| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250725-vfs-coredump-6c7c0c4edd03@brauner>
Date: Fri, 25 Jul 2025 13:27:16 +0200
From: Christian Brauner <brauner@...nel.org>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Christian Brauner <brauner@...nel.org>,
linux-fsdevel@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: [GIT PULL 02/14 for v6.17] vfs coredump
Hey Linus,
/* Summary */
This contains an extension to the coredump socket and a proper rework
of the coredump code.
- This extends the coredump socket to allow the coredump server to tell
the kernel how to process individual coredumps. This allows for
fine-grained coredump management. Userspace can decide to just let the
kernel write out the coredump, or generate the coredump itself, or
just reject it.
* COREDUMP_KERNEL
The kernel will write the coredump data to the socket.
* COREDUMP_USERSPACE
The kernel will not write coredump data but will indicate to the
parent that a coredump has been generated. This is used when
userspace generates its own coredumps.
* COREDUMP_REJECT
The kernel will skip generating a coredump for this task.
* COREDUMP_WAIT
The kernel will prevent the task from exiting until the coredump
server has shutdown the socket connection.
The flexible coredump socket can be enabled by using the "@@" prefix
instead of the single "@" prefix for the regular coredump socket:
@@/run/systemd/coredump.socket
- Cleanup the coredump code properly while we have to touch it anyway.
Split out each coredump mode in a separate helper so it's easy to
grasp what is going on and make the code easier to follow. The core
coredump function should now be very trivial to follow.
/* Testing */
gcc (Debian 14.2.0-19) 14.2.0
Debian clang version 19.1.7 (3)
No build failures or warnings were observed.
/* Conflicts */
Merge conflicts with mainline
=============================
This will have a merge conflict with mainline that can be resolved as follows:
diff --cc tools/testing/selftests/coredump/stackdump_test.c
index 68f8e479ac36,a4ac80bb1003..000000000000
--- a/tools/testing/selftests/coredump/stackdump_test.c
+++ b/tools/testing/selftests/coredump/stackdump_test.c
@@@ -418,59 -430,31 +430,35 @@@ TEST_F(coredump, socket_detect_userspac
close(ipc_sockets[1]);
fd_coredump = accept4(fd_server, NULL, NULL, SOCK_CLOEXEC);
- if (fd_coredump < 0) {
- fprintf(stderr, "Failed to accept coredump socket connection\n");
- close(fd_server);
- _exit(EXIT_FAILURE);
- }
+ if (fd_coredump < 0)
+ goto out;
- fd_peer_pidfd_len = sizeof(fd_peer_pidfd);
- ret = getsockopt(fd_coredump, SOL_SOCKET, SO_PEERPIDFD,
- &fd_peer_pidfd, &fd_peer_pidfd_len);
- if (ret < 0) {
- fprintf(stderr, "%m - Failed to retrieve peer pidfd for coredump socket connection\n");
- close(fd_coredump);
- close(fd_server);
- _exit(EXIT_FAILURE);
- }
+ fd_peer_pidfd = get_peer_pidfd(fd_coredump);
+ if (fd_peer_pidfd < 0)
+ goto out;
- memset(&info, 0, sizeof(info));
- info.mask = PIDFD_INFO_EXIT | PIDFD_INFO_COREDUMP;
- ret = ioctl(fd_peer_pidfd, PIDFD_GET_INFO, &info);
- if (ret < 0) {
- fprintf(stderr, "Failed to retrieve pidfd info from peer pidfd for coredump socket connection\n");
- close(fd_coredump);
- close(fd_server);
- close(fd_peer_pidfd);
- _exit(EXIT_FAILURE);
- }
+ if (!get_pidfd_info(fd_peer_pidfd, &info))
+ goto out;
- if (!(info.mask & PIDFD_INFO_COREDUMP)) {
- fprintf(stderr, "Missing coredump information from coredumping task\n");
- close(fd_coredump);
- close(fd_server);
- close(fd_peer_pidfd);
- _exit(EXIT_FAILURE);
- }
+ if (!(info.mask & PIDFD_INFO_COREDUMP))
+ goto out;
- if (info.coredump_mask & PIDFD_COREDUMPED) {
- fprintf(stderr, "Received unexpected connection from coredumping task\n");
- close(fd_coredump);
- close(fd_server);
- close(fd_peer_pidfd);
- _exit(EXIT_FAILURE);
- }
+ if (info.coredump_mask & PIDFD_COREDUMPED)
+ goto out;
+ ret = read(fd_coredump, &c, 1);
+
- close(fd_coredump);
- close(fd_server);
- close(fd_peer_pidfd);
- close(fd_core_file);
-
+ exit_code = EXIT_SUCCESS;
+ out:
+ if (fd_peer_pidfd >= 0)
+ close(fd_peer_pidfd);
+ if (fd_coredump >= 0)
+ close(fd_coredump);
+ if (fd_server >= 0)
+ close(fd_server);
+ if (ret < 1)
+ _exit(EXIT_FAILURE);
- _exit(EXIT_SUCCESS);
+ _exit(exit_code);
}
self->pid_coredump_server = pid_coredump_server;
Merge conflicts with other trees
================================
No known conflicts.
The following changes since commit 19272b37aa4f83ca52bdf9c16d5d81bdd1354494:
Linux 6.16-rc1 (2025-06-08 13:44:43 -0700)
are available in the Git repository at:
git@...olite.kernel.org:pub/scm/linux/kernel/git/vfs/vfs tags/vfs-6.17-rc1.coredump
for you to fetch changes up to 5c21c5f22d0701ac6c1cafc0e8de4bf42e5c53e5:
cleanup: add a scoped version of CLASS() (2025-07-11 16:01:07 +0200)
Please consider pulling these changes from the signed vfs-6.17-rc1.coredump tag.
Thanks!
Christian
----------------------------------------------------------------
vfs-6.17-rc1.coredump
----------------------------------------------------------------
Christian Brauner (33):
coredump: allow for flexible coredump handling
selftests/coredump: fix build
selftests/coredump: cleanup coredump tests
tools: add coredump.h header
selftests/coredump: add coredump server selftests
Merge patch series "coredump: allow for flexible coredump handling"
coredump: cleanup coredump socket functions
coredump: rename format_corename()
coredump: make coredump_parse() return bool
coredump: fix socket path validation
coredump: validate that path doesn't exceed UNIX_PATH_MAX
fs: move name_contains_dotdot() to header
coredump: don't allow ".." in coredump socket path
coredump: validate socket path in coredump_parse()
selftests/coredump: make sure invalid paths are rejected
coredump: rename do_coredump() to vfs_coredump()
coredump: split file coredumping into coredump_file()
coredump: prepare to simplify exit paths
coredump: move core_pipe_count to global variable
coredump: split pipe coredumping into coredump_pipe()
coredump: move pipe specific file check into coredump_pipe()
coredump: use a single helper for the socket
coredump: add coredump_write()
coredump: auto cleanup argv
coredump: directly return
cred: add auto cleanup method
coredump: auto cleanup prepare_creds()
coredump: add coredump_cleanup()
coredump: order auto cleanup variables at the top
coredump: avoid pointless variable
coredump: add coredump_skip() helper
Merge patch series "coredump: further cleanups"
cleanup: add a scoped version of CLASS()
Documentation/security/credentials.rst | 2 +-
.../translations/zh_CN/security/credentials.rst | 2 +-
drivers/base/firmware_loader/main.c | 31 +-
fs/coredump.c | 868 ++++++----
include/linux/cleanup.h | 8 +
include/linux/coredump.h | 4 +-
include/linux/cred.h | 2 +
include/linux/fs.h | 16 +
include/uapi/linux/coredump.h | 104 ++
kernel/signal.c | 2 +-
tools/include/uapi/linux/coredump.h | 104 ++
tools/testing/selftests/coredump/Makefile | 2 +-
tools/testing/selftests/coredump/config | 3 +
tools/testing/selftests/coredump/stackdump_test.c | 1689 +++++++++++++++++---
14 files changed, 2239 insertions(+), 598 deletions(-)
create mode 100644 include/uapi/linux/coredump.h
create mode 100644 tools/include/uapi/linux/coredump.h
create mode 100644 tools/testing/selftests/coredump/config
Powered by blists - more mailing lists