Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-11-22 20:22:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

security: use mmap_min_addr indepedently of security models

Browse Source 
This patch removes the dependency of mmap_min_addr on CONFIG_SECURITY.
It also sets a default mmap_min_addr of 4096.

mmapping of addresses below 4096 will only be possible for processes
with CAP_SYS_RAWIO.

Signed-off-by: Christoph Lameter <cl@linux-foundation.org>
Acked-by: Eric Paris <eparis@redhat.com>
Looks-ok-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: James Morris <jmorris@namei.org>
This commit is contained in:
Christoph Lameter 2009-06-03 16:04:31 -04:00 committed by James Morris
parent 7d2948b124
commit e0a94c2a63
7 changed files with 25 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
include/linux/mm.h
View File

@ -580,12 +580,10 @@ static inline void set_page_links(struct page *page, enum zone_type zone,
*/ */
static inline unsigned long round_hint_to_min(unsigned long hint) static inline unsigned long round_hint_to_min(unsigned long hint)
{ {
#ifdef CONFIG_SECURITY
hint &= PAGE_MASK; hint &= PAGE_MASK;
if (((void *)hint != NULL) && if (((void *)hint != NULL) &&
(hint < mmap_min_addr)) (hint < mmap_min_addr))
return PAGE_ALIGN(mmap_min_addr); return PAGE_ALIGN(mmap_min_addr);
#endif
return hint; return hint;
} }

2
include/linux/security.h
View File

@ -2197,6 +2197,8 @@ static inline int security_file_mmap(struct file *file, unsigned long reqprot,
unsigned long addr, unsigned long addr,
unsigned long addr_only) unsigned long addr_only)
{ {
if ((addr < mmap_min_addr) && !capable(CAP_SYS_RAWIO))
return -EACCES;
return 0; return 0;
} }

2
kernel/sysctl.c
View File

@ -1237,7 +1237,6 @@ static struct ctl_table vm_table[] = {
.strategy = &sysctl_jiffies, .strategy = &sysctl_jiffies,
}, },
#endif #endif
#ifdef CONFIG_SECURITY
{ {
.ctl_name = CTL_UNNUMBERED, .ctl_name = CTL_UNNUMBERED,
.procname = "mmap_min_addr", .procname = "mmap_min_addr",
@ -1246,7 +1245,6 @@ static struct ctl_table vm_table[] = {
.mode = 0644, .mode = 0644,
.proc_handler = &proc_doulongvec_minmax, .proc_handler = &proc_doulongvec_minmax,
}, },
#endif
#ifdef CONFIG_NUMA #ifdef CONFIG_NUMA
{ {
.ctl_name = CTL_UNNUMBERED, .ctl_name = CTL_UNNUMBERED,

19
mm/Kconfig
View File

@ -226,6 +226,25 @@ config HAVE_MLOCKED_PAGE_BIT
config MMU_NOTIFIER config MMU_NOTIFIER
bool bool
config DEFAULT_MMAP_MIN_ADDR
int "Low address space to protect from user allocation"
default 4096
help
This is the portion of low virtual memory which should be protected
from userspace allocation. Keeping a user from writing to low pages
can help reduce the impact of kernel NULL pointer bugs.
For most ia64, ppc64 and x86 users with lots of address space
a value of 65536 is reasonable and should cause no problems.
On arm and other archs it should not be higher than 32768.
Programs which use vm86 functionality would either need additional
permissions from either the LSM or the capabilities module or have
this protection disabled.
This value can be changed after boot using the
/proc/sys/vm/mmap_min_addr tunable.
config NOMMU_INITIAL_TRIM_EXCESS config NOMMU_INITIAL_TRIM_EXCESS
int "Turn on mmap() excess space trimming before booting" int "Turn on mmap() excess space trimming before booting"
depends on !MMU depends on !MMU

3
mm/mmap.c
View File

@ -87,6 +87,9 @@ int sysctl_overcommit_ratio = 50; /* default is 50% */
int sysctl_max_map_count __read_mostly = DEFAULT_MAX_MAP_COUNT; int sysctl_max_map_count __read_mostly = DEFAULT_MAX_MAP_COUNT;
struct percpu_counter vm_committed_as; struct percpu_counter vm_committed_as;
/* amount of vm to protect from userspace access */
unsigned long mmap_min_addr = CONFIG_DEFAULT_MMAP_MIN_ADDR;
/* /*
* Check that a process has enough memory to allocate a new virtual * Check that a process has enough memory to allocate a new virtual
* mapping. 0 means there is enough memory for the allocation to * mapping. 0 means there is enough memory for the allocation to

22
security/Kconfig
View File

@ -110,29 +110,9 @@ config SECURITY_ROOTPLUG
See <http://www.linuxjournal.com/article.php?sid=6279> for See <http://www.linuxjournal.com/article.php?sid=6279> for
more information about this module. more information about this module.
If you are unsure how to answer this question, answer N. If you are unsure how to answer this question, answer N.
config SECURITY_DEFAULT_MMAP_MIN_ADDR
int "Low address space to protect from user allocation"
depends on SECURITY
default 0
help
This is the portion of low virtual memory which should be protected
from userspace allocation. Keeping a user from writing to low pages
can help reduce the impact of kernel NULL pointer bugs.
For most ia64, ppc64 and x86 users with lots of address space
a value of 65536 is reasonable and should cause no problems.
On arm and other archs it should not be higher than 32768.
Programs which use vm86 functionality would either need additional
permissions from either the LSM or the capabilities module or have
this protection disabled.
This value can be changed after boot using the
/proc/sys/vm/mmap_min_addr tunable.
source security/selinux/Kconfig source security/selinux/Kconfig
source security/smack/Kconfig source security/smack/Kconfig
source security/tomoyo/Kconfig source security/tomoyo/Kconfig

3
security/security.c
View File

@ -26,9 +26,6 @@ extern void security_fixup_ops(struct security_operations *ops);
struct security_operations *security_ops; /* Initialized to NULL */ struct security_operations *security_ops; /* Initialized to NULL */
/* amount of vm to protect from userspace access */
unsigned long mmap_min_addr = CONFIG_SECURITY_DEFAULT_MMAP_MIN_ADDR;
static inline int verify(struct security_operations *ops) static inline int verify(struct security_operations *ops)
{ {
/* verify the security_operations structure exists */ /* verify the security_operations structure exists */