Reusable Memory Manager

[xerofoify@gmail.com (nick)]

On 2015-04-22 10:47 PM, Kenneth Adam Miller wrote:
> On Wed, Apr 22, 2015 at 10:42 PM, nick <xerofoify@gmail.com> wrote:
> 
>>
>>
>> On 2015-04-22 10:39 PM, Kenneth Adam Miller wrote:
>>> So, I have a particular use case that has a lot to do with security.
>>>
>>> Basically, we have a intended secure kernel version with grsecurity and
>>> other patches on it, and we have a specific application that has to do
>> data
>>> filtering as an inline reference monitor.
>>>
>>> The problem is, there is throughput and design considerations that are
>>> limiting efficiency in the sense that it is highly difficult to make the
>>> system concurrent and also highly difficult to scale-all while also being
>>> secure.
>>>
>>> Basically, the memory regions have to be encoded at compile time because
>> of
>>> the way kernel segregation works. This makes the security proof of the
>>> system far more simple and manageable; it's easy to say that no userland
>>> monitor which is being given access to a specific memory region can
>> access
>>> outside of the region to which it is allocated, because it's statically
>>> set. The tradeoff here is pretty severe, because the static settings that
>>> have to be adopted pretty much mean that each particular monitor is
>> given a
>>> specific memory region; if there's a lot of traffic to a specific monitor
>>> type, then that one type will be overwhelmed, but not even at the rate
>> that
>>> the machine itself could support. This is because all the other cores are
>>> potentially sitting unused while the one in this worst case scenario is
>>> running out of memory and not able to dispatch work to more cores.
>>>
>>> So my ultimate question is: is there some reusable, dynamic memory
>>> allocation manager that can be used? I'm thinking that there has to, at
>> the
>>> least, be the constructs by which user land processes are managed and
>>> divvied memory by the kernel itself. Does anybody know where that source
>>> would be? Where I can go in order to learn more about that?
>>>
>>> What we want is a secure way to dynamically allocate memory from these
>>> static memory page boundaries such that
>>>
>>>
>>>
>>> _______________________________________________
>>> Kernelnewbies mailing list
>>> Kernelnewbies at kernelnewbies.org
>>> http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
>>>
>> You didn't finish your email such that ... . I would be glad to try and
>> help if you finish off what your requirements are.
>> Nick
>>
> 
> 
> Ooops, sorry, I didn't know that last fragment was there. I think the
> previous part explains what I am looking for.
> 
That's OK. You may want to look into virtual memory management of the kernel. However,
I doubt that's what you want the issue is some that reallocates and takes advantage
of CPU and already allowed kernel date structures. If that is the case look into writing
a slab allocator for your security features you have added to the kernel. Further more 
writing a slab allocator is non trivial and you will need to look into the way memory is
being handled in terms of hardware caches to find the best options with the slab functions
in the kernel to get the best performable slab for your needs.This is link to a chapter
in a book explaining this,https://www.kernel.org/doc/gorman/html/understand/understand011.htm.
The only issue is the book is outdated in terms of kernel releases but the concepts are 
similar if not identical to the current releases. 
Hope this Helps,
Nick