lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-Id: <20090807100848.9805841b.randy.dunlap@oracle.com>
Date:	Fri, 7 Aug 2009 10:08:48 -0700
From:	Randy Dunlap <randy.dunlap@...cle.com>
To:	Neil Horman <nhorman@...driver.com>
Cc:	linux-kernel@...r.kernel.org, akpm@...ux-foundation.org,
	earl_chew@...lent.com, alan@...rguk.ukuu.org.uk,
	andi@...stfloor.org, oleg@...hat.com
Subject: Re: [PATCH 2/3] exec: let do_coredump limit the number of
 concurrent dumps to pipes (v9)

On Mon, 20 Jul 2009 12:29:01 -0400 Neil Horman wrote:

> core_pattern: Introduce core pipe limiting sysctl
> 
> Since we can dump cores to pipe, rather than directly to the filesystem, we
> create a condition in which a user can create a very high load on the system
> simply by running bad applications.  If the pipe reader specified in
> core_pattern is poorly written, we can have lots of ourstandig resources and
> processes in the system.  This sysctl introduces an ability to limit that
> resource consumption.  core_pipe_limit defines how many in-flight dumps may be
> run in parallel, dumps beyond this value are skipped and a note is made in the
> kernel log.  A special value of 0 in core_pipe_limit denotes unlimited core
> dumps may be handled (this is the default value).
> 
> Signed-off-by: Neil Horman <nhorman@...driver.com>
> Reported-by: Earl Chew <earl_chew@...lent.com>
> 
> 
>  Documentation/sysctl/kernel.txt |   22 ++++++++++++++++++++++
>  fs/exec.c                       |   25 +++++++++++++++++++------
>  kernel/sysctl.c                 |    9 +++++++++
>  3 files changed, 50 insertions(+), 6 deletions(-)
> 
> diff --git a/Documentation/sysctl/kernel.txt b/Documentation/sysctl/kernel.txt
> index 382cfd8..7706b6a 100644
> --- a/Documentation/sysctl/kernel.txt
> +++ b/Documentation/sysctl/kernel.txt
> @@ -21,6 +21,7 @@ show up in /proc/sys/kernel:
>  - acct
>  - auto_msgmni
>  - core_pattern
> +- core_pipe_limit
>  - core_uses_pid
>  - ctrl-alt-del
>  - dentry-state
> @@ -119,6 +120,27 @@ core_pattern is used to specify a core dumpfile pattern name.
>  
>  ==============================================================
>  
> +core_pipe_limit:
> +
> +This sysctl is only applicable when core_pattern is configured to pipe core
> +files to user space helper a (when the first character of core_pattern is a '|',

         to a user space helper (

> +see above).  When collecting cores via a pipe to an application, it is
> +occasionally usefull for the collecting application to gather data about the

                useful

> +crashing process from its /proc/pid directory.  In order to do this safely, the
> +kernel must wait for the collecting process to exit, so as not to remove the
> +crashing processes proc files prematurely.  This in turn creates the possibility

            process's (?)

> +that a misbehaving userspace collecting process can block the reaping of a
> +crashed process simply by never exiting.  This sysctl defends against that.  It
> +defines how many concurrent crashing processes may be piped to user space
> +applications in parallel.  If this value is exceeded, then those crashing
> +processes above that value are noted via the kernel log and their cores are
> +skipped.  0 is a special value, indicating that unlimited processes may be
> +captured in parallel, but that no waiting will take place (i.e. the collecting
> +process is not guaranteed access to /proc/<crahing pid>/).  This value defaults

                                             <crashing pid>

> +to 0.
> +
> +==============================================================
> +
>  core_uses_pid:
>  
>  The default coredump filename is "core".  By setting


---
~Randy
LPC 2009, Sept. 23-25, Portland, Oregon
http://linuxplumbersconf.org/2009/
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ