diff options
| author | Alex Kelly <alex.page.kelly@gmail.com> | 2012-10-04 20:15:23 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2012-10-05 14:05:15 -0400 |
| commit | 046d662f481830e652ac34cd112249adde16452a (patch) | |
| tree | ad13e968b4b02f9e2c35ce45f358477474df80d7 | |
| parent | db9aeca97a58563e1ab927d157c9b5048f233e73 (diff) | |
coredump: make core dump functionality optional
Adds an expert Kconfig option, CONFIG_COREDUMP, which allows disabling of
core dump. This saves approximately 2.6k in the compiled kernel, and
complements CONFIG_ELF_CORE, which now depends on it.
CONFIG_COREDUMP also disables coredump-related sysctls, except for
suid_dumpable and related functions, which are necessary for ptrace.
[akpm@linux-foundation.org: fix binfmt_aout.c build]
Signed-off-by: Alex Kelly <alex.page.kelly@gmail.com>
Reviewed-by: Josh Triplett <josh@joshtriplett.org>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: Randy Dunlap <rdunlap@xenotime.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
| -rw-r--r-- | fs/Kconfig.binfmt | 8 | ||||
| -rw-r--r-- | fs/Makefile | 3 | ||||
| -rw-r--r-- | fs/binfmt_aout.c | 52 | ||||
| -rw-r--r-- | include/linux/binfmts.h | 4 | ||||
| -rw-r--r-- | init/Kconfig | 1 | ||||
| -rw-r--r-- | kernel/sysctl.c | 12 |
6 files changed, 53 insertions, 27 deletions
diff --git a/fs/Kconfig.binfmt b/fs/Kconfig.binfmt index 022574202749..0efd1524b977 100644 --- a/fs/Kconfig.binfmt +++ b/fs/Kconfig.binfmt | |||
| @@ -164,3 +164,11 @@ config BINFMT_MISC | |||
| 164 | You may say M here for module support and later load the module when | 164 | You may say M here for module support and later load the module when |
| 165 | you have use for it; the module is called binfmt_misc. If you | 165 | you have use for it; the module is called binfmt_misc. If you |
| 166 | don't know what to answer at this point, say Y. | 166 | don't know what to answer at this point, say Y. |
| 167 | |||
| 168 | config COREDUMP | ||
| 169 | bool "Enable core dump support" if EXPERT | ||
| 170 | default y | ||
| 171 | help | ||
| 172 | This option enables support for performing core dumps. You almost | ||
| 173 | certainly want to say Y here. Not necessary on systems that never | ||
| 174 | need debugging or only ever run flawless code. | ||
diff --git a/fs/Makefile b/fs/Makefile index 8938f8250320..1d7af79288a0 100644 --- a/fs/Makefile +++ b/fs/Makefile | |||
| @@ -11,7 +11,7 @@ obj-y := open.o read_write.o file_table.o super.o \ | |||
| 11 | attr.o bad_inode.o file.o filesystems.o namespace.o \ | 11 | attr.o bad_inode.o file.o filesystems.o namespace.o \ |
| 12 | seq_file.o xattr.o libfs.o fs-writeback.o \ | 12 | seq_file.o xattr.o libfs.o fs-writeback.o \ |
| 13 | pnode.o drop_caches.o splice.o sync.o utimes.o \ | 13 | pnode.o drop_caches.o splice.o sync.o utimes.o \ |
| 14 | stack.o fs_struct.o statfs.o coredump.o | 14 | stack.o fs_struct.o statfs.o |
| 15 | 15 | ||
| 16 | ifeq ($(CONFIG_BLOCK),y) | 16 | ifeq ($(CONFIG_BLOCK),y) |
| 17 | obj-y += buffer.o bio.o block_dev.o direct-io.o mpage.o ioprio.o | 17 | obj-y += buffer.o bio.o block_dev.o direct-io.o mpage.o ioprio.o |
| @@ -48,6 +48,7 @@ obj-$(CONFIG_FS_MBCACHE) += mbcache.o | |||
| 48 | obj-$(CONFIG_FS_POSIX_ACL) += posix_acl.o xattr_acl.o | 48 | obj-$(CONFIG_FS_POSIX_ACL) += posix_acl.o xattr_acl.o |
| 49 | obj-$(CONFIG_NFS_COMMON) += nfs_common/ | 49 | obj-$(CONFIG_NFS_COMMON) += nfs_common/ |
| 50 | obj-$(CONFIG_GENERIC_ACL) += generic_acl.o | 50 | obj-$(CONFIG_GENERIC_ACL) += generic_acl.o |
| 51 | obj-$(CONFIG_COREDUMP) += coredump.o | ||
| 51 | 52 | ||
| 52 | obj-$(CONFIG_FHANDLE) += fhandle.o | 53 | obj-$(CONFIG_FHANDLE) += fhandle.o |
| 53 | 54 | ||
diff --git a/fs/binfmt_aout.c b/fs/binfmt_aout.c index d146e181d10d..4b5b5117f00a 100644 --- a/fs/binfmt_aout.c +++ b/fs/binfmt_aout.c | |||
| @@ -32,31 +32,8 @@ | |||
| 32 | 32 | ||
| 33 | static int load_aout_binary(struct linux_binprm *, struct pt_regs * regs); | 33 | static int load_aout_binary(struct linux_binprm *, struct pt_regs * regs); |
| 34 | static int load_aout_library(struct file*); | 34 | static int load_aout_library(struct file*); |
| 35 | static int aout_core_dump(struct coredump_params *cprm); | ||
| 36 | |||
| 37 | static struct linux_binfmt aout_format = { | ||
| 38 | .module = THIS_MODULE, | ||
| 39 | .load_binary = load_aout_binary, | ||
| 40 | .load_shlib = load_aout_library, | ||
| 41 | .core_dump = aout_core_dump, | ||
| 42 | .min_coredump = PAGE_SIZE | ||
| 43 | }; | ||
| 44 | |||
| 45 | #define BAD_ADDR(x) ((unsigned long)(x) >= TASK_SIZE) | ||
| 46 | |||
| 47 | static int set_brk(unsigned long start, unsigned long end) | ||
| 48 | { | ||
| 49 | start = PAGE_ALIGN(start); | ||
| 50 | end = PAGE_ALIGN(end); | ||
| 51 | if (end > start) { | ||
| 52 | unsigned long addr; | ||
| 53 | addr = vm_brk(start, end - start); | ||
| 54 | if (BAD_ADDR(addr)) | ||
| 55 | return addr; | ||
| 56 | } | ||
| 57 | return 0; | ||
| 58 | } | ||
| 59 | 35 | ||
| 36 | #ifdef CONFIG_COREDUMP | ||
| 60 | /* | 37 | /* |
| 61 | * Routine writes a core dump image in the current directory. | 38 | * Routine writes a core dump image in the current directory. |
| 62 | * Currently only a stub-function. | 39 | * Currently only a stub-function. |
| @@ -66,7 +43,6 @@ static int set_brk(unsigned long start, unsigned long end) | |||
| 66 | * field, which also makes sure the core-dumps won't be recursive if the | 43 | * field, which also makes sure the core-dumps won't be recursive if the |
| 67 | * dumping of the process results in another error.. | 44 | * dumping of the process results in another error.. |
| 68 | */ | 45 | */ |
| 69 | |||
| 70 | static int aout_core_dump(struct coredump_params *cprm) | 46 | static int aout_core_dump(struct coredump_params *cprm) |
| 71 | { | 47 | { |
| 72 | struct file *file = cprm->file; | 48 | struct file *file = cprm->file; |
| @@ -135,6 +111,32 @@ end_coredump: | |||
| 135 | set_fs(fs); | 111 | set_fs(fs); |
| 136 | return has_dumped; | 112 | return has_dumped; |
| 137 | } | 113 | } |
| 114 | #else | ||
| 115 | #define aout_core_dump NULL | ||
| 116 | #endif | ||
| 117 | |||
| 118 | static struct linux_binfmt aout_format = { | ||
| 119 | .module = THIS_MODULE, | ||
| 120 | .load_binary = load_aout_binary, | ||
| 121 | .load_shlib = load_aout_library, | ||
| 122 | .core_dump = aout_core_dump, | ||
| 123 | .min_coredump = PAGE_SIZE | ||
| 124 | }; | ||
| 125 | |||
| 126 | #define BAD_ADDR(x) ((unsigned long)(x) >= TASK_SIZE) | ||
| 127 | |||
| 128 | static int set_brk(unsigned long start, unsigned long end) | ||
| 129 | { | ||
| 130 | start = PAGE_ALIGN(start); | ||
| 131 | end = PAGE_ALIGN(end); | ||
| 132 | if (end > start) { | ||
| 133 | unsigned long addr; | ||
| 134 | addr = vm_brk(start, end - start); | ||
| 135 | if (BAD_ADDR(addr)) | ||
| 136 | return addr; | ||
| 137 | } | ||
| 138 | return 0; | ||
| 139 | } | ||
| 138 | 140 | ||
| 139 | /* | 141 | /* |
| 140 | * create_aout_tables() parses the env- and arg-strings in new user | 142 | * create_aout_tables() parses the env- and arg-strings in new user |
diff --git a/include/linux/binfmts.h b/include/linux/binfmts.h index 366422bc1633..00e2e8908953 100644 --- a/include/linux/binfmts.h +++ b/include/linux/binfmts.h | |||
| @@ -132,7 +132,11 @@ extern int copy_strings_kernel(int argc, const char *const *argv, | |||
| 132 | struct linux_binprm *bprm); | 132 | struct linux_binprm *bprm); |
| 133 | extern int prepare_bprm_creds(struct linux_binprm *bprm); | 133 | extern int prepare_bprm_creds(struct linux_binprm *bprm); |
| 134 | extern void install_exec_creds(struct linux_binprm *bprm); | 134 | extern void install_exec_creds(struct linux_binprm *bprm); |
| 135 | #ifdef CONFIG_COREDUMP | ||
| 135 | extern void do_coredump(long signr, int exit_code, struct pt_regs *regs); | 136 | extern void do_coredump(long signr, int exit_code, struct pt_regs *regs); |
| 137 | #else | ||
| 138 | static inline void do_coredump(long signr, int exit_code, struct pt_regs *regs) {} | ||
| 139 | #endif | ||
| 136 | extern void set_binfmt(struct linux_binfmt *new); | 140 | extern void set_binfmt(struct linux_binfmt *new); |
| 137 | extern void free_bprm(struct linux_binprm *); | 141 | extern void free_bprm(struct linux_binprm *); |
| 138 | 142 | ||
diff --git a/init/Kconfig b/init/Kconfig index e82f289290fa..ed6334dd5e71 100644 --- a/init/Kconfig +++ b/init/Kconfig | |||
| @@ -1199,6 +1199,7 @@ config BUG | |||
| 1199 | Just say Y. | 1199 | Just say Y. |
| 1200 | 1200 | ||
| 1201 | config ELF_CORE | 1201 | config ELF_CORE |
| 1202 | depends on COREDUMP | ||
| 1202 | default y | 1203 | default y |
| 1203 | bool "Enable ELF core dumps" if EXPERT | 1204 | bool "Enable ELF core dumps" if EXPERT |
| 1204 | help | 1205 | help |
diff --git a/kernel/sysctl.c b/kernel/sysctl.c index 84c76a34e41c..c2a2f8084bad 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c | |||
| @@ -97,10 +97,12 @@ | |||
| 97 | extern int sysctl_overcommit_memory; | 97 | extern int sysctl_overcommit_memory; |
| 98 | extern int sysctl_overcommit_ratio; | 98 | extern int sysctl_overcommit_ratio; |
| 99 | extern int max_threads; | 99 | extern int max_threads; |
| 100 | extern int core_uses_pid; | ||
| 101 | extern int suid_dumpable; | 100 | extern int suid_dumpable; |
| 101 | #ifdef CONFIG_COREDUMP | ||
| 102 | extern int core_uses_pid; | ||
| 102 | extern char core_pattern[]; | 103 | extern char core_pattern[]; |
| 103 | extern unsigned int core_pipe_limit; | 104 | extern unsigned int core_pipe_limit; |
| 105 | #endif | ||
| 104 | extern int pid_max; | 106 | extern int pid_max; |
| 105 | extern int min_free_kbytes; | 107 | extern int min_free_kbytes; |
| 106 | extern int pid_max_min, pid_max_max; | 108 | extern int pid_max_min, pid_max_max; |
| @@ -177,8 +179,10 @@ static int proc_dointvec_minmax_sysadmin(struct ctl_table *table, int write, | |||
| 177 | 179 | ||
| 178 | static int proc_dointvec_minmax_coredump(struct ctl_table *table, int write, | 180 | static int proc_dointvec_minmax_coredump(struct ctl_table *table, int write, |
| 179 | void __user *buffer, size_t *lenp, loff_t *ppos); | 181 | void __user *buffer, size_t *lenp, loff_t *ppos); |
| 182 | #ifdef CONFIG_COREDUMP | ||
| 180 | static int proc_dostring_coredump(struct ctl_table *table, int write, | 183 | static int proc_dostring_coredump(struct ctl_table *table, int write, |
| 181 | void __user *buffer, size_t *lenp, loff_t *ppos); | 184 | void __user *buffer, size_t *lenp, loff_t *ppos); |
| 185 | #endif | ||
| 182 | 186 | ||
| 183 | #ifdef CONFIG_MAGIC_SYSRQ | 187 | #ifdef CONFIG_MAGIC_SYSRQ |
| 184 | /* Note: sysrq code uses it's own private copy */ | 188 | /* Note: sysrq code uses it's own private copy */ |
| @@ -404,6 +408,7 @@ static struct ctl_table kern_table[] = { | |||
| 404 | .mode = 0644, | 408 | .mode = 0644, |
| 405 | .proc_handler = proc_dointvec, | 409 | .proc_handler = proc_dointvec, |
| 406 | }, | 410 | }, |
| 411 | #ifdef CONFIG_COREDUMP | ||
| 407 | { | 412 | { |
| 408 | .procname = "core_uses_pid", | 413 | .procname = "core_uses_pid", |
| 409 | .data = &core_uses_pid, | 414 | .data = &core_uses_pid, |
| @@ -425,6 +430,7 @@ static struct ctl_table kern_table[] = { | |||
| 425 | .mode = 0644, | 430 | .mode = 0644, |
| 426 | .proc_handler = proc_dointvec, | 431 | .proc_handler = proc_dointvec, |
| 427 | }, | 432 | }, |
| 433 | #endif | ||
| 428 | #ifdef CONFIG_PROC_SYSCTL | 434 | #ifdef CONFIG_PROC_SYSCTL |
| 429 | { | 435 | { |
| 430 | .procname = "tainted", | 436 | .procname = "tainted", |
| @@ -2036,12 +2042,14 @@ int proc_dointvec_minmax(struct ctl_table *table, int write, | |||
| 2036 | 2042 | ||
| 2037 | static void validate_coredump_safety(void) | 2043 | static void validate_coredump_safety(void) |
| 2038 | { | 2044 | { |
| 2045 | #ifdef CONFIG_COREDUMP | ||
| 2039 | if (suid_dumpable == SUID_DUMPABLE_SAFE && | 2046 | if (suid_dumpable == SUID_DUMPABLE_SAFE && |
| 2040 | core_pattern[0] != '/' && core_pattern[0] != '|') { | 2047 | core_pattern[0] != '/' && core_pattern[0] != '|') { |
| 2041 | printk(KERN_WARNING "Unsafe core_pattern used with "\ | 2048 | printk(KERN_WARNING "Unsafe core_pattern used with "\ |
| 2042 | "suid_dumpable=2. Pipe handler or fully qualified "\ | 2049 | "suid_dumpable=2. Pipe handler or fully qualified "\ |
| 2043 | "core dump path required.\n"); | 2050 | "core dump path required.\n"); |
| 2044 | } | 2051 | } |
| 2052 | #endif | ||
| 2045 | } | 2053 | } |
| 2046 | 2054 | ||
| 2047 | static int proc_dointvec_minmax_coredump(struct ctl_table *table, int write, | 2055 | static int proc_dointvec_minmax_coredump(struct ctl_table *table, int write, |
| @@ -2053,6 +2061,7 @@ static int proc_dointvec_minmax_coredump(struct ctl_table *table, int write, | |||
| 2053 | return error; | 2061 | return error; |
| 2054 | } | 2062 | } |
| 2055 | 2063 | ||
| 2064 | #ifdef CONFIG_COREDUMP | ||
| 2056 | static int proc_dostring_coredump(struct ctl_table *table, int write, | 2065 | static int proc_dostring_coredump(struct ctl_table *table, int write, |
| 2057 | void __user *buffer, size_t *lenp, loff_t *ppos) | 2066 | void __user *buffer, size_t *lenp, loff_t *ppos) |
| 2058 | { | 2067 | { |
| @@ -2061,6 +2070,7 @@ static int proc_dostring_coredump(struct ctl_table *table, int write, | |||
| 2061 | validate_coredump_safety(); | 2070 | validate_coredump_safety(); |
| 2062 | return error; | 2071 | return error; |
| 2063 | } | 2072 | } |
| 2073 | #endif | ||
| 2064 | 2074 | ||
| 2065 | static int __do_proc_doulongvec_minmax(void *data, struct ctl_table *table, int write, | 2075 | static int __do_proc_doulongvec_minmax(void *data, struct ctl_table *table, int write, |
| 2066 | void __user *buffer, | 2076 | void __user *buffer, |