diff options
| author | Theo de Raadt <deraadt@cvs.openbsd.org> | 2024-06-02 15:31:58 +0000 |
|---|---|---|
| committer | Theo de Raadt <deraadt@cvs.openbsd.org> | 2024-06-02 15:31:58 +0000 |
| commit | b2305354573bcf7b13bc8ab77573165dcf3a7faf (patch) | |
| tree | c7873f10a6c4f497ecbbb7811fd1f2591c543e1d /sys | |
| parent | d21f6cd024b4e3f11f4436be23da0d2675f00b9c (diff) | |
pledge, MAP_STACK, and pinsyscall failures have been providing failure
visibility with kernel printf(9) (thus, onto console and into dmesg) since
the start of development. I want to reduce the dmesg spam, and bring
this more into the attention of the user who ran the command, so let's
try using uprintf(9) which puts it onto the active foreground tty (yes,
there maybe cases where there is no tty, but that's ok. I'll admit
I've considered deleting the logging messages entirely)
tested in snaps for a week
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/kern/kern_pledge.c | 6 | ||||
| -rw-r--r-- | sys/sys/syscall_mi.h | 7 | ||||
| -rw-r--r-- | sys/uvm/uvm_map.c | 26 |
3 files changed, 12 insertions, 27 deletions
diff --git a/sys/kern/kern_pledge.c b/sys/kern/kern_pledge.c index 487df5dc249..13d2f75402c 100644 --- a/sys/kern/kern_pledge.c +++ b/sys/kern/kern_pledge.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_pledge.c,v 1.314 2024/05/18 05:20:22 guenther Exp $ */ +/* $OpenBSD: kern_pledge.c,v 1.315 2024/06/02 15:31:56 deraadt Exp $ */ /* * Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org> @@ -574,7 +574,7 @@ pledge_fail(struct proc *p, int error, uint64_t code) return (ENOSYS); KERNEL_LOCK(); - log(LOG_ERR, "%s[%d]: pledge \"%s\", syscall %d\n", + uprintf("%s[%d]: pledge \"%s\", syscall %d\n", p->p_p->ps_comm, p->p_p->ps_pid, codes, p->p_pledge_syscall); p->p_p->ps_acflag |= APLEDGE; @@ -1005,7 +1005,7 @@ pledge_sysctl(struct proc *p, int miblen, int *mib, void *new) char *p = buf + strlen(buf); snprintf(p, sizeof(buf) - (p - buf), " %d", mib[i]); } - log(LOG_ERR, "%s\n", buf); + uprintf("%s\n", buf); return pledge_fail(p, EINVAL, 0); } diff --git a/sys/sys/syscall_mi.h b/sys/sys/syscall_mi.h index db457616830..fe6b5320846 100644 --- a/sys/sys/syscall_mi.h +++ b/sys/sys/syscall_mi.h @@ -1,4 +1,4 @@ -/* $OpenBSD: syscall_mi.h,v 1.33 2024/04/01 12:00:15 deraadt Exp $ */ +/* $OpenBSD: syscall_mi.h,v 1.34 2024/06/02 15:31:57 deraadt Exp $ */ /* * Copyright (c) 1982, 1986, 1989, 1993 @@ -105,9 +105,8 @@ die: ktrpinsyscall(p, error, code, addr); #endif KERNEL_LOCK(); - /* XXX remove or simplify this log() call after OpenBSD 7.5 release */ - log(LOG_ERR, - "%s[%d]: pinsyscalls addr %lx code %ld, pinoff 0x%x " + /* XXX remove or simplify this uprintf() call after OpenBSD 7.5 release */ + uprintf("%s[%d]: pinsyscalls addr %lx code %ld, pinoff 0x%x " "(pin%s %d %lx-%lx %lx) (libcpin%s %d %lx-%lx %lx) error %d\n", p->p_p->ps_comm, p->p_p->ps_pid, addr, code, (pin && code < pin->pn_npins) ? pin->pn_pins[code] : -1, diff --git a/sys/uvm/uvm_map.c b/sys/uvm/uvm_map.c index a0c17ee18f4..5da14db20a5 100644 --- a/sys/uvm/uvm_map.c +++ b/sys/uvm/uvm_map.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uvm_map.c,v 1.328 2024/04/02 08:39:17 deraadt Exp $ */ +/* $OpenBSD: uvm_map.c,v 1.329 2024/06/02 15:31:57 deraadt Exp $ */ /* $NetBSD: uvm_map.c,v 1.86 2000/11/27 08:40:03 chs Exp $ */ /* @@ -1659,7 +1659,7 @@ uvm_map_inentry(struct proc *p, struct p_inentry *ie, vaddr_t addr, ok = uvm_map_inentry_fix(p, ie, addr, fn, serial); if (!ok) { KERNEL_LOCK(); - printf(fmt, p->p_p->ps_comm, p->p_p->ps_pid, p->p_tid, + uprintf(fmt, p->p_p->ps_comm, p->p_p->ps_pid, p->p_tid, addr, ie->ie_start, ie->ie_end-1); p->p_p->ps_acflag |= AMAP; sv.sival_ptr = (void *)PROC_PC(p); @@ -1685,11 +1685,8 @@ uvm_map_is_stack_remappable(struct vm_map *map, vaddr_t addr, vaddr_t sz, vm_map_assert_anylock(map); - if (!uvm_map_lookup_entry(map, addr, &first)) { - printf("map stack 0x%lx-0x%lx of map %p failed: no mapping\n", - addr, end, map); + if (!uvm_map_lookup_entry(map, addr, &first)) return FALSE; - } /* * Check that the address range exists and is contiguous. @@ -1707,16 +1704,10 @@ uvm_map_is_stack_remappable(struct vm_map *map, vaddr_t addr, vaddr_t sz, } #endif - if (prev != NULL && prev->end != iter->start) { - printf("map stack 0x%lx-0x%lx of map %p failed: " - "hole in range\n", addr, end, map); + if (prev != NULL && prev->end != iter->start) return FALSE; - } - if (iter->start == iter->end || UVM_ET_ISHOLE(iter)) { - printf("map stack 0x%lx-0x%lx of map %p failed: " - "hole in range\n", addr, end, map); + if (iter->start == iter->end || UVM_ET_ISHOLE(iter)) return FALSE; - } if (sigaltstack_check) { if (iter->protection != (PROT_READ | PROT_WRITE)) return FALSE; @@ -1740,7 +1731,6 @@ uvm_map_remap_as_stack(struct proc *p, vaddr_t addr, vaddr_t sz) { vm_map_t map = &p->p_vmspace->vm_map; vaddr_t start, end; - int error; int flags = UVM_MAPFLAG(PROT_READ | PROT_WRITE, PROT_READ | PROT_WRITE | PROT_EXEC, MAP_INHERIT_COPY, MADV_NORMAL, @@ -1767,11 +1757,7 @@ uvm_map_remap_as_stack(struct proc *p, vaddr_t addr, vaddr_t sz) * placed upon the region, which prevents an attacker from pivoting * into pre-placed MAP_STACK space. */ - error = uvm_mapanon(map, &start, end - start, 0, flags); - if (error != 0) - printf("map stack for pid %d failed\n", p->p_p->ps_pid); - - return error; + return uvm_mapanon(map, &start, end - start, 0, flags); } /* |