Control: tags -1 + upstream On Tuesday, May 5, 2020 7:07:39 AM EDT Gürkan Myczko wrote: > The error message: > ERROR: Could not get I/O privileges (Operation not permitted). > to me and #flashrom is not misleading at all. I had overlooked that part and fixated on the last line about root. However 'You need to be root' sounds too strong IMHO especially since that's not what's really necesarry. Maybe a message more like E: Unable to acquire the dpkg frontend lock, are you root? would be fitting. Thanks for giving me the gumption to try strace. With it I got the attached output showing iopl() is throwing the error. Its man page says ERRORS EPERM The calling process has insufficient privilege to call iopl(); the CAP_SYS_RAWIO capability is required to raise the I/O privilege level above its current value. So maybe root isn't necessary in general. With gdb the problem seems to be at #0 rget_io_perms () at ../hwaccess.c:119 #1 0x000055555559fbab in internal_init () at ../internal.c:213 #2 0x00005555555b706a in programmer_init (prog=PROGRAMMER_INTERNAL, param=0x0) at ../flashrom.c:555 #3 0x00005555555ccffe in main (argc=5, argv=0x7fffffffe608) at ../cli_classic.c:459 int rget_io_perms(void) { #if IS_X86 && !(defined(__DJGPP__) || defined(__LIBPAYLOAD__)) #if defined (__sun) if (sysi86(SI86V86, V86SC_IOPL, PS_IOPL) != 0) { #elif USE_DEV_IO if ((io_fd = open("/dev/io", O_RDWR)) < 0) { #elif USE_IOPERM if (ioperm(0, 65536, 1) != 0) { #elif USE_IOPL if (iopl(3) != 0) { #endif msg_perr("ERROR: Could not get I/O privileges (%s).\n", strerror(errno)); msg_perr("You need to be root.\n"); I was pointed to it by the Linux commit [1], that on my system I can read /sys/kernel/security/lockdown as root which says none [integrity] confidentiality I hope this can provide a check comparable to the OpenBSD and NetBSD ones there. If you have Linux 5.4+ you might be able to boot with lockdown=integrity (EFI/Secure Boot not necessary) and reproduce this way. Please let me know if you'd be helped by any more details. I hope this can be solved cleanly. [1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=aefcf2f4
execve("/usr/sbin/flashrom", ["flashrom", "--programmer", "internal", "-r", "woo"], 0x7ffebadd4dc0 /* 20 vars */) = 0 brk(NULL) = 0x564f5f7a9000 access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3 fstat(3, {st_mode=S_IFREG|0644, st_size=197499, ...}) = 0 mmap(NULL, 197499, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fc50c0ba000 close(3) = 0 openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libusb-1.0.so.0", O_RDONLY|O_CLOEXEC) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\260G\0\0\0\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0644, st_size=109552, ...}) = 0 mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc50c0b8000 mmap(NULL, 112016, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fc50c09c000 mmap(0x7fc50c0a0000, 57344, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x4000) = 0x7fc50c0a0000 mmap(0x7fc50c0ae000, 32768, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x12000) = 0x7fc50c0ae000 mmap(0x7fc50c0b6000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x19000) = 0x7fc50c0b6000 close(3) = 0 openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libpci.so.3", O_RDONLY|O_CLOEXEC) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0P5\0\0\0\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0644, st_size=60024, ...}) = 0 mmap(NULL, 62096, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fc50c08c000 mprotect(0x7fc50c08f000, 45056, PROT_NONE) = 0 mmap(0x7fc50c08f000, 28672, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x3000) = 0x7fc50c08f000 mmap(0x7fc50c096000, 12288, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xa000) = 0x7fc50c096000 mmap(0x7fc50c09a000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xd000) = 0x7fc50c09a000 close(3) = 0 openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libftdi1.so.2", O_RDONLY|O_CLOEXEC) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\2004\0\0\0\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0644, st_size=59872, ...}) = 0 mmap(NULL, 62024, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fc50c07c000 mmap(0x7fc50c07f000, 32768, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x3000) = 0x7fc50c07f000 mmap(0x7fc50c087000, 12288, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xb000) = 0x7fc50c087000 mmap(0x7fc50c08a000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xd000) = 0x7fc50c08a000 close(3) = 0 openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3 read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0 o\2\0\0\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0755, st_size=1831600, ...}) = 0 mmap(NULL, 1844568, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fc50beb9000 mmap(0x7fc50bede000, 1351680, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x25000) = 0x7fc50bede000 mmap(0x7fc50c028000, 303104, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x16f000) = 0x7fc50c028000 mmap(0x7fc50c072000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1b8000) = 0x7fc50c072000 mmap(0x7fc50c078000, 13656, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7fc50c078000 close(3) = 0 openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libudev.so.1", O_RDONLY|O_CLOEXEC) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0@X\0\0\0\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0644, st_size=174272, ...}) = 0 mmap(NULL, 178440, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fc50be8d000 mmap(0x7fc50be92000, 110592, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x5000) = 0x7fc50be92000 mmap(0x7fc50bead000, 40960, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x20000) = 0x7fc50bead000 mmap(0x7fc50beb7000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x29000) = 0x7fc50beb7000 close(3) = 0 openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libpthread.so.0", O_RDONLY|O_CLOEXEC) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0`|\0\0\0\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0755, st_size=146912, ...}) = 0 mmap(NULL, 132256, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fc50be6c000 mmap(0x7fc50be73000, 61440, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x7000) = 0x7fc50be73000 mmap(0x7fc50be82000, 20480, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x16000) = 0x7fc50be82000 mmap(0x7fc50be87000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1a000) = 0x7fc50be87000 mmap(0x7fc50be89000, 13472, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7fc50be89000 close(3) = 0 openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libz.so.1", O_RDONLY|O_CLOEXEC) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0203\0\0\0\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0644, st_size=113088, ...}) = 0 mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc50be6a000 mmap(NULL, 115088, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fc50be4d000 mprotect(0x7fc50be50000, 98304, PROT_NONE) = 0 mmap(0x7fc50be50000, 69632, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x3000) = 0x7fc50be50000 mmap(0x7fc50be61000, 24576, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x14000) = 0x7fc50be61000 mmap(0x7fc50be68000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1a000) = 0x7fc50be68000 close(3) = 0 openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libresolv.so.2", O_RDONLY|O_CLOEXEC) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\300C\0\0\0\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0644, st_size=84808, ...}) = 0 mmap(NULL, 96896, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fc50be35000 mprotect(0x7fc50be39000, 65536, PROT_NONE) = 0 mmap(0x7fc50be39000, 49152, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x4000) = 0x7fc50be39000 mmap(0x7fc50be45000, 12288, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x10000) = 0x7fc50be45000 mmap(0x7fc50be49000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x13000) = 0x7fc50be49000 mmap(0x7fc50be4b000, 6784, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7fc50be4b000 close(3) = 0 mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc50be33000 arch_prctl(ARCH_SET_FS, 0x7fc50be33b80) = 0 mprotect(0x7fc50c072000, 12288, PROT_READ) = 0 mprotect(0x7fc50be49000, 4096, PROT_READ) = 0 mprotect(0x7fc50be68000, 4096, PROT_READ) = 0 mprotect(0x7fc50be87000, 4096, PROT_READ) = 0 mprotect(0x7fc50beb7000, 4096, PROT_READ) = 0 mprotect(0x7fc50c0b6000, 4096, PROT_READ) = 0 mprotect(0x7fc50c08a000, 4096, PROT_READ) = 0 mprotect(0x7fc50c09a000, 4096, PROT_READ) = 0 mprotect(0x564f5ef2c000, 339968, PROT_READ) = 0 mprotect(0x7fc50c113000, 4096, PROT_READ) = 0 munmap(0x7fc50c0ba000, 197499) = 0 set_tid_address(0x7fc50be33e50) = 14154 set_robust_list(0x7fc50be33e60, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7fc50be736b0, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7fc50be80110}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7fc50be73750, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc50be80110}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 fstat(1, {st_mode=S_IFCHR|0600, st_rdev=makedev(0x88, 0x4), ...}) = 0 brk(NULL) = 0x564f5f7a9000 brk(0x564f5f7ca000) = 0x564f5f7ca000 write(1, "flashrom v1.2", 13) = 13 uname({sysname="Linux", nodename="T450", ...}) = 0 write(1, " on Linux 5.6.0-1-amd64 (x86_64)", 32) = 32 write(1, "\n", 1) = 1 write(1, "flashrom is free software, get t"..., 71) = 71 write(1, "\n", 1) = 1 clock_getres(CLOCK_MONOTONIC, {tv_sec=0, tv_nsec=1}) = 0 write(1, "Using clock_gettime for delay lo"..., 66) = 66 iopl(3) = -1 EPERM (Operation not permitted) write(2, "ERROR: Could not get I/O privile"..., 63) = 63 write(2, "You need to be root.\n", 21) = 21 write(2, "Error: Programmer initialization"..., 41) = 41 exit_group(1) = ? +++ exited with 1 +++
Attachment:
signature.asc
Description: This is a digitally signed message part.