coredump: make core dump functionality optional

Adds an expert Kconfig option, CONFIG_COREDUMP, which allows disabling of
core dump.  This saves approximately 2.6k in the compiled kernel, and
complements CONFIG_ELF_CORE, which now depends on it.

CONFIG_COREDUMP also disables coredump-related sysctls, except for
suid_dumpable and related functions, which are necessary for ptrace.

Signed-off-by: Alex Kelly <alex.page.kelly@gmail.com>
Reviewed-by: Josh Triplett <josh@joshtriplett.org>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Acked-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>

diff --git a/fs/Kconfig.binfmt b/fs/Kconfig.binfmt
index 02257420274966b6f0085f20b148e1fe582bc865..0efd1524b9770844cf74899f067686073a1c730d 100644 (file)
--- a/fs/Kconfig.binfmt
+++ b/fs/Kconfig.binfmt
@@ -164,3 +164,11 @@ config BINFMT_MISC
          You may say M here for module support and later load the module when
          you have use for it; the module is called binfmt_misc. If you
          don't know what to answer at this point, say Y.
+
+config COREDUMP
+       bool "Enable core dump support" if EXPERT
+       default y
+       help
+         This option enables support for performing core dumps. You almost
+         certainly want to say Y here. Not necessary on systems that never
+         need debugging or only ever run flawless code.

diff --git a/fs/Makefile b/fs/Makefile
index 8938f8250320ecbde9ab3502141178ddd7492ad3..1d7af79288a04915ca0d1788bc84f32bd03793a0 100644 (file)
--- a/fs/Makefile
+++ b/fs/Makefile
@@ -11,7 +11,7 @@ obj-y :=      open.o read_write.o file_table.o super.o \
                attr.o bad_inode.o file.o filesystems.o namespace.o \
                seq_file.o xattr.o libfs.o fs-writeback.o \
                pnode.o drop_caches.o splice.o sync.o utimes.o \
-               stack.o fs_struct.o statfs.o coredump.o
+               stack.o fs_struct.o statfs.o
 
 ifeq ($(CONFIG_BLOCK),y)
 obj-y +=       buffer.o bio.o block_dev.o direct-io.o mpage.o ioprio.o
@@ -48,6 +48,7 @@ obj-$(CONFIG_FS_MBCACHE)      += mbcache.o
 obj-$(CONFIG_FS_POSIX_ACL)     += posix_acl.o xattr_acl.o
 obj-$(CONFIG_NFS_COMMON)       += nfs_common/
 obj-$(CONFIG_GENERIC_ACL)      += generic_acl.o
+obj-$(CONFIG_COREDUMP)         += coredump.o
 
 obj-$(CONFIG_FHANDLE)          += fhandle.o
 

diff --git a/include/linux/binfmts.h b/include/linux/binfmts.h
index f9c9d08f4f7c7bfe1712b8f04f993eb776244dc8..e19078195da49633b356ee3a938873d04100ae7d 100644 (file)
--- a/include/linux/binfmts.h
+++ b/include/linux/binfmts.h
@@ -134,7 +134,11 @@ extern int copy_strings_kernel(int argc, const char *const *argv,
                               struct linux_binprm *bprm);
 extern int prepare_bprm_creds(struct linux_binprm *bprm);
 extern void install_exec_creds(struct linux_binprm *bprm);
+#ifdef CONFIG_COREDUMP
 extern void do_coredump(long signr, int exit_code, struct pt_regs *regs);
+#else
+static inline void do_coredump(long signr, int exit_code, struct pt_regs *regs) {}
+#endif
 extern void set_binfmt(struct linux_binfmt *new);
 extern void free_bprm(struct linux_binprm *);
 

diff --git a/init/Kconfig b/init/Kconfig
index 7e96e76e4496f086a653fe28e7fb7d3454c2f56b..ed1b585ecd3ecefc80d7d9b772d79a0035e0e349 100644 (file)
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -1210,6 +1210,7 @@ config BUG
           Just say Y.
 
 config ELF_CORE
+       depends on COREDUMP
        default y
        bool "Enable ELF core dumps" if EXPERT
        help

diff --git a/kernel/sysctl.c b/kernel/sysctl.c
index fb7ec1f3d1e45727a38648ef540640928696802b..36de71906684f3f3bd772016124d876c4e358bf0 100644 (file)
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -97,10 +97,12 @@
 extern int sysctl_overcommit_memory;
 extern int sysctl_overcommit_ratio;
 extern int max_threads;
-extern int core_uses_pid;
 extern int suid_dumpable;
+#ifdef CONFIG_COREDUMP
+extern int core_uses_pid;
 extern char core_pattern[];
 extern unsigned int core_pipe_limit;
+#endif
 extern int pid_max;
 extern int min_free_kbytes;
 extern int pid_max_min, pid_max_max;
@@ -415,6 +417,7 @@ static struct ctl_table kern_table[] = {
                .mode           = 0644,
                .proc_handler   = proc_dointvec,
        },
+#ifdef CONFIG_COREDUMP
        {
                .procname       = "core_uses_pid",
                .data           = &core_uses_pid,
@@ -436,6 +439,7 @@ static struct ctl_table kern_table[] = {
                .mode           = 0644,
                .proc_handler   = proc_dointvec,
        },
+#endif
 #ifdef CONFIG_PROC_SYSCTL
        {
                .procname       = "tainted",