diff options
| author | David Howells <dhowells@redhat.com> | 2009-12-15 14:27:45 -0500 |
|---|---|---|
| committer | James Morris <jmorris@namei.org> | 2009-12-16 17:25:19 -0500 |
| commit | 6e1415467614e854fee660ff6648bd10fa976e95 (patch) | |
| tree | 2ae2e2f51eff0629bc0e26a97eac85483a7ba56f | |
| parent | dd880fbe8e4792d1185a5101dc751f49eab0a509 (diff) | |
NOMMU: Optimise away the {dac_,}mmap_min_addr tests
In NOMMU mode clamp dac_mmap_min_addr to zero to cause the tests on it to be
skipped by the compiler. We do this as the minimum mmap address doesn't make
any sense in NOMMU mode.
mmap_min_addr and round_hint_to_min() can be discarded entirely in NOMMU mode.
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Eric Paris <eparis@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
| -rw-r--r-- | include/linux/security.h | 7 | ||||
| -rw-r--r-- | kernel/sysctl.c | 2 | ||||
| -rw-r--r-- | mm/Kconfig | 1 | ||||
| -rw-r--r-- | security/Makefile | 3 |
4 files changed, 12 insertions, 1 deletions
diff --git a/include/linux/security.h b/include/linux/security.h index 466cbadbd1ef..2c627d361c02 100644 --- a/include/linux/security.h +++ b/include/linux/security.h | |||
| @@ -95,8 +95,13 @@ struct seq_file; | |||
| 95 | extern int cap_netlink_send(struct sock *sk, struct sk_buff *skb); | 95 | extern int cap_netlink_send(struct sock *sk, struct sk_buff *skb); |
| 96 | extern int cap_netlink_recv(struct sk_buff *skb, int cap); | 96 | extern int cap_netlink_recv(struct sk_buff *skb, int cap); |
| 97 | 97 | ||
| 98 | #ifdef CONFIG_MMU | ||
| 98 | extern unsigned long mmap_min_addr; | 99 | extern unsigned long mmap_min_addr; |
| 99 | extern unsigned long dac_mmap_min_addr; | 100 | extern unsigned long dac_mmap_min_addr; |
| 101 | #else | ||
| 102 | #define dac_mmap_min_addr 0UL | ||
| 103 | #endif | ||
| 104 | |||
| 100 | /* | 105 | /* |
| 101 | * Values used in the task_security_ops calls | 106 | * Values used in the task_security_ops calls |
| 102 | */ | 107 | */ |
| @@ -121,6 +126,7 @@ struct request_sock; | |||
| 121 | #define LSM_UNSAFE_PTRACE 2 | 126 | #define LSM_UNSAFE_PTRACE 2 |
| 122 | #define LSM_UNSAFE_PTRACE_CAP 4 | 127 | #define LSM_UNSAFE_PTRACE_CAP 4 |
| 123 | 128 | ||
| 129 | #ifdef CONFIG_MMU | ||
| 124 | /* | 130 | /* |
| 125 | * If a hint addr is less than mmap_min_addr change hint to be as | 131 | * If a hint addr is less than mmap_min_addr change hint to be as |
| 126 | * low as possible but still greater than mmap_min_addr | 132 | * low as possible but still greater than mmap_min_addr |
| @@ -135,6 +141,7 @@ static inline unsigned long round_hint_to_min(unsigned long hint) | |||
| 135 | } | 141 | } |
| 136 | extern int mmap_min_addr_handler(struct ctl_table *table, int write, | 142 | extern int mmap_min_addr_handler(struct ctl_table *table, int write, |
| 137 | void __user *buffer, size_t *lenp, loff_t *ppos); | 143 | void __user *buffer, size_t *lenp, loff_t *ppos); |
| 144 | #endif | ||
| 138 | 145 | ||
| 139 | #ifdef CONFIG_SECURITY | 146 | #ifdef CONFIG_SECURITY |
| 140 | 147 | ||
diff --git a/kernel/sysctl.c b/kernel/sysctl.c index 45e4bef0012a..856a24eadf7e 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c | |||
| @@ -1214,6 +1214,7 @@ static struct ctl_table vm_table[] = { | |||
| 1214 | .proc_handler = proc_dointvec_jiffies, | 1214 | .proc_handler = proc_dointvec_jiffies, |
| 1215 | }, | 1215 | }, |
| 1216 | #endif | 1216 | #endif |
| 1217 | #ifdef CONFIG_MMU | ||
| 1217 | { | 1218 | { |
| 1218 | .procname = "mmap_min_addr", | 1219 | .procname = "mmap_min_addr", |
| 1219 | .data = &dac_mmap_min_addr, | 1220 | .data = &dac_mmap_min_addr, |
| @@ -1221,6 +1222,7 @@ static struct ctl_table vm_table[] = { | |||
| 1221 | .mode = 0644, | 1222 | .mode = 0644, |
| 1222 | .proc_handler = mmap_min_addr_handler, | 1223 | .proc_handler = mmap_min_addr_handler, |
| 1223 | }, | 1224 | }, |
| 1225 | #endif | ||
| 1224 | #ifdef CONFIG_NUMA | 1226 | #ifdef CONFIG_NUMA |
| 1225 | { | 1227 | { |
| 1226 | .procname = "numa_zonelist_order", | 1228 | .procname = "numa_zonelist_order", |
diff --git a/mm/Kconfig b/mm/Kconfig index 43ea8c3a2bbf..ee9f3e0f2b69 100644 --- a/mm/Kconfig +++ b/mm/Kconfig | |||
| @@ -221,6 +221,7 @@ config KSM | |||
| 221 | 221 | ||
| 222 | config DEFAULT_MMAP_MIN_ADDR | 222 | config DEFAULT_MMAP_MIN_ADDR |
| 223 | int "Low address space to protect from user allocation" | 223 | int "Low address space to protect from user allocation" |
| 224 | depends on MMU | ||
| 224 | default 4096 | 225 | default 4096 |
| 225 | help | 226 | help |
| 226 | This is the portion of low virtual memory which should be protected | 227 | This is the portion of low virtual memory which should be protected |
diff --git a/security/Makefile b/security/Makefile index bb44e350c618..da20a193c8dd 100644 --- a/security/Makefile +++ b/security/Makefile | |||
| @@ -8,7 +8,8 @@ subdir-$(CONFIG_SECURITY_SMACK) += smack | |||
| 8 | subdir-$(CONFIG_SECURITY_TOMOYO) += tomoyo | 8 | subdir-$(CONFIG_SECURITY_TOMOYO) += tomoyo |
| 9 | 9 | ||
| 10 | # always enable default capabilities | 10 | # always enable default capabilities |
| 11 | obj-y += commoncap.o min_addr.o | 11 | obj-y += commoncap.o |
| 12 | obj-$(CONFIG_MMU) += min_addr.o | ||
| 12 | 13 | ||
| 13 | # Object file lists | 14 | # Object file lists |
| 14 | obj-$(CONFIG_SECURITY) += security.o capability.o | 15 | obj-$(CONFIG_SECURITY) += security.o capability.o |