From: Marcin Slusarz <marcin.slusarz@gmail.com>
To: Thomas Jarosch <thomas.jarosch@intra2net.com>
Cc: linux-kernel@vger.kernel.org
Subject: Re: RFC: [patch] log fatal signals like SIGSEGV
Date: Tue, 16 Sep 2008 19:42:17 +0200 [thread overview]
Message-ID: <20080916174202.GA5703@joi> (raw)
In-Reply-To: <200809161459.17750.thomas.jarosch@intra2net.com>
On Tue, Sep 16, 2008 at 02:59:16PM +0200, Thomas Jarosch wrote:
> Here's the new version:
> -----------------------------------------------------------------
> From: Thomas Jarosch <thomas.jarosch@intra2net.com>
>
> Log the signals SIGSEGV, SIGILL, SIGABRT, SIGBUS, SIGKILL and SIGFPE
> to aid debugging of obscure problems. Also logs the sender of the signal.
>
> The log message looks like this:
> "kernel: signal 9 sent to freezed[2634] uid:100,
> parent init[1] uid:0 by bash[3168] uid:0, parent sshd[3164] uid:0"
>
> The printing code is based on grsecurity's signal logger.
>
> Signed-off-by: Thomas Jarosch <thomas.jarosch@intra2net.com>
> Signed-off-by: Gerd v. Egidy <gve@intra2net.com>
>
> diff -u -r -p linux-2.6.26.vanilla/kernel/signal.c linux-2.6.26/kernel/signal.c
> --- linux-2.6.26.vanilla/kernel/signal.c Tue Sep 16 13:45:34 2008
> +++ linux-2.6.26/kernel/signal.c Tue Sep 16 14:02:54 2008
> @@ -801,6 +801,24 @@ static inline int legacy_queue(struct si
> return (sig < SIGRTMIN) && sigismember(&signals->signal, sig);
> }
>
> +static void log_signal_and_sender(const int sig, const struct task_struct *t)
> +{
> + if (!((sig == SIGSEGV) || (sig == SIGILL) || (sig == SIGABRT)
> + || (sig == SIGBUS) || (sig == SIGKILL) || (sig == SIGFPE)))
> + return;
> +
> + if (printk_ratelimit()) {
> + /* Note: tasklist_lock is already locked by siglock */
> + printk(KERN_WARNING "signal %d sent to %.30s[%d] uid:%u, "
> + "parent %.30s[%d] uid:%u by %.30s[%d] uid:%u, "
> + "parent %.30s[%d] uid:%u\n", sig, t->comm,
> + t->pid, t->uid, t->parent->comm, t->parent->pid,
> + t->parent->uid, current->comm, current->pid,
> + current->uid, current->parent->comm,
> + current->parent->pid, current->parent->uid);
> + }
> +}
> +
> static int send_signal(int sig, struct siginfo *info, struct task_struct *t,
> int group)
> {
> @@ -810,6 +828,8 @@ static int send_signal(int sig, struct s
> assert_spin_locked(&t->sighand->siglock);
> if (!prepare_signal(sig, t))
> return 0;
> +
> + log_signal_and_sender(sig, t);
>
> pending = group ? &t->signal->shared_pending : &t->pending;
> /*
>
It looks much better now. But I don't think it will go in as is.
Maybe you can disable it by default and create a sysctl switch?
Marcin
next prev parent reply other threads:[~2008-09-16 17:43 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-09-12 13:02 RFC: [patch] log fatal signals like SIGSEGV Thomas Jarosch
2008-09-12 17:11 ` Marcin Slusarz
2008-09-16 12:59 ` Thomas Jarosch
2008-09-16 17:42 ` Marcin Slusarz [this message]
2008-09-17 8:12 ` Thomas Jarosch
2008-09-18 10:10 ` Thomas Jarosch
2008-09-18 20:20 ` Marcin Slusarz
2008-09-20 17:12 ` Thomas Jarosch
2008-09-21 19:05 ` Mikael Pettersson
2008-09-21 19:15 ` Bernd Eckenfels
2008-09-21 19:40 ` Mikael Pettersson
2008-10-06 8:53 ` Thomas Jarosch
2008-09-22 23:52 ` Jiri Kosina
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080916174202.GA5703@joi \
--to=marcin.slusarz@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=thomas.jarosch@intra2net.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox