Commit 117eab5c authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge tag 'vfs-6.17-rc1.coredump' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs 

Pull coredump updates from Christian Brauner:
 "This contains an extension to the coredump socket and a proper rework
  of the coredump code.

   - This extends the coredump socket to allow the coredump server to
     tell the kernel how to process individual coredumps. This allows
     for fine-grained coredump management. Userspace can decide to just
     let the kernel write out the coredump, or generate the coredump
     itself, or just reject it.

     * COREDUMP_KERNEL
       The kernel will write the coredump data to the socket.

     * COREDUMP_USERSPACE
       The kernel will not write coredump data but will indicate to the
       parent that a coredump has been generated. This is used when
       userspace generates its own coredumps.

     * COREDUMP_REJECT
       The kernel will skip generating a coredump for this task.

     * COREDUMP_WAIT
       The kernel will prevent the task from exiting until the coredump
       server has shutdown the socket connection.

     The flexible coredump socket can be enabled by using the "@@"
     prefix instead of the single "@" prefix for the regular coredump
     socket:

       @@/run/systemd/coredump.socket

   - Cleanup the coredump code properly while we have to touch it
     anyway.

     Split out each coredump mode in a separate helper so it's easy to
     grasp what is going on and make the code easier to follow. The core
     coredump function should now be very trivial to follow"

* tag 'vfs-6.17-rc1.coredump' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs: (31 commits)
  cleanup: add a scoped version of CLASS()
  coredump: add coredump_skip() helper
  coredump: avoid pointless variable
  coredump: order auto cleanup variables at the top
  coredump: add coredump_cleanup()
  coredump: auto cleanup prepare_creds()
  cred: add auto cleanup method
  coredump: directly return
  coredump: auto cleanup argv
  coredump: add coredump_write()
  coredump: use a single helper for the socket
  coredump: move pipe specific file check into coredump_pipe()
  coredump: split pipe coredumping into coredump_pipe()
  coredump: move core_pipe_count to global variable
  coredump: prepare to simplify exit paths
  coredump: split file coredumping into coredump_file()
  coredump: rename do_coredump() to vfs_coredump()
  selftests/coredump: make sure invalid paths are rejected
  coredump: validate socket path in coredump_parse()
  coredump: don't allow ".." in coredump socket path
  ...
parents 7879d7af 5c21c5f2

Documentation/security/credentials.rst

+1 −1
Original line number Diff line number Diff line
@@ -555,5 +555,5 @@ the VFS, and that can be done by calling into such as ``vfs_mkdir()`` with a 
different set of credentials.  This is done in the following places:



 * ``sys_faccessat()``.

 * ``do_coredump()``.

 * ``vfs_coredump()``.

 * nfs4recover.c.

Documentation/translations/zh_CN/security/credentials.rst

+1 −1
Original line number Diff line number Diff line
@@ -475,5 +475,5 @@ const指针上操作,因此不需要进行类型转换,但需要临时放弃 
如 ``vfs_mkdir()`` 来实现。以下是一些进行此操作的位置:



 * ``sys_faccessat()``.

 * ``do_coredump()``.

 * ``vfs_coredump()``.

 * nfs4recover.c.

drivers/base/firmware_loader/main.c

+11 −20
Original line number Diff line number Diff line
@@ -822,26 +822,6 @@ static void fw_log_firmware_info(const struct firmware *fw, const char *name, 
{}

#endif



/*

 * Reject firmware file names with ".." path components.

 * There are drivers that construct firmware file names from device-supplied

 * strings, and we don't want some device to be able to tell us "I would like to

 * be sent my firmware from ../../../etc/shadow, please".

 *

 * Search for ".." surrounded by either '/' or start/end of string.

 *

 * This intentionally only looks at the firmware name, not at the firmware base

 * directory or at symlink contents.

 */

static bool name_contains_dotdot(const char *name)

{

	size_t name_len = strlen(name);



	return strcmp(name, "..") == 0 || strncmp(name, "../", 3) == 0 ||

	       strstr(name, "/../") != NULL ||

	       (name_len >= 3 && strcmp(name+name_len-3, "/..") == 0);

}



/* called from request_firmware() and request_firmware_work_func() */

static int

_request_firmware(const struct firmware **firmware_p, const char *name,
@@ -862,6 +842,17 @@ _request_firmware(const struct firmware **firmware_p, const char *name, 
		goto out;

	}





	/*

	 * Reject firmware file names with ".." path components.

	 * There are drivers that construct firmware file names from

	 * device-supplied strings, and we don't want some device to be

	 * able to tell us "I would like to be sent my firmware from

	 * ../../../etc/shadow, please".

	 *

	 * This intentionally only looks at the firmware name, not at

	 * the firmware base directory or at symlink contents.

	 */

	if (name_contains_dotdot(name)) {

		dev_warn(device,

			 "Firmware load for '%s' refused, path contains '..' component\n",

fs/coredump.c

+538 −330

File changed.

Preview size limit exceeded, changes collapsed.

include/linux/cleanup.h

+8 −0
Original line number Diff line number Diff line
@@ -277,6 +277,14 @@ static inline class_##_name##_t class_##_name##ext##_constructor(_init_args) \ 
	class_##_name##_t var __cleanup(class_##_name##_destructor) =	\

		class_##_name##_constructor



#define scoped_class(_name, var, args)                          \

	for (CLASS(_name, var)(args);                           \

	     __guard_ptr(_name)(&var) || !__is_cond_ptr(_name); \

	     ({ goto _label; }))                                \

		if (0) {                                        \

_label:                                                         \

			break;                                  \

		} else



/*

 * DEFINE_GUARD(name, type, lock, unlock):