Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Access permissions of /dev/mem

Tags:

linux

memory

linux-kernel

I have a set of questions regarding /dev/mem:

  1. Many articles on the net, seem to refer /dev/mem as the gateway to "Physical RAM". But if I am right, /dev/mem is the gateway to the "Physical Address Space" of the processor which might include control registers of many HW peripherals and not just the RAM? Please, correct me if I am wrong!

  2. In order to prevent attackers from misusing /dev/mem and altering kernel memory, a flag CONFIG_STRICT_DEVMEM needs to be enabled which will prevent user apps from accessing physical address space beyond 1MB. I checked the config file on my PC (Ubuntu) and found that CONFIG_STRICT_DEVMEM = y. And I wrote a program which tries to read to physical memory beyond 1 MB and I was able to read! No segmentation fault or any Operation NOT Permitted error. How is this possible?

My program roughly looks like this:

fd = open ( "/dev/mem", O_RDWR);
ptr = (int*) mmap(0, MAP_SIZE, PROT_READ, fd, myAddress & (~MAP_MASK));
printf("%d", *ptr);
like image 421
Pavan Manjunath Avatar asked May 26 '11 07:05

Pavan Manjunath

2 Answers

  1. Yes, you're right, /dev/mem allows you to map any physical address, including non-RAM memory mapped IO. This can can be useful for a quick and dirty hack to access some hardware device without writing a kernel driver.

  2. CONFIG_STRICT_DEVMEM makes the kernel check addresses in /dev/mem with devmem_is_allowed() in arch/x86/mm/init.c, and the comment there explains:

    * On x86, access has to be given to the first megabyte of ram because that area
* contains bios code and data regions used by X and dosemu and similar apps.
* Access has to be given to non-kernel-ram areas as well, these contain the PCI
* mmio resources as well as potential bios/acpi data regions.

    your address 0xFFFF0000 is quite likely to be non-RAM, since BIOSes typically put IO memory just below 4GB, so that's why you're able to map it even with STRICT_DEVMEM.

like image 165
Roland Avatar answered Oct 17 '22 00:10

Roland

What does the follow yield:

cat /dev/mem | wc

I get:

cat: /dev/mem: Operation not permitted
   1908   11791 1048576

So for me it does stop at 1MB.

Note that cat uses open, not mmap so its not an identical test.

Are you sure you're reading beyond 1MB?

like image 28
linuts Avatar answered Oct 17 '22 01:10

linuts
Sign in to Comment

Related questions

where is amd64 psABI? [duplicate]
How to conveniently sync a file between two git repositories
How to extract C source code from .so file?
Creating a high-performance network server in C++
Why Linux/gnu linker chose address 0x400000?
Amazon linux AMI vs Ubuntu
GUI debugger for c++ on linux [closed]
why is "autoreconf" not used often?
npm hangs on postinstall / unlock
How linux identify a particular file system to execute system call
When and how is mmap'ed memory swapped in and out?
_GLIBCXX_USE_CXX11_ABI, GCC 4.8 and ABI compatibility
Does GRUB switch to protected mode?
Remove beginning of file without rewriting the whole file
Transport Endpoint Not Connected - Mesos Slave / Master
MQTT Socket error on client <unknown>
How to setup Jenkins with HA?
How to develop linux screen saver
C linux equivalent of windows QueryPerformanceCounter
How do I view a log file generated by screen (screenlog.0)

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!