commit a78282e2c94f4ca80a2d7c56e4d1e9546be5596d · tjh.dev/kernel

+12 -36

fs/binfmt_elf.c

··· 2032 * Collect all the non-memory information about the process for the 2033 * notes. This also sets up the file header. 2034 */ 2035 - if (!fill_note_info(&elf, e_phnum, &info, cprm)) { 2036 - coredump_report_failure("Error collecting note info"); 2037 goto end_coredump; 2038 - } 2039 2040 has_dumped = 1; 2041 ··· 2048 sz += elf_coredump_extra_notes_size(); 2049 2050 phdr4note = kmalloc(sizeof(*phdr4note), GFP_KERNEL); 2051 - if (!phdr4note) { 2052 - coredump_report_failure("Error allocating program headers note entry"); 2053 goto end_coredump; 2054 - } 2055 2056 fill_elf_note_phdr(phdr4note, sz, offset); 2057 offset += sz; ··· 2063 2064 if (e_phnum == PN_XNUM) { 2065 shdr4extnum = kmalloc(sizeof(*shdr4extnum), GFP_KERNEL); 2066 - if (!shdr4extnum) { 2067 - coredump_report_failure("Error allocating extra program headers"); 2068 goto end_coredump; 2069 - } 2070 fill_extnum_info(&elf, shdr4extnum, e_shoff, segs); 2071 } 2072 2073 offset = dataoff; 2074 2075 - if (!dump_emit(cprm, &elf, sizeof(elf))) { 2076 - coredump_report_failure("Error emitting the ELF headers"); 2077 goto end_coredump; 2078 - } 2079 2080 - if (!dump_emit(cprm, phdr4note, sizeof(*phdr4note))) { 2081 - coredump_report_failure("Error emitting the program header for notes"); 2082 goto end_coredump; 2083 - } 2084 2085 /* Write program headers for segments dump */ 2086 for (i = 0; i < cprm->vma_count; i++) { ··· 2097 phdr.p_flags |= PF_X; 2098 phdr.p_align = ELF_EXEC_PAGESIZE; 2099 2100 - if (!dump_emit(cprm, &phdr, sizeof(phdr))) { 2101 - coredump_report_failure("Error emitting program headers"); 2102 goto end_coredump; 2103 - } 2104 } 2105 2106 - if (!elf_core_write_extra_phdrs(cprm, offset)) { 2107 - coredump_report_failure("Error writing out extra program headers"); 2108 goto end_coredump; 2109 - } 2110 2111 /* write out the notes section */ 2112 - if (!write_note_info(&info, cprm)) { 2113 - coredump_report_failure("Error writing out notes"); 2114 goto end_coredump; 2115 - } 2116 2117 /* For cell spufs and x86 xstate */ 2118 - if (elf_coredump_extra_notes_write(cprm)) { 2119 - coredump_report_failure("Error writing out extra notes"); 2120 goto end_coredump; 2121 - } 2122 2123 /* Align to page */ 2124 dump_skip_to(cprm, dataoff); ··· 2118 for (i = 0; i < cprm->vma_count; i++) { 2119 struct core_vma_metadata *meta = cprm->vma_meta + i; 2120 2121 - if (!dump_user_range(cprm, meta->start, meta->dump_size)) { 2122 - coredump_report_failure("Error writing out the process memory"); 2123 goto end_coredump; 2124 - } 2125 } 2126 2127 - if (!elf_core_write_extra_data(cprm)) { 2128 - coredump_report_failure("Error writing out extra data"); 2129 goto end_coredump; 2130 - } 2131 2132 if (e_phnum == PN_XNUM) { 2133 - if (!dump_emit(cprm, shdr4extnum, sizeof(*shdr4extnum))) { 2134 - coredump_report_failure("Error emitting extra program headers"); 2135 goto end_coredump; 2136 - } 2137 } 2138 2139 end_coredump:

··· 2032 * Collect all the non-memory information about the process for the 2033 * notes. This also sets up the file header. 2034 */ 2035 + if (!fill_note_info(&elf, e_phnum, &info, cprm)) 2036 goto end_coredump; 2037 2038 has_dumped = 1; 2039 ··· 2050 sz += elf_coredump_extra_notes_size(); 2051 2052 phdr4note = kmalloc(sizeof(*phdr4note), GFP_KERNEL); 2053 + if (!phdr4note) 2054 goto end_coredump; 2055 2056 fill_elf_note_phdr(phdr4note, sz, offset); 2057 offset += sz; ··· 2067 2068 if (e_phnum == PN_XNUM) { 2069 shdr4extnum = kmalloc(sizeof(*shdr4extnum), GFP_KERNEL); 2070 + if (!shdr4extnum) 2071 goto end_coredump; 2072 fill_extnum_info(&elf, shdr4extnum, e_shoff, segs); 2073 } 2074 2075 offset = dataoff; 2076 2077 + if (!dump_emit(cprm, &elf, sizeof(elf))) 2078 goto end_coredump; 2079 2080 + if (!dump_emit(cprm, phdr4note, sizeof(*phdr4note))) 2081 goto end_coredump; 2082 2083 /* Write program headers for segments dump */ 2084 for (i = 0; i < cprm->vma_count; i++) { ··· 2107 phdr.p_flags |= PF_X; 2108 phdr.p_align = ELF_EXEC_PAGESIZE; 2109 2110 + if (!dump_emit(cprm, &phdr, sizeof(phdr))) 2111 goto end_coredump; 2112 } 2113 2114 + if (!elf_core_write_extra_phdrs(cprm, offset)) 2115 goto end_coredump; 2116 2117 /* write out the notes section */ 2118 + if (!write_note_info(&info, cprm)) 2119 goto end_coredump; 2120 2121 /* For cell spufs and x86 xstate */ 2122 + if (elf_coredump_extra_notes_write(cprm)) 2123 goto end_coredump; 2124 2125 /* Align to page */ 2126 dump_skip_to(cprm, dataoff); ··· 2136 for (i = 0; i < cprm->vma_count; i++) { 2137 struct core_vma_metadata *meta = cprm->vma_meta + i; 2138 2139 + if (!dump_user_range(cprm, meta->start, meta->dump_size)) 2140 goto end_coredump; 2141 } 2142 2143 + if (!elf_core_write_extra_data(cprm)) 2144 goto end_coredump; 2145 2146 if (e_phnum == PN_XNUM) { 2147 + if (!dump_emit(cprm, shdr4extnum, sizeof(*shdr4extnum))) 2148 goto end_coredump; 2149 } 2150 2151 end_coredump:

+19 -88

fs/coredump.c

··· 465 * but then we need to teach dump_write() to restart and clear 466 * TIF_SIGPENDING. 467 */ 468 - if (fatal_signal_pending(current)) { 469 - coredump_report_failure("interrupted: fatal signal pending"); 470 - return true; 471 - } 472 - 473 - if (freezing(current)) { 474 - coredump_report_failure("interrupted: freezing"); 475 - return true; 476 - } 477 - 478 - return false; 479 } 480 481 static void wait_for_dump_helpers(struct file *file) ··· 520 return err; 521 } 522 523 - int do_coredump(const kernel_siginfo_t *siginfo) 524 { 525 struct core_state core_state; 526 struct core_name cn; ··· 528 struct linux_binfmt * binfmt; 529 const struct cred *old_cred; 530 struct cred *cred; 531 - int retval; 532 int ispipe; 533 size_t *argv = NULL; 534 int argc = 0; ··· 552 audit_core_dumps(siginfo->si_signo); 553 554 binfmt = mm->binfmt; 555 - if (!binfmt || !binfmt->core_dump) { 556 - retval = -ENOEXEC; 557 goto fail; 558 - } 559 - if (!__get_dumpable(cprm.mm_flags)) { 560 - retval = -EACCES; 561 goto fail; 562 - } 563 564 cred = prepare_creds(); 565 - if (!cred) { 566 - retval = -EPERM; 567 goto fail; 568 - } 569 /* 570 * We cannot trust fsuid as being the "true" uid of the process 571 * nor do we know its entire history. We only know it was tainted ··· 588 589 if (ispipe < 0) { 590 coredump_report_failure("format_corename failed, aborting core"); 591 - retval = ispipe; 592 goto fail_unlock; 593 } 594 ··· 608 * core_pattern process dies. 609 */ 610 coredump_report_failure("RLIMIT_CORE is set to 1, aborting core"); 611 - retval = -EPERM; 612 goto fail_unlock; 613 } 614 cprm.limit = RLIM_INFINITY; ··· 615 dump_count = atomic_inc_return(&core_dump_count); 616 if (core_pipe_limit && (core_pipe_limit < dump_count)) { 617 coredump_report_failure("over core_pipe_limit, skipping core dump"); 618 - retval = -E2BIG; 619 goto fail_dropcount; 620 } 621 ··· 622 GFP_KERNEL); 623 if (!helper_argv) { 624 coredump_report_failure("%s failed to allocate memory", __func__); 625 - retval = -ENOMEM; 626 goto fail_dropcount; 627 } 628 for (argi = 0; argi < argc; argi++) ··· 647 int open_flags = O_CREAT | O_WRONLY | O_NOFOLLOW | 648 O_LARGEFILE | O_EXCL; 649 650 - if (cprm.limit < binfmt->min_coredump) { 651 - coredump_report_failure("over coredump resource limit, skipping core dump"); 652 - retval = -E2BIG; 653 goto fail_unlock; 654 - } 655 656 if (need_suid_safe && cn.corename[0] != '/') { 657 coredump_report_failure( 658 "this process can only dump core to a fully qualified path, skipping core dump"); 659 - retval = -EPERM; 660 goto fail_unlock; 661 } 662 ··· 698 } else { 699 cprm.file = filp_open(cn.corename, open_flags, 0600); 700 } 701 - if (IS_ERR(cprm.file)) { 702 - retval = PTR_ERR(cprm.file); 703 goto fail_unlock; 704 - } 705 706 inode = file_inode(cprm.file); 707 - if (inode->i_nlink > 1) { 708 - retval = -EMLINK; 709 goto close_fail; 710 - } 711 - if (d_unhashed(cprm.file->f_path.dentry)) { 712 - retval = -EEXIST; 713 goto close_fail; 714 - } 715 /* 716 * AK: actually i see no reason to not allow this for named 717 * pipes etc, but keep the previous behaviour for now. 718 */ 719 - if (!S_ISREG(inode->i_mode)) { 720 - retval = -EISDIR; 721 goto close_fail; 722 - } 723 /* 724 * Don't dump core if the filesystem changed owner or mode 725 * of the file during file creation. This is an issue when ··· 723 current_fsuid())) { 724 coredump_report_failure("Core dump to %s aborted: " 725 "cannot preserve file owner", cn.corename); 726 - retval = -EPERM; 727 goto close_fail; 728 } 729 if ((inode->i_mode & 0677) != 0600) { 730 coredump_report_failure("Core dump to %s aborted: " 731 "cannot preserve file permissions", cn.corename); 732 - retval = -EPERM; 733 goto close_fail; 734 } 735 - if (!(cprm.file->f_mode & FMODE_CAN_WRITE)) { 736 - retval = -EACCES; 737 goto close_fail; 738 - } 739 - retval = do_truncate(idmap, cprm.file->f_path.dentry, 740 - 0, 0, cprm.file); 741 - if (retval) 742 goto close_fail; 743 } 744 ··· 749 */ 750 if (!cprm.file) { 751 coredump_report_failure("Core dump to |%s disabled", cn.corename); 752 - retval = -EPERM; 753 goto close_fail; 754 } 755 - if (!dump_vma_snapshot(&cprm)) { 756 - coredump_report_failure("Can't get VMA snapshot for core dump |%s", 757 - cn.corename); 758 - retval = -EACCES; 759 goto close_fail; 760 - } 761 762 file_start_write(cprm.file); 763 core_dumped = binfmt->core_dump(&cprm); ··· 768 } 769 file_end_write(cprm.file); 770 free_vma_snapshot(&cprm); 771 - } else { 772 - coredump_report_failure("Core dump to %s%s has been interrupted", 773 - ispipe ? "|" : "", cn.corename); 774 - retval = -EAGAIN; 775 - goto fail; 776 } 777 - coredump_report( 778 - "written to %s%s: VMAs: %d, size %zu; core: %lld bytes, pos %lld", 779 - ispipe ? "|" : "", cn.corename, 780 - cprm.vma_count, cprm.vma_data_size, cprm.written, cprm.pos); 781 if (ispipe && core_pipe_limit) 782 wait_for_dump_helpers(cprm.file); 783 - 784 - retval = 0; 785 - 786 close_fail: 787 if (cprm.file) 788 filp_close(cprm.file, NULL); ··· 785 fail_creds: 786 put_cred(cred); 787 fail: 788 - return retval; 789 } 790 791 /* ··· 805 if (dump_interrupted()) 806 return 0; 807 n = __kernel_write(file, addr, nr, &pos); 808 - if (n != nr) { 809 - if (n < 0) 810 - coredump_report_failure("failed when writing out, error %zd", n); 811 - else 812 - coredump_report_failure( 813 - "partially written out, only %zd(of %d) bytes written", 814 - n, nr); 815 - 816 return 0; 817 - } 818 file->f_pos = pos; 819 cprm->written += n; 820 cprm->pos += n; ··· 819 static char zeroes[PAGE_SIZE]; 820 struct file *file = cprm->file; 821 if (file->f_mode & FMODE_LSEEK) { 822 - int ret; 823 - 824 - if (dump_interrupted()) 825 return 0; 826 - 827 - ret = vfs_llseek(file, nr, SEEK_CUR); 828 - if (ret < 0) { 829 - coredump_report_failure("failed when seeking, error %d", ret); 830 - return 0; 831 - } 832 cprm->pos += nr; 833 return 1; 834 } else {

··· 465 * but then we need to teach dump_write() to restart and clear 466 * TIF_SIGPENDING. 467 */ 468 + return fatal_signal_pending(current) || freezing(current); 469 } 470 471 static void wait_for_dump_helpers(struct file *file) ··· 530 return err; 531 } 532 533 + void do_coredump(const kernel_siginfo_t *siginfo) 534 { 535 struct core_state core_state; 536 struct core_name cn; ··· 538 struct linux_binfmt * binfmt; 539 const struct cred *old_cred; 540 struct cred *cred; 541 + int retval = 0; 542 int ispipe; 543 size_t *argv = NULL; 544 int argc = 0; ··· 562 audit_core_dumps(siginfo->si_signo); 563 564 binfmt = mm->binfmt; 565 + if (!binfmt || !binfmt->core_dump) 566 goto fail; 567 + if (!__get_dumpable(cprm.mm_flags)) 568 goto fail; 569 570 cred = prepare_creds(); 571 + if (!cred) 572 goto fail; 573 /* 574 * We cannot trust fsuid as being the "true" uid of the process 575 * nor do we know its entire history. We only know it was tainted ··· 604 605 if (ispipe < 0) { 606 coredump_report_failure("format_corename failed, aborting core"); 607 goto fail_unlock; 608 } 609 ··· 625 * core_pattern process dies. 626 */ 627 coredump_report_failure("RLIMIT_CORE is set to 1, aborting core"); 628 goto fail_unlock; 629 } 630 cprm.limit = RLIM_INFINITY; ··· 633 dump_count = atomic_inc_return(&core_dump_count); 634 if (core_pipe_limit && (core_pipe_limit < dump_count)) { 635 coredump_report_failure("over core_pipe_limit, skipping core dump"); 636 goto fail_dropcount; 637 } 638 ··· 641 GFP_KERNEL); 642 if (!helper_argv) { 643 coredump_report_failure("%s failed to allocate memory", __func__); 644 goto fail_dropcount; 645 } 646 for (argi = 0; argi < argc; argi++) ··· 667 int open_flags = O_CREAT | O_WRONLY | O_NOFOLLOW | 668 O_LARGEFILE | O_EXCL; 669 670 + if (cprm.limit < binfmt->min_coredump) 671 goto fail_unlock; 672 673 if (need_suid_safe && cn.corename[0] != '/') { 674 coredump_report_failure( 675 "this process can only dump core to a fully qualified path, skipping core dump"); 676 goto fail_unlock; 677 } 678 ··· 722 } else { 723 cprm.file = filp_open(cn.corename, open_flags, 0600); 724 } 725 + if (IS_ERR(cprm.file)) 726 goto fail_unlock; 727 728 inode = file_inode(cprm.file); 729 + if (inode->i_nlink > 1) 730 goto close_fail; 731 + if (d_unhashed(cprm.file->f_path.dentry)) 732 goto close_fail; 733 /* 734 * AK: actually i see no reason to not allow this for named 735 * pipes etc, but keep the previous behaviour for now. 736 */ 737 + if (!S_ISREG(inode->i_mode)) 738 goto close_fail; 739 /* 740 * Don't dump core if the filesystem changed owner or mode 741 * of the file during file creation. This is an issue when ··· 755 current_fsuid())) { 756 coredump_report_failure("Core dump to %s aborted: " 757 "cannot preserve file owner", cn.corename); 758 goto close_fail; 759 } 760 if ((inode->i_mode & 0677) != 0600) { 761 coredump_report_failure("Core dump to %s aborted: " 762 "cannot preserve file permissions", cn.corename); 763 goto close_fail; 764 } 765 + if (!(cprm.file->f_mode & FMODE_CAN_WRITE)) 766 goto close_fail; 767 + if (do_truncate(idmap, cprm.file->f_path.dentry, 768 + 0, 0, cprm.file)) 769 goto close_fail; 770 } 771 ··· 786 */ 787 if (!cprm.file) { 788 coredump_report_failure("Core dump to |%s disabled", cn.corename); 789 goto close_fail; 790 } 791 + if (!dump_vma_snapshot(&cprm)) 792 goto close_fail; 793 794 file_start_write(cprm.file); 795 core_dumped = binfmt->core_dump(&cprm); ··· 810 } 811 file_end_write(cprm.file); 812 free_vma_snapshot(&cprm); 813 } 814 if (ispipe && core_pipe_limit) 815 wait_for_dump_helpers(cprm.file); 816 close_fail: 817 if (cprm.file) 818 filp_close(cprm.file, NULL); ··· 839 fail_creds: 840 put_cred(cred); 841 fail: 842 + return; 843 } 844 845 /* ··· 859 if (dump_interrupted()) 860 return 0; 861 n = __kernel_write(file, addr, nr, &pos); 862 + if (n != nr) 863 return 0; 864 file->f_pos = pos; 865 cprm->written += n; 866 cprm->pos += n; ··· 881 static char zeroes[PAGE_SIZE]; 882 struct file *file = cprm->file; 883 if (file->f_mode & FMODE_LSEEK) { 884 + if (dump_interrupted() || 885 + vfs_llseek(file, nr, SEEK_CUR) < 0) 886 return 0; 887 cprm->pos += nr; 888 return 1; 889 } else {

+2 -6

include/linux/coredump.h

··· 42 extern int dump_align(struct coredump_params *cprm, int align); 43 int dump_user_range(struct coredump_params *cprm, unsigned long start, 44 unsigned long len); 45 - extern int do_coredump(const kernel_siginfo_t *siginfo); 46 47 /* 48 * Logging for the coredump code, ratelimited. ··· 62 #define coredump_report_failure(fmt, ...) __COREDUMP_PRINTK(KERN_WARNING, fmt, ##__VA_ARGS__) 63 64 #else 65 - static inline int do_coredump(const kernel_siginfo_t *siginfo) 66 - { 67 - /* Coredump support is not available, can't fail. */ 68 - return 0; 69 - } 70 71 #define coredump_report(...) 72 #define coredump_report_failure(...)

··· 42 extern int dump_align(struct coredump_params *cprm, int align); 43 int dump_user_range(struct coredump_params *cprm, unsigned long start, 44 unsigned long len); 45 + extern void do_coredump(const kernel_siginfo_t *siginfo); 46 47 /* 48 * Logging for the coredump code, ratelimited. ··· 62 #define coredump_report_failure(fmt, ...) __COREDUMP_PRINTK(KERN_WARNING, fmt, ##__VA_ARGS__) 63 64 #else 65 + static inline void do_coredump(const kernel_siginfo_t *siginfo) {} 66 67 #define coredump_report(...) 68 #define coredump_report_failure(...)

+1 -20

kernel/signal.c

··· 2888 current->flags |= PF_SIGNALED; 2889 2890 if (sig_kernel_coredump(signr)) { 2891 - int ret; 2892 - 2893 if (print_fatal_signals) 2894 print_fatal_signal(signr); 2895 proc_coredump_connector(current); ··· 2899 * first and our do_group_exit call below will use 2900 * that value and ignore the one we pass it. 2901 */ 2902 - ret = do_coredump(&ksig->info); 2903 - if (ret) 2904 - coredump_report_failure("coredump has not been created, error %d", 2905 - ret); 2906 - else if (!IS_ENABLED(CONFIG_COREDUMP)) { 2907 - /* 2908 - * Coredumps are not available, can't fail collecting 2909 - * the coredump. 2910 - * 2911 - * Leave a note though that the coredump is going to be 2912 - * not created. This is not an error or a warning as disabling 2913 - * support in the kernel for coredumps isn't commonplace, and 2914 - * the user must've built the kernel with the custom config so 2915 - * let them know all works as desired. 2916 - */ 2917 - coredump_report("no coredump collected as " 2918 - "that is disabled in the kernel configuration"); 2919 - } 2920 } 2921 2922 /*

··· 2888 current->flags |= PF_SIGNALED; 2889 2890 if (sig_kernel_coredump(signr)) { 2891 if (print_fatal_signals) 2892 print_fatal_signal(signr); 2893 proc_coredump_connector(current); ··· 2901 * first and our do_group_exit call below will use 2902 * that value and ignore the one we pass it. 2903 */ 2904 + do_coredump(&ksig->info); 2905 } 2906 2907 /*