📄 1.txt
字号:
1190 bprm->envc = count(envp, bprm->p / sizeof(void *));
1191 if ((retval = bprm->envc) < 0)
1192 goto out_mm;
1193
1194 retval = security_bprm_alloc(bprm);
1195 if (retval)
1196 goto out;
1197
1198 retval = prepare_binprm(bprm);
1199 if (retval < 0)
1200 goto out;
1201
1202 retval = copy_strings_kernel(1, &bprm->filename, bprm);
1203 if (retval < 0)
1204 goto out;
1205
1206 bprm->exec = bprm->p;
1207 retval = copy_strings(bprm->envc, envp, bprm);
1208 if (retval < 0)
1209 goto out;
1210
1211 retval = copy_strings(bprm->argc, argv, bprm);
1212 if (retval < 0)
1213 goto out;
1214
1215 retval = search_binary_handler(bprm,regs);
1216 if (retval >= 0) {
1217 free_arg_pages(bprm);
1218
1219 /* execve success */
1220 security_bprm_free(bprm);
1221 acct_update_integrals(current);
1222 kfree(bprm);
1223 return retval;
1224 }
1225
1226 out:
1227 /* Something went wrong, return the inode and free the argument pages*/
1228 for (i = 0 ; i < MAX_ARG_PAGES ; i++) {
1229 struct page * page = bprm->page[i];
1230 if (page)
1231 __free_page(page);
1232 }
1233
1234 if (bprm->security)
1235 security_bprm_free(bprm);
1236
1237 out_mm:
1238 if (bprm->mm)
1239 mmdrop(bprm->mm);
1240
1241 out_file:
1242 if (bprm->file) {
1243 allow_write_access(bprm->file);
1244 fput(bprm->file);
1245 }
1246
1247 out_kfree:
1248 kfree(bprm);
1249
1250 out_ret:
1251 return retval;
1252 }
1253
1254 int set_binfmt(struct linux_binfmt *new)
1255 {
1256 struct linux_binfmt *old = current->binfmt;
1257
1258 if (new) {
1259 if (!try_module_get(new->module))
1260 return -1;
1261 }
1262 current->binfmt = new;
1263 if (old)
1264 module_put(old->module);
1265 return 0;
1266 }
1267
1268 EXPORT_SYMBOL(set_binfmt);
1269
1270 /* format_corename will inspect the pattern parameter, and output a
1271 * name into corename, which must have space for at least
1272 * CORENAME_MAX_SIZE bytes plus one byte for the zero terminator.
1273 */
1274 static int format_corename(char *corename, const char *pattern, long signr)
1275 {
1276 const char *pat_ptr = pattern;
1277 char *out_ptr = corename;
1278 char *const out_end = corename + CORENAME_MAX_SIZE;
1279 int rc;
1280 int pid_in_pattern = 0;
1281 int ispipe = 0;
1282
1283 if (*pattern == '|')
1284 ispipe = 1;
1285
1286 /* Repeat as long as we have more pattern to process and more output
1287 space */
1288 while (*pat_ptr) {
1289 if (*pat_ptr != '%') {
1290 if (out_ptr == out_end)
1291 goto out;
1292 *out_ptr++ = *pat_ptr++;
1293 } else {
1294 switch (*++pat_ptr) {
1295 case 0:
1296 goto out;
1297 /* Double percent, output one percent */
1298 case '%':
1299 if (out_ptr == out_end)
1300 goto out;
1301 *out_ptr++ = '%';
1302 break;
1303 /* pid */
1304 case 'p':
1305 pid_in_pattern = 1;
1306 rc = snprintf(out_ptr, out_end - out_ptr,
1307 "%d", current->tgid);
1308 if (rc > out_end - out_ptr)
1309 goto out;
1310 out_ptr += rc;
1311 break;
1312 /* uid */
1313 case 'u':
1314 rc = snprintf(out_ptr, out_end - out_ptr,
1315 "%d", current->uid);
1316 if (rc > out_end - out_ptr)
1317 goto out;
1318 out_ptr += rc;
1319 break;
1320 /* gid */
1321 case 'g':
1322 rc = snprintf(out_ptr, out_end - out_ptr,
1323 "%d", current->gid);
1324 if (rc > out_end - out_ptr)
1325 goto out;
1326 out_ptr += rc;
1327 break;
1328 /* signal that caused the coredump */
1329 case 's':
1330 rc = snprintf(out_ptr, out_end - out_ptr,
1331 "%ld", signr);
1332 if (rc > out_end - out_ptr)
1333 goto out;
1334 out_ptr += rc;
1335 break;
1336 /* UNIX time of coredump */
1337 case 't': {
1338 struct timeval tv;
1339 do_gettimeofday(&tv);
1340 rc = snprintf(out_ptr, out_end - out_ptr,
1341 "%lu", tv.tv_sec);
1342 if (rc > out_end - out_ptr)
1343 goto out;
1344 out_ptr += rc;
1345 break;
1346 }
1347 /* hostname */
1348 case 'h':
1349 down_read(&uts_sem);
1350 rc = snprintf(out_ptr, out_end - out_ptr,
1351 "%s", utsname()->nodename);
1352 up_read(&uts_sem);
1353 if (rc > out_end - out_ptr)
1354 goto out;
1355 out_ptr += rc;
1356 break;
1357 /* executable */
1358 case 'e':
1359 rc = snprintf(out_ptr, out_end - out_ptr,
1360 "%s", current->comm);
1361 if (rc > out_end - out_ptr)
1362 goto out;
1363 out_ptr += rc;
1364 break;
1365 default:
1366 break;
1367 }
1368 ++pat_ptr;
1369 }
1370 }
1371 /* Backward compatibility with core_uses_pid:
1372 *
1373 * If core_pattern does not include a %p (as is the default)
1374 * and core_uses_pid is set, then .%pid will be appended to
1375 * the filename. Do not do this for piped commands. */
1376 if (!ispipe && !pid_in_pattern
1377 && (core_uses_pid || atomic_read(¤t->mm->mm_users) != 1)) {
1378 rc = snprintf(out_ptr, out_end - out_ptr,
1379 ".%d", current->tgid);
1380 if (rc > out_end - out_ptr)
1381 goto out;
1382 out_ptr += rc;
1383 }
1384 out:
1385 *out_ptr = 0;
1386 return ispipe;
1387 }
1388
1389 static void zap_process(struct task_struct *start)
1390 {
1391 struct task_struct *t;
1392
1393 start->signal->flags = SIGNAL_GROUP_EXIT;
1394 start->signal->group_stop_count = 0;
1395
1396 t = start;
1397 do {
1398 if (t != current && t->mm) {
1399 t->mm->core_waiters++;
1400 sigaddset(&t->pending.signal, SIGKILL);
1401 signal_wake_up(t, 1);
1402 }
1403 } while ((t = next_thread(t)) != start);
1404 }
1405
1406 static inline int zap_threads(struct task_struct *tsk, struct mm_struct *mm,
1407 int exit_code)
1408 {
1409 struct task_struct *g, *p;
1410 unsigned long flags;
1411 int err = -EAGAIN;
1412
1413 spin_lock_irq(&tsk->sighand->siglock);
1414 if (!(tsk->signal->flags & SIGNAL_GROUP_EXIT)) {
1415 tsk->signal->group_exit_code = exit_code;
1416 zap_process(tsk);
1417 err = 0;
1418 }
1419 spin_unlock_irq(&tsk->sighand->siglock);
1420 if (err)
1421 return err;
1422
1423 if (atomic_read(&mm->mm_users) == mm->core_waiters + 1)
1424 goto done;
1425
1426 rcu_read_lock();
1427 for_each_process(g) {
1428 if (g == tsk->group_leader)
1429 continue;
1430
1431 p = g;
1432 do {
1433 if (p->mm) {
1434 if (p->mm == mm) {
1435 /*
1436 * p->sighand can't disappear, but
1437 * may be changed by de_thread()
1438 */
1439 lock_task_sighand(p, &flags);
1440 zap_process(p);
1441 unlock_task_sighand(p, &flags);
1442 }
1443 break;
1444 }
1445 } while ((p = next_thread(p)) != g);
1446 }
1447 rcu_read_unlock();
1448 done:
1449 return mm->core_waiters;
1450 }
1451
1452 static int coredump_wait(int exit_code)
1453 {
1454 struct task_struct *tsk = current;
1455 struct mm_struct *mm = tsk->mm;
1456 struct completion startup_done;
1457 struct completion *vfork_done;
1458 int core_waiters;
1459
1460 init_completion(&mm->core_done);
1461 init_completion(&startup_done);
1462 mm->core_startup_done = &startup_done;
1463
1464 core_waiters = zap_threads(tsk, mm, exit_code);
1465 up_write(&mm->mmap_sem);
1466
1467 if (unlikely(core_waiters < 0))
1468 goto fail;
1469
1470 /*
1471 * Make sure nobody is waiting for us to release the VM,
1472 * otherwise we can deadlock when we wait on each other
1473 */
1474 vfork_done = tsk->vfork_done;
1475 if (vfork_done) {
1476 tsk->vfork_done = NULL;
1477 complete(vfork_done);
1478 }
1479
1480 if (core_waiters)
1481 wait_for_completion(&startup_done);
1482 fail:
1483 BUG_ON(mm->core_waiters);
1484 return core_waiters;
1485 }
1486
1487 int do_coredump(long signr, int exit_code, struct pt_regs * regs)
1488 {
1489 char corename[CORENAME_MAX_SIZE + 1];
1490 struct mm_struct *mm = current->mm;
1491 struct linux_binfmt * binfmt;
1492 struct inode * inode;
1493 struct file * file;
1494 int retval = 0;
1495 int fsuid = current->fsuid;
1496 int flag = 0;
1497 int ispipe = 0;
1498
1499 audit_core_dumps(signr);
1500
1501 binfmt = current->binfmt;
1502 if (!binfmt || !binfmt->core_dump)
1503 goto fail;
1504 down_write(&mm->mmap_sem);
1505 if (!mm->dumpable) {
1506 up_write(&mm->mmap_sem);
1507 goto fail;
1508 }
1509
1510 /*
1511 * We cannot trust fsuid as being the "true" uid of the
1512 * process nor do we know its entire history. We only know it
1513 * was tainted so we dump it as root in mode 2.
1514 */
1515 if (mm->dumpable == 2) { /* Setuid core dump mode */
1516 flag = O_EXCL; /* Stop rewrite attacks */
1517 current->fsuid = 0; /* Dump root private */
1518 }
1519 mm->dumpable = 0;
1520
1521 retval = coredump_wait(exit_code);
1522 if (retval < 0)
1523 goto fail;
1524
1525 /*
1526 * Clear any false indication of pending signals that might
1527 * be seen by the filesystem code called to write the core file.
1528 */
1529 clear_thread_flag(TIF_SIGPENDING);
1530
1531 if (current->signal->rlim[RLIMIT_CORE].rlim_cur < binfmt->min_coredump)
1532 goto fail_unlock;
1533
1534 /*
1535 * lock_kernel() because format_corename() is controlled by sysctl, which
1536 * uses lock_kernel()
1537 */
1538 lock_kernel();
1539 ispipe = format_corename(corename, core_pattern, signr);
1540 unlock_kernel();
1541 if (ispipe) {
1542 /* SIGPIPE can happen, but it's just never processed */
1543 if(call_usermodehelper_pipe(corename+1, NULL, NULL, &file)) {
1544 printk(KERN_INFO "Core dump to %s pipe failed\n",
1545 corename);
1546 goto fail_unlock;
1547 }
1548 } else
1549 file = filp_open(corename,
1550 O_CREAT | 2 | O_NOFOLLOW | O_LARGEFILE | flag,
1551 0600);
1552 if (IS_ERR(file))
1553 goto fail_unlock;
1554 inode = file->f_path.dentry->d_inode;
1555 if (inode->i_nlink > 1)
1556 goto close_fail; /* multiple links - don't dump */
1557 if (!ispipe && d_unhashed(file->f_path.dentry))
1558 goto close_fail;
1559
1560 /* AK: actually i see no reason to not allow this for named pipes etc.,
1561 but keep the previous behaviour for now. */
1562 if (!ispipe && !S_ISREG(inode->i_mode))
1563 goto close_fail;
1564 if (!file->f_op)
1565 goto close_fail;
1566 if (!file->f_op->write)
1567 goto close_fail;
1568 if (!ispipe && do_truncate(file->f_path.dentry, 0, 0, file) != 0)
1569 goto close_fail;
1570
1571 retval = binfmt->core_dump(signr, regs, file);
1572
1573 if (retval)
1574 current->signal->group_exit_code |= 0x80;
1575 close_fail:
1576 filp_close(file, NULL);
1577 fail_unlock:
1578 current->fsuid = fsuid;
1579 complete_all(&mm->core_done);
1580 fail:
1581 return retval;
1582 }
1583 ⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -