[Devel] [PATCH RHEL8 COMMIT] trusted/ve/fs/exec: Send SIGSEGV to a process trying to execute untrusted files

Konstantin Khorenko khorenko at virtuozzo.com
Wed Jun 9 14:01:08 MSK 2021 

The commit is pushed to "branch-rh8-4.18.0-240.1.1.vz8.5.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh8-4.18.0-240.1.1.vz8.5.37
------>
commit c621e51959e7c8543f2c6ff59f570835b6449be4
Author: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
Date:   Wed Jun 9 14:01:07 2021 +0300

    trusted/ve/fs/exec: Send SIGSEGV to a process trying to execute untrusted files
    
    It can help faster find out the cause of the problem in case userspace
    is executing CT binary from host.
    
    Logs are not enough sometimes.
    
    Avoid disk overflown with coredumps by ratelimiting them to 3 times a day.
    
    https://jira.sw.ru/browse/PSBM-98702
    
    Signed-off-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
    
    https://jira.sw.ru/browse/PSBM-129741
    
    Cherry-picked from vz7 commit 5bbfc9c12238 ("ve/fs/exec: send SIGSEGV to
    a process trying to execute untrusted files")
    
    Signed-off-by: Valeriy Vdovin <valeriy.vdovin at virtuozzo.com>
    
    Reviewed-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
    Reviewed-by: Konstantin Khorenko <khorenko at virtuozzo.com>
---
 kernel/ve/ve.c | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/kernel/ve/ve.c b/kernel/ve/ve.c
index 6594772a10dd..aae5d6d7ddd7 100644
--- a/kernel/ve/ve.c
+++ b/kernel/ve/ve.c
@@ -1814,17 +1814,27 @@ static bool ve_check_trusted_file(struct file *file)
 	return false;
 }
 
+/* Send signal only 3 times a day so that coredumps don't overflow the disk */
+#define SIGSEGV_RATELIMIT_INTERVAL	(24 * 60 * 60 * HZ)
+#define SIGSEGV_RATELIMIT_BURST		3
+
 /*
  * We don't want a VE0-privileged user intentionally or by mistake
  * to execute files of container, these files are untrusted.
  */
 bool ve_check_trusted_exec(struct file *file, struct filename *name)
 {
+	static DEFINE_RATELIMIT_STATE(sigsegv_rs, SIGSEGV_RATELIMIT_INTERVAL,
+						  SIGSEGV_RATELIMIT_BURST);
 	if (ve_check_trusted_file(file))
 		return true;
 
-	WARN_ONCE(1, "VE0's %s tried to execute untrusted file %s from VEX\n",
-		     current->comm, name->name);
+	if (!__ratelimit(&sigsegv_rs))
+		return false;
+
+	WARN(1, "VE0's %s tried to execute untrusted file %s from VEX\n",
+		current->comm, name->name);
+	force_sigsegv(SIGSEGV, current);
 	return false;
 }

More information about the Devel mailing list