From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1755701AbcGEVr4 (ORCPT <rfc822;w@1wt.eu>);
	Tue, 5 Jul 2016 17:47:56 -0400
Received: from smtprelay0094.hostedemail.com ([216.40.44.94]:40271 "EHLO
	smtprelay.hostedemail.com" rhost-flags-OK-OK-OK-FAIL)
	by vger.kernel.org with ESMTP id S1755374AbcGEVrx (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Tue, 5 Jul 2016 17:47:53 -0400
X-Session-Marker: 726F737465647440676F6F646D69732E6F7267
X-Spam-Summary: 2,0,0,,d41d8cd98f00b204,rostedt@goodmis.org,:::::::::::::::::,RULES_HIT:41:355:379:541:599:800:960:966:973:988:989:1260:1277:1311:1313:1314:1345:1359:1437:1515:1516:1518:1534:1543:1593:1594:1605:1711:1730:1747:1777:1792:2196:2199:2393:2553:2559:2562:3138:3139:3140:3141:3142:3167:3622:3865:3866:3868:3871:3872:3873:3874:4321:4385:4605:5007:6261:7875:10004:10400:10450:10455:10848:10967:11026:11232:11233:11473:11658:11914:12043:12296:12438:12517:12519:12555:12663:12740:13095:13439:13618:14181:14659:14721:19904:19999:21080:21212:21433:30051:30054:30056:30090:30091,0,RBL:none,CacheIP:none,Bayesian:0.5,0.5,0.5,Netcheck:none,DomainCache:0,MSF:not bulk,SPF:fn,MSBL:0,DNSBL:none,Custom_rules:0:0:0,LFtime:1,LUA_SUMMARY:none
X-HE-Tag: start26_27718530eb45c
X-Filterd-Recvd-Size: 4514
Date: Tue, 5 Jul 2016 17:47:49 -0400
From: Steven Rostedt <rostedt@goodmis.org>
To: Borislav Petkov <bp@alien8.de>
Cc: LKML <linux-kernel@vger.kernel.org>,
        Andrew Morton <akpm@linux-foundation.org>, Franck Bui <fbui@suse.com>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        Ingo Molnar <mingo@kernel.org>,
        Linus Torvalds <torvalds@linux-foundation.org>,
        Peter Zijlstra <peterz@infradead.org>,
        Uwe =?UTF-8?B?S2xlaW5lLUvDtm5pZw==?= 
	<u.kleine-koenig@pengutronix.de>
Subject: Re: [PATCH -v3 2/2] printk: Add kernel parameter to control writes
 to /dev/kmsg
Message-ID: <20160705174749.351d77d1@gandalf.local.home>
In-Reply-To: <1467642292-15671-3-git-send-email-bp@alien8.de>
References: <1467642292-15671-1-git-send-email-bp@alien8.de>
	<1467642292-15671-3-git-send-email-bp@alien8.de>
X-Mailer: Claws Mail 3.13.2 (GTK+ 2.24.30; x86_64-pc-linux-gnu)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Mon,  4 Jul 2016 16:24:52 +0200
Borislav Petkov <bp@alien8.de> wrote:

> @@ -614,6 +663,7 @@ struct devkmsg_user {
>  	u64 seq;
>  	u32 idx;
>  	enum log_flags prev;
> +	struct ratelimit_state rs;
>  	struct mutex lock;
>  	char buf[CONSOLE_EXT_LOG_MAX];
>  };
> @@ -623,11 +673,24 @@ static ssize_t devkmsg_write(struct kiocb *iocb, struct iov_iter *from)
>  	char *buf, *line;
>  	int level = default_message_loglevel;
>  	int facility = 1;	/* LOG_USER */
> +	struct file *file = iocb->ki_filp;
> +	struct devkmsg_user *user = file->private_data;
>  	size_t len = iov_iter_count(from);
>  	ssize_t ret = len;
>  
> -	if (len > LOG_LINE_MAX)
> +	if (!user || len > LOG_LINE_MAX)
>  		return -EINVAL;
> +
> +	/* Ignore when user logging is disabled. */
> +	if (devkmsg_log & DEVKMSG_LOG_MASK_OFF)
> +		return len;

I wonder if we should return some sort of error message here? ENODEV?

> +
> +	/* Ratelimit when not explicitly enabled or when we're not booting. */
> +	if ((system_state != SYSTEM_BOOTING) && !(devkmsg_log & DEVKMSG_LOG_MASK_ON)) {
> +		if (!___ratelimit(&user->rs, current->comm))
> +			return ret;
> +	}
> +
>  	buf = kmalloc(len+1, GFP_KERNEL);
>  	if (buf == NULL)
>  		return -ENOMEM;
> @@ -801,18 +864,20 @@ static int devkmsg_open(struct inode *inode, struct file *file)
>  	int err;
>  
>  	/* write-only does not need any file context */
> -	if ((file->f_flags & O_ACCMODE) == O_WRONLY)
> -		return 0;
> -
> -	err = check_syslog_permissions(SYSLOG_ACTION_READ_ALL,
> -				       SYSLOG_FROM_READER);
> -	if (err)
> -		return err;
> +	if ((file->f_flags & O_ACCMODE) != O_WRONLY) {
> +		err = check_syslog_permissions(SYSLOG_ACTION_READ_ALL,
> +					       SYSLOG_FROM_READER);
> +		if (err)
> +			return err;
> +	}

Hmm, there's no error message when it is disabled? I'm not sure that is
what we want. I specifically had the return be an error on open if it
was disabled, because (surprisingly) systemd does the right thing and
uses another utility for syslogging.

If you silently fail here, then we lose all logging because systemd
thinks this is working when it is not. That's not what I want.

-- Steve

>  
>  	user = kmalloc(sizeof(struct devkmsg_user), GFP_KERNEL);
>  	if (!user)
>  		return -ENOMEM;
>  
> +	ratelimit_default_init(&user->rs);
> +	ratelimit_set_flags(&user->rs, RATELIMIT_MSG_ON_RELEASE);
> +
>  	mutex_init(&user->lock);
>  
>  	raw_spin_lock_irq(&logbuf_lock);
> @@ -831,6 +896,8 @@ static int devkmsg_release(struct inode *inode, struct file *file)
>  	if (!user)
>  		return 0;
>  
> +	ratelimit_state_exit(&user->rs);
> +
>  	mutex_destroy(&user->lock);
>  	kfree(user);
>  	return 0;
> diff --git a/kernel/sysctl.c b/kernel/sysctl.c
> index 87b2fc38398b..013d5fe0636a 100644
> --- a/kernel/sysctl.c
> +++ b/kernel/sysctl.c
> @@ -814,6 +814,15 @@ static struct ctl_table kern_table[] = {
>  		.extra2		= &ten_thousand,
>  	},
>  	{
> +		.procname	= "printk_devkmsg",
> +		.data		= &devkmsg_log,
> +		.maxlen		= sizeof(unsigned int),
> +		.mode		= 0644,
> +		.proc_handler	= devkmsg_sysctl_set_loglvl,
> +		.extra1		= &zero,
> +		.extra2		= &two,
> +	},
> +	{
>  		.procname	= "dmesg_restrict",
>  		.data		= &dmesg_restrict,
>  		.maxlen		= sizeof(int),