What is /dev/mem?

Question

Presumably it's somehow related to memory? What would

sudo cat /dev/urandom > /dev/mem

do? Trash all RAM? All non-kernel virtual memory? None of the above?

score 38 · Accepted Answer · edited Sep 01 '17 at 22:35

38

It provides access to the system's physical memory.

The mem(4) man page explains more about what /dev/mem is.

Yes -- it could cause all sorts of problems. A reboot should fix you, but bad things can happen very easily. Be careful! :-)

edited Sep 01 '17 at 22:35

Peter Cordes

6,345

answered Nov 16 '09 at 21:23

Andrew Flanagan

2,080

score 22 · Answer 2 · edited Mar 22 '16 at 14:48

22

/dev/mem provides access to the system's physical memory, not the virtual memory. The kernels virtual address space can be accessed using /dev/kmem.

It's primarily used to access IO memory addresses related to peripheral hardware, like video adapters.

edited Mar 22 '16 at 14:48

Community

1

answered Feb 24 '11 at 11:49

rags

333
3
6

Sahil Singh · Answer 3 · 2016-07-12T10:21:52.883

sudo cat /dev/urandom > /dev/mem won't do anything, since sudo will elevate the privilege of cat but not of the redirect. You can either do sudo su and then work in the root shell, or use
sudo dd if=/dev/urandom of=/dev/mem

/dev/mem provides access to physical memory, i.e. all of the RAM in the system, however this doesn't mean that it gives you full read/write access to RAM (see CONFIG_STRICT_DEVMEM option in this document). Also note that some regions of physical memory will have other devices like video card memory, etc. mapped onto it.

Writing blindly to /dev/mem will result in an uncertain behaviour, here is a youtube video doing the same.

Ciro Santilli OurBigBook.com · Answer 4 · 2017-09-30T04:03:34.310

Test it out with busybox devmem

busybox devmem is a tiny CLI utility that mmaps /dev/mem.

You can get it in Ubuntu with: sudo apt-get install busybox

Usage: read 4 bytes from the physical address 0x12345678:

sudo busybox devmem 0x12345678

Write 0x9abcdef0 to that address:

sudo busybox devmem 0x12345678 w 0x9abcdef0

Source: https://github.com/mirror/busybox/blob/1_27_2/miscutils/devmem.c#L85

MAP_SHARED

When mmapping /dev/mem, you likely want to use:

open("/dev/mem", O_RDWR | O_SYNC);
mmap(..., PROT_READ | PROT_WRITE, MAP_SHARED, ...)

MAP_SHARED makes writes go to physical memory immediately, which makes it easier to observe, and makes more sense for hardware register writes.

CONFIG_STRICT_DEVMEM and nopat

To use /dev/mem to view and modify regular RAM on kernel v4.9, you must fist:

disable CONFIG_STRICT_DEVMEM (set by default on Ubuntu 17.04)
pass the nopat kernel command line option for x86

IO ports still work without those.

See also: https://stackoverflow.com/questions/39134990/mmap-of-dev-mem-fails-with-invalid-argument-for-virt-to-phys-address-but-addre/45127582#45127582

Cache flushing

If you try to write to RAM instead of a register, the memory may be cached by the CPU: https://stackoverflow.com/questions/22701352/how-to-flush-the-cpu-cache-for-a-region-of-address-space-in-linux and I don't see a very portable / easy way to flush it or mark the region as uncacheable:

So maybe /dev/mem can't be used reliably to pass memory buffers to devices?

This can't be observed in QEMU unfortunately, since QEMU does not simulates caches.

How to test it out

Now for the fun part. Here are a few cool setups:

Userland memory
- allocate volatile variable on an userland process
- get the physical address with /proc/<pid>/maps + /proc/<pid>/pagemap
- the physical address with devmem2, and watch the userland process react:
Kernelland memory
- allocate kernel memory with kmalloc
- get the physical address with virt_to_phys and pass it back to userland
- modify the physical address with devmem2
- query the value from the kernel module
IO mem and QEMU virtual platform device
- create a platform device with known physical register addresses
- use devmem2 to write to the register
- watch printfs come out of the virtual device in response

score 6 · Answer 5 · answered May 31 '17 at 13:58

/dev/mem traditionally provided access to the entire physical address space. That includes ram but it also includes any memory mapped IO devices.

Many modern kernels will be configured with "CONFIG_STRICT_DEVMEM" which restricts /dev/mem to memory mapped IO devices only.

Writing random garbage to it is a bad idea but exactly what badness will happen is diifcult to predict. Hardware may respond in unpredictable ways to random garbage, corrupted kernel memory structures may cause unpredictable kernel behaviour. At best I would expect a system crash, at worst data corruption or even hardware bricking are not out of the question.

P.S. note that your command when run as a normal user shouldn't do anything, because the sudo only elavates the cat command, not the redirect.

score 0 · Answer 6 · answered Dec 08 '22 at 09:58

/dev/mem provides access to system's physical memory. The byte addresses in /dev/mem are interpreted as physical addresses.

/dev/kmem is similar to /dev/mem but it does not give access to any physical memory but we can access the kernel's virtual address space.

What is /dev/mem?

6 Answers6

Linked