[5.4,00/17] Backport oops_limit to 5.4

Message

Eric Biggers Feb. 2, 2023, 4:42 a.m. UTC

This series backports the patchset
"exit: Put an upper limit on how often we can oops"
(https://lore.kernel.org/linux-mm/20221117233838.give.484-kees@kernel.org/T/#u)
to 5.4, as recommended at
https://googleprojectzero.blogspot.com/2023/01/exploiting-null-dereferences-in-linux.html
This follows the backports to 5.10 and 5.15 which already released.

This required backporting various prerequisite patches.

I've tested that oops_limit and warn_limit work correctly on x86_64.

David Gow (1):
  mm: kasan: do not panic if both panic_on_warn and kasan_multishot set

Eric W. Biederman (2):
  exit: Add and use make_task_dead.
  objtool: Add a missing comma to avoid string concatenation

Jann Horn (1):
  exit: Put an upper limit on how often we can oops

Kees Cook (7):
  exit: Expose "oops_count" to sysfs
  exit: Allow oops_limit to be disabled
  panic: Consolidate open-coded panic_on_warn checks
  panic: Introduce warn_limit
  panic: Expose "warn_count" to sysfs
  docs: Fix path paste-o for /sys/kernel/warn_count
  exit: Use READ_ONCE() for all oops/warn limit reads

Nathan Chancellor (3):
  hexagon: Fix function name in die()
  h8300: Fix build errors from do_exit() to make_task_dead() transition
  csky: Fix function name in csky_alignment() and die()

Randy Dunlap (1):
  ia64: make IA64_MCA_RECOVERY bool instead of tristate

Tiezhu Yang (1):
  panic: unset panic_on_warn inside panic()

Xiaoming Ni (1):
  sysctl: add a new register_sysctl_init() interface

 .../ABI/testing/sysfs-kernel-oops_count       |  6 ++
 .../ABI/testing/sysfs-kernel-warn_count       |  6 ++
 Documentation/admin-guide/sysctl/kernel.rst   | 19 +++++
 arch/alpha/kernel/traps.c                     |  6 +-
 arch/alpha/mm/fault.c                         |  2 +-
 arch/arm/kernel/traps.c                       |  2 +-
 arch/arm/mm/fault.c                           |  2 +-
 arch/arm64/kernel/traps.c                     |  2 +-
 arch/arm64/mm/fault.c                         |  2 +-
 arch/csky/abiv1/alignment.c                   |  2 +-
 arch/csky/kernel/traps.c                      |  2 +-
 arch/h8300/kernel/traps.c                     |  3 +-
 arch/h8300/mm/fault.c                         |  2 +-
 arch/hexagon/kernel/traps.c                   |  2 +-
 arch/ia64/Kconfig                             |  2 +-
 arch/ia64/kernel/mca_drv.c                    |  2 +-
 arch/ia64/kernel/traps.c                      |  2 +-
 arch/ia64/mm/fault.c                          |  2 +-
 arch/m68k/kernel/traps.c                      |  2 +-
 arch/m68k/mm/fault.c                          |  2 +-
 arch/microblaze/kernel/exceptions.c           |  4 +-
 arch/mips/kernel/traps.c                      |  2 +-
 arch/nds32/kernel/fpu.c                       |  2 +-
 arch/nds32/kernel/traps.c                     |  8 +-
 arch/nios2/kernel/traps.c                     |  4 +-
 arch/openrisc/kernel/traps.c                  |  2 +-
 arch/parisc/kernel/traps.c                    |  2 +-
 arch/powerpc/kernel/traps.c                   |  2 +-
 arch/riscv/kernel/traps.c                     |  2 +-
 arch/riscv/mm/fault.c                         |  2 +-
 arch/s390/kernel/dumpstack.c                  |  2 +-
 arch/s390/kernel/nmi.c                        |  2 +-
 arch/sh/kernel/traps.c                        |  2 +-
 arch/sparc/kernel/traps_32.c                  |  4 +-
 arch/sparc/kernel/traps_64.c                  |  4 +-
 arch/x86/entry/entry_32.S                     |  6 +-
 arch/x86/entry/entry_64.S                     |  6 +-
 arch/x86/kernel/dumpstack.c                   |  4 +-
 arch/xtensa/kernel/traps.c                    |  2 +-
 fs/proc/proc_sysctl.c                         | 33 ++++++++
 include/linux/kernel.h                        |  1 +
 include/linux/sched/task.h                    |  1 +
 include/linux/sysctl.h                        |  3 +
 kernel/exit.c                                 | 72 ++++++++++++++++++
 kernel/panic.c                                | 75 ++++++++++++++++---
 kernel/sched/core.c                           |  3 +-
 mm/kasan/report.c                             |  4 +-
 tools/objtool/check.c                         |  3 +-
 48 files changed, 260 insertions(+), 67 deletions(-)
 create mode 100644 Documentation/ABI/testing/sysfs-kernel-oops_count
 create mode 100644 Documentation/ABI/testing/sysfs-kernel-warn_count

Comments

Sasha Levin Feb. 2, 2023, 5:16 p.m. UTC | #1

On Wed, Feb 01, 2023 at 08:42:38PM -0800, Eric Biggers wrote:
>This series backports the patchset
>"exit: Put an upper limit on how often we can oops"
>(https://lore.kernel.org/linux-mm/20221117233838.give.484-kees@kernel.org/T/#u)
>to 5.4, as recommended at
>https://googleprojectzero.blogspot.com/2023/01/exploiting-null-dereferences-in-linux.html
>This follows the backports to 5.10 and 5.15 which already released.
>
>This required backporting various prerequisite patches.
>
>I've tested that oops_limit and warn_limit work correctly on x86_64.

Queued up all 3 backports, thanks!

Sasha Levin Feb. 2, 2023, 5:47 p.m. UTC | #2

On Thu, Feb 02, 2023 at 12:16:52PM -0500, Sasha Levin wrote:
>On Wed, Feb 01, 2023 at 08:42:38PM -0800, Eric Biggers wrote:
>>This series backports the patchset
>>"exit: Put an upper limit on how often we can oops"
>>(https://lore.kernel.org/linux-mm/20221117233838.give.484-kees@kernel.org/T/#u)
>>to 5.4, as recommended at
>>https://googleprojectzero.blogspot.com/2023/01/exploiting-null-dereferences-in-linux.html
>>This follows the backports to 5.10 and 5.15 which already released.
>>
>>This required backporting various prerequisite patches.
>>
>>I've tested that oops_limit and warn_limit work correctly on x86_64.
>
>Queued up all 3 backports, thanks!

... and proceeded to drop the 4.19 and 4.14 backports which fail to
build:

mm/kasan/report.c: In function 'kasan_end_report':
mm/kasan/report.c:175:16: error: 'KASAN_BIT_MULTI_SHOT' undeclared (first use in this function)
   175 |  if (!test_bit(KASAN_BIT_MULTI_SHOT, &kasan_flags))

SeongJae Park Feb. 2, 2023, 6:43 p.m. UTC | #3

On Wed, 1 Feb 2023 20:42:38 -0800 Eric Biggers <ebiggers@kernel.org> wrote:

> This series backports the patchset
> "exit: Put an upper limit on how often we can oops"
> (https://lore.kernel.org/linux-mm/20221117233838.give.484-kees@kernel.org/T/#u)
> to 5.4, as recommended at
> https://googleprojectzero.blogspot.com/2023/01/exploiting-null-dereferences-in-linux.html
> This follows the backports to 5.10 and 5.15 which already released.
> 
> This required backporting various prerequisite patches.
> 
> I've tested that oops_limit and warn_limit work correctly on x86_64.

Thanks for your great efforts on this.

Tested-by: SeongJae Park <sj@kernel.org>


Thanks,
SJ

Eric Biggers Feb. 2, 2023, 7:20 p.m. UTC | #4

On Thu, Feb 02, 2023 at 12:47:07PM -0500, Sasha Levin wrote:
> On Thu, Feb 02, 2023 at 12:16:52PM -0500, Sasha Levin wrote:
> > On Wed, Feb 01, 2023 at 08:42:38PM -0800, Eric Biggers wrote:
> > > This series backports the patchset
> > > "exit: Put an upper limit on how often we can oops"
> > > (https://lore.kernel.org/linux-mm/20221117233838.give.484-kees@kernel.org/T/#u)
> > > to 5.4, as recommended at
> > > https://googleprojectzero.blogspot.com/2023/01/exploiting-null-dereferences-in-linux.html
> > > This follows the backports to 5.10 and 5.15 which already released.
> > > 
> > > This required backporting various prerequisite patches.
> > > 
> > > I've tested that oops_limit and warn_limit work correctly on x86_64.
> > 
> > Queued up all 3 backports, thanks!
> 
> ... and proceeded to drop the 4.19 and 4.14 backports which fail to
> build:
> 
> mm/kasan/report.c: In function 'kasan_end_report':
> mm/kasan/report.c:175:16: error: 'KASAN_BIT_MULTI_SHOT' undeclared (first use in this function)
>   175 |  if (!test_bit(KASAN_BIT_MULTI_SHOT, &kasan_flags))

Thanks, I'll fix that.  I had grepped for KASAN_BIT_MULTI_SHOT to make sure
those branches had it, but I didn't notice it was defined later in the file :-(

- Eric