[Devel] [PATCH RH9 4/6] trusted/ve/fs/exec: Send SIGSEGV to a process trying to execute untrusted files

Andrey Zhadchenko andrey.zhadchenko at virtuozzo.com
Mon Oct 4 17:42:54 MSK 2021 

From: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>

It can help faster find out the cause of the problem in case userspace
is executing CT binary from host.

Logs are not enough sometimes.

Avoid disk overflown with coredumps by ratelimiting them to 3 times a day.

https://jira.sw.ru/browse/PSBM-98702

Signed-off-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>

https://jira.sw.ru/browse/PSBM-129741

Cherry-picked from vz7 commit 5bbfc9c12238 ("ve/fs/exec: send SIGSEGV to
a process trying to execute untrusted files")

Signed-off-by: Valeriy Vdovin <valeriy.vdovin at virtuozzo.com>

Reviewed-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
Reviewed-by: Konstantin Khorenko <khorenko at virtuozzo.com>

(cherry picked from vz8 commit 01691e309bbefa3be72cc4a047d23ac331b3cca1)
Signed-off-by: Andrey Zhadchenko <andrey.zhadchenko at virtuozzo.com>
---
 kernel/ve/ve.c | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/kernel/ve/ve.c b/kernel/ve/ve.c
index 16100a4..bb662e4 100644
--- a/kernel/ve/ve.c
+++ b/kernel/ve/ve.c
@@ -1369,17 +1369,27 @@ static bool ve_check_trusted_file(struct file *file)
 	return false;
 }
 
+/* Send signal only 3 times a day so that coredumps don't overflow the disk */
+#define SIGSEGV_RATELIMIT_INTERVAL	(24 * 60 * 60 * HZ)
+#define SIGSEGV_RATELIMIT_BURST		3
+
 /*
  * We don't want a VE0-privileged user intentionally or by mistake
  * to execute files of container, these files are untrusted.
  */
 bool ve_check_trusted_exec(struct file *file, struct filename *name)
 {
+	static DEFINE_RATELIMIT_STATE(sigsegv_rs, SIGSEGV_RATELIMIT_INTERVAL,
+						  SIGSEGV_RATELIMIT_BURST);
 	if (ve_check_trusted_file(file))
 		return true;
 
-	WARN_ONCE(1, "VE0's %s tried to execute untrusted file %s from VEX\n",
-		     current->comm, name->name);
+	if (!__ratelimit(&sigsegv_rs))
+		return false;
+
+	WARN(1, "VE0's %s tried to execute untrusted file %s from VEX\n",
+		current->comm, name->name);
+	force_sigsegv(SIGSEGV);
 	return false;
 }
 
-- 
1.8.3.1

More information about the Devel mailing list