lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Sun, 14 May 2017 16:35:03 -0500
From:   Rob Landley <>
To:     Andrew Morton <>
Cc:     "" <>,
        Prarit Bhargava <>,
        "Eric W. Biederman" <>,
        Yang Shi <>,
        Rasmus Villemoes <>,
        Kees Cook <>,
        Emese Revfy <>,
        Petr Mladek <>,
        Fabian Frederick <>
Subject: Re: [PATCHv2] Make initramfs honor CONFIG_DEVTMPFS_MOUNT

Andrew asked for "a more complete changelog" and I've had
a reply window open for _days_ trying to figure out
what he wants. Maybe it's in the following somewhere...

Otherwise the same v2 patch.

From: Rob Landley <>

Make initramfs honor CONFIG_DEVTMPFS_MOUNT (fixing commit
2b2af54a5bb6 which didn't bother), move /dev/console
open after devtmpfs mount, and update help text.

Commit 456eeabab849 in 2005 made gen_initramfs_list (when run
with no arguments) spit out an 'example' config creating /dev
and /dev/console. The kernel accidentally(?) included this
for many years when you didn't specify initramfs contents,
and of course grew dependencies on this /dev/console node
in the (often hidden) initramfs. Commit c33df4eaaf41 in 2007
explicitly preserved this dependency. Commit 2bd3a997befc in
2010 claimed it "removes the occasionally problematic assumption
that /dev/console exists from the boot code" but actually just
moved it later.

But nobody never tested statically linking an initramfs.
If you point CONFIG_INITRAMFS_SOURCE at a directory
running the build as a normal user you _don't_ get a
/dev/console (because you can't create it without being
root, and can't use the existing one out of /dev unless
you create your own initramfs list file), in which case init
runs with stdin/stdout/stderr closed and you get no output.

Eric's test case for his 2010 commit referenced above was:

  With this patch I was able to throw busybox on my /boot partition
  (which has no /dev directory) and boot into userspace without

But it didn't work pointing CONFIG_INITRAMFS_SOURCE at a
directory of the same files. This provides the "automatically
mounting devtmpfs on /dev" workaround the earlier commit was
trying to avoid.

Signed-off-by: Rob Landley <>

 drivers/base/Kconfig |   14 ++++----------
 init/main.c          |   15 +++++++++------
 2 files changed, 13 insertions(+), 16 deletions(-)

diff --git a/drivers/base/Kconfig b/drivers/base/Kconfig
index d718ae4..74779ee 100644
--- a/drivers/base/Kconfig
+++ b/drivers/base/Kconfig
@@ -48,16 +48,10 @@ config DEVTMPFS_MOUNT
 	bool "Automount devtmpfs at /dev, after the kernel mounted the rootfs"
 	depends on DEVTMPFS
-	  This will instruct the kernel to automatically mount the
-	  devtmpfs filesystem at /dev, directly after the kernel has
-	  mounted the root filesystem. The behavior can be overridden
-	  with the commandline parameter: devtmpfs.mount=0|1.
-	  This option does not affect initramfs based booting, here
-	  the devtmpfs filesystem always needs to be mounted manually
-	  after the rootfs is mounted.
-	  With this option enabled, it allows to bring up a system in
-	  rescue mode with init=/bin/sh, even when the /dev directory
-	  on the rootfs is completely empty.
+	  Automatically mount devtmpfs at /dev on the root filesystem, which
+	  lets the system to come up in rescue mode with [rd]init=/bin/sh.
+	  Override with devtmpfs.mount=0 on the commandline. Initramfs can
+	  create a /dev dir as needed, other rootfs needs the mount point.
 	bool "Select only drivers that don't need compile-time external firmware"
diff --git a/init/main.c b/init/main.c
index f866510..9ec09ff 100644
--- a/init/main.c
+++ b/init/main.c
@@ -1038,12 +1038,6 @@ static noinline void __init kernel_init_freeable(void)
-	/* Open the /dev/console on the rootfs, this should never fail */
-	if (sys_open((const char __user *) "/dev/console", O_RDWR, 0) < 0)
-		pr_err("Warning: unable to open an initial console.\n");
-	(void) sys_dup(0);
-	(void) sys_dup(0);
 	 * check if there is an early userspace init.  If yes, let it do all
 	 * the work
@@ -1055,8 +1049,17 @@ static noinline void __init kernel_init_freeable(void)
 	if (sys_access((const char __user *) ramdisk_execute_command, 0) != 0) {
 		ramdisk_execute_command = NULL;
+		sys_mkdir("/dev", 0755);
+		devtmpfs_mount("/dev");
+	/* Open the /dev/console on the rootfs, this should never fail */
+	if (sys_open((const char __user *) "/dev/console", O_RDWR, 0) < 0)
+		pr_err("Warning: unable to open an initial console.\n");
+	(void) sys_dup(0);
+	(void) sys_dup(0);
 	 * Ok, we have completed the initial bootup, and
 	 * we're essentially up and running. Get rid of the

Powered by blists - more mailing lists