From: Allen Pais <apais@linux.microsoft.com>
To: linux-fsdevel@vger.kernel.org
Cc: linux-kernel@vger.kernel.org, linux-mm@kvack.org,
viro@zeniv.linux.org.uk, brauner@kernel.org, jack@suse.cz,
ebiederm@xmission.com, keescook@chromium.org, mcgrof@kernel.org,
j.granados@samsung.com, allen.lkml@gmail.com
Subject: [PATCH v4] fs/coredump: Enable dynamic configuration of max file note size
Date: Mon, 6 May 2024 19:37:00 +0000 [thread overview]
Message-ID: <20240506193700.7884-1-apais@linux.microsoft.com> (raw)
Introduce the capability to dynamically configure the maximum file
note size for ELF core dumps via sysctl.
Why is this being done?
We have observed that during a crash when there are more than 65k mmaps
in memory, the existing fixed limit on the size of the ELF notes section
becomes a bottleneck. The notes section quickly reaches its capacity,
leading to incomplete memory segment information in the resulting coredump.
This truncation compromises the utility of the coredumps, as crucial
information about the memory state at the time of the crash might be
omitted.
This enhancement removes the previous static limit of 4MB, allowing
system administrators to adjust the size based on system-specific
requirements or constraints.
Eg:
$ sysctl -a | grep core_file_note_size_min
kernel.core_file_note_size_max = 4194304
$ sysctl -n kernel.core_file_note_size_min
4194304
$echo 519304 > /proc/sys/kernel/core_file_note_size_min
$sysctl -n kernel.core_file_note_size_min
519304
Attempting to write beyond the ceiling value of 16MB
$echo 17194304 > /proc/sys/kernel/core_file_note_size_min
bash: echo: write error: Invalid argument
Signed-off-by: Vijay Nag <nagvijay@microsoft.com>
Signed-off-by: Allen Pais <apais@linux.microsoft.com>
---
Changes in v4:
- Rename core_file_note_size_max to core_file_note_size_min [kees]
- Rename core_file_note_size_max to MAX_FILE_NOTE_SIZE to
CORE_FILE_NOTE_SIZE_DEFAULT and MAX_ALLOWED_NOTE_SIZE to
CORE_FILE_NOTE_SIZE_MAX [Kees]
- change core_file_note_size_allowed to static and const [Kees]
Changes in v3:
- Fix commit message to reflect the correct sysctl knob [Kees]
- Add a ceiling for maximum pssible note size(16M) [Allen]
- Add a pr_warn_once() [Kees]
Changes in v2:
- Move new sysctl to fs/coredump.c [Luis & Kees]
- rename max_file_note_size to core_file_note_size_max [kees]
- Capture "why this is being done?" int he commit message [Luis & Kees]
---
fs/binfmt_elf.c | 7 +++++--
fs/coredump.c | 15 +++++++++++++++
include/linux/coredump.h | 1 +
3 files changed, 21 insertions(+), 2 deletions(-)
diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
index 5397b552fbeb..4dc7eb265a97 100644
--- a/fs/binfmt_elf.c
+++ b/fs/binfmt_elf.c
@@ -1564,7 +1564,6 @@ static void fill_siginfo_note(struct memelfnote *note, user_siginfo_t *csigdata,
fill_note(note, "CORE", NT_SIGINFO, sizeof(*csigdata), csigdata);
}
-#define MAX_FILE_NOTE_SIZE (4*1024*1024)
/*
* Format of NT_FILE note:
*
@@ -1592,8 +1591,12 @@ static int fill_files_note(struct memelfnote *note, struct coredump_params *cprm
names_ofs = (2 + 3 * count) * sizeof(data[0]);
alloc:
- if (size >= MAX_FILE_NOTE_SIZE) /* paranoia check */
+ /* paranoia check */
+ if (size >= core_file_note_size_min) {
+ pr_warn_once("coredump Note size too large: %u (does kernel.core_file_note_size_min sysctl need adjustment?\n",
+ size);
return -EINVAL;
+ }
size = round_up(size, PAGE_SIZE);
/*
* "size" can be 0 here legitimately.
diff --git a/fs/coredump.c b/fs/coredump.c
index be6403b4b14b..20807c3c5477 100644
--- a/fs/coredump.c
+++ b/fs/coredump.c
@@ -56,10 +56,16 @@
static bool dump_vma_snapshot(struct coredump_params *cprm);
static void free_vma_snapshot(struct coredump_params *cprm);
+#define CORE_FILE_NOTE_SIZE_DEFAULT (4*1024*1024)
+/* Define a reasonable max cap */
+#define CORE_FILE_NOTE_SIZE_MAX (16*1024*1024)
+
static int core_uses_pid;
static unsigned int core_pipe_limit;
static char core_pattern[CORENAME_MAX_SIZE] = "core";
static int core_name_size = CORENAME_MAX_SIZE;
+static const unsigned int core_file_note_size_max = CORE_FILE_NOTE_SIZE_MAX;
+unsigned int core_file_note_size_min = CORE_FILE_NOTE_SIZE_DEFAULT;
struct core_name {
char *corename;
@@ -1020,6 +1026,15 @@ static struct ctl_table coredump_sysctls[] = {
.mode = 0644,
.proc_handler = proc_dointvec,
},
+ {
+ .procname = "core_file_note_size_min",
+ .data = &core_file_note_size_min,
+ .maxlen = sizeof(unsigned int),
+ .mode = 0644,
+ .proc_handler = proc_douintvec_minmax,
+ .extra1 = &core_file_note_size_min,
+ .extra2 = (unsigned int *) &core_file_note_size_max,
+ },
};
static int __init init_fs_coredump_sysctls(void)
diff --git a/include/linux/coredump.h b/include/linux/coredump.h
index d3eba4360150..f6be9fd2aea7 100644
--- a/include/linux/coredump.h
+++ b/include/linux/coredump.h
@@ -46,6 +46,7 @@ static inline void do_coredump(const kernel_siginfo_t *siginfo) {}
#endif
#if defined(CONFIG_COREDUMP) && defined(CONFIG_SYSCTL)
+extern unsigned int core_file_note_size_min;
extern void validate_coredump_safety(void);
#else
static inline void validate_coredump_safety(void) {}
--
2.17.1
next reply other threads:[~2024-05-06 19:37 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-06 19:37 Allen Pais [this message]
2024-05-07 15:11 ` [PATCH v4] fs/coredump: Enable dynamic configuration of max file note size kernel test robot
2024-05-07 16:36 ` Allen
2024-05-07 16:55 ` kernel test robot
2024-05-07 17:02 ` Kees Cook
2024-05-07 17:13 ` Allen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240506193700.7884-1-apais@linux.microsoft.com \
--to=apais@linux.microsoft.com \
--cc=allen.lkml@gmail.com \
--cc=brauner@kernel.org \
--cc=ebiederm@xmission.com \
--cc=j.granados@samsung.com \
--cc=jack@suse.cz \
--cc=keescook@chromium.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mcgrof@kernel.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).