Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 73125C4332F for ; Sat, 20 Nov 2021 12:17:28 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237378AbhKTMU3 (ORCPT ); Sat, 20 Nov 2021 07:20:29 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38788 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237270AbhKTMUV (ORCPT ); Sat, 20 Nov 2021 07:20:21 -0500 Received: from mail-wm1-x32e.google.com (mail-wm1-x32e.google.com [IPv6:2a00:1450:4864:20::32e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7766DC061756 for ; Sat, 20 Nov 2021 04:17:17 -0800 (PST) Received: by mail-wm1-x32e.google.com with SMTP id 137so7345218wma.1 for ; Sat, 20 Nov 2021 04:17:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=YaZx2Y1Vt1Ut2aTw36wNCypRpJkUbfgmQVTDZ0VmVgg=; b=G0DspSlupKx4AUg5ZT7ltXNlBHPMlfmebwsWLEI0fjNTzN8FF+OAjnHjjkowTA3YTz Y5DGUFU1RqZBdH04tC0xC/avnxq/1+skZ0VCOq1mgUIzCnpJtEHJO9HK7/LIwnRXoRp+ rQz4achBubaElapoI9/Vm6An/nbj7zuytcNNa5DhyFwX7BkkRnuS8Iy3LlaG3ID6GztZ YpZ8RDsV1eLdYDx5VL7v/6AvQ5yHQGI/Q2ZK570uO4q6u0byapqvyd9zlkeZnOLpkU1l Bk8c8Y3m+sCLMdxBlSNTFQ2wLo1WPxZZmXJqgWQbyyzXvjmZnY54fmRSKov6jhnyPm7k mNEA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=YaZx2Y1Vt1Ut2aTw36wNCypRpJkUbfgmQVTDZ0VmVgg=; b=VdfUtarSpy4AazdJeeQ8Ppow5qvkRVlzU8Hu9fJ9r4ouWFEBKkc0qFZXv35tA+hFj3 LJwoMYGhV1xy/pR7wkGtP75BXAnxJugMLNv5trf6AIN0ZH43ChVzp0NMctBN/KsXLXSi Kx5OLAzraoBBuRoZ6vbIARvPACLCi40fvywRRHR4x5krKyIHpt3POhKC8vB5Igovz/T3 fwUkWASl/Z7fcm7EKlvbtX6jVdTqdGOvyacVqAhjsb3Jjjj4+PwGTVwsrtdKmMUdwabn Lc1dvMY7KtHlJ1+1VE3N9S+G1bkAcHuTLxGWOw8TAhpt/g2UPzHoqCnl86mq7ef/TbUV Eq/A== X-Gm-Message-State: AOAM530sQDIgcoSe4t1bGAWRXMHJZw1QKBmw0wXmtE9Ywr5f1ZVleFKb ctPJHjqM39DuyMyENlk9ZkTfgw== X-Google-Smtp-Source: ABdhPJwhl1qUNp/ARRgHBsOEZYB2zBIGB9ymLIhCgmSIMnKiuQtGzmOMF1KU2l9Kmdis+/qTqfvOjQ== X-Received: by 2002:a05:600c:3486:: with SMTP id a6mr9590995wmq.32.1637410635476; Sat, 20 Nov 2021 04:17:15 -0800 (PST) Received: from elver.google.com ([2a00:79e0:15:13:847c:11cc:32b2:b152]) by smtp.gmail.com with ESMTPSA id az15sm2620938wmb.0.2021.11.20.04.17.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 20 Nov 2021 04:17:14 -0800 (PST) Date: Sat, 20 Nov 2021 13:17:08 +0100 From: Marco Elver To: Kees Cook Cc: Steven Rostedt , Lukas Bulwahn , Alexander Popov , Linus Torvalds , Jonathan Corbet , Paul McKenney , Andrew Morton , Thomas Gleixner , Peter Zijlstra , Joerg Roedel , Maciej Rozycki , Muchun Song , Viresh Kumar , Robin Murphy , Randy Dunlap , Lu Baolu , Petr Mladek , Luis Chamberlain , Wei Liu , John Ogness , Andy Shevchenko , Alexey Kardashevskiy , Christophe Leroy , Jann Horn , Greg Kroah-Hartman , Mark Rutland , Andy Lutomirski , Dave Hansen , Will Deacon , Ard Biesheuvel , Laura Abbott , David S Miller , Borislav Petkov , Arnd Bergmann , Andrew Scull , Marc Zyngier , Jessica Yu , Iurii Zaikin , Rasmus Villemoes , Wang Qing , Mel Gorman , Mauro Carvalho Chehab , Andrew Klychkov , Mathieu Chouquet-Stringer , Daniel Borkmann , Stephen Kitt , Stephen Boyd , Thomas Bogendoerfer , Mike Rapoport , Bjorn Andersson , Kernel Hardening , linux-hardening@vger.kernel.org, "open list:DOCUMENTATION" , linux-arch , Linux Kernel Mailing List , linux-fsdevel , notify@kernel.org, main@lists.elisa.tech, safety-architecture@lists.elisa.tech, devel@lists.elisa.tech, Shuah Khan Subject: Re: [PATCH v2 0/2] Introduce the pkill_on_warn parameter Message-ID: References: <20211027233215.306111-1-alex.popov@linux.com> <77b79f0c-48f2-16dd-1d00-22f3a1b1f5a6@linux.com> <20211115110649.4f9cb390@gandalf.local.home> <202111151116.933184F716@keescook> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <202111151116.933184F716@keescook> User-Agent: Mutt/2.0.5 (2021-01-21) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Nov 15, 2021 at 02:06PM -0800, Kees Cook wrote: [...] > However, that's a lot to implement when Marco's tracing suggestion might > be sufficient and policy could be entirely implemented in userspace. It > could be as simple as this (totally untested): [...] > > Marco, is this the full version of monitoring this from the userspace > side? Sorry I completely missed this email (I somehow wasn't Cc'd... I just saw it by chance re-reading this thread). I've sent a patch to add WARN: https://lkml.kernel.org/r/20211115085630.1756817-1-elver@google.com Not sure how useful BUG is, but I have no objection to it also being traced if you think it's useful. (I added it to kernel/panic.c, because lib/bug.c requires CONFIG_GENERIC_BUG.) > perf record -e error_report:error_report_end I think userspace would want something other than perf tool to handle it of course. There are several options: 1. Open trace pipe to be notified (/sys/kernel/tracing/trace_pipe). This already includes the pid. 2. As you suggest, use perf events globally (but the handling would be done by some system process). 3. As of 5.13 there's actually a new perf feature to synchronously SIGTRAP the exact task where an event occurred (see perf_event_attr::sigtrap). This would very closely mimic pkill_on_warn (because the SIGTRAP is synchronous), but lets the process being SIGTRAP'd decide what to do. Not sure how to deploy this though, because a) only root user can create this perf event (because exclude_kernel=0), and b) sigtrap perf events deliberately won't propagate beyond an exec (must remove_on_exec=1 if sigtrap=1) because who knows if the exec'd process has the right SIGTRAP handler. I think #3 is hard to deploy right, but below is an example program I played with. Thanks, -- Marco ------ >8 ------ #define _GNU_SOURCE #include #include #include #include #include #include #include #include static void sigtrap_handler(int signum, siginfo_t *info, void *ucontext) { // FIXME: check event is error_report_end printf("Kernel error in this task!\n"); } static void generate_warning(void) { ... do something to generate a warning ... } int main() { struct perf_event_attr attr = { .type = PERF_TYPE_TRACEPOINT, .size = sizeof(attr), .config = 189, // FIXME: error_report_end .sample_period = 1, .inherit = 1, /* Children inherit events ... */ .remove_on_exec = 1, /* Required by sigtrap. */ .sigtrap = 1, /* Request synchronous SIGTRAP on event. */ .sig_data = 189, /* FIXME: use to identify error_report_end */ }; struct sigaction action = {}; struct sigaction oldact; int fd; action.sa_flags = SA_SIGINFO | SA_NODEFER; action.sa_sigaction = sigtrap_handler; sigemptyset(&action.sa_mask); assert(sigaction(SIGTRAP, &action, &oldact) == 0); fd = syscall(__NR_perf_event_open, &attr, 0, -1, -1, PERF_FLAG_FD_CLOEXEC); assert(fd != -1); sleep(5); /* Try to generate a warning from elsewhere, nothing will be printed. */ generate_warning(); /* Warning from this process. */ sigaction(SIGTRAP, &oldact, NULL); close(fd); return 0; }