Commit 046d662f481830e652ac34cd112249adde16452a
Committed by
Linus Torvalds
1 parent
db9aeca97a
Exists in
master
and in
20 other branches
coredump: make core dump functionality optional
Adds an expert Kconfig option, CONFIG_COREDUMP, which allows disabling of core dump. This saves approximately 2.6k in the compiled kernel, and complements CONFIG_ELF_CORE, which now depends on it. CONFIG_COREDUMP also disables coredump-related sysctls, except for suid_dumpable and related functions, which are necessary for ptrace. [akpm@linux-foundation.org: fix binfmt_aout.c build] Signed-off-by: Alex Kelly <alex.page.kelly@gmail.com> Reviewed-by: Josh Triplett <josh@joshtriplett.org> Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Acked-by: Kees Cook <keescook@chromium.org> Cc: Randy Dunlap <rdunlap@xenotime.net> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Showing 6 changed files with 53 additions and 27 deletions Side-by-side Diff
fs/Kconfig.binfmt
... | ... | @@ -164,4 +164,12 @@ |
164 | 164 | You may say M here for module support and later load the module when |
165 | 165 | you have use for it; the module is called binfmt_misc. If you |
166 | 166 | don't know what to answer at this point, say Y. |
167 | + | |
168 | +config COREDUMP | |
169 | + bool "Enable core dump support" if EXPERT | |
170 | + default y | |
171 | + help | |
172 | + This option enables support for performing core dumps. You almost | |
173 | + certainly want to say Y here. Not necessary on systems that never | |
174 | + need debugging or only ever run flawless code. |
fs/Makefile
... | ... | @@ -11,7 +11,7 @@ |
11 | 11 | attr.o bad_inode.o file.o filesystems.o namespace.o \ |
12 | 12 | seq_file.o xattr.o libfs.o fs-writeback.o \ |
13 | 13 | pnode.o drop_caches.o splice.o sync.o utimes.o \ |
14 | - stack.o fs_struct.o statfs.o coredump.o | |
14 | + stack.o fs_struct.o statfs.o | |
15 | 15 | |
16 | 16 | ifeq ($(CONFIG_BLOCK),y) |
17 | 17 | obj-y += buffer.o bio.o block_dev.o direct-io.o mpage.o ioprio.o |
... | ... | @@ -48,6 +48,7 @@ |
48 | 48 | obj-$(CONFIG_FS_POSIX_ACL) += posix_acl.o xattr_acl.o |
49 | 49 | obj-$(CONFIG_NFS_COMMON) += nfs_common/ |
50 | 50 | obj-$(CONFIG_GENERIC_ACL) += generic_acl.o |
51 | +obj-$(CONFIG_COREDUMP) += coredump.o | |
51 | 52 | |
52 | 53 | obj-$(CONFIG_FHANDLE) += fhandle.o |
53 | 54 |
fs/binfmt_aout.c
... | ... | @@ -32,31 +32,8 @@ |
32 | 32 | |
33 | 33 | static int load_aout_binary(struct linux_binprm *, struct pt_regs * regs); |
34 | 34 | static int load_aout_library(struct file*); |
35 | -static int aout_core_dump(struct coredump_params *cprm); | |
36 | 35 | |
37 | -static struct linux_binfmt aout_format = { | |
38 | - .module = THIS_MODULE, | |
39 | - .load_binary = load_aout_binary, | |
40 | - .load_shlib = load_aout_library, | |
41 | - .core_dump = aout_core_dump, | |
42 | - .min_coredump = PAGE_SIZE | |
43 | -}; | |
44 | - | |
45 | -#define BAD_ADDR(x) ((unsigned long)(x) >= TASK_SIZE) | |
46 | - | |
47 | -static int set_brk(unsigned long start, unsigned long end) | |
48 | -{ | |
49 | - start = PAGE_ALIGN(start); | |
50 | - end = PAGE_ALIGN(end); | |
51 | - if (end > start) { | |
52 | - unsigned long addr; | |
53 | - addr = vm_brk(start, end - start); | |
54 | - if (BAD_ADDR(addr)) | |
55 | - return addr; | |
56 | - } | |
57 | - return 0; | |
58 | -} | |
59 | - | |
36 | +#ifdef CONFIG_COREDUMP | |
60 | 37 | /* |
61 | 38 | * Routine writes a core dump image in the current directory. |
62 | 39 | * Currently only a stub-function. |
... | ... | @@ -66,7 +43,6 @@ |
66 | 43 | * field, which also makes sure the core-dumps won't be recursive if the |
67 | 44 | * dumping of the process results in another error.. |
68 | 45 | */ |
69 | - | |
70 | 46 | static int aout_core_dump(struct coredump_params *cprm) |
71 | 47 | { |
72 | 48 | struct file *file = cprm->file; |
... | ... | @@ -134,6 +110,32 @@ |
134 | 110 | end_coredump: |
135 | 111 | set_fs(fs); |
136 | 112 | return has_dumped; |
113 | +} | |
114 | +#else | |
115 | +#define aout_core_dump NULL | |
116 | +#endif | |
117 | + | |
118 | +static struct linux_binfmt aout_format = { | |
119 | + .module = THIS_MODULE, | |
120 | + .load_binary = load_aout_binary, | |
121 | + .load_shlib = load_aout_library, | |
122 | + .core_dump = aout_core_dump, | |
123 | + .min_coredump = PAGE_SIZE | |
124 | +}; | |
125 | + | |
126 | +#define BAD_ADDR(x) ((unsigned long)(x) >= TASK_SIZE) | |
127 | + | |
128 | +static int set_brk(unsigned long start, unsigned long end) | |
129 | +{ | |
130 | + start = PAGE_ALIGN(start); | |
131 | + end = PAGE_ALIGN(end); | |
132 | + if (end > start) { | |
133 | + unsigned long addr; | |
134 | + addr = vm_brk(start, end - start); | |
135 | + if (BAD_ADDR(addr)) | |
136 | + return addr; | |
137 | + } | |
138 | + return 0; | |
137 | 139 | } |
138 | 140 | |
139 | 141 | /* |
include/linux/binfmts.h
... | ... | @@ -132,7 +132,11 @@ |
132 | 132 | struct linux_binprm *bprm); |
133 | 133 | extern int prepare_bprm_creds(struct linux_binprm *bprm); |
134 | 134 | extern void install_exec_creds(struct linux_binprm *bprm); |
135 | +#ifdef CONFIG_COREDUMP | |
135 | 136 | extern void do_coredump(long signr, int exit_code, struct pt_regs *regs); |
137 | +#else | |
138 | +static inline void do_coredump(long signr, int exit_code, struct pt_regs *regs) {} | |
139 | +#endif | |
136 | 140 | extern void set_binfmt(struct linux_binfmt *new); |
137 | 141 | extern void free_bprm(struct linux_binprm *); |
138 | 142 |
init/Kconfig
kernel/sysctl.c
... | ... | @@ -97,10 +97,12 @@ |
97 | 97 | extern int sysctl_overcommit_memory; |
98 | 98 | extern int sysctl_overcommit_ratio; |
99 | 99 | extern int max_threads; |
100 | -extern int core_uses_pid; | |
101 | 100 | extern int suid_dumpable; |
101 | +#ifdef CONFIG_COREDUMP | |
102 | +extern int core_uses_pid; | |
102 | 103 | extern char core_pattern[]; |
103 | 104 | extern unsigned int core_pipe_limit; |
105 | +#endif | |
104 | 106 | extern int pid_max; |
105 | 107 | extern int min_free_kbytes; |
106 | 108 | extern int pid_max_min, pid_max_max; |
107 | 109 | |
... | ... | @@ -177,8 +179,10 @@ |
177 | 179 | |
178 | 180 | static int proc_dointvec_minmax_coredump(struct ctl_table *table, int write, |
179 | 181 | void __user *buffer, size_t *lenp, loff_t *ppos); |
182 | +#ifdef CONFIG_COREDUMP | |
180 | 183 | static int proc_dostring_coredump(struct ctl_table *table, int write, |
181 | 184 | void __user *buffer, size_t *lenp, loff_t *ppos); |
185 | +#endif | |
182 | 186 | |
183 | 187 | #ifdef CONFIG_MAGIC_SYSRQ |
184 | 188 | /* Note: sysrq code uses it's own private copy */ |
... | ... | @@ -404,6 +408,7 @@ |
404 | 408 | .mode = 0644, |
405 | 409 | .proc_handler = proc_dointvec, |
406 | 410 | }, |
411 | +#ifdef CONFIG_COREDUMP | |
407 | 412 | { |
408 | 413 | .procname = "core_uses_pid", |
409 | 414 | .data = &core_uses_pid, |
... | ... | @@ -425,6 +430,7 @@ |
425 | 430 | .mode = 0644, |
426 | 431 | .proc_handler = proc_dointvec, |
427 | 432 | }, |
433 | +#endif | |
428 | 434 | #ifdef CONFIG_PROC_SYSCTL |
429 | 435 | { |
430 | 436 | .procname = "tainted", |
431 | 437 | |
... | ... | @@ -2036,12 +2042,14 @@ |
2036 | 2042 | |
2037 | 2043 | static void validate_coredump_safety(void) |
2038 | 2044 | { |
2045 | +#ifdef CONFIG_COREDUMP | |
2039 | 2046 | if (suid_dumpable == SUID_DUMPABLE_SAFE && |
2040 | 2047 | core_pattern[0] != '/' && core_pattern[0] != '|') { |
2041 | 2048 | printk(KERN_WARNING "Unsafe core_pattern used with "\ |
2042 | 2049 | "suid_dumpable=2. Pipe handler or fully qualified "\ |
2043 | 2050 | "core dump path required.\n"); |
2044 | 2051 | } |
2052 | +#endif | |
2045 | 2053 | } |
2046 | 2054 | |
2047 | 2055 | static int proc_dointvec_minmax_coredump(struct ctl_table *table, int write, |
... | ... | @@ -2053,6 +2061,7 @@ |
2053 | 2061 | return error; |
2054 | 2062 | } |
2055 | 2063 | |
2064 | +#ifdef CONFIG_COREDUMP | |
2056 | 2065 | static int proc_dostring_coredump(struct ctl_table *table, int write, |
2057 | 2066 | void __user *buffer, size_t *lenp, loff_t *ppos) |
2058 | 2067 | { |
... | ... | @@ -2061,6 +2070,7 @@ |
2061 | 2070 | validate_coredump_safety(); |
2062 | 2071 | return error; |
2063 | 2072 | } |
2073 | +#endif | |
2064 | 2074 | |
2065 | 2075 | static int __do_proc_doulongvec_minmax(void *data, struct ctl_table *table, int write, |
2066 | 2076 | void __user *buffer, |
-
mentioned in commit e623fb
-
mentioned in commit e623fb
-
mentioned in commit e623fb
-
mentioned in commit e623fb
-
mentioned in commit e623fb
-
mentioned in commit e623fb
-
mentioned in commit e623fb
-
mentioned in commit e623fb
-
mentioned in commit e623fb
-
mentioned in commit e623fb
-
mentioned in commit e623fb
-
mentioned in commit e623fb
-
mentioned in commit e623fb