Linux – Doesn’t allowing a user mode program to access kernel space memory and execute the IN and OUT instructions defeat the purpose of having CPU modes

linux

When the CPU is in user mode, the CPU can't execute privileged instructions and can't access kernel space memory.

And when the CPU is in kernel mode, the CPU can execute all instructions and can access all memory.

Now in Linux, a user mode program can access all memory (using /dev/mem) and can execute the two privileged instructions IN and OUT (using iopl() I think).

So a user mode program in Linux can do most things (I think most things) that can be done in kernel mode.

Doesn't allowing a user mode program to have all this power defeats the purpose of having CPU modes?

Best Answer

So a user mode program in Linux can do most things (I think most things) that can be done in kernel mode.

Well, not all user mode programs can, only those with the appropriate privileges. And that's determined by the kernel.

/dev/mem is protected by the usual filesystem access permissions, and the CAP_SYS_RAWIO capability. iopl() and ioperm() are also restricted through the same capability.

/dev/mem can also be compiled out of the kernel altogether (CONFIG_DEVMEM).

Doesn't allowing a user mode program to have all this power defeats the purpose of having CPU modes?

Well, maybe. It depends on what you want privileged user-space processes to be able to do. User-space processes can also trash the whole hard drive if they have access to /dev/sda (or equivalent), even though that defeats the purpose of having a filesystem driver to handle storage access.

(Then there's also the fact that iopl() works by utilizing the CPU privilege modes on i386, so it can't well be said to defeat their purpose.)

Best Answer

Related Solutions

Linux – High memory (user space) and highmem (kernel space)

Linux – Understanding Kernel Stack and Memory Layout of a Program

Related Question