Message ID | 20221117234328.594699-5-keescook@chromium.org |
---|---|
State | New |
Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org> Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:f944:0:0:0:0:0 with SMTP id q4csp682997wrr; Thu, 17 Nov 2022 15:48:50 -0800 (PST) X-Google-Smtp-Source: AA0mqf6ttGq+7SbcsjATSa0cNsdaJOQxx3m2sDMTuIOzoEOCzMeRi9tBKc22vmuMGWHBCvpsuJjM X-Received: by 2002:a63:575b:0:b0:46f:a202:f6be with SMTP id h27-20020a63575b000000b0046fa202f6bemr4253972pgm.378.1668728930150; Thu, 17 Nov 2022 15:48:50 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1668728930; cv=none; d=google.com; s=arc-20160816; b=WPdExp+cN9jXAGwdvOJEDTUgCDxYQ/Nxpt35UoZD8o1Q7zcs6SqqHfM/yNyrzUuUP1 YIbDoedTTw2Y8CfifT+8P7xRthPBBewhtUnrmvzd5I4ArFntdG4ol6WqHYhjFWg8bZk6 E5SwzDzxCi5JsFDn3G+TXYyTnG3azLOC3JYNynYMtnPBJICG14U4RI0+Qc5yjHiNKSah IqFJl59/8j2DeGYrI1XWw28EeYjmXDZ30XgLebnHAUFrAR7REm02WQa1dJOfTx1BVhlF nMjZC6bqoC/QtGq6Ho2F31NCvz41OHWfCh50wWCQzwNMgqYTojdHd0UGcbzeV8gcM9Zt ajQw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=xfJil3q4xneaphG+dBltmhf3iJIzvXDIW+JWkiHPnUY=; b=EJ5WqnVNge0qfanWp42qmqYRGdKkfl6XkHLSFymdL5sgeuajKsUP9SEl0I/8M4iKn1 1H+8FsXfhmiFa4LLtug6PCAuDniFCfXLy2fY/nloXY3lliOsRNrMWuawD109sWylgD1U CjhWRU2f3j/NbZIEq4StoBCD3R44fbSDdcajhLq7tb6ztoPOu9WD8242hSaELQKfUSIq 9F8KCdehztrhqz04fpRP4jLETMD1pR2Hs4lhBYLpr7UgALT/9CMXKb6ySDBgwLcCLHyy ijbY6tZrMX2q5144u1yzTgcWsjtm0Q4lUx1BJs7RIkaHhiordL1v9cgpFY9zM2zK4JBk gjnQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=EIZNUa8F; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id pj2-20020a17090b4f4200b0020a71053a85si2265807pjb.143.2022.11.17.15.48.36; Thu, 17 Nov 2022 15:48:50 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=EIZNUa8F; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240609AbiKQXnx (ORCPT <rfc822;a1648639935@gmail.com> + 99 others); Thu, 17 Nov 2022 18:43:53 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47148 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S239916AbiKQXne (ORCPT <rfc822;linux-kernel@vger.kernel.org>); Thu, 17 Nov 2022 18:43:34 -0500 Received: from mail-pf1-x42f.google.com (mail-pf1-x42f.google.com [IPv6:2607:f8b0:4864:20::42f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7199BB1E9 for <linux-kernel@vger.kernel.org>; Thu, 17 Nov 2022 15:43:32 -0800 (PST) Received: by mail-pf1-x42f.google.com with SMTP id z26so3315333pff.1 for <linux-kernel@vger.kernel.org>; Thu, 17 Nov 2022 15:43:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=xfJil3q4xneaphG+dBltmhf3iJIzvXDIW+JWkiHPnUY=; b=EIZNUa8F4WGrYp2tv1yKcZu0GTfzafGhT2L2DQkMVoO4piZ/rKuOgsgZvDgSG/Igd1 wdittd188cOqUku2QHG/wUBisTrq6vaHN9O6aNHqdPFeMwEYWiC4fNriciImpLYtTrqb 4kg2geAt6OwKUf+9fH/CfZXCZKRQplGj1+3eU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=xfJil3q4xneaphG+dBltmhf3iJIzvXDIW+JWkiHPnUY=; b=7KLeO+i83nNvyX8wAjwIGVwndCEGEjRXw91RheraCFbOG4MblMAeV1Ijd7RbRLBYRo /RshVEhFUD2flCcYtsIug4LzPd8EL3ePBk+JbIRLnnNGQWU/APGgygoO5gOKCWthDR8T XXOXHbccikW0EhnObdbAk5WEJrjQyLMm4ZqEGXdbTBWrl/jeGEtBsZVHw21KqjnI+0/a Gyju5N9/qcAEyK37ZFEhrDUAjGRaNCZ0rpH0tns0mnwPCpsBGrVY7O+63QT/CpySUnkl cPIlcgftNIOeBo0HvIk885wUxpObn18xokyGk4sTiUalEBUeFA3JaeAbrgBv1zHWhBaf XIhg== X-Gm-Message-State: ANoB5pnO+2uumXyjGe951FbppO6g2eOpBR2FyxfwxbHtcufcx/dikhKV 1QXzg+3ZSkvNNLzOzexEhiaygw== X-Received: by 2002:a63:114b:0:b0:46a:e00b:ada0 with SMTP id 11-20020a63114b000000b0046ae00bada0mr4211444pgr.409.1668728611983; Thu, 17 Nov 2022 15:43:31 -0800 (PST) Received: from www.outflux.net (198-0-35-241-static.hfc.comcastbusiness.net. [198.0.35.241]) by smtp.gmail.com with ESMTPSA id h72-20020a62834b000000b0056bd1bf4243sm1738916pfe.53.2022.11.17.15.43.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 17 Nov 2022 15:43:31 -0800 (PST) From: Kees Cook <keescook@chromium.org> To: Jann Horn <jannh@google.com> Cc: Kees Cook <keescook@chromium.org>, Jonathan Corbet <corbet@lwn.net>, Andrew Morton <akpm@linux-foundation.org>, Baolin Wang <baolin.wang@linux.alibaba.com>, "Jason A. Donenfeld" <Jason@zx2c4.com>, Eric Biggers <ebiggers@google.com>, Huang Ying <ying.huang@intel.com>, Petr Mladek <pmladek@suse.com>, tangmeng <tangmeng@uniontech.com>, "Guilherme G. Piccoli" <gpiccoli@igalia.com>, Tiezhu Yang <yangtiezhu@loongson.cn>, Sebastian Andrzej Siewior <bigeasy@linutronix.de>, linux-doc@vger.kernel.org, Luis Chamberlain <mcgrof@kernel.org>, Seth Jenkins <sethjenkins@google.com>, Greg KH <gregkh@linuxfoundation.org>, Linus Torvalds <torvalds@linuxfoundation.org>, Andy Lutomirski <luto@kernel.org>, "Eric W. Biederman" <ebiederm@xmission.com>, Arnd Bergmann <arnd@arndb.de>, Dmitry Vyukov <dvyukov@google.com>, Peter Zijlstra <peterz@infradead.org>, Juri Lelli <juri.lelli@redhat.com>, Vincent Guittot <vincent.guittot@linaro.org>, Dietmar Eggemann <dietmar.eggemann@arm.com>, Steven Rostedt <rostedt@goodmis.org>, Ben Segall <bsegall@google.com>, Daniel Bristot de Oliveira <bristot@redhat.com>, Valentin Schneider <vschneid@redhat.com>, Andrey Ryabinin <ryabinin.a.a@gmail.com>, Alexander Potapenko <glider@google.com>, Andrey Konovalov <andreyknvl@gmail.com>, Vincenzo Frascino <vincenzo.frascino@arm.com>, David Gow <davidgow@google.com>, "Paul E. McKenney" <paulmck@kernel.org>, Anton Vorontsov <anton@enomsg.org>, Mauro Carvalho Chehab <mchehab+huawei@kernel.org>, Laurent Dufour <ldufour@linux.ibm.com>, Rob Herring <robh@kernel.org>, linux-kernel@vger.kernel.org, kasan-dev@googlegroups.com, linux-mm@kvack.org, linux-hardening@vger.kernel.org Subject: [PATCH v3 5/6] panic: Introduce warn_limit Date: Thu, 17 Nov 2022 15:43:25 -0800 Message-Id: <20221117234328.594699-5-keescook@chromium.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20221117233838.give.484-kees@kernel.org> References: <20221117233838.give.484-kees@kernel.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=2740; h=from:subject; bh=UAp3/gSn5HSib4EzfW5wRRKF+FGTDjoMEFBYjvCvDcw=; b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBjdscd1GA/3PLtD3N4H7SsA34PTW3nka1IngIvEXYO EYIpEOyJAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCY3bHHQAKCRCJcvTf3G3AJvptEA CdGFz8DSNbF4RMjKrrJk88mEDkxWYDqPKgqX4mCBz5IHyHLYf59wVt93MA2s9+Y5dISuBzWnk9orB4 qfArFrJPEPZY2IBBUlcPeCEho6xpwbHRntreRWX2Sn3lBbclKlgm+lVQ4FTgRavIV0cJjI0qMAutZF FAOyJnKFEYiRADA34tk5jIW4ubWsNHHNSG3AjwA0jb9PVui0Wy9LqrbJj0EJD9bkuR/7WGPavbMUEg ntUcsuYQDfvqUgW6Ywm+NK7jv4NozevnPZ7AVR7JCAdexGnbZsuZSeeal58/st/wu+XrpcUVhLcQ5q 8dapczcaRwqnG01Y1bbClamjnwPLMwL60GNMluInTigO4LEXvrEh9pUIjhTIXeIq9QAqDRxjifFRMu bCTr8sX6wOsDtkOizBKxqRBSgCsNFG4CFJbDcxGi5ZJNmOeFwyaJxfQbAWOUq+JZUKZ5FA51HfTDoN 4WjzLeqQ1jqeVDmfPJ0NgZD1rNVWBPpEPRaOmkukaDQyyOeA5Fbh7vfLGUGFMgs3m3NngBdna8YG19 Bv6YBosdV/NmTETybYC0gITxiJPHbKV1dx0B+ZNAbQ9wm1FfG+41bCdpnicHfdZwQGkISK1KSkk6cP 1VQADkQ9vKmG7cMXRQDydqjmg7PmKftmrXjELJoAwbLHqmZ85HDIfmjxDQKg== X-Developer-Key: i=keescook@chromium.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: <linux-kernel.vger.kernel.org> X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1749789106701432083?= X-GMAIL-MSGID: =?utf-8?q?1749789106701432083?= |
Series |
exit: Put an upper limit on how often we can oops
|
|
Commit Message
Kees Cook
Nov. 17, 2022, 11:43 p.m. UTC
Like oops_limit, add warn_limit for limiting the number of warnings when panic_on_warn is not set. Cc: Jonathan Corbet <corbet@lwn.net> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: Baolin Wang <baolin.wang@linux.alibaba.com> Cc: "Jason A. Donenfeld" <Jason@zx2c4.com> Cc: Eric Biggers <ebiggers@google.com> Cc: Huang Ying <ying.huang@intel.com> Cc: Petr Mladek <pmladek@suse.com> Cc: tangmeng <tangmeng@uniontech.com> Cc: "Guilherme G. Piccoli" <gpiccoli@igalia.com> Cc: Tiezhu Yang <yangtiezhu@loongson.cn> Cc: Sebastian Andrzej Siewior <bigeasy@linutronix.de> Cc: linux-doc@vger.kernel.org Reviewed-by: Luis Chamberlain <mcgrof@kernel.org> Signed-off-by: Kees Cook <keescook@chromium.org> --- Documentation/admin-guide/sysctl/kernel.rst | 9 +++++++++ kernel/panic.c | 14 ++++++++++++++ 2 files changed, 23 insertions(+)
Comments
On Thu, Nov 17, 2022 at 03:43:25PM -0800, Kees Cook wrote: > Like oops_limit, add warn_limit for limiting the number of warnings when > panic_on_warn is not set. > > Cc: Jonathan Corbet <corbet@lwn.net> > Cc: Andrew Morton <akpm@linux-foundation.org> > Cc: Baolin Wang <baolin.wang@linux.alibaba.com> > Cc: "Jason A. Donenfeld" <Jason@zx2c4.com> > Cc: Eric Biggers <ebiggers@google.com> > Cc: Huang Ying <ying.huang@intel.com> > Cc: Petr Mladek <pmladek@suse.com> > Cc: tangmeng <tangmeng@uniontech.com> > Cc: "Guilherme G. Piccoli" <gpiccoli@igalia.com> > Cc: Tiezhu Yang <yangtiezhu@loongson.cn> > Cc: Sebastian Andrzej Siewior <bigeasy@linutronix.de> > Cc: linux-doc@vger.kernel.org > Reviewed-by: Luis Chamberlain <mcgrof@kernel.org> > Signed-off-by: Kees Cook <keescook@chromium.org> > --- > Documentation/admin-guide/sysctl/kernel.rst | 9 +++++++++ > kernel/panic.c | 14 ++++++++++++++ > 2 files changed, 23 insertions(+) > > diff --git a/Documentation/admin-guide/sysctl/kernel.rst b/Documentation/admin-guide/sysctl/kernel.rst > index 09f3fb2f8585..c385d5319cdf 100644 > --- a/Documentation/admin-guide/sysctl/kernel.rst > +++ b/Documentation/admin-guide/sysctl/kernel.rst > @@ -1508,6 +1508,15 @@ entry will default to 2 instead of 0. > 2 Unprivileged calls to ``bpf()`` are disabled > = ============================================================= > > + > +warn_limit > +========== > + > +Number of kernel warnings after which the kernel should panic when > +``panic_on_warn`` is not set. Setting this to 0 or 1 has the same effect > +as setting ``panic_on_warn=1``. > + > + > watchdog > ======== > > diff --git a/kernel/panic.c b/kernel/panic.c > index cfa354322d5f..e5aab27496d7 100644 > --- a/kernel/panic.c > +++ b/kernel/panic.c > @@ -58,6 +58,7 @@ bool crash_kexec_post_notifiers; > int panic_on_warn __read_mostly; > unsigned long panic_on_taint; > bool panic_on_taint_nousertaint = false; > +static unsigned int warn_limit __read_mostly = 10000; > > int panic_timeout = CONFIG_PANIC_TIMEOUT; > EXPORT_SYMBOL_GPL(panic_timeout); > @@ -88,6 +89,13 @@ static struct ctl_table kern_panic_table[] = { > .extra2 = SYSCTL_ONE, > }, > #endif > + { > + .procname = "warn_limit", > + .data = &warn_limit, > + .maxlen = sizeof(warn_limit), > + .mode = 0644, > + .proc_handler = proc_douintvec, > + }, > { } > }; > > @@ -203,8 +211,14 @@ static void panic_print_sys_info(bool console_flush) > > void check_panic_on_warn(const char *origin) > { > + static atomic_t warn_count = ATOMIC_INIT(0); > + > if (panic_on_warn) > panic("%s: panic_on_warn set ...\n", origin); > + > + if (atomic_inc_return(&warn_count) >= READ_ONCE(warn_limit)) > + panic("%s: system warned too often (kernel.warn_limit is %d)", > + warn_limit); Bah. This should be: origin, warn_limit.
diff --git a/Documentation/admin-guide/sysctl/kernel.rst b/Documentation/admin-guide/sysctl/kernel.rst index 09f3fb2f8585..c385d5319cdf 100644 --- a/Documentation/admin-guide/sysctl/kernel.rst +++ b/Documentation/admin-guide/sysctl/kernel.rst @@ -1508,6 +1508,15 @@ entry will default to 2 instead of 0. 2 Unprivileged calls to ``bpf()`` are disabled = ============================================================= + +warn_limit +========== + +Number of kernel warnings after which the kernel should panic when +``panic_on_warn`` is not set. Setting this to 0 or 1 has the same effect +as setting ``panic_on_warn=1``. + + watchdog ======== diff --git a/kernel/panic.c b/kernel/panic.c index cfa354322d5f..e5aab27496d7 100644 --- a/kernel/panic.c +++ b/kernel/panic.c @@ -58,6 +58,7 @@ bool crash_kexec_post_notifiers; int panic_on_warn __read_mostly; unsigned long panic_on_taint; bool panic_on_taint_nousertaint = false; +static unsigned int warn_limit __read_mostly = 10000; int panic_timeout = CONFIG_PANIC_TIMEOUT; EXPORT_SYMBOL_GPL(panic_timeout); @@ -88,6 +89,13 @@ static struct ctl_table kern_panic_table[] = { .extra2 = SYSCTL_ONE, }, #endif + { + .procname = "warn_limit", + .data = &warn_limit, + .maxlen = sizeof(warn_limit), + .mode = 0644, + .proc_handler = proc_douintvec, + }, { } }; @@ -203,8 +211,14 @@ static void panic_print_sys_info(bool console_flush) void check_panic_on_warn(const char *origin) { + static atomic_t warn_count = ATOMIC_INIT(0); + if (panic_on_warn) panic("%s: panic_on_warn set ...\n", origin); + + if (atomic_inc_return(&warn_count) >= READ_ONCE(warn_limit)) + panic("%s: system warned too often (kernel.warn_limit is %d)", + warn_limit); } /**