[Devel] [PATCH RHEL8 COMMIT] trusted/ve/fs/exec: Send SIGSEGV to a process trying to execute untrusted files

Wed, 09 Jun 2021 08:02:05 -0700 

The commit is pushed to "branch-rh8-4.18.0-240.1.1.vz8.5.x-ovz" and will appear 
at https://src.openvz.org/scm/ovz/vzkernel.git
after rh8-4.18.0-240.1.1.vz8.5.37
------>
commit c621e51959e7c8543f2c6ff59f570835b6449be4
Author: Pavel Tikhomirov <[email protected]>
Date:   Wed Jun 9 14:01:07 2021 +0300

    trusted/ve/fs/exec: Send SIGSEGV to a process trying to execute untrusted 
files
    
    It can help faster find out the cause of the problem in case userspace
    is executing CT binary from host.
    
    Logs are not enough sometimes.
    
    Avoid disk overflown with coredumps by ratelimiting them to 3 times a day.
    
    https://jira.sw.ru/browse/PSBM-98702
    
    Signed-off-by: Pavel Tikhomirov <[email protected]>
    
    https://jira.sw.ru/browse/PSBM-129741
    
    Cherry-picked from vz7 commit 5bbfc9c12238 ("ve/fs/exec: send SIGSEGV to
    a process trying to execute untrusted files")
    
    Signed-off-by: Valeriy Vdovin <[email protected]>
    
    Reviewed-by: Pavel Tikhomirov <[email protected]>
    Reviewed-by: Konstantin Khorenko <[email protected]>
---
 kernel/ve/ve.c | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/kernel/ve/ve.c b/kernel/ve/ve.c
index 6594772a10dd..aae5d6d7ddd7 100644
--- a/kernel/ve/ve.c
+++ b/kernel/ve/ve.c
@@ -1814,17 +1814,27 @@ static bool ve_check_trusted_file(struct file *file)
        return false;
 }
 
+/* Send signal only 3 times a day so that coredumps don't overflow the disk */
+#define SIGSEGV_RATELIMIT_INTERVAL     (24 * 60 * 60 * HZ)
+#define SIGSEGV_RATELIMIT_BURST                3
+
 /*
  * We don't want a VE0-privileged user intentionally or by mistake
  * to execute files of container, these files are untrusted.
  */
 bool ve_check_trusted_exec(struct file *file, struct filename *name)
 {
+       static DEFINE_RATELIMIT_STATE(sigsegv_rs, SIGSEGV_RATELIMIT_INTERVAL,
+                                                 SIGSEGV_RATELIMIT_BURST);
        if (ve_check_trusted_file(file))
                return true;
 
-       WARN_ONCE(1, "VE0's %s tried to execute untrusted file %s from VEX\n",
-                    current->comm, name->name);
+       if (!__ratelimit(&sigsegv_rs))
+               return false;
+
+       WARN(1, "VE0's %s tried to execute untrusted file %s from VEX\n",
+               current->comm, name->name);
+       force_sigsegv(SIGSEGV, current);
        return false;
 }
 
_______________________________________________
Devel mailing list
[email protected]
https://lists.openvz.org/mailman/listinfo/devel

Reply via email to