* [PATCH] exit: Allow oops_limit to be disabled
@ 2022-12-02 21:06 Kees Cook
2022-12-16 14:05 ` Peter Zijlstra
0 siblings, 1 reply; 3+ messages in thread
From: Kees Cook @ 2022-12-02 21:06 UTC (permalink / raw)
To: Jann Horn
Cc: Kees Cook, Seth Jenkins, Jonathan Corbet, Andrew Morton,
Baolin Wang, Jason A. Donenfeld, Eric Biggers, Huang Ying,
Eric W. Biederman, Arnd Bergmann, linux-doc, Guilherme G. Piccoli,
Joel Savitz, Laurent Dufour, Rob Herring, Al Viro, Ingo Molnar,
Peter Zijlstra (Intel), linux-kernel, linux-hardening
In preparation for keeping oops_limit logic in sync with warn_limit,
have oops_limit == 0 disable checking the Oops counter.
Cc: Jann Horn <jannh@google.com>
Cc: Seth Jenkins <sethjenkins@google.com>
Cc: Jonathan Corbet <corbet@lwn.net>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Baolin Wang <baolin.wang@linux.alibaba.com>
Cc: "Jason A. Donenfeld" <Jason@zx2c4.com>
Cc: Eric Biggers <ebiggers@google.com>
Cc: Huang Ying <ying.huang@intel.com>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: linux-doc@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
---
I've changed the warn_limit logic to match...
---
Documentation/admin-guide/sysctl/kernel.rst | 5 +++--
kernel/exit.c | 2 +-
2 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/Documentation/admin-guide/sysctl/kernel.rst b/Documentation/admin-guide/sysctl/kernel.rst
index 09f3fb2f8585..a31d8d81ea07 100644
--- a/Documentation/admin-guide/sysctl/kernel.rst
+++ b/Documentation/admin-guide/sysctl/kernel.rst
@@ -671,8 +671,9 @@ oops_limit
==========
Number of kernel oopses after which the kernel should panic when
-``panic_on_oops`` is not set. Setting this to 0 or 1 has the same effect
-as setting ``panic_on_oops=1``.
+``panic_on_oops`` is not set. Setting this to 0 disables checking
+the count. Setting this to 1 has the same effect as setting
+``panic_on_oops=1``. The default value is 10000.
osrelease, ostype & version
diff --git a/kernel/exit.c b/kernel/exit.c
index dc1a32149f94..deffb8e4b1b2 100644
--- a/kernel/exit.c
+++ b/kernel/exit.c
@@ -954,7 +954,7 @@ void __noreturn make_task_dead(int signr)
* To make sure this can't happen, place an upper bound on how often the
* kernel may oops without panic().
*/
- if (atomic_inc_return(&oops_count) >= READ_ONCE(oops_limit))
+ if (atomic_inc_return(&oops_count) >= READ_ONCE(oops_limit) && oops_limit)
panic("Oopsed too often (kernel.oops_limit is %d)", oops_limit);
/*
--
2.34.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] exit: Allow oops_limit to be disabled
2022-12-02 21:06 [PATCH] exit: Allow oops_limit to be disabled Kees Cook
@ 2022-12-16 14:05 ` Peter Zijlstra
2022-12-16 20:32 ` Kees Cook
0 siblings, 1 reply; 3+ messages in thread
From: Peter Zijlstra @ 2022-12-16 14:05 UTC (permalink / raw)
To: Kees Cook
Cc: Jann Horn, Seth Jenkins, Jonathan Corbet, Andrew Morton,
Baolin Wang, Jason A. Donenfeld, Eric Biggers, Huang Ying,
Eric W. Biederman, Arnd Bergmann, linux-doc, Guilherme G. Piccoli,
Joel Savitz, Laurent Dufour, Rob Herring, Al Viro, Ingo Molnar,
linux-kernel, linux-hardening
On Fri, Dec 02, 2022 at 01:06:21PM -0800, Kees Cook wrote:
> --- a/kernel/exit.c
> +++ b/kernel/exit.c
> @@ -954,7 +954,7 @@ void __noreturn make_task_dead(int signr)
> * To make sure this can't happen, place an upper bound on how often the
> * kernel may oops without panic().
> */
> - if (atomic_inc_return(&oops_count) >= READ_ONCE(oops_limit))
> + if (atomic_inc_return(&oops_count) >= READ_ONCE(oops_limit) && oops_limit)
> panic("Oopsed too often (kernel.oops_limit is %d)", oops_limit);
>
That's dodgy, please write as:
limit = READ_ONCE(oops_limit);
if (atomic_inc_return(&oops_count) >= limit && limit)
So we don't explicitly add a reload that negates the whole READ_ONCE().
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] exit: Allow oops_limit to be disabled
2022-12-16 14:05 ` Peter Zijlstra
@ 2022-12-16 20:32 ` Kees Cook
0 siblings, 0 replies; 3+ messages in thread
From: Kees Cook @ 2022-12-16 20:32 UTC (permalink / raw)
To: Peter Zijlstra
Cc: Jann Horn, Seth Jenkins, Jonathan Corbet, Andrew Morton,
Baolin Wang, Jason A. Donenfeld, Eric Biggers, Huang Ying,
Eric W. Biederman, Arnd Bergmann, linux-doc, Guilherme G. Piccoli,
Joel Savitz, Laurent Dufour, Rob Herring, Al Viro, Ingo Molnar,
linux-kernel, linux-hardening
On Fri, Dec 16, 2022 at 03:05:13PM +0100, Peter Zijlstra wrote:
> On Fri, Dec 02, 2022 at 01:06:21PM -0800, Kees Cook wrote:
>
> > --- a/kernel/exit.c
> > +++ b/kernel/exit.c
> > @@ -954,7 +954,7 @@ void __noreturn make_task_dead(int signr)
> > * To make sure this can't happen, place an upper bound on how often the
> > * kernel may oops without panic().
> > */
> > - if (atomic_inc_return(&oops_count) >= READ_ONCE(oops_limit))
> > + if (atomic_inc_return(&oops_count) >= READ_ONCE(oops_limit) && oops_limit)
> > panic("Oopsed too often (kernel.oops_limit is %d)", oops_limit);
> >
>
> That's dodgy, please write as:
>
> limit = READ_ONCE(oops_limit);
> if (atomic_inc_return(&oops_count) >= limit && limit)
>
> So we don't explicitly add a reload that negates the whole READ_ONCE().
Yup, that's more correct. Sent:
https://lore.kernel.org/lkml/20221216203024.never.640-kees@kernel.org
--
Kees Cook
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-12-16 20:32 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-12-02 21:06 [PATCH] exit: Allow oops_limit to be disabled Kees Cook
2022-12-16 14:05 ` Peter Zijlstra
2022-12-16 20:32 ` Kees Cook
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).