and it seems KEXT (Kernel Extensions) are the Mac equivalent ("Dynamically loadable modules for extending the kernel"). So it sounds like you get the benefit of dynamically loading kernel modules by default on MacOS.



    I would then like to visualize some of the data retrieved from the KEXT. An example might be like LittleSnitch visualizing the processes and their properties, or GDB visualizing the current snapshot of a process' evaluation. I am wondering if I could do this in HTML/JavaScript. This would mean I am communicating between kernel space and user land I'd imagine. So it would work something like this:



    // (X)
    KEXT
    fetch_processes()

    pause_process()


    Userland browser stuff
    <button onclick="pauseProcess()">Pause Process</button>

    function pauseProcess()
    // http request to node.js



    Userland node.js stuff
    /process/:id/pause (req) ->
    KEXT.pauseProcess(req.params.id)


    KEXT =
    pauseProcess: function(id)
    // (Y)
    // Somehow make call to native KEXT





    The spots marked X and Y are where I'm wondering. The Y spot is in a Node.js/JavaScript server. From my understanding this is in "userland". The X is kernel space.



    There are a few ways to access the "kernel-land" space from userland:



    1. Custom syscalls.

    2. netlink (don't know anything about yet)

    3. Virtual file systems

    4. polling

    I am not sure how to do any of these yet, and am wondering what the best approach is here to maintain the security imposed by the kernel/user separation. Maybe I move more kernel code to the userspace and keep the kernel space thin as well.



    I am aware of the potential use of C bindings in node. However, for the moment only considering perhaps connecting to the kernel module through command-line invocation like my_kext_project pause 123.



    Mainly I am wondering the best way to communicate between these two layers and still maintain security (and have good performance if possible).










    share|improve this question


























      0












      0








      0








      In order to make it easier to develop a kernel module, I am considering Loadable kernel modules (LKMs) on MacOS. This way you have a base kernel module and your main kernel module which is an LKM which you can somehow load into the base one without having to rebuild and redeploy the kernel module every change (which sounds cumbersome and time consuming).



      But first, LKM seems to be a Linux concept, and it seems KEXT (Kernel Extensions) are the Mac equivalent ("Dynamically loadable modules for extending the kernel"). So it sounds like you get the benefit of dynamically loading kernel modules by default on MacOS.



      I would then like to visualize some of the data retrieved from the KEXT. An example might be like LittleSnitch visualizing the processes and their properties, or GDB visualizing the current snapshot of a process' evaluation. I am wondering if I could do this in HTML/JavaScript. This would mean I am communicating between kernel space and user land I'd imagine. So it would work something like this:



      // (X)
      KEXT
      fetch_processes()

      pause_process()


      Userland browser stuff
      <button onclick="pauseProcess()">Pause Process</button>

      function pauseProcess()
      // http request to node.js



      Userland node.js stuff
      /process/:id/pause (req) ->
      KEXT.pauseProcess(req.params.id)


      KEXT =
      pauseProcess: function(id)
      // (Y)
      // Somehow make call to native KEXT





      The spots marked X and Y are where I'm wondering. The Y spot is in a Node.js/JavaScript server. From my understanding this is in "userland". The X is kernel space.



      There are a few ways to access the "kernel-land" space from userland:



      1. Custom syscalls.

      2. netlink (don't know anything about yet)

      3. Virtual file systems

      4. polling

      I am not sure how to do any of these yet, and am wondering what the best approach is here to maintain the security imposed by the kernel/user separation. Maybe I move more kernel code to the userspace and keep the kernel space thin as well.



      I am aware of the potential use of C bindings in node. However, for the moment only considering perhaps connecting to the kernel module through command-line invocation like my_kext_project pause 123.



      Mainly I am wondering the best way to communicate between these two layers and still maintain security (and have good performance if possible).










      share|improve this question
















      In order to make it easier to develop a kernel module, I am considering Loadable kernel modules (LKMs) on MacOS. This way you have a base kernel module and your main kernel module which is an LKM which you can somehow load into the base one without having to rebuild and redeploy the kernel module every change (which sounds cumbersome and time consuming).



      But first, LKM seems to be a Linux concept, and it seems KEXT (Kernel Extensions) are the Mac equivalent ("Dynamically loadable modules for extending the kernel"). So it sounds like you get the benefit of dynamically loading kernel modules by default on MacOS.



      I would then like to visualize some of the data retrieved from the KEXT. An example might be like LittleSnitch visualizing the processes and their properties, or GDB visualizing the current snapshot of a process' evaluation. I am wondering if I could do this in HTML/JavaScript. This would mean I am communicating between kernel space and user land I'd imagine. So it would work something like this:



      // (X)
      KEXT
      fetch_processes()

      pause_process()


      Userland browser stuff
      <button onclick="pauseProcess()">Pause Process</button>

      function pauseProcess()
      // http request to node.js



      Userland node.js stuff
      /process/:id/pause (req) ->
      KEXT.pauseProcess(req.params.id)


      KEXT =
      pauseProcess: function(id)
      // (Y)
      // Somehow make call to native KEXT





      The spots marked X and Y are where I'm wondering. The Y spot is in a Node.js/JavaScript server. From my understanding this is in "userland". The X is kernel space.



      There are a few ways to access the "kernel-land" space from userland:



      1. Custom syscalls.

      2. netlink (don't know anything about yet)

      3. Virtual file systems

      4. polling

      I am not sure how to do any of these yet, and am wondering what the best approach is here to maintain the security imposed by the kernel/user separation. Maybe I move more kernel code to the userspace and keep the kernel space thin as well.



      I am aware of the potential use of C bindings in node. However, for the moment only considering perhaps connecting to the kernel module through command-line invocation like my_kext_project pause 123.



      Mainly I am wondering the best way to communicate between these two layers and still maintain security (and have good performance if possible).







      kernel users kernel-modules syscalls






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Jan 10 at 9:53







      user10869858

















      asked Jan 10 at 9:47









      user10869858user10869858

      234




      234




















          0






          active

          oldest

          votes











          Your Answer








          StackExchange.ready(function()
          var channelOptions =
          tags: "".split(" "),
          id: "106"
          ;
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function()
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled)
          StackExchange.using("snippets", function()
          createEditor();
          );

          else
          createEditor();

          );

          function createEditor()
          StackExchange.prepareEditor(
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: false,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: null,
          bindNavPrevention: true,
          postfix: "",
          imageUploader:
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          ,
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          );



          );













          draft saved

          draft discarded


















          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f493648%2fcommunicating-between-userland-and-kernel-space-kext-on-macos%23new-answer', 'question_page');

          );

          Post as a guest















          Required, but never shown

























          0






          active

          oldest

          votes








          0






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes















          draft saved

          draft discarded
















































          Thanks for contributing an answer to Unix & Linux Stack Exchange!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid


          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.

          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f493648%2fcommunicating-between-userland-and-kernel-space-kext-on-macos%23new-answer', 'question_page');

          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown






          Popular posts from this blog

          How to check contact read email or not when send email to Individual?

          Displaying single band from multi-band raster using QGIS

          How many registers does an x86_64 CPU actually have?