From patchwork Wed Sep 8 03:00:29 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Morton X-Patchwork-Id: 12480061 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 52AB7C433F5 for ; Wed, 8 Sep 2021 03:00:32 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 0768B61100 for ; Wed, 8 Sep 2021 03:00:32 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 0768B61100 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=linux-foundation.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org Received: by kanga.kvack.org (Postfix) id A51E394005C; Tue, 7 Sep 2021 23:00:31 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id A011A940042; Tue, 7 Sep 2021 23:00:31 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 8F07C94005C; Tue, 7 Sep 2021 23:00:31 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0139.hostedemail.com [216.40.44.139]) by kanga.kvack.org (Postfix) with ESMTP id 7E98C940042 for ; Tue, 7 Sep 2021 23:00:31 -0400 (EDT) Received: from smtpin31.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay01.hostedemail.com (Postfix) with ESMTP id 4277A180301A8 for ; Wed, 8 Sep 2021 03:00:31 +0000 (UTC) X-FDA: 78562903062.31.FA0712A Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by imf01.hostedemail.com (Postfix) with ESMTP id 0428A5055454 for ; Wed, 8 Sep 2021 03:00:30 +0000 (UTC) Received: by mail.kernel.org (Postfix) with ESMTPSA id 1B8076113C; Wed, 8 Sep 2021 03:00:30 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linux-foundation.org; s=korg; t=1631070030; bh=V3Lsf9ju94cbEYISwW4POWlIza6cbQEJotoBWZoo3yU=; h=Date:From:To:Subject:In-Reply-To:From; b=jwV7IW3VYIW6ByPzFil0hSkQK8jb9TUgyFXPqnp7bEKCeXBGGW8ojSPixX+nUy52h m6CF7sD3SPYNGS4YnNLvvQZd5tLX/XokAh5iabBvcfN10NmS9y+Koe2EUNfbaM2ofF OjS2opIWI6dLYE1aIFGERiq3Q+zR/bqf0hYp18C8= Date: Tue, 07 Sep 2021 20:00:29 -0700 From: Andrew Morton To: akpm@linux-foundation.org, david.oberhollenzer@sigma-star.at, linux-mm@kvack.org, mm-commits@vger.kernel.org, torvalds@linux-foundation.org, viro@zeniv.linux.org.uk Subject: [patch 137/147] fs/coredump.c: log if a core dump is aborted due to changed file permissions Message-ID: <20210908030029.TAOch83kD%akpm@linux-foundation.org> In-Reply-To: <20210907195226.14b1d22a07c085b22968b933@linux-foundation.org> User-Agent: s-nail v14.8.16 Authentication-Results: imf01.hostedemail.com; dkim=pass header.d=linux-foundation.org header.s=korg header.b=jwV7IW3V; dmarc=none; spf=pass (imf01.hostedemail.com: domain of akpm@linux-foundation.org designates 198.145.29.99 as permitted sender) smtp.mailfrom=akpm@linux-foundation.org X-Rspamd-Server: rspam03 X-Rspamd-Queue-Id: 0428A5055454 X-Stat-Signature: g8jw9ppc93d3b6t9ca6xcoa63tae8eag X-HE-Tag: 1631070030-474648 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: From: David Oberhollenzer Subject: fs/coredump.c: log if a core dump is aborted due to changed file permissions For obvious security reasons, a core dump is aborted if the filesystem cannot preserve ownership or permissions of the dump file. This affects filesystems like e.g. vfat, but also something like a 9pfs share in a Qemu test setup, running as a regular user, depending on the security model used. In those cases, the result is an empty core file and a confused user. To hopefully safe other people a lot of time figuring out the cause, this patch adds a simple log message for those specific cases. [akpm@linux-foundation.org: s/|%s/%s/ in printk text] Link: https://lkml.kernel.org/r/20210701233151.102720-1-david.oberhollenzer@sigma-star.at Signed-off-by: David Oberhollenzer Cc: Al Viro Signed-off-by: Andrew Morton --- fs/coredump.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) --- a/fs/coredump.c~log-if-a-core-dump-is-aborted-due-to-changed-file-permissions +++ a/fs/coredump.c @@ -782,10 +782,17 @@ void do_coredump(const kernel_siginfo_t * filesystem. */ mnt_userns = file_mnt_user_ns(cprm.file); - if (!uid_eq(i_uid_into_mnt(mnt_userns, inode), current_fsuid())) + if (!uid_eq(i_uid_into_mnt(mnt_userns, inode), + current_fsuid())) { + pr_info_ratelimited("Core dump to %s aborted: cannot preserve file owner\n", + cn.corename); goto close_fail; - if ((inode->i_mode & 0677) != 0600) + } + if ((inode->i_mode & 0677) != 0600) { + pr_info_ratelimited("Core dump to %s aborted: cannot preserve file permissions\n", + cn.corename); goto close_fail; + } if (!(cprm.file->f_mode & FMODE_CAN_WRITE)) goto close_fail; if (do_truncate(mnt_userns, cprm.file->f_path.dentry,