I am trying to see if it is possible to read/write Linux kernel memory from a userland program by calling mmap() on /dev/kmem. I know there is code in the kernel intended to support this (mmap_kmem() in /drivers/char/mem.c), but I also know (from reading the LKML) that it has been broken at some points in the kernel's development. For example, Torvalds indicated that it was broken in 2.6.12 (he committed a partial fix).

The fix Torvalds committed for 2.6.13 (still there as of 2.6.15.2) only partly works. I've been able to read from the kernel's base address using that version, but not from an arbitrary offset within the kernel.

Does anyone have good/decent/any understanding of the state of support for mmap()ing /dev/kmem in the latest versions of the kernel (2.4.x or 2.6.x branches)? Or, alternatively, is there a particular kernel version in which you know this to work?