1. 30 Jan, 2008 3 commits
    • Andrew Morton's avatar
      x86: PIE executable randomization, checkpatch fixes · bb1ad820
      Andrew Morton authored
      #39: FILE: arch/ia64/ia32/binfmt_elf32.c:229:
      +elf32_map (struct file *filep, unsigned long addr, struct elf_phdr *eppnt, int prot, int type, unsigned long unused)
      WARNING: no space between function name and open parenthesis '('
      #39: FILE: arch/ia64/ia32/binfmt_elf32.c:229:
      +elf32_map (struct file *filep, unsigned long addr, struct elf_phdr *eppnt, int prot, int type, unsigned long unused)
      WARNING: line over 80 characters
      #67: FILE: arch/x86/kernel/sys_x86_64.c:80:
      +			new_begin = randomize_range(*begin, *begin + 0x02000000, 0);
      ERROR: use tabs not spaces
      #110: FILE: arch/x86/kernel/sys_x86_64.c:185:
      + ^I        mm->cached_hole_size = 0;$
      ERROR: use tabs not spaces
      #111: FILE: arch/x86/kernel/sys_x86_64.c:186:
      + ^I^Imm->free_area_cache = mm->mmap_base;$
      ERROR: use tabs not spaces
      #112: FILE: arch/x86/kernel/sys_x86_64.c:187:
      + ^I}$
      ERROR: use tabs not spaces
      #141: FILE: arch/x86/kernel/sys_x86_64.c:216:
      + ^I^I/* remember the largest hole we saw so far */$
      ERROR: use tabs not spaces
      #142: FILE: arch/x86/kernel/sys_x86_64.c:217:
      + ^I^Iif (addr + mm->cached_hole_size < vma->vm_start)$
      ERROR: use tabs not spaces
      #143: FILE: arch/x86/kernel/sys_x86_64.c:218:
      + ^I^I        mm->cached_hole_size = vma->vm_start - addr;$
      ERROR: use tabs not spaces
      #157: FILE: arch/x86/kernel/sys_x86_64.c:232:
      +  ^Imm->free_area_cache = TASK_UNMAPPED_BASE;$
      ERROR: need a space before the open parenthesis '('
      #291: FILE: arch/x86/mm/mmap_64.c:101:
      +	} else if(mmap_is_legacy()) {
      WARNING: braces {} are not necessary for single statement blocks
      #302: FILE: arch/x86/mm/mmap_64.c:112:
      +	if (current->flags & PF_RANDOMIZE) {
      +		mm->mmap_base += ((long)rnd) << PAGE_SHIFT;
      +	}
      WARNING: line over 80 characters
      #314: FILE: fs/binfmt_elf.c:48:
      +static unsigned long elf_map (struct file *, unsigned long, struct elf_phdr *, int, int, unsigned long);
      WARNING: no space between function name and open parenthesis '('
      #314: FILE: fs/binfmt_elf.c:48:
      +static unsigned long elf_map (struct file *, unsigned long, struct elf_phdr *, int, int, unsigned long);
      WARNING: line over 80 characters
      #429: FILE: fs/binfmt_elf.c:438:
      +					   eppnt, elf_prot, elf_type, total_size);
      ERROR: need space after that ',' (ctx:VxV)
      #480: FILE: fs/binfmt_elf.c:939:
      +				elf_prot, elf_flags,0);
      total: 9 errors, 7 warnings, 461 lines checked
      Your patch has style problems, please review.  If any of these errors
      are false positives report them to the maintainer, see
      Please run checkpatch prior to sending patches
      Cc: "Luck, Tony" <tony.luck@intel.com>
      Cc: Arjan van de Ven <arjan@infradead.org>
      Cc: Jakub Jelinek <jakub@redhat.com>
      Cc: Jiri Kosina <jkosina@suse.cz>
      Cc: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
      Cc: Roland McGrath <roland@redhat.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarIngo Molnar <mingo@elte.hu>
      Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
    • Jiri Kosina's avatar
      x86: PIE executable randomization · cc503c1b
      Jiri Kosina authored
      main executable of (specially compiled/linked -pie/-fpie) ET_DYN binaries
      onto a random address (in cases in which mmap() is allowed to perform a
      The code has been extraced from Ingo's exec-shield patch
      [akpm@linux-foundation.org: fix used-uninitialsied warning]
      [kamezawa.hiroyu@jp.fujitsu.com: fixed ia32 ELF on x86_64 handling]
      Signed-off-by: default avatarJiri Kosina <jkosina@suse.cz>
      Cc: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
      Cc: Arjan van de Ven <arjan@infradead.org>
      Cc: Roland McGrath <roland@redhat.com>
      Cc: Jakub Jelinek <jakub@redhat.com>
      Cc: "Luck, Tony" <tony.luck@intel.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarIngo Molnar <mingo@elte.hu>
      Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
    • Jiri Kosina's avatar
      x86: randomize brk · c1d171a0
      Jiri Kosina authored
      Randomize the location of the heap (brk) for i386 and x86_64.  The range is
      randomized in the range starting at current brk location up to 0x02000000
      offset for both architectures.  This, together with
      pie-executable-randomization.patch and
      pie-executable-randomization-fix.patch, should make the address space
      randomization on i386 and x86_64 complete.
      Arjan says:
      This is known to break older versions of some emacs variants, whose dumper
      code assumed that the last variable declared in the program is equal to the
      start of the dynamically allocated memory region.
      (The dumper is the code where emacs effectively dumps core at the end of it's
      compilation stage; this coredump is then loaded as the main program during
      normal use)
      iirc this was 5 years or so; we found this way back when I was at RH and we
      first did the security stuff there (including this brk randomization).  It
      wasn't all variants of emacs, and it got fixed as a result (I vaguely remember
      that emacs already had code to deal with it for other archs/oses, just
      ifdeffed wrongly).
      It's a rare and wrong assumption as a general thing, just on x86 it mostly
      happened to be true (but to be honest, it'll break too if gcc does
      something fancy or if the linker does a non-standard order).  Still its
      something we should at least document.
      Note 2: afaik it only broke the emacs *build*.  I'm not 100% sure about that
      (it IS 5 years ago) though.
      [ akpm@linux-foundation.org: deuglification ]
      Signed-off-by: default avatarJiri Kosina <jkosina@suse.cz>
      Cc: Arjan van de Ven <arjan@infradead.org>
      Cc: Roland McGrath <roland@redhat.com>
      Cc: Jakub Jelinek <jakub@redhat.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarIngo Molnar <mingo@elte.hu>
      Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
  2. 07 Jan, 2008 1 commit
  3. 19 Oct, 2007 2 commits
    • Pavel Emelyanov's avatar
      pid namespaces: changes to show virtual ids to user · b488893a
      Pavel Emelyanov authored
      This is the largest patch in the set. Make all (I hope) the places where
      the pid is shown to or get from user operate on the virtual pids.
      The idea is:
       - all in-kernel data structures must store either struct pid itself
         or the pid's global nr, obtained with pid_nr() call;
       - when seeking the task from kernel code with the stored id one
         should use find_task_by_pid() call that works with global pids;
       - when showing pid's numerical value to the user the virtual one
         should be used, but however when one shows task's pid outside this
         task's namespace the global one is to be used;
       - when getting the pid from userspace one need to consider this as
         the virtual one and use appropriate task/pid-searching functions.
      [akpm@linux-foundation.org: build fix]
      [akpm@linux-foundation.org: nuther build fix]
      [akpm@linux-foundation.org: yet nuther build fix]
      [akpm@linux-foundation.org: remove unneeded casts]
      Signed-off-by: default avatarPavel Emelyanov <xemul@openvz.org>
      Signed-off-by: default avatarAlexey Dobriyan <adobriyan@openvz.org>
      Cc: Sukadev Bhattiprolu <sukadev@us.ibm.com>
      Cc: Oleg Nesterov <oleg@tv-sign.ru>
      Cc: Paul Menage <menage@google.com>
      Cc: "Eric W. Biederman" <ebiederm@xmission.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    • Pavel Emelianov's avatar
      pid namespaces: round up the API · a47afb0f
      Pavel Emelianov authored
      The set of functions process_session, task_session, process_group and
      task_pgrp is confusing, as the names can be mixed with each other when looking
      at the code for a long time.
      The proposals are to
      * equip the functions that return the integer with _nr suffix to
        represent that fact,
      * and to make all functions work with task (not process) by making
        the common prefix of the same name.
      For monotony the routines signal_session() and set_signal_session() are
      replaced with task_session_nr() and set_task_session(), especially since they
      are only used with the explicit task->signal dereference.
      Signed-off-by: default avatarPavel Emelianov <xemul@openvz.org>
      Acked-by: default avatarSerge E. Hallyn <serue@us.ibm.com>
      Cc: Kirill Korotaev <dev@openvz.org>
      Cc: "Eric W. Biederman" <ebiederm@xmission.com>
      Cc: Cedric Le Goater <clg@fr.ibm.com>
      Cc: Herbert Poetzl <herbert@13thfloor.at>
      Cc: Sukadev Bhattiprolu <sukadev@us.ibm.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
  4. 17 Oct, 2007 6 commits
    • Franck Bui-Huu's avatar
      Break ELF_PLATFORM and stack pointer randomization dependency · d68c9d6a
      Franck Bui-Huu authored
      Currently arch_align_stack() is used by fs/binfmt_elf.c to randomize
      stack pointer inside a page. But this happens only if ELF_PLATFORM
      symbol is defined.
      ELF_PLATFORM is normally set if the architecture wants ld.so to load
      implementation specific libraries for optimization. And currently a
      lot of architectures just yield this symbol to NULL.
      This is the case for MIPS architecture where ELF_PLATFORM is NULL but
      arch_align_stack() has been redefined to do stack inside page
      randomization. So in this case no randomization is actually done.
      This patch breaks this dependency which seems to be useless and allows
      platforms such MIPS to do the randomization.
      Signed-off-by: default avatarFranck Bui-Huu <fbuihuu@gmail.com>
      Cc: Ingo Molnar <mingo@elte.hu>
      Cc: Arjan van de Ven <arjan@infradead.org>
      Cc: Ralf Baechle <ralf@linux-mips.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    • Olaf Hering's avatar
      increase AT_VECTOR_SIZE to terminate saved_auxv properly · 4f9a58d7
      Olaf Hering authored
      include/asm-powerpc/elf.h has 6 entries in ARCH_DLINFO.  fs/binfmt_elf.c
      has 14 unconditional NEW_AUX_ENT entries and 2 conditional NEW_AUX_ENT
      entries.  So in the worst case, saved_auxv does not get an AT_NULL entry at
      the end.
      The saved_auxv array must be terminated with an AT_NULL entry.  Make the
      size of mm_struct->saved_auxv arch dependend, based on the number of
      ARCH_DLINFO entries.
      Signed-off-by: default avatarOlaf Hering <olh@suse.de>
      Cc: Roland McGrath <roland@redhat.com>
      Cc: Jakub Jelinek <jakub@redhat.com>
      Cc: Richard Henderson <rth@twiddle.net>
      Cc: Ivan Kokshaysky <ink@jurassic.park.msu.ru>
      Cc: "Luck, Tony" <tony.luck@intel.com>
      Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
      Cc: Paul Mackerras <paulus@samba.org>
      Cc: Paul Mundt <lethal@linux-sh.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    • Roland McGrath's avatar
      Add MMF_DUMP_ELF_HEADERS · 82df3973
      Roland McGrath authored
      This adds the MMF_DUMP_ELF_HEADERS option to /proc/pid/coredump_filter.
      This dumps the first page (only) of a private file mapping if it appears to
      be a mapping of an ELF file.  Including these pages in the core dump may
      give sufficient identifying information to associate the original DSO and
      executable file images and their debugging information with a core file in
      a generic way just from its contents (e.g.  when those binaries were built
      with ld --build-id).  I expect this to become the default behavior
      eventually.  Existing versions of gdb can be confused by the core dumps it
      creates, so it won't enabled by default for some time to come.  Soon many
      people will have systems with a gdb that handle these dumps, so they can
      arrange to set the bit at boot and have it inherited system-wide.
      This also cleans up the checking of the MMF_DUMP_* flag bits, which did not
      need to be using atomic macros.
      Signed-off-by: default avatarRoland McGrath <roland@redhat.com>
      Cc: Hidehiro Kawai <hidehiro.kawai.ez@hitachi.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    • Andi Kleen's avatar
      Deprecate a.out ELF interpreters · 8e9073ed
      Andi Kleen authored
      The Linux ELF loader is quite complicated and messy code (that could
      probably need a rewrite, but that's a different chapter).  One particular
      messy part in it is the support for non ELF a.out ld.sos.  This was
      originally added to make transition from a.out to ELF easier because an
      a.out ELF ld.so could be still build using an older a.out toolkit.  But by
      now that should be fully obsolete and removing it would clean up
      binfmt_elf.c up a bit.
      I propose to deprecate this support and remove for 2.6.25.
      Drawback is that someone still runs their system with a.out ld.so
      they would need to update the ld.so when updating to a new kernel.
      This patch just adds an entry to the deprecation file and a printk
      warning users.
      [akpm@linux-foundation.org: better warning message]
      Signed-off-by: default avatarAndi Kleen <ak@suse.de>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    • Neil Horman's avatar
      core_pattern: ignore RLIMIT_CORE if core_pattern is a pipe · 7dc0b22e
      Neil Horman authored
      For some time /proc/sys/kernel/core_pattern has been able to set its output
      destination as a pipe, allowing a user space helper to receive and
      intellegently process a core.  This infrastructure however has some
      shortcommings which can be enhanced.  Specifically:
      1) The coredump code in the kernel should ignore RLIMIT_CORE limitation
         when core_pattern is a pipe, since file system resources are not being
         consumed in this case, unless the user application wishes to save the core,
         at which point the app is restricted by usual file system limits and
      2) The core_pattern code should be able to parse and pass options to the
         user space helper as an argv array.  The real core limit of the uid of the
         crashing proces should also be passable to the user space helper (since it
         is overridden to zero when called).
      3) Some miscellaneous bugs need to be cleaned up (specifically the
         recognition of a recursive core dump, should the user mode helper itself
         crash.  Also, the core dump code in the kernel should not wait for the user
         mode helper to exit, since the same context is responsible for writing to
         the pipe, and a read of the pipe by the user mode helper will result in a
      This patch:
      Remove the check of RLIMIT_CORE if core_pattern is a pipe.  In the event that
      core_pattern is a pipe, the entire core will be fed to the user mode helper.
      Signed-off-by: default avatarNeil Horman <nhorman@tuxdriver.com>
      Cc: <martin.pitt@ubuntu.com>
      Cc: <wwoods@redhat.com>
      Cc: Jeremy Fitzhardinge <jeremy@goop.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    • Mark Nelson's avatar
      x86: replace NT_PRXFPREG with ELF_CORE_XFPREG_TYPE #define · 5b20cd80
      Mark Nelson authored
      Replace NT_PRXFPREG with ELF_CORE_XFPREG_TYPE in the coredump code which
      allows for more flexibility in the note type for the state of 'extended
      floating point' implementations in coredumps.  New note types can now be
      added with an appropriate #define.
      This does #define ELF_CORE_XFPREG_TYPE to be NT_PRXFPREG in all
      current users so there's are no change in behaviour.
      This will let us use different note types on powerpc for the Altivec/VMX
      state that some PowerPC cpus have (G4, PPC970, POWER6) and for the SPE
      (signal processing extension) state that some embedded PowerPC cpus from
      Freescale have.
      Signed-off-by: default avatarMark Nelson <markn@au1.ibm.com>
      Cc: Paul Mackerras <paulus@samba.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: Ingo Molnar <mingo@elte.hu>
      Cc: Andi Kleen <ak@suse.de>
      Cc: <linux-arch@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
  5. 16 Oct, 2007 1 commit
    • Nick Piggin's avatar
      remove ZERO_PAGE · 557ed1fa
      Nick Piggin authored
      The commit b5810039
       contains the note
        A last caveat: the ZERO_PAGE is now refcounted and managed with rmap
        (and thus mapcounted and count towards shared rss).  These writes to
        the struct page could cause excessive cacheline bouncing on big
        systems.  There are a number of ways this could be addressed if it is
        an issue.
      And indeed this cacheline bouncing has shown up on large SGI systems.
      There was a situation where an Altix system was essentially livelocked
      tearing down ZERO_PAGE pagetables when an HPC app aborted during startup.
      This situation can be avoided in userspace, but it does highlight the
      potential scalability problem with refcounting ZERO_PAGE, and corner
      cases where it can really hurt (we don't want the system to livelock!).
      There are several broad ways to fix this problem:
      1. add back some special casing to avoid refcounting ZERO_PAGE
      2. per-node or per-cpu ZERO_PAGES
      3. remove the ZERO_PAGE completely
      I will argue for 3. The others should also fix the problem, but they
      result in more complex code than does 3, with little or no real benefit
      that I can see.
      Why? Inserting a ZERO_PAGE for anonymous read faults appears to be a
      false optimisation: if an application is performance critical, it would
      not be doing many read faults of new memory, or at least it could be
      expected to write to that memory soon afterwards. If cache or memory use
      is critical, it should not be working with a significant number of
      ZERO_PAGEs anyway (a more compact representation of zeroes should be
      As a sanity check -- mesuring on my desktop system, there are never many
      mappings to the ZERO_PAGE (eg. 2 or 3), thus memory usage here should not
      increase much without it.
      When running a make -j4 kernel compile on my dual core system, there are
      about 1,000 mappings to the ZERO_PAGE created per second, but about 1,000
      ZERO_PAGE COW faults per second (less than 1 ZERO_PAGE mapping per second
      is torn down without being COWed). So removing ZERO_PAGE will save 1,000
      page faults per second when running kbuild, while keeping it only saves
      less than 1 page clearing operation per second. 1 page clear is cheaper
      than a thousand faults, presumably, so there isn't an obvious loss.
      Neither the logical argument nor these basic tests give a guarantee of no
      regressions. However, this is a reasonable opportunity to try to remove
      the ZERO_PAGE from the pagefault path. If it is found to cause regressions,
      we can reintroduce it and just avoid refcounting it.
      The /dev/zero ZERO_PAGE usage and TLB tricks also get nuked.  I don't see
      much use to them except on benchmarks.  All other users of ZERO_PAGE are
      converted just to use ZERO_PAGE(0) for simplicity. We can look at
      replacing them all and maybe ripping out ZERO_PAGE completely when we are
      more satisfied with this solution.
      Signed-off-by: default avatarNick Piggin <npiggin@suse.de>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus "snif" Torvalds <torvalds@linux-foundation.org>
  6. 18 Sep, 2007 1 commit
    • Michael Ellerman's avatar
      [POWERPC] spufs: Cleanup ELF coredump extra notes logic · e5501492
      Michael Ellerman authored
      To start with, arch_notes_size() etc. is a little too ambiguous a name for
      my liking, so change the function names to be more explicit.
      Calling through macros is ugly, especially with hidden parameters, so don't
      do that, call the routines directly.
      Use ARCH_HAVE_EXTRA_ELF_NOTES as the only flag, and based on it decide
      whether we want the extern declarations or the empty versions.
      Since we have empty routines, actually use them in the coredump code to
      save a few #ifdefs.
      We want to change the handling of foffset so that the write routine updates
      foffset as it goes, instead of using file->f_pos (so that writing to a pipe
      works).  So pass foffset to the write routine, and for now just set it to
      file->f_pos at the end of writing.
      It should also be possible for the write routine to fail, so change it to
      return int and treat a non-zero return as failure.
      Signed-off-by: default avatarMichael Ellerman <michael@ellerman.id.au>
      Signed-off-by: default avatarJeremy Kerr <jk@ozlabs.org>
      Signed-off-by: default avatarPaul Mackerras <paulus@samba.org>
  7. 21 Jul, 2007 1 commit
  8. 19 Jul, 2007 2 commits
  9. 16 Jul, 2007 2 commits
  10. 06 Jul, 2007 1 commit
    • Michael Ellerman's avatar
      Fix elf_core_dump() when writing arch specific notes (spu coredumps) · ef7320ed
      Michael Ellerman authored
      elf_core_dump() supports dumping arch specific ELF notes, via the #define
      ELF_CORE_WRITE_EXTRA_NOTES.  Currently the only user of this is the powerpc
      spu coredump code.
      There is a bug in the handling of foffset WRT the arch notes, which causes
      us to erroneously increment foffset by the size of the arch notes, leaving
      a block of zeroes in the file, and causing all subsequent data in the file
      to be at <supposed position> + <arch note size>.  eg:
        LOAD  0x050000 0x00100000 0x00000000 0x20000 0x20000 R E 0x10000
      Tells us we should have a chunk of data at 0x50000.  The truth is the data
      is at 0x90dbc = 0x50000 + 0x40dbc (the size of the arch notes).
      This bug prevents gdb from reading the core file correctly.
      The simplest fix is to simply remember the size of the arch notes, and add
      it to foffset after we've written the arch notes.  The only drawback is
      that if the arch code doesn't write as many bytes as it said it would, we
      end up with a broken core dump again.  For now I think that's a reasonable
      Tested on a Cell blade, gdb no longer complains about the core file being
      While I'm here I should point out that the spu coredump code does not work
      if we're dumping to a pipe - we'll have to wait for 23 to fix that.
      Signed-off-by: default avatarMichael Ellerman <michael@ellerman.id.au>
      Acked-by: default avatarArnd Bergmann <arnd@arndb.de>
      Acked-by: default avatarBenjamin Herrenschmidt <benh@kernel.crashing.org>
      Acked-by: default avatarPaul Mackerras <paulus@samba.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
  11. 08 May, 2007 3 commits
  12. 02 Apr, 2007 1 commit
  13. 16 Mar, 2007 1 commit
    • James Bottomley's avatar
      [PATCH] fix process crash caused by randomisation and 64k pages · d1cabd63
      James Bottomley authored
      This bug was seen on ppc64, but it could have occurred on any
      architecture with a page size of 64k or above.  The problem is that in
      fs/binfmt_elf.c:randomize_stack_top() randomizes the stack to within
      0x7ff pages.  On 4k page machines, this is 8MB; on 64k page boxes, this
      is 128MB.
      The problem is that the new binary layout (selected in
      arch_pick_mmap_layout) places the mapping segment 128MB or the stack
      rlimit away from the top of the process memory, whichever is larger.  If
      you chose an rlimit of less than 128MB (most defaults are in the 8Mb
      range) then you can end up having your entire stack randomized away.
      The fix is to make randomize_stack_top() only steal at most 8MB, which this
      patch does.  However, I have to point out that even with this, your stack
      rlimit might not be exactly what you get if it's > 128MB, because you're
      still losing the random offset of up to 8MB.
      The true fix should be to leave an explicit gap for the randomization plus
      a buffer when determining mmap_base, but that would involve fixing all the
      Cc: Arjan van de Ven <arjan@infradead.org>
      Cc: Ingo Molnar <mingo@elte.hu>
      Cc: Andi Kleen <ak@suse.de>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
  14. 13 Feb, 2007 1 commit
  15. 26 Jan, 2007 3 commits
  16. 06 Jan, 2007 1 commit
    • Linus Torvalds's avatar
      Revert "[PATCH] binfmt_elf: randomize PIE binaries (2nd try)" · 90cb28e8
      Linus Torvalds authored
      This reverts commit 59287c09
      Hugh Dickins reports that it causes random failures on x86 with SuSE
      10.2, and points out
        "Isn't that randomization, anywhere from 0x10000 to ELF_ET_DYN_BASE,
         sure to place the ET_DYN from time to time just where the comment
         says it's trying to avoid? I assume that somehow results in the error
      (where the comment in question is the existing comment in the source
      code about mmap/brk clashes).
      Suggested-by: default avatarHugh Dickins <hugh@veritas.com>
      Acked-by: default avatarMarcus Meissner <meissner@suse.de>
      Cc: Andrew Morton <akpm@osdl.org>
      Cc: Andi Kleen <ak@suse.de>
      Cc: Ingo Molnar <mingo@elte.hu>
      Cc: Dave Jones <davej@codemonkey.org.uk>
      Cc: Arjan van de Ven <arjan@linux.intel.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
  17. 08 Dec, 2006 2 commits
  18. 07 Dec, 2006 4 commits
  19. 04 Dec, 2006 1 commit
    • Dwayne Grant McConnell's avatar
      [POWERPC] coredump: Add SPU elf notes to coredump. · bf1ab978
      Dwayne Grant McConnell authored
      This patch adds SPU elf notes to the coredump. It creates a separate note
      for each of /regs, /fpcr, /lslr, /decr, /decr_status, /mem, /signal1,
      /signal1_type, /signal2, /signal2_type, /event_mask, /event_status,
      /mbox_info, /ibox_info, /wbox_info, /dma_info, /proxydma_info, /object-id.
      A new macro, ARCH_HAVE_EXTRA_NOTES, was created for architectures to
      specify they have extra elf core notes.
      A new macro, ELF_CORE_EXTRA_NOTES_SIZE, was created so the size of the
      additional notes could be calculated and added to the notes phdr entry.
      A new macro, ELF_CORE_WRITE_EXTRA_NOTES, was created so the new notes
      would be written after the existing notes.
      The SPU coredump code resides in spufs. Stub functions are provided in the
      kernel which are hooked into the spufs code which does the actual work via
      A new set of __spufs_<file>_read/get() functions was provided to allow the
      coredump code to read from the spufs files without having to lock the
      SPU context for each file read from.
      Cc: <linux-arch@vger.kernel.org>
      Signed-off-by: default avatarDwayne Grant McConnell <decimal@us.ibm.com>
      Signed-off-by: default avatarArnd Bergmann <arnd.bergmann@de.ibm.com>
  20. 15 Oct, 2006 1 commit
  21. 13 Oct, 2006 1 commit
    • Petr Vandrovec's avatar
      [PATCH] Get core dump code to work... · 7f14daa1
      Petr Vandrovec authored
      The file based core dump code was broken by pipe changes - a relative
      llseek returns the absolute file position on success, not the relative
      one, so dump_seek() always failed when invoked with non-zero current
      Only success/failure can be tested with relative lseek, we have to trust
      kernel that on success we've got right file offset.  With this fix in
      place I have finally real core files instead of 1KB fragments...
      Signed-off-by: default avatarPetr Vandrovec <petr@vandrovec.name>
      [ Cleaned it up a bit while here - use SEEK_CUR instead of hardcoding 1 ]
      Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
  22. 01 Oct, 2006 1 commit
    • Andi Kleen's avatar
      [PATCH] Support piping into commands in /proc/sys/kernel/core_pattern · d025c9db
      Andi Kleen authored
      Using the infrastructure created in previous patches implement support to
      pipe core dumps into programs.
      This is done by overloading the existing core_pattern sysctl
      with a new syntax:
      When the first character of the pattern is a '|' the kernel will instead
      threat the rest of the pattern as a command to run.  The core dump will be
      written to the standard input of that program instead of to a file.
      This is useful for having automatic core dump analysis without filling up
      disks.  The program can do some simple analysis and save only a summary of
      the core dump.
      The core dump proces will run with the privileges and in the name space of
      the process that caused the core dump.
      I also increased the core pattern size to 128 bytes so that longer command
      lines fit.
      Most of the changes comes from allowing core dumps without seeks.  They are
      fairly straight forward though.
      One small incompatibility is that if someone had a core pattern previously
      that started with '|' they will get suddenly new behaviour.  I think that's
      unlikely to be a real problem though.
      Additional background:
      > Very nice, do you happen to have a program that can accept this kind of
      > input for crash dumps?  I'm guessing that the embedded people will
      > really want this functionality.
      I had a cheesy demo/prototype.  Basically it wrote the dump to a file again,
      ran gdb on it to get a backtrace and wrote the summary to a shared directory.
      Then there was a simple CGI script to generate a "top 10" crashes HTML
      Unfortunately this still had the disadvantage to needing full disk space for a
      dump except for deleting it afterwards (in fact it was worse because over the
      pipe holes didn't work so if you have a holey address map it would require
      more space).
      Fortunately gdb seems to be happy to handle /proc/pid/fd/xxx input pipes as
      cores (at least it worked with zsh's =(cat core) syntax), so it would be
      likely possible to do it without temporary space with a simple wrapper that
      calls it in the right way.  I ran out of time before doing that though.
      The demo prototype scripts weren't very good.  If there is really interest I
      can dig them out (they are currently on a laptop disk on the desk with the
      laptop itself being in service), but I would recommend to rewrite them for any
      serious application of this and fix the disk space problem.
      Also to be really useful it should probably find a way to automatically fetch
      the debuginfos (I cheated and just installed them in advance).  If nobody else
      does it I can probably do the rewrite myself again at some point.
      My hope at some point was that desktops would support it in their builtin
      crash reporters, but at least the KDE people I talked too seemed to be happy
      with their user space only solution.
      Alan sayeth:
        I don't believe that piping as such as neccessarily the right model, but
        the ability to intercept and processes core dumps from user space is asked
        for by many enterprise users as well.  They want to know about, capture,
        analyse and process core dumps, often centrally and in automated form.
      [akpm@osdl.org: loff_t != unsigned long]
      Signed-off-by: default avatarAndi Kleen <ak@suse.de>
      Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
      Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>