Jann Horn <jannh@xxxxxxxxxx> writes:
> When I rewrote the VMA dumping logic for coredumps, I changed it to
> recognize ELF library mappings based on the file being executable instead
> of the mapping having an ELF header. But turns out, distros ship many ELF
> libraries as non-executable, so the heuristic goes wrong...
>
> Restore the old behavior where FILTER(ELF_HEADERS) dumps the first page of
> any offset-0 readable mapping that starts with the ELF magic.
>
> This fix is technically layer-breaking a bit, because it checks for
> something ELF-specific in fs/coredump.c; but since we probably want to
> share this between standard ELF and FDPIC ELF anyway, I guess it's fine?
> And this also keeps the change small for backporting.
In light of the conflict with my other changes, and in light of the pain
of calling get_user.
Is there any reason why the doesn't unconditionally dump all headers?
Something like the diff below?
I looked in the history and the code was filtering for ELF headers
there already. I am just thinking this feels like a good idea
regardless of the file format to help verify the file on-disk
is the file we think was mapped.
Eric
diff --git a/fs/coredump.c b/fs/coredump.c
index 6a97a8ea7295..ef3b03e4cf59 100644
--- a/fs/coredump.c
+++ b/fs/coredump.c
@@ -1047,8 +1047,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma,
* dump the first page to aid in determining what was mapped here.
*/
if (FILTER(ELF_HEADERS) &&
- vma->vm_pgoff == 0 && (vma->vm_flags & VM_READ) &&
- (READ_ONCE(file_inode(vma->vm_file)->i_mode) & 0111) != 0)
+ vma->vm_pgoff == 0 && (vma->vm_flags & VM_READ))
return PAGE_SIZE;
#undef FILTER
