1 files changed, 48 insertions, 3 deletions

diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
index 7cb28720f90e..669dbe5b0317 100644
--- a/fs/binfmt_elf.c
+++ b/fs/binfmt_elf.c
@@ -682,6 +682,15 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
                         retval = PTR_ERR(interpreter);
                         if (IS_ERR(interpreter))
                                 goto out_free_interp;
+
+                        /*
+                         * If the binary is not readable then enforce
+                         * mm->dumpable = 0 regardless of the interpreter's
+                         * permissions.
+                         */
+                        if (file_permission(interpreter, MAY_READ) < 0)
+                                bprm->interp_flags |= BINPRM_FLAGS_ENFORCE_NONDUMP;
+
                         retval = kernel_read(interpreter, 0, bprm->buf,
                                              BINPRM_BUF_SIZE);
                         if (retval != BINPRM_BUF_SIZE) {
@@ -1178,6 +1187,10 @@ static int dump_seek(struct file *file, loff_t off)
  */
 static int maydump(struct vm_area_struct *vma)
 {
+        /* The vma can be set up to tell us the answer directly.  */
+        if (vma->vm_flags & VM_ALWAYSDUMP)
+                return 1;
+
         /* Do not dump I/O mapped devices or special mappings */
         if (vma->vm_flags & (VM_IO | VM_RESERVED))
                 return 0;
@@ -1424,6 +1437,32 @@ static int elf_dump_thread_status(long signr, struct elf_thread_status *t)
         return sz;
 }
 
+static struct vm_area_struct *first_vma(struct task_struct *tsk,
+                                        struct vm_area_struct *gate_vma)
+{
+        struct vm_area_struct *ret = tsk->mm->mmap;
+
+        if (ret)
+                return ret;
+        return gate_vma;
+}
+/*
+ * Helper function for iterating across a vma list.  It ensures that the caller
+ * will visit `gate_vma' prior to terminating the search.
+ */
+static struct vm_area_struct *next_vma(struct vm_area_struct *this_vma,
+                                        struct vm_area_struct *gate_vma)
+{
+        struct vm_area_struct *ret;
+
+        ret = this_vma->vm_next;
+        if (ret)
+                return ret;
+        if (this_vma == gate_vma)
+                return NULL;
+        return gate_vma;
+}
+
 /*
  * Actual dumper
  *
@@ -1439,7 +1478,7 @@ static int elf_core_dump(long signr, struct pt_regs *regs, struct file *file)
         int segs;
         size_t size = 0;
         int i;
-        struct vm_area_struct *vma;
+        struct vm_area_struct *vma, *gate_vma;
         struct elfhdr *elf = NULL;
         loff_t offset = 0, dataoff, foffset;
         unsigned long limit = current->signal->rlim[RLIMIT_CORE].rlim_cur;
@@ -1525,6 +1564,10 @@ static int elf_core_dump(long signr, struct pt_regs *regs, struct file *file)
         segs += ELF_CORE_EXTRA_PHDRS;
 #endif
 
+        gate_vma = get_gate_vma(current);
+        if (gate_vma != NULL)
+                segs++;
+
         /* Set up header */
         fill_elf_header(elf, segs + 1); /* including notes section */
 
@@ -1592,7 +1635,8 @@ static int elf_core_dump(long signr, struct pt_regs *regs, struct file *file)
         dataoff = offset = roundup(offset, ELF_EXEC_PAGESIZE);
 
         /* Write program headers for segments dump */
-        for (vma = current->mm->mmap; vma != NULL; vma = vma->vm_next) {
+        for (vma = first_vma(current, gate_vma); vma != NULL;
+                        vma = next_vma(vma, gate_vma)) {
                 struct elf_phdr phdr;
                 size_t sz;
 
@@ -1641,7 +1685,8 @@ static int elf_core_dump(long signr, struct pt_regs *regs, struct file *file)
         /* Align to page */
         DUMP_SEEK(dataoff - foffset);
 
-        for (vma = current->mm->mmap; vma != NULL; vma = vma->vm_next) {
+        for (vma = first_vma(current, gate_vma); vma != NULL;
+                        vma = next_vma(vma, gate_vma)) {
                 unsigned long addr;
 
                 if (!maydump(vma))