Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S934094AbcKMPp4 (ORCPT <rfc822;w@1wt.eu>);
        Sun, 13 Nov 2016 10:45:56 -0500
Received: from mail.skyhub.de ([78.46.96.112]:45594 "EHLO mail.skyhub.de"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1753064AbcKMPpz (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Sun, 13 Nov 2016 10:45:55 -0500
Date: Sun, 13 Nov 2016 12:25:52 +0100
From: Borislav Petkov <bp@alien8.de>
To: Ingo Molnar <mingo@kernel.org>
Cc: X86 ML <x86@kernel.org>, LKML <linux-kernel@vger.kernel.org>,
        Andy Lutomirski <luto@kernel.org>,
        Linus Torvalds <torvalds@linux-foundation.org>,
        Peter Zijlstra <peterz@infradead.org>
Subject: Re: [RFC PATCH] x86/debug: Dump more detailed segfault info
Message-ID: <20161113112552.ci5hkct4d4xm6rrf@pd.tnic>
References: <20161111101930.32559-1-bp@alien8.de>
 <20161112110649.GA28774@gmail.com>
 <20161112122736.fmiowshbus5hjjnb@pd.tnic>
 <20161113073903.GA648@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <20161113073903.GA648@gmail.com>
User-Agent: NeoMutt/20161014 (1.7.1)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1431
Lines: 43

On Sun, Nov 13, 2016 at 08:39:03AM +0100, Ingo Molnar wrote:
> That's definitely how it came out of 'dmesg' - I've attached my .config.

Hmm, enabling all *PRINTK* options from your .config doesn't change
anything for my qemu guest here. Lemme try with your full config.

> That runtime flag is definitely useful, but I think we should also do
> the proper permission checks - for 'defense in depth' reasons and all
> that.
>
> There might be situations where an admin might want to use this on
> a production system - I had some trouble in the past getting/seeing
> segfaults that trigger in SystemD for example.

Well, we have to pay attention not to cripple a nice debugging feature
with security. For example, come to think of it, having a debugfs flag
doesn't help if you want to see early boot segfaults, before even being
able to log in and set that flag to 1.

So the better solution would be a kernel command line flag:

  detailed_segfault=1

This is where we could also control which segfaults to see:

  detailed_segfault=<comma_separated_uid_list>

where uid comes from task_uid() (or should it be task_euid()?). No need
for the "1" - the mere presence of the command line option is enough.

With a special option of

  detailed_segfault=*

which enables it for all.

I think that's a good compromise with security.

-- 
Regards/Gruss,
    Boris.

Good mailing practices for 400: avoid top-posting and trim the reply.