[ Thanks to Emmett for this link.
]
“For the most part, system calls are called through wrappers
in the C library (libc) or others. Although system calls are
usually sufficient for most applications, they simply can not
provide for the needs of every application. It would simply be
impractical for the kernel to provide system calls for every
exported data structure; however, the need is still there to access
some of the more exotic data structures that reside in the
kernel. This niche of applications typically belongs to
speciality applications, such a s ‘ps’ and ‘top,’ that display
highly specialized information about processes on the system.”
“Kernel programmers solved this problem by providing an
interface, typically named /dev/kmem. This device, true to UNIX
traditions, is simply an interface to the kernel virtual memory of
the live system. Writing to the device will be reflected in the
virtual memory address space, likewise, reading from it will read
from the live kernel virtual memory address space. It’s quite clear
that the data structures we are interested in reside within this
address space.”
“KVM obviously has quite a few limitations; although it’s very
flexible, it also has potential to be insecure. Also,
non-privileged users (without setuid/setgid executables) cannot
enjoy the advantages it provides. With this in mind, and the need
for many users to access certain pieces of data typically contained
within the kernel, developers designed the /proc interface. /proc
is a filesystem provided by the kernel that acts as an interface to
certain in-kernel data structures.”