1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25#include <linux/config.h>
26#include <linux/slab.h>
27#include <linux/file.h>
28#include <linux/mman.h>
29#include <linux/a.out.h>
30#include <linux/stat.h>
31#include <linux/fcntl.h>
32#include <linux/smp_lock.h>
33#include <linux/init.h>
34#include <linux/pagemap.h>
35#include <linux/highmem.h>
36#include <linux/spinlock.h>
37#include <linux/personality.h>
38#define __NO_VERSION__
39#include <linux/module.h>
40
41#include <asm/uaccess.h>
42#include <asm/pgalloc.h>
43#include <asm/mmu_context.h>
44
45#ifdef CONFIG_KMOD
46#include <linux/kmod.h>
47#endif
48
49int core_uses_pid;
50
51static struct linux_binfmt *formats;
52static rwlock_t binfmt_lock = RW_LOCK_UNLOCKED;
53
54int register_binfmt(struct linux_binfmt * fmt)
55{
56 struct linux_binfmt ** tmp = &formats;
57
58 if (!fmt)
59 return -EINVAL;
60 if (fmt->next)
61 return -EBUSY;
62 write_lock(&binfmt_lock);
63 while (*tmp) {
64 if (fmt == *tmp) {
65 write_unlock(&binfmt_lock);
66 return -EBUSY;
67 }
68 tmp = &(*tmp)->next;
69 }
70 fmt->next = formats;
71 formats = fmt;
72 write_unlock(&binfmt_lock);
73 return 0;
74}
75
76int unregister_binfmt(struct linux_binfmt * fmt)
77{
78 struct linux_binfmt ** tmp = &formats;
79
80 write_lock(&binfmt_lock);
81 while (*tmp) {
82 if (fmt == *tmp) {
83 *tmp = fmt->next;
84 write_unlock(&binfmt_lock);
85 return 0;
86 }
87 tmp = &(*tmp)->next;
88 }
89 write_unlock(&binfmt_lock);
90 return -EINVAL;
91}
92
93static inline void put_binfmt(struct linux_binfmt * fmt)
94{
95 if (fmt->module)
96 __MOD_DEC_USE_COUNT(fmt->module);
97}
98
99
100
101
102
103
104
105asmlinkage long sys_uselib(const char * library)
106{
107 struct file * file;
108 struct nameidata nd;
109 int error;
110
111 error = user_path_walk(library, &nd);
112 if (error)
113 goto out;
114
115 error = -EINVAL;
116 if (!S_ISREG(nd.dentry->d_inode->i_mode))
117 goto exit;
118
119 error = permission(nd.dentry->d_inode, MAY_READ | MAY_EXEC);
120 if (error)
121 goto exit;
122
123 file = dentry_open(nd.dentry, nd.mnt, O_RDONLY);
124 error = PTR_ERR(file);
125 if (IS_ERR(file))
126 goto out;
127
128 error = -ENOEXEC;
129 if(file->f_op && file->f_op->read) {
130 struct linux_binfmt * fmt;
131
132 read_lock(&binfmt_lock);
133 for (fmt = formats ; fmt ; fmt = fmt->next) {
134 if (!fmt->load_shlib)
135 continue;
136 if (!try_inc_mod_count(fmt->module))
137 continue;
138 read_unlock(&binfmt_lock);
139 error = fmt->load_shlib(file);
140 read_lock(&binfmt_lock);
141 put_binfmt(fmt);
142 if (error != -ENOEXEC)
143 break;
144 }
145 read_unlock(&binfmt_lock);
146 }
147 fput(file);
148out:
149 return error;
150exit:
151 path_release(&nd);
152 goto out;
153}
154
155
156
157
158static int count(char ** argv, int max)
159{
160 int i = 0;
161
162 if (argv != NULL) {
163 for (;;) {
164 char * p;
165
166 if (get_user(p, argv))
167 return -EFAULT;
168 if (!p)
169 break;
170 argv++;
171 if(++i > max)
172 return -E2BIG;
173 }
174 }
175 return i;
176}
177
178
179
180
181
182
183int copy_strings(int argc,char ** argv, struct linux_binprm *bprm)
184{
185 struct page *kmapped_page = NULL;
186 char *kaddr = NULL;
187 int ret;
188
189 while (argc-- > 0) {
190 char *str;
191 int len;
192 unsigned long pos;
193
194 if (get_user(str, argv+argc) ||
195 !(len = strnlen_user(str, bprm->p))) {
196 ret = -EFAULT;
197 goto out;
198 }
199
200 if (bprm->p < len) {
201 ret = -E2BIG;
202 goto out;
203 }
204
205 bprm->p -= len;
206
207 pos = bprm->p;
208
209 while (len > 0) {
210 int i, new, err;
211 int offset, bytes_to_copy;
212 struct page *page;
213
214 offset = pos % PAGE_SIZE;
215 i = pos/PAGE_SIZE;
216 page = bprm->page[i];
217 new = 0;
218 if (!page) {
219 page = alloc_page(GFP_HIGHUSER);
220 bprm->page[i] = page;
221 if (!page) {
222 ret = -ENOMEM;
223 goto out;
224 }
225 new = 1;
226 }
227
228 if (page != kmapped_page) {
229 if (kmapped_page)
230 kunmap(kmapped_page);
231 kmapped_page = page;
232 kaddr = kmap(kmapped_page);
233 }
234 if (new && offset)
235 memset(kaddr, 0, offset);
236 bytes_to_copy = PAGE_SIZE - offset;
237 if (bytes_to_copy > len) {
238 bytes_to_copy = len;
239 if (new)
240 memset(kaddr+offset+len, 0,
241 PAGE_SIZE-offset-len);
242 }
243 err = copy_from_user(kaddr+offset, str, bytes_to_copy);
244 if (err) {
245 ret = -EFAULT;
246 goto out;
247 }
248
249 pos += bytes_to_copy;
250 str += bytes_to_copy;
251 len -= bytes_to_copy;
252 }
253 }
254 ret = 0;
255out:
256 if (kmapped_page)
257 kunmap(kmapped_page);
258 return ret;
259}
260
261
262
263
264int copy_strings_kernel(int argc,char ** argv, struct linux_binprm *bprm)
265{
266 int r;
267 mm_segment_t oldfs = get_fs();
268 set_fs(KERNEL_DS);
269 r = copy_strings(argc, argv, bprm);
270 set_fs(oldfs);
271 return r;
272}
273
274
275
276
277
278
279
280void put_dirty_page(struct task_struct * tsk, struct page *page, unsigned long address)
281{
282 pgd_t * pgd;
283 pmd_t * pmd;
284 pte_t * pte;
285
286 if (page_count(page) != 1)
287 printk(KERN_ERR "mem_map disagrees with %p at %08lx\n", page, address);
288 pgd = pgd_offset(tsk->mm, address);
289
290 spin_lock(&tsk->mm->page_table_lock);
291 pmd = pmd_alloc(tsk->mm, pgd, address);
292 if (!pmd)
293 goto out;
294 pte = pte_alloc(tsk->mm, pmd, address);
295 if (!pte)
296 goto out;
297 if (!pte_none(*pte))
298 goto out;
299 lru_cache_add(page);
300 flush_dcache_page(page);
301 flush_page_to_ram(page);
302 set_pte(pte, pte_mkdirty(pte_mkwrite(mk_pte(page, PAGE_COPY))));
303 tsk->mm->rss++;
304 spin_unlock(&tsk->mm->page_table_lock);
305
306
307 return;
308out:
309 spin_unlock(&tsk->mm->page_table_lock);
310 __free_page(page);
311 force_sig(SIGKILL, tsk);
312 return;
313}
314
315int setup_arg_pages(struct linux_binprm *bprm)
316{
317 unsigned long stack_base;
318 struct vm_area_struct *mpnt;
319 int i;
320
321 stack_base = STACK_TOP - MAX_ARG_PAGES*PAGE_SIZE;
322
323 bprm->p += stack_base;
324 if (bprm->loader)
325 bprm->loader += stack_base;
326 bprm->exec += stack_base;
327
328 mpnt = kmem_cache_alloc(vm_area_cachep, SLAB_KERNEL);
329 if (!mpnt)
330 return -ENOMEM;
331
332 down_write(¤t->mm->mmap_sem);
333 {
334 mpnt->vm_mm = current->mm;
335 mpnt->vm_start = PAGE_MASK & (unsigned long) bprm->p;
336 mpnt->vm_end = STACK_TOP;
337 mpnt->vm_page_prot = PAGE_COPY;
338 mpnt->vm_flags = VM_STACK_FLAGS;
339 mpnt->vm_ops = NULL;
340 mpnt->vm_pgoff = 0;
341 mpnt->vm_file = NULL;
342 mpnt->vm_private_data = (void *) 0;
343 insert_vm_struct(current->mm, mpnt);
344 current->mm->total_vm = (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT;
345 }
346
347 for (i = 0 ; i < MAX_ARG_PAGES ; i++) {
348 struct page *page = bprm->page[i];
349 if (page) {
350 bprm->page[i] = NULL;
351 put_dirty_page(current,page,stack_base);
352 }
353 stack_base += PAGE_SIZE;
354 }
355 up_write(¤t->mm->mmap_sem);
356
357 return 0;
358}
359
360struct file *open_exec(const char *name)
361{
362 struct nameidata nd;
363 struct inode *inode;
364 struct file *file;
365 int err = 0;
366
367 err = path_lookup(name, LOOKUP_FOLLOW|LOOKUP_POSITIVE, &nd);
368 file = ERR_PTR(err);
369 if (!err) {
370 inode = nd.dentry->d_inode;
371 file = ERR_PTR(-EACCES);
372 if (!(nd.mnt->mnt_flags & MNT_NOEXEC) &&
373 S_ISREG(inode->i_mode)) {
374 int err = permission(inode, MAY_EXEC);
375 if (!err && !(inode->i_mode & 0111))
376 err = -EACCES;
377 file = ERR_PTR(err);
378 if (!err) {
379 file = dentry_open(nd.dentry, nd.mnt, O_RDONLY);
380 if (!IS_ERR(file)) {
381 err = deny_write_access(file);
382 if (err) {
383 fput(file);
384 file = ERR_PTR(err);
385 }
386 }
387out:
388 return file;
389 }
390 }
391 path_release(&nd);
392 }
393 goto out;
394}
395
396int kernel_read(struct file *file, unsigned long offset,
397 char * addr, unsigned long count)
398{
399 mm_segment_t old_fs;
400 loff_t pos = offset;
401 int result = -ENOSYS;
402
403 if (!file->f_op->read)
404 goto fail;
405 old_fs = get_fs();
406 set_fs(get_ds());
407 result = file->f_op->read(file, addr, count, &pos);
408 set_fs(old_fs);
409fail:
410 return result;
411}
412
413static int exec_mmap(void)
414{
415 struct mm_struct * mm, * old_mm;
416
417 old_mm = current->mm;
418 if (old_mm && atomic_read(&old_mm->mm_users) == 1) {
419 mm_release();
420 exit_mmap(old_mm);
421 return 0;
422 }
423
424 mm = mm_alloc();
425 if (mm) {
426 struct mm_struct *active_mm;
427
428 if (init_new_context(current, mm)) {
429 mmdrop(mm);
430 return -ENOMEM;
431 }
432
433
434 spin_lock(&mmlist_lock);
435 list_add(&mm->mmlist, &init_mm.mmlist);
436 mmlist_nr++;
437 spin_unlock(&mmlist_lock);
438
439 task_lock(current);
440 active_mm = current->active_mm;
441 current->mm = mm;
442 current->active_mm = mm;
443 task_unlock(current);
444 activate_mm(active_mm, mm);
445 mm_release();
446 if (old_mm) {
447 if (active_mm != old_mm) BUG();
448 mmput(old_mm);
449 return 0;
450 }
451 mmdrop(active_mm);
452 return 0;
453 }
454 return -ENOMEM;
455}
456
457
458
459
460
461
462
463
464static inline int make_private_signals(void)
465{
466 struct signal_struct * newsig;
467
468 if (atomic_read(¤t->sig->count) <= 1)
469 return 0;
470 newsig = kmem_cache_alloc(sigact_cachep, GFP_KERNEL);
471 if (newsig == NULL)
472 return -ENOMEM;
473 spin_lock_init(&newsig->siglock);
474 atomic_set(&newsig->count, 1);
475 memcpy(newsig->action, current->sig->action, sizeof(newsig->action));
476 spin_lock_irq(¤t->sigmask_lock);
477 current->sig = newsig;
478 spin_unlock_irq(¤t->sigmask_lock);
479 return 0;
480}
481
482
483
484
485
486
487
488
489static inline void release_old_signals(struct signal_struct * oldsig)
490{
491 if (current->sig == oldsig)
492 return;
493 if (atomic_dec_and_test(&oldsig->count))
494 kmem_cache_free(sigact_cachep, oldsig);
495}
496
497
498
499
500
501
502static inline void flush_old_files(struct files_struct * files)
503{
504 long j = -1;
505
506 write_lock(&files->file_lock);
507 for (;;) {
508 unsigned long set, i;
509
510 j++;
511 i = j * __NFDBITS;
512 if (i >= files->max_fds || i >= files->max_fdset)
513 break;
514 set = files->close_on_exec->fds_bits[j];
515 if (!set)
516 continue;
517 files->close_on_exec->fds_bits[j] = 0;
518 write_unlock(&files->file_lock);
519 for ( ; set ; i++,set >>= 1) {
520 if (set & 1) {
521 sys_close(i);
522 }
523 }
524 write_lock(&files->file_lock);
525
526 }
527 write_unlock(&files->file_lock);
528}
529
530
531
532
533
534
535
536
537
538
539static inline void de_thread(struct task_struct *tsk)
540{
541 if (!list_empty(&tsk->thread_group)) {
542 write_lock_irq(&tasklist_lock);
543 list_del_init(&tsk->thread_group);
544 write_unlock_irq(&tasklist_lock);
545 }
546
547
548 tsk->tgid = tsk->pid;
549}
550
551int flush_old_exec(struct linux_binprm * bprm)
552{
553 char * name;
554 int i, ch, retval;
555 struct signal_struct * oldsig;
556
557
558
559
560 oldsig = current->sig;
561 retval = make_private_signals();
562 if (retval) goto flush_failed;
563
564
565
566
567 retval = exec_mmap();
568 if (retval) goto mmap_failed;
569
570
571 release_old_signals(oldsig);
572
573 current->sas_ss_sp = current->sas_ss_size = 0;
574
575 if (current->euid == current->uid && current->egid == current->gid)
576 current->mm->dumpable = 1;
577 name = bprm->filename;
578 for (i=0; (ch = *(name++)) != '\0';) {
579 if (ch == '/')
580 i = 0;
581 else
582 if (i < 15)
583 current->comm[i++] = ch;
584 }
585 current->comm[i] = '\0';
586
587 flush_thread();
588
589 de_thread(current);
590
591 if (bprm->e_uid != current->euid || bprm->e_gid != current->egid ||
592 permission(bprm->file->f_dentry->d_inode,MAY_READ))
593 current->mm->dumpable = 0;
594
595
596
597
598 current->self_exec_id++;
599
600 flush_signal_handlers(current);
601 flush_old_files(current->files);
602
603 return 0;
604
605mmap_failed:
606flush_failed:
607 spin_lock_irq(¤t->sigmask_lock);
608 if (current->sig != oldsig) {
609 kmem_cache_free(sigact_cachep, current->sig);
610 current->sig = oldsig;
611 }
612 spin_unlock_irq(¤t->sigmask_lock);
613 return retval;
614}
615
616
617
618
619
620static inline int must_not_trace_exec(struct task_struct * p)
621{
622 return (p->ptrace & PT_PTRACED) && !(p->ptrace & PT_PTRACE_CAP);
623}
624
625
626
627
628
629int prepare_binprm(struct linux_binprm *bprm)
630{
631 int mode;
632 struct inode * inode = bprm->file->f_dentry->d_inode;
633
634 mode = inode->i_mode;
635
636
637
638
639 if (!(mode & 0111))
640 return -EACCES;
641 if (bprm->file->f_op == NULL)
642 return -EACCES;
643
644 bprm->e_uid = current->euid;
645 bprm->e_gid = current->egid;
646
647 if(!(bprm->file->f_vfsmnt->mnt_flags & MNT_NOSUID)) {
648
649 if (mode & S_ISUID)
650 bprm->e_uid = inode->i_uid;
651
652
653
654
655
656
657
658 if ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP))
659 bprm->e_gid = inode->i_gid;
660 }
661
662
663 cap_clear(bprm->cap_inheritable);
664 cap_clear(bprm->cap_permitted);
665 cap_clear(bprm->cap_effective);
666
667
668
669
670
671
672
673
674
675 if (!issecure(SECURE_NOROOT)) {
676 if (bprm->e_uid == 0 || current->uid == 0) {
677 cap_set_full(bprm->cap_inheritable);
678 cap_set_full(bprm->cap_permitted);
679 }
680 if (bprm->e_uid == 0)
681 cap_set_full(bprm->cap_effective);
682 }
683
684 memset(bprm->buf,0,BINPRM_BUF_SIZE);
685 return kernel_read(bprm->file,0,bprm->buf,BINPRM_BUF_SIZE);
686}
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703void compute_creds(struct linux_binprm *bprm)
704{
705 kernel_cap_t new_permitted, working;
706 int do_unlock = 0;
707
708 new_permitted = cap_intersect(bprm->cap_permitted, cap_bset);
709 working = cap_intersect(bprm->cap_inheritable,
710 current->cap_inheritable);
711 new_permitted = cap_combine(new_permitted, working);
712
713 if (bprm->e_uid != current->uid || bprm->e_gid != current->gid ||
714 !cap_issubset(new_permitted, current->cap_permitted)) {
715 current->mm->dumpable = 0;
716
717 lock_kernel();
718 if (must_not_trace_exec(current)
719 || atomic_read(¤t->fs->count) > 1
720 || atomic_read(¤t->files->count) > 1
721 || atomic_read(¤t->sig->count) > 1) {
722 if(!capable(CAP_SETUID)) {
723 bprm->e_uid = current->uid;
724 bprm->e_gid = current->gid;
725 }
726 if(!capable(CAP_SETPCAP)) {
727 new_permitted = cap_intersect(new_permitted,
728 current->cap_permitted);
729 }
730 }
731 do_unlock = 1;
732 }
733
734
735
736
737
738 if (current->pid != 1) {
739 current->cap_permitted = new_permitted;
740 current->cap_effective =
741 cap_intersect(new_permitted, bprm->cap_effective);
742 }
743
744
745
746 current->suid = current->euid = current->fsuid = bprm->e_uid;
747 current->sgid = current->egid = current->fsgid = bprm->e_gid;
748
749 if(do_unlock)
750 unlock_kernel();
751 current->keep_capabilities = 0;
752}
753
754
755void remove_arg_zero(struct linux_binprm *bprm)
756{
757 if (bprm->argc) {
758 unsigned long offset;
759 char * kaddr;
760 struct page *page;
761
762 offset = bprm->p % PAGE_SIZE;
763 goto inside;
764
765 while (bprm->p++, *(kaddr+offset++)) {
766 if (offset != PAGE_SIZE)
767 continue;
768 offset = 0;
769 kunmap(page);
770inside:
771 page = bprm->page[bprm->p/PAGE_SIZE];
772 kaddr = kmap(page);
773 }
774 kunmap(page);
775 bprm->argc--;
776 }
777}
778
779
780
781
782int search_binary_handler(struct linux_binprm *bprm,struct pt_regs *regs)
783{
784 int try,retval=0;
785 struct linux_binfmt *fmt;
786#ifdef __alpha__
787
788 {
789 struct exec * eh = (struct exec *) bprm->buf;
790
791 if (!bprm->loader && eh->fh.f_magic == 0x183 &&
792 (eh->fh.f_flags & 0x3000) == 0x3000)
793 {
794 struct file * file;
795 unsigned long loader;
796
797 allow_write_access(bprm->file);
798 fput(bprm->file);
799 bprm->file = NULL;
800
801 loader = PAGE_SIZE*MAX_ARG_PAGES-sizeof(void *);
802
803 file = open_exec("/sbin/loader");
804 retval = PTR_ERR(file);
805 if (IS_ERR(file))
806 return retval;
807
808
809 bprm->sh_bang = eh->ah.entry < 0x100000000;
810
811 bprm->file = file;
812 bprm->loader = loader;
813 retval = prepare_binprm(bprm);
814 if (retval<0)
815 return retval;
816
817
818 }
819 }
820#endif
821
822
823 set_fs(USER_DS);
824 for (try=0; try<2; try++) {
825 read_lock(&binfmt_lock);
826 for (fmt = formats ; fmt ; fmt = fmt->next) {
827 int (*fn)(struct linux_binprm *, struct pt_regs *) = fmt->load_binary;
828 if (!fn)
829 continue;
830 if (!try_inc_mod_count(fmt->module))
831 continue;
832 read_unlock(&binfmt_lock);
833 retval = fn(bprm, regs);
834 if (retval >= 0) {
835 put_binfmt(fmt);
836 allow_write_access(bprm->file);
837 if (bprm->file)
838 fput(bprm->file);
839 bprm->file = NULL;
840 current->did_exec = 1;
841 return retval;
842 }
843 read_lock(&binfmt_lock);
844 put_binfmt(fmt);
845 if (retval != -ENOEXEC)
846 break;
847 if (!bprm->file) {
848 read_unlock(&binfmt_lock);
849 return retval;
850 }
851 }
852 read_unlock(&binfmt_lock);
853 if (retval != -ENOEXEC) {
854 break;
855#ifdef CONFIG_KMOD
856 }else{
857#define printable(c) (((c)=='\t') || ((c)=='\n') || (0x20<=(c) && (c)<=0x7e))
858 char modname[20];
859 if (printable(bprm->buf[0]) &&
860 printable(bprm->buf[1]) &&
861 printable(bprm->buf[2]) &&
862 printable(bprm->buf[3]))
863 break;
864 sprintf(modname, "binfmt-%04x", *(unsigned short *)(&bprm->buf[2]));
865 request_module(modname);
866#endif
867 }
868 }
869 return retval;
870}
871
872
873
874
875
876int do_execve(char * filename, char ** argv, char ** envp, struct pt_regs * regs)
877{
878 struct linux_binprm bprm;
879 struct file *file;
880 int retval;
881 int i;
882
883 file = open_exec(filename);
884
885 retval = PTR_ERR(file);
886 if (IS_ERR(file))
887 return retval;
888
889 bprm.p = PAGE_SIZE*MAX_ARG_PAGES-sizeof(void *);
890 memset(bprm.page, 0, MAX_ARG_PAGES*sizeof(bprm.page[0]));
891
892 bprm.file = file;
893 bprm.filename = filename;
894 bprm.sh_bang = 0;
895 bprm.loader = 0;
896 bprm.exec = 0;
897 if ((bprm.argc = count(argv, bprm.p / sizeof(void *))) < 0) {
898 allow_write_access(file);
899 fput(file);
900 return bprm.argc;
901 }
902
903 if ((bprm.envc = count(envp, bprm.p / sizeof(void *))) < 0) {
904 allow_write_access(file);
905 fput(file);
906 return bprm.envc;
907 }
908
909 retval = prepare_binprm(&bprm);
910 if (retval < 0)
911 goto out;
912
913 retval = copy_strings_kernel(1, &bprm.filename, &bprm);
914 if (retval < 0)
915 goto out;
916
917 bprm.exec = bprm.p;
918 retval = copy_strings(bprm.envc, envp, &bprm);
919 if (retval < 0)
920 goto out;
921
922 retval = copy_strings(bprm.argc, argv, &bprm);
923 if (retval < 0)
924 goto out;
925
926 retval = search_binary_handler(&bprm,regs);
927 if (retval >= 0)
928
929 return retval;
930
931out:
932
933 allow_write_access(bprm.file);
934 if (bprm.file)
935 fput(bprm.file);
936
937 for (i = 0 ; i < MAX_ARG_PAGES ; i++) {
938 struct page * page = bprm.page[i];
939 if (page)
940 __free_page(page);
941 }
942
943 return retval;
944}
945
946void set_binfmt(struct linux_binfmt *new)
947{
948 struct linux_binfmt *old = current->binfmt;
949 if (new && new->module)
950 __MOD_INC_USE_COUNT(new->module);
951 current->binfmt = new;
952 if (old && old->module)
953 __MOD_DEC_USE_COUNT(old->module);
954}
955
956int do_coredump(long signr, struct pt_regs * regs)
957{
958 struct linux_binfmt * binfmt;
959 char corename[6+sizeof(current->comm)+10];
960 struct file * file;
961 struct inode * inode;
962 int retval = 0;
963
964 lock_kernel();
965 binfmt = current->binfmt;
966 if (!binfmt || !binfmt->core_dump)
967 goto fail;
968 if (!current->mm->dumpable)
969 goto fail;
970 current->mm->dumpable = 0;
971 if (current->rlim[RLIMIT_CORE].rlim_cur < binfmt->min_coredump)
972 goto fail;
973
974 memcpy(corename,"core", 5);
975 if (core_uses_pid || atomic_read(¤t->mm->mm_users) != 1)
976 sprintf(&corename[4], ".%d", current->pid);
977 file = filp_open(corename, O_CREAT | 2 | O_NOFOLLOW, 0600);
978 if (IS_ERR(file))
979 goto fail;
980 inode = file->f_dentry->d_inode;
981 if (inode->i_nlink > 1)
982 goto close_fail;
983 if (d_unhashed(file->f_dentry))
984 goto close_fail;
985
986 if (!S_ISREG(inode->i_mode))
987 goto close_fail;
988 if (!file->f_op)
989 goto close_fail;
990 if (!file->f_op->write)
991 goto close_fail;
992 if (do_truncate(file->f_dentry, 0) != 0)
993 goto close_fail;
994
995 retval = binfmt->core_dump(signr, regs, file);
996
997close_fail:
998 filp_close(file, NULL);
999fail:
1000 unlock_kernel();
1001 return retval;
1002}
1003
