Re: [Fwd: [PATCH 4/4] coredump: documentation for proc and sysctl]

1 view
Skip to first unread message

Pavel Machek

unread,
Jan 26, 2007, 12:10:15 PM1/26/07
to
Hi!


> This patch adds the documentation for the following parameters:
> /proc/<pid>/core_flags
> /proc/sys/kernel/core_flags_enable

Sysctl seems really strange to me. Either the feature is safe to use,
or it is not. Users can already ulimit -c 0, and we do not have
"/proc/sys/kernel/allow_users_to_disable_their_core_dumps".

Plus, this is pretty analogical to ulimit -c, so I believe it should
be implemented like that one. You'll need less locking that way.

> +2.14 /proc/<pid>/core_flags - Core dump control flags
> +---------------------------------------------------------------------
> +When a process is dumped, all anonymous memory is written to a core file as
> +long as the size of the core file isn't limited. But sometimes we don't want
> +to dump some memory segments, for example, huge shared memory.
> +
> +The /proc/<pid>/core_flags file enables you to omit some anonymous memory from
> +a core file when it is generated. The content of the proc file is bitmask of
> +memory segment types you don't want to dump. When the <pid> process is dumped,
> +the core dump routine decides whether a given memory segment should be dumped
> +into a core file or not, based on the type of the memory segment and bitmask.
> +
> +Currently, only valid bit is bit 0. If bit 0 is set, anonymous `shared' memory
> +segments are not dumped. There are three types of anonymous shared memory:
> +
> + - IPC shared memory
> + - the memory segments created by mmap(2) with MAP_ANONYMOUS and MAP_SHARED
> + flags
> + - the memory segments created by mmap(2) with MAP_SHARED flag, and the
> + mapped file has already been unlinked
> +
> +Because current core dump routine doesn't distinguish these segments, you can
> +only choose either dumping all anonymous shared memory segments or not.
> +
> +If you don't want to dump all shared memory segments attached to pid 1234, set
> +the bit 0 of the process's core_flags to 1:
> +
> + $ echo 1 > /proc/1234/core_flags
> +
> +Additionally, you can check its hexadecimal value by reading the file:
> +
> + $ cat /proc/1234/core_flags
> + 00000001
> +
> +When a new process is created, the process inherits the core_flags setting
> +from its parent. It is useful to set the core_flags before the program runs.
> +For example:
> +
> + $ echo 1 > /proc/self/core_flags
> + $ ./some_program
> +

Pavel
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majo...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Kawai, Hidehiro

unread,
Jan 30, 2007, 2:50:07 AM1/30/07
to
Hi Pavel and Andrew,

Pavel Machek wrote:
>>This patch adds the documentation for the following parameters:
>> /proc/<pid>/core_flags
>> /proc/sys/kernel/core_flags_enable
>
> Sysctl seems really strange to me. Either the feature is safe to use,
> or it is not. Users can already ulimit -c 0, and we do not have
> "/proc/sys/kernel/allow_users_to_disable_their_core_dumps".

Oh, I had forgotten that. Thank you for pointing out. The purpose of
this sysctl is to prevent a bad process from hiding its memory.
But as you say, this sysctl isn't enough for the purpose.

Andrew wrote:
> Does this feature have any security implications? For example, there might
> be system administration programs which force a coredump on a "bad"
> process, and leave the core somewhere for the administrator to look at.

I have never heard of the story that ulimit -c 0 bothered an
administrator who wanted to force a coredump. So even without this
sysctl, the administrator wouldn't bother about security concerns.
I'll drop it from the next version.

Thanks,
--
Hidehiro Kawai
Hitachi, Ltd., Systems Development Laboratory

Reply all
Reply to author
Forward
0 new messages