Commit | Line | Data |
---|---|---|
b2441318 | 1 | // SPDX-License-Identifier: GPL-2.0 |
10c28d93 AK |
2 | #include <linux/slab.h> |
3 | #include <linux/file.h> | |
4 | #include <linux/fdtable.h> | |
70d78fe7 | 5 | #include <linux/freezer.h> |
10c28d93 AK |
6 | #include <linux/mm.h> |
7 | #include <linux/stat.h> | |
8 | #include <linux/fcntl.h> | |
9 | #include <linux/swap.h> | |
315c6926 | 10 | #include <linux/ctype.h> |
10c28d93 AK |
11 | #include <linux/string.h> |
12 | #include <linux/init.h> | |
13 | #include <linux/pagemap.h> | |
14 | #include <linux/perf_event.h> | |
15 | #include <linux/highmem.h> | |
16 | #include <linux/spinlock.h> | |
17 | #include <linux/key.h> | |
18 | #include <linux/personality.h> | |
19 | #include <linux/binfmts.h> | |
179899fd | 20 | #include <linux/coredump.h> |
7d442a33 | 21 | #include <linux/sort.h> |
f7ccbae4 | 22 | #include <linux/sched/coredump.h> |
3f07c014 | 23 | #include <linux/sched/signal.h> |
68db0cf1 | 24 | #include <linux/sched/task_stack.h> |
10c28d93 AK |
25 | #include <linux/utsname.h> |
26 | #include <linux/pid_namespace.h> | |
27 | #include <linux/module.h> | |
28 | #include <linux/namei.h> | |
29 | #include <linux/mount.h> | |
30 | #include <linux/security.h> | |
31 | #include <linux/syscalls.h> | |
32 | #include <linux/tsacct_kern.h> | |
33 | #include <linux/cn_proc.h> | |
34 | #include <linux/audit.h> | |
10c28d93 AK |
35 | #include <linux/kmod.h> |
36 | #include <linux/fsnotify.h> | |
37 | #include <linux/fs_struct.h> | |
38 | #include <linux/pipe_fs_i.h> | |
39 | #include <linux/oom.h> | |
40 | #include <linux/compat.h> | |
378c6520 JH |
41 | #include <linux/fs.h> |
42 | #include <linux/path.h> | |
03927c8a | 43 | #include <linux/timekeeping.h> |
f0bc21b2 | 44 | #include <linux/sysctl.h> |
84158b7f | 45 | #include <linux/elf.h> |
10c28d93 | 46 | |
7c0f6ba6 | 47 | #include <linux/uaccess.h> |
10c28d93 AK |
48 | #include <asm/mmu_context.h> |
49 | #include <asm/tlb.h> | |
50 | #include <asm/exec.h> | |
51 | ||
52 | #include <trace/events/task.h> | |
53 | #include "internal.h" | |
54 | ||
55 | #include <trace/events/sched.h> | |
56 | ||
95c5436a | 57 | static bool dump_vma_snapshot(struct coredump_params *cprm); |
390031c9 | 58 | static void free_vma_snapshot(struct coredump_params *cprm); |
95c5436a | 59 | |
4bbf9c3b AP |
60 | #define CORE_FILE_NOTE_SIZE_DEFAULT (4*1024*1024) |
61 | /* Define a reasonable max cap */ | |
62 | #define CORE_FILE_NOTE_SIZE_MAX (16*1024*1024) | |
63 | ||
f0bc21b2 XN |
64 | static int core_uses_pid; |
65 | static unsigned int core_pipe_limit; | |
66 | static char core_pattern[CORENAME_MAX_SIZE] = "core"; | |
3ceadcf6 | 67 | static int core_name_size = CORENAME_MAX_SIZE; |
4bbf9c3b | 68 | unsigned int core_file_note_size_limit = CORE_FILE_NOTE_SIZE_DEFAULT; |
10c28d93 AK |
69 | |
70 | struct core_name { | |
71 | char *corename; | |
72 | int used, size; | |
73 | }; | |
10c28d93 | 74 | |
3ceadcf6 | 75 | static int expand_corename(struct core_name *cn, int size) |
10c28d93 | 76 | { |
6dd142d9 KC |
77 | char *corename; |
78 | ||
79 | size = kmalloc_size_roundup(size); | |
80 | corename = krealloc(cn->corename, size, GFP_KERNEL); | |
10c28d93 | 81 | |
e7fd1549 | 82 | if (!corename) |
10c28d93 | 83 | return -ENOMEM; |
10c28d93 | 84 | |
3ceadcf6 ON |
85 | if (size > core_name_size) /* racy but harmless */ |
86 | core_name_size = size; | |
87 | ||
6dd142d9 | 88 | cn->size = size; |
e7fd1549 | 89 | cn->corename = corename; |
10c28d93 AK |
90 | return 0; |
91 | } | |
92 | ||
b4176b7c NI |
93 | static __printf(2, 0) int cn_vprintf(struct core_name *cn, const char *fmt, |
94 | va_list arg) | |
10c28d93 | 95 | { |
5fe9d8ca | 96 | int free, need; |
404ca80e | 97 | va_list arg_copy; |
10c28d93 | 98 | |
5fe9d8ca ON |
99 | again: |
100 | free = cn->size - cn->used; | |
404ca80e ED |
101 | |
102 | va_copy(arg_copy, arg); | |
103 | need = vsnprintf(cn->corename + cn->used, free, fmt, arg_copy); | |
104 | va_end(arg_copy); | |
105 | ||
5fe9d8ca ON |
106 | if (need < free) { |
107 | cn->used += need; | |
108 | return 0; | |
109 | } | |
10c28d93 | 110 | |
3ceadcf6 | 111 | if (!expand_corename(cn, cn->size + need - free + 1)) |
5fe9d8ca | 112 | goto again; |
10c28d93 | 113 | |
5fe9d8ca | 114 | return -ENOMEM; |
10c28d93 AK |
115 | } |
116 | ||
b4176b7c | 117 | static __printf(2, 3) int cn_printf(struct core_name *cn, const char *fmt, ...) |
bc03c691 ON |
118 | { |
119 | va_list arg; | |
120 | int ret; | |
121 | ||
122 | va_start(arg, fmt); | |
123 | ret = cn_vprintf(cn, fmt, arg); | |
124 | va_end(arg); | |
125 | ||
126 | return ret; | |
127 | } | |
128 | ||
b4176b7c NI |
129 | static __printf(2, 3) |
130 | int cn_esc_printf(struct core_name *cn, const char *fmt, ...) | |
10c28d93 | 131 | { |
923bed03 ON |
132 | int cur = cn->used; |
133 | va_list arg; | |
134 | int ret; | |
135 | ||
136 | va_start(arg, fmt); | |
137 | ret = cn_vprintf(cn, fmt, arg); | |
138 | va_end(arg); | |
139 | ||
ac94b6e3 JH |
140 | if (ret == 0) { |
141 | /* | |
142 | * Ensure that this coredump name component can't cause the | |
143 | * resulting corefile path to consist of a ".." or ".". | |
144 | */ | |
145 | if ((cn->used - cur == 1 && cn->corename[cur] == '.') || | |
146 | (cn->used - cur == 2 && cn->corename[cur] == '.' | |
147 | && cn->corename[cur+1] == '.')) | |
148 | cn->corename[cur] = '!'; | |
149 | ||
150 | /* | |
151 | * Empty names are fishy and could be used to create a "//" in a | |
152 | * corefile name, causing the coredump to happen one directory | |
153 | * level too high. Enforce that all components of the core | |
154 | * pattern are at least one character long. | |
155 | */ | |
156 | if (cn->used == cur) | |
157 | ret = cn_printf(cn, "!"); | |
158 | } | |
159 | ||
923bed03 ON |
160 | for (; cur < cn->used; ++cur) { |
161 | if (cn->corename[cur] == '/') | |
162 | cn->corename[cur] = '!'; | |
163 | } | |
164 | return ret; | |
10c28d93 AK |
165 | } |
166 | ||
f38c85f1 | 167 | static int cn_print_exe_file(struct core_name *cn, bool name_only) |
10c28d93 AK |
168 | { |
169 | struct file *exe_file; | |
f38c85f1 | 170 | char *pathbuf, *path, *ptr; |
10c28d93 AK |
171 | int ret; |
172 | ||
173 | exe_file = get_mm_exe_file(current->mm); | |
923bed03 ON |
174 | if (!exe_file) |
175 | return cn_esc_printf(cn, "%s (path unknown)", current->comm); | |
10c28d93 | 176 | |
0ee931c4 | 177 | pathbuf = kmalloc(PATH_MAX, GFP_KERNEL); |
10c28d93 AK |
178 | if (!pathbuf) { |
179 | ret = -ENOMEM; | |
180 | goto put_exe_file; | |
181 | } | |
182 | ||
9bf39ab2 | 183 | path = file_path(exe_file, pathbuf, PATH_MAX); |
10c28d93 AK |
184 | if (IS_ERR(path)) { |
185 | ret = PTR_ERR(path); | |
186 | goto free_buf; | |
187 | } | |
188 | ||
f38c85f1 LW |
189 | if (name_only) { |
190 | ptr = strrchr(path, '/'); | |
191 | if (ptr) | |
192 | path = ptr + 1; | |
193 | } | |
923bed03 | 194 | ret = cn_esc_printf(cn, "%s", path); |
10c28d93 AK |
195 | |
196 | free_buf: | |
197 | kfree(pathbuf); | |
198 | put_exe_file: | |
199 | fput(exe_file); | |
200 | return ret; | |
201 | } | |
202 | ||
203 | /* format_corename will inspect the pattern parameter, and output a | |
204 | * name into corename, which must have space for at least | |
205 | * CORENAME_MAX_SIZE bytes plus one byte for the zero terminator. | |
206 | */ | |
315c6926 PW |
207 | static int format_corename(struct core_name *cn, struct coredump_params *cprm, |
208 | size_t **argv, int *argc) | |
10c28d93 AK |
209 | { |
210 | const struct cred *cred = current_cred(); | |
211 | const char *pat_ptr = core_pattern; | |
212 | int ispipe = (*pat_ptr == '|'); | |
315c6926 | 213 | bool was_space = false; |
10c28d93 AK |
214 | int pid_in_pattern = 0; |
215 | int err = 0; | |
216 | ||
e7fd1549 | 217 | cn->used = 0; |
3ceadcf6 ON |
218 | cn->corename = NULL; |
219 | if (expand_corename(cn, core_name_size)) | |
10c28d93 | 220 | return -ENOMEM; |
888ffc59 ON |
221 | cn->corename[0] = '\0'; |
222 | ||
315c6926 PW |
223 | if (ispipe) { |
224 | int argvs = sizeof(core_pattern) / 2; | |
225 | (*argv) = kmalloc_array(argvs, sizeof(**argv), GFP_KERNEL); | |
226 | if (!(*argv)) | |
227 | return -ENOMEM; | |
228 | (*argv)[(*argc)++] = 0; | |
888ffc59 | 229 | ++pat_ptr; |
db973a72 SM |
230 | if (!(*pat_ptr)) |
231 | return -ENOMEM; | |
315c6926 | 232 | } |
10c28d93 AK |
233 | |
234 | /* Repeat as long as we have more pattern to process and more output | |
235 | space */ | |
236 | while (*pat_ptr) { | |
315c6926 PW |
237 | /* |
238 | * Split on spaces before doing template expansion so that | |
239 | * %e and %E don't get split if they have spaces in them | |
240 | */ | |
241 | if (ispipe) { | |
242 | if (isspace(*pat_ptr)) { | |
2bf509d9 MD |
243 | if (cn->used != 0) |
244 | was_space = true; | |
315c6926 PW |
245 | pat_ptr++; |
246 | continue; | |
247 | } else if (was_space) { | |
248 | was_space = false; | |
249 | err = cn_printf(cn, "%c", '\0'); | |
250 | if (err) | |
251 | return err; | |
252 | (*argv)[(*argc)++] = cn->used; | |
253 | } | |
254 | } | |
10c28d93 | 255 | if (*pat_ptr != '%') { |
10c28d93 AK |
256 | err = cn_printf(cn, "%c", *pat_ptr++); |
257 | } else { | |
258 | switch (*++pat_ptr) { | |
259 | /* single % at the end, drop that */ | |
260 | case 0: | |
261 | goto out; | |
262 | /* Double percent, output one percent */ | |
263 | case '%': | |
264 | err = cn_printf(cn, "%c", '%'); | |
265 | break; | |
266 | /* pid */ | |
267 | case 'p': | |
268 | pid_in_pattern = 1; | |
269 | err = cn_printf(cn, "%d", | |
270 | task_tgid_vnr(current)); | |
271 | break; | |
65aafb1e SG |
272 | /* global pid */ |
273 | case 'P': | |
274 | err = cn_printf(cn, "%d", | |
275 | task_tgid_nr(current)); | |
276 | break; | |
b03023ec ON |
277 | case 'i': |
278 | err = cn_printf(cn, "%d", | |
279 | task_pid_vnr(current)); | |
280 | break; | |
281 | case 'I': | |
282 | err = cn_printf(cn, "%d", | |
283 | task_pid_nr(current)); | |
284 | break; | |
10c28d93 AK |
285 | /* uid */ |
286 | case 'u': | |
5202efe5 NI |
287 | err = cn_printf(cn, "%u", |
288 | from_kuid(&init_user_ns, | |
289 | cred->uid)); | |
10c28d93 AK |
290 | break; |
291 | /* gid */ | |
292 | case 'g': | |
5202efe5 NI |
293 | err = cn_printf(cn, "%u", |
294 | from_kgid(&init_user_ns, | |
295 | cred->gid)); | |
10c28d93 | 296 | break; |
12a2b4b2 ON |
297 | case 'd': |
298 | err = cn_printf(cn, "%d", | |
299 | __get_dumpable(cprm->mm_flags)); | |
300 | break; | |
10c28d93 AK |
301 | /* signal that caused the coredump */ |
302 | case 's': | |
b4176b7c NI |
303 | err = cn_printf(cn, "%d", |
304 | cprm->siginfo->si_signo); | |
10c28d93 AK |
305 | break; |
306 | /* UNIX time of coredump */ | |
307 | case 't': { | |
03927c8a AB |
308 | time64_t time; |
309 | ||
310 | time = ktime_get_real_seconds(); | |
311 | err = cn_printf(cn, "%lld", time); | |
10c28d93 AK |
312 | break; |
313 | } | |
314 | /* hostname */ | |
923bed03 | 315 | case 'h': |
10c28d93 | 316 | down_read(&uts_sem); |
923bed03 | 317 | err = cn_esc_printf(cn, "%s", |
10c28d93 AK |
318 | utsname()->nodename); |
319 | up_read(&uts_sem); | |
10c28d93 | 320 | break; |
f38c85f1 | 321 | /* executable, could be changed by prctl PR_SET_NAME etc */ |
923bed03 ON |
322 | case 'e': |
323 | err = cn_esc_printf(cn, "%s", current->comm); | |
10c28d93 | 324 | break; |
f38c85f1 LW |
325 | /* file name of executable */ |
326 | case 'f': | |
327 | err = cn_print_exe_file(cn, true); | |
328 | break; | |
10c28d93 | 329 | case 'E': |
f38c85f1 | 330 | err = cn_print_exe_file(cn, false); |
10c28d93 AK |
331 | break; |
332 | /* core limit size */ | |
333 | case 'c': | |
334 | err = cn_printf(cn, "%lu", | |
335 | rlimit(RLIMIT_CORE)); | |
336 | break; | |
8603b6f5 ON |
337 | /* CPU the task ran on */ |
338 | case 'C': | |
339 | err = cn_printf(cn, "%d", cprm->cpu); | |
340 | break; | |
10c28d93 AK |
341 | default: |
342 | break; | |
343 | } | |
344 | ++pat_ptr; | |
345 | } | |
346 | ||
347 | if (err) | |
348 | return err; | |
349 | } | |
350 | ||
888ffc59 | 351 | out: |
10c28d93 AK |
352 | /* Backward compatibility with core_uses_pid: |
353 | * | |
354 | * If core_pattern does not include a %p (as is the default) | |
355 | * and core_uses_pid is set, then .%pid will be appended to | |
356 | * the filename. Do not do this for piped commands. */ | |
357 | if (!ispipe && !pid_in_pattern && core_uses_pid) { | |
358 | err = cn_printf(cn, ".%d", task_tgid_vnr(current)); | |
359 | if (err) | |
360 | return err; | |
361 | } | |
10c28d93 AK |
362 | return ispipe; |
363 | } | |
364 | ||
1e3fa25f | 365 | static int zap_process(struct signal_struct *signal, int exit_code) |
10c28d93 AK |
366 | { |
367 | struct task_struct *t; | |
368 | int nr = 0; | |
369 | ||
1e3fa25f ON |
370 | signal->flags = SIGNAL_GROUP_EXIT; |
371 | signal->group_exit_code = exit_code; | |
372 | signal->group_stop_count = 0; | |
10c28d93 | 373 | |
1e3fa25f | 374 | __for_each_thread(signal, t) { |
10c28d93 | 375 | task_clear_jobctl_pending(t, JOBCTL_PENDING_MASK); |
92307383 | 376 | if (t != current && !(t->flags & PF_POSTCOREDUMP)) { |
10c28d93 AK |
377 | sigaddset(&t->pending.signal, SIGKILL); |
378 | signal_wake_up(t, 1); | |
240a1853 | 379 | nr++; |
10c28d93 | 380 | } |
d61ba589 | 381 | } |
10c28d93 AK |
382 | |
383 | return nr; | |
384 | } | |
385 | ||
0258b5fd | 386 | static int zap_threads(struct task_struct *tsk, |
403bad72 | 387 | struct core_state *core_state, int exit_code) |
10c28d93 | 388 | { |
49697335 | 389 | struct signal_struct *signal = tsk->signal; |
10c28d93 AK |
390 | int nr = -EAGAIN; |
391 | ||
392 | spin_lock_irq(&tsk->sighand->siglock); | |
49697335 | 393 | if (!(signal->flags & SIGNAL_GROUP_EXIT) && !signal->group_exec_task) { |
1e3fa25f | 394 | /* Allow SIGKILL, see prepare_signal() */ |
49697335 | 395 | signal->core_state = core_state; |
1e3fa25f | 396 | nr = zap_process(signal, exit_code); |
403bad72 | 397 | clear_tsk_thread_flag(tsk, TIF_SIGPENDING); |
0258b5fd EB |
398 | tsk->flags |= PF_DUMPCORE; |
399 | atomic_set(&core_state->nr_threads, nr); | |
10c28d93 AK |
400 | } |
401 | spin_unlock_irq(&tsk->sighand->siglock); | |
10c28d93 AK |
402 | return nr; |
403 | } | |
404 | ||
405 | static int coredump_wait(int exit_code, struct core_state *core_state) | |
406 | { | |
407 | struct task_struct *tsk = current; | |
10c28d93 AK |
408 | int core_waiters = -EBUSY; |
409 | ||
410 | init_completion(&core_state->startup); | |
411 | core_state->dumper.task = tsk; | |
412 | core_state->dumper.next = NULL; | |
413 | ||
0258b5fd | 414 | core_waiters = zap_threads(tsk, core_state, exit_code); |
10c28d93 AK |
415 | if (core_waiters > 0) { |
416 | struct core_thread *ptr; | |
417 | ||
f5d39b02 PZ |
418 | wait_for_completion_state(&core_state->startup, |
419 | TASK_UNINTERRUPTIBLE|TASK_FREEZABLE); | |
10c28d93 AK |
420 | /* |
421 | * Wait for all the threads to become inactive, so that | |
422 | * all the thread context (extended register state, like | |
423 | * fpu etc) gets copied to the memory. | |
424 | */ | |
425 | ptr = core_state->dumper.next; | |
426 | while (ptr != NULL) { | |
f9fc8cad | 427 | wait_task_inactive(ptr->task, TASK_ANY); |
10c28d93 AK |
428 | ptr = ptr->next; |
429 | } | |
430 | } | |
431 | ||
432 | return core_waiters; | |
433 | } | |
434 | ||
0258b5fd | 435 | static void coredump_finish(bool core_dumped) |
10c28d93 AK |
436 | { |
437 | struct core_thread *curr, *next; | |
438 | struct task_struct *task; | |
439 | ||
6cd8f0ac | 440 | spin_lock_irq(¤t->sighand->siglock); |
acdedd99 ON |
441 | if (core_dumped && !__fatal_signal_pending(current)) |
442 | current->signal->group_exit_code |= 0x80; | |
0258b5fd EB |
443 | next = current->signal->core_state->dumper.next; |
444 | current->signal->core_state = NULL; | |
6cd8f0ac ON |
445 | spin_unlock_irq(¤t->sighand->siglock); |
446 | ||
10c28d93 AK |
447 | while ((curr = next) != NULL) { |
448 | next = curr->next; | |
449 | task = curr->task; | |
450 | /* | |
92307383 | 451 | * see coredump_task_exit(), curr->task must not see |
10c28d93 AK |
452 | * ->task == NULL before we read ->next. |
453 | */ | |
454 | smp_mb(); | |
455 | curr->task = NULL; | |
456 | wake_up_process(task); | |
457 | } | |
10c28d93 AK |
458 | } |
459 | ||
528f827e ON |
460 | static bool dump_interrupted(void) |
461 | { | |
462 | /* | |
463 | * SIGKILL or freezing() interrupt the coredumping. Perhaps we | |
464 | * can do try_to_freeze() and check __fatal_signal_pending(), | |
465 | * but then we need to teach dump_write() to restart and clear | |
466 | * TIF_SIGPENDING. | |
467 | */ | |
fb97d2eb RK |
468 | if (fatal_signal_pending(current)) { |
469 | coredump_report_failure("interrupted: fatal signal pending"); | |
470 | return true; | |
471 | } | |
472 | ||
473 | if (freezing(current)) { | |
474 | coredump_report_failure("interrupted: freezing"); | |
475 | return true; | |
476 | } | |
477 | ||
478 | return false; | |
528f827e ON |
479 | } |
480 | ||
10c28d93 AK |
481 | static void wait_for_dump_helpers(struct file *file) |
482 | { | |
de32ec4c | 483 | struct pipe_inode_info *pipe = file->private_data; |
10c28d93 AK |
484 | |
485 | pipe_lock(pipe); | |
486 | pipe->readers++; | |
487 | pipe->writers--; | |
0ddad21d | 488 | wake_up_interruptible_sync(&pipe->rd_wait); |
dc7ee2aa ON |
489 | kill_fasync(&pipe->fasync_readers, SIGIO, POLL_IN); |
490 | pipe_unlock(pipe); | |
10c28d93 | 491 | |
dc7ee2aa ON |
492 | /* |
493 | * We actually want wait_event_freezable() but then we need | |
494 | * to clear TIF_SIGPENDING and improve dump_interrupted(). | |
495 | */ | |
0ddad21d | 496 | wait_event_interruptible(pipe->rd_wait, pipe->readers == 1); |
10c28d93 | 497 | |
dc7ee2aa | 498 | pipe_lock(pipe); |
10c28d93 AK |
499 | pipe->readers--; |
500 | pipe->writers++; | |
501 | pipe_unlock(pipe); | |
10c28d93 AK |
502 | } |
503 | ||
504 | /* | |
505 | * umh_pipe_setup | |
506 | * helper function to customize the process used | |
507 | * to collect the core in userspace. Specifically | |
508 | * it sets up a pipe and installs it as fd 0 (stdin) | |
509 | * for the process. Returns 0 on success, or | |
510 | * PTR_ERR on failure. | |
511 | * Note that it also sets the core limit to 1. This | |
512 | * is a special value that we use to trap recursive | |
513 | * core dumps | |
514 | */ | |
515 | static int umh_pipe_setup(struct subprocess_info *info, struct cred *new) | |
516 | { | |
517 | struct file *files[2]; | |
518 | struct coredump_params *cp = (struct coredump_params *)info->data; | |
519 | int err = create_pipe_files(files, 0); | |
520 | if (err) | |
521 | return err; | |
522 | ||
523 | cp->file = files[1]; | |
524 | ||
45525b26 AV |
525 | err = replace_fd(0, files[0], 0); |
526 | fput(files[0]); | |
10c28d93 AK |
527 | /* and disallow core files too */ |
528 | current->signal->rlim[RLIMIT_CORE] = (struct rlimit){1, 1}; | |
529 | ||
45525b26 | 530 | return err; |
10c28d93 AK |
531 | } |
532 | ||
fb97d2eb | 533 | int do_coredump(const kernel_siginfo_t *siginfo) |
10c28d93 AK |
534 | { |
535 | struct core_state core_state; | |
536 | struct core_name cn; | |
537 | struct mm_struct *mm = current->mm; | |
538 | struct linux_binfmt * binfmt; | |
539 | const struct cred *old_cred; | |
540 | struct cred *cred; | |
fb97d2eb | 541 | int retval; |
10c28d93 | 542 | int ispipe; |
315c6926 PW |
543 | size_t *argv = NULL; |
544 | int argc = 0; | |
fbb18169 JH |
545 | /* require nonrelative corefile path and be extra careful */ |
546 | bool need_suid_safe = false; | |
acdedd99 | 547 | bool core_dumped = false; |
10c28d93 AK |
548 | static atomic_t core_dump_count = ATOMIC_INIT(0); |
549 | struct coredump_params cprm = { | |
5ab1c309 | 550 | .siginfo = siginfo, |
10c28d93 AK |
551 | .limit = rlimit(RLIMIT_CORE), |
552 | /* | |
553 | * We must use the same mm->flags while dumping core to avoid | |
554 | * inconsistency of bit flags, since this flag is not protected | |
555 | * by any locks. | |
556 | */ | |
557 | .mm_flags = mm->flags, | |
95c5436a | 558 | .vma_meta = NULL, |
8603b6f5 | 559 | .cpu = raw_smp_processor_id(), |
10c28d93 AK |
560 | }; |
561 | ||
5ab1c309 | 562 | audit_core_dumps(siginfo->si_signo); |
10c28d93 AK |
563 | |
564 | binfmt = mm->binfmt; | |
fb97d2eb RK |
565 | if (!binfmt || !binfmt->core_dump) { |
566 | retval = -ENOEXEC; | |
10c28d93 | 567 | goto fail; |
fb97d2eb RK |
568 | } |
569 | if (!__get_dumpable(cprm.mm_flags)) { | |
570 | retval = -EACCES; | |
10c28d93 | 571 | goto fail; |
fb97d2eb | 572 | } |
10c28d93 AK |
573 | |
574 | cred = prepare_creds(); | |
fb97d2eb RK |
575 | if (!cred) { |
576 | retval = -EPERM; | |
10c28d93 | 577 | goto fail; |
fb97d2eb | 578 | } |
10c28d93 AK |
579 | /* |
580 | * We cannot trust fsuid as being the "true" uid of the process | |
581 | * nor do we know its entire history. We only know it was tainted | |
582 | * so we dump it as root in mode 2, and only into a controlled | |
583 | * environment (pipe handler or fully qualified path). | |
584 | */ | |
e579d2c2 | 585 | if (__get_dumpable(cprm.mm_flags) == SUID_DUMP_ROOT) { |
10c28d93 | 586 | /* Setuid core dump mode */ |
10c28d93 | 587 | cred->fsuid = GLOBAL_ROOT_UID; /* Dump root private */ |
fbb18169 | 588 | need_suid_safe = true; |
10c28d93 AK |
589 | } |
590 | ||
5ab1c309 | 591 | retval = coredump_wait(siginfo->si_signo, &core_state); |
10c28d93 AK |
592 | if (retval < 0) |
593 | goto fail_creds; | |
594 | ||
595 | old_cred = override_creds(cred); | |
596 | ||
315c6926 | 597 | ispipe = format_corename(&cn, &cprm, &argv, &argc); |
10c28d93 | 598 | |
fb96c475 | 599 | if (ispipe) { |
315c6926 | 600 | int argi; |
10c28d93 AK |
601 | int dump_count; |
602 | char **helper_argv; | |
907ed132 | 603 | struct subprocess_info *sub_info; |
10c28d93 AK |
604 | |
605 | if (ispipe < 0) { | |
c114e994 | 606 | coredump_report_failure("format_corename failed, aborting core"); |
fb97d2eb | 607 | retval = ispipe; |
e7fd1549 | 608 | goto fail_unlock; |
10c28d93 AK |
609 | } |
610 | ||
611 | if (cprm.limit == 1) { | |
612 | /* See umh_pipe_setup() which sets RLIMIT_CORE = 1. | |
613 | * | |
614 | * Normally core limits are irrelevant to pipes, since | |
615 | * we're not writing to the file system, but we use | |
fcbc32bc | 616 | * cprm.limit of 1 here as a special value, this is a |
10c28d93 AK |
617 | * consistent way to catch recursive crashes. |
618 | * We can still crash if the core_pattern binary sets | |
619 | * RLIM_CORE = !1, but it runs as root, and can do | |
620 | * lots of stupid things. | |
621 | * | |
622 | * Note that we use task_tgid_vnr here to grab the pid | |
623 | * of the process group leader. That way we get the | |
624 | * right pid if a thread in a multi-threaded | |
625 | * core_pattern process dies. | |
626 | */ | |
c114e994 | 627 | coredump_report_failure("RLIMIT_CORE is set to 1, aborting core"); |
fb97d2eb | 628 | retval = -EPERM; |
10c28d93 AK |
629 | goto fail_unlock; |
630 | } | |
631 | cprm.limit = RLIM_INFINITY; | |
632 | ||
633 | dump_count = atomic_inc_return(&core_dump_count); | |
634 | if (core_pipe_limit && (core_pipe_limit < dump_count)) { | |
c114e994 | 635 | coredump_report_failure("over core_pipe_limit, skipping core dump"); |
fb97d2eb | 636 | retval = -E2BIG; |
10c28d93 AK |
637 | goto fail_dropcount; |
638 | } | |
639 | ||
315c6926 PW |
640 | helper_argv = kmalloc_array(argc + 1, sizeof(*helper_argv), |
641 | GFP_KERNEL); | |
10c28d93 | 642 | if (!helper_argv) { |
c114e994 | 643 | coredump_report_failure("%s failed to allocate memory", __func__); |
fb97d2eb | 644 | retval = -ENOMEM; |
10c28d93 AK |
645 | goto fail_dropcount; |
646 | } | |
315c6926 PW |
647 | for (argi = 0; argi < argc; argi++) |
648 | helper_argv[argi] = cn.corename + argv[argi]; | |
649 | helper_argv[argi] = NULL; | |
10c28d93 | 650 | |
907ed132 LDM |
651 | retval = -ENOMEM; |
652 | sub_info = call_usermodehelper_setup(helper_argv[0], | |
653 | helper_argv, NULL, GFP_KERNEL, | |
654 | umh_pipe_setup, NULL, &cprm); | |
655 | if (sub_info) | |
656 | retval = call_usermodehelper_exec(sub_info, | |
657 | UMH_WAIT_EXEC); | |
658 | ||
315c6926 | 659 | kfree(helper_argv); |
10c28d93 | 660 | if (retval) { |
c114e994 | 661 | coredump_report_failure("|%s pipe failed", cn.corename); |
10c28d93 | 662 | goto close_fail; |
fb96c475 | 663 | } |
10c28d93 | 664 | } else { |
abf08576 | 665 | struct mnt_idmap *idmap; |
10c28d93 | 666 | struct inode *inode; |
88e46070 | 667 | int open_flags = O_CREAT | O_WRONLY | O_NOFOLLOW | |
378c6520 | 668 | O_LARGEFILE | O_EXCL; |
10c28d93 | 669 | |
fb97d2eb RK |
670 | if (cprm.limit < binfmt->min_coredump) { |
671 | coredump_report_failure("over coredump resource limit, skipping core dump"); | |
672 | retval = -E2BIG; | |
10c28d93 | 673 | goto fail_unlock; |
fb97d2eb | 674 | } |
10c28d93 | 675 | |
fbb18169 | 676 | if (need_suid_safe && cn.corename[0] != '/') { |
c114e994 RK |
677 | coredump_report_failure( |
678 | "this process can only dump core to a fully qualified path, skipping core dump"); | |
fb97d2eb | 679 | retval = -EPERM; |
10c28d93 AK |
680 | goto fail_unlock; |
681 | } | |
682 | ||
fbb18169 JH |
683 | /* |
684 | * Unlink the file if it exists unless this is a SUID | |
685 | * binary - in that case, we're running around with root | |
686 | * privs and don't want to unlink another user's coredump. | |
687 | */ | |
688 | if (!need_suid_safe) { | |
fbb18169 JH |
689 | /* |
690 | * If it doesn't exist, that's fine. If there's some | |
691 | * other problem, we'll catch it at the filp_open(). | |
692 | */ | |
96271654 | 693 | do_unlinkat(AT_FDCWD, getname_kernel(cn.corename)); |
fbb18169 JH |
694 | } |
695 | ||
696 | /* | |
697 | * There is a race between unlinking and creating the | |
698 | * file, but if that causes an EEXIST here, that's | |
699 | * fine - another process raced with us while creating | |
700 | * the corefile, and the other process won. To userspace, | |
701 | * what matters is that at least one of the two processes | |
702 | * writes its coredump successfully, not which one. | |
703 | */ | |
378c6520 JH |
704 | if (need_suid_safe) { |
705 | /* | |
706 | * Using user namespaces, normal user tasks can change | |
707 | * their current->fs->root to point to arbitrary | |
708 | * directories. Since the intention of the "only dump | |
709 | * with a fully qualified path" rule is to control where | |
710 | * coredumps may be placed using root privileges, | |
711 | * current->fs->root must not be used. Instead, use the | |
712 | * root directory of init_task. | |
713 | */ | |
714 | struct path root; | |
715 | ||
716 | task_lock(&init_task); | |
717 | get_fs_root(init_task.fs, &root); | |
718 | task_unlock(&init_task); | |
ffb37ca3 AV |
719 | cprm.file = file_open_root(&root, cn.corename, |
720 | open_flags, 0600); | |
378c6520 JH |
721 | path_put(&root); |
722 | } else { | |
723 | cprm.file = filp_open(cn.corename, open_flags, 0600); | |
724 | } | |
fb97d2eb RK |
725 | if (IS_ERR(cprm.file)) { |
726 | retval = PTR_ERR(cprm.file); | |
10c28d93 | 727 | goto fail_unlock; |
fb97d2eb | 728 | } |
10c28d93 | 729 | |
496ad9aa | 730 | inode = file_inode(cprm.file); |
fb97d2eb RK |
731 | if (inode->i_nlink > 1) { |
732 | retval = -EMLINK; | |
10c28d93 | 733 | goto close_fail; |
fb97d2eb RK |
734 | } |
735 | if (d_unhashed(cprm.file->f_path.dentry)) { | |
736 | retval = -EEXIST; | |
10c28d93 | 737 | goto close_fail; |
fb97d2eb | 738 | } |
10c28d93 AK |
739 | /* |
740 | * AK: actually i see no reason to not allow this for named | |
741 | * pipes etc, but keep the previous behaviour for now. | |
742 | */ | |
fb97d2eb RK |
743 | if (!S_ISREG(inode->i_mode)) { |
744 | retval = -EISDIR; | |
10c28d93 | 745 | goto close_fail; |
fb97d2eb | 746 | } |
10c28d93 | 747 | /* |
40f705a7 JH |
748 | * Don't dump core if the filesystem changed owner or mode |
749 | * of the file during file creation. This is an issue when | |
750 | * a process dumps core while its cwd is e.g. on a vfat | |
751 | * filesystem. | |
10c28d93 | 752 | */ |
abf08576 | 753 | idmap = file_mnt_idmap(cprm.file); |
e67fe633 | 754 | if (!vfsuid_eq_kuid(i_uid_into_vfsuid(idmap, inode), |
a2bd096f | 755 | current_fsuid())) { |
c114e994 RK |
756 | coredump_report_failure("Core dump to %s aborted: " |
757 | "cannot preserve file owner", cn.corename); | |
fb97d2eb | 758 | retval = -EPERM; |
10c28d93 | 759 | goto close_fail; |
dbd9d6f8 DO |
760 | } |
761 | if ((inode->i_mode & 0677) != 0600) { | |
c114e994 RK |
762 | coredump_report_failure("Core dump to %s aborted: " |
763 | "cannot preserve file permissions", cn.corename); | |
fb97d2eb | 764 | retval = -EPERM; |
40f705a7 | 765 | goto close_fail; |
dbd9d6f8 | 766 | } |
fb97d2eb RK |
767 | if (!(cprm.file->f_mode & FMODE_CAN_WRITE)) { |
768 | retval = -EACCES; | |
10c28d93 | 769 | goto close_fail; |
fb97d2eb RK |
770 | } |
771 | retval = do_truncate(idmap, cprm.file->f_path.dentry, | |
772 | 0, 0, cprm.file); | |
773 | if (retval) | |
10c28d93 AK |
774 | goto close_fail; |
775 | } | |
776 | ||
777 | /* get us an unshared descriptor table; almost always a no-op */ | |
c39ab6de | 778 | /* The cell spufs coredump code reads the file descriptor tables */ |
1f702603 | 779 | retval = unshare_files(); |
10c28d93 AK |
780 | if (retval) |
781 | goto close_fail; | |
e86d35c3 | 782 | if (!dump_interrupted()) { |
3740d93e LC |
783 | /* |
784 | * umh disabled with CONFIG_STATIC_USERMODEHELPER_PATH="" would | |
785 | * have this set to NULL. | |
786 | */ | |
787 | if (!cprm.file) { | |
c114e994 | 788 | coredump_report_failure("Core dump to |%s disabled", cn.corename); |
fb97d2eb | 789 | retval = -EPERM; |
3740d93e LC |
790 | goto close_fail; |
791 | } | |
fb97d2eb RK |
792 | if (!dump_vma_snapshot(&cprm)) { |
793 | coredump_report_failure("Can't get VMA snapshot for core dump |%s", | |
794 | cn.corename); | |
795 | retval = -EACCES; | |
95c5436a | 796 | goto close_fail; |
fb97d2eb | 797 | } |
95c5436a | 798 | |
e86d35c3 AV |
799 | file_start_write(cprm.file); |
800 | core_dumped = binfmt->core_dump(&cprm); | |
d0f1088b AV |
801 | /* |
802 | * Ensures that file size is big enough to contain the current | |
803 | * file postion. This prevents gdb from complaining about | |
804 | * a truncated file if the last "write" to the file was | |
805 | * dump_skip. | |
806 | */ | |
807 | if (cprm.to_skip) { | |
808 | cprm.to_skip--; | |
809 | dump_emit(&cprm, "", 1); | |
810 | } | |
e86d35c3 | 811 | file_end_write(cprm.file); |
390031c9 | 812 | free_vma_snapshot(&cprm); |
fb97d2eb RK |
813 | } else { |
814 | coredump_report_failure("Core dump to %s%s has been interrupted", | |
815 | ispipe ? "|" : "", cn.corename); | |
816 | retval = -EAGAIN; | |
817 | goto fail; | |
e86d35c3 | 818 | } |
fb97d2eb RK |
819 | coredump_report( |
820 | "written to %s%s: VMAs: %d, size %zu; core: %lld bytes, pos %lld", | |
821 | ispipe ? "|" : "", cn.corename, | |
822 | cprm.vma_count, cprm.vma_data_size, cprm.written, cprm.pos); | |
10c28d93 AK |
823 | if (ispipe && core_pipe_limit) |
824 | wait_for_dump_helpers(cprm.file); | |
fb97d2eb RK |
825 | |
826 | retval = 0; | |
827 | ||
10c28d93 AK |
828 | close_fail: |
829 | if (cprm.file) | |
830 | filp_close(cprm.file, NULL); | |
831 | fail_dropcount: | |
832 | if (ispipe) | |
833 | atomic_dec(&core_dump_count); | |
834 | fail_unlock: | |
315c6926 | 835 | kfree(argv); |
10c28d93 | 836 | kfree(cn.corename); |
0258b5fd | 837 | coredump_finish(core_dumped); |
10c28d93 AK |
838 | revert_creds(old_cred); |
839 | fail_creds: | |
840 | put_cred(cred); | |
841 | fail: | |
fb97d2eb | 842 | return retval; |
10c28d93 AK |
843 | } |
844 | ||
845 | /* | |
846 | * Core dumping helper functions. These are the only things you should | |
847 | * do on a core-file: use only these functions to write out all the | |
848 | * necessary info. | |
849 | */ | |
d0f1088b | 850 | static int __dump_emit(struct coredump_params *cprm, const void *addr, int nr) |
ecc8c772 AV |
851 | { |
852 | struct file *file = cprm->file; | |
2507a4fb AV |
853 | loff_t pos = file->f_pos; |
854 | ssize_t n; | |
2c4cb043 | 855 | if (cprm->written + nr > cprm->limit) |
ecc8c772 | 856 | return 0; |
df0c09c0 JH |
857 | |
858 | ||
859 | if (dump_interrupted()) | |
860 | return 0; | |
861 | n = __kernel_write(file, addr, nr, &pos); | |
fb97d2eb RK |
862 | if (n != nr) { |
863 | if (n < 0) | |
864 | coredump_report_failure("failed when writing out, error %zd", n); | |
865 | else | |
866 | coredump_report_failure( | |
867 | "partially written out, only %zd(of %d) bytes written", | |
868 | n, nr); | |
869 | ||
df0c09c0 | 870 | return 0; |
fb97d2eb | 871 | } |
df0c09c0 JH |
872 | file->f_pos = pos; |
873 | cprm->written += n; | |
874 | cprm->pos += n; | |
875 | ||
ecc8c772 AV |
876 | return 1; |
877 | } | |
ecc8c772 | 878 | |
d0f1088b | 879 | static int __dump_skip(struct coredump_params *cprm, size_t nr) |
10c28d93 | 880 | { |
9b56d543 AV |
881 | static char zeroes[PAGE_SIZE]; |
882 | struct file *file = cprm->file; | |
4e3299ea | 883 | if (file->f_mode & FMODE_LSEEK) { |
fb97d2eb RK |
884 | int ret; |
885 | ||
886 | if (dump_interrupted()) | |
10c28d93 | 887 | return 0; |
fb97d2eb RK |
888 | |
889 | ret = vfs_llseek(file, nr, SEEK_CUR); | |
890 | if (ret < 0) { | |
891 | coredump_report_failure("failed when seeking, error %d", ret); | |
892 | return 0; | |
893 | } | |
1607f09c | 894 | cprm->pos += nr; |
9b56d543 | 895 | return 1; |
10c28d93 | 896 | } else { |
9b56d543 | 897 | while (nr > PAGE_SIZE) { |
d0f1088b | 898 | if (!__dump_emit(cprm, zeroes, PAGE_SIZE)) |
9b56d543 AV |
899 | return 0; |
900 | nr -= PAGE_SIZE; | |
10c28d93 | 901 | } |
d0f1088b | 902 | return __dump_emit(cprm, zeroes, nr); |
10c28d93 | 903 | } |
10c28d93 | 904 | } |
d0f1088b | 905 | |
9c7417b5 GU |
906 | int dump_emit(struct coredump_params *cprm, const void *addr, int nr) |
907 | { | |
908 | if (cprm->to_skip) { | |
909 | if (!__dump_skip(cprm, cprm->to_skip)) | |
910 | return 0; | |
911 | cprm->to_skip = 0; | |
912 | } | |
913 | return __dump_emit(cprm, addr, nr); | |
914 | } | |
915 | EXPORT_SYMBOL(dump_emit); | |
916 | ||
917 | void dump_skip_to(struct coredump_params *cprm, unsigned long pos) | |
918 | { | |
919 | cprm->to_skip = pos - cprm->pos; | |
920 | } | |
921 | EXPORT_SYMBOL(dump_skip_to); | |
922 | ||
923 | void dump_skip(struct coredump_params *cprm, size_t nr) | |
924 | { | |
925 | cprm->to_skip += nr; | |
926 | } | |
927 | EXPORT_SYMBOL(dump_skip); | |
928 | ||
929 | #ifdef CONFIG_ELF_CORE | |
06bbaa6d AV |
930 | static int dump_emit_page(struct coredump_params *cprm, struct page *page) |
931 | { | |
cd598003 | 932 | struct bio_vec bvec; |
06bbaa6d AV |
933 | struct iov_iter iter; |
934 | struct file *file = cprm->file; | |
4f526fef | 935 | loff_t pos; |
06bbaa6d AV |
936 | ssize_t n; |
937 | ||
a50026bd LT |
938 | if (!page) |
939 | return 0; | |
940 | ||
06bbaa6d AV |
941 | if (cprm->to_skip) { |
942 | if (!__dump_skip(cprm, cprm->to_skip)) | |
943 | return 0; | |
944 | cprm->to_skip = 0; | |
945 | } | |
946 | if (cprm->written + PAGE_SIZE > cprm->limit) | |
947 | return 0; | |
948 | if (dump_interrupted()) | |
949 | return 0; | |
4f526fef | 950 | pos = file->f_pos; |
cd598003 | 951 | bvec_set_page(&bvec, page, PAGE_SIZE, 0); |
de4eda9d | 952 | iov_iter_bvec(&iter, ITER_SOURCE, &bvec, 1, PAGE_SIZE); |
06bbaa6d AV |
953 | n = __kernel_write_iter(cprm->file, &iter, &pos); |
954 | if (n != PAGE_SIZE) | |
955 | return 0; | |
956 | file->f_pos = pos; | |
957 | cprm->written += PAGE_SIZE; | |
958 | cprm->pos += PAGE_SIZE; | |
959 | ||
960 | return 1; | |
961 | } | |
962 | ||
a50026bd LT |
963 | /* |
964 | * If we might get machine checks from kernel accesses during the | |
965 | * core dump, let's get those errors early rather than during the | |
966 | * IO. This is not performance-critical enough to warrant having | |
967 | * all the machine check logic in the iovec paths. | |
968 | */ | |
969 | #ifdef copy_mc_to_kernel | |
970 | ||
971 | #define dump_page_alloc() alloc_page(GFP_KERNEL) | |
972 | #define dump_page_free(x) __free_page(x) | |
973 | static struct page *dump_page_copy(struct page *src, struct page *dst) | |
974 | { | |
975 | void *buf = kmap_local_page(src); | |
976 | size_t left = copy_mc_to_kernel(page_address(dst), buf, PAGE_SIZE); | |
977 | kunmap_local(buf); | |
978 | return left ? NULL : dst; | |
979 | } | |
980 | ||
981 | #else | |
982 | ||
983 | /* We just want to return non-NULL; it's never used. */ | |
984 | #define dump_page_alloc() ERR_PTR(-EINVAL) | |
985 | #define dump_page_free(x) ((void)(x)) | |
986 | static inline struct page *dump_page_copy(struct page *src, struct page *dst) | |
987 | { | |
988 | return src; | |
989 | } | |
990 | #endif | |
991 | ||
afc63a97 JH |
992 | int dump_user_range(struct coredump_params *cprm, unsigned long start, |
993 | unsigned long len) | |
994 | { | |
995 | unsigned long addr; | |
a50026bd LT |
996 | struct page *dump_page; |
997 | ||
998 | dump_page = dump_page_alloc(); | |
999 | if (!dump_page) | |
1000 | return 0; | |
afc63a97 JH |
1001 | |
1002 | for (addr = start; addr < start + len; addr += PAGE_SIZE) { | |
1003 | struct page *page; | |
afc63a97 JH |
1004 | |
1005 | /* | |
1006 | * To avoid having to allocate page tables for virtual address | |
1007 | * ranges that have never been used yet, and also to make it | |
1008 | * easy to generate sparse core files, use a helper that returns | |
1009 | * NULL when encountering an empty page table entry that would | |
1010 | * otherwise have been filled with the zero page. | |
1011 | */ | |
1012 | page = get_dump_page(addr); | |
1013 | if (page) { | |
a50026bd | 1014 | int stop = !dump_emit_page(cprm, dump_page_copy(page, dump_page)); |
afc63a97 | 1015 | put_page(page); |
a50026bd LT |
1016 | if (stop) { |
1017 | dump_page_free(dump_page); | |
d0f1088b | 1018 | return 0; |
a50026bd | 1019 | } |
afc63a97 | 1020 | } else { |
d0f1088b | 1021 | dump_skip(cprm, PAGE_SIZE); |
afc63a97 | 1022 | } |
afc63a97 | 1023 | } |
a50026bd | 1024 | dump_page_free(dump_page); |
afc63a97 JH |
1025 | return 1; |
1026 | } | |
1027 | #endif | |
1028 | ||
22a8cb82 AV |
1029 | int dump_align(struct coredump_params *cprm, int align) |
1030 | { | |
d0f1088b | 1031 | unsigned mod = (cprm->pos + cprm->to_skip) & (align - 1); |
22a8cb82 | 1032 | if (align & (align - 1)) |
db51242d | 1033 | return 0; |
d0f1088b AV |
1034 | if (mod) |
1035 | cprm->to_skip += align - mod; | |
1036 | return 1; | |
22a8cb82 AV |
1037 | } |
1038 | EXPORT_SYMBOL(dump_align); | |
4d22c75d | 1039 | |
f0bc21b2 XN |
1040 | #ifdef CONFIG_SYSCTL |
1041 | ||
1042 | void validate_coredump_safety(void) | |
1043 | { | |
1044 | if (suid_dumpable == SUID_DUMP_ROOT && | |
1045 | core_pattern[0] != '/' && core_pattern[0] != '|') { | |
c114e994 RK |
1046 | |
1047 | coredump_report_failure("Unsafe core_pattern used with fs.suid_dumpable=2: " | |
1048 | "pipe handler or fully qualified core dump path required. " | |
1049 | "Set kernel.core_pattern before fs.suid_dumpable."); | |
f0bc21b2 XN |
1050 | } |
1051 | } | |
1052 | ||
78eb4ea2 | 1053 | static int proc_dostring_coredump(const struct ctl_table *table, int write, |
f0bc21b2 XN |
1054 | void *buffer, size_t *lenp, loff_t *ppos) |
1055 | { | |
1056 | int error = proc_dostring(table, write, buffer, lenp, ppos); | |
1057 | ||
1058 | if (!error) | |
1059 | validate_coredump_safety(); | |
1060 | return error; | |
1061 | } | |
1062 | ||
4bbf9c3b AP |
1063 | static const unsigned int core_file_note_size_min = CORE_FILE_NOTE_SIZE_DEFAULT; |
1064 | static const unsigned int core_file_note_size_max = CORE_FILE_NOTE_SIZE_MAX; | |
1065 | ||
f0bc21b2 XN |
1066 | static struct ctl_table coredump_sysctls[] = { |
1067 | { | |
1068 | .procname = "core_uses_pid", | |
1069 | .data = &core_uses_pid, | |
1070 | .maxlen = sizeof(int), | |
1071 | .mode = 0644, | |
1072 | .proc_handler = proc_dointvec, | |
1073 | }, | |
1074 | { | |
1075 | .procname = "core_pattern", | |
1076 | .data = core_pattern, | |
1077 | .maxlen = CORENAME_MAX_SIZE, | |
1078 | .mode = 0644, | |
1079 | .proc_handler = proc_dostring_coredump, | |
1080 | }, | |
1081 | { | |
1082 | .procname = "core_pipe_limit", | |
1083 | .data = &core_pipe_limit, | |
1084 | .maxlen = sizeof(unsigned int), | |
1085 | .mode = 0644, | |
1086 | .proc_handler = proc_dointvec, | |
1087 | }, | |
4bbf9c3b AP |
1088 | { |
1089 | .procname = "core_file_note_size_limit", | |
1090 | .data = &core_file_note_size_limit, | |
1091 | .maxlen = sizeof(unsigned int), | |
1092 | .mode = 0644, | |
1093 | .proc_handler = proc_douintvec_minmax, | |
1094 | .extra1 = (unsigned int *)&core_file_note_size_min, | |
1095 | .extra2 = (unsigned int *)&core_file_note_size_max, | |
1096 | }, | |
f0bc21b2 XN |
1097 | }; |
1098 | ||
1099 | static int __init init_fs_coredump_sysctls(void) | |
1100 | { | |
1101 | register_sysctl_init("kernel", coredump_sysctls); | |
1102 | return 0; | |
1103 | } | |
1104 | fs_initcall(init_fs_coredump_sysctls); | |
1105 | #endif /* CONFIG_SYSCTL */ | |
1106 | ||
429a22e7 JH |
1107 | /* |
1108 | * The purpose of always_dump_vma() is to make sure that special kernel mappings | |
1109 | * that are useful for post-mortem analysis are included in every core dump. | |
1110 | * In that way we ensure that the core dump is fully interpretable later | |
1111 | * without matching up the same kernel and hardware config to see what PC values | |
1112 | * meant. These special mappings include - vDSO, vsyscall, and other | |
1113 | * architecture specific mappings | |
1114 | */ | |
1115 | static bool always_dump_vma(struct vm_area_struct *vma) | |
1116 | { | |
1117 | /* Any vsyscall mappings? */ | |
1118 | if (vma == get_gate_vma(vma->vm_mm)) | |
1119 | return true; | |
1120 | ||
1121 | /* | |
1122 | * Assume that all vmas with a .name op should always be dumped. | |
1123 | * If this changes, a new vm_ops field can easily be added. | |
1124 | */ | |
1125 | if (vma->vm_ops && vma->vm_ops->name && vma->vm_ops->name(vma)) | |
1126 | return true; | |
1127 | ||
1128 | /* | |
1129 | * arch_vma_name() returns non-NULL for special architecture mappings, | |
1130 | * such as vDSO sections. | |
1131 | */ | |
1132 | if (arch_vma_name(vma)) | |
1133 | return true; | |
1134 | ||
1135 | return false; | |
1136 | } | |
1137 | ||
84158b7f JH |
1138 | #define DUMP_SIZE_MAYBE_ELFHDR_PLACEHOLDER 1 |
1139 | ||
429a22e7 JH |
1140 | /* |
1141 | * Decide how much of @vma's contents should be included in a core dump. | |
1142 | */ | |
a07279c9 JH |
1143 | static unsigned long vma_dump_size(struct vm_area_struct *vma, |
1144 | unsigned long mm_flags) | |
429a22e7 JH |
1145 | { |
1146 | #define FILTER(type) (mm_flags & (1UL << MMF_DUMP_##type)) | |
1147 | ||
1148 | /* always dump the vdso and vsyscall sections */ | |
1149 | if (always_dump_vma(vma)) | |
1150 | goto whole; | |
1151 | ||
1152 | if (vma->vm_flags & VM_DONTDUMP) | |
1153 | return 0; | |
1154 | ||
1155 | /* support for DAX */ | |
1156 | if (vma_is_dax(vma)) { | |
1157 | if ((vma->vm_flags & VM_SHARED) && FILTER(DAX_SHARED)) | |
1158 | goto whole; | |
1159 | if (!(vma->vm_flags & VM_SHARED) && FILTER(DAX_PRIVATE)) | |
1160 | goto whole; | |
1161 | return 0; | |
1162 | } | |
1163 | ||
1164 | /* Hugetlb memory check */ | |
1165 | if (is_vm_hugetlb_page(vma)) { | |
1166 | if ((vma->vm_flags & VM_SHARED) && FILTER(HUGETLB_SHARED)) | |
1167 | goto whole; | |
1168 | if (!(vma->vm_flags & VM_SHARED) && FILTER(HUGETLB_PRIVATE)) | |
1169 | goto whole; | |
1170 | return 0; | |
1171 | } | |
1172 | ||
1173 | /* Do not dump I/O mapped devices or special mappings */ | |
1174 | if (vma->vm_flags & VM_IO) | |
1175 | return 0; | |
1176 | ||
1177 | /* By default, dump shared memory if mapped from an anonymous file. */ | |
1178 | if (vma->vm_flags & VM_SHARED) { | |
1179 | if (file_inode(vma->vm_file)->i_nlink == 0 ? | |
1180 | FILTER(ANON_SHARED) : FILTER(MAPPED_SHARED)) | |
1181 | goto whole; | |
1182 | return 0; | |
1183 | } | |
1184 | ||
1185 | /* Dump segments that have been written to. */ | |
1186 | if ((!IS_ENABLED(CONFIG_MMU) || vma->anon_vma) && FILTER(ANON_PRIVATE)) | |
1187 | goto whole; | |
1188 | if (vma->vm_file == NULL) | |
1189 | return 0; | |
1190 | ||
1191 | if (FILTER(MAPPED_PRIVATE)) | |
1192 | goto whole; | |
1193 | ||
1194 | /* | |
1195 | * If this is the beginning of an executable file mapping, | |
1196 | * dump the first page to aid in determining what was mapped here. | |
1197 | */ | |
1198 | if (FILTER(ELF_HEADERS) && | |
84158b7f JH |
1199 | vma->vm_pgoff == 0 && (vma->vm_flags & VM_READ)) { |
1200 | if ((READ_ONCE(file_inode(vma->vm_file)->i_mode) & 0111) != 0) | |
1201 | return PAGE_SIZE; | |
1202 | ||
1203 | /* | |
1204 | * ELF libraries aren't always executable. | |
1205 | * We'll want to check whether the mapping starts with the ELF | |
1206 | * magic, but not now - we're holding the mmap lock, | |
1207 | * so copy_from_user() doesn't work here. | |
1208 | * Use a placeholder instead, and fix it up later in | |
1209 | * dump_vma_snapshot(). | |
1210 | */ | |
1211 | return DUMP_SIZE_MAYBE_ELFHDR_PLACEHOLDER; | |
1212 | } | |
429a22e7 JH |
1213 | |
1214 | #undef FILTER | |
1215 | ||
1216 | return 0; | |
1217 | ||
1218 | whole: | |
1219 | return vma->vm_end - vma->vm_start; | |
1220 | } | |
a07279c9 | 1221 | |
a07279c9 JH |
1222 | /* |
1223 | * Helper function for iterating across a vma list. It ensures that the caller | |
1224 | * will visit `gate_vma' prior to terminating the search. | |
1225 | */ | |
e552cdb8 | 1226 | static struct vm_area_struct *coredump_next_vma(struct vma_iterator *vmi, |
182ea1d7 | 1227 | struct vm_area_struct *vma, |
a07279c9 JH |
1228 | struct vm_area_struct *gate_vma) |
1229 | { | |
182ea1d7 | 1230 | if (gate_vma && (vma == gate_vma)) |
a07279c9 | 1231 | return NULL; |
182ea1d7 | 1232 | |
e552cdb8 | 1233 | vma = vma_next(vmi); |
182ea1d7 MWO |
1234 | if (vma) |
1235 | return vma; | |
a07279c9 JH |
1236 | return gate_vma; |
1237 | } | |
1238 | ||
390031c9 EB |
1239 | static void free_vma_snapshot(struct coredump_params *cprm) |
1240 | { | |
1241 | if (cprm->vma_meta) { | |
1242 | int i; | |
1243 | for (i = 0; i < cprm->vma_count; i++) { | |
1244 | struct file *file = cprm->vma_meta[i].file; | |
1245 | if (file) | |
1246 | fput(file); | |
1247 | } | |
1248 | kvfree(cprm->vma_meta); | |
1249 | cprm->vma_meta = NULL; | |
1250 | } | |
1251 | } | |
1252 | ||
7d442a33 BM |
1253 | static int cmp_vma_size(const void *vma_meta_lhs_ptr, const void *vma_meta_rhs_ptr) |
1254 | { | |
1255 | const struct core_vma_metadata *vma_meta_lhs = vma_meta_lhs_ptr; | |
1256 | const struct core_vma_metadata *vma_meta_rhs = vma_meta_rhs_ptr; | |
1257 | ||
1258 | if (vma_meta_lhs->dump_size < vma_meta_rhs->dump_size) | |
1259 | return -1; | |
1260 | if (vma_meta_lhs->dump_size > vma_meta_rhs->dump_size) | |
1261 | return 1; | |
1262 | return 0; | |
1263 | } | |
1264 | ||
a07279c9 JH |
1265 | /* |
1266 | * Under the mmap_lock, take a snapshot of relevant information about the task's | |
1267 | * VMAs. | |
1268 | */ | |
95c5436a | 1269 | static bool dump_vma_snapshot(struct coredump_params *cprm) |
a07279c9 | 1270 | { |
182ea1d7 | 1271 | struct vm_area_struct *gate_vma, *vma = NULL; |
a07279c9 | 1272 | struct mm_struct *mm = current->mm; |
e552cdb8 | 1273 | VMA_ITERATOR(vmi, mm, 0); |
182ea1d7 | 1274 | int i = 0; |
a07279c9 JH |
1275 | |
1276 | /* | |
1277 | * Once the stack expansion code is fixed to not change VMA bounds | |
1278 | * under mmap_lock in read mode, this can be changed to take the | |
1279 | * mmap_lock in read mode. | |
1280 | */ | |
1281 | if (mmap_write_lock_killable(mm)) | |
95c5436a | 1282 | return false; |
a07279c9 | 1283 | |
95c5436a | 1284 | cprm->vma_data_size = 0; |
a07279c9 | 1285 | gate_vma = get_gate_vma(mm); |
95c5436a | 1286 | cprm->vma_count = mm->map_count + (gate_vma ? 1 : 0); |
a07279c9 | 1287 | |
95c5436a EB |
1288 | cprm->vma_meta = kvmalloc_array(cprm->vma_count, sizeof(*cprm->vma_meta), GFP_KERNEL); |
1289 | if (!cprm->vma_meta) { | |
a07279c9 | 1290 | mmap_write_unlock(mm); |
95c5436a | 1291 | return false; |
a07279c9 JH |
1292 | } |
1293 | ||
e552cdb8 | 1294 | while ((vma = coredump_next_vma(&vmi, vma, gate_vma)) != NULL) { |
95c5436a | 1295 | struct core_vma_metadata *m = cprm->vma_meta + i; |
a07279c9 JH |
1296 | |
1297 | m->start = vma->vm_start; | |
1298 | m->end = vma->vm_end; | |
1299 | m->flags = vma->vm_flags; | |
1300 | m->dump_size = vma_dump_size(vma, cprm->mm_flags); | |
390031c9 | 1301 | m->pgoff = vma->vm_pgoff; |
390031c9 EB |
1302 | m->file = vma->vm_file; |
1303 | if (m->file) | |
1304 | get_file(m->file); | |
182ea1d7 | 1305 | i++; |
a07279c9 JH |
1306 | } |
1307 | ||
1308 | mmap_write_unlock(mm); | |
1309 | ||
95c5436a EB |
1310 | for (i = 0; i < cprm->vma_count; i++) { |
1311 | struct core_vma_metadata *m = cprm->vma_meta + i; | |
84158b7f JH |
1312 | |
1313 | if (m->dump_size == DUMP_SIZE_MAYBE_ELFHDR_PLACEHOLDER) { | |
1314 | char elfmag[SELFMAG]; | |
1315 | ||
1316 | if (copy_from_user(elfmag, (void __user *)m->start, SELFMAG) || | |
1317 | memcmp(elfmag, ELFMAG, SELFMAG) != 0) { | |
1318 | m->dump_size = 0; | |
1319 | } else { | |
1320 | m->dump_size = PAGE_SIZE; | |
1321 | } | |
1322 | } | |
1323 | ||
95c5436a | 1324 | cprm->vma_data_size += m->dump_size; |
84158b7f JH |
1325 | } |
1326 | ||
7d442a33 BM |
1327 | sort(cprm->vma_meta, cprm->vma_count, sizeof(*cprm->vma_meta), |
1328 | cmp_vma_size, NULL); | |
1329 | ||
95c5436a | 1330 | return true; |
a07279c9 | 1331 | } |