coredump: kill MMF_DUMPABLE and MMF_DUMP_SECURELY
Nobody actually needs MMF_DUMPABLE/MMF_DUMP_SECURELY, they are only used to enforce the encoding of SUID_DUMP_* enum in mm->flags & MMF_DUMPABLE_MASK. Now that set_dumpable() updates both bits atomically we can kill them and simply store the value "as is" in 2 lower bits. Signed-off-by: Oleg Nesterov <oleg@redhat.com> Acked-by: Kees Cook <keescook@chromium.org> Cc: Alex Kelly <alex.page.kelly@gmail.com> Cc: "Eric W. Biederman" <ebiederm@xmission.com> Cc: Josh Triplett <josh@joshtriplett.org> Cc: Petr Matousek <pmatouse@redhat.com> Cc: Vasily Kulikov <segoon@openwall.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
parent
abacd2fe3c
commit
7288e1187b
2 changed files with 7 additions and 18 deletions
21
fs/exec.c
21
fs/exec.c
|
@ -1613,33 +1613,24 @@ void set_binfmt(struct linux_binfmt *new)
|
||||||
EXPORT_SYMBOL(set_binfmt);
|
EXPORT_SYMBOL(set_binfmt);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* set_dumpable converts traditional three-value dumpable to two flags and
|
* set_dumpable stores three-value SUID_DUMP_* into mm->flags.
|
||||||
* stores them into mm->flags.
|
|
||||||
*/
|
*/
|
||||||
void set_dumpable(struct mm_struct *mm, int value)
|
void set_dumpable(struct mm_struct *mm, int value)
|
||||||
{
|
{
|
||||||
unsigned long old, new;
|
unsigned long old, new;
|
||||||
|
|
||||||
|
if (WARN_ON((unsigned)value > SUID_DUMP_ROOT))
|
||||||
|
return;
|
||||||
|
|
||||||
do {
|
do {
|
||||||
old = ACCESS_ONCE(mm->flags);
|
old = ACCESS_ONCE(mm->flags);
|
||||||
new = old & ~MMF_DUMPABLE_MASK;
|
new = (old & ~MMF_DUMPABLE_MASK) | value;
|
||||||
|
|
||||||
switch (value) {
|
|
||||||
case SUID_DUMP_ROOT:
|
|
||||||
new |= (1 << MMF_DUMP_SECURELY);
|
|
||||||
case SUID_DUMP_USER:
|
|
||||||
new |= (1<< MMF_DUMPABLE);
|
|
||||||
}
|
|
||||||
|
|
||||||
} while (cmpxchg(&mm->flags, old, new) != old);
|
} while (cmpxchg(&mm->flags, old, new) != old);
|
||||||
}
|
}
|
||||||
|
|
||||||
int __get_dumpable(unsigned long mm_flags)
|
int __get_dumpable(unsigned long mm_flags)
|
||||||
{
|
{
|
||||||
int ret;
|
return mm_flags & MMF_DUMPABLE_MASK;
|
||||||
|
|
||||||
ret = mm_flags & MMF_DUMPABLE_MASK;
|
|
||||||
return (ret > SUID_DUMP_USER) ? SUID_DUMP_ROOT : ret;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|
|
@ -400,10 +400,8 @@ extern int get_dumpable(struct mm_struct *mm);
|
||||||
#define SUID_DUMP_ROOT 2 /* Dump as root */
|
#define SUID_DUMP_ROOT 2 /* Dump as root */
|
||||||
|
|
||||||
/* mm flags */
|
/* mm flags */
|
||||||
/* dumpable bits */
|
|
||||||
#define MMF_DUMPABLE 0 /* core dump is permitted */
|
|
||||||
#define MMF_DUMP_SECURELY 1 /* core file is readable only by root */
|
|
||||||
|
|
||||||
|
/* for SUID_DUMP_* above */
|
||||||
#define MMF_DUMPABLE_BITS 2
|
#define MMF_DUMPABLE_BITS 2
|
||||||
#define MMF_DUMPABLE_MASK ((1 << MMF_DUMPABLE_BITS) - 1)
|
#define MMF_DUMPABLE_MASK ((1 << MMF_DUMPABLE_BITS) - 1)
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue