what is real use of /dev/kmem char device in linux?

Question

From last few days, I was trying to understand the exact difference between /dev/mem and /dev/kmem devices. From different sources, only thing I got to know is that when we try to read from these devices read_mem() and read_kmem() API are called respectively.

read_mem(): reads the *physical* memory 
read_mem(): reads the *virtual* memory as seen by the kernel.

I am eager to know what is the sole purpose of /dev/kmem, in what use-cases we can use this. regdump is one examplewhere /dev/mem is useful. But couldn't find the usefulness of /dev/kmem.

can someone list or share some useful information regarding the dev/kmem char device ?

Answer 1

can someone list or share some useful information regarding the dev/kmem char device?

The /dev/kmem and /dev/mem devices contains the same information about your RAM. But the as you can read in the man kmem:

The file kmem is the same as mem, except that the kernel virtual memory
rather than physical memory is accessed. 

It means that /dev/kmem provides the same information as /dev/mem but as it seen by the Linux kernel. For example if you will execute execute something like this:

open("/dev/mem");
seek(0);
read(100);

You will read the first 100 bytes from the RAM address 0. In other way if you will execute:

open("/dev/kmem");
seek(0);
read(100);

You will read 100 bytes from the virtual address - 0, which is mapped by your system's memory management unit to some physical RAM address (for example 0x01000000 for the x86_64 and you can find it with the:

cat /proc/iomem | grep "Kernel code"

on your device.

I think that mostly the /dev/kmem device can be useful for the security research to look on process from the kernel view and I do not think that there is other important issues which you can't solve without the /dev/kmem for this days.