Re: [PATCH RFC 1/3] drivers/char: remove /dev/kmem for good

[Michal Hocko]

On Fri 19-03-21 15:34:50, David Hildenbrand wrote:
> Exploring /dev/kmem and /dev/mem in the context of memory hot(un)plug and
> memory ballooning, I started questioning the existance of /dev/kmem.
> 
> Comparing it with the /proc/kcore implementation, it does not seem to be
> able to deal with things like
> a) Pages unmapped from the direct mapping (e.g., to be used by secretmem)
>   -> kern_addr_valid(). virt_addr_valid() is not sufficient.
> b) Special cases like gart aperture memory that is not to be touched
>   -> mem_pfn_is_ram()
> Unless I am missing something, it's at least broken in some cases and might
> fault/crash the machine.
> 
> Looks like its existance has been questioned before in 2005 and 2010
> [1], after ~11 additional years, it might make sense to revive the
> discussion.
> 
> CONFIG_DEVKMEM is only enabled in a single defconfig (on purpose or by
> mistake?). All distributions I looked at disable it.
> 
> 1) /dev/kmem was popular for rootkits [2] before it got disabled
>    basically everywhere. Ubuntu documents [3] "There is no modern user of
>    /dev/kmem any more beyond attackers using it to load kernel rootkits.".
>    RHEL documents in a BZ [5] "it served no practical purpose other than to
>    serve as a potential security problem or to enable binary module drivers
>    to access structures/functions they shouldn't be touching"
> 
> 2) /proc/kcore is a decent interface to have a controlled way to read
>    kernel memory for debugging puposes. (will need some extensions to
>    deal with memory offlining/unplug, memory ballooning, and poisoned
>    pages, though)
> 
> 3) It might be useful for corner case debugging [1]. KDB/KGDB might be a
>    better fit, especially, to write random memory; harder to shoot
>    yourself into the foot.
> 
> 4) "Kernel Memory Editor" hasn't seen any updates since 2000 and seems
>    to be incompatible with 64bit [1]. For educational purposes,
>    /proc/kcore might be used to monitor value updates -- or older
>    kernels can be used.
> 
> 5) It's broken on arm64, and therefore, completely disabled there.
> 
> Looks like it's essentially unused and has been replaced by better
> suited interfaces for individual tasks (/proc/kcore, KDB/KGDB). Let's
> just remove it.
> 
> [1] https://lwn.net/Articles/147901/
> [2] https://www.linuxjournal.com/article/10505
> [3] https://wiki.ubuntu.com/Security/Features#A.2Fdev.2Fkmem_disabled
> [4] https://sourceforge.net/projects/kme/
> [5] https://bugzilla.redhat.com/show_bug.cgi?id=154796
> 
> Cc: Andrew Morton <a...@linux-foundation.org>
> Cc: Hillf Danton <hdan...@sina.com>
> Cc: Michal Hocko <mho...@suse.com>
> Cc: Matthew Wilcox <wi...@infradead.org>
> Cc: Oleksiy Avramchenko <oleksiy.avramche...@sonymobile.com>
> Cc: Steven Rostedt <rost...@goodmis.org>
> Cc: Minchan Kim <minc...@kernel.org>
> Cc: huang ying <huang.ying.cari...@gmail.com>
> Cc: Jonathan Corbet <cor...@lwn.net>
> Cc: Russell King <li...@armlinux.org.uk>
> Cc: Liviu Dudau <liviu.du...@arm.com>
> Cc: Sudeep Holla <sudeep.ho...@arm.com>
> Cc: Lorenzo Pieralisi <lorenzo.pieral...@arm.com>
> Cc: Andrew Lunn <and...@lunn.ch>
> Cc: Gregory Clement <gregory.clem...@bootlin.com>
> Cc: Sebastian Hesselbarth <sebastian.hesselba...@gmail.com>
> Cc: Yoshinori Sato <ys...@users.sourceforge.jp>
> Cc: Brian Cain <bc...@codeaurora.org>
> Cc: Geert Uytterhoeven <ge...@linux-m68k.org>
> Cc: Jonas Bonn <jo...@southpole.se>
> Cc: Stefan Kristiansson <stefan.kristians...@saunalahti.fi>
> Cc: Stafford Horne <sho...@gmail.com>
> Cc: Rich Felker <dal...@libc.org>
> Cc: "David S. Miller" <da...@davemloft.net>
> Cc: Chris Zankel <ch...@zankel.net>
> Cc: Max Filippov <jcmvb...@gmail.com>
> Cc: Arnd Bergmann <a...@arndb.de>
> Cc: Greg Kroah-Hartman <gre...@linuxfoundation.org>
> Cc: Alexander Viro <v...@zeniv.linux.org.uk>
> Cc: Rob Herring <r...@kernel.org>
> Cc: "Pavel Machek (CIP)" <pa...@denx.de>
> Cc: Theodore Dubois <tbl...@icloud.com>
> Cc: "Alexander A. Klimov" <grandmas...@al2klimov.de>
> Cc: Pavel Machek <pa...@ucw.cz>
> Cc: Sam Ravnborg <s...@ravnborg.org>
> Cc: Alexandre Belloni <alexandre.bell...@bootlin.com>
> Cc: Andrey Zhizhikin <andrey.zhizhi...@leica-geosystems.com>
> Cc: Randy Dunlap <rdun...@infradead.org>
> Cc: Krzysztof Kozlowski <k...@kernel.org>
> Cc: Viresh Kumar <viresh.ku...@linaro.org>
> Cc: "Eric W. Biederman" <ebied...@xmission.com>
> Cc: Thomas Gleixner <t...@linutronix.de>
> Cc: Xiaoming Ni <nixiaom...@huawei.com>
> Cc: Robert Richter <r...@kernel.org>
> Cc: William Cohen <wco...@redhat.com>
> Cc: Corentin Labbe <cla...@baylibre.com>
> Cc: Kairui Song <kas...@redhat.com>
> Cc: Linus Torvalds <torva...@linux-foundation.org>
> Cc: linux-...@vger.kernel.org
> Cc: linux-kernel@vger.kernel.org
> Cc: linux-arm-ker...@lists.infradead.org
> Cc: uclinux-h8-de...@lists.sourceforge.jp
> Cc: linux-hexa...@vger.kernel.org
> Cc: linux-m...@lists.linux-m68k.org
> Cc: openr...@lists.librecores.org
> Cc: linux...@vger.kernel.org
> Cc: sparcli...@vger.kernel.org
> Cc: linux-xte...@linux-xtensa.org
> Cc: linux-fsde...@vger.kernel.org
> Cc: Linux API <linux-...@vger.kernel.org>
> Signed-off-by: David Hildenbrand <da...@redhat.com>

Acked-by: Michal Hocko <mho...@suse.com>
-- 
Michal Hocko
SUSE Labs