[Devel] [PATCH RHEL COMMIT] trusted/ve/fs/exec: Send SIGSEGV to a process trying to execute untrusted files

Mon Oct 4 21:41:00 MSK 2021

The commit is pushed to "branch-rh9-5.14.vz9.1.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after ark-5.14
------>
commit b2779187f3b2f18cba6afd28ceb3d82f7a46b2e9
Author: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
Date:   Mon Oct 4 21:41:00 2021 +0300

    trusted/ve/fs/exec: Send SIGSEGV to a process trying to execute untrusted files
    
    It can help faster find out the cause of the problem in case userspace
    is executing CT binary from host.
    
    Logs are not enough sometimes.
    
    Avoid disk overflown with coredumps by ratelimiting them to 3 times a day.
    
    https://jira.sw.ru/browse/PSBM-98702
    
    Signed-off-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
    
    https://jira.sw.ru/browse/PSBM-129741
    
    Cherry-picked from vz7 commit 5bbfc9c12238 ("ve/fs/exec: send SIGSEGV to
    a process trying to execute untrusted files")
    
    Signed-off-by: Valeriy Vdovin <valeriy.vdovin at virtuozzo.com>
    
    Reviewed-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
    Reviewed-by: Konstantin Khorenko <khorenko at virtuozzo.com>
    
    (cherry picked from vz8 commit 01691e309bbefa3be72cc4a047d23ac331b3cca1)
    Signed-off-by: Andrey Zhadchenko <andrey.zhadchenko at virtuozzo.com>
---
 kernel/ve/ve.c | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/kernel/ve/ve.c b/kernel/ve/ve.c
index ca23c3827e44..4123a1bb2136 100644
--- a/kernel/ve/ve.c
+++ b/kernel/ve/ve.c
@@ -1298,17 +1298,27 @@ static bool ve_check_trusted_file(struct file *file)
 	return false;
 }
 
+/* Send signal only 3 times a day so that coredumps don't overflow the disk */
+#define SIGSEGV_RATELIMIT_INTERVAL	(24 * 60 * 60 * HZ)
+#define SIGSEGV_RATELIMIT_BURST		3
+
 /*
  * We don't want a VE0-privileged user intentionally or by mistake
  * to execute files of container, these files are untrusted.
  */
 bool ve_check_trusted_exec(struct file *file, struct filename *name)
 {
+	static DEFINE_RATELIMIT_STATE(sigsegv_rs, SIGSEGV_RATELIMIT_INTERVAL,
+						  SIGSEGV_RATELIMIT_BURST);
 	if (ve_check_trusted_file(file))
 		return true;
 
-	WARN_ONCE(1, "VE0's %s tried to execute untrusted file %s from VEX\n",
-		     current->comm, name->name);
+	if (!__ratelimit(&sigsegv_rs))
+		return false;
+
+	WARN(1, "VE0's %s tried to execute untrusted file %s from VEX\n",
+		current->comm, name->name);
+	force_sigsegv(SIGSEGV);
 	return false;
 }
 
