From: Greg Kroah-Hartman Date: Mon, 2 Jun 2025 12:08:33 +0000 (+0200) Subject: 6.15-stable patches X-Git-Tag: v5.4.294~23 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ad0cae92f582ff3626b8e36b77445aa689975e35;p=thirdparty%2Fkernel%2Fstable-queue.git 6.15-stable patches added patches: coredump-fix-error-handling-for-replace_fd.patch coredump-hand-a-pidfd-to-the-usermode-coredump-helper.patch pidfs-move-o_rdwr-into-pidfs_alloc_file.patch --- diff --git a/queue-6.15/coredump-fix-error-handling-for-replace_fd.patch b/queue-6.15/coredump-fix-error-handling-for-replace_fd.patch new file mode 100644 index 0000000000..b9aade7edb --- /dev/null +++ b/queue-6.15/coredump-fix-error-handling-for-replace_fd.patch @@ -0,0 +1,52 @@ +From 95c5f43181fe9c1b5e5a4bd3281c857a5259991f Mon Sep 17 00:00:00 2001 +From: Christian Brauner +Date: Mon, 14 Apr 2025 15:55:06 +0200 +Subject: coredump: fix error handling for replace_fd() + +From: Christian Brauner + +commit 95c5f43181fe9c1b5e5a4bd3281c857a5259991f upstream. + +The replace_fd() helper returns the file descriptor number on success +and a negative error code on failure. The current error handling in +umh_pipe_setup() only works because the file descriptor that is replaced +is zero but that's pretty volatile. Explicitly check for a negative +error code. + +Link: https://lore.kernel.org/20250414-work-coredump-v2-2-685bf231f828@kernel.org +Tested-by: Luca Boccassi +Reviewed-by: Oleg Nesterov +Signed-off-by: Christian Brauner +Signed-off-by: Greg Kroah-Hartman +--- + fs/coredump.c | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +--- a/fs/coredump.c ++++ b/fs/coredump.c +@@ -507,7 +507,9 @@ static int umh_pipe_setup(struct subproc + { + struct file *files[2]; + struct coredump_params *cp = (struct coredump_params *)info->data; +- int err = create_pipe_files(files, 0); ++ int err; ++ ++ err = create_pipe_files(files, 0); + if (err) + return err; + +@@ -515,10 +517,13 @@ static int umh_pipe_setup(struct subproc + + err = replace_fd(0, files[0], 0); + fput(files[0]); ++ if (err < 0) ++ return err; ++ + /* and disallow core files too */ + current->signal->rlim[RLIMIT_CORE] = (struct rlimit){1, 1}; + +- return err; ++ return 0; + } + + void do_coredump(const kernel_siginfo_t *siginfo) diff --git a/queue-6.15/coredump-hand-a-pidfd-to-the-usermode-coredump-helper.patch b/queue-6.15/coredump-hand-a-pidfd-to-the-usermode-coredump-helper.patch new file mode 100644 index 0000000000..b7df5187f3 --- /dev/null +++ b/queue-6.15/coredump-hand-a-pidfd-to-the-usermode-coredump-helper.patch @@ -0,0 +1,162 @@ +From b5325b2a270fcaf7b2a9a0f23d422ca8a5a8bdea Mon Sep 17 00:00:00 2001 +From: Christian Brauner +Date: Mon, 14 Apr 2025 15:55:07 +0200 +Subject: coredump: hand a pidfd to the usermode coredump helper + +From: Christian Brauner + +commit b5325b2a270fcaf7b2a9a0f23d422ca8a5a8bdea upstream. + +Give userspace a way to instruct the kernel to install a pidfd into the +usermode helper process. This makes coredump handling a lot more +reliable for userspace. In parallel with this commit we already have +systemd adding support for this in [1]. + +We create a pidfs file for the coredumping process when we process the +corename pattern. When the usermode helper process is forked we then +install the pidfs file as file descriptor three into the usermode +helpers file descriptor table so it's available to the exec'd program. + +Since usermode helpers are either children of the system_unbound_wq +workqueue or kthreadd we know that the file descriptor table is empty +and can thus always use three as the file descriptor number. + +Note, that we'll install a pidfd for the thread-group leader even if a +subthread is calling do_coredump(). We know that task linkage hasn't +been removed due to delay_group_leader() and even if this @current isn't +the actual thread-group leader we know that the thread-group leader +cannot be reaped until @current has exited. + +Link: https://github.com/systemd/systemd/pull/37125 [1] +Link: https://lore.kernel.org/20250414-work-coredump-v2-3-685bf231f828@kernel.org +Tested-by: Luca Boccassi +Reviewed-by: Oleg Nesterov +Signed-off-by: Christian Brauner +Signed-off-by: Greg Kroah-Hartman +--- + fs/coredump.c | 56 +++++++++++++++++++++++++++++++++++++++++++---- + include/linux/coredump.h | 1 + 2 files changed, 53 insertions(+), 4 deletions(-) + +--- a/fs/coredump.c ++++ b/fs/coredump.c +@@ -43,6 +43,8 @@ + #include + #include + #include ++#include ++#include + + #include + #include +@@ -60,6 +62,12 @@ static void free_vma_snapshot(struct cor + #define CORE_FILE_NOTE_SIZE_DEFAULT (4*1024*1024) + /* Define a reasonable max cap */ + #define CORE_FILE_NOTE_SIZE_MAX (16*1024*1024) ++/* ++ * File descriptor number for the pidfd for the thread-group leader of ++ * the coredumping task installed into the usermode helper's file ++ * descriptor table. ++ */ ++#define COREDUMP_PIDFD_NUMBER 3 + + static int core_uses_pid; + static unsigned int core_pipe_limit; +@@ -339,6 +347,27 @@ static int format_corename(struct core_n + case 'C': + err = cn_printf(cn, "%d", cprm->cpu); + break; ++ /* pidfd number */ ++ case 'F': { ++ /* ++ * Installing a pidfd only makes sense if ++ * we actually spawn a usermode helper. ++ */ ++ if (!ispipe) ++ break; ++ ++ /* ++ * Note that we'll install a pidfd for the ++ * thread-group leader. We know that task ++ * linkage hasn't been removed yet and even if ++ * this @current isn't the actual thread-group ++ * leader we know that the thread-group leader ++ * cannot be reaped until @current has exited. ++ */ ++ cprm->pid = task_tgid(current); ++ err = cn_printf(cn, "%d", COREDUMP_PIDFD_NUMBER); ++ break; ++ } + default: + break; + } +@@ -493,7 +522,7 @@ static void wait_for_dump_helpers(struct + } + + /* +- * umh_pipe_setup ++ * umh_coredump_setup + * helper function to customize the process used + * to collect the core in userspace. Specifically + * it sets up a pipe and installs it as fd 0 (stdin) +@@ -503,12 +532,31 @@ static void wait_for_dump_helpers(struct + * is a special value that we use to trap recursive + * core dumps + */ +-static int umh_pipe_setup(struct subprocess_info *info, struct cred *new) ++static int umh_coredump_setup(struct subprocess_info *info, struct cred *new) + { + struct file *files[2]; + struct coredump_params *cp = (struct coredump_params *)info->data; + int err; + ++ if (cp->pid) { ++ struct file *pidfs_file __free(fput) = NULL; ++ ++ pidfs_file = pidfs_alloc_file(cp->pid, 0); ++ if (IS_ERR(pidfs_file)) ++ return PTR_ERR(pidfs_file); ++ ++ /* ++ * Usermode helpers are childen of either ++ * system_unbound_wq or of kthreadd. So we know that ++ * we're starting off with a clean file descriptor ++ * table. So we should always be able to use ++ * COREDUMP_PIDFD_NUMBER as our file descriptor value. ++ */ ++ err = replace_fd(COREDUMP_PIDFD_NUMBER, pidfs_file, 0); ++ if (err < 0) ++ return err; ++ } ++ + err = create_pipe_files(files, 0); + if (err) + return err; +@@ -598,7 +646,7 @@ void do_coredump(const kernel_siginfo_t + } + + if (cprm.limit == 1) { +- /* See umh_pipe_setup() which sets RLIMIT_CORE = 1. ++ /* See umh_coredump_setup() which sets RLIMIT_CORE = 1. + * + * Normally core limits are irrelevant to pipes, since + * we're not writing to the file system, but we use +@@ -637,7 +685,7 @@ void do_coredump(const kernel_siginfo_t + retval = -ENOMEM; + sub_info = call_usermodehelper_setup(helper_argv[0], + helper_argv, NULL, GFP_KERNEL, +- umh_pipe_setup, NULL, &cprm); ++ umh_coredump_setup, NULL, &cprm); + if (sub_info) + retval = call_usermodehelper_exec(sub_info, + UMH_WAIT_EXEC); +--- a/include/linux/coredump.h ++++ b/include/linux/coredump.h +@@ -28,6 +28,7 @@ struct coredump_params { + int vma_count; + size_t vma_data_size; + struct core_vma_metadata *vma_meta; ++ struct pid *pid; + }; + + extern unsigned int core_file_note_size_limit; diff --git a/queue-6.15/pidfs-move-o_rdwr-into-pidfs_alloc_file.patch b/queue-6.15/pidfs-move-o_rdwr-into-pidfs_alloc_file.patch new file mode 100644 index 0000000000..c604802a3e --- /dev/null +++ b/queue-6.15/pidfs-move-o_rdwr-into-pidfs_alloc_file.patch @@ -0,0 +1,31 @@ +From c57f07b235871c9e5bffaccd458dca2d9a62b164 Mon Sep 17 00:00:00 2001 +From: Christian Brauner +Date: Mon, 14 Apr 2025 15:55:05 +0200 +Subject: pidfs: move O_RDWR into pidfs_alloc_file() + +From: Christian Brauner + +commit c57f07b235871c9e5bffaccd458dca2d9a62b164 upstream. + +Since all pidfds must be O_RDWR currently enfore that directly in the +file allocation function itself instead of letting callers specify it. + +Link: https://lore.kernel.org/20250414-work-coredump-v2-1-685bf231f828@kernel.org +Tested-by: Luca Boccassi +Reviewed-by: Oleg Nesterov +Signed-off-by: Christian Brauner +Signed-off-by: Greg Kroah-Hartman +--- + fs/pidfs.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/fs/pidfs.c ++++ b/fs/pidfs.c +@@ -888,6 +888,7 @@ struct file *pidfs_alloc_file(struct pid + return ERR_PTR(-ESRCH); + + flags &= ~PIDFD_CLONE; ++ flags |= O_RDWR; + pidfd_file = dentry_open(&path, flags, current_cred()); + /* Raise PIDFD_THREAD explicitly as do_dentry_open() strips it. */ + if (!IS_ERR(pidfd_file)) diff --git a/queue-6.15/series b/queue-6.15/series index 41c5878b2d..f7e0d80e14 100644 --- a/queue-6.15/series +++ b/queue-6.15/series @@ -42,3 +42,6 @@ net_sched-hfsc-address-reentrant-enqueue-adding-class-to-eltree-twice.patch perf-arm-cmn-fix-req2-snp2-mixup.patch perf-arm-cmn-initialise-cmn-cpu-earlier.patch perf-arm-cmn-add-cmn-s3-acpi-binding.patch +pidfs-move-o_rdwr-into-pidfs_alloc_file.patch +coredump-fix-error-handling-for-replace_fd.patch +coredump-hand-a-pidfd-to-the-usermode-coredump-helper.patch