Eric Lee / smarc-ti-linux-kernel

Download as
Browse Code ยป

Commit e0a94c2a63f2644826069044649669b5e7ca75d3

Authored by Christoph Lameter
Committed by James Morris
1 parent 7d2948b124
Exists in master and in 20 other branches dlt-processor-sdk-linux-03.00.00.04, newt-ti-linux-3.12.y, processor-sdk-linux-01.00.00, processor-sdk-linux-02.00.01, smarc-ti-linux-3.12.10, smarc-ti-linux-3.12.y, smarc-ti-linux-3.14.y, smarc-ti-linux-3.15.y, smarc-ti-lsk-linux-4.1.y, smarct3x-processor-sdk-04.01.00.06, smarct3x-processor-sdk-linux-02.00.01, smarct3x-processor-sdk-linux-03.00.00.04, smarct4x-800-processor-sdk-linux-02.00.01, smarct4x-processor-sdk-04.01.00.06, smarct4x-processor-sdk-linux-02.00.01, smarct4x-processor-sdk-linux-03.00.00.04, ti-linux-3.12.y, ti-linux-3.14.y, ti-linux-3.15.y, ti-lsk-linux-4.1.y

security: use mmap_min_addr indepedently of security models 

This patch removes the dependency of mmap_min_addr on CONFIG_SECURITY.
It also sets a default mmap_min_addr of 4096.

mmapping of addresses below 4096 will only be possible for processes
with CAP_SYS_RAWIO.

Signed-off-by: Christoph Lameter <cl@linux-foundation.org>
Acked-by: Eric Paris <eparis@redhat.com>
Looks-ok-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: James Morris <jmorris@namei.org>

Showing 7 changed files with 25 additions and 28 deletions Side-by-side Diff

... ... @@ -580,12 +580,10 @@
580 580 */
581 581 static inline unsigned long round_hint_to_min(unsigned long hint)
582 582 {
583   -#ifdef CONFIG_SECURITY
584 583 hint &= PAGE_MASK;
585 584 if (((void *)hint != NULL) &&
586 585 (hint < mmap_min_addr))
587 586 return PAGE_ALIGN(mmap_min_addr);
588   -#endif
589 587 return hint;
590 588 }
591 589  
include/linux/security.h
Diff comments   View file @ e0a94c2
... ... @@ -2197,6 +2197,8 @@
2197 2197 unsigned long addr,
2198 2198 unsigned long addr_only)
2199 2199 {
  2200 + if ((addr < mmap_min_addr) && !capable(CAP_SYS_RAWIO))
  2201 + return -EACCES;
2200 2202 return 0;
2201 2203 }
2202 2204  
... ... @@ -1237,7 +1237,6 @@
1237 1237 .strategy = &sysctl_jiffies,
1238 1238 },
1239 1239 #endif
1240   -#ifdef CONFIG_SECURITY
1241 1240 {
1242 1241 .ctl_name = CTL_UNNUMBERED,
1243 1242 .procname = "mmap_min_addr",
... ... @@ -1246,7 +1245,6 @@
1246 1245 .mode = 0644,
1247 1246 .proc_handler = &proc_doulongvec_minmax,
1248 1247 },
1249   -#endif
1250 1248 #ifdef CONFIG_NUMA
1251 1249 {
1252 1250 .ctl_name = CTL_UNNUMBERED,
... ... @@ -226,6 +226,25 @@
226 226 config MMU_NOTIFIER
227 227 bool
228 228  
  229 +config DEFAULT_MMAP_MIN_ADDR
  230 + int "Low address space to protect from user allocation"
  231 + default 4096
  232 + help
  233 + This is the portion of low virtual memory which should be protected
  234 + from userspace allocation. Keeping a user from writing to low pages
  235 + can help reduce the impact of kernel NULL pointer bugs.
  236 +
  237 + For most ia64, ppc64 and x86 users with lots of address space
  238 + a value of 65536 is reasonable and should cause no problems.
  239 + On arm and other archs it should not be higher than 32768.
  240 + Programs which use vm86 functionality would either need additional
  241 + permissions from either the LSM or the capabilities module or have
  242 + this protection disabled.
  243 +
  244 + This value can be changed after boot using the
  245 + /proc/sys/vm/mmap_min_addr tunable.
  246 +
  247 +
229 248 config NOMMU_INITIAL_TRIM_EXCESS
230 249 int "Turn on mmap() excess space trimming before booting"
231 250 depends on !MMU
... ... @@ -87,6 +87,9 @@
87 87 int sysctl_max_map_count __read_mostly = DEFAULT_MAX_MAP_COUNT;
88 88 struct percpu_counter vm_committed_as;
89 89  
  90 +/* amount of vm to protect from userspace access */
  91 +unsigned long mmap_min_addr = CONFIG_DEFAULT_MMAP_MIN_ADDR;
  92 +
90 93 /*
91 94 * Check that a process has enough memory to allocate a new virtual
92 95 * mapping. 0 means there is enough memory for the allocation to
... ... @@ -110,28 +110,8 @@
110 110  
111 111 See <http://www.linuxjournal.com/article.php?sid=6279> for
112 112 more information about this module.
113   -
114   - If you are unsure how to answer this question, answer N.
115 113  
116   -config SECURITY_DEFAULT_MMAP_MIN_ADDR
117   - int "Low address space to protect from user allocation"
118   - depends on SECURITY
119   - default 0
120   - help
121   - This is the portion of low virtual memory which should be protected
122   - from userspace allocation. Keeping a user from writing to low pages
123   - can help reduce the impact of kernel NULL pointer bugs.
124   -
125   - For most ia64, ppc64 and x86 users with lots of address space
126   - a value of 65536 is reasonable and should cause no problems.
127   - On arm and other archs it should not be higher than 32768.
128   - Programs which use vm86 functionality would either need additional
129   - permissions from either the LSM or the capabilities module or have
130   - this protection disabled.
131   -
132   - This value can be changed after boot using the
133   - /proc/sys/vm/mmap_min_addr tunable.
134   -
  114 + If you are unsure how to answer this question, answer N.
135 115  
136 116 source security/selinux/Kconfig
137 117 source security/smack/Kconfig
... ... @@ -26,9 +26,6 @@
26 26  
27 27 struct security_operations *security_ops; /* Initialized to NULL */
28 28  
29   -/* amount of vm to protect from userspace access */
30   -unsigned long mmap_min_addr = CONFIG_SECURITY_DEFAULT_MMAP_MIN_ADDR;
31   -
32 29 static inline int verify(struct security_operations *ops)
33 30 {
34 31 /* verify the security_operations structure exists */