From nobody Sat Dec 14 05:18:53 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Y9DyQ0Qm7z5gjKX; Sat, 14 Dec 2024 05:18:54 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Y9DyP6vV4z42sp; Sat, 14 Dec 2024 05:18:53 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734153534; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=9XATT4astVgWV6Lzc0mTM+G4DbcIldpCWpY16CV6vnw=; b=qVNkTi6PAN9xp7KIqvRIVNSfKhO6WFiQg6VzemoiNm7hZ+bum1C8Iag+rh+/3tDQrhdrxe e5EKc0h+YUZ+TNRxzomR9zWlX75z7RKssWb1ffD5awevIOaMsnv0z7V4K/bEGYYJkOGg/V MoBU9vjKN3uiv3n4lUAELNstUOXjUvUrbZGLW9Ua0PI9SpCpDlYFeZ5dOzxxTTdO3sbO8+ h19V8A1/+76wSzIV5ZTnZYNXUkKNbXsYhUy/b8uBmPNUZDgWL9LKEHEkOmHrcTTeG97+LG trpeI1yPEDFNj4/GU0PlgIn7g93+scghSWNzEdcwYNgisnFb98bkL4IdEPG+bg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734153534; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=9XATT4astVgWV6Lzc0mTM+G4DbcIldpCWpY16CV6vnw=; b=cuT29kTC61A1ET4NwObIBAnF0wRgS1BvMMoR2ozWVi0C5A6NLk72LcskqA/Htsdott1m26 zo3yYEMI2z6LtKMVSExXepztSMAae2xtgNkf1gRThcchabGlGuJFVgGQOp3EsXHJJo2/LW ubONZo78Ryc38QmnUAS/y/pcls6P6fxDK6p0ZjjWwyK4XAfMZu0KkzoCX3huZDtWAQJKm6 KBxSc+rOE0uoqh4pyiOnWcb2GxG11XtP9u1OXxcudg7D/mhkPJoKJ2vTdJTjhOsPC89+Dy NCvFjmm53XHmXhYJMnyNTiqYcii+2psnMIoHPxJwW105lvNQwTjF3SmppWFKyg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734153534; a=rsa-sha256; cv=none; b=eGESQyY8CWZ/iHWjjWkfgR8yDyCAylzRPhhQuuUaKlxuyH8C3YdBAUcw8k8MPvtp/9kNTD MYqQ6zHVRRQzmSZYqldnXskHd3g28ouYPuHKL+L62YmMJent/v3uJ0bPsQ6NJzlKdV97m8 iOL+BwMfzJbyRPH0SB73wkUR8XJoukI3jlPbNHpOqto/7rEk1P9bQ/rfySY7sPznox0SkB rjp0Wll3BRB4+FufeqeRVGcazYkLpkJXG7n9LUFG38ZJ3pZVJ5tkeF6fHog52Qc0iD7HFu Yg/kAwE5NWB0Qbhq7JZ6Nyoj32qwXecnC0N3fDqqz+q+KVEkWks7dXC+7yQbVA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Y9DyP6MCsz18MJ; Sat, 14 Dec 2024 05:18:53 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BE5IrLq025619; Sat, 14 Dec 2024 05:18:53 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BE5Irqr025616; Sat, 14 Dec 2024 05:18:53 GMT (envelope-from git) Date: Sat, 14 Dec 2024 05:18:53 GMT Message-Id: <202412140518.4BE5Irqr025616@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kyle Evans Subject: git: dabf006a638f - main - Add per-process flag to disable logsigexit List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kevans X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: dabf006a638fdc44cdcf69731de8ac83959db731 Auto-Submitted: auto-generated The branch main has been updated by kevans: URL: https://cgit.FreeBSD.org/src/commit/?id=dabf006a638fdc44cdcf69731de8ac83959db731 commit dabf006a638fdc44cdcf69731de8ac83959db731 Author: Kyle Evans AuthorDate: 2024-12-14 05:17:20 +0000 Commit: Kyle Evans CommitDate: 2024-12-14 05:18:30 +0000 Add per-process flag to disable logsigexit I added a third value for kern.logsigexit to mean 'auto' as an abundance of caution, but I don't know how much it matters -- that can be easily consolidated back to boolean-ish. This is primarily targeted towards people running test suites under CI (e.g. buildbot, jenkins). Oftentimes tests entail segfaults that are expected, and logs get spammed -- this can be particularly high volume depending on the application. Per-process control of this behavior is desirable because they may still want to be logging legitimate segfaults, so the system-wide atomic bomb kern.logsigexit=0 is not a great option. This adds a process flag to disable it, controllable via procctl(2)/proccontrol(1); the latter knows it as "sigexitlog" due to its length, but it's referred to almost everywhere else as "sigexit_log." Reviewed by: kib (earlier version), pstef Differential Revision: https://reviews.freebsd.org/D21903 --- lib/libsys/procctl.2 | 37 +++++++++++++++++++++++-- sys/compat/freebsd32/freebsd32_misc.c | 3 ++ sys/kern/kern_fork.c | 3 +- sys/kern/kern_procctl.c | 52 +++++++++++++++++++++++++++++++++++ sys/kern/kern_sig.c | 8 +++++- sys/sys/proc.h | 3 ++ sys/sys/procctl.h | 6 ++++ usr.bin/proccontrol/proccontrol.1 | 7 +++-- usr.bin/proccontrol/proccontrol.c | 24 ++++++++++++++++ 9 files changed, 137 insertions(+), 6 deletions(-) diff --git a/lib/libsys/procctl.2 b/lib/libsys/procctl.2 index 2d443a1ae4bd..75804ba243f1 100644 --- a/lib/libsys/procctl.2 +++ b/lib/libsys/procctl.2 @@ -27,7 +27,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd December 4, 2024 +.Dd December 14, 2024 .Dt PROCCTL 2 .Os .Sh NAME @@ -79,7 +79,7 @@ All status query requests require the caller to have the right to observe the target. .Pp The following commands are supported: -.Bl -tag -width PROC_TRAPCAP_STATUS +.Bl -tag -width PROC_LOGSIGEXIT_STATUS .It Dv PROC_ASLR_CTL Controls Address Space Layout Randomization (ASLR) in program images created @@ -127,6 +127,39 @@ If the currently executed image in the process itself has ASLR enabled, the .Dv PROC_ASLR_ACTIVE flag is or-ed with the value listed above. +.It Dv PROC_LOGSIGEXIT_CTL +Controls the logging of exits due to signals that would normally cause a core +dump. +The +.Va arg +parameter must point to an integer variable holding one of the following values: +.Bl -tag -width PROC_LOGSIGEXIT_FORCE_DISABLE +.It Dv PROC_LOGSIGEXIT_FORCE_ENABLE +Enables logging of exits due to signals that would normally cause a core dump. +Logging is done via +.Xr log 9 +with a log level of +.Dv LOG_INFO . +.It Dv PROC_LOGSIGEXIT_FORCE_DISABLE +Disables the logging of exits due to signals that would normally cause a core +dump. +.It Dv PROC_LOGSIGEXIT_NOFORCE +The logging behavior is delegated to the +.Xr sysctl 3 +MIB variable +.Va kern.logsigexit . +.El +.It Dv PROC_LOGSIGEXIT_STATUS +Returns the current status of logging for the target process. +The +.Va arg +parameter must point to an integer variable, where one of the following values +is written: +.Bl -tag -width PROC_LOGSIGEXIT_FORCE_DISABLE +.It Dv PROC_LOGSIGEXIT_FORCE_ENABLE +.It Dv PROC_LOGSIGEXIT_FORCE_DISABLE +.It Dv PROC_LOGSIGEXIT_NOFORCE +.El .It Dv PROC_PROTMAX_CTL Controls the maximum protection used for .Xr mmap 2 diff --git a/sys/compat/freebsd32/freebsd32_misc.c b/sys/compat/freebsd32/freebsd32_misc.c index e6aea3acdecd..67ebb5d52589 100644 --- a/sys/compat/freebsd32/freebsd32_misc.c +++ b/sys/compat/freebsd32/freebsd32_misc.c @@ -3860,6 +3860,7 @@ freebsd32_procctl(struct thread *td, struct freebsd32_procctl_args *uap) case PROC_TRAPCAP_CTL: case PROC_NO_NEW_PRIVS_CTL: case PROC_WXMAP_CTL: + case PROC_LOGSIGEXIT_CTL: error = copyin(PTRIN(uap->data), &flags, sizeof(flags)); if (error != 0) return (error); @@ -3895,6 +3896,7 @@ freebsd32_procctl(struct thread *td, struct freebsd32_procctl_args *uap) case PROC_TRAPCAP_STATUS: case PROC_NO_NEW_PRIVS_STATUS: case PROC_WXMAP_STATUS: + case PROC_LOGSIGEXIT_STATUS: data = &flags; break; case PROC_PDEATHSIG_CTL: @@ -3928,6 +3930,7 @@ freebsd32_procctl(struct thread *td, struct freebsd32_procctl_args *uap) case PROC_TRAPCAP_STATUS: case PROC_NO_NEW_PRIVS_STATUS: case PROC_WXMAP_STATUS: + case PROC_LOGSIGEXIT_STATUS: if (error == 0) error = copyout(&flags, uap->data, sizeof(flags)); break; diff --git a/sys/kern/kern_fork.c b/sys/kern/kern_fork.c index 41f6a76c4fa1..a66bc4be62a8 100644 --- a/sys/kern/kern_fork.c +++ b/sys/kern/kern_fork.c @@ -496,7 +496,8 @@ do_fork(struct thread *td, struct fork_req *fr, struct proc *p2, struct thread * P2_ASLR_IGNSTART | P2_NOTRACE | P2_NOTRACE_EXEC | P2_PROTMAX_ENABLE | P2_PROTMAX_DISABLE | P2_TRAPCAP | P2_STKGAP_DISABLE | P2_STKGAP_DISABLE_EXEC | P2_NO_NEW_PRIVS | - P2_WXORX_DISABLE | P2_WXORX_ENABLE_EXEC); + P2_WXORX_DISABLE | P2_WXORX_ENABLE_EXEC | P2_LOGSIGEXIT_CTL | + P2_LOGSIGEXIT_ENABLE); p2->p_swtick = ticks; if (p1->p_flag & P_PROFIL) startprofclock(p2); diff --git a/sys/kern/kern_procctl.c b/sys/kern/kern_procctl.c index e7519f1b0de4..96365e192d3c 100644 --- a/sys/kern/kern_procctl.c +++ b/sys/kern/kern_procctl.c @@ -945,6 +945,46 @@ pdeathsig_status(struct thread *td, struct proc *p, void *data) return (0); } +static int +logsigexit_ctl(struct thread *td, struct proc *p, void *data) +{ + int state; + + PROC_LOCK_ASSERT(p, MA_OWNED); + state = *(int *)data; + + switch (state) { + case PROC_LOGSIGEXIT_CTL_NOFORCE: + p->p_flag2 &= ~(P2_LOGSIGEXIT_CTL | P2_LOGSIGEXIT_ENABLE); + break; + case PROC_LOGSIGEXIT_CTL_FORCE_ENABLE: + p->p_flag2 |= P2_LOGSIGEXIT_CTL | P2_LOGSIGEXIT_ENABLE; + break; + case PROC_LOGSIGEXIT_CTL_FORCE_DISABLE: + p->p_flag2 |= P2_LOGSIGEXIT_CTL; + p->p_flag2 &= ~P2_LOGSIGEXIT_ENABLE; + break; + default: + return (EINVAL); + } + return (0); +} + +static int +logsigexit_status(struct thread *td, struct proc *p, void *data) +{ + int state; + + if ((p->p_flag2 & P2_LOGSIGEXIT_CTL) == 0) + state = PROC_LOGSIGEXIT_CTL_NOFORCE; + else if ((p->p_flag2 & P2_LOGSIGEXIT_ENABLE) != 0) + state = PROC_LOGSIGEXIT_CTL_FORCE_ENABLE; + else + state = PROC_LOGSIGEXIT_CTL_FORCE_DISABLE; + *(int *)data = state; + return (0); +} + enum { PCTL_SLOCKED, PCTL_XLOCKED, @@ -1100,6 +1140,18 @@ static const struct procctl_cmd_info procctl_cmds_info[] = { .need_candebug = false, .copyin_sz = 0, .copyout_sz = sizeof(int), .exec = wxmap_status, .copyout_on_error = false, }, + [PROC_LOGSIGEXIT_CTL] = + { .lock_tree = PCTL_SLOCKED, .one_proc = true, + .esrch_is_einval = false, .no_nonnull_data = false, + .need_candebug = true, + .copyin_sz = sizeof(int), .copyout_sz = 0, + .exec = logsigexit_ctl, .copyout_on_error = false, }, + [PROC_LOGSIGEXIT_STATUS] = + { .lock_tree = PCTL_UNLOCKED, .one_proc = true, + .esrch_is_einval = false, .no_nonnull_data = false, + .need_candebug = false, + .copyin_sz = 0, .copyout_sz = sizeof(int), + .exec = logsigexit_status, .copyout_on_error = false, }, }; int diff --git a/sys/kern/kern_sig.c b/sys/kern/kern_sig.c index c59bfd035be7..d7aa932aa7e3 100644 --- a/sys/kern/kern_sig.c +++ b/sys/kern/kern_sig.c @@ -3606,11 +3606,17 @@ sigexit(struct thread *td, int sig) struct proc *p = td->td_proc; const char *coreinfo; int rv; + bool logexit; PROC_LOCK_ASSERT(p, MA_OWNED); proc_set_p2_wexit(p); p->p_acflag |= AXSIG; + if ((p->p_flag2 & P2_LOGSIGEXIT_CTL) == 0) + logexit = kern_logsigexit != 0; + else + logexit = (p->p_flag2 & P2_LOGSIGEXIT_ENABLE) != 0; + /* * We must be single-threading to generate a core dump. This * ensures that the registers in the core file are up-to-date. @@ -3649,7 +3655,7 @@ sigexit(struct thread *td, int sig) coreinfo = " (no core dump - other error)"; break; } - if (kern_logsigexit) + if (logexit) log(LOG_INFO, "pid %d (%s), jid %d, uid %d: exited on " "signal %d%s\n", p->p_pid, p->p_comm, diff --git a/sys/sys/proc.h b/sys/sys/proc.h index 2615fa0dc275..786cc447dc2c 100644 --- a/sys/sys/proc.h +++ b/sys/sys/proc.h @@ -886,6 +886,9 @@ struct proc { #define P2_MEMBAR_GLOBE 0x00400000 /* membar global expedited registered */ +#define P2_LOGSIGEXIT_ENABLE 0x00800000 /* Disable logging on sigexit */ +#define P2_LOGSIGEXIT_CTL 0x01000000 /* Override kern.logsigexit */ + /* Flags protected by proctree_lock, kept in p_treeflags. */ #define P_TREE_ORPHANED 0x00000001 /* Reparented, on orphan list */ #define P_TREE_FIRST_ORPHAN 0x00000002 /* First element of orphan diff --git a/sys/sys/procctl.h b/sys/sys/procctl.h index 851ca821d72d..11b831882f0a 100644 --- a/sys/sys/procctl.h +++ b/sys/sys/procctl.h @@ -65,6 +65,8 @@ #define PROC_NO_NEW_PRIVS_STATUS 20 /* query suid/sgid disabled status */ #define PROC_WXMAP_CTL 21 /* control W^X */ #define PROC_WXMAP_STATUS 22 /* query W^X */ +#define PROC_LOGSIGEXIT_CTL 23 /* en/dis logging on sigexit */ +#define PROC_LOGSIGEXIT_STATUS 24 /* query logging on sigexit */ /* Operations for PROC_SPROTECT (passed in integer arg). */ #define PPROT_OP(x) ((x) & 0xf) @@ -153,6 +155,10 @@ struct procctl_reaper_kill { #define PROC_WX_MAPPINGS_DISALLOW_EXEC 0x0002 #define PROC_WXORX_ENFORCE 0x80000000 +#define PROC_LOGSIGEXIT_CTL_NOFORCE 1 +#define PROC_LOGSIGEXIT_CTL_FORCE_ENABLE 2 +#define PROC_LOGSIGEXIT_CTL_FORCE_DISABLE 3 + #ifndef _KERNEL __BEGIN_DECLS int procctl(idtype_t, id_t, int, void *); diff --git a/usr.bin/proccontrol/proccontrol.1 b/usr.bin/proccontrol/proccontrol.1 index e0d0e9416d35..817e9b5865bc 100644 --- a/usr.bin/proccontrol/proccontrol.1 +++ b/usr.bin/proccontrol/proccontrol.1 @@ -25,7 +25,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd August 23, 2024 +.Dd December 14, 2024 .Dt PROCCONTROL 1 .Os .Sh NAME @@ -56,7 +56,7 @@ parameter Possible values for .Ar mode are: -.Bl -tag -width trapcap +.Bl -tag -width logsigexit .It Ar aslr Control the Address Space Layout Randomization. Only applicable to the new process spawned. @@ -79,6 +79,9 @@ Controls the KPTI enable, AMD64 only. .It Ar la48 Control limiting usermode process address space to 48 bits of address, AMD64 only, on machines capable of 57-bit addressing. +.It Ar logsigexit +Controls the logging of exits due to a signal that would normally cause a core +dump. .El .Pp The diff --git a/usr.bin/proccontrol/proccontrol.c b/usr.bin/proccontrol/proccontrol.c index 32c4c9e7f1a0..3548ca606656 100644 --- a/usr.bin/proccontrol/proccontrol.c +++ b/usr.bin/proccontrol/proccontrol.c @@ -51,6 +51,7 @@ enum mode { MODE_LA57, MODE_LA48, #endif + MODE_LOGSIGEXIT, }; static const struct { @@ -71,6 +72,7 @@ static const struct { { MODE_LA57, "la57" }, { MODE_LA48, "la48" }, #endif + { MODE_LOGSIGEXIT, "logsigexit" }, }; static pid_t @@ -194,6 +196,10 @@ main(int argc, char *argv[]) error = procctl(P_PID, pid, PROC_LA_STATUS, &arg); break; #endif + case MODE_LOGSIGEXIT: + error = procctl(P_PID, pid, PROC_LOGSIGEXIT_STATUS, + &arg); + break; default: usage(); break; @@ -331,6 +337,19 @@ main(int argc, char *argv[]) printf(", la57 active\n"); break; #endif + case MODE_LOGSIGEXIT: + switch (arg) { + case PROC_LOGSIGEXIT_CTL_NOFORCE: + printf("not forced\n"); + break; + case PROC_LOGSIGEXIT_CTL_FORCE_ENABLE: + printf("force enabled\n"); + break; + case PROC_LOGSIGEXIT_CTL_FORCE_DISABLE: + printf("force disabled\n"); + break; + } + break; } } else { switch (mode) { @@ -390,6 +409,11 @@ main(int argc, char *argv[]) error = procctl(P_PID, pid, PROC_LA_CTL, &arg); break; #endif + case MODE_LOGSIGEXIT: + arg = enable ? PROC_LOGSIGEXIT_CTL_FORCE_ENABLE : + PROC_LOGSIGEXIT_CTL_FORCE_DISABLE; + error = procctl(P_PID, pid, PROC_LOGSIGEXIT_CTL, &arg); + break; default: usage(); break;