Bug#940171: udev mounts /dev with the noexec flag

Fri Sep 13 13:09:02 BST 2019

Control: reassign -1 initramfs-tools 0.135

Am 13.09.19 um 11:54 schrieb Mikulas Patocka:
> Package: udev
> Version: 242-7
> Severity: normal
> 
> Dear Maintainer,
> 
> *** Reporter, please consider answering these questions, where appropriate ***
> 
>    * What led up to the situation?
> 
> I use the uvesafb framebuffer, that uses a helper process v86d that
> emulates 8086 BIOS to change video modes.
> 
>    * What exactly did you do (or not do) that was effective (or
>      ineffective)?
> 
> After some recent udev update, udev sets the "noexec" flag on the /dev/
> filesystem. It breaks programs that want to map devices with PROT_EXEC,
> such as v86d. uvesafb doesn't work, because v86d can't map memory with the
> PROT_EXEC flag.
> 
> if I do "mount -o remount,exec /dev", v86d starts normally and uvesafb
> works.
> 
>    * What was the outcome of this action?
> 
> The vm86d program fails with this error:
> 
> openat(AT_FDCWD, "/dev/zero", O_RDWR)   = 4
> mmap(0x1000, 655360, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED, 4, 0) = -1 EPERM (Operace není povolena)
> dup(2)                                  = 5
> fcntl(5, F_GETFL)                       = 0x8001 (flags O_WRONLY|O_LARGEFILE)
> close(5)                                = 0
> write(2, "mmap /dev/zero: Operation not pe"..., 40mmap /dev/zero: Operation not permitted
> ) = 40
> close(4)                                = 0
> ioperm(0, 0x400, 1)                     = 0
> iopl(3)                                 = 0
> exit_group(-1)                          = ?
> 
>    * What outcome did you expect instead?
> 
> The mmap syscall should succeed:
> 
> openat(AT_FDCWD, "/dev/zero", O_RDWR)   = 4
> mmap(0x1000, 655360, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED, 4, 0) = 0x1000
> close(4)                                = 0
> openat(AT_FDCWD, "/dev/mem", O_RDWR)    = 4
> mmap(NULL, 1282, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED, 4, 0) = 0
> mmap(0xa0000, 393216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED, 4, 0xa0000) = 0xa0000
> close(4)                                = 0
> ioperm(0, 0x400, 1)                     = 0
> iopl(3)                                 = 0
> 
> 

Afaics this is a recent initramfs-tools change:

initramfs-tools (0.135) unstable; urgency=medium

  [ Topi Miettinen ]
  * [eb98d2e] init: /dev can be noexec and /run nodev

https://salsa.debian.org/kernel-team/initramfs-tools/merge_requests/9

systemd mounts /dev with the following flags:

https://github.com/systemd/systemd/blob/master/src/core/mount-setup.c#L66

-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20190913/a654f06e/attachment.sig>