From 01f24c16bb1cc4b212099464ff0a602366b6aa29 Mon Sep 17 00:00:00 2001
From: deraadt <deraadt@openbsd.org>
Date: Sun, 2 Jun 2024 15:31:56 +0000
Subject: [PATCH] pledge, MAP_STACK, and pinsyscall failures have been
 providing failure visibility with kernel printf(9) (thus, onto console and
 into dmesg) since the start of development.  I want to reduce the dmesg spam,
 and bring this more into the attention of the user who ran the command, so
 let's try using uprintf(9) which puts it onto the active foreground tty (yes,
 there maybe cases where there is no tty, but that's ok.  I'll admit I've
 considered deleting the logging messages entirely) tested in snaps for a week

---
 sys/kern/kern_pledge.c |  6 +++---
 sys/sys/syscall_mi.h   |  7 +++----
 sys/uvm/uvm_map.c      | 26 ++++++--------------------
 3 files changed, 12 insertions(+), 27 deletions(-)

diff --git a/sys/kern/kern_pledge.c b/sys/kern/kern_pledge.c
index 487df5dc249..13d2f75402c 100644
--- a/sys/kern/kern_pledge.c
+++ b/sys/kern/kern_pledge.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: kern_pledge.c,v 1.314 2024/05/18 05:20:22 guenther Exp $	*/
+/*	$OpenBSD: kern_pledge.c,v 1.315 2024/06/02 15:31:56 deraadt Exp $	*/
 
 /*
  * Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org>
@@ -574,7 +574,7 @@ pledge_fail(struct proc *p, int error, uint64_t code)
 		return (ENOSYS);
 
 	KERNEL_LOCK();
-	log(LOG_ERR, "%s[%d]: pledge \"%s\", syscall %d\n",
+	uprintf("%s[%d]: pledge \"%s\", syscall %d\n",
 	    p->p_p->ps_comm, p->p_p->ps_pid, codes, p->p_pledge_syscall);
 	p->p_p->ps_acflag |= APLEDGE;
 
@@ -1005,7 +1005,7 @@ pledge_sysctl(struct proc *p, int miblen, int *mib, void *new)
 		char *p = buf + strlen(buf);
 		snprintf(p, sizeof(buf) - (p - buf), " %d", mib[i]);
 	}
-	log(LOG_ERR, "%s\n", buf);
+	uprintf("%s\n", buf);
 
 	return pledge_fail(p, EINVAL, 0);
 }
diff --git a/sys/sys/syscall_mi.h b/sys/sys/syscall_mi.h
index db457616830..fe6b5320846 100644
--- a/sys/sys/syscall_mi.h
+++ b/sys/sys/syscall_mi.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: syscall_mi.h,v 1.33 2024/04/01 12:00:15 deraadt Exp $	*/
+/*	$OpenBSD: syscall_mi.h,v 1.34 2024/06/02 15:31:57 deraadt Exp $	*/
 
 /*
  * Copyright (c) 1982, 1986, 1989, 1993
@@ -105,9 +105,8 @@ die:
 		ktrpinsyscall(p, error, code, addr);
 #endif
 	KERNEL_LOCK();
-	/* XXX remove or simplify this log() call after OpenBSD 7.5 release */
-	log(LOG_ERR,
-	    "%s[%d]: pinsyscalls addr %lx code %ld, pinoff 0x%x "
+	/* XXX remove or simplify this uprintf() call after OpenBSD 7.5 release */
+	uprintf("%s[%d]: pinsyscalls addr %lx code %ld, pinoff 0x%x "
 	    "(pin%s %d %lx-%lx %lx) (libcpin%s %d %lx-%lx %lx) error %d\n",
 	    p->p_p->ps_comm, p->p_p->ps_pid, addr, code,
 	    (pin && code < pin->pn_npins) ? pin->pn_pins[code] : -1,
diff --git a/sys/uvm/uvm_map.c b/sys/uvm/uvm_map.c
index a0c17ee18f4..5da14db20a5 100644
--- a/sys/uvm/uvm_map.c
+++ b/sys/uvm/uvm_map.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: uvm_map.c,v 1.328 2024/04/02 08:39:17 deraadt Exp $	*/
+/*	$OpenBSD: uvm_map.c,v 1.329 2024/06/02 15:31:57 deraadt Exp $	*/
 /*	$NetBSD: uvm_map.c,v 1.86 2000/11/27 08:40:03 chs Exp $	*/
 
 /*
@@ -1659,7 +1659,7 @@ uvm_map_inentry(struct proc *p, struct p_inentry *ie, vaddr_t addr,
 		ok = uvm_map_inentry_fix(p, ie, addr, fn, serial);
 		if (!ok) {
 			KERNEL_LOCK();
-			printf(fmt, p->p_p->ps_comm, p->p_p->ps_pid, p->p_tid,
+			uprintf(fmt, p->p_p->ps_comm, p->p_p->ps_pid, p->p_tid,
 			    addr, ie->ie_start, ie->ie_end-1);
 			p->p_p->ps_acflag |= AMAP;
 			sv.sival_ptr = (void *)PROC_PC(p);
@@ -1685,11 +1685,8 @@ uvm_map_is_stack_remappable(struct vm_map *map, vaddr_t addr, vaddr_t sz,
 
 	vm_map_assert_anylock(map);
 
-	if (!uvm_map_lookup_entry(map, addr, &first)) {
-		printf("map stack 0x%lx-0x%lx of map %p failed: no mapping\n",
-		    addr, end, map);
+	if (!uvm_map_lookup_entry(map, addr, &first))
 		return FALSE;
-	}
 
 	/*
 	 * Check that the address range exists and is contiguous.
@@ -1707,16 +1704,10 @@ uvm_map_is_stack_remappable(struct vm_map *map, vaddr_t addr, vaddr_t sz,
 		}
 #endif
 
-		if (prev != NULL && prev->end != iter->start) {
-			printf("map stack 0x%lx-0x%lx of map %p failed: "
-			    "hole in range\n", addr, end, map);
+		if (prev != NULL && prev->end != iter->start)
 			return FALSE;
-		}
-		if (iter->start == iter->end || UVM_ET_ISHOLE(iter)) {
-			printf("map stack 0x%lx-0x%lx of map %p failed: "
-			    "hole in range\n", addr, end, map);
+		if (iter->start == iter->end || UVM_ET_ISHOLE(iter))
 			return FALSE;
-		}
 		if (sigaltstack_check) {
 			if (iter->protection != (PROT_READ | PROT_WRITE))
 				return FALSE;
@@ -1740,7 +1731,6 @@ uvm_map_remap_as_stack(struct proc *p, vaddr_t addr, vaddr_t sz)
 {
 	vm_map_t map = &p->p_vmspace->vm_map;
 	vaddr_t start, end;
-	int error;
 	int flags = UVM_MAPFLAG(PROT_READ | PROT_WRITE,
 	    PROT_READ | PROT_WRITE | PROT_EXEC,
 	    MAP_INHERIT_COPY, MADV_NORMAL,
@@ -1767,11 +1757,7 @@ uvm_map_remap_as_stack(struct proc *p, vaddr_t addr, vaddr_t sz)
 	 * placed upon the region, which prevents an attacker from pivoting
 	 * into pre-placed MAP_STACK space.
 	 */
-	error = uvm_mapanon(map, &start, end - start, 0, flags);
-	if (error != 0)
-		printf("map stack for pid %d failed\n", p->p_p->ps_pid);
-
-	return error;
+	return uvm_mapanon(map, &start, end - start, 0, flags);
 }
 
 /*
-- 
2.20.1