Valgrind memcheck for Linux Kernel

I have started a number of projects and most are incomplete, so how about why not start another.  But really, there is a natural progression to the projects I’ve been working on.

I started a static analysis tool (was working, but compile is now broken due to mixing stdio and iostream and using part of the sources which I then modified in another project), then wrote an x86 emulator (working, but not complete) which led me into a more ambitious emulator project in symbolic execution of IOS by modifying dynamips (project not working), which I then simplified in a side project to implement a Valgrind like memcheck tool (not really working, too many false positives – an IOS API that modifies the heap which I still have to reverse).

So the next diversion could be Valgrind memcheck for the Linux Kernel.  This will really be no different to the code I implemented in dynamips.  Except of course, I can’t use dynamips anymore – I’ll probably use Qemu, or alternatively have the option of using Bochs (but I’ll use Qemu).  It will really be a simple modification I would make.  Intercept malloc/free (or whatever the Linux kernel equivalent is), maintain my own view of the heap in Qemu and then intercept memory reads/writes to the heap and make sure they are in an allocated buffer.

In the past day or two, before I thought of this latest idea, and to spur some new activity (as I haven’t been making progress on my other projects), I started looking at PowerPC assembly.  Dynamips uses ppc for the Cisco 1700 emulation, and the images for this machine are alot smaller than the c7200’s (but still pretty big).

But back to the valgrind project.. I’ve looked at the Qemu sources before, but didn’t try any modifications.  The biggest hurdle for the Valgrind like code I plan to write is interfacing with Qemu.  The actual code itself for maintaining a view of the heap and checking reads/writes is fairly trivial.. Fortunately, even though x86 memory writes are possible in many types of instruction, Qemu generates micro operations for x86 which single out the memory accesses.

I also finished a University assignment today, so might try to play with Qemu over the next couple of days..

One response to “Valgrind memcheck for Linux Kernel

  1. If you are interested in detecting linux kernel memory leaks you should definitely take a look at kmemleak project:

    http://procode.org/kmemleak/index.html
    http://lkml.org/lkml/2006/12/16/68

    Implement a tracing mechanism like this one into one of the *BSD kernels sounds like another interesting project. Actually, I spent some time reading FreeBSD kernel code and wrote a couple of lines to see how I can achieve this, but my daily work routine leaves little time and energy to continue with the fun.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s