Skip to content
Snippets Groups Projects
Normal view Permalink
exec.c 48 KiB
Newer Older
Oleg Nesterov's avatar
coredump: factor out the not-ispipe file checks  
Oleg Nesterov committed
2001 2002 2003 2004 

		if (cprm.limit < binfmt->min_coredump)
			goto fail_unlock;
Xiaotian Feng's avatar
core_pattern: fix truncation by core_pattern handler with long parameters  
Xiaotian Feng committed
2005 
		cprm.file = filp_open(cn.corename,
Alexey Dobriyan's avatar
[PATCH] do_coredump() and not stopping rewrite attacks?  
Alexey Dobriyan committed
2006 2007 
				 O_CREAT | 2 | O_NOFOLLOW | O_LARGEFILE | flag,
				 0600);
Oleg Nesterov's avatar
coredump: factor out the not-ispipe file checks  
Oleg Nesterov committed
2008 2009 
		if (IS_ERR(cprm.file))
			goto fail_unlock;
Linus Torvalds's avatar
Linux-2.6.12-rc2
Linus Torvalds committed
2010
Oleg Nesterov's avatar
coredump: factor out the not-ispipe file checks  
Oleg Nesterov committed
2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 2021 2022 2023 2024 2025 2026 2027 2028 2029 2030 2031 2032 
		inode = cprm.file->f_path.dentry->d_inode;
		if (inode->i_nlink > 1)
			goto close_fail;
		if (d_unhashed(cprm.file->f_path.dentry))
			goto close_fail;
		/*
		 * AK: actually i see no reason to not allow this for named
		 * pipes etc, but keep the previous behaviour for now.
		 */
		if (!S_ISREG(inode->i_mode))
			goto close_fail;
		/*
		 * Dont allow local users get cute and trick others to coredump
		 * into their pre-created files.
		 */
		if (inode->i_uid != current_fsuid())
			goto close_fail;
		if (!cprm.file->f_op || !cprm.file->f_op->write)
			goto close_fail;
		if (do_truncate(cprm.file->f_path.dentry, 0, 0, cprm.file))
			goto close_fail;
	}
Linus Torvalds's avatar
Linux-2.6.12-rc2
Linus Torvalds committed
2033
Oleg Nesterov's avatar
coredump: factor out the not-ispipe file checks  
Oleg Nesterov committed
2034 
	retval = binfmt->core_dump(&cprm);
Linus Torvalds's avatar
Linux-2.6.12-rc2
Linus Torvalds committed
2035 2036 
	if (retval)
		current->signal->group_exit_code |= 0x80;
Oleg Nesterov's avatar
coredump: cleanup "ispipe" code  
Oleg Nesterov committed
2037
Neil Horman's avatar
exec: allow do_coredump() to wait for user space pipe readers to complete  
Neil Horman committed
2038 
	if (ispipe && core_pipe_limit)
Masami Hiramatsu's avatar
mm: introduce coredump parameter structure  
Masami Hiramatsu committed
2039 
		wait_for_dump_helpers(cprm.file);
Oleg Nesterov's avatar
coredump: cleanup "ispipe" code  
Oleg Nesterov committed
2040 2041 2042 
close_fail:
	if (cprm.file)
		filp_close(cprm.file, NULL);
Neil Horman's avatar
exec: let do_coredump() limit the number of concurrent dumps to pipes  
Neil Horman committed
2043 
fail_dropcount:
Oleg Nesterov's avatar
coredump: cleanup "ispipe" code  
Oleg Nesterov committed
2044 
	if (ispipe)
Neil Horman's avatar
exec: let do_coredump() limit the number of concurrent dumps to pipes  
Neil Horman committed
2045 
		atomic_dec(&core_dump_count);
Linus Torvalds's avatar
Linux-2.6.12-rc2
Linus Torvalds committed
2046 
fail_unlock:
Xiaotian Feng's avatar
core_pattern: fix truncation by core_pattern handler with long parameters  
Xiaotian Feng committed
2047 2048 
	kfree(cn.corename);
fail_corename:
Oleg Nesterov's avatar
coredump: factor out put_cred() calls  
Oleg Nesterov committed
2049 
	coredump_finish(mm);
David Howells's avatar
CRED: Inaugurate COW credentials  
David Howells committed
2050 
	revert_creds(old_cred);
Oleg Nesterov's avatar
coredump: factor out put_cred() calls  
Oleg Nesterov committed
2051 
fail_creds:
David Howells's avatar
CRED: Inaugurate COW credentials  
David Howells committed
2052 
	put_cred(cred);
Linus Torvalds's avatar
Linux-2.6.12-rc2
Linus Torvalds committed
2053 
fail:
WANG Cong's avatar
fs/exec.c: make do_coredump() void  
WANG Cong committed
2054 
	return;
Linus Torvalds's avatar
Linux-2.6.12-rc2
Linus Torvalds committed
2055 
}
Linus Torvalds's avatar
Un-inline the core-dump helper functions  
Linus Torvalds committed
2056 2057 2058 2059 2060 2061 2062 2063 2064 2065 

/*
 * Core dumping helper functions.  These are the only things you should
 * do on a core-file: use only these functions to write out all the
 * necessary info.
 */
int dump_write(struct file *file, const void *addr, int nr)
{
	return access_ok(VERIFY_READ, addr, nr) && file->f_op->write(file, addr, nr, &file->f_pos) == nr;
}
Linus Torvalds's avatar
Export dump_{write,seek} to binary loader modules  
Linus Torvalds committed
2066 
EXPORT_SYMBOL(dump_write);
Linus Torvalds's avatar
Un-inline the core-dump helper functions  
Linus Torvalds committed
2067 2068 2069 2070 2071 2072 2073 2074 2075 2076 2077 2078 2079 2080 2081 2082 2083 2084 2085 2086 2087 2088 2089 2090 2091 2092 2093 2094 

int dump_seek(struct file *file, loff_t off)
{
	int ret = 1;

	if (file->f_op->llseek && file->f_op->llseek != no_llseek) {
		if (file->f_op->llseek(file, off, SEEK_CUR) < 0)
			return 0;
	} else {
		char *buf = (char *)get_zeroed_page(GFP_KERNEL);

		if (!buf)
			return 0;
		while (off > 0) {
			unsigned long n = off;

			if (n > PAGE_SIZE)
				n = PAGE_SIZE;
			if (!dump_write(file, buf, n)) {
				ret = 0;
				break;
			}
			off -= n;
		}
		free_page((unsigned long)buf);
	}
	return ret;
}
Linus Torvalds's avatar
Export dump_{write,seek} to binary loader modules  
Linus Torvalds committed
2095 
EXPORT_SYMBOL(dump_seek);
Show full blame