* Christoph Hellwig [off-list ref] wrote:

On Fri, Jul 01, 2011 at 02:58:02PM +0200, Ingo Molnar wrote:

quoted

So what was not mentioned in your series, what is *your* motivation 
and your usecase? Enabling closed-source userspace drivers? Enabling 
the crash utility?

He stated it pretty clearly in the thread, it's the crash utility.

True. I only re-read the first patch and forgot about the resulting 
discussion. Sorry Petr!

quoted

If the former then shame on you, if the latter then how do you 
explain that distros appear to disable the RAM aspect of 
/dev/mem:

 $ grep DEVMEM $(rpm -ql kernel-2.6.38-0.rc7.git2.3.fc16.x86_64 | grep config-2.6 )
 CONFIG_STRICT_DEVMEM=y

So the crash utility use-case does not work on unpatched, default 
kernels, right?

Not if you have highmem.  That's why Redhat or Fedora to quote your
example patch in the /dev/crash driver, which totally defeats the
CONFIG_STRICT_DEVMEM setting.  But apparently it's good enough that no
one either noticed or at least doesn't care.

After initial modules have loaded i essentially disable crash.ko via 
/proc/sys/kernel/modules_disabled so rootkits have to work a bit 
harder than that.

But yeah, crash.ko is a rootkit-and-other-badness-enabler as it 
stands today.

Thanks,

	Ingo