coredump: make core dump functionality optional

Adds an expert Kconfig option, CONFIG_COREDUMP, which allows disabling of core dump. This saves approximately 2.6k in the compiled kernel, and complements CONFIG_ELF_CORE, which now depends on it. CONFIG_COREDUMP also disables coredump-related sysctls, except for suid_dumpable and related functions, which are necessary for ptrace. [akpm@linux-foundation.org: fix binfmt_aout.c build] Signed-off-by: Alex Kelly <alex.page.kelly@gmail.com> Reviewed-by: Josh Triplett <josh@joshtriplett.org> Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Acked-by: Kees Cook <keescook@chromium.org> Cc: Randy Dunlap <rdunlap@xenotime.net> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

coredump: make core dump functionality optional
Adds an expert Kconfig option, CONFIG_COREDUMP, which allows disabling of core dump. This saves approximately 2.6k in the compiled kernel, and complements CONFIG_ELF_CORE, which now depends on it. CONFIG_COREDUMP also disables coredump-related sysctls, except for suid_dumpable and related functions, which are necessary for ptrace. [akpm@linux-foundation.org: fix binfmt_aout.c build] Signed-off-by: Alex Kelly <alex.page.kelly@gmail.com> Reviewed-by: Josh Triplett <josh@joshtriplett.org> Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Acked-by: Kees Cook <keescook@chromium.org> Cc: Randy Dunlap <rdunlap@xenotime.net> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Alex Kelly · Linus Torvalds · Eric Lee · Eric Lee · Eric Lee · Eric Lee
1 parent db9aeca97a
Showing 6 changed files with 53 additions and 27 deletions Side-by-side Diff
fs/Kconfig.binfmt
fs/Makefile
fs/binfmt_aout.c
include/linux/binfmts.h
init/Kconfig
kernel/sysctl.c
@@ -164,4 +164,12 @@
 	  You may say M here for module support and later load the module when
 	  you have use for it; the module is called binfmt_misc. If you
 	  don't know what to answer at this point, say Y.
+
+config COREDUMP
+	bool "Enable core dump support" if EXPERT
+	default y
+	help
+	  This option enables support for performing core dumps. You almost
+	  certainly want to say Y here. Not necessary on systems that never
+	  need debugging or only ever run flawless code.
@@ -11,7 +11,7 @@
 		attr.o bad_inode.o file.o filesystems.o namespace.o \
 		seq_file.o xattr.o libfs.o fs-writeback.o \
 		pnode.o drop_caches.o splice.o sync.o utimes.o \
-		stack.o fs_struct.o statfs.o coredump.o
+		stack.o fs_struct.o statfs.o
  
 ifeq ($(CONFIG_BLOCK),y)
 obj-y +=	buffer.o bio.o block_dev.o direct-io.o mpage.o ioprio.o
@@ -48,6 +48,7 @@
 obj-$(CONFIG_FS_POSIX_ACL)	+= posix_acl.o xattr_acl.o
 obj-$(CONFIG_NFS_COMMON)	+= nfs_common/
 obj-$(CONFIG_GENERIC_ACL)	+= generic_acl.o
+obj-$(CONFIG_COREDUMP)		+= coredump.o
  
 obj-$(CONFIG_FHANDLE)		+= fhandle.o
  
@@ -32,31 +32,8 @@
  
 static int load_aout_binary(struct linux_binprm *, struct pt_regs * regs);
 static int load_aout_library(struct file*);
-static int aout_core_dump(struct coredump_params *cprm);
  
-static struct linux_binfmt aout_format = {
-	.module		= THIS_MODULE,
-	.load_binary	= load_aout_binary,
-	.load_shlib	= load_aout_library,
-	.core_dump	= aout_core_dump,
-	.min_coredump	= PAGE_SIZE
-};
-
-#define BAD_ADDR(x)	((unsigned long)(x) >= TASK_SIZE)
-
-static int set_brk(unsigned long start, unsigned long end)
-{
-	start = PAGE_ALIGN(start);
-	end = PAGE_ALIGN(end);
-	if (end > start) {
-		unsigned long addr;
-		addr = vm_brk(start, end - start);
-		if (BAD_ADDR(addr))
-			return addr;
-	}
-	return 0;
-}
-
+#ifdef CONFIG_COREDUMP
 /*
  * Routine writes a core dump image in the current directory.
  * Currently only a stub-function.
@@ -66,7 +43,6 @@
  * field, which also makes sure the core-dumps won't be recursive if the
  * dumping of the process results in another error..
  */
-
 static int aout_core_dump(struct coredump_params *cprm)
 {
 	struct file *file = cprm->file;
@@ -134,6 +110,32 @@
 end_coredump:
 	set_fs(fs);
 	return has_dumped;
+}
+#else
+#define aout_core_dump NULL
+#endif
+
+static struct linux_binfmt aout_format = {
+	.module		= THIS_MODULE,
+	.load_binary	= load_aout_binary,
+	.load_shlib	= load_aout_library,
+	.core_dump	= aout_core_dump,
+	.min_coredump	= PAGE_SIZE
+};
+
+#define BAD_ADDR(x)	((unsigned long)(x) >= TASK_SIZE)
+
+static int set_brk(unsigned long start, unsigned long end)
+{
+	start = PAGE_ALIGN(start);
+	end = PAGE_ALIGN(end);
+	if (end > start) {
+		unsigned long addr;
+		addr = vm_brk(start, end - start);
+		if (BAD_ADDR(addr))
+			return addr;
+	}
+	return 0;
 }
  
 /*
@@ -132,7 +132,11 @@
 			       struct linux_binprm *bprm);
 extern int prepare_bprm_creds(struct linux_binprm *bprm);
 extern void install_exec_creds(struct linux_binprm *bprm);
+#ifdef CONFIG_COREDUMP
 extern void do_coredump(long signr, int exit_code, struct pt_regs *regs);
+#else
+static inline void do_coredump(long signr, int exit_code, struct pt_regs *regs) {}
+#endif
 extern void set_binfmt(struct linux_binfmt *new);
 extern void free_bprm(struct linux_binprm *);
  
@@ -1199,6 +1199,7 @@
           Just say Y.
  
 config ELF_CORE
+	depends on COREDUMP
 	default y
 	bool "Enable ELF core dumps" if EXPERT
 	help
@@ -97,10 +97,12 @@
 extern int sysctl_overcommit_memory;
 extern int sysctl_overcommit_ratio;
 extern int max_threads;
-extern int core_uses_pid;
 extern int suid_dumpable;
+#ifdef CONFIG_COREDUMP
+extern int core_uses_pid;
 extern char core_pattern[];
 extern unsigned int core_pipe_limit;
+#endif
 extern int pid_max;
 extern int min_free_kbytes;
 extern int pid_max_min, pid_max_max;
  
@@ -177,8 +179,10 @@
  
 static int proc_dointvec_minmax_coredump(struct ctl_table *table, int write,
 		void __user *buffer, size_t *lenp, loff_t *ppos);
+#ifdef CONFIG_COREDUMP
 static int proc_dostring_coredump(struct ctl_table *table, int write,
 		void __user *buffer, size_t *lenp, loff_t *ppos);
+#endif
  
 #ifdef CONFIG_MAGIC_SYSRQ
 /* Note: sysrq code uses it's own private copy */
@@ -404,6 +408,7 @@
 		.mode		= 0644,
 		.proc_handler	= proc_dointvec,
 	},
+#ifdef CONFIG_COREDUMP
 	{
 		.procname	= "core_uses_pid",
 		.data		= &core_uses_pid,
@@ -425,6 +430,7 @@
 		.mode		= 0644,
 		.proc_handler	= proc_dointvec,
 	},
+#endif
 #ifdef CONFIG_PROC_SYSCTL
 	{
 		.procname	= "tainted",
  
@@ -2036,12 +2042,14 @@
  
 static void validate_coredump_safety(void)
 {
+#ifdef CONFIG_COREDUMP
 	if (suid_dumpable == SUID_DUMPABLE_SAFE &&
 	    core_pattern[0] != '/' && core_pattern[0] != '|') {
 		printk(KERN_WARNING "Unsafe core_pattern used with "\
 			"suid_dumpable=2. Pipe handler or fully qualified "\
 			"core dump path required.\n");
 	}
+#endif
 }
  
 static int proc_dointvec_minmax_coredump(struct ctl_table *table, int write,
@@ -2053,6 +2061,7 @@
 	return error;
 }
  
+#ifdef CONFIG_COREDUMP
 static int proc_dostring_coredump(struct ctl_table *table, int write,
 		  void __user *buffer, size_t *lenp, loff_t *ppos)
 {
@@ -2061,6 +2070,7 @@
 		validate_coredump_safety();
 	return error;
 }
+#endif
  
 static int __do_proc_doulongvec_minmax(void *data, struct ctl_table *table, int write,
 				     void __user *buffer,
...	...	@@ -164,4 +164,12 @@
164	164	You may say M here for module support and later load the module when
165	165	you have use for it; the module is called binfmt_misc. If you
166	166	don't know what to answer at this point, say Y.
	167	+
	168	+config COREDUMP
	169	+ bool "Enable core dump support" if EXPERT
	170	+ default y
	171	+ help
	172	+ This option enables support for performing core dumps. You almost
	173	+ certainly want to say Y here. Not necessary on systems that never
	174	+ need debugging or only ever run flawless code.
...	...	@@ -11,7 +11,7 @@
11	11	attr.o bad_inode.o file.o filesystems.o namespace.o \
12	12	seq_file.o xattr.o libfs.o fs-writeback.o \
13	13	pnode.o drop_caches.o splice.o sync.o utimes.o \
14		- stack.o fs_struct.o statfs.o coredump.o
	14	+ stack.o fs_struct.o statfs.o
15	15
16	16	ifeq ($(CONFIG_BLOCK),y)
17	17	obj-y += buffer.o bio.o block_dev.o direct-io.o mpage.o ioprio.o
...	...	@@ -48,6 +48,7 @@
48	48	obj-$(CONFIG_FS_POSIX_ACL) += posix_acl.o xattr_acl.o
49	49	obj-$(CONFIG_NFS_COMMON) += nfs_common/
50	50	obj-$(CONFIG_GENERIC_ACL) += generic_acl.o
	51	+obj-$(CONFIG_COREDUMP) += coredump.o
51	52
52	53	obj-$(CONFIG_FHANDLE) += fhandle.o
53	54
...	...	@@ -32,31 +32,8 @@
32	32
33	33	static int load_aout_binary(struct linux_binprm , struct pt_regs regs);
34	34	static int load_aout_library(struct file*);
35		-static int aout_core_dump(struct coredump_params *cprm);
36	35
37		-static struct linux_binfmt aout_format = {
38		- .module = THIS_MODULE,
39		- .load_binary = load_aout_binary,
40		- .load_shlib = load_aout_library,
41		- .core_dump = aout_core_dump,
42		- .min_coredump = PAGE_SIZE
43		-};
44		-
45		-#define BAD_ADDR(x) ((unsigned long)(x) >= TASK_SIZE)
46		-
47		-static int set_brk(unsigned long start, unsigned long end)
48		-{
49		- start = PAGE_ALIGN(start);
50		- end = PAGE_ALIGN(end);
51		- if (end > start) {
52		- unsigned long addr;
53		- addr = vm_brk(start, end - start);
54		- if (BAD_ADDR(addr))
55		- return addr;
56		- }
57		- return 0;
58		-}
59		-
	36	+#ifdef CONFIG_COREDUMP
60	37	/*
61	38	* Routine writes a core dump image in the current directory.
62	39	* Currently only a stub-function.
...	...	@@ -66,7 +43,6 @@
66	43	* field, which also makes sure the core-dumps won't be recursive if the
67	44	* dumping of the process results in another error..
68	45	*/
69		-
70	46	static int aout_core_dump(struct coredump_params *cprm)
71	47	{
72	48	struct file *file = cprm->file;
...	...	@@ -134,6 +110,32 @@
134	110	end_coredump:
135	111	set_fs(fs);
136	112	return has_dumped;
	113	+}
	114	+#else
	115	+#define aout_core_dump NULL
	116	+#endif
	117	+
	118	+static struct linux_binfmt aout_format = {
	119	+ .module = THIS_MODULE,
	120	+ .load_binary = load_aout_binary,
	121	+ .load_shlib = load_aout_library,
	122	+ .core_dump = aout_core_dump,
	123	+ .min_coredump = PAGE_SIZE
	124	+};
	125	+
	126	+#define BAD_ADDR(x) ((unsigned long)(x) >= TASK_SIZE)
	127	+
	128	+static int set_brk(unsigned long start, unsigned long end)
	129	+{
	130	+ start = PAGE_ALIGN(start);
	131	+ end = PAGE_ALIGN(end);
	132	+ if (end > start) {
	133	+ unsigned long addr;
	134	+ addr = vm_brk(start, end - start);
	135	+ if (BAD_ADDR(addr))
	136	+ return addr;
	137	+ }
	138	+ return 0;
137	139	}
138	140
139	141	/*
...	...	@@ -132,7 +132,11 @@
132	132	struct linux_binprm *bprm);
133	133	extern int prepare_bprm_creds(struct linux_binprm *bprm);
134	134	extern void install_exec_creds(struct linux_binprm *bprm);
	135	+#ifdef CONFIG_COREDUMP
135	136	extern void do_coredump(long signr, int exit_code, struct pt_regs *regs);
	137	+#else
	138	+static inline void do_coredump(long signr, int exit_code, struct pt_regs *regs) {}
	139	+#endif
136	140	extern void set_binfmt(struct linux_binfmt *new);
137	141	extern void free_bprm(struct linux_binprm *);
138	142
...	...	@@ -1199,6 +1199,7 @@
1199	1199	Just say Y.
1200	1200
1201	1201	config ELF_CORE
	1202	+ depends on COREDUMP
1202	1203	default y
1203	1204	bool "Enable ELF core dumps" if EXPERT
1204	1205	help
...	...	@@ -97,10 +97,12 @@
97	97	extern int sysctl_overcommit_memory;
98	98	extern int sysctl_overcommit_ratio;
99	99	extern int max_threads;
100		-extern int core_uses_pid;
101	100	extern int suid_dumpable;
	101	+#ifdef CONFIG_COREDUMP
	102	+extern int core_uses_pid;
102	103	extern char core_pattern[];
103	104	extern unsigned int core_pipe_limit;
	105	+#endif
104	106	extern int pid_max;
105	107	extern int min_free_kbytes;
106	108	extern int pid_max_min, pid_max_max;
107	109
...	...	@@ -177,8 +179,10 @@
177	179
178	180	static int proc_dointvec_minmax_coredump(struct ctl_table *table, int write,
179	181	void __user buffer, size_t lenp, loff_t *ppos);
	182	+#ifdef CONFIG_COREDUMP
180	183	static int proc_dostring_coredump(struct ctl_table *table, int write,
181	184	void __user buffer, size_t lenp, loff_t *ppos);
	185	+#endif
182	186
183	187	#ifdef CONFIG_MAGIC_SYSRQ
184	188	/* Note: sysrq code uses it's own private copy */
...	...	@@ -404,6 +408,7 @@
404	408	.mode = 0644,
405	409	.proc_handler = proc_dointvec,
406	410	},
	411	+#ifdef CONFIG_COREDUMP
407	412	{
408	413	.procname = "core_uses_pid",
409	414	.data = &core_uses_pid,
...	...	@@ -425,6 +430,7 @@
425	430	.mode = 0644,
426	431	.proc_handler = proc_dointvec,
427	432	},
	433	+#endif
428	434	#ifdef CONFIG_PROC_SYSCTL
429	435	{
430	436	.procname = "tainted",
431	437
...	...	@@ -2036,12 +2042,14 @@
2036	2042
2037	2043	static void validate_coredump_safety(void)
2038	2044	{
	2045	+#ifdef CONFIG_COREDUMP
2039	2046	if (suid_dumpable == SUID_DUMPABLE_SAFE &&
2040	2047	core_pattern[0] != '/' && core_pattern[0] != '\|') {
2041	2048	printk(KERN_WARNING "Unsafe core_pattern used with "\
2042	2049	"suid_dumpable=2. Pipe handler or fully qualified "\
2043	2050	"core dump path required.\n");
2044	2051	}
	2052	+#endif
2045	2053	}
2046	2054
2047	2055	static int proc_dointvec_minmax_coredump(struct ctl_table *table, int write,
...	...	@@ -2053,6 +2061,7 @@
2053	2061	return error;
2054	2062	}
2055	2063
	2064	+#ifdef CONFIG_COREDUMP
2056	2065	static int proc_dostring_coredump(struct ctl_table *table, int write,
2057	2066	void __user buffer, size_t lenp, loff_t *ppos)
2058	2067	{
...	...	@@ -2061,6 +2070,7 @@
2061	2070	validate_coredump_safety();
2062	2071	return error;
2063	2072	}
	2073	+#endif
2064	2074
2065	2075	static int __do_proc_doulongvec_minmax(void data, struct ctl_table table, int write,
2066	2076	void __user *buffer,