From: Masoud Sharbiani /proc/sys/debug/exception-trace) Also, all of the lines being printed are now using printk_ratelimit() to deny the ability of DoS from a local user with a program like the following: main() { while (1) if (!fork()) *(int *)0 = 0; } With this patch, the old exception_trace that was enabled becomes disabled by default; x86_64 had that enabled, and i386 didn't have anything... Signed-off-by: Masoud Sharbiani Signed-off-by: Andrew Morton --- arch/i386/kernel/signal.c | 7 ------ arch/i386/kernel/traps.c | 7 ------ arch/i386/mm/fault.c | 10 --------- arch/x86_64/kernel/signal.c | 2 - arch/x86_64/kernel/traps.c | 6 +---- arch/x86_64/mm/fault.c | 15 +++++++++++--- arch/x86_64/mm/init.c | 35 ++++++++++++++++++++++++++++++++++ include/asm-x86_64/proto.h | 2 + include/linux/signal.h | 3 -- kernel/signal.c | 10 --------- kernel/sysctl.c | 10 --------- 11 files changed, 52 insertions(+), 55 deletions(-) diff -puN arch/i386/kernel/signal.c~x86-disable-unhandled-signals-printk-by-default arch/i386/kernel/signal.c --- a/arch/i386/kernel/signal.c~x86-disable-unhandled-signals-printk-by-default +++ a/arch/i386/kernel/signal.c @@ -199,13 +199,6 @@ asmlinkage int sys_sigreturn(unsigned lo return eax; badframe: - if (show_unhandled_signals && printk_ratelimit()) - printk("%s%s[%d] bad frame in sigreturn frame:%p eip:%lx" - " esp:%lx oeax:%lx\n", - current->pid > 1 ? KERN_INFO : KERN_EMERG, - current->comm, current->pid, frame, regs->eip, - regs->esp, regs->orig_eax); - force_sig(SIGSEGV, current); return 0; } diff -puN arch/i386/kernel/traps.c~x86-disable-unhandled-signals-printk-by-default arch/i386/kernel/traps.c --- a/arch/i386/kernel/traps.c~x86-disable-unhandled-signals-printk-by-default +++ a/arch/i386/kernel/traps.c @@ -618,13 +618,6 @@ fastcall void __kprobes do_general_prote current->thread.error_code = error_code; current->thread.trap_no = 13; - if (show_unhandled_signals && unhandled_signal(current, SIGSEGV) && - printk_ratelimit()) - printk(KERN_INFO - "%s[%d] general protection eip:%lx esp:%lx error:%lx\n", - current->comm, current->pid, - regs->eip, regs->esp, error_code); - force_sig(SIGSEGV, current); return; diff -puN arch/i386/mm/fault.c~x86-disable-unhandled-signals-printk-by-default arch/i386/mm/fault.c --- a/arch/i386/mm/fault.c~x86-disable-unhandled-signals-printk-by-default +++ a/arch/i386/mm/fault.c @@ -283,8 +283,6 @@ static inline int vmalloc_fault(unsigned return 0; } -int show_unhandled_signals = 1; - /* * This routine handles page faults. It determines the address, * and the problem, and then passes it off to one of the appropriate @@ -471,14 +469,6 @@ bad_area_nosemaphore: if (is_prefetch(regs, address, error_code)) return; - if (show_unhandled_signals && unhandled_signal(tsk, SIGSEGV) && - printk_ratelimit()) { - printk("%s%s[%d]: segfault at %08lx eip %08lx " - "esp %08lx error %lx\n", - tsk->pid > 1 ? KERN_INFO : KERN_EMERG, - tsk->comm, tsk->pid, address, regs->eip, - regs->esp, error_code); - } tsk->thread.cr2 = address; /* Kernel addresses are always protection faults */ tsk->thread.error_code = error_code | (address >= TASK_SIZE); diff -puN arch/x86_64/kernel/signal.c~x86-disable-unhandled-signals-printk-by-default arch/x86_64/kernel/signal.c --- a/arch/x86_64/kernel/signal.c~x86-disable-unhandled-signals-printk-by-default +++ a/arch/x86_64/kernel/signal.c @@ -487,7 +487,7 @@ do_notify_resume(struct pt_regs *regs, v void signal_fault(struct pt_regs *regs, void __user *frame, char *where) { struct task_struct *me = current; - if (show_unhandled_signals && printk_ratelimit()) + if (exception_trace) printk("%s[%d] bad frame in %s frame:%p rip:%lx rsp:%lx orax:%lx\n", me->comm,me->pid,where,frame,regs->rip,regs->rsp,regs->orig_rax); diff -puN arch/x86_64/kernel/traps.c~x86-disable-unhandled-signals-printk-by-default arch/x86_64/kernel/traps.c --- a/arch/x86_64/kernel/traps.c~x86-disable-unhandled-signals-printk-by-default +++ a/arch/x86_64/kernel/traps.c @@ -584,8 +584,7 @@ static void __kprobes do_trap(int trapnr tsk->thread.error_code = error_code; tsk->thread.trap_no = trapnr; - if (show_unhandled_signals && unhandled_signal(tsk, signr) && - printk_ratelimit()) + if (exception_trace && unhandled_signal(tsk, signr)) printk(KERN_INFO "%s[%d] trap %s rip:%lx rsp:%lx error:%lx\n", tsk->comm, tsk->pid, str, @@ -689,8 +688,7 @@ asmlinkage void __kprobes do_general_pro tsk->thread.error_code = error_code; tsk->thread.trap_no = 13; - if (show_unhandled_signals && unhandled_signal(tsk, SIGSEGV) && - printk_ratelimit()) + if (exception_trace && unhandled_signal(tsk, SIGSEGV)) printk(KERN_INFO "%s[%d] general protection rip:%lx rsp:%lx error:%lx\n", tsk->comm, tsk->pid, diff -puN arch/x86_64/mm/fault.c~x86-disable-unhandled-signals-printk-by-default arch/x86_64/mm/fault.c --- a/arch/x86_64/mm/fault.c~x86-disable-unhandled-signals-printk-by-default +++ a/arch/x86_64/mm/fault.c @@ -221,6 +221,16 @@ static int is_errata93(struct pt_regs *r return 0; } +int unhandled_signal(struct task_struct *tsk, int sig) +{ + if (is_init(tsk)) + return 1; + if (tsk->ptrace & PT_PTRACED) + return 0; + return (tsk->sighand->action[sig-1].sa.sa_handler == SIG_IGN) || + (tsk->sighand->action[sig-1].sa.sa_handler == SIG_DFL); +} + static noinline void pgtable_bad(unsigned long address, struct pt_regs *regs, unsigned long error_code) { @@ -292,7 +302,7 @@ static int vmalloc_fault(unsigned long a } static int page_fault_trace; -int show_unhandled_signals = 1; +int exception_trace = 1; /* * This routine handles page faults. It determines the address, @@ -484,8 +494,7 @@ bad_area_nosemaphore: (address >> 32)) return; - if (show_unhandled_signals && unhandled_signal(tsk, SIGSEGV) && - printk_ratelimit()) { + if (exception_trace && unhandled_signal(tsk, SIGSEGV)) { printk( "%s%s[%d]: segfault at %016lx rip %016lx rsp %016lx error %lx\n", tsk->pid > 1 ? KERN_INFO : KERN_EMERG, diff -puN arch/x86_64/mm/init.c~x86-disable-unhandled-signals-printk-by-default arch/x86_64/mm/init.c --- a/arch/x86_64/mm/init.c~x86-disable-unhandled-signals-printk-by-default +++ a/arch/x86_64/mm/init.c @@ -697,6 +697,41 @@ int kern_addr_valid(unsigned long addr) return pfn_valid(pte_pfn(*pte)); } +#ifdef CONFIG_SYSCTL +#include + +extern int exception_trace, page_fault_trace; + +static ctl_table debug_table2[] = { + { + .ctl_name = 99, + .procname = "exception-trace", + .data = &exception_trace, + .maxlen = sizeof(int), + .mode = 0644, + .proc_handler = proc_dointvec + }, + {} +}; + +static ctl_table debug_root_table2[] = { + { + .ctl_name = CTL_DEBUG, + .procname = "debug", + .mode = 0555, + .child = debug_table2 + }, + {} +}; + +static __init int x8664_sysctl_init(void) +{ + register_sysctl_table(debug_root_table2); + return 0; +} +__initcall(x8664_sysctl_init); +#endif + /* A pseudo VMA to allow ptrace access for the vsyscall page. This only covers the 64bit vsyscall page now. 32bit has a real VMA now and does not need special handling anymore. */ diff -puN include/asm-x86_64/proto.h~x86-disable-unhandled-signals-printk-by-default include/asm-x86_64/proto.h --- a/include/asm-x86_64/proto.h~x86-disable-unhandled-signals-printk-by-default +++ a/include/asm-x86_64/proto.h @@ -75,6 +75,8 @@ extern void setup_node_bootmem(int nodei extern void early_quirks(void); extern void check_efer(void); +extern int unhandled_signal(struct task_struct *tsk, int sig); + extern void select_idle_routine(const struct cpuinfo_x86 *c); extern unsigned long table_start, table_end; diff -puN include/linux/signal.h~x86-disable-unhandled-signals-printk-by-default include/linux/signal.h --- a/include/linux/signal.h~x86-disable-unhandled-signals-printk-by-default +++ a/include/linux/signal.h @@ -237,15 +237,12 @@ extern int group_send_sig_info(int sig, extern int __group_send_sig_info(int, struct siginfo *, struct task_struct *); extern long do_sigpending(void __user *, unsigned long); extern int sigprocmask(int, sigset_t *, sigset_t *); -extern int show_unhandled_signals; struct pt_regs; extern int get_signal_to_deliver(siginfo_t *info, struct k_sigaction *return_ka, struct pt_regs *regs, void *cookie); extern struct kmem_cache *sighand_cachep; -int unhandled_signal(struct task_struct *tsk, int sig); - /* * In POSIX a signal is sent either to a specific thread (Linux task) * or to the process as a whole (Linux thread group). How the signal diff -puN kernel/signal.c~x86-disable-unhandled-signals-printk-by-default kernel/signal.c --- a/kernel/signal.c~x86-disable-unhandled-signals-printk-by-default +++ a/kernel/signal.c @@ -255,16 +255,6 @@ flush_signal_handlers(struct task_struct } } -int unhandled_signal(struct task_struct *tsk, int sig) -{ - if (is_init(tsk)) - return 1; - if (tsk->ptrace & PT_PTRACED) - return 0; - return (tsk->sighand->action[sig-1].sa.sa_handler == SIG_IGN) || - (tsk->sighand->action[sig-1].sa.sa_handler == SIG_DFL); -} - /* Notify the system that a driver wants to block all signals for this * process, and wants to be notified if any signals at all were to be diff -puN kernel/sysctl.c~x86-disable-unhandled-signals-printk-by-default kernel/sysctl.c --- a/kernel/sysctl.c~x86-disable-unhandled-signals-printk-by-default +++ a/kernel/sysctl.c @@ -1203,16 +1203,6 @@ static ctl_table fs_table[] = { }; static ctl_table debug_table[] = { -#ifdef CONFIG_X86 - { - .ctl_name = CTL_UNNUMBERED, - .procname = "exception-trace", - .data = &show_unhandled_signals, - .maxlen = sizeof(int), - .mode = 0644, - .proc_handler = proc_dointvec - }, -#endif { .ctl_name = 0 } }; _