Sungju's Slow Life

Personal journal

do_coredump()

In linux v2.4.31, creation of coredump looks something like this.


1127int do_coredump(long signr, struct pt_regs * regs)
1128{
1129 struct linux_binfmt * binfmt;
1130 char corename[CORENAME_MAX_SIZE + 1];
1131 struct file * file;
1132 struct inode * inode;
1133 int retval = 0;
1134 int fsuid = current->fsuid;
1135
1136 lock_kernel();
1137 binfmt = current->binfmt;
1138 if (!binfmt || !binfmt->core_dump)
1139 goto fail;
1140 if (!is_dumpable(current))
1141 {
1142 if(!core_setuid_ok || !current->task_dumpable)
1143 goto fail;
1144 current->fsuid = 0;
1145 }
1146 current->mm->dumpable = 0;
1147 if (current->rlim[RLIMIT_CORE].rlim_cur min_coredump)
1148 goto fail;
1149
1150 format_corename(corename, core_pattern, signr);
1151 file = filp_open(corename, O_CREAT | 2 | O_NOFOLLOW, 0600);
1152 if (IS_ERR(file))
1153 goto fail;
1154 inode = file->f_dentry->d_inode;
1155 if (inode->i_nlink > 1)
1156 goto close_fail; /* multiple links - don't dump */
1157 if (d_unhashed(file->f_dentry))
1158 goto close_fail;
1159
1160 if (!S_ISREG(inode->i_mode))
1161 goto close_fail;
1162 if (!file->f_op)
1163 goto close_fail;
1164 if (!file->f_op->write)
1165 goto close_fail;
1166 if (do_truncate(file->f_dentry, 0) != 0)
1167 goto close_fail;
1168
1169 retval = binfmt->core_dump(signr, regs, file);
1170
1171close_fail:
1172 filp_close(file, NULL);
1173fail:
1174 if (fsuid != current->fsuid)
1175 current->fsuid = fsuid;
1176 unlock_kernel();
1177 return retval;
1178}
1179

First of all, it get the global lock with lock_kernel() function. Then, check if this process is eligible to dump the contents.

It also necessary to check if the minimum size of coredump is larger than the available resource limit. If everything is okay, create the core file with permission 0600.

And do another check if it has more than 1 reference link and if it does provide write operation. Actually writing is done in core_dump() function in binfmt structure which is related to the running process.

This function is called by do_signal() function. Following is from i386/kernel/signal.c


584int fastcall do_signal(struct pt_regs *regs, sigset_t *oldset)
585{
586 siginfo_t info;
587 struct k_sigaction *ka;
...
680 case SIGQUIT: case SIGILL: case SIGTRAP:
681 case SIGABRT: case SIGFPE: case SIGSEGV:
682 case SIGBUS: case SIGSYS: case SIGXCPU: case SIGXFSZ:
683 if (do_coredump(signr, regs))
684 exit_code |= 0x80;
685 /* FALLTHRU */
686
687 default:
688 sig_exit(signr, exit_code, &info);
689 /* NOTREACHED */
690 }

In case of quit, ill, trap, abort, fpe, segv, bus, sys, xcpu, and xfsz, call do_coredump().

Posted by:

sungju

Leave a Reply

Please log in using one of these methods to post your comment:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

About Me

A software engineer who loves any technologies that makes life easier. That’s why I love Linux and Mac at the same time.

Recent Posts

Newsletter

%d bloggers like this: