Linux-api Archive on
 help / color / Atom feed
From: John Ogness <>
To: Andy Lutomirski <>
Cc: Thomas Gleixner <>,
	Al Viro <viro-RmSDqhL/>,
	Andrew Morton
	Borislav Petkov <>,
	Brian Gerst <>,
	Kees Cook <>,
	Linus Torvalds
	Linux API <>,
	Peter Zijlstra <>,
	Tetsuo Handa
	Tycho Andersen
	Ingo Molnar <>,,
Subject: [PATCH] fs/proc: report eip/esp in /prod/PID/stat for coredumping
Date: Thu, 14 Sep 2017 11:42:17 +0200
Message-ID: <> (raw)

Commit 0a1eb2d474ed ("fs/proc: Stop reporting eip and esp in
/proc/PID/stat") stopped reporting eip/esp because it is
racey and dangerous for executing tasks. The comment adds:

    As far as I know, there are no use programs that make any
    material use of these fields, so just get rid of them.

However, existing userspace core-dump-handler applications (for
example, minicoredumper) are using these fields since they
provide an excellent cross-platform interface to these valuable
pointers. So that commit introduced a user space visible

Partially revert the change and make the readout possible for
tasks with the proper permissions and only if the target task
has the PF_DUMPCORE flag set.

Reported-by: Marco Felsch <>
Signed-off-by: John Ogness <>
Fixes: 0a1eb2d474ed ("fs/proc: Stop reporting eip and esp in> /proc/PID/stat")
 fs/proc/array.c |    8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/fs/proc/array.c b/fs/proc/array.c
index 88c3555..696cc68 100644
--- a/fs/proc/array.c
+++ b/fs/proc/array.c
@@ -421,7 +421,15 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns,
 		 * esp and eip are intentionally zeroed out.  There is no
 		 * non-racy way to read them without freezing the task.
 		 * Programs that need reliable values can use ptrace(2).
+		 *
+		 * The only exception is if the task is core dumping because
+		 * a program is not able to use ptrace(2) in that case. It is
+		 * safe because the task has stopped executing permanently.
+		if (permitted && (task->flags & PF_DUMPCORE)) {
+			eip = KSTK_EIP(task);
+			esp = KSTK_ESP(task);
+		}
 	get_task_comm(tcomm, task);

             reply index

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-09-14  9:42 John Ogness [this message]
2017-09-14 14:51 ` Andy Lutomirski
     [not found] ` <>
2017-09-14 15:37   ` Thomas Gleixner
2017-09-15 19:08     ` Linus Torvalds
2017-09-15 21:03       ` Ingo Molnar
2017-09-15 21:09   ` [tip:core/urgent] fs/proc: Report " tip-bot for John Ogness
2017-09-15 21:36   ` tip-bot for John Ogness

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \ \ \
    --cc=akpm-de/ \ \ \ \ \ \ \ \
    --cc=penguin-kernel-1yMVhJb1mP/ \ \ \ \
    --cc=torvalds-de/ \ \
    --cc=viro-RmSDqhL/ \

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Linux-api Archive on

Archives are clonable:
	git clone --mirror linux-api/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-api linux-api/ \
	public-inbox-index linux-api

Example config snippet for mirrors

Newsgroup available over NNTP:

AGPL code for this site: git clone