Jann Horn jannh@google.com writes:
When I rewrote the VMA dumping logic for coredumps, I changed it to recognize ELF library mappings based on the file being executable instead of the mapping having an ELF header. But turns out, distros ship many ELF libraries as non-executable, so the heuristic goes wrong...
Restore the old behavior where FILTER(ELF_HEADERS) dumps the first page of any offset-0 readable mapping that starts with the ELF magic.
This fix is technically layer-breaking a bit, because it checks for something ELF-specific in fs/coredump.c; but since we probably want to share this between standard ELF and FDPIC ELF anyway, I guess it's fine? And this also keeps the change small for backporting.
In light of the conflict with my other changes, and in light of the pain of calling get_user.
Is there any reason why the doesn't unconditionally dump all headers? Something like the diff below?
I looked in the history and the code was filtering for ELF headers there already. I am just thinking this feels like a good idea regardless of the file format to help verify the file on-disk is the file we think was mapped.
Eric
diff --git a/fs/coredump.c b/fs/coredump.c index 6a97a8ea7295..ef3b03e4cf59 100644 --- a/fs/coredump.c +++ b/fs/coredump.c @@ -1047,8 +1047,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma, * dump the first page to aid in determining what was mapped here. */ if (FILTER(ELF_HEADERS) && - vma->vm_pgoff == 0 && (vma->vm_flags & VM_READ) && - (READ_ONCE(file_inode(vma->vm_file)->i_mode) & 0111) != 0) + vma->vm_pgoff == 0 && (vma->vm_flags & VM_READ)) return PAGE_SIZE;
#undef FILTER