Re: Reducing SIGINFO verbosity

From: Shawn Webb <shawn.webb_at_hardenedbsd.org>
Date: Thu, 20 May 2021 12:15:54 -0400
On Thu, May 20, 2021 at 06:01:55PM +0200, Michael Gmelin wrote:
> Hi,
> 
> I'm leaving this here, mostly so that others (or future me) can google
> it up.
> 
> Traditionally, CTRL-t would give a one-line output + whatever the
> process specific signal handler comes up with:
> 
>   # sleep 120 <--- hits CTRL-t
>   load: 0.27  cmd: sleep 38162 [nanslp] 0.64r 0.00u 0.00s 0% 1780k
>   sleep: about 119 second(s) left out of the original 120
> 
>   # cat <--- hits CTRL-t
>   load: 0.02  cmd: cat 24379 [ttyin] 0.63r 0.00u 0.00s 0% 2308k
> 
>   
> On 13 I get:
> 
>   # sleep 120 <--- hits CTRL-t
>   load: 0.12  cmd: sleep 3241 [nanslp] 0.52r 0.00u 0.00s 0% 2172k
>   mi_switch+0xc1 sleepq_catch_signals+0x2e6 sleepq_timedwait_sig+0x12
>   _sleep+0x199 kern_clock_nanosleep+0x1e1 sys_nanosleep+0x3b
>   amd64_syscall+0x10c fast_syscall_common+0xf8 sleep: about 119
>   second(s) left out of the original 120
> 
>   # cat <--- hits CTRL-t
>   load: 0.09  cmd: cat 3240 [ttyin] 0.23r 0.00u 0.00s 0% 2300k
>   mi_switch+0xc1 sleepq_catch_signals+0x2e6 sleepq_wait_sig+0x9
>   _cv_wait_sig+0xe4 tty_wait+0x1c ttydisc_read+0x2ac ttydev_read+0x56
>   devfs_read_f+0xd5 dofileread+0x81 sys_read+0xbc amd64_syscall+0x10c
>   fast_syscall_common+0xf8 
> 
> which is quite way too verbose when checking the progress of
> long-running processes, like cp, dd, or poudriere. Especially as CTRL-t
> is part of the user experience to me - I use it to interact with the
> machine outside of debugging software issues.
> 
> Setting
> 
>   sysctl kern.tty_info_kstacks=0
>   echo kern.tty_info_kstacks=0 >>/etc/sysctl.conf
> 
> fixes this permanently.
> 
> Apparently, this was enabled by default on purpose[0], so that people
> find the feature (which certainly worked ^_^), but I think it would
> been worth mentioning the sysctl somewhere in the release notes/errata,
> so that people understand how to disable it again.

HardenedBSD also disables tty_info_kstacks by default given its
security ramifications. We're actively working to remove or mitigate
"kernel infoleak as features" we inherit from FreeBSD.

Thanks,

-- 
Shawn Webb
Cofounder / Security Engineer
HardenedBSD

https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc

Received on Thu May 20 2021 - 16:15:54 UTC

Original text of this message