BinaryFreedom.com: Kernel Internals, Part I; Accessing [UNIX] Kernel Internals; /proc and kvmJan 20, 2001, 14:00 (0 Talkback[s])
(Other stories by Marius Aamodt Eriksen)
[ Thanks to Emmett for this link. ]
"For the most part, system calls are called through wrappers in the C library (libc) or others. Although system calls are usually sufficient for most applications, they simply can not provide for the needs of every application. It would simply be impractical for the kernel to provide system calls for every exported data structure; however, the need is still there to access some of the more exotic data structures that reside in the kernel. This niche of applications typically belongs to speciality applications, such a s 'ps' and 'top,' that display highly specialized information about processes on the system."
"Kernel programmers solved this problem by providing an interface, typically named /dev/kmem. This device, true to UNIX traditions, is simply an interface to the kernel virtual memory of the live system. Writing to the device will be reflected in the virtual memory address space, likewise, reading from it will read from the live kernel virtual memory address space. It's quite clear that the data structures we are interested in reside within this address space."
"KVM obviously has quite a few limitations; although it's very flexible, it also has potential to be insecure. Also, non-privileged users (without setuid/setgid executables) cannot enjoy the advantages it provides. With this in mind, and the need for many users to access certain pieces of data typically contained within the kernel, developers designed the /proc interface. /proc is a filesystem provided by the kernel that acts as an interface to certain in-kernel data structures."