From 6998b54093831fac92e2b1e251659e64d56e1df6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 11 Aug 2016 04:51:00 -0400 Subject: [PATCH] coredump: treat RLIMIT_CORE below page size as disabling coredumps (#3932) The kernel treats values below a certain threshold (minfmt->min_coredump which is initialized do ELF_EXEC_PAGESIZE, which varies between architectures, but is usually the same as PAGE_SIZE) as disabling coredumps [1]. Any core image below ELF_EXEC_PAGESIZE will yield an invalid backtrace anyway [2], so follow the kernel and not try to parse or store such images. [1] https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/fs/coredump.c#n660 [2] systemd-coredump[16260]: Process 16258 (sleep) of user 1002 dumped core. Stack trace of thread 16258: #0 0x00007f1d8b3d3810 n/a (n/a) https://bugzilla.redhat.com/show_bug.cgi?id=1309172#c19 --- src/coredump/coredump.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/src/coredump/coredump.c b/src/coredump/coredump.c index e3d17c864db..be724aed4ea 100644 --- a/src/coredump/coredump.c +++ b/src/coredump/coredump.c @@ -327,9 +327,11 @@ static int save_external_coredump( r = safe_atou64(context[CONTEXT_RLIMIT], &rlimit); if (r < 0) return log_error_errno(r, "Failed to parse resource limit: %s", context[CONTEXT_RLIMIT]); - if (rlimit <= 0) { - /* Is coredumping disabled? Then don't bother saving/processing the coredump */ - log_info("Core Dumping has been disabled for process %s (%s).", context[CONTEXT_PID], context[CONTEXT_COMM]); + if (rlimit < page_size()) { + /* Is coredumping disabled? Then don't bother saving/processing the coredump. + * Anything below PAGE_SIZE cannot give a readable coredump (the kernel uses + * ELF_EXEC_PAGESIZE which is not easily accessible, but is usually the same as PAGE_SIZE. */ + log_info("Core dumping has been disabled for process %s (%s).", context[CONTEXT_PID], context[CONTEXT_COMM]); return -EBADSLT; }