Commit f0bc21b2 authored by Xiaoming Ni's avatar Xiaoming Ni Committed by Linus Torvalds

fs/coredump: move coredump sysctls into its own file

This moves the fs/coredump.c respective sysctls to its own file.

Link: https://lkml.kernel.org/r/20211129211943.640266-6-mcgrof@kernel.orgSigned-off-by: default avatarXiaoming Ni <nixiaoming@huawei.com>
Signed-off-by: default avatarLuis Chamberlain <mcgrof@kernel.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Anil S Keshavamurthy <anil.s.keshavamurthy@intel.com>
Cc: Antti Palosaari <crope@iki.fi>
Cc: Christian Brauner <christian.brauner@ubuntu.com>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Eric Biederman <ebiederm@xmission.com>
Cc: Eric Biggers <ebiggers@google.com>
Cc: Iurii Zaikin <yzaikin@google.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: Lukas Middendorf <kernel@tuxforce.de>
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: "Naveen N. Rao" <naveen.n.rao@linux.ibm.com>
Cc: Stephen Kitt <steve@sk2.org>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent fdcd4073
...@@ -41,6 +41,7 @@ ...@@ -41,6 +41,7 @@
#include <linux/fs.h> #include <linux/fs.h>
#include <linux/path.h> #include <linux/path.h>
#include <linux/timekeeping.h> #include <linux/timekeeping.h>
#include <linux/sysctl.h>
#include <linux/uaccess.h> #include <linux/uaccess.h>
#include <asm/mmu_context.h> #include <asm/mmu_context.h>
...@@ -52,9 +53,9 @@ ...@@ -52,9 +53,9 @@
#include <trace/events/sched.h> #include <trace/events/sched.h>
int core_uses_pid; static int core_uses_pid;
unsigned int core_pipe_limit; static unsigned int core_pipe_limit;
char core_pattern[CORENAME_MAX_SIZE] = "core"; static char core_pattern[CORENAME_MAX_SIZE] = "core";
static int core_name_size = CORENAME_MAX_SIZE; static int core_name_size = CORENAME_MAX_SIZE;
struct core_name { struct core_name {
...@@ -62,8 +63,6 @@ struct core_name { ...@@ -62,8 +63,6 @@ struct core_name {
int used, size; int used, size;
}; };
/* The maximal length of core_pattern is also specified in sysctl.c */
static int expand_corename(struct core_name *cn, int size) static int expand_corename(struct core_name *cn, int size)
{ {
char *corename = krealloc(cn->corename, size, GFP_KERNEL); char *corename = krealloc(cn->corename, size, GFP_KERNEL);
...@@ -893,6 +892,63 @@ int dump_align(struct coredump_params *cprm, int align) ...@@ -893,6 +892,63 @@ int dump_align(struct coredump_params *cprm, int align)
} }
EXPORT_SYMBOL(dump_align); EXPORT_SYMBOL(dump_align);
#ifdef CONFIG_SYSCTL
void validate_coredump_safety(void)
{
if (suid_dumpable == SUID_DUMP_ROOT &&
core_pattern[0] != '/' && core_pattern[0] != '|') {
pr_warn(
"Unsafe core_pattern used with fs.suid_dumpable=2.\n"
"Pipe handler or fully qualified core dump path required.\n"
"Set kernel.core_pattern before fs.suid_dumpable.\n"
);
}
}
static int proc_dostring_coredump(struct ctl_table *table, int write,
void *buffer, size_t *lenp, loff_t *ppos)
{
int error = proc_dostring(table, write, buffer, lenp, ppos);
if (!error)
validate_coredump_safety();
return error;
}
static struct ctl_table coredump_sysctls[] = {
{
.procname = "core_uses_pid",
.data = &core_uses_pid,
.maxlen = sizeof(int),
.mode = 0644,
.proc_handler = proc_dointvec,
},
{
.procname = "core_pattern",
.data = core_pattern,
.maxlen = CORENAME_MAX_SIZE,
.mode = 0644,
.proc_handler = proc_dostring_coredump,
},
{
.procname = "core_pipe_limit",
.data = &core_pipe_limit,
.maxlen = sizeof(unsigned int),
.mode = 0644,
.proc_handler = proc_dointvec,
},
{ }
};
static int __init init_fs_coredump_sysctls(void)
{
register_sysctl_init("kernel", coredump_sysctls);
return 0;
}
fs_initcall(init_fs_coredump_sysctls);
#endif /* CONFIG_SYSCTL */
/* /*
* The purpose of always_dump_vma() is to make sure that special kernel mappings * The purpose of always_dump_vma() is to make sure that special kernel mappings
* that are useful for post-mortem analysis are included in every core dump. * that are useful for post-mortem analysis are included in every core dump.
......
...@@ -2103,20 +2103,6 @@ COMPAT_SYSCALL_DEFINE5(execveat, int, fd, ...@@ -2103,20 +2103,6 @@ COMPAT_SYSCALL_DEFINE5(execveat, int, fd,
#ifdef CONFIG_SYSCTL #ifdef CONFIG_SYSCTL
static void validate_coredump_safety(void)
{
#ifdef CONFIG_COREDUMP
if (suid_dumpable == SUID_DUMP_ROOT &&
core_pattern[0] != '/' && core_pattern[0] != '|') {
pr_warn(
"Unsafe core_pattern used with fs.suid_dumpable=2.\n"
"Pipe handler or fully qualified core dump path required.\n"
"Set kernel.core_pattern before fs.suid_dumpable.\n"
);
}
#endif
}
static int proc_dointvec_minmax_coredump(struct ctl_table *table, int write, static int proc_dointvec_minmax_coredump(struct ctl_table *table, int write,
void *buffer, size_t *lenp, loff_t *ppos) void *buffer, size_t *lenp, loff_t *ppos)
{ {
...@@ -2140,50 +2126,9 @@ static struct ctl_table fs_exec_sysctls[] = { ...@@ -2140,50 +2126,9 @@ static struct ctl_table fs_exec_sysctls[] = {
{ } { }
}; };
#ifdef CONFIG_COREDUMP
static int proc_dostring_coredump(struct ctl_table *table, int write,
void *buffer, size_t *lenp, loff_t *ppos)
{
int error = proc_dostring(table, write, buffer, lenp, ppos);
if (!error)
validate_coredump_safety();
return error;
}
static struct ctl_table kernel_exec_sysctls[] = {
{
.procname = "core_uses_pid",
.data = &core_uses_pid,
.maxlen = sizeof(int),
.mode = 0644,
.proc_handler = proc_dointvec,
},
{
.procname = "core_pattern",
.data = core_pattern,
.maxlen = CORENAME_MAX_SIZE,
.mode = 0644,
.proc_handler = proc_dostring_coredump,
},
{
.procname = "core_pipe_limit",
.data = &core_pipe_limit,
.maxlen = sizeof(unsigned int),
.mode = 0644,
.proc_handler = proc_dointvec,
},
{ }
};
#endif
static int __init init_fs_exec_sysctls(void) static int __init init_fs_exec_sysctls(void)
{ {
register_sysctl_init("fs", fs_exec_sysctls); register_sysctl_init("fs", fs_exec_sysctls);
#ifdef CONFIG_COREDUMP
register_sysctl_init("kernel", kernel_exec_sysctls);
#endif
return 0; return 0;
} }
......
...@@ -14,10 +14,6 @@ struct core_vma_metadata { ...@@ -14,10 +14,6 @@ struct core_vma_metadata {
unsigned long dump_size; unsigned long dump_size;
}; };
extern int core_uses_pid;
extern char core_pattern[];
extern unsigned int core_pipe_limit;
/* /*
* These are the only things you should do on a core-file: use only these * These are the only things you should do on a core-file: use only these
* functions to write out all the necessary info. * functions to write out all the necessary info.
...@@ -37,4 +33,10 @@ extern void do_coredump(const kernel_siginfo_t *siginfo); ...@@ -37,4 +33,10 @@ extern void do_coredump(const kernel_siginfo_t *siginfo);
static inline void do_coredump(const kernel_siginfo_t *siginfo) {} static inline void do_coredump(const kernel_siginfo_t *siginfo) {}
#endif #endif
#if defined(CONFIG_COREDUMP) && defined(CONFIG_SYSCTL)
extern void validate_coredump_safety(void);
#else
static inline void validate_coredump_safety(void) {}
#endif
#endif /* _LINUX_COREDUMP_H */ #endif /* _LINUX_COREDUMP_H */
...@@ -62,12 +62,10 @@ ...@@ -62,12 +62,10 @@
#include <linux/capability.h> #include <linux/capability.h>
#include <linux/binfmts.h> #include <linux/binfmts.h>
#include <linux/sched/sysctl.h> #include <linux/sched/sysctl.h>
#include <linux/sched/coredump.h>
#include <linux/kexec.h> #include <linux/kexec.h>
#include <linux/bpf.h> #include <linux/bpf.h>
#include <linux/mount.h> #include <linux/mount.h>
#include <linux/userfaultfd_k.h> #include <linux/userfaultfd_k.h>
#include <linux/coredump.h>
#include <linux/latencytop.h> #include <linux/latencytop.h>
#include <linux/pid.h> #include <linux/pid.h>
#include <linux/delayacct.h> #include <linux/delayacct.h>
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment