Commit e0a94c2a63f2644826069044649669b5e7ca75d3
Committed by
James Morris
1 parent
7d2948b124
Exists in
master
and in
20 other branches
security: use mmap_min_addr indepedently of security models
This patch removes the dependency of mmap_min_addr on CONFIG_SECURITY. It also sets a default mmap_min_addr of 4096. mmapping of addresses below 4096 will only be possible for processes with CAP_SYS_RAWIO. Signed-off-by: Christoph Lameter <cl@linux-foundation.org> Acked-by: Eric Paris <eparis@redhat.com> Looks-ok-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: James Morris <jmorris@namei.org>
Showing 7 changed files with 25 additions and 28 deletions Side-by-side Diff
include/linux/mm.h
... | ... | @@ -580,12 +580,10 @@ |
580 | 580 | */ |
581 | 581 | static inline unsigned long round_hint_to_min(unsigned long hint) |
582 | 582 | { |
583 | -#ifdef CONFIG_SECURITY | |
584 | 583 | hint &= PAGE_MASK; |
585 | 584 | if (((void *)hint != NULL) && |
586 | 585 | (hint < mmap_min_addr)) |
587 | 586 | return PAGE_ALIGN(mmap_min_addr); |
588 | -#endif | |
589 | 587 | return hint; |
590 | 588 | } |
591 | 589 |
include/linux/security.h
kernel/sysctl.c
... | ... | @@ -1237,7 +1237,6 @@ |
1237 | 1237 | .strategy = &sysctl_jiffies, |
1238 | 1238 | }, |
1239 | 1239 | #endif |
1240 | -#ifdef CONFIG_SECURITY | |
1241 | 1240 | { |
1242 | 1241 | .ctl_name = CTL_UNNUMBERED, |
1243 | 1242 | .procname = "mmap_min_addr", |
... | ... | @@ -1246,7 +1245,6 @@ |
1246 | 1245 | .mode = 0644, |
1247 | 1246 | .proc_handler = &proc_doulongvec_minmax, |
1248 | 1247 | }, |
1249 | -#endif | |
1250 | 1248 | #ifdef CONFIG_NUMA |
1251 | 1249 | { |
1252 | 1250 | .ctl_name = CTL_UNNUMBERED, |
mm/Kconfig
... | ... | @@ -226,6 +226,25 @@ |
226 | 226 | config MMU_NOTIFIER |
227 | 227 | bool |
228 | 228 | |
229 | +config DEFAULT_MMAP_MIN_ADDR | |
230 | + int "Low address space to protect from user allocation" | |
231 | + default 4096 | |
232 | + help | |
233 | + This is the portion of low virtual memory which should be protected | |
234 | + from userspace allocation. Keeping a user from writing to low pages | |
235 | + can help reduce the impact of kernel NULL pointer bugs. | |
236 | + | |
237 | + For most ia64, ppc64 and x86 users with lots of address space | |
238 | + a value of 65536 is reasonable and should cause no problems. | |
239 | + On arm and other archs it should not be higher than 32768. | |
240 | + Programs which use vm86 functionality would either need additional | |
241 | + permissions from either the LSM or the capabilities module or have | |
242 | + this protection disabled. | |
243 | + | |
244 | + This value can be changed after boot using the | |
245 | + /proc/sys/vm/mmap_min_addr tunable. | |
246 | + | |
247 | + | |
229 | 248 | config NOMMU_INITIAL_TRIM_EXCESS |
230 | 249 | int "Turn on mmap() excess space trimming before booting" |
231 | 250 | depends on !MMU |
mm/mmap.c
... | ... | @@ -87,6 +87,9 @@ |
87 | 87 | int sysctl_max_map_count __read_mostly = DEFAULT_MAX_MAP_COUNT; |
88 | 88 | struct percpu_counter vm_committed_as; |
89 | 89 | |
90 | +/* amount of vm to protect from userspace access */ | |
91 | +unsigned long mmap_min_addr = CONFIG_DEFAULT_MMAP_MIN_ADDR; | |
92 | + | |
90 | 93 | /* |
91 | 94 | * Check that a process has enough memory to allocate a new virtual |
92 | 95 | * mapping. 0 means there is enough memory for the allocation to |
security/Kconfig
... | ... | @@ -110,28 +110,8 @@ |
110 | 110 | |
111 | 111 | See <http://www.linuxjournal.com/article.php?sid=6279> for |
112 | 112 | more information about this module. |
113 | - | |
114 | - If you are unsure how to answer this question, answer N. | |
115 | 113 | |
116 | -config SECURITY_DEFAULT_MMAP_MIN_ADDR | |
117 | - int "Low address space to protect from user allocation" | |
118 | - depends on SECURITY | |
119 | - default 0 | |
120 | - help | |
121 | - This is the portion of low virtual memory which should be protected | |
122 | - from userspace allocation. Keeping a user from writing to low pages | |
123 | - can help reduce the impact of kernel NULL pointer bugs. | |
124 | - | |
125 | - For most ia64, ppc64 and x86 users with lots of address space | |
126 | - a value of 65536 is reasonable and should cause no problems. | |
127 | - On arm and other archs it should not be higher than 32768. | |
128 | - Programs which use vm86 functionality would either need additional | |
129 | - permissions from either the LSM or the capabilities module or have | |
130 | - this protection disabled. | |
131 | - | |
132 | - This value can be changed after boot using the | |
133 | - /proc/sys/vm/mmap_min_addr tunable. | |
134 | - | |
114 | + If you are unsure how to answer this question, answer N. | |
135 | 115 | |
136 | 116 | source security/selinux/Kconfig |
137 | 117 | source security/smack/Kconfig |
security/security.c
... | ... | @@ -26,9 +26,6 @@ |
26 | 26 | |
27 | 27 | struct security_operations *security_ops; /* Initialized to NULL */ |
28 | 28 | |
29 | -/* amount of vm to protect from userspace access */ | |
30 | -unsigned long mmap_min_addr = CONFIG_SECURITY_DEFAULT_MMAP_MIN_ADDR; | |
31 | - | |
32 | 29 | static inline int verify(struct security_operations *ops) |
33 | 30 | { |
34 | 31 | /* verify the security_operations structure exists */ |