+ lib-dump_stack-add-dump_stack_print_cmdline-and-wire-up-in-dump_stack_print_info.patch added to mm-nonmm-unstable branch

+ lib-dump_stack-add-dump_stack_print_cmdline-and-wire-up-in-dump_stack_print_info.patch added to mm-nonmm-unstable branch

[Andrew Morton]

The patch titled
     Subject: lib/dump_stack: add dump_stack_print_cmdline() and wire up in dump_stack_print_info()
has been added to the -mm mm-nonmm-unstable branch.  Its filename is
     lib-dump_stack-add-dump_stack_print_cmdline-and-wire-up-in-dump_stack_print_info.patch

This patch will shortly appear at
     https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patches/lib-dump_stack-add-dump_stack_print_cmdline-and-wire-up-in-dump_stack_print_info.patch

This patch will later appear in the mm-nonmm-unstable branch at
    git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm

Before you just go and hit "reply", please:
   a) Consider who else should be cc'ed
   b) Prefer to cc a suitable mailing list as well
   c) Ideally: find the original patch on the mailing list and do a
      reply-to-all to that, adding suitable additional cc's

*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***

The -mm tree is included into linux-next via the mm-everything
branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
and is updated there every 2-3 working days

------------------------------------------------------
From: Helge Deller <deller@gmx.de>
Subject: lib/dump_stack: add dump_stack_print_cmdline() and wire up in dump_stack_print_info()
Date: Mon, 8 Aug 2022 15:09:15 +0200

Add the function dump_stack_print_cmdline() which can be used by arch code
to print the command line of the current processs.  This function is
useful in arch code when dumping information for a faulting process.

Wire this function up in the dump_stack_print_info() function to include
the dumping of the command line for architectures which use
dump_stack_print_info().

As an example, with this patch a failing glibc testcase (which uses
ld.so.1 as starting program) up to now reported just "ld.so.1" failing:

 do_page_fault() command='ld.so.1' type=15 address=0x565921d8 in libc.so[f7339000+1bb000]
 trap #15: Data TLB miss fault, vm_start = 0x0001a000, vm_end = 0x0001b000

and now it reports in addition:

 ld.so.1[1151] cmdline: /home/gnu/glibc/objdir/elf/ld.so.1 --library-path =
/home/gnu/glibc/objdir:/home/gnu/glibc/objdir/math:/home/gnu/
    /home/gnu/glibc/objdir/malloc/tst-safe-linking-malloc-hugetlb1

Josh Triplett noted that dumping such command line parameters into syslog
may theoretically lead to information disclosure.  That's why this patch
checks the value of the kptr_restrict sysctl variable and will not print
any information if kptr_restrict==2, and will not show the program
parameters if kptr_restrict==1.

Link: https://lkml.kernel.org/r/20220808130917.30760-3-deller@gmx.de
Signed-off-by: Helge Deller <deller@gmx.de>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: Josh Triplett <josh@joshtriplett.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 include/linux/printk.h |    5 +++++
 lib/dump_stack.c       |   34 ++++++++++++++++++++++++++++++++++
 2 files changed, 39 insertions(+)

--- a/include/linux/printk.h~lib-dump_stack-add-dump_stack_print_cmdline-and-wire-up-in-dump_stack_print_info
+++ a/include/linux/printk.h
@@ -191,6 +191,7 @@ u32 log_buf_len_get(void);
 void log_buf_vmcoreinfo_setup(void);
 void __init setup_log_buf(int early);
 __printf(1, 2) void dump_stack_set_arch_desc(const char *fmt, ...);
+void dump_stack_print_cmdline(const char *log_lvl);
 void dump_stack_print_info(const char *log_lvl);
 void show_regs_print_info(const char *log_lvl);
 extern asmlinkage void dump_stack_lvl(const char *log_lvl) __cold;
@@ -262,6 +263,10 @@ static inline __printf(1, 2) void dump_s
 {
 }
 
+static inline void dump_stack_print_cmdline(const char *log_lvl)
+{
+}
+
 static inline void dump_stack_print_info(const char *log_lvl)
 {
 }
--- a/lib/dump_stack.c~lib-dump_stack-add-dump_stack_print_cmdline-and-wire-up-in-dump_stack_print_info
+++ a/lib/dump_stack.c
@@ -14,6 +14,7 @@
 #include <linux/kexec.h>
 #include <linux/utsname.h>
 #include <linux/stop_machine.h>
+#include <linux/proc_fs.h>
 
 static char dump_stack_arch_desc_str[128];
 
@@ -46,6 +47,37 @@ void __init dump_stack_set_arch_desc(con
 #endif
 
 /**
+ * dump_stack_print_cmdline - print the command line of current process
+ * @log_lvl: log level
+ */
+void dump_stack_print_cmdline(const char *log_lvl)
+{
+	char cmdline[256];
+
+	if (kptr_restrict >= 2)
+		return; /* never show command line */
+
+	/* get command line */
+	get_task_cmdline_kernel(current, cmdline, sizeof(cmdline));
+
+	if (kptr_restrict == 1) {
+		char *p;
+
+		/* if restricted show program path only */
+		p = strchr(cmdline, ' ');
+		if (p) {
+			*p = 0;
+			strlcat(cmdline,
+				" ... [parameters hidden due to kptr_restrict]",
+				sizeof(cmdline));
+		}
+	}
+
+	printk("%s%s[%d] cmdline: %s\n", log_lvl, current->comm,
+		current->pid, cmdline);
+}
+
+/**
  * dump_stack_print_info - print generic debug info for dump_stack()
  * @log_lvl: log level
  *
@@ -62,6 +94,8 @@ void dump_stack_print_info(const char *l
 	       (int)strcspn(init_utsname()->version, " "),
 	       init_utsname()->version, BUILD_ID_VAL);
 
+	dump_stack_print_cmdline(log_lvl);
+
 	if (dump_stack_arch_desc_str[0] != '\0')
 		printk("%sHardware name: %s\n",
 		       log_lvl, dump_stack_arch_desc_str);
_

Patches currently in -mm which might be from deller@gmx.de are

proc-add-get_task_cmdline_kernel-function.patch
lib-dump_stack-add-dump_stack_print_cmdline-and-wire-up-in-dump_stack_print_info.patch
x86-fault-dump-command-line-of-faulting-process-to-syslog.patch
arc-use-generic-dump_stack_print_cmdline-implementation.patch

Re: + lib-dump_stack-add-dump_stack_print_cmdline-and-wire-up-in-dump_stack_print_info.patch added to mm-nonmm-unstable branch

[Alexey Dobriyan]

On Wed, Aug 17, 2022 at 12:55:40PM -0700, Andrew Morton wrote:
> Add the function dump_stack_print_cmdline() which can be used by arch code
> to print the command line of the current processs.  This function is
> useful in arch code when dumping information for a faulting process.
> 
> Wire this function up in the dump_stack_print_info() function to include
> the dumping of the command line for architectures which use
> dump_stack_print_info().
> 
> As an example, with this patch a failing glibc testcase (which uses
> ld.so.1 as starting program) up to now reported just "ld.so.1" failing:
> 
>  do_page_fault() command='ld.so.1' type=15 address=0x565921d8 in libc.so[f7339000+1bb000]
>  trap #15: Data TLB miss fault, vm_start = 0x0001a000, vm_end = 0x0001b000
> 
> and now it reports in addition:
> 
>  ld.so.1[1151] cmdline: /home/gnu/glibc/objdir/elf/ld.so.1 --library-path =
> /home/gnu/glibc/objdir:/home/gnu/glibc/objdir/math:/home/gnu/
>     /home/gnu/glibc/objdir/malloc/tst-safe-linking-malloc-hugetlb1
> 
> Josh Triplett noted that dumping such command line parameters into syslog
> may theoretically lead to information disclosure.  That's why this patch
> checks the value of the kptr_restrict sysctl variable and will not print
> any information if kptr_restrict==2, and will not show the program
> parameters if kptr_restrict==1.

This whole feature needs its own sysctl. How is "kernel pointer restriction"
is related to "dump full command line to syslog at segfault"?

I've checked my non-customised Fedora system and kptr_restrict is 0.
It looks like Centos and Ubuntu ship with kptr_restrict=1.

There was a patch recently to hide specific command line options from
/proc/*/cmdline because some programs accept passwords from the command
line.

Re: + lib-dump_stack-add-dump_stack_print_cmdline-and-wire-up-in-dump_stack_print_info.patch added to mm-nonmm-unstable branch

[Helge Deller]

On 8/18/22 07:50, Alexey Dobriyan wrote:
> On Wed, Aug 17, 2022 at 12:55:40PM -0700, Andrew Morton wrote:
>> Add the function dump_stack_print_cmdline() which can be used by arch code
>> to print the command line of the current processs.  This function is
>> useful in arch code when dumping information for a faulting process.
>>
>> Wire this function up in the dump_stack_print_info() function to include
>> the dumping of the command line for architectures which use
>> dump_stack_print_info().
>>
>> As an example, with this patch a failing glibc testcase (which uses
>> ld.so.1 as starting program) up to now reported just "ld.so.1" failing:
>>
>>  do_page_fault() command='ld.so.1' type=15 address=0x565921d8 in libc.so[f7339000+1bb000]
>>  trap #15: Data TLB miss fault, vm_start = 0x0001a000, vm_end = 0x0001b000
>>
>> and now it reports in addition:
>>
>>  ld.so.1[1151] cmdline: /home/gnu/glibc/objdir/elf/ld.so.1 --library-path =
>> /home/gnu/glibc/objdir:/home/gnu/glibc/objdir/math:/home/gnu/
>>     /home/gnu/glibc/objdir/malloc/tst-safe-linking-malloc-hugetlb1
>>
>> Josh Triplett noted that dumping such command line parameters into syslog
>> may theoretically lead to information disclosure.  That's why this patch
>> checks the value of the kptr_restrict sysctl variable and will not print
>> any information if kptr_restrict==2, and will not show the program
>> parameters if kptr_restrict==1.
>
> This whole feature needs its own sysctl. How is "kernel pointer restriction"
> is related to "dump full command line to syslog at segfault"?

Usually if you enable one of those b/c of security concerns, then you probably
want to enable the other as well. So, to some degree it makes sense.
The original discussion is here:
https://lore.kernel.org/lkml/a0bf15a2-2f9c-5603-3adb-ffa705572a92@gmx.de/T/#mfa009226e45e2420db5e7f4e980e381be6434448

But I'm fine with adding another sysctl too, if that's the preferred solution.
If so, any suggestions?
And, the sysctl could be added later too...

> I've checked my non-customised Fedora system and kptr_restrict is 0.
> It looks like Centos and Ubuntu ship with kptr_restrict=1.

... which seems ok then, IMHO.

> There was a patch recently to hide specific command line options from
> /proc/*/cmdline because some programs accept passwords from the command
> line.

Do you have a link to that?

Helge