On Fri 19-03-21 15:34:50, David Hildenbrand wrote: > Exploring /dev/kmem and /dev/mem in the context of memory hot(un)plug and > memory ballooning, I started questioning the existance of /dev/kmem. > > Comparing it with the /proc/kcore implementation, it does not seem to be > able to deal with things like > a) Pages unmapped from the direct mapping (e.g., to be used by secretmem) > -> kern_addr_valid(). virt_addr_valid() is not sufficient. > b) Special cases like gart aperture memory that is not to be touched > -> mem_pfn_is_ram() > Unless I am missing something, it's at least broken in some cases and might > fault/crash the machine. > > Looks like its existance has been questioned before in 2005 and 2010 > [1], after ~11 additional years, it might make sense to revive the > discussion. > > CONFIG_DEVKMEM is only enabled in a single defconfig (on purpose or by > mistake?). All distributions I looked at disable it. > > 1) /dev/kmem was popular for rootkits [2] before it got disabled > basically everywhere. Ubuntu documents [3] "There is no modern user of > /dev/kmem any more beyond attackers using it to load kernel rootkits.". > RHEL documents in a BZ [5] "it served no practical purpose other than to > serve as a potential security problem or to enable binary module drivers > to access structures/functions they shouldn't be touching" > > 2) /proc/kcore is a decent interface to have a controlled way to read > kernel memory for debugging puposes. (will need some extensions to > deal with memory offlining/unplug, memory ballooning, and poisoned > pages, though) > > 3) It might be useful for corner case debugging [1]. KDB/KGDB might be a > better fit, especially, to write random memory; harder to shoot > yourself into the foot. > > 4) "Kernel Memory Editor" hasn't seen any updates since 2000 and seems > to be incompatible with 64bit [1]. For educational purposes, > /proc/kcore might be used to monitor value updates -- or older > kernels can be used. > > 5) It's broken on arm64, and therefore, completely disabled there. > > Looks like it's essentially unused and has been replaced by better > suited interfaces for individual tasks (/proc/kcore, KDB/KGDB). Let's > just remove it. > > [1] https://lwn.net/Articles/147901/ > [2] https://www.linuxjournal.com/article/10505 > [3] https://wiki.ubuntu.com/Security/Features#A.2Fdev.2Fkmem_disabled > [4] https://sourceforge.net/projects/kme/ > [5] https://bugzilla.redhat.com/show_bug.cgi?id=154796 > > Cc: Andrew Morton <a...@linux-foundation.org> > Cc: Hillf Danton <hdan...@sina.com> > Cc: Michal Hocko <mho...@suse.com> > Cc: Matthew Wilcox <wi...@infradead.org> > Cc: Oleksiy Avramchenko <oleksiy.avramche...@sonymobile.com> > Cc: Steven Rostedt <rost...@goodmis.org> > Cc: Minchan Kim <minc...@kernel.org> > Cc: huang ying <huang.ying.cari...@gmail.com> > Cc: Jonathan Corbet <cor...@lwn.net> > Cc: Russell King <li...@armlinux.org.uk> > Cc: Liviu Dudau <liviu.du...@arm.com> > Cc: Sudeep Holla <sudeep.ho...@arm.com> > Cc: Lorenzo Pieralisi <lorenzo.pieral...@arm.com> > Cc: Andrew Lunn <and...@lunn.ch> > Cc: Gregory Clement <gregory.clem...@bootlin.com> > Cc: Sebastian Hesselbarth <sebastian.hesselba...@gmail.com> > Cc: Yoshinori Sato <ys...@users.sourceforge.jp> > Cc: Brian Cain <bc...@codeaurora.org> > Cc: Geert Uytterhoeven <ge...@linux-m68k.org> > Cc: Jonas Bonn <jo...@southpole.se> > Cc: Stefan Kristiansson <stefan.kristians...@saunalahti.fi> > Cc: Stafford Horne <sho...@gmail.com> > Cc: Rich Felker <dal...@libc.org> > Cc: "David S. Miller" <da...@davemloft.net> > Cc: Chris Zankel <ch...@zankel.net> > Cc: Max Filippov <jcmvb...@gmail.com> > Cc: Arnd Bergmann <a...@arndb.de> > Cc: Greg Kroah-Hartman <gre...@linuxfoundation.org> > Cc: Alexander Viro <v...@zeniv.linux.org.uk> > Cc: Rob Herring <r...@kernel.org> > Cc: "Pavel Machek (CIP)" <pa...@denx.de> > Cc: Theodore Dubois <tbl...@icloud.com> > Cc: "Alexander A. Klimov" <grandmas...@al2klimov.de> > Cc: Pavel Machek <pa...@ucw.cz> > Cc: Sam Ravnborg <s...@ravnborg.org> > Cc: Alexandre Belloni <alexandre.bell...@bootlin.com> > Cc: Andrey Zhizhikin <andrey.zhizhi...@leica-geosystems.com> > Cc: Randy Dunlap <rdun...@infradead.org> > Cc: Krzysztof Kozlowski <k...@kernel.org> > Cc: Viresh Kumar <viresh.ku...@linaro.org> > Cc: "Eric W. Biederman" <ebied...@xmission.com> > Cc: Thomas Gleixner <t...@linutronix.de> > Cc: Xiaoming Ni <nixiaom...@huawei.com> > Cc: Robert Richter <r...@kernel.org> > Cc: William Cohen <wco...@redhat.com> > Cc: Corentin Labbe <cla...@baylibre.com> > Cc: Kairui Song <kas...@redhat.com> > Cc: Linus Torvalds <torva...@linux-foundation.org> > Cc: linux-...@vger.kernel.org > Cc: linux-kernel@vger.kernel.org > Cc: linux-arm-ker...@lists.infradead.org > Cc: uclinux-h8-de...@lists.sourceforge.jp > Cc: linux-hexa...@vger.kernel.org > Cc: linux-m...@lists.linux-m68k.org > Cc: openr...@lists.librecores.org > Cc: linux...@vger.kernel.org > Cc: sparcli...@vger.kernel.org > Cc: linux-xte...@linux-xtensa.org > Cc: linux-fsde...@vger.kernel.org > Cc: Linux API <linux-...@vger.kernel.org> > Signed-off-by: David Hildenbrand <da...@redhat.com>
Acked-by: Michal Hocko <mho...@suse.com> -- Michal Hocko SUSE Labs
