[flashrom] flashrom, hardened gentoo (grsecurity) and iopl()

Антон Кочков anton.kochkov at gmail.com
Sun May 8 10:05:06 CEST 2011


Good day!
Just found that flashrom doesnt work on some hardened configuration -
Hardened Gentoo - on hardened kernel-2.6.38

Linux xserver 2.6.38-hardened #1 SMP Wed Apr 20 02:19:23 CEST 2011
x86_64 Intel(R) Core(TM) i7 CPU 930 @ 2.80GHz GenuineIntel GNU/Linux

flashrom v0.9.3-r1297 on Linux 2.6.38-hardened (x86_64), built with
libpci 3.1.7, GCC 4.5.2, little endian
flashrom is free software, get the source code at http://www.flashrom.org

Calibrating delay loop... OS timer resolution is 1 usecs, 1530M loops
per second, 10 myus = 10 us, 100 myus = 99 us, 1000 myus = 996 us,
10000 myus = 9977 us, 4
myus = 4 us, OK.
Initializing internal programmer
ERROR: Could not get I/O privileges (Operation not permitted).
You need to be root.


And this from dmesg:

[1578171.686680] grsec: From 79.111.220.160: denied use of iopl() by
/home/xvilka/flashrom/flashrom[flashrom:10596] uid/euid:0/0
gid/egid:0/0, parent
/bin/bash[bash:10591] uid/euid:0/0 gid/egid:0/0
[1578218.043347] grsec: From 79.111.220.160: denied use of iopl() by
/home/xvilka/flashrom/flashrom[flashrom:10612] uid/euid:0/0
gid/egid:0/0, parent
/bin/bash[bash:10606] uid/euid:0/0 gid/egid:0/0
[1578388.047996] grsec: From 79.111.220.160: denied use of iopl() by
/home/xvilka/flashrom/flashrom[flashrom:10645] uid/euid:0/0
gid/egid:0/0, parent
/bin/bash[bash:10606] uid/euid:0/0 gid/egid:0/0

And found this theme http://forums.grsecurity.net/viewtopic.php?t=1654
So, for access ioperm() and iopl() you need disable "Disable
Privileged I/O (CONFIG_GRKERSEC_IO)" option in kernel config.
Can we print this message when found such configuration?
Are there way to make port access without iopl()?

Best regards,
Anton Kochkov.




More information about the flashrom mailing list