Re: RFC: [patch] log fatal signals like SIGSEGV

From: Marcin Slusarz
Date: Tue Sep 16 2008 - 13:43:26 EST

Next message: Jeremy Fitzhardinge: "Re: [PATCH] introduce boot_printk()"
Previous message: Alessio Sangalli: "Re: Driver for tightly coupled memory"
In reply to: Thomas Jarosch: "Re: RFC: [patch] log fatal signals like SIGSEGV"
Next in thread: Thomas Jarosch: "Re: RFC: [patch] log fatal signals like SIGSEGV"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Sep 16, 2008 at 02:59:16PM +0200, Thomas Jarosch wrote:
> Here's the new version:
> -----------------------------------------------------------------
> From: Thomas Jarosch <thomas.jarosch@xxxxxxxxxxxxx>
>
> Log the signals SIGSEGV, SIGILL, SIGABRT, SIGBUS, SIGKILL and SIGFPE
> to aid debugging of obscure problems. Also logs the sender of the signal.
>
> The log message looks like this:
> "kernel: signal 9 sent to freezed[2634] uid:100,
> parent init[1] uid:0 by bash[3168] uid:0, parent sshd[3164] uid:0"
>
> The printing code is based on grsecurity's signal logger.
>
> Signed-off-by: Thomas Jarosch <thomas.jarosch@xxxxxxxxxxxxx>
> Signed-off-by: Gerd v. Egidy <gve@xxxxxxxxxxxxx>
>
> diff -u -r -p linux-2.6.26.vanilla/kernel/signal.c linux-2.6.26/kernel/signal.c
> --- linux-2.6.26.vanilla/kernel/signal.c Tue Sep 16 13:45:34 2008
> +++ linux-2.6.26/kernel/signal.c Tue Sep 16 14:02:54 2008
> @@ -801,6 +801,24 @@ static inline int legacy_queue(struct si
> return (sig < SIGRTMIN) && sigismember(&signals->signal, sig);
> }
>
> +static void log_signal_and_sender(const int sig, const struct task_struct *t)
> +{
> + if (!((sig == SIGSEGV) || (sig == SIGILL) || (sig == SIGABRT)
> + || (sig == SIGBUS) || (sig == SIGKILL) || (sig == SIGFPE)))
> + return;
> +
> + if (printk_ratelimit()) {
> + /* Note: tasklist_lock is already locked by siglock */
> + printk(KERN_WARNING "signal %d sent to %.30s[%d] uid:%u, "
> + "parent %.30s[%d] uid:%u by %.30s[%d] uid:%u, "
> + "parent %.30s[%d] uid:%u\n", sig, t->comm,
> + t->pid, t->uid, t->parent->comm, t->parent->pid,
> + t->parent->uid, current->comm, current->pid,
> + current->uid, current->parent->comm,
> + current->parent->pid, current->parent->uid);
> + }
> +}
> +
> static int send_signal(int sig, struct siginfo *info, struct task_struct *t,
> int group)
> {
> @@ -810,6 +828,8 @@ static int send_signal(int sig, struct s
> assert_spin_locked(&t->sighand->siglock);
> if (!prepare_signal(sig, t))
> return 0;
> +
> + log_signal_and_sender(sig, t);
>
> pending = group ? &t->signal->shared_pending : &t->pending;
> /*
>

It looks much better now. But I don't think it will go in as is.
Maybe you can disable it by default and create a sysctl switch?

Marcin
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Jeremy Fitzhardinge: "Re: [PATCH] introduce boot_printk()"
Previous message: Alessio Sangalli: "Re: Driver for tightly coupled memory"
In reply to: Thomas Jarosch: "Re: RFC: [patch] log fatal signals like SIGSEGV"
Next in thread: Thomas Jarosch: "Re: RFC: [patch] log fatal signals like SIGSEGV"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]