Blame view
fs/coredump.c
22.3 KB
b24413180
|
1 |
// SPDX-License-Identifier: GPL-2.0 |
10c28d937
|
2 3 4 |
#include <linux/slab.h> #include <linux/file.h> #include <linux/fdtable.h> |
70d78fe7c
|
5 |
#include <linux/freezer.h> |
10c28d937
|
6 7 8 9 |
#include <linux/mm.h> #include <linux/stat.h> #include <linux/fcntl.h> #include <linux/swap.h> |
315c69261
|
10 |
#include <linux/ctype.h> |
10c28d937
|
11 12 13 14 15 16 17 18 19 |
#include <linux/string.h> #include <linux/init.h> #include <linux/pagemap.h> #include <linux/perf_event.h> #include <linux/highmem.h> #include <linux/spinlock.h> #include <linux/key.h> #include <linux/personality.h> #include <linux/binfmts.h> |
179899fd5
|
20 |
#include <linux/coredump.h> |
f7ccbae45
|
21 |
#include <linux/sched/coredump.h> |
3f07c0144
|
22 |
#include <linux/sched/signal.h> |
68db0cf10
|
23 |
#include <linux/sched/task_stack.h> |
10c28d937
|
24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 |
#include <linux/utsname.h> #include <linux/pid_namespace.h> #include <linux/module.h> #include <linux/namei.h> #include <linux/mount.h> #include <linux/security.h> #include <linux/syscalls.h> #include <linux/tsacct_kern.h> #include <linux/cn_proc.h> #include <linux/audit.h> #include <linux/tracehook.h> #include <linux/kmod.h> #include <linux/fsnotify.h> #include <linux/fs_struct.h> #include <linux/pipe_fs_i.h> #include <linux/oom.h> #include <linux/compat.h> |
378c6520e
|
41 42 |
#include <linux/fs.h> #include <linux/path.h> |
03927c8ac
|
43 |
#include <linux/timekeeping.h> |
10c28d937
|
44 |
|
7c0f6ba68
|
45 |
#include <linux/uaccess.h> |
10c28d937
|
46 47 48 49 50 51 52 53 54 55 |
#include <asm/mmu_context.h> #include <asm/tlb.h> #include <asm/exec.h> #include <trace/events/task.h> #include "internal.h" #include <trace/events/sched.h> int core_uses_pid; |
10c28d937
|
56 |
unsigned int core_pipe_limit; |
3ceadcf6d
|
57 58 |
char core_pattern[CORENAME_MAX_SIZE] = "core"; static int core_name_size = CORENAME_MAX_SIZE; |
10c28d937
|
59 60 61 62 63 |
struct core_name { char *corename; int used, size; }; |
10c28d937
|
64 65 |
/* The maximal length of core_pattern is also specified in sysctl.c */ |
3ceadcf6d
|
66 |
static int expand_corename(struct core_name *cn, int size) |
10c28d937
|
67 |
{ |
e7fd1549a
|
68 |
char *corename = krealloc(cn->corename, size, GFP_KERNEL); |
10c28d937
|
69 |
|
e7fd1549a
|
70 |
if (!corename) |
10c28d937
|
71 |
return -ENOMEM; |
10c28d937
|
72 |
|
3ceadcf6d
|
73 74 75 76 |
if (size > core_name_size) /* racy but harmless */ core_name_size = size; cn->size = ksize(corename); |
e7fd1549a
|
77 |
cn->corename = corename; |
10c28d937
|
78 79 |
return 0; } |
b4176b7c1
|
80 81 |
static __printf(2, 0) int cn_vprintf(struct core_name *cn, const char *fmt, va_list arg) |
10c28d937
|
82 |
{ |
5fe9d8ca2
|
83 |
int free, need; |
404ca80eb
|
84 |
va_list arg_copy; |
10c28d937
|
85 |
|
5fe9d8ca2
|
86 87 |
again: free = cn->size - cn->used; |
404ca80eb
|
88 89 90 91 |
va_copy(arg_copy, arg); need = vsnprintf(cn->corename + cn->used, free, fmt, arg_copy); va_end(arg_copy); |
5fe9d8ca2
|
92 93 94 95 |
if (need < free) { cn->used += need; return 0; } |
10c28d937
|
96 |
|
3ceadcf6d
|
97 |
if (!expand_corename(cn, cn->size + need - free + 1)) |
5fe9d8ca2
|
98 |
goto again; |
10c28d937
|
99 |
|
5fe9d8ca2
|
100 |
return -ENOMEM; |
10c28d937
|
101 |
} |
b4176b7c1
|
102 |
static __printf(2, 3) int cn_printf(struct core_name *cn, const char *fmt, ...) |
bc03c691a
|
103 104 105 106 107 108 109 110 111 112 |
{ va_list arg; int ret; va_start(arg, fmt); ret = cn_vprintf(cn, fmt, arg); va_end(arg); return ret; } |
b4176b7c1
|
113 114 |
static __printf(2, 3) int cn_esc_printf(struct core_name *cn, const char *fmt, ...) |
10c28d937
|
115 |
{ |
923bed030
|
116 117 118 119 120 121 122 |
int cur = cn->used; va_list arg; int ret; va_start(arg, fmt); ret = cn_vprintf(cn, fmt, arg); va_end(arg); |
ac94b6e3b
|
123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 |
if (ret == 0) { /* * Ensure that this coredump name component can't cause the * resulting corefile path to consist of a ".." or ".". */ if ((cn->used - cur == 1 && cn->corename[cur] == '.') || (cn->used - cur == 2 && cn->corename[cur] == '.' && cn->corename[cur+1] == '.')) cn->corename[cur] = '!'; /* * Empty names are fishy and could be used to create a "//" in a * corefile name, causing the coredump to happen one directory * level too high. Enforce that all components of the core * pattern are at least one character long. */ if (cn->used == cur) ret = cn_printf(cn, "!"); } |
923bed030
|
142 143 144 145 146 |
for (; cur < cn->used; ++cur) { if (cn->corename[cur] == '/') cn->corename[cur] = '!'; } return ret; |
10c28d937
|
147 148 149 150 151 152 153 154 155 |
} static int cn_print_exe_file(struct core_name *cn) { struct file *exe_file; char *pathbuf, *path; int ret; exe_file = get_mm_exe_file(current->mm); |
923bed030
|
156 157 |
if (!exe_file) return cn_esc_printf(cn, "%s (path unknown)", current->comm); |
10c28d937
|
158 |
|
0ee931c4e
|
159 |
pathbuf = kmalloc(PATH_MAX, GFP_KERNEL); |
10c28d937
|
160 161 162 163 |
if (!pathbuf) { ret = -ENOMEM; goto put_exe_file; } |
9bf39ab2a
|
164 |
path = file_path(exe_file, pathbuf, PATH_MAX); |
10c28d937
|
165 166 167 168 |
if (IS_ERR(path)) { ret = PTR_ERR(path); goto free_buf; } |
923bed030
|
169 |
ret = cn_esc_printf(cn, "%s", path); |
10c28d937
|
170 171 172 173 174 175 176 177 178 179 180 181 |
free_buf: kfree(pathbuf); put_exe_file: fput(exe_file); return ret; } /* format_corename will inspect the pattern parameter, and output a * name into corename, which must have space for at least * CORENAME_MAX_SIZE bytes plus one byte for the zero terminator. */ |
315c69261
|
182 183 |
static int format_corename(struct core_name *cn, struct coredump_params *cprm, size_t **argv, int *argc) |
10c28d937
|
184 185 186 187 |
{ const struct cred *cred = current_cred(); const char *pat_ptr = core_pattern; int ispipe = (*pat_ptr == '|'); |
315c69261
|
188 |
bool was_space = false; |
10c28d937
|
189 190 |
int pid_in_pattern = 0; int err = 0; |
e7fd1549a
|
191 |
cn->used = 0; |
3ceadcf6d
|
192 193 |
cn->corename = NULL; if (expand_corename(cn, core_name_size)) |
10c28d937
|
194 |
return -ENOMEM; |
888ffc592
|
195 |
cn->corename[0] = '\0'; |
315c69261
|
196 197 198 199 200 201 |
if (ispipe) { int argvs = sizeof(core_pattern) / 2; (*argv) = kmalloc_array(argvs, sizeof(**argv), GFP_KERNEL); if (!(*argv)) return -ENOMEM; (*argv)[(*argc)++] = 0; |
888ffc592
|
202 |
++pat_ptr; |
db973a728
|
203 204 |
if (!(*pat_ptr)) return -ENOMEM; |
315c69261
|
205 |
} |
10c28d937
|
206 207 208 209 |
/* Repeat as long as we have more pattern to process and more output space */ while (*pat_ptr) { |
315c69261
|
210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 |
/* * Split on spaces before doing template expansion so that * %e and %E don't get split if they have spaces in them */ if (ispipe) { if (isspace(*pat_ptr)) { was_space = true; pat_ptr++; continue; } else if (was_space) { was_space = false; err = cn_printf(cn, "%c", '\0'); if (err) return err; (*argv)[(*argc)++] = cn->used; } } |
10c28d937
|
227 |
if (*pat_ptr != '%') { |
10c28d937
|
228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 |
err = cn_printf(cn, "%c", *pat_ptr++); } else { switch (*++pat_ptr) { /* single % at the end, drop that */ case 0: goto out; /* Double percent, output one percent */ case '%': err = cn_printf(cn, "%c", '%'); break; /* pid */ case 'p': pid_in_pattern = 1; err = cn_printf(cn, "%d", task_tgid_vnr(current)); break; |
65aafb1e7
|
244 245 246 247 248 |
/* global pid */ case 'P': err = cn_printf(cn, "%d", task_tgid_nr(current)); break; |
b03023ecb
|
249 250 251 252 253 254 255 256 |
case 'i': err = cn_printf(cn, "%d", task_pid_vnr(current)); break; case 'I': err = cn_printf(cn, "%d", task_pid_nr(current)); break; |
10c28d937
|
257 258 |
/* uid */ case 'u': |
5202efe54
|
259 260 261 |
err = cn_printf(cn, "%u", from_kuid(&init_user_ns, cred->uid)); |
10c28d937
|
262 263 264 |
break; /* gid */ case 'g': |
5202efe54
|
265 266 267 |
err = cn_printf(cn, "%u", from_kgid(&init_user_ns, cred->gid)); |
10c28d937
|
268 |
break; |
12a2b4b22
|
269 270 271 272 |
case 'd': err = cn_printf(cn, "%d", __get_dumpable(cprm->mm_flags)); break; |
10c28d937
|
273 274 |
/* signal that caused the coredump */ case 's': |
b4176b7c1
|
275 276 |
err = cn_printf(cn, "%d", cprm->siginfo->si_signo); |
10c28d937
|
277 278 279 |
break; /* UNIX time of coredump */ case 't': { |
03927c8ac
|
280 281 282 283 |
time64_t time; time = ktime_get_real_seconds(); err = cn_printf(cn, "%lld", time); |
10c28d937
|
284 285 286 |
break; } /* hostname */ |
923bed030
|
287 |
case 'h': |
10c28d937
|
288 |
down_read(&uts_sem); |
923bed030
|
289 |
err = cn_esc_printf(cn, "%s", |
10c28d937
|
290 291 |
utsname()->nodename); up_read(&uts_sem); |
10c28d937
|
292 |
break; |
10c28d937
|
293 |
/* executable */ |
923bed030
|
294 295 |
case 'e': err = cn_esc_printf(cn, "%s", current->comm); |
10c28d937
|
296 |
break; |
10c28d937
|
297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 |
case 'E': err = cn_print_exe_file(cn); break; /* core limit size */ case 'c': err = cn_printf(cn, "%lu", rlimit(RLIMIT_CORE)); break; default: break; } ++pat_ptr; } if (err) return err; } |
888ffc592
|
314 |
out: |
10c28d937
|
315 316 317 318 319 320 321 322 323 324 |
/* Backward compatibility with core_uses_pid: * * If core_pattern does not include a %p (as is the default) * and core_uses_pid is set, then .%pid will be appended to * the filename. Do not do this for piped commands. */ if (!ispipe && !pid_in_pattern && core_uses_pid) { err = cn_printf(cn, ".%d", task_tgid_vnr(current)); if (err) return err; } |
10c28d937
|
325 326 |
return ispipe; } |
5fa534c98
|
327 |
static int zap_process(struct task_struct *start, int exit_code, int flags) |
10c28d937
|
328 329 330 |
{ struct task_struct *t; int nr = 0; |
5fa534c98
|
331 332 |
/* ignore all signals except SIGKILL, see prepare_signal() */ start->signal->flags = SIGNAL_GROUP_COREDUMP | flags; |
10c28d937
|
333 334 |
start->signal->group_exit_code = exit_code; start->signal->group_stop_count = 0; |
d61ba5895
|
335 |
for_each_thread(start, t) { |
10c28d937
|
336 337 338 339 340 341 |
task_clear_jobctl_pending(t, JOBCTL_PENDING_MASK); if (t != current && t->mm) { sigaddset(&t->pending.signal, SIGKILL); signal_wake_up(t, 1); nr++; } |
d61ba5895
|
342 |
} |
10c28d937
|
343 344 345 |
return nr; } |
403bad72b
|
346 347 |
static int zap_threads(struct task_struct *tsk, struct mm_struct *mm, struct core_state *core_state, int exit_code) |
10c28d937
|
348 349 350 351 352 353 354 355 |
{ struct task_struct *g, *p; unsigned long flags; int nr = -EAGAIN; spin_lock_irq(&tsk->sighand->siglock); if (!signal_group_exit(tsk->signal)) { mm->core_state = core_state; |
6cd8f0aca
|
356 |
tsk->signal->group_exit_task = tsk; |
5fa534c98
|
357 |
nr = zap_process(tsk, exit_code, 0); |
403bad72b
|
358 |
clear_tsk_thread_flag(tsk, TIF_SIGPENDING); |
10c28d937
|
359 360 361 362 |
} spin_unlock_irq(&tsk->sighand->siglock); if (unlikely(nr < 0)) return nr; |
aed8adb76
|
363 |
tsk->flags |= PF_DUMPCORE; |
10c28d937
|
364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 |
if (atomic_read(&mm->mm_users) == nr + 1) goto done; /* * We should find and kill all tasks which use this mm, and we should * count them correctly into ->nr_threads. We don't take tasklist * lock, but this is safe wrt: * * fork: * None of sub-threads can fork after zap_process(leader). All * processes which were created before this point should be * visible to zap_threads() because copy_process() adds the new * process to the tail of init_task.tasks list, and lock/unlock * of ->siglock provides a memory barrier. * * do_exit: |
c1e8d7c6a
|
379 |
* The caller holds mm->mmap_lock. This means that the task which |
10c28d937
|
380 381 382 383 384 385 386 |
* uses this mm can't pass exit_mm(), so it can't exit or clear * its ->mm. * * de_thread: * It does list_replace_rcu(&leader->tasks, ¤t->tasks), * we must see either old or new leader, this does not matter. * However, it can change p->sighand, so lock_task_sighand(p) |
c1e8d7c6a
|
387 |
* must be used. Since p->mm != NULL and we hold ->mmap_lock |
10c28d937
|
388 389 390 391 392 393 394 395 396 397 398 399 400 401 |
* it can't fail. * * Note also that "g" can be the old leader with ->mm == NULL * and already unhashed and thus removed from ->thread_group. * This is OK, __unhash_process()->list_del_rcu() does not * clear the ->next pointer, we will find the new leader via * next_thread(). */ rcu_read_lock(); for_each_process(g) { if (g == tsk->group_leader) continue; if (g->flags & PF_KTHREAD) continue; |
d61ba5895
|
402 403 404 405 406 407 408 409 410 |
for_each_thread(g, p) { if (unlikely(!p->mm)) continue; if (unlikely(p->mm == mm)) { lock_task_sighand(p, &flags); nr += zap_process(p, exit_code, SIGNAL_GROUP_EXIT); unlock_task_sighand(p, &flags); |
10c28d937
|
411 |
} |
d61ba5895
|
412 413 |
break; } |
10c28d937
|
414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 |
} rcu_read_unlock(); done: atomic_set(&core_state->nr_threads, nr); return nr; } static int coredump_wait(int exit_code, struct core_state *core_state) { struct task_struct *tsk = current; struct mm_struct *mm = tsk->mm; int core_waiters = -EBUSY; init_completion(&core_state->startup); core_state->dumper.task = tsk; core_state->dumper.next = NULL; |
d8ed45c5d
|
430 |
if (mmap_write_lock_killable(mm)) |
4136c26b6
|
431 |
return -EINTR; |
10c28d937
|
432 433 |
if (!mm->core_state) core_waiters = zap_threads(tsk, mm, core_state, exit_code); |
d8ed45c5d
|
434 |
mmap_write_unlock(mm); |
10c28d937
|
435 436 437 |
if (core_waiters > 0) { struct core_thread *ptr; |
70d78fe7c
|
438 |
freezer_do_not_count(); |
10c28d937
|
439 |
wait_for_completion(&core_state->startup); |
70d78fe7c
|
440 |
freezer_count(); |
10c28d937
|
441 442 443 444 445 446 447 448 449 450 451 452 453 454 |
/* * Wait for all the threads to become inactive, so that * all the thread context (extended register state, like * fpu etc) gets copied to the memory. */ ptr = core_state->dumper.next; while (ptr != NULL) { wait_task_inactive(ptr->task, 0); ptr = ptr->next; } } return core_waiters; } |
acdedd99b
|
455 |
static void coredump_finish(struct mm_struct *mm, bool core_dumped) |
10c28d937
|
456 457 458 |
{ struct core_thread *curr, *next; struct task_struct *task; |
6cd8f0aca
|
459 |
spin_lock_irq(¤t->sighand->siglock); |
acdedd99b
|
460 461 |
if (core_dumped && !__fatal_signal_pending(current)) current->signal->group_exit_code |= 0x80; |
6cd8f0aca
|
462 463 464 |
current->signal->group_exit_task = NULL; current->signal->flags = SIGNAL_GROUP_EXIT; spin_unlock_irq(¤t->sighand->siglock); |
10c28d937
|
465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 |
next = mm->core_state->dumper.next; while ((curr = next) != NULL) { next = curr->next; task = curr->task; /* * see exit_mm(), curr->task must not see * ->task == NULL before we read ->next. */ smp_mb(); curr->task = NULL; wake_up_process(task); } mm->core_state = NULL; } |
528f827ee
|
480 481 482 483 484 485 486 487 488 489 |
static bool dump_interrupted(void) { /* * SIGKILL or freezing() interrupt the coredumping. Perhaps we * can do try_to_freeze() and check __fatal_signal_pending(), * but then we need to teach dump_write() to restart and clear * TIF_SIGPENDING. */ return signal_pending(current); } |
10c28d937
|
490 491 |
static void wait_for_dump_helpers(struct file *file) { |
de32ec4cf
|
492 |
struct pipe_inode_info *pipe = file->private_data; |
10c28d937
|
493 494 495 496 |
pipe_lock(pipe); pipe->readers++; pipe->writers--; |
0ddad21d3
|
497 |
wake_up_interruptible_sync(&pipe->rd_wait); |
dc7ee2aac
|
498 499 |
kill_fasync(&pipe->fasync_readers, SIGIO, POLL_IN); pipe_unlock(pipe); |
10c28d937
|
500 |
|
dc7ee2aac
|
501 502 503 504 |
/* * We actually want wait_event_freezable() but then we need * to clear TIF_SIGPENDING and improve dump_interrupted(). */ |
0ddad21d3
|
505 |
wait_event_interruptible(pipe->rd_wait, pipe->readers == 1); |
10c28d937
|
506 |
|
dc7ee2aac
|
507 |
pipe_lock(pipe); |
10c28d937
|
508 509 510 |
pipe->readers--; pipe->writers++; pipe_unlock(pipe); |
10c28d937
|
511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 |
} /* * umh_pipe_setup * helper function to customize the process used * to collect the core in userspace. Specifically * it sets up a pipe and installs it as fd 0 (stdin) * for the process. Returns 0 on success, or * PTR_ERR on failure. * Note that it also sets the core limit to 1. This * is a special value that we use to trap recursive * core dumps */ static int umh_pipe_setup(struct subprocess_info *info, struct cred *new) { struct file *files[2]; struct coredump_params *cp = (struct coredump_params *)info->data; int err = create_pipe_files(files, 0); if (err) return err; cp->file = files[1]; |
45525b26a
|
533 534 |
err = replace_fd(0, files[0], 0); fput(files[0]); |
10c28d937
|
535 536 |
/* and disallow core files too */ current->signal->rlim[RLIMIT_CORE] = (struct rlimit){1, 1}; |
45525b26a
|
537 |
return err; |
10c28d937
|
538 |
} |
ae7795bc6
|
539 |
void do_coredump(const kernel_siginfo_t *siginfo) |
10c28d937
|
540 541 542 543 544 545 546 547 |
{ struct core_state core_state; struct core_name cn; struct mm_struct *mm = current->mm; struct linux_binfmt * binfmt; const struct cred *old_cred; struct cred *cred; int retval = 0; |
10c28d937
|
548 |
int ispipe; |
315c69261
|
549 550 |
size_t *argv = NULL; int argc = 0; |
10c28d937
|
551 |
struct files_struct *displaced; |
fbb181694
|
552 553 |
/* require nonrelative corefile path and be extra careful */ bool need_suid_safe = false; |
acdedd99b
|
554 |
bool core_dumped = false; |
10c28d937
|
555 556 |
static atomic_t core_dump_count = ATOMIC_INIT(0); struct coredump_params cprm = { |
5ab1c309b
|
557 |
.siginfo = siginfo, |
541880d9a
|
558 |
.regs = signal_pt_regs(), |
10c28d937
|
559 560 561 562 563 564 565 566 |
.limit = rlimit(RLIMIT_CORE), /* * We must use the same mm->flags while dumping core to avoid * inconsistency of bit flags, since this flag is not protected * by any locks. */ .mm_flags = mm->flags, }; |
5ab1c309b
|
567 |
audit_core_dumps(siginfo->si_signo); |
10c28d937
|
568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 |
binfmt = mm->binfmt; if (!binfmt || !binfmt->core_dump) goto fail; if (!__get_dumpable(cprm.mm_flags)) goto fail; cred = prepare_creds(); if (!cred) goto fail; /* * We cannot trust fsuid as being the "true" uid of the process * nor do we know its entire history. We only know it was tainted * so we dump it as root in mode 2, and only into a controlled * environment (pipe handler or fully qualified path). */ |
e579d2c25
|
584 |
if (__get_dumpable(cprm.mm_flags) == SUID_DUMP_ROOT) { |
10c28d937
|
585 |
/* Setuid core dump mode */ |
10c28d937
|
586 |
cred->fsuid = GLOBAL_ROOT_UID; /* Dump root private */ |
fbb181694
|
587 |
need_suid_safe = true; |
10c28d937
|
588 |
} |
5ab1c309b
|
589 |
retval = coredump_wait(siginfo->si_signo, &core_state); |
10c28d937
|
590 591 592 593 |
if (retval < 0) goto fail_creds; old_cred = override_creds(cred); |
315c69261
|
594 |
ispipe = format_corename(&cn, &cprm, &argv, &argc); |
10c28d937
|
595 |
|
fb96c475f
|
596 |
if (ispipe) { |
315c69261
|
597 |
int argi; |
10c28d937
|
598 599 |
int dump_count; char **helper_argv; |
907ed1328
|
600 |
struct subprocess_info *sub_info; |
10c28d937
|
601 602 603 604 605 606 |
if (ispipe < 0) { printk(KERN_WARNING "format_corename failed "); printk(KERN_WARNING "Aborting core "); |
e7fd1549a
|
607 |
goto fail_unlock; |
10c28d937
|
608 609 610 611 612 613 614 |
} if (cprm.limit == 1) { /* See umh_pipe_setup() which sets RLIMIT_CORE = 1. * * Normally core limits are irrelevant to pipes, since * we're not writing to the file system, but we use |
fcbc32bc6
|
615 |
* cprm.limit of 1 here as a special value, this is a |
10c28d937
|
616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 |
* consistent way to catch recursive crashes. * We can still crash if the core_pattern binary sets * RLIM_CORE = !1, but it runs as root, and can do * lots of stupid things. * * Note that we use task_tgid_vnr here to grab the pid * of the process group leader. That way we get the * right pid if a thread in a multi-threaded * core_pattern process dies. */ printk(KERN_WARNING "Process %d(%s) has RLIMIT_CORE set to 1 ", task_tgid_vnr(current), current->comm); printk(KERN_WARNING "Aborting core "); goto fail_unlock; } cprm.limit = RLIM_INFINITY; dump_count = atomic_inc_return(&core_dump_count); if (core_pipe_limit && (core_pipe_limit < dump_count)) { printk(KERN_WARNING "Pid %d(%s) over core_pipe_limit ", task_tgid_vnr(current), current->comm); printk(KERN_WARNING "Skipping core dump "); goto fail_dropcount; } |
315c69261
|
645 646 |
helper_argv = kmalloc_array(argc + 1, sizeof(*helper_argv), GFP_KERNEL); |
10c28d937
|
647 648 649 650 651 652 |
if (!helper_argv) { printk(KERN_WARNING "%s failed to allocate memory ", __func__); goto fail_dropcount; } |
315c69261
|
653 654 655 |
for (argi = 0; argi < argc; argi++) helper_argv[argi] = cn.corename + argv[argi]; helper_argv[argi] = NULL; |
10c28d937
|
656 |
|
907ed1328
|
657 658 659 660 661 662 663 |
retval = -ENOMEM; sub_info = call_usermodehelper_setup(helper_argv[0], helper_argv, NULL, GFP_KERNEL, umh_pipe_setup, NULL, &cprm); if (sub_info) retval = call_usermodehelper_exec(sub_info, UMH_WAIT_EXEC); |
315c69261
|
664 |
kfree(helper_argv); |
10c28d937
|
665 |
if (retval) { |
888ffc592
|
666 667 |
printk(KERN_INFO "Core dump to |%s pipe failed ", |
10c28d937
|
668 669 |
cn.corename); goto close_fail; |
fb96c475f
|
670 |
} |
10c28d937
|
671 672 |
} else { struct inode *inode; |
378c6520e
|
673 674 |
int open_flags = O_CREAT | O_RDWR | O_NOFOLLOW | O_LARGEFILE | O_EXCL; |
10c28d937
|
675 676 677 |
if (cprm.limit < binfmt->min_coredump) goto fail_unlock; |
fbb181694
|
678 |
if (need_suid_safe && cn.corename[0] != '/') { |
10c28d937
|
679 680 681 682 683 684 685 686 |
printk(KERN_WARNING "Pid %d(%s) can only dump core "\ "to fully qualified path! ", task_tgid_vnr(current), current->comm); printk(KERN_WARNING "Skipping core dump "); goto fail_unlock; } |
fbb181694
|
687 688 689 690 691 692 |
/* * Unlink the file if it exists unless this is a SUID * binary - in that case, we're running around with root * privs and don't want to unlink another user's coredump. */ if (!need_suid_safe) { |
fbb181694
|
693 694 695 696 |
/* * If it doesn't exist, that's fine. If there's some * other problem, we'll catch it at the filp_open(). */ |
96271654f
|
697 |
do_unlinkat(AT_FDCWD, getname_kernel(cn.corename)); |
fbb181694
|
698 699 700 701 702 703 704 705 706 707 |
} /* * There is a race between unlinking and creating the * file, but if that causes an EEXIST here, that's * fine - another process raced with us while creating * the corefile, and the other process won. To userspace, * what matters is that at least one of the two processes * writes its coredump successfully, not which one. */ |
378c6520e
|
708 709 710 711 712 713 714 715 716 717 718 719 720 721 722 723 724 725 726 727 728 |
if (need_suid_safe) { /* * Using user namespaces, normal user tasks can change * their current->fs->root to point to arbitrary * directories. Since the intention of the "only dump * with a fully qualified path" rule is to control where * coredumps may be placed using root privileges, * current->fs->root must not be used. Instead, use the * root directory of init_task. */ struct path root; task_lock(&init_task); get_fs_root(init_task.fs, &root); task_unlock(&init_task); cprm.file = file_open_root(root.dentry, root.mnt, cn.corename, open_flags, 0600); path_put(&root); } else { cprm.file = filp_open(cn.corename, open_flags, 0600); } |
10c28d937
|
729 730 |
if (IS_ERR(cprm.file)) goto fail_unlock; |
496ad9aa8
|
731 |
inode = file_inode(cprm.file); |
10c28d937
|
732 733 734 735 736 737 738 739 740 741 742 |
if (inode->i_nlink > 1) goto close_fail; if (d_unhashed(cprm.file->f_path.dentry)) goto close_fail; /* * AK: actually i see no reason to not allow this for named * pipes etc, but keep the previous behaviour for now. */ if (!S_ISREG(inode->i_mode)) goto close_fail; /* |
40f705a73
|
743 744 745 746 |
* Don't dump core if the filesystem changed owner or mode * of the file during file creation. This is an issue when * a process dumps core while its cwd is e.g. on a vfat * filesystem. |
10c28d937
|
747 748 749 |
*/ if (!uid_eq(inode->i_uid, current_fsuid())) goto close_fail; |
40f705a73
|
750 751 |
if ((inode->i_mode & 0677) != 0600) goto close_fail; |
86cc05840
|
752 |
if (!(cprm.file->f_mode & FMODE_CAN_WRITE)) |
10c28d937
|
753 754 755 756 757 758 759 760 761 762 763 |
goto close_fail; if (do_truncate(cprm.file->f_path.dentry, 0, 0, cprm.file)) goto close_fail; } /* get us an unshared descriptor table; almost always a no-op */ retval = unshare_files(&displaced); if (retval) goto close_fail; if (displaced) put_files_struct(displaced); |
e86d35c38
|
764 |
if (!dump_interrupted()) { |
3740d93e3
|
765 766 767 768 769 770 771 772 773 |
/* * umh disabled with CONFIG_STATIC_USERMODEHELPER_PATH="" would * have this set to NULL. */ if (!cprm.file) { pr_info("Core dump to |%s disabled ", cn.corename); goto close_fail; } |
e86d35c38
|
774 775 776 777 |
file_start_write(cprm.file); core_dumped = binfmt->core_dump(&cprm); file_end_write(cprm.file); } |
10c28d937
|
778 779 780 781 782 783 784 785 786 |
if (ispipe && core_pipe_limit) wait_for_dump_helpers(cprm.file); close_fail: if (cprm.file) filp_close(cprm.file, NULL); fail_dropcount: if (ispipe) atomic_dec(&core_dump_count); fail_unlock: |
315c69261
|
787 |
kfree(argv); |
10c28d937
|
788 |
kfree(cn.corename); |
acdedd99b
|
789 |
coredump_finish(mm, core_dumped); |
10c28d937
|
790 791 792 793 794 795 796 797 798 799 800 801 |
revert_creds(old_cred); fail_creds: put_cred(cred); fail: return; } /* * Core dumping helper functions. These are the only things you should * do on a core-file: use only these functions to write out all the * necessary info. */ |
ecc8c7725
|
802 803 804 |
int dump_emit(struct coredump_params *cprm, const void *addr, int nr) { struct file *file = cprm->file; |
2507a4fbd
|
805 806 |
loff_t pos = file->f_pos; ssize_t n; |
2c4cb0430
|
807 |
if (cprm->written + nr > cprm->limit) |
ecc8c7725
|
808 |
return 0; |
2507a4fbd
|
809 810 811 |
while (nr) { if (dump_interrupted()) return 0; |
52da40ae6
|
812 |
n = __kernel_write(file, addr, nr, &pos); |
2507a4fbd
|
813 814 815 |
if (n <= 0) return 0; file->f_pos = pos; |
2c4cb0430
|
816 |
cprm->written += n; |
1607f09c2
|
817 |
cprm->pos += n; |
2507a4fbd
|
818 819 |
nr -= n; } |
ecc8c7725
|
820 821 822 |
return 1; } EXPORT_SYMBOL(dump_emit); |
9b56d5438
|
823 |
int dump_skip(struct coredump_params *cprm, size_t nr) |
10c28d937
|
824 |
{ |
9b56d5438
|
825 826 |
static char zeroes[PAGE_SIZE]; struct file *file = cprm->file; |
10c28d937
|
827 |
if (file->f_op->llseek && file->f_op->llseek != no_llseek) { |
528f827ee
|
828 |
if (dump_interrupted() || |
9b56d5438
|
829 |
file->f_op->llseek(file, nr, SEEK_CUR) < 0) |
10c28d937
|
830 |
return 0; |
1607f09c2
|
831 |
cprm->pos += nr; |
9b56d5438
|
832 |
return 1; |
10c28d937
|
833 |
} else { |
9b56d5438
|
834 835 836 837 |
while (nr > PAGE_SIZE) { if (!dump_emit(cprm, zeroes, PAGE_SIZE)) return 0; nr -= PAGE_SIZE; |
10c28d937
|
838 |
} |
9b56d5438
|
839 |
return dump_emit(cprm, zeroes, nr); |
10c28d937
|
840 |
} |
10c28d937
|
841 |
} |
9b56d5438
|
842 |
EXPORT_SYMBOL(dump_skip); |
22a8cb824
|
843 844 845 |
int dump_align(struct coredump_params *cprm, int align) { |
1607f09c2
|
846 |
unsigned mod = cprm->pos & (align - 1); |
22a8cb824
|
847 |
if (align & (align - 1)) |
db51242d8
|
848 849 |
return 0; return mod ? dump_skip(cprm, align - mod) : 1; |
22a8cb824
|
850 851 |
} EXPORT_SYMBOL(dump_align); |
4d22c75d4
|
852 853 854 855 856 857 858 859 860 861 862 863 864 865 866 867 868 869 |
/* * Ensures that file size is big enough to contain the current file * postion. This prevents gdb from complaining about a truncated file * if the last "write" to the file was dump_skip. */ void dump_truncate(struct coredump_params *cprm) { struct file *file = cprm->file; loff_t offset; if (file->f_op->llseek && file->f_op->llseek != no_llseek) { offset = file->f_op->llseek(file, 0, SEEK_CUR); if (i_size_read(file->f_mapping->host) < offset) do_truncate(file->f_path.dentry, offset, 0, file); } } EXPORT_SYMBOL(dump_truncate); |