[PATCH] kernel/panic/kexec: fix "crash_kexec_post_notifiers" option issue in oops path

[PATCH] kernel/panic/kexec: fix "crash_kexec_post_notifiers" option issue in oops path

[HATAYAMA Daisuke]

The commit f06e5153f4ae2e2f3b0300f0e260e40cb7fefd45 introduced
"crash_kexec_post_notifiers" kernel boot option, which toggles
wheather panic() calls crash_kexec() before or after panic_notifiers
and dump kmsg.

The problem is that the commit overlooks panic_on_oops kernel boot
option. If it is enabled, crash_kexec() is called directly without
going through panic() in oops path.

To fix this issue, this patch adds a check to
"crash_kexec_post_notifiers" in the condition of kexec_should_crash().

Signed-off-by: HATAYAMA Daisuke <d.hatayama@jp.fujitsu.com>
---
 include/linux/kernel.h | 3 +++
 kernel/kexec.c         | 2 ++
 kernel/panic.c         | 2 +-
 3 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/include/linux/kernel.h b/include/linux/kernel.h
index 64ce58b..f47379f 100644
--- a/include/linux/kernel.h
+++ b/include/linux/kernel.h
@@ -426,6 +426,9 @@ extern int panic_on_unrecovered_nmi;
 extern int panic_on_io_nmi;
 extern int panic_on_warn;
 extern int sysctl_panic_on_stackoverflow;
+
+extern bool crash_kexec_post_notifiers;
+
 /*
  * Only to be used by arch init code. If the user over-wrote the default
  * CONFIG_PANIC_TIMEOUT, honor it.
diff --git a/kernel/kexec.c b/kernel/kexec.c
index 9a8a01a..0ecf252 100644
--- a/kernel/kexec.c
+++ b/kernel/kexec.c
@@ -84,6 +84,8 @@ struct resource crashk_low_res = {
 
 int kexec_should_crash(struct task_struct *p)
 {
+	if (crash_kexec_post_notifiers)
+		return 0;
 	if (in_interrupt() || !p->pid || is_global_init(p) || panic_on_oops)
 		return 1;
 	return 0;
diff --git a/kernel/panic.c b/kernel/panic.c
index 4d8d6f9..6582546 100644
--- a/kernel/panic.c
+++ b/kernel/panic.c
@@ -32,7 +32,7 @@ static unsigned long tainted_mask;
 static int pause_on_oops;
 static int pause_on_oops_flag;
 static DEFINE_SPINLOCK(pause_on_oops_lock);
-static bool crash_kexec_post_notifiers;
+bool crash_kexec_post_notifiers;
 int panic_on_warn __read_mostly;
 
 int panic_timeout = CONFIG_PANIC_TIMEOUT;
-- 
1.9.3

Re: [PATCH] kernel/panic/kexec: fix "crash_kexec_post_notifiers" option issue in oops path

[Baoquan He]

On 02/05/15 at 05:59pm, HATAYAMA Daisuke wrote:
> The commit f06e5153f4ae2e2f3b0300f0e260e40cb7fefd45 introduced
> "crash_kexec_post_notifiers" kernel boot option, which toggles
> wheather panic() calls crash_kexec() before or after panic_notifiers
> and dump kmsg.
> 
> The problem is that the commit overlooks panic_on_oops kernel boot
> option. If it is enabled, crash_kexec() is called directly without
> going through panic() in oops path.
> 
> To fix this issue, this patch adds a check to
> "crash_kexec_post_notifiers" in the condition of kexec_should_crash().
> 
> Signed-off-by: HATAYAMA Daisuke <d.hatayama@jp.fujitsu.com>
> ---
>  include/linux/kernel.h | 3 +++
>  kernel/kexec.c         | 2 ++
>  kernel/panic.c         | 2 +-
>  3 files changed, 6 insertions(+), 1 deletion(-)
> 
> diff --git a/include/linux/kernel.h b/include/linux/kernel.h
> index 64ce58b..f47379f 100644
> --- a/include/linux/kernel.h
> +++ b/include/linux/kernel.h
> @@ -426,6 +426,9 @@ extern int panic_on_unrecovered_nmi;
>  extern int panic_on_io_nmi;
>  extern int panic_on_warn;
>  extern int sysctl_panic_on_stackoverflow;
> +
> +extern bool crash_kexec_post_notifiers;
> +
>  /*
>   * Only to be used by arch init code. If the user over-wrote the default
>   * CONFIG_PANIC_TIMEOUT, honor it.
> diff --git a/kernel/kexec.c b/kernel/kexec.c
> index 9a8a01a..0ecf252 100644
> --- a/kernel/kexec.c
> +++ b/kernel/kexec.c
> @@ -84,6 +84,8 @@ struct resource crashk_low_res = {
>  
>  int kexec_should_crash(struct task_struct *p)
>  {
> +	if (crash_kexec_post_notifiers)
> +		return 0;
>  	if (in_interrupt() || !p->pid || is_global_init(p) || panic_on_oops)
>  		return 1;

What if these two conditions !p->pid || is_global_init(p) are satisfied?
Seems the behavious is changed.


>  	return 0;
> diff --git a/kernel/panic.c b/kernel/panic.c
> index 4d8d6f9..6582546 100644
> --- a/kernel/panic.c
> +++ b/kernel/panic.c
> @@ -32,7 +32,7 @@ static unsigned long tainted_mask;
>  static int pause_on_oops;
>  static int pause_on_oops_flag;
>  static DEFINE_SPINLOCK(pause_on_oops_lock);
> -static bool crash_kexec_post_notifiers;
> +bool crash_kexec_post_notifiers;
>  int panic_on_warn __read_mostly;
>  
>  int panic_timeout = CONFIG_PANIC_TIMEOUT;
> -- 
> 1.9.3
> 
> 
> 
> _______________________________________________
> kexec mailing list
> kexec@lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/kexec

Re: [PATCH] kernel/panic/kexec: fix "crash_kexec_post_notifiers" option issue in oops path

[HATAYAMA Daisuke]

Hello,

From: Baoquan He <bhe@redhat.com>
Subject: Re: [PATCH] kernel/panic/kexec: fix "crash_kexec_post_notifiers" option issue in oops path
Date: Mon, 9 Feb 2015 10:40:30 +0800

> On 02/05/15 at 05:59pm, HATAYAMA Daisuke wrote:
>> The commit f06e5153f4ae2e2f3b0300f0e260e40cb7fefd45 introduced
>> "crash_kexec_post_notifiers" kernel boot option, which toggles
>> wheather panic() calls crash_kexec() before or after panic_notifiers
>> and dump kmsg.
>> 
>> The problem is that the commit overlooks panic_on_oops kernel boot
>> option. If it is enabled, crash_kexec() is called directly without
>> going through panic() in oops path.
>> 
>> To fix this issue, this patch adds a check to
>> "crash_kexec_post_notifiers" in the condition of kexec_should_crash().
>> 
>> Signed-off-by: HATAYAMA Daisuke <d.hatayama@jp.fujitsu.com>
>> ---
>>  include/linux/kernel.h | 3 +++
>>  kernel/kexec.c         | 2 ++
>>  kernel/panic.c         | 2 +-
>>  3 files changed, 6 insertions(+), 1 deletion(-)
>> 
>> diff --git a/include/linux/kernel.h b/include/linux/kernel.h
>> index 64ce58b..f47379f 100644
>> --- a/include/linux/kernel.h
>> +++ b/include/linux/kernel.h
>> @@ -426,6 +426,9 @@ extern int panic_on_unrecovered_nmi;
>>  extern int panic_on_io_nmi;
>>  extern int panic_on_warn;
>>  extern int sysctl_panic_on_stackoverflow;
>> +
>> +extern bool crash_kexec_post_notifiers;
>> +
>>  /*
>>   * Only to be used by arch init code. If the user over-wrote the default
>>   * CONFIG_PANIC_TIMEOUT, honor it.
>> diff --git a/kernel/kexec.c b/kernel/kexec.c
>> index 9a8a01a..0ecf252 100644
>> --- a/kernel/kexec.c
>> +++ b/kernel/kexec.c
>> @@ -84,6 +84,8 @@ struct resource crashk_low_res = {
>>  
>>  int kexec_should_crash(struct task_struct *p)
>>  {
>> +	if (crash_kexec_post_notifiers)
>> +		return 0;
>>  	if (in_interrupt() || !p->pid || is_global_init(p) || panic_on_oops)
>>  		return 1;
> 
> What if these two conditions !p->pid || is_global_init(p) are satisfied?
> Seems the behavious is changed.
> 

Please further follow do_exit() path. For each condition, there are
the corresponding panic() calls. In summary:

  oops_end
    1) panic() for in_interrupt()
    2) panic() for panic_on_oops
    do_exit
      3) panic() for !p->pid (idle task)
      exit_notify
        forget_original_parent
          find_child_reaper
            4) panic() for p->pid == 1 (init task)

--
Thanks.
HATAYAMA, Daisuke

Re: [PATCH] kernel/panic/kexec: fix "crash_kexec_post_notifiers" option issue in oops path

[Baoquan He]

On 02/09/15 at 12:22pm, HATAYAMA Daisuke wrote:
> Hello,
> 
> From: Baoquan He <bhe@redhat.com>
> Subject: Re: [PATCH] kernel/panic/kexec: fix "crash_kexec_post_notifiers" option issue in oops path
> Date: Mon, 9 Feb 2015 10:40:30 +0800
> 
> > On 02/05/15 at 05:59pm, HATAYAMA Daisuke wrote:
> >> The commit f06e5153f4ae2e2f3b0300f0e260e40cb7fefd45 introduced
> >> "crash_kexec_post_notifiers" kernel boot option, which toggles
> >> wheather panic() calls crash_kexec() before or after panic_notifiers
> >> and dump kmsg.
> >> 
> >> The problem is that the commit overlooks panic_on_oops kernel boot
> >> option. If it is enabled, crash_kexec() is called directly without
> >> going through panic() in oops path.
> >> 
> >> To fix this issue, this patch adds a check to
> >> "crash_kexec_post_notifiers" in the condition of kexec_should_crash().
> >> 
> >> Signed-off-by: HATAYAMA Daisuke <d.hatayama@jp.fujitsu.com>
> >> ---
> >>  include/linux/kernel.h | 3 +++
> >>  kernel/kexec.c         | 2 ++
> >>  kernel/panic.c         | 2 +-
> >>  3 files changed, 6 insertions(+), 1 deletion(-)
> >> 
> >> diff --git a/include/linux/kernel.h b/include/linux/kernel.h
> >> index 64ce58b..f47379f 100644
> >> --- a/include/linux/kernel.h
> >> +++ b/include/linux/kernel.h
> >> @@ -426,6 +426,9 @@ extern int panic_on_unrecovered_nmi;
> >>  extern int panic_on_io_nmi;
> >>  extern int panic_on_warn;
> >>  extern int sysctl_panic_on_stackoverflow;
> >> +
> >> +extern bool crash_kexec_post_notifiers;
> >> +
> >>  /*
> >>   * Only to be used by arch init code. If the user over-wrote the default
> >>   * CONFIG_PANIC_TIMEOUT, honor it.
> >> diff --git a/kernel/kexec.c b/kernel/kexec.c
> >> index 9a8a01a..0ecf252 100644
> >> --- a/kernel/kexec.c
> >> +++ b/kernel/kexec.c
> >> @@ -84,6 +84,8 @@ struct resource crashk_low_res = {
> >>  
> >>  int kexec_should_crash(struct task_struct *p)
> >>  {
> >> +	if (crash_kexec_post_notifiers)
> >> +		return 0;
> >>  	if (in_interrupt() || !p->pid || is_global_init(p) || panic_on_oops)
> >>  		return 1;
> > 
> > What if these two conditions !p->pid || is_global_init(p) are satisfied?
> > Seems the behavious is changed.
> > 
> 
> Please further follow do_exit() path. For each condition, there are
> the corresponding panic() calls. In summary:
> 
>   oops_end
>     1) panic() for in_interrupt()
>     2) panic() for panic_on_oops
>     do_exit
>       3) panic() for !p->pid (idle task)
>       exit_notify
>         forget_original_parent
>           find_child_reaper
>             4) panic() for p->pid == 1 (init task)

Yes, all conditions have been covered.

So this patch is necessary, ACK it. Thanks

Acked-by: Baoquan He <bhe@redhat.com>



Thanks
Baoquan

> 
> --
> Thanks.
> HATAYAMA, Daisuke
> 

Re: [PATCH] kernel/panic/kexec: fix "crash_kexec_post_notifiers" option issue in oops path

[Hidehiro Kawai]

Hello,

(2015/02/09 12:29), Baoquan He wrote:> On 02/09/15 at 12:22pm, HATAYAMA Daisuke wrote:
>> From: Baoquan He <bhe@redhat.com>
>>> On 02/05/15 at 05:59pm, HATAYAMA Daisuke wrote:
>>>> diff --git a/kernel/kexec.c b/kernel/kexec.c
>>>> index 9a8a01a..0ecf252 100644
>>>> --- a/kernel/kexec.c
>>>> +++ b/kernel/kexec.c
>>>> @@ -84,6 +84,8 @@ struct resource crashk_low_res = {
>>>>  
>>>>  int kexec_should_crash(struct task_struct *p)
>>>>  {
>>>> +	if (crash_kexec_post_notifiers)
>>>> +		return 0;
>>>>  	if (in_interrupt() || !p->pid || is_global_init(p) || panic_on_oops)
>>>>  		return 1;
>>>
>>> What if these two conditions !p->pid || is_global_init(p) are satisfied?
>>> Seems the behavious is changed.
>>>
>>
>> Please further follow do_exit() path. For each condition, there are
>> the corresponding panic() calls. In summary:
>>
>>   oops_end
>>     1) panic() for in_interrupt()
>>     2) panic() for panic_on_oops
>>     do_exit
>>       3) panic() for !p->pid (idle task)
>>       exit_notify
>>         forget_original_parent
>>           find_child_reaper
>>             4) panic() for p->pid == 1 (init task)
> 
> Yes, all conditions have been covered.
> 
> So this patch is necessary, ACK it. Thanks
> 
> Acked-by: Baoquan He <bhe@redhat.com>

Thanks for the patch!
I tested it in following cases on x86_64 and it worked well;
my panic notifier was called, then 2nd kernel booted.

- Null pointer dereference in each context of
  - hard IRQ
  - pid == 0
  - pid == 1
  - others with panic_on_oops=1
- Zero-divide in the context of normal process
  (panic_on_oops=1)

Tested-by: Hidehiro Kawai <hidehiro.kawai.ez@hitachi.com>

-- 
Hidehiro Kawai
Hitachi, Yokohama Research Laboratory

Re: [PATCH] kernel/panic/kexec: fix "crash_kexec_post_notifiers" option issue in oops path

[HATAYAMA, Daisuke]

Hello Eric, Vivek,

Do you have any comment to this patch?

On 2015/02/05 17:59, HATAYAMA Daisuke wrote:
> The commit f06e5153f4ae2e2f3b0300f0e260e40cb7fefd45 introduced
> "crash_kexec_post_notifiers" kernel boot option, which toggles
> wheather panic() calls crash_kexec() before or after panic_notifiers
> and dump kmsg.
>
> The problem is that the commit overlooks panic_on_oops kernel boot
> option. If it is enabled, crash_kexec() is called directly without
> going through panic() in oops path.
>
> To fix this issue, this patch adds a check to
> "crash_kexec_post_notifiers" in the condition of kexec_should_crash().
>
> Signed-off-by: HATAYAMA Daisuke <d.hatayama@jp.fujitsu.com>
> ---
>   include/linux/kernel.h | 3 +++
>   kernel/kexec.c         | 2 ++
>   kernel/panic.c         | 2 +-
>   3 files changed, 6 insertions(+), 1 deletion(-)
>
> diff --git a/include/linux/kernel.h b/include/linux/kernel.h
> index 64ce58b..f47379f 100644
> --- a/include/linux/kernel.h
> +++ b/include/linux/kernel.h
> @@ -426,6 +426,9 @@ extern int panic_on_unrecovered_nmi;
>   extern int panic_on_io_nmi;
>   extern int panic_on_warn;
>   extern int sysctl_panic_on_stackoverflow;
> +
> +extern bool crash_kexec_post_notifiers;
> +
>   /*
>    * Only to be used by arch init code. If the user over-wrote the default
>    * CONFIG_PANIC_TIMEOUT, honor it.
> diff --git a/kernel/kexec.c b/kernel/kexec.c
> index 9a8a01a..0ecf252 100644
> --- a/kernel/kexec.c
> +++ b/kernel/kexec.c
> @@ -84,6 +84,8 @@ struct resource crashk_low_res = {
>
>   int kexec_should_crash(struct task_struct *p)
>   {
> +	if (crash_kexec_post_notifiers)
> +		return 0;
>   	if (in_interrupt() || !p->pid || is_global_init(p) || panic_on_oops)
>   		return 1;
>   	return 0;
> diff --git a/kernel/panic.c b/kernel/panic.c
> index 4d8d6f9..6582546 100644
> --- a/kernel/panic.c
> +++ b/kernel/panic.c
> @@ -32,7 +32,7 @@ static unsigned long tainted_mask;
>   static int pause_on_oops;
>   static int pause_on_oops_flag;
>   static DEFINE_SPINLOCK(pause_on_oops_lock);
> -static bool crash_kexec_post_notifiers;
> +bool crash_kexec_post_notifiers;
>   int panic_on_warn __read_mostly;
>
>   int panic_timeout = CONFIG_PANIC_TIMEOUT;
>

-- 
Thanks.
HATAYAMA, Daisuke