lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Wed, 25 Jul 2007 19:01:27 +0400
From:	Kirill Korotaev <dev@...nvz.org>
To:	Masoud Sharbiani <masouds@...gle.com>
CC:	akpm@...ux-foundation.org, ak@...e.de, linux-kernel@...r.kernel.org
Subject: Re: i386-show-unhandled-signals-v3


Masoud Sharbiani wrote:
> On 7/25/07, Kirill Korotaev <dev@...nvz.org> wrote:
> 
>>plz don't enable it by default... :/
>>any user can spam syslog with these messages and if syslog is run as root
>>can take the whole diskspace...
> 
> 
> 
> Yeah, but:
> 1) Right now (without this patch), it is enabled by default with _no_
> rate control in _all_ kernels; I ran the tiny program that is here,
> and it wasn't fun to watch.

agree. we disable it in OpenVZ kernels due to this.

> 2) With this patch it will be rate controlled using
> printk_ratelimit(), thus reducing the amount of spam immensely.
> 
> Of course, we can disable both of them, is this what you (and
> everybody else) want?

As for me - I would vote for disabling this by default.
If people vote for leaving it ON, then ratelimit is a must imho.

Thanks,
Kirill

> Masoud
> 
> 
>>Thanks,
>>Kirill
>>
>>Masoud Asgharifard Sharbiani wrote:
>>
>>>Hello,
>>>This patch makes the i386 behave the same way that x86_64 does when a
>>>segfault happens.  A line gets printed to the kernel log so that tools
>>>that
>>>need to check for failures can behave more uniformly between
>>>debug.show_unhandled_signals sysctl variable to 0 (or by doing echo 0 >
>>>/proc/sys/debug/exception-trace)
>>>
>>>Also, all of the lines being printed are now using printk_ratelimit() to
>>>deny the ability of DoS from a local user with a program like the
>>>following:
>>>
>>>main()
>>>{
>>>       while (1)
>>>               if (!fork()) *(int *)0 = 0;
>>>}
>>>
>>>This new revision also includes the fix that Andrew did which got rid of
>>>new sysctl that was added to the system in earlier versions of this.
>>>Also, 'show-unhandled-signals' sysctl has been renamed back to the old
>>>'exception-trace' to avoid breakage of people's scripts.
>>>
>>>cheers,
>>>Masoud Sharbiani
>>>
>>>Signed-off-by: Masoud Sharbiani <masouds@...gle.com>
>>>Cc: Andi Kleen <ak@...e.de>
>>>
>>>---
>>> arch/i386/kernel/signal.c   |    7 +++++++
>>> arch/i386/kernel/traps.c    |    7 +++++++
>>> arch/i386/mm/fault.c        |   10 ++++++++++
>>> arch/x86_64/kernel/signal.c |    2 +-
>>> arch/x86_64/kernel/traps.c  |    6 ++++--
>>> arch/x86_64/mm/fault.c      |   15 +++------------
>>> arch/x86_64/mm/init.c       |   35 -----------------------------------
>>> include/asm-x86_64/proto.h  |    2 --
>>> include/linux/signal.h      |    3 +++
>>> kernel/signal.c             |   10 ++++++++++
>>> kernel/sysctl.c             |   10 ++++++++++
>>> 11 files changed, 55 insertions(+), 52 deletions(-)
>>>
>>>diff --git a/arch/i386/kernel/signal.c b/arch/i386/kernel/signal.c
>>>index d574e38..f5dd856 100644
>>>--- a/arch/i386/kernel/signal.c
>>>+++ b/arch/i386/kernel/signal.c
>>>@@ -199,6 +199,13 @@ asmlinkage int sys_sigreturn(unsigned long __unused)
>>>      return eax;
>>>
>>> badframe:
>>>+     if (show_unhandled_signals && printk_ratelimit())
>>>+             printk("%s%s[%d] bad frame in sigreturn frame:%p eip:%lx"
>>>+                    " esp:%lx oeax:%lx\n",
>>>+                 current->pid > 1 ? KERN_INFO : KERN_EMERG,
>>>+                 current->comm, current->pid, frame, regs->eip,
>>>+                 regs->esp, regs->orig_eax);
>>>+
>>>      force_sig(SIGSEGV, current);
>>>      return 0;
>>> }
>>>diff --git a/arch/i386/kernel/traps.c b/arch/i386/kernel/traps.c
>>>index 18c1c28..c20283c 100644
>>>--- a/arch/i386/kernel/traps.c
>>>+++ b/arch/i386/kernel/traps.c
>>>@@ -611,6 +611,13 @@ fastcall void __kprobes do_general_protection(struct pt_regs * regs,
>>>
>>>      current->thread.error_code = error_code;
>>>      current->thread.trap_no = 13;
>>>+     if (show_unhandled_signals && unhandled_signal(current, SIGSEGV) &&
>>>+         printk_ratelimit())
>>>+             printk(KERN_INFO
>>>+                 "%s[%d] general protection eip:%lx esp:%lx error:%lx\n",
>>>+                 current->comm, current->pid,
>>>+                 regs->eip, regs->esp, error_code);
>>>+
>>>      force_sig(SIGSEGV, current);
>>>      return;
>>>
>>>diff --git a/arch/i386/mm/fault.c b/arch/i386/mm/fault.c
>>>index 1ecb3e4..52c940b 100644
>>>--- a/arch/i386/mm/fault.c
>>>+++ b/arch/i386/mm/fault.c
>>>@@ -283,6 +283,8 @@ static inline int vmalloc_fault(unsigned long address)
>>>      return 0;
>>> }
>>>
>>>+int show_unhandled_signals = 1;
>>>+
>>> /*
>>>  * This routine handles page faults.  It determines the address,
>>>  * and the problem, and then passes it off to one of the appropriate
>>>@@ -470,6 +472,14 @@ bad_area_nosemaphore:
>>>              if (is_prefetch(regs, address, error_code))
>>>                      return;
>>>
>>>+             if (show_unhandled_signals && unhandled_signal(tsk, SIGSEGV) &&
>>>+                 printk_ratelimit()) {
>>>+                     printk("%s%s[%d]: segfault at %08lx eip %08lx "
>>>+                         "esp %08lx error %lx\n",
>>>+                         tsk->pid > 1 ? KERN_INFO : KERN_EMERG,
>>>+                         tsk->comm, tsk->pid, address, regs->eip,
>>>+                         regs->esp, error_code);
>>>+             }
>>>              tsk->thread.cr2 = address;
>>>              /* Kernel addresses are always protection faults */
>>>              tsk->thread.error_code = error_code | (address >= TASK_SIZE);
>>>diff --git a/arch/x86_64/kernel/signal.c b/arch/x86_64/kernel/signal.c
>>>index 290f5d8..f9506f6 100644
>>>--- a/arch/x86_64/kernel/signal.c
>>>+++ b/arch/x86_64/kernel/signal.c
>>>@@ -480,7 +480,7 @@ do_notify_resume(struct pt_regs *regs, void *unused, __u32 thread_info_flags)
>>> void signal_fault(struct pt_regs *regs, void __user *frame, char *where)
>>> {
>>>      struct task_struct *me = current;
>>>-     if (exception_trace)
>>>+     if (show_unhandled_signals && printk_ratelimit())
>>>              printk("%s[%d] bad frame in %s frame:%p rip:%lx rsp:%lx orax:%lx\n",
>>>             me->comm,me->pid,where,frame,regs->rip,regs->rsp,regs->orig_rax);
>>>
>>>diff --git a/arch/x86_64/kernel/traps.c b/arch/x86_64/kernel/traps.c
>>>index 74cbeb2..b9660c4 100644
>>>--- a/arch/x86_64/kernel/traps.c
>>>+++ b/arch/x86_64/kernel/traps.c
>>>@@ -580,7 +580,8 @@ static void __kprobes do_trap(int trapnr, int signr, char *str,
>>>              tsk->thread.error_code = error_code;
>>>              tsk->thread.trap_no = trapnr;
>>>
>>>-             if (exception_trace && unhandled_signal(tsk, signr))
>>>+             if (show_unhandled_signals && unhandled_signal(tsk, signr) &&
>>>+                 printk_ratelimit())
>>>                      printk(KERN_INFO
>>>                             "%s[%d] trap %s rip:%lx rsp:%lx error:%lx\n",
>>>                             tsk->comm, tsk->pid, str,
>>>@@ -684,7 +685,8 @@ asmlinkage void __kprobes do_general_protection(struct pt_regs * regs,
>>>              tsk->thread.error_code = error_code;
>>>              tsk->thread.trap_no = 13;
>>>
>>>-             if (exception_trace && unhandled_signal(tsk, SIGSEGV))
>>>+             if (show_unhandled_signals && unhandled_signal(tsk, SIGSEGV) &&
>>>+                 printk_ratelimit())
>>>                      printk(KERN_INFO
>>>                     "%s[%d] general protection rip:%lx rsp:%lx error:%lx\n",
>>>                             tsk->comm, tsk->pid,
>>>diff --git a/arch/x86_64/mm/fault.c b/arch/x86_64/mm/fault.c
>>>index 635e58d..0412824 100644
>>>--- a/arch/x86_64/mm/fault.c
>>>+++ b/arch/x86_64/mm/fault.c
>>>@@ -221,16 +221,6 @@ static int is_errata93(struct pt_regs *regs, unsigned long address)
>>>      return 0;
>>> }
>>>
>>>-int unhandled_signal(struct task_struct *tsk, int sig)
>>>-{
>>>-     if (is_init(tsk))
>>>-             return 1;
>>>-     if (tsk->ptrace & PT_PTRACED)
>>>-             return 0;
>>>-     return (tsk->sighand->action[sig-1].sa.sa_handler == SIG_IGN) ||
>>>-             (tsk->sighand->action[sig-1].sa.sa_handler == SIG_DFL);
>>>-}
>>>-
>>> static noinline void pgtable_bad(unsigned long address, struct pt_regs *regs,
>>>                               unsigned long error_code)
>>> {
>>>@@ -302,7 +292,7 @@ static int vmalloc_fault(unsigned long address)
>>> }
>>>
>>> int page_fault_trace = 0;
>>>-int exception_trace = 1;
>>>+int show_unhandled_signals = 1;
>>>
>>> /*
>>>  * This routine handles page faults.  It determines the address,
>>>@@ -495,7 +485,8 @@ bad_area_nosemaphore:
>>>                  (address >> 32))
>>>                      return;
>>>
>>>-             if (exception_trace && unhandled_signal(tsk, SIGSEGV)) {
>>>+             if (show_unhandled_signals && unhandled_signal(tsk, SIGSEGV) &&
>>>+                 printk_ratelimit()) {
>>>                      printk(
>>>                     "%s%s[%d]: segfault at %016lx rip %016lx rsp %016lx error %lx\n",
>>>                                      tsk->pid > 1 ? KERN_INFO : KERN_EMERG,
>>>diff --git a/arch/x86_64/mm/init.c b/arch/x86_64/mm/init.c
>>>index 9a0e98a..5096168 100644
>>>--- a/arch/x86_64/mm/init.c
>>>+++ b/arch/x86_64/mm/init.c
>>>@@ -697,41 +697,6 @@ int kern_addr_valid(unsigned long addr)
>>>      return pfn_valid(pte_pfn(*pte));
>>> }
>>>
>>>-#ifdef CONFIG_SYSCTL
>>>-#include <linux/sysctl.h>
>>>-
>>>-extern int exception_trace, page_fault_trace;
>>>-
>>>-static ctl_table debug_table2[] = {
>>>-     {
>>>-             .ctl_name       = 99,
>>>-             .procname       = "exception-trace",
>>>-             .data           = &exception_trace,
>>>-             .maxlen         = sizeof(int),
>>>-             .mode           = 0644,
>>>-             .proc_handler   = proc_dointvec
>>>-     },
>>>-     {}
>>>-};
>>>-
>>>-static ctl_table debug_root_table2[] = {
>>>-     {
>>>-             .ctl_name = CTL_DEBUG,
>>>-             .procname = "debug",
>>>-             .mode = 0555,
>>>-             .child = debug_table2
>>>-     },
>>>-     {}
>>>-};
>>>-
>>>-static __init int x8664_sysctl_init(void)
>>>-{
>>>-     register_sysctl_table(debug_root_table2);
>>>-     return 0;
>>>-}
>>>-__initcall(x8664_sysctl_init);
>>>-#endif
>>>-
>>> /* A pseudo VMA to allow ptrace access for the vsyscall page.  This only
>>>    covers the 64bit vsyscall page now. 32bit has a real VMA now and does
>>>    not need special handling anymore. */
>>>diff --git a/include/asm-x86_64/proto.h b/include/asm-x86_64/proto.h
>>>index 85255db..4fad501 100644
>>>--- a/include/asm-x86_64/proto.h
>>>+++ b/include/asm-x86_64/proto.h
>>>@@ -75,8 +75,6 @@ extern void setup_node_bootmem(int nodeid, unsigned long start, unsigned long en
>>> extern void early_quirks(void);
>>> extern void check_efer(void);
>>>
>>>-extern int unhandled_signal(struct task_struct *tsk, int sig);
>>>-
>>> extern void select_idle_routine(const struct cpuinfo_x86 *c);
>>>
>>> extern unsigned long table_start, table_end;
>>>diff --git a/include/linux/signal.h b/include/linux/signal.h
>>>index ea91abe..0ae3388 100644
>>>--- a/include/linux/signal.h
>>>+++ b/include/linux/signal.h
>>>@@ -237,12 +237,15 @@ extern int group_send_sig_info(int sig, struct siginfo *info, struct task_struct
>>> extern int __group_send_sig_info(int, struct siginfo *, struct task_struct *);
>>> extern long do_sigpending(void __user *, unsigned long);
>>> extern int sigprocmask(int, sigset_t *, sigset_t *);
>>>+extern int show_unhandled_signals;
>>>
>>> struct pt_regs;
>>> extern int get_signal_to_deliver(siginfo_t *info, struct k_sigaction *return_ka, struct pt_regs *regs, void *cookie);
>>>
>>> extern struct kmem_cache *sighand_cachep;
>>>
>>>+int unhandled_signal(struct task_struct *tsk, int sig);
>>>+
>>> /*
>>>  * In POSIX a signal is sent either to a specific thread (Linux task)
>>>  * or to the process as a whole (Linux thread group).  How the signal
>>>diff --git a/kernel/signal.c b/kernel/signal.c
>>>index 39d1227..ef8156a 100644
>>>--- a/kernel/signal.c
>>>+++ b/kernel/signal.c
>>>@@ -255,6 +255,16 @@ flush_signal_handlers(struct task_struct *t, int force_default)
>>>      }
>>> }
>>>
>>>+int unhandled_signal(struct task_struct *tsk, int sig)
>>>+{
>>>+     if (is_init(tsk))
>>>+             return 1;
>>>+     if (tsk->ptrace & PT_PTRACED)
>>>+             return 0;
>>>+     return (tsk->sighand->action[sig-1].sa.sa_handler == SIG_IGN) ||
>>>+             (tsk->sighand->action[sig-1].sa.sa_handler == SIG_DFL);
>>>+}
>>>+
>>>
>>> /* Notify the system that a driver wants to block all signals for this
>>>  * process, and wants to be notified if any signals at all were to be
>>>diff --git a/kernel/sysctl.c b/kernel/sysctl.c
>>>index 7063ebc..af7002f 100644
>>>--- a/kernel/sysctl.c
>>>+++ b/kernel/sysctl.c
>>>@@ -1153,6 +1153,16 @@ static ctl_table fs_table[] = {
>>> };
>>>
>>> static ctl_table debug_table[] = {
>>>+#ifdef CONFIG_X86
>>>+     {
>>>+             .ctl_name       = CTL_UNNUMBERED,
>>>+             .procname       = "exception-trace",
>>>+             .data           = &show_unhandled_signals,
>>>+             .maxlen         = sizeof(int),
>>>+             .mode           = 0644,
>>>+             .proc_handler   = proc_dointvec
>>>+     },
>>>+#endif
>>>      { .ctl_name = 0 }
>>> };
>>>
>>>-
>>>To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
>>>the body of a message to majordomo@...r.kernel.org
>>>More majordomo info at  http://vger.kernel.org/majordomo-info.html
>>>Please read the FAQ at  http://www.tux.org/lkml/
>>>
>>
>>
> 

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists