From: Borislav Petkov <bp@alien8.de>
To: Linus Torvalds <torvalds@linux-foundation.org>,
Steven Rostedt <rostedt@goodmis.org>
Cc: "Greg Kroah-Hartman" <gregkh@linuxfoundation.org>,
"Ingo Molnar" <mingo@kernel.org>,
"Peter Zijlstra" <peterz@infradead.org>,
"Andrew Morton" <akpm@linux-foundation.org>,
"Uwe Kleine-König" <u.kleine-koenig@pengutronix.de>,
LKML <linux-kernel@vger.kernel.org>
Subject: [PATCH 2/2] printk: Add kernel parameter to control writes to /dev/kmsg
Date: Tue, 14 Jun 2016 12:12:08 +0200 [thread overview]
Message-ID: <1465899128-4522-3-git-send-email-bp@alien8.de> (raw)
In-Reply-To: <1465899128-4522-1-git-send-email-bp@alien8.de>
From: Borislav Petkov <bp@suse.de>
Add a "printk.kmsg" kernel command line parameter which controls how
userspace writes into /dev/kmsg. It has two options:
* on - unlimited logging from userspace
* off - logging from userspace gets ignored
The default setting is to ratelimit the messages written to it.
It additionally does not limit logging to /dev/kmsg while the system is
booting if we haven't disabled it on the command line.
This patch is based on previous patches from Linus and Steven.
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Steven Rostedt <rostedt@goodmis.org>
---
Documentation/kernel-parameters.txt | 6 ++++
kernel/printk/printk.c | 57 +++++++++++++++++++++++++++++++------
2 files changed, 55 insertions(+), 8 deletions(-)
diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt
index 82b42c958d1c..4799c88b7258 100644
--- a/Documentation/kernel-parameters.txt
+++ b/Documentation/kernel-parameters.txt
@@ -3150,6 +3150,12 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
Format: <bool> (1/Y/y=enable, 0/N/n=disable)
default: disabled
+ printk.kmsg={on,off}
+ Control writing to /dev/kmsg.
+ on - unlimited logging to /dev/kmsg from userspace
+ off - logging to /dev/kmsg disabled
+ Default: ratelimited logging.
+
printk.time= Show timing data prefixed to each printk message line
Format: <bool> (1/Y/y=enable, 0/N/n=disable)
diff --git a/kernel/printk/printk.c b/kernel/printk/printk.c
index 60cdf6386763..33701a166f26 100644
--- a/kernel/printk/printk.c
+++ b/kernel/printk/printk.c
@@ -86,6 +86,29 @@ static struct lockdep_map console_lock_dep_map = {
};
#endif
+#define DEVKMSG_LOG_RATELIMIT 0
+#define DEVKMSG_LOG_ON 1
+#define DEVKMSG_LOG_OFF 2
+
+/* DEVKMSG_LOG_RATELIMIT by default */
+static unsigned int __read_mostly devkmsg_log;
+static int __init control_devkmsg(char *str)
+{
+ if (!str)
+ return -EINVAL;
+
+ if (!strncmp(str, "on", 2))
+ devkmsg_log = DEVKMSG_LOG_ON;
+ else if (!strncmp(str, "off", 3))
+ devkmsg_log = DEVKMSG_LOG_OFF;
+ else
+ return -EINVAL;
+
+ return 0;
+}
+__setup("printk.kmsg=", control_devkmsg);
+
+
/*
* Number of registered extended console drivers.
*
@@ -614,6 +637,7 @@ struct devkmsg_user {
u64 seq;
u32 idx;
enum log_flags prev;
+ struct ratelimit_state rs;
struct mutex lock;
char buf[CONSOLE_EXT_LOG_MAX];
};
@@ -623,11 +647,24 @@ static ssize_t devkmsg_write(struct kiocb *iocb, struct iov_iter *from)
char *buf, *line;
int level = default_message_loglevel;
int facility = 1; /* LOG_USER */
+ struct file *file = iocb->ki_filp;
+ struct devkmsg_user *user = file->private_data;
size_t len = iov_iter_count(from);
ssize_t ret = len;
- if (len > LOG_LINE_MAX)
+ if (!user || len > LOG_LINE_MAX)
return -EINVAL;
+
+ /* Ignore when user logging is disabled. */
+ if (devkmsg_log == DEVKMSG_LOG_OFF)
+ return len;
+
+ /* Ratelimit when not explicitly enabled or when we're not booting. */
+ if ((system_state != SYSTEM_BOOTING) && (devkmsg_log != DEVKMSG_LOG_ON)) {
+ if (!___ratelimit(&user->rs, current->comm))
+ return ret;
+ }
+
buf = kmalloc(len+1, GFP_KERNEL);
if (buf == NULL)
return -ENOMEM;
@@ -801,18 +838,20 @@ static int devkmsg_open(struct inode *inode, struct file *file)
int err;
/* write-only does not need any file context */
- if ((file->f_flags & O_ACCMODE) == O_WRONLY)
- return 0;
-
- err = check_syslog_permissions(SYSLOG_ACTION_READ_ALL,
- SYSLOG_FROM_READER);
- if (err)
- return err;
+ if ((file->f_flags & O_ACCMODE) != O_WRONLY) {
+ err = check_syslog_permissions(SYSLOG_ACTION_READ_ALL,
+ SYSLOG_FROM_READER);
+ if (err)
+ return err;
+ }
user = kmalloc(sizeof(struct devkmsg_user), GFP_KERNEL);
if (!user)
return -ENOMEM;
+ ratelimit_default_init(&user->rs);
+ ratelimit_set_flags(&user->rs, RATELIMIT_MSG_ON_RELEASE);
+
mutex_init(&user->lock);
raw_spin_lock_irq(&logbuf_lock);
@@ -831,6 +870,8 @@ static int devkmsg_release(struct inode *inode, struct file *file)
if (!user)
return 0;
+ ratelimit_state_exit(&user->rs);
+
mutex_destroy(&user->lock);
kfree(user);
return 0;
--
2.7.3
next prev parent reply other threads:[~2016-06-14 10:12 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-06-14 10:12 [PATCH 0/2] printk.kmsg: Ratelimit it by default Borislav Petkov
2016-06-14 10:12 ` [PATCH 1/2] ratelimit: Extend to print suppressed messages on release Borislav Petkov
2016-06-14 10:12 ` Borislav Petkov [this message]
2016-06-14 10:21 ` [PATCH 2/2] printk: Add kernel parameter to control writes to /dev/kmsg Ingo Molnar
2016-06-14 18:14 ` Steven Rostedt
2016-06-14 18:30 ` Borislav Petkov
2016-06-16 1:40 ` Linus Torvalds
2016-06-16 9:51 ` Borislav Petkov
2016-06-16 1:41 ` [PATCH 0/2] printk.kmsg: Ratelimit it by default Linus Torvalds
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1465899128-4522-3-git-send-email-bp@alien8.de \
--to=bp@alien8.de \
--cc=akpm@linux-foundation.org \
--cc=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@kernel.org \
--cc=peterz@infradead.org \
--cc=rostedt@goodmis.org \
--cc=torvalds@linux-foundation.org \
--cc=u.kleine-koenig@pengutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).