From: masouds@google.com (Masoud Asgharifard Sharbiani)
To: bunk@stusta.de
Cc: linux-kernel@vger.kernel.org
Subject: [PATCH] Ratelimit printks due to unhandled signals in x86_64
Date: Sat, 9 Jun 2007 11:38:31 -0700 [thread overview]
Message-ID: <20070609183831.GA24688@google.com> (raw)
Hello,
The following patch enables ratelimiting of unhandled signals in x86_64.
Without this, a malicious user could inflict local DoS and fill up the
logs with a code like this:
main()
{
while(1)
if (!fork())
*(int *)0 = 0;
}
The patch is against 2.6.16.y tree. I've sent a similar one to Andrew
for inclusion in the -mm tree.
cheers,
Masoud
Signed-off-by: Masoud Sharbiani <masouds@google.com>
diff --git a/arch/x86_64/kernel/signal.c b/arch/x86_64/kernel/signal.c
index 5876df1..4b3cd29 100644
--- a/arch/x86_64/kernel/signal.c
+++ b/arch/x86_64/kernel/signal.c
@@ -505,7 +505,7 @@ void do_notify_resume(struct pt_regs *regs, sigset_t *oldset, __u32 thread_info_
void signal_fault(struct pt_regs *regs, void __user *frame, char *where)
{
struct task_struct *me = current;
- if (exception_trace)
+ if (exception_trace && printk_ratelimit())
printk("%s[%d] bad frame in %s frame:%p rip:%lx rsp:%lx orax:%lx\n",
me->comm,me->pid,where,frame,regs->rip,regs->rsp,regs->orig_rax);
diff --git a/arch/x86_64/kernel/traps.c b/arch/x86_64/kernel/traps.c
index a5209fd..4f22aaa 100644
--- a/arch/x86_64/kernel/traps.c
+++ b/arch/x86_64/kernel/traps.c
@@ -480,7 +480,8 @@ static void __kprobes do_trap(int trapnr, int signr, char *str,
tsk->thread.trap_no = trapnr;
if (user_mode(regs)) {
- if (exception_trace && unhandled_signal(tsk, signr))
+ if (exception_trace && unhandled_signal(tsk, signr) &&
+ printk_ratelimit())
printk(KERN_INFO
"%s[%d] trap %s rip:%lx rsp:%lx error:%lx\n",
tsk->comm, tsk->pid, str,
diff --git a/arch/x86_64/mm/fault.c b/arch/x86_64/mm/fault.c
index 2e7c3c8..92f6448 100644
--- a/arch/x86_64/mm/fault.c
+++ b/arch/x86_64/mm/fault.c
@@ -475,7 +475,8 @@ bad_area_nosemaphore:
(address >> 32))
return;
- if (exception_trace && unhandled_signal(tsk, SIGSEGV)) {
+ if (exception_trace && unhandled_signal(tsk, SIGSEGV) &&
+ printk_ratelimit()) {
printk(
"%s%s[%d]: segfault at %016lx rip %016lx rsp %016lx error %lx\n",
tsk->pid > 1 ? KERN_INFO : KERN_EMERG,
reply other threads:[~2007-06-09 18:40 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20070609183831.GA24688@google.com \
--to=masouds@google.com \
--cc=bunk@stusta.de \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox