pledge, MAP_STACK, and pinsyscall failures have been providing failure

visibility with kernel printf(9) (thus, onto console and into dmesg) since
the start of development.  I want to reduce the dmesg spam, and bring
this more into the attention of the user who ran the command, so let's
try using uprintf(9) which puts it onto the active foreground tty (yes,
there maybe cases where there is no tty, but that's ok.  I'll admit
I've considered deleting the logging messages entirely)
tested in snaps for a week

diff --git a/sys/kern/kern_pledge.c b/sys/kern/kern_pledge.c
index 487df5d..13d2f75 100644 (file)
--- a/sys/kern/kern_pledge.c
+++ b/sys/kern/kern_pledge.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: kern_pledge.c,v 1.314 2024/05/18 05:20:22 guenther Exp $      */
+/*     $OpenBSD: kern_pledge.c,v 1.315 2024/06/02 15:31:56 deraadt Exp $       */
 
 /*
  * Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org>
@@ -574,7 +574,7 @@ pledge_fail(struct proc *p, int error, uint64_t code)
                return (ENOSYS);
 
        KERNEL_LOCK();
-       log(LOG_ERR, "%s[%d]: pledge \"%s\", syscall %d\n",
+       uprintf("%s[%d]: pledge \"%s\", syscall %d\n",
            p->p_p->ps_comm, p->p_p->ps_pid, codes, p->p_pledge_syscall);
        p->p_p->ps_acflag |= APLEDGE;
 
@@ -1005,7 +1005,7 @@ pledge_sysctl(struct proc *p, int miblen, int *mib, void *new)
                char *p = buf + strlen(buf);
                snprintf(p, sizeof(buf) - (p - buf), " %d", mib[i]);
        }
-       log(LOG_ERR, "%s\n", buf);
+       uprintf("%s\n", buf);
 
        return pledge_fail(p, EINVAL, 0);
 }

diff --git a/sys/sys/syscall_mi.h b/sys/sys/syscall_mi.h
index db45761..fe6b532 100644 (file)
--- a/sys/sys/syscall_mi.h
+++ b/sys/sys/syscall_mi.h
@@ -1,4 +1,4 @@
-/*     $OpenBSD: syscall_mi.h,v 1.33 2024/04/01 12:00:15 deraadt Exp $ */
+/*     $OpenBSD: syscall_mi.h,v 1.34 2024/06/02 15:31:57 deraadt Exp $ */
 
 /*
  * Copyright (c) 1982, 1986, 1989, 1993
@@ -105,9 +105,8 @@ die:
                ktrpinsyscall(p, error, code, addr);
 #endif
        KERNEL_LOCK();
-       /* XXX remove or simplify this log() call after OpenBSD 7.5 release */
-       log(LOG_ERR,
-           "%s[%d]: pinsyscalls addr %lx code %ld, pinoff 0x%x "
+       /* XXX remove or simplify this uprintf() call after OpenBSD 7.5 release */
+       uprintf("%s[%d]: pinsyscalls addr %lx code %ld, pinoff 0x%x "
            "(pin%s %d %lx-%lx %lx) (libcpin%s %d %lx-%lx %lx) error %d\n",
            p->p_p->ps_comm, p->p_p->ps_pid, addr, code,
            (pin && code < pin->pn_npins) ? pin->pn_pins[code] : -1,

diff --git a/sys/uvm/uvm_map.c b/sys/uvm/uvm_map.c
index a0c17ee..5da14db 100644 (file)
--- a/sys/uvm/uvm_map.c
+++ b/sys/uvm/uvm_map.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: uvm_map.c,v 1.328 2024/04/02 08:39:17 deraadt Exp $   */
+/*     $OpenBSD: uvm_map.c,v 1.329 2024/06/02 15:31:57 deraadt Exp $   */
 /*     $NetBSD: uvm_map.c,v 1.86 2000/11/27 08:40:03 chs Exp $ */
 
 /*
@@ -1659,7 +1659,7 @@ uvm_map_inentry(struct proc *p, struct p_inentry *ie, vaddr_t addr,
                ok = uvm_map_inentry_fix(p, ie, addr, fn, serial);
                if (!ok) {
                        KERNEL_LOCK();
-                       printf(fmt, p->p_p->ps_comm, p->p_p->ps_pid, p->p_tid,
+                       uprintf(fmt, p->p_p->ps_comm, p->p_p->ps_pid, p->p_tid,
                            addr, ie->ie_start, ie->ie_end-1);
                        p->p_p->ps_acflag |= AMAP;
                        sv.sival_ptr = (void *)PROC_PC(p);
@@ -1685,11 +1685,8 @@ uvm_map_is_stack_remappable(struct vm_map *map, vaddr_t addr, vaddr_t sz,
 
        vm_map_assert_anylock(map);
 
-       if (!uvm_map_lookup_entry(map, addr, &first)) {
-               printf("map stack 0x%lx-0x%lx of map %p failed: no mapping\n",
-                   addr, end, map);
+       if (!uvm_map_lookup_entry(map, addr, &first))
                return FALSE;
-       }
 
        /*
         * Check that the address range exists and is contiguous.
@@ -1707,16 +1704,10 @@ uvm_map_is_stack_remappable(struct vm_map *map, vaddr_t addr, vaddr_t sz,
                }
 #endif
 
-               if (prev != NULL && prev->end != iter->start) {
-                       printf("map stack 0x%lx-0x%lx of map %p failed: "
-                           "hole in range\n", addr, end, map);
+               if (prev != NULL && prev->end != iter->start)
                        return FALSE;
-               }
-               if (iter->start == iter->end || UVM_ET_ISHOLE(iter)) {
-                       printf("map stack 0x%lx-0x%lx of map %p failed: "
-                           "hole in range\n", addr, end, map);
+               if (iter->start == iter->end || UVM_ET_ISHOLE(iter))
                        return FALSE;
-               }
                if (sigaltstack_check) {
                        if (iter->protection != (PROT_READ | PROT_WRITE))
                                return FALSE;
@@ -1740,7 +1731,6 @@ uvm_map_remap_as_stack(struct proc *p, vaddr_t addr, vaddr_t sz)
 {
        vm_map_t map = &p->p_vmspace->vm_map;
        vaddr_t start, end;
-       int error;
        int flags = UVM_MAPFLAG(PROT_READ | PROT_WRITE,
            PROT_READ | PROT_WRITE | PROT_EXEC,
            MAP_INHERIT_COPY, MADV_NORMAL,
@@ -1767,11 +1757,7 @@ uvm_map_remap_as_stack(struct proc *p, vaddr_t addr, vaddr_t sz)
         * placed upon the region, which prevents an attacker from pivoting
         * into pre-placed MAP_STACK space.
         */
-       error = uvm_mapanon(map, &start, end - start, 0, flags);
-       if (error != 0)
-               printf("map stack for pid %d failed\n", p->p_p->ps_pid);
-
-       return error;
+       return uvm_mapanon(map, &start, end - start, 0, flags);
 }
 
 /*