port-i386/39278: device nodes clobbered if use union-mounted tmpfs or mfs

To: port-i386-maintainer%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: port-i386/39278: device nodes clobbered if use union-mounted tmpfs or mfs
From: lolabone%ntlworld.com@localhost
Date: Sun, 3 Aug 2008 13:20:01 +0000 (UTC)

>Number:         39278
>Category:       port-i386
>Synopsis:       device nodes clobbered if use union-mounted tmpfs or mfs
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    port-i386-maintainer
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Aug 03 13:20:01 +0000 2008
>Originator:     Lola Bonetti
>Release:        4.99.70 and 4.99.71
>Organization:
>Environment:
NetBSD  4.99.71 NetBSD 4.99.71 (GENERIC) #0: Fri Aug  1 04:23:17 PDT 2008  
builds@wb25:/home/builds/ab/HEAD/i386/200808010002Z-obj/home/builds/ab/HEAD/src/sys/arch/i386/compile/GENERIC
 i386
>Description:
I am using the functionality in /sbin/init and /dev/MAKEDEV, whereby removal of 
/dev/console causes /dev to be mounted as tmpfs or mfs. In -CURRENT, MAKEDEV 
accomplishes this using the union mount option. However, the behaviour of union 
mounts seems odd. Device nodes (e.g. /dev/tty) in the tmpfs/mfs can be 
clobbered and replaced by a regular file (e.g. echo hello >/dev/tty). This 
happens even if the underlying (root) file system is mounted read-only. This 
prevents cgdconfig from reading its passphrase (the prompt gets redirected to a 
regular file /dev/tty), and multi-user console login fails with pam errors. 
There will surely be many other serious repercussions.
>How-To-Repeat:
From fresh install of 4.99.70 or 4.99.71:

Test A:
1. Boot single-user
2. mount -uw /
3. rm -f /dev/console
4. Reboot to multi-user (get pam errors, can't log in)

Test B:
1. Boot single-user
2. cd /dev; sh ./MAKEDEV -MM init
3. ls -l /dev/tty (character device)
4. echo hello >/dev/tty (no output)
5. ls -l /dev/tty (now regular file)
6. cd /; umount /dev
>Fix:
A workaround is as follows. Before removal of /dev/console:

1. Boot single-user
2. mount -uw /
3. vi /dev/MAKEDEV (delete "-o union" from tmpfs and mfs mount commands)
4. Copy /dev/MAKEDEV* to /etc/ if you still want to be able to access them 
following reboot.

To test:
5. cd /dev; sh ./MAKEDEV -MM init (complains about MAKEDEV.local, but that's to 
be expected)
6. ls -l /dev/tty (character device)
7. echo hello >/dev/tty (echos to screen)
8. ls -l /dev/tty (still character device)
9. rm -f /dev/console
10. Reboot to multi-user

That's a workaround. The fix will, I suspect, involve mount, and the code that 
handles the union option.

Prev by Date: kern/39277: wapbl+nullfs crash
Next by Date: NetBSD Nightly Trouble Ticket Report
Previous by Thread: kern/39277: wapbl+nullfs crash
Next by Thread: kern/39280: Uninitialized callout stopped in if_spppsubr layer without INET6
Indexes:

Home | Main Index | Thread Index | Old Index