What is /dev/mem?

40

8

Presumably it's somehow related to memory? What would

sudo cat /dev/urandom > /dev/mem

do? Trash all RAM? All non-kernel virtual memory? None of the above?

Paul

Posted 2009-11-16T21:16:02.090

Reputation:

6Shouldn't memory protection stop access to the physical RAM for all processes except the one which has been assigned to that area of RAM? Or does sudo override that protection? – Matthew Lock – 2014-08-14T03:05:34.173

2See also: dd if=/dev/urandom of=/dev/kmem bs=1 count=1 seek=$RANDOM – user3490 – 2012-09-09T12:14:08.067

Answers

32

It provides access to the system's physical memory.

The mem(4) man page explains more about what /dev/mem is.

Yes -- it could cause all sorts of problems. A reboot should fix you, but bad things can happen very easily. Be careful! :-)

Andrew Flanagan

Posted 2009-11-16T21:16:02.090

Reputation: 1 680

@Andrew Flanagan: Your link now shows how one may set up a stopwatch using the time command. – Aiyion.Prime – 2017-03-10T12:39:43.233

1@Aiyion.Prime. Thanks -- pointed to an archive.org version. – Andrew Flanagan – 2017-03-12T02:44:26.700

4I'd suggest reviewing the mem man page. Rags is correct.

"mem is a character device file that is an image of the main memory of the computer. It may be used, for example, to examine (and even patch) the system.

Byte addresses in mem are interpreted as physical memory addresses."

And...

"The file kmem is the same as mem, except that the kernel virtual memory rather than physical memory is accessed." – Mr. Shickadance – 2011-02-24T12:26:40.140

18

/dev/mem provides access to the system's physical memory, not the virtual memory. The kernels virtual address space can be accessed using /dev/kmem.

It's primarily used to access IO memory addresses related to peripheral hardware, like video adapters.

rags

Posted 2009-11-16T21:16:02.090

Reputation: 293

9

sudo cat /dev/urandom > /dev/mem won't do anything, since sudo will elevate the privilege of cat but not of the redirect. You can either do sudo su and then work in the root shell, or use
sudo dd if=/dev/urandom of=/dev/mem

/dev/mem provides access to physical memory, i.e. all of the RAM in the system, however this doesn't mean that it gives you full read/write access to RAM (see CONFIG_STRICT_DEVMEM option in this document). Also note that some regions of physical memory will have other devices like video card memory, etc. mapped onto it.

Writing blindly to /dev/mem will result in an uncertain behaviour, here is a youtube video doing the same.

Sahil Singh

Posted 2009-11-16T21:16:02.090

Reputation: 219

7

Test it out with busybox devmem

busybox devmem is a tiny CLI utility that mmaps /dev/mem.

You can get it in Ubuntu with: sudo apt-get install busybox

Usage: read 4 bytes from the physical address 0x12345678:

sudo busybox devmem 0x12345678

Write 0x9abcdef0 to that address:

sudo busybox devmem 0x12345678 w 0x9abcdef0

Source: https://github.com/mirror/busybox/blob/1_27_2/miscutils/devmem.c#L85

MAP_SHARED

When mmapping /dev/mem, you likely want to use:

open("/dev/mem", O_RDWR | O_SYNC);
mmap(..., PROT_READ | PROT_WRITE, MAP_SHARED, ...)

MAP_SHARED makes writes go to physical memory immediately, which makes it easier to observe, and makes more sense for hardware register writes.

CONFIG_STRICT_DEVMEM and nopat

To use /dev/mem to view and modify regular RAM on kernel v4.9, you must fist:

  • disable CONFIG_STRICT_DEVMEM (set by default on Ubuntu 17.04)
  • pass the nopat kernel command line option for x86

IO ports still work without those.

See also: https://stackoverflow.com/questions/39134990/mmap-of-dev-mem-fails-with-invalid-argument-for-virt-to-phys-address-but-addre/45127582#45127582

Cache flushing

If you try to write to RAM instead of a register, the memory may be cached by the CPU: https://stackoverflow.com/questions/22701352/how-to-flush-the-cpu-cache-for-a-region-of-address-space-in-linux and I don't see a very portable / easy way to flush it or mark the region as uncacheable:

So maybe /dev/mem can't be used reliably to pass memory buffers to devices?

This can't be observed in QEMU unfortunately, since QEMU does not simulates caches.

How to test it out

Now for the fun part. Here are a few cool setups:

  • Userland memory
    • allocate volatile variable on an userland process
    • get the physical address with /proc/<pid>/maps + /proc/<pid>/pagemap
    • the physical address with devmem2, and watch the userland process react:
  • Kernelland memory
    • allocate kernel memory with kmalloc
    • get the physical address with virt_to_phys and pass it back to userland
    • modify the physical address with devmem2
    • query the value from the kernel module
  • IO mem and QEMU virtual platform device
    • create a platform device with known physical register addresses
    • use devmem2 to write to the register
    • watch printfs come out of the virtual device in response

Ciro Santilli 新疆改造中心法轮功六四事件

Posted 2009-11-16T21:16:02.090

Reputation: 5 621

5

/dev/mem traditionally provided access to the entire physical address space. That includes ram but it also includes any memory mapped IO devices.

Many modern kernels will be configured with "CONFIG_STRICT_DEVMEM" which restricts /dev/mem to memory mapped IO devices only.

Writing random garbage to it is a bad idea but exactly what badness will happen is diifcult to predict. Hardware may respond in unpredictable ways to random garbage, corrupted kernel memory structures may cause unpredictable kernel behaviour. At best I would expect a system crash, at worst data corruption or even hardware bricking are not out of the question.

P.S. note that your command when run as a normal user shouldn't do anything, because the sudo only elavates the cat command, not the redirect.

plugwash

Posted 2009-11-16T21:16:02.090

Reputation: 4 587

Asked: 2009-11-16T21:16:02.090

Viewed: 81 218 times

Active: 2017-09-30T04:03:34.310