Commit:     76fdbb25f963de5dc1e308325f0578a2f92b1c2d
Parent:     86fd6dfc0990d81123dca19541554426c9e9de3e
Author:     Kawai, Hidehiro <[EMAIL PROTECTED]>
AuthorDate: Thu Jul 19 01:48:26 2007 -0700
Committer:  Linus Torvalds <[EMAIL PROTECTED]>
CommitDate: Thu Jul 19 10:04:46 2007 -0700

    coredump masking: bound suid_dumpable sysctl
    This patch series is version 5 of the core dump masking feature, which
    controls which VMAs should be dumped based on their memory types and
    per-process flags.
    I adopted most of Andrew's suggestion at the previous version.  He also
    suggested using system call instead of /proc/<pid>/ interface, I decided to
    use the latter continuously because adding new system call with pid argument
    will give a big impact on the kernel.
    You can access the per-process flags via /proc/<pid>/coredump_filter
    interface.  coredump_filter represents a bitmask of memory types, and if a 
    is set, VMAs of corresponding memory type are written into a core file when
    the process is dumped.  The bitmask is inherited from the parent process 
    a process is created.
    The original purpose is to avoid longtime system slowdown when a number of
    processes which share a huge shared memory are dumped at the same time.  To
    achieve this purpose, this patch series adds an ability to suppress dumping
    anonymous shared memory for specified processes.  In this version, three 
    memory types are also supported.
    Here are the coredump_filter bits:
      bit 0: anonymous private memory
      bit 1: anonymous shared memory
      bit 2: file-backed private memory
      bit 3: file-backed shared memory
    The default value of coredump_filter is 0x3.  This means the new core dump
    routine has the same behavior as conventional behavior by default.
    In this version, coredump_filter bits and mm.dumpable are merged into
    mm.flags, and it is accessed by atomic bitops.
    The supported core file formats are ELF and ELF-FDPIC.  ELF has been tested,
    but ELF-FDPIC has not been built and tested because I don't have the test
    This patch limits a value of suid_dumpable sysctl to the range of 0 to 2.
    Signed-off-by: Hidehiro Kawai <[EMAIL PROTECTED]>
    Cc: Alan Cox <[EMAIL PROTECTED]>
    Cc: David Howells <[EMAIL PROTECTED]>
    Cc: Hugh Dickins <[EMAIL PROTECTED]>
    Cc: Nick Piggin <[EMAIL PROTECTED]>
    Signed-off-by: Andrew Morton <[EMAIL PROTECTED]>
    Signed-off-by: Linus Torvalds <[EMAIL PROTECTED]>
 kernel/sysctl.c |    6 +++++-
 1 files changed, 5 insertions(+), 1 deletions(-)

diff --git a/kernel/sysctl.c b/kernel/sysctl.c
index 8db4176..2aaa3f9 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -733,6 +733,7 @@ static ctl_table kern_table[] = {
 /* Constants for minimum and maximum testing in vm_table.
    We use these as one-element integer vectors. */
 static int zero;
+static int two = 2;
 static int one_hundred = 100;
@@ -1123,7 +1124,10 @@ static ctl_table fs_table[] = {
                .data           = &lease_break_time,
                .maxlen         = sizeof(int),
                .mode           = 0644,
-               .proc_handler   = &proc_dointvec,
+               .proc_handler   = &proc_dointvec_minmax,
+               .strategy       = &sysctl_intvec,
+               .extra1         = &zero,
+               .extra2         = &two,
                .ctl_name       = FS_AIO_NR,
To unsubscribe from this list: send the line "unsubscribe git-commits-head" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at

Reply via email to