Subject: [PATCH] make /dev/kmem a config option
From: Arjan van de Ven <arjan@linux.intel.com>

This patch makes /dev/kmem a config option; /dev/kmem is VERY rarely
used, and when used, it's generally for no good (rootkits tend to be
the most common users). With this config option, users have the
choice to disable /dev/kmem, saving some size as well.

A patch to disable /dev/kmem has been in the Fedora and RHEL kernels for
4+ years now without any known problems or legit users of /dev/kmem.

Signed-off-by: Arjan van de Ven <arjan@linux.intel.com>
---
 drivers/char/Kconfig |    8 ++++++++
 drivers/char/mem.c   |   12 ++++++++++++
 2 files changed, 20 insertions(+), 0 deletions(-)

diff --git a/drivers/char/Kconfig b/drivers/char/Kconfig
index 4666295..7716af0 100644
--- a/drivers/char/Kconfig
+++ b/drivers/char/Kconfig
@@ -80,6 +80,14 @@ config VT_HW_CONSOLE_BINDING
 	 information. For framebuffer console users, please refer to
 	 <file:Documentation/fb/fbcon.txt>.
 
+config DEV_KMEM
+	bool "/dev/kmem virtual device support"
+	help
+	  Say Y here if you want to support the /dev/kmem device. The
+	  /dev/kmem device is rarely used, but can be used for certain
+	  kind of kernel debugging operations.
+	  When in doubt, say "N".
+
 config SERIAL_NONSTANDARD
 	bool "Non-standard serial port support"
 	depends on HAS_IOMEM
diff --git a/drivers/char/mem.c b/drivers/char/mem.c
index 3745e6b..49c5fac 100644
--- a/drivers/char/mem.c
+++ b/drivers/char/mem.c
@@ -323,6 +323,7 @@ static int mmap_mem(struct file * file, struct vm_area_struct * vma)
 	return 0;
 }
 
+#ifdef CONFIG_DEVKMEM
 static int mmap_kmem(struct file * file, struct vm_area_struct * vma)
 {
 	unsigned long pfn;
@@ -343,6 +344,7 @@ static int mmap_kmem(struct file * file, struct vm_area_struct * vma)
 	vma->vm_pgoff = pfn;
 	return mmap_mem(file, vma);
 }
+#endif
 
 #ifdef CONFIG_CRASH_DUMP
 /*
@@ -381,6 +383,7 @@ static ssize_t read_oldmem(struct file *file, char __user *buf,
 extern long ...
[ message continues ]

Is the #else case needed? All kmem_fops uses seem #ifdef'ed out anyway,
except kmem_fops itself. In other words,

+#ifdef CONFIG_DEVKMEM
 static const struct file_operations kmem_fops = {
 ...
 }
+#endif

and do away with the three defines. No? :)
--

[ message continues ]

On Mon, 11 Feb 2008 01:13:09 +0100 (CET)

hmm I tried that first, and didn't work
but that wasn't on the final version of the patch so let me try again..


-- 
If you want to reach me at my work email, use arjan@linux.intel.com
For development, discussion and tips for power savings, 
visit http://www.lesswatts.org
--

[ message continues ]

On Mon, 11 Feb 2008 01:13:09 +0100 (CET)

yup you're right; updated patch below

---

Subject: [PATCH] make /dev/kmem a config option
From: Arjan van de Ven <arjan@linux.intel.com>

This patch makes /dev/kmem a config option; /dev/kmem is VERY rarely
used, and when used, it's generally for no good (rootkits tend to be
the most common users). With this config option, users have the
choice to disable /dev/kmem, saving some size as well.

A patch to disable /dev/kmem has been in the Fedora and RHEL kernels for
4+ years now without any known problems or legit users of /dev/kmem.

Signed-off-by: Arjan van de Ven <arjan@linux.intel.com>
---
 drivers/char/Kconfig |    8 ++++++++
 drivers/char/mem.c   |   10 ++++++++++
 2 files changed, 18 insertions(+)

Index: linux.trees.git/drivers/char/Kconfig
===================================================================
--- linux.trees.git.orig/drivers/char/Kconfig
+++ linux.trees.git/drivers/char/Kconfig
@@ -80,6 +80,14 @@ config VT_HW_CONSOLE_BINDING
 	 information. For framebuffer console users, please refer to
 	 <file:Documentation/fb/fbcon.txt>.
 
+config DEV_KMEM
+	bool "/dev/kmem virtual device support"
+	help
+	  Say Y here if you want to support the /dev/kmem device. The
+	  /dev/kmem device is rarely used, but can be used for certain
+	  kind of kernel debugging operations.
+	  When in doubt, say "N".
+
 config SERIAL_NONSTANDARD
 	bool "Non-standard serial port support"
 	depends on HAS_IOMEM
Index: linux.trees.git/drivers/char/mem.c
===================================================================
--- linux.trees.git.orig/drivers/char/mem.c
+++ linux.trees.git/drivers/char/mem.c
@@ -295,6 +295,7 @@ static int mmap_mem(struct file * file, 
 	return 0;
 }
 
+#ifdef CONFIG_DEVKMEM
 static int mmap_kmem(struct file * file, struct vm_area_struct * vma)
 {
 	unsigned long pfn;
@@ -315,6 +316,7 @@ static int mmap_kmem(struct file * file,
 	vma->vm_pgoff = pfn;
 	return mmap_mem(file, vma);
 }
+#endif
 
 ...
[ message continues ]

On Sun, 10 Feb 2008 17:05:09 -0800


--

[ message continues ]

On Mon, 11 Feb 2008 14:38:04 -0800

it works great in hiding /dev/kmem ;)
And since nothing uses that I didn't notice the other case.

Updated patch below

From: Arjan van de Ven <arjan@linux.intel.com>
Subject: [PATCH] make /dev/kmem a config option

This patch makes /dev/kmem a config option; /dev/kmem is VERY rarely
used, and when used, it's generally for no good (rootkits tend to be
the most common users). With this config option, users have the
choice to disable /dev/kmem, saving some size as well.

A patch to disable /dev/kmem has been in the Fedora and RHEL kernels for
4+ years now without any known problems or legit users of /dev/kmem.

Signed-off-by: Arjan van de Ven <arjan@linux.intel.com>
---
 drivers/char/Kconfig |    8 ++++++++
 drivers/char/mem.c   |   10 ++++++++++
 2 files changed, 18 insertions(+)

Index: linux.trees.git/drivers/char/Kconfig
===================================================================
--- linux.trees.git.orig/drivers/char/Kconfig
+++ linux.trees.git/drivers/char/Kconfig
@@ -80,6 +80,14 @@ config VT_HW_CONSOLE_BINDING
 	 information. For framebuffer console users, please refer to
 	 <file:Documentation/fb/fbcon.txt>.
 
+config DEVKMEM
+	bool "/dev/kmem virtual device support"
+	help
+	  Say Y here if you want to support the /dev/kmem device. The
+	  /dev/kmem device is rarely used, but can be used for certain
+	  kind of kernel debugging operations.
+	  When in doubt, say "N".
+
 config SERIAL_NONSTANDARD
 	bool "Non-standard serial port support"
 	depends on HAS_IOMEM
Index: linux.trees.git/drivers/char/mem.c
===================================================================
--- linux.trees.git.orig/drivers/char/mem.c
+++ linux.trees.git/drivers/char/mem.c
@@ -295,6 +295,7 @@ static int mmap_mem(struct file * file, 
 	return 0;
 }
 
+#ifdef CONFIG_DEVKMEM
 static int mmap_kmem(struct file * file, struct vm_area_struct * vma)
 {
 	unsigned long pfn;
@@ -315,6 +316,7 @@ static int mmap_kmem(struct file * file,
 ...
[ message continues ]

I think this should be `default y'.  So that we don't cause /dev/kmem to
magically disappear for `make oldconfig' users.
--

[ message continues ]

On Mon, 11 Feb 2008 20:59:14 -0800

that's a matter of taste; nothing uses/needs it and I think people are better
off without it (by default), but if you insist I can't object to that too much
either.


-- 
If you want to reach me at my work email, use arjan@linux.intel.com
For development, discussion and tips for power savings, 
visit http://www.lesswatts.org
--

[ message continues ]