path: root/fs/exec.c
diff options
authorNeil Horman <nhorman@tuxdriver.com>2009-09-23 15:56:58 -0700
committerLinus Torvalds <torvalds@linux-foundation.org>2009-09-24 07:21:00 -0700
commit61be228a06dc6e8662f30e89eda3c12083c1f379 (patch)
treebe481a4f2dcb2ab4fded8d72d42601e360fc89df /fs/exec.c
parenta293980c2e261bd5b0d2a77340dd04f684caff58 (diff)
exec: allow do_coredump() to wait for user space pipe readers to complete
Allow core_pattern pipes to wait for user space to complete One of the things that user space processes like to do is look at metadata for a crashing process in their /proc/<pid> directory. this is racy however, since do_coredump in the kernel doesn't wait for the user space process to complete before it reaps the crashing process. This patch corrects that. Allowing the kernel to wait for the user space process to complete before cleaning up the crashing process. This is a bit tricky to do for a few reasons: 1) The user space process isn't our child, so we can't sys_wait4 on it 2) We need to close the pipe before waiting for the user process to complete, since the user process may rely on an EOF condition I've discussed several solutions with Oleg Nesterov off-list about this, and this is the one we've come up with. We add ourselves as a pipe reader (to prevent premature cleanup of the pipe_inode_info), and remove ourselves as a writer (to provide an EOF condition to the writer in user space), then we iterate until the user space process exits (which we detect by pipe->readers == 1, hence the > 1 check in the loop). When we exit the loop, we restore the proper reader/writer values, then we return and let filp_close in do_coredump clean up the pipe data properly. Signed-off-by: Neil Horman <nhorman@tuxdriver.com> Reported-by: Earl Chew <earl_chew@agilent.com> Cc: Oleg Nesterov <oleg@tv-sign.ru> Cc: Andi Kleen <andi@firstfloor.org> Cc: Alan Cox <alan@lxorguk.ukuu.org.uk> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'fs/exec.c')
1 files changed, 26 insertions, 0 deletions
diff --git a/fs/exec.c b/fs/exec.c
index dc022dd15d5..8efbdc606a1 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -55,6 +55,7 @@
#include <linux/kmod.h>
#include <linux/fsnotify.h>
#include <linux/fs_struct.h>
+#include <linux/pipe_fs_i.h>
#include <asm/uaccess.h>
#include <asm/mmu_context.h>
@@ -1729,6 +1730,29 @@ int get_dumpable(struct mm_struct *mm)
return (ret >= 2) ? 2 : ret;
+static void wait_for_dump_helpers(struct file *file)
+ struct pipe_inode_info *pipe;
+ pipe = file->f_path.dentry->d_inode->i_pipe;
+ pipe_lock(pipe);
+ pipe->readers++;
+ pipe->writers--;
+ while ((pipe->readers > 1) && (!signal_pending(current))) {
+ wake_up_interruptible_sync(&pipe->wait);
+ kill_fasync(&pipe->fasync_readers, SIGIO, POLL_IN);
+ pipe_wait(pipe);
+ }
+ pipe->readers--;
+ pipe->writers++;
+ pipe_unlock(pipe);
void do_coredump(long signr, int exit_code, struct pt_regs *regs)
struct core_state core_state;
@@ -1886,6 +1910,8 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs)
if (retval)
current->signal->group_exit_code |= 0x80;
+ if (ispipe && core_pipe_limit)
+ wait_for_dump_helpers(file);
filp_close(file, NULL);
if (dump_count)