lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20161111101930.32559-1-bp@alien8.de>
Date:   Fri, 11 Nov 2016 11:19:30 +0100
From:   Borislav Petkov <bp@...en8.de>
To:     X86 ML <x86@...nel.org>
Cc:     LKML <linux-kernel@...r.kernel.org>,
        Andy Lutomirski <luto@...nel.org>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        Peter Zijlstra <peterz@...radead.org>
Subject: [RFC PATCH] x86/debug: Dump more detailed segfault info

From: Borislav Petkov <bp@...e.de>

I found out recently that this is very helpful when trying to look at
opcodes around the rIP when the segfault happens, and also poke at
architectural registers. When enabled, it looks something like this:

  strsep[3702]: segfault at 40066b ip 00007ffff7abe22b sp 00007fffffffea70 error 7 in libc-2.19.so[7ffff7a33000+19f000]
  RIP: 0033:[<00007ffff7abe22b>]  [<00007ffff7abe22b>] 0x7ffff7abe22b
  RSP: 002b:00007fffffffea70  EFLAGS: 00010202
  RAX: 000000000040066b RBX: 0000000000400664 RCX: 0000000000000000
  RDX: 0000000000000000 RSI: 000000000000003d RDI: 0000000000400665
  RBP: 00007fffffffea90 R08: 00007ffff7dd7c60 R09: 00007ffff7deae20
  R10: 00007fffffffe850 R11: 00007ffff7abe200 R12: 0000000000400460
  R13: 00007fffffffeb80 R14: 0000000000000000 R15: 0000000000000000
  FS:  00007ffff7fdc700(0000) GS:ffff88007ed40000(0000) knlGS:0000000000000000
  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
  CR2: 000000000040066b CR3: 0000000079a39000 CR4: 00000000000406e0
  Code: 74 33 80 7e 01 00 74 22 48 89 df e8 5a 8a ff ff 48 85 c0 74 20 <c6> 00 00 48 83 c0
  01 48 89 45 00 48 89 d8 48 83 c4 08 5b 5d c3 0f b6 13 38 d0 74 29 84 d2 75 15 48 c7 45 00 00 00 00 00 48 83 c4

I know, this info can be collected with core dumps but in constrained
environments or when writing out core dumps is impossible (too early in
the boot, fs is fscked), getting some more detailed info might be really
helpful.

Oh, and the size of the change is small enough.

Signed-off-by: Borislav Petkov <bp@...e.de>
Cc: Andy Lutomirski <luto@...nel.org>
Cc: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Peter Zijlstra <peterz@...radead.org>
---
 arch/x86/Kconfig.debug |  9 +++++++++
 arch/x86/mm/fault.c    | 24 +++++++++++++++++++++++-
 2 files changed, 32 insertions(+), 1 deletion(-)

diff --git a/arch/x86/Kconfig.debug b/arch/x86/Kconfig.debug
index 67eec55093a5..514bbae2f4c6 100644
--- a/arch/x86/Kconfig.debug
+++ b/arch/x86/Kconfig.debug
@@ -361,4 +361,13 @@ config PUNIT_ATOM_DEBUG
 	  The current power state can be read from
 	  /sys/kernel/debug/punit_atom/dev_power_state
 
+config SEGFAULT_DETAILED_DEBUG
+	bool "Dump detailed information for fatal segfaults"
+	---help---
+	  Enable this option if you want to see more debug info in
+	  the kernel log when fatal segfaults get reported. This
+	  option might be useful in constrained environments when
+	  core dumps might not be possible and/or filesystems are
+	  not ready for a core dump writeout.
+
 endmenu
diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c
index 9f72ca3b2669..120f126f5b54 100644
--- a/arch/x86/mm/fault.c
+++ b/arch/x86/mm/fault.c
@@ -847,8 +847,30 @@ show_signal_msg(struct pt_regs *regs, unsigned long error_code,
 		(void *)regs->ip, (void *)regs->sp, error_code);
 
 	print_vma_addr(KERN_CONT " in ", regs->ip);
-
 	printk(KERN_CONT "\n");
+
+	if (IS_ENABLED(CONFIG_SEGFAULT_DETAILED_DEBUG)) {
+#define PREAMBLE_LEN	21
+#define OPC_BUF_LEN	64
+		u8 code[OPC_BUF_LEN];
+		int len, i;
+
+		len = __copy_from_user_inatomic(code,
+						(void *)regs->ip - PREAMBLE_LEN,
+						OPC_BUF_LEN);
+
+		__show_regs(regs, 1);
+
+		printk(KERN_DEFAULT "Code: ");
+		for (i = 0; i < OPC_BUF_LEN - len; i++) {
+			if (i == PREAMBLE_LEN)
+				pr_cont("<%02x> ", code[i]);
+			else
+				pr_cont("%02x ", code[i]);
+		}
+
+		printk(KERN_CONT "\n");
+	}
 }
 
 static void
-- 
2.10.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ