| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 11 Nov 2016 11:19:30 +0100
From: Borislav Petkov <bp@...en8.de>
To: X86 ML <x86@...nel.org>
Cc: LKML <linux-kernel@...r.kernel.org>,
Andy Lutomirski <luto@...nel.org>,
Linus Torvalds <torvalds@...ux-foundation.org>,
Peter Zijlstra <peterz@...radead.org>
Subject: [RFC PATCH] x86/debug: Dump more detailed segfault info
From: Borislav Petkov <bp@...e.de>
I found out recently that this is very helpful when trying to look at
opcodes around the rIP when the segfault happens, and also poke at
architectural registers. When enabled, it looks something like this:
strsep[3702]: segfault at 40066b ip 00007ffff7abe22b sp 00007fffffffea70 error 7 in libc-2.19.so[7ffff7a33000+19f000]
RIP: 0033:[<00007ffff7abe22b>] [<00007ffff7abe22b>] 0x7ffff7abe22b
RSP: 002b:00007fffffffea70 EFLAGS: 00010202
RAX: 000000000040066b RBX: 0000000000400664 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 000000000000003d RDI: 0000000000400665
RBP: 00007fffffffea90 R08: 00007ffff7dd7c60 R09: 00007ffff7deae20
R10: 00007fffffffe850 R11: 00007ffff7abe200 R12: 0000000000400460
R13: 00007fffffffeb80 R14: 0000000000000000 R15: 0000000000000000
FS: 00007ffff7fdc700(0000) GS:ffff88007ed40000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000040066b CR3: 0000000079a39000 CR4: 00000000000406e0
Code: 74 33 80 7e 01 00 74 22 48 89 df e8 5a 8a ff ff 48 85 c0 74 20 <c6> 00 00 48 83 c0
01 48 89 45 00 48 89 d8 48 83 c4 08 5b 5d c3 0f b6 13 38 d0 74 29 84 d2 75 15 48 c7 45 00 00 00 00 00 48 83 c4
I know, this info can be collected with core dumps but in constrained
environments or when writing out core dumps is impossible (too early in
the boot, fs is fscked), getting some more detailed info might be really
helpful.
Oh, and the size of the change is small enough.
Signed-off-by: Borislav Petkov <bp@...e.de>
Cc: Andy Lutomirski <luto@...nel.org>
Cc: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Peter Zijlstra <peterz@...radead.org>
---
arch/x86/Kconfig.debug | 9 +++++++++
arch/x86/mm/fault.c | 24 +++++++++++++++++++++++-
2 files changed, 32 insertions(+), 1 deletion(-)
diff --git a/arch/x86/Kconfig.debug b/arch/x86/Kconfig.debug
index 67eec55093a5..514bbae2f4c6 100644
--- a/arch/x86/Kconfig.debug
+++ b/arch/x86/Kconfig.debug
@@ -361,4 +361,13 @@ config PUNIT_ATOM_DEBUG
The current power state can be read from
/sys/kernel/debug/punit_atom/dev_power_state
+config SEGFAULT_DETAILED_DEBUG
+ bool "Dump detailed information for fatal segfaults"
+ ---help---
+ Enable this option if you want to see more debug info in
+ the kernel log when fatal segfaults get reported. This
+ option might be useful in constrained environments when
+ core dumps might not be possible and/or filesystems are
+ not ready for a core dump writeout.
+
endmenu
diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c
index 9f72ca3b2669..120f126f5b54 100644
--- a/arch/x86/mm/fault.c
+++ b/arch/x86/mm/fault.c
@@ -847,8 +847,30 @@ show_signal_msg(struct pt_regs *regs, unsigned long error_code,
(void *)regs->ip, (void *)regs->sp, error_code);
print_vma_addr(KERN_CONT " in ", regs->ip);
-
printk(KERN_CONT "\n");
+
+ if (IS_ENABLED(CONFIG_SEGFAULT_DETAILED_DEBUG)) {
+#define PREAMBLE_LEN 21
+#define OPC_BUF_LEN 64
+ u8 code[OPC_BUF_LEN];
+ int len, i;
+
+ len = __copy_from_user_inatomic(code,
+ (void *)regs->ip - PREAMBLE_LEN,
+ OPC_BUF_LEN);
+
+ __show_regs(regs, 1);
+
+ printk(KERN_DEFAULT "Code: ");
+ for (i = 0; i < OPC_BUF_LEN - len; i++) {
+ if (i == PREAMBLE_LEN)
+ pr_cont("<%02x> ", code[i]);
+ else
+ pr_cont("%02x ", code[i]);
+ }
+
+ printk(KERN_CONT "\n");
+ }
}
static void
--
2.10.0
Powered by blists - more mailing lists