#include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "internal.h" #include "coredump.h" #include int core_uses_pid; char core_pattern[CORENAME_MAX_SIZE] = "core"; unsigned int core_pipe_limit; struct core_name { char *corename; int used, size; }; static atomic_t call_count = ATOMIC_INIT(1); /* The maximal length of core_pattern is also specified in sysctl.c */ static int expand_corename(struct core_name *cn) { char *old_corename = cn->corename; cn->size = CORENAME_MAX_SIZE * atomic_inc_return(&call_count); cn->corename = krealloc(old_corename, cn->size, GFP_KERNEL); if (!cn->corename) { kfree(old_corename); return -ENOMEM; } return 0; } static int cn_printf(struct core_name *cn, const char *fmt, ...) { char *cur; int need; int ret; va_list arg; va_start(arg, fmt); need = vsnprintf(NULL, 0, fmt, arg); va_end(arg); if (likely(need < cn->size - cn->used - 1)) goto out_printf; ret = expand_corename(cn); if (ret) goto expand_fail; out_printf: cur = cn->corename + cn->used; va_start(arg, fmt); vsnprintf(cur, need + 1, fmt, arg); va_end(arg); cn->used += need; return 0; expand_fail: return ret; } static void cn_escape(char *str) { for (; *str; str++) if (*str == '/') *str = '!'; } static int cn_print_exe_file(struct core_name *cn) { struct file *exe_file; char *pathbuf, *path; int ret; exe_file = get_mm_exe_file(current->mm); if (!exe_file) { char *commstart = cn->corename + cn->used; ret = cn_printf(cn, "%s (path unknown)", current->comm); cn_escape(commstart); return ret; } pathbuf = kmalloc(PATH_MAX, GFP_TEMPORARY); if (!pathbuf) { ret = -ENOMEM; goto put_exe_file; } path = d_path(&exe_file->f_path, pathbuf, PATH_MAX); if (IS_ERR(path)) { ret = PTR_ERR(path); goto free_buf; } cn_escape(path); ret = cn_printf(cn, "%s", path); free_buf: kfree(pathbuf); put_exe_file: fput(exe_file); return ret; } /* format_corename will inspect the pattern parameter, and output a * name into corename, which must have space for at least * CORENAME_MAX_SIZE bytes plus one byte for the zero terminator. */ static int format_corename(struct core_name *cn, struct coredump_params *cprm) { const struct cred *cred = current_cred(); const char *pat_ptr = core_pattern; int ispipe = (*pat_ptr == '|'); int pid_in_pattern = 0; int err = 0; cn->size = CORENAME_MAX_SIZE * atomic_read(&call_count); cn->corename = kmalloc(cn->size, GFP_KERNEL); cn->used = 0; if (!cn->corename) return -ENOMEM; /* Repeat as long as we have more pattern to process and more output space */ while (*pat_ptr) { if (*pat_ptr != '%') { if (*pat_ptr == 0) goto out; err = cn_printf(cn, "%c", *pat_ptr++); } else { switch (*++pat_ptr) { /* single % at the end, drop that */ case 0: goto out; /* Double percent, output one percent */ case '%': err = cn_printf(cn, "%c", '%'); break; /* pid */ case 'p': pid_in_pattern = 1; err = cn_printf(cn, "%d", task_tgid_vnr(current)); break; /* uid */ case 'u': err = cn_printf(cn, "%d", cred->uid); break; /* gid */ case 'g': err = cn_printf(cn, "%d", cred->gid); break; case 'd': err = cn_printf(cn, "%d", __get_dumpable(cprm->mm_flags)); break; /* signal that caused the coredump */ case 's': err = cn_printf(cn, "%ld", cprm->siginfo->si_signo); break; /* UNIX time of coredump */ case 't': { struct timeval tv; do_gettimeofday(&tv); err = cn_printf(cn, "%lu", tv.tv_sec); break; } /* hostname */ case 'h': { char *namestart = cn->corename + cn->used; down_read(&uts_sem); err = cn_printf(cn, "%s", utsname()->nodename); up_read(&uts_sem); cn_escape(namestart); break; } /* executable */ case 'e': { char *commstart = cn->corename + cn->used; err = cn_printf(cn, "%s", current->comm); cn_escape(commstart); break; } case 'E': err = cn_print_exe_file(cn); break; /* core limit size */ case 'c': err = cn_printf(cn, "%lu", rlimit(RLIMIT_CORE)); break; default: break; } ++pat_ptr; } if (err) return err; } /* Backward compatibility with core_uses_pid: * * If core_pattern does not include a %p (as is the default) * and core_uses_pid is set, then .%pid will be appended to * the filename. Do not do this for piped commands. */ if (!ispipe && !pid_in_pattern && core_uses_pid) { err = cn_printf(cn, ".%d", task_tgid_vnr(current)); if (err) return err; } out: return ispipe; } static int zap_process(struct task_struct *start, int exit_code) { struct task_struct *t; int nr = 0; start->signal->flags = SIGNAL_GROUP_EXIT; start->signal->group_exit_code = exit_code; start->signal->group_stop_count = 0; t = start; do { task_clear_jobctl_pending(t, JOBCTL_PENDING_MASK); if (t != current && t->mm) { sigaddset(&t->pending.signal, SIGKILL); signal_wake_up(t, 1); nr++; } } while_each_thread(start, t); return nr; } static inline int zap_threads(struct task_struct *tsk, struct mm_struct *mm, struct core_state *core_state, int exit_code) { struct task_struct *g, *p; unsigned long flags; int nr = -EAGAIN; spin_lock_irq(&tsk->sighand->siglock); if (!signal_group_exit(tsk->signal)) { mm->core_state = core_state; nr = zap_process(tsk, exit_code); } spin_unlock_irq(&tsk->sighand->siglock); if (unlikely(nr < 0)) return nr; if (atomic_read(&mm->mm_users) == nr + 1) goto done; /* * We should find and kill all tasks which use this mm, and we should * count them correctly into ->nr_threads. We don't take tasklist * lock, but this is safe wrt: * * fork: * None of sub-threads can fork after zap_process(leader). All * processes which were created before this point should be * visible to zap_threads() because copy_process() adds the new * process to the tail of init_task.tasks list, and lock/unlock * of ->siglock provides a memory barrier. * * do_exit: * The caller holds mm->mmap_sem. This means that the task which * uses this mm can't pass exit_mm(), so it can't exit or clear * its ->mm. * * de_thread: * It does list_replace_rcu(&leader->tasks, ¤t->tasks), * we must see either old or new leader, this does not matter. * However, it can change p->sighand, so lock_task_sighand(p) * must be used. Since p->mm != NULL and we hold ->mmap_sem * it can't fail. * * Note also that "g" can be the old leader with ->mm == NULL * and already unhashed and thus removed from ->thread_group. * This is OK, __unhash_process()->list_del_rcu() does not * clear the ->next pointer, we will find the new leader via * next_thread(). */ rcu_read_lock(); for_each_process(g) { if (g == tsk->group_leader) continue; if (g->flags & PF_KTHREAD) continue; p = g; do { if (p->mm) { if (unlikely(p->mm == mm)) { lock_task_sighand(p, &flags); nr += zap_process(p, exit_code); unlock_task_sighand(p, &flags); } break; } } while_each_thread(g, p); } rcu_read_unlock(); done: atomic_set(&core_state->nr_threads, nr); return nr; } static int coredump_wait(int exit_code, struct core_state *core_state) { struct task_struct *tsk = current; struct mm_struct *mm = tsk->mm; int core_waiters = -EBUSY; init_completion(&core_state->startup); core_state->dumper.task = tsk; core_state->dumper.next = NULL; down_write(&mm->mmap_sem); if (!mm->core_state) core_waiters = zap_threads(tsk, mm, core_state, exit_code); up_write(&mm->mmap_sem); if (core_waiters > 0) { struct core_thread *ptr; wait_for_completion(&core_state->startup); /* * Wait for all the threads to become inactive, so that * all the thread context (extended register state, like * fpu etc) gets copied to the memory. */ ptr = core_state->dumper.next; while (ptr != NULL) { wait_task_inactive(ptr->task, 0); ptr = ptr->next; } } return core_waiters; } static void coredump_finish(struct mm_struct *mm) { struct core_thread *curr, *next; struct task_struct *task; next = mm->core_state->dumper.next; while ((curr = next) != NULL) { next = curr->next; task = curr->task; /* * see exit_mm(), curr->task must not see * ->task == NULL before we read ->next. */ smp_mb(); curr->task = NULL; wake_up_process(task); } mm->core_state = NULL; } static void wait_for_dump_helpers(struct file *file) { struct pipe_inode_info *pipe; pipe = file->f_path.dentry->d_inode->i_pipe; pipe_lock(pipe); pipe->readers++; pipe->writers--; while ((pipe->readers > 1) && (!signal_pending(current))) { wake_up_interruptible_sync(&pipe->wait); kill_fasync(&pipe->fasync_readers, SIGIO, POLL_IN); pipe_wait(pipe); } pipe->readers--; pipe->writers++; pipe_unlock(pipe); } /* * umh_pipe_setup * helper function to customize the process used * to collect the core in userspace. Specifically * it sets up a pipe and installs it as fd 0 (stdin) * for the process. Returns 0 on success, or * PTR_ERR on failure. * Note that it also sets the core limit to 1. This * is a special value that we use to trap recursive * core dumps */ static int umh_pipe_setup(struct subprocess_info *info, struct cred *new) { struct file *files[2]; struct coredump_params *cp = (struct coredump_params *)info->data; int err = create_pipe_files(files, 0); if (err) return err; cp->file = files[1]; err = replace_fd(0, files[0], 0); fput(files[0]); /* and disallow core files too */ current->signal->rlim[RLIMIT_CORE] = (struct rlimit){1, 1}; return err; } void do_coredump(siginfo_t *siginfo) { struct core_state core_state; struct core_name cn; struct mm_struct *mm = current->mm; struct linux_binfmt * binfmt; const struct cred *old_cred; struct cred *cred; int retval = 0; int flag = 0; int ispipe; struct files_struct *displaced; bool need_nonrelative = false; static atomic_t core_dump_count = ATOMIC_INIT(0); struct coredump_params cprm = { .siginfo = siginfo, .regs = signal_pt_regs(), .limit = rlimit(RLIMIT_CORE), /* * We must use the same mm->flags while dumping core to avoid * inconsistency of bit flags, since this flag is not protected * by any locks. */ .mm_flags = mm->flags, }; audit_core_dumps(siginfo->si_signo); binfmt = mm->binfmt; if (!binfmt || !binfmt->core_dump) goto fail; if (!__get_dumpable(cprm.mm_flags)) goto fail; cred = prepare_creds(); if (!cred) goto fail; /* * We cannot trust fsuid as being the "true" uid of the process * nor do we know its entire history. We only know it was tainted * so we dump it as root in mode 2, and only into a controlled * environment (pipe handler or fully qualified path). */ if (__get_dumpable(cprm.mm_flags) == SUID_DUMPABLE_SAFE) { /* Setuid core dump mode */ flag = O_EXCL; /* Stop rewrite attacks */ cred->fsuid = GLOBAL_ROOT_UID; /* Dump root private */ need_nonrelative = true; } retval = coredump_wait(siginfo->si_signo, &core_state); if (retval < 0) goto fail_creds; old_cred = override_creds(cred); /* * Clear any false indication of pending signals that might * be seen by the filesystem code called to write the core file. */ clear_thread_flag(TIF_SIGPENDING); ispipe = format_corename(&cn, &cprm); if (ispipe) { int dump_count; char **helper_argv; if (ispipe < 0) { printk(KERN_WARNING "format_corename failed\n"); printk(KERN_WARNING "Aborting core\n"); goto fail_corename; } if (cprm.limit == 1) { /* Se/* * NXP (Philips) SCC+++(SCN+++) serial driver * * Copyright (C) 2012 Alexander Shiyan <shc_work@mail.ru> * * Based on sc26xx.c, by Thomas Bogendörfer (tsbogend@alpha.franken.de) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. */ #ifndef _PLATFORM_DATA_SERIAL_SCCNXP_H_ #define _PLATFORM_DATA_SERIAL_SCCNXP_H_ #define SCCNXP_MAX_UARTS 2 /* Output lines */ #define LINE_OP0 1 #define LINE_OP1 2 #define LINE_OP2 3 #define LINE_OP3 4 #define LINE_OP4 5 #define LINE_OP5 6 #define LINE_OP6 7 #define LINE_OP7 8 /* Input lines */ #define LINE_IP0 9 #define LINE_IP1 10 #define LINE_IP2 11 #define LINE_IP3 12 #define LINE_IP4 13 #define LINE_IP5 14 #define LINE_IP6 15 /* Signals */ #define DTR_OP 0 /* DTR */ #define RTS_OP 4 /* RTS */ #define DSR_IP 8 /* DSR */ #define CTS_IP 12 /* CTS */ #define DCD_IP 16 /* DCD */ #define RNG_IP 20 /* RNG */ #define DIR_OP 24 /* Special signal for control RS-485. * Goes high when transmit, * then goes low. */ /* Routing control signal 'sig' to line 'line' */ #define MCTRL_SIG(sig, line) ((line) << (sig)) /* * Example board initialization data: * * static struct resource sc2892_resources[] = { * DEFINE_RES_MEM(UART_PHYS_START, 0x10), * DEFINE_RES_IRQ(IRQ_EXT2), * }; * * static struct sccnxp_pdata sc2892_info = { * .mctrl_cfg[0] = MCTRL_SIG(DIR_OP, LINE_OP0), * .mctrl_cfg[1] = MCTRL_SIG(DIR_OP, LINE_OP1), * }; * * static struct platform_device sc2892 = { * .name = "sc2892", * .id = -1, * .resource = sc2892_resources, * .num_resources = ARRAY_SIZE(sc2892_resources), * .dev = { * .platform_data = &sc2892_info, * }, * }; */ /* SCCNXP pla