diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2009-08-17 16:38:58 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2009-08-17 16:38:58 -0400 |
| commit | 52dec22e739eec8f3a0154f768a599f5489048bd (patch) | |
| tree | ea45071114d7f5b5b84d9615f1e8a16afc6438e4 | |
| parent | 08e53fcb0db34baca3db84a457b6d67faabee4c6 (diff) | |
| parent | 1d9959734a1949ea4f2427bd2d8b21ede6b2441c (diff) | |
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6:
security: define round_hint_to_min in !CONFIG_SECURITY
Security/SELinux: seperate lsm specific mmap_min_addr
SELinux: call cap_file_mmap in selinux_file_mmap
Capabilities: move cap_file_mmap to commoncap.c
| -rw-r--r-- | include/linux/mm.h | 15 | ||||
| -rw-r--r-- | include/linux/security.h | 24 | ||||
| -rw-r--r-- | kernel/sysctl.c | 7 | ||||
| -rw-r--r-- | mm/Kconfig | 6 | ||||
| -rw-r--r-- | mm/mmap.c | 3 | ||||
| -rw-r--r-- | mm/nommu.c | 3 | ||||
| -rw-r--r-- | security/Kconfig | 16 | ||||
| -rw-r--r-- | security/Makefile | 2 | ||||
| -rw-r--r-- | security/capability.c | 9 | ||||
| -rw-r--r-- | security/commoncap.c | 30 | ||||
| -rw-r--r-- | security/min_addr.c | 49 | ||||
| -rw-r--r-- | security/selinux/hooks.c | 14 |
12 files changed, 137 insertions, 41 deletions
diff --git a/include/linux/mm.h b/include/linux/mm.h index ba3a7cb1eaa0..9a72cc78e6b8 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h | |||
| @@ -34,8 +34,6 @@ extern int sysctl_legacy_va_layout; | |||
| 34 | #define sysctl_legacy_va_layout 0 | 34 | #define sysctl_legacy_va_layout 0 |
| 35 | #endif | 35 | #endif |
| 36 | 36 | ||
| 37 | extern unsigned long mmap_min_addr; | ||
| 38 | |||
| 39 | #include <asm/page.h> | 37 | #include <asm/page.h> |
| 40 | #include <asm/pgtable.h> | 38 | #include <asm/pgtable.h> |
| 41 | #include <asm/processor.h> | 39 | #include <asm/processor.h> |
| @@ -575,19 +573,6 @@ static inline void set_page_links(struct page *page, enum zone_type zone, | |||
| 575 | } | 573 | } |
| 576 | 574 | ||
| 577 | /* | 575 | /* |
| 578 | * If a hint addr is less than mmap_min_addr change hint to be as | ||
| 579 | * low as possible but still greater than mmap_min_addr | ||
| 580 | */ | ||
| 581 | static inline unsigned long round_hint_to_min(unsigned long hint) | ||
| 582 | { | ||
| 583 | hint &= PAGE_MASK; | ||
| 584 | if (((void *)hint != NULL) && | ||
| 585 | (hint < mmap_min_addr)) | ||
| 586 | return PAGE_ALIGN(mmap_min_addr); | ||
| 587 | return hint; | ||
| 588 | } | ||
| 589 | |||
| 590 | /* | ||
| 591 | * Some inline functions in vmstat.h depend on page_zone() | 576 | * Some inline functions in vmstat.h depend on page_zone() |
| 592 | */ | 577 | */ |
| 593 | #include <linux/vmstat.h> | 578 | #include <linux/vmstat.h> |
diff --git a/include/linux/security.h b/include/linux/security.h index 5eff459b3833..1f16eea2017b 100644 --- a/include/linux/security.h +++ b/include/linux/security.h | |||
| @@ -28,6 +28,7 @@ | |||
| 28 | #include <linux/resource.h> | 28 | #include <linux/resource.h> |
| 29 | #include <linux/sem.h> | 29 | #include <linux/sem.h> |
| 30 | #include <linux/shm.h> | 30 | #include <linux/shm.h> |
| 31 | #include <linux/mm.h> /* PAGE_ALIGN */ | ||
| 31 | #include <linux/msg.h> | 32 | #include <linux/msg.h> |
| 32 | #include <linux/sched.h> | 33 | #include <linux/sched.h> |
| 33 | #include <linux/key.h> | 34 | #include <linux/key.h> |
| @@ -66,6 +67,9 @@ extern int cap_inode_setxattr(struct dentry *dentry, const char *name, | |||
| 66 | extern int cap_inode_removexattr(struct dentry *dentry, const char *name); | 67 | extern int cap_inode_removexattr(struct dentry *dentry, const char *name); |
| 67 | extern int cap_inode_need_killpriv(struct dentry *dentry); | 68 | extern int cap_inode_need_killpriv(struct dentry *dentry); |
| 68 | extern int cap_inode_killpriv(struct dentry *dentry); | 69 | extern int cap_inode_killpriv(struct dentry *dentry); |
| 70 | extern int cap_file_mmap(struct file *file, unsigned long reqprot, | ||
| 71 | unsigned long prot, unsigned long flags, | ||
| 72 | unsigned long addr, unsigned long addr_only); | ||
| 69 | extern int cap_task_fix_setuid(struct cred *new, const struct cred *old, int flags); | 73 | extern int cap_task_fix_setuid(struct cred *new, const struct cred *old, int flags); |
| 70 | extern int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3, | 74 | extern int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3, |
| 71 | unsigned long arg4, unsigned long arg5); | 75 | unsigned long arg4, unsigned long arg5); |
| @@ -92,6 +96,7 @@ extern int cap_netlink_send(struct sock *sk, struct sk_buff *skb); | |||
| 92 | extern int cap_netlink_recv(struct sk_buff *skb, int cap); | 96 | extern int cap_netlink_recv(struct sk_buff *skb, int cap); |
| 93 | 97 | ||
| 94 | extern unsigned long mmap_min_addr; | 98 | extern unsigned long mmap_min_addr; |
| 99 | extern unsigned long dac_mmap_min_addr; | ||
| 95 | /* | 100 | /* |
| 96 | * Values used in the task_security_ops calls | 101 | * Values used in the task_security_ops calls |
| 97 | */ | 102 | */ |
| @@ -116,6 +121,21 @@ struct request_sock; | |||
| 116 | #define LSM_UNSAFE_PTRACE 2 | 121 | #define LSM_UNSAFE_PTRACE 2 |
| 117 | #define LSM_UNSAFE_PTRACE_CAP 4 | 122 | #define LSM_UNSAFE_PTRACE_CAP 4 |
| 118 | 123 | ||
| 124 | /* | ||
| 125 | * If a hint addr is less than mmap_min_addr change hint to be as | ||
| 126 | * low as possible but still greater than mmap_min_addr | ||
| 127 | */ | ||
| 128 | static inline unsigned long round_hint_to_min(unsigned long hint) | ||
| 129 | { | ||
| 130 | hint &= PAGE_MASK; | ||
| 131 | if (((void *)hint != NULL) && | ||
| 132 | (hint < mmap_min_addr)) | ||
| 133 | return PAGE_ALIGN(mmap_min_addr); | ||
| 134 | return hint; | ||
| 135 | } | ||
| 136 | extern int mmap_min_addr_handler(struct ctl_table *table, int write, struct file *filp, | ||
| 137 | void __user *buffer, size_t *lenp, loff_t *ppos); | ||
| 138 | |||
| 119 | #ifdef CONFIG_SECURITY | 139 | #ifdef CONFIG_SECURITY |
| 120 | 140 | ||
| 121 | struct security_mnt_opts { | 141 | struct security_mnt_opts { |
| @@ -2197,9 +2217,7 @@ static inline int security_file_mmap(struct file *file, unsigned long reqprot, | |||
| 2197 | unsigned long addr, | 2217 | unsigned long addr, |
| 2198 | unsigned long addr_only) | 2218 | unsigned long addr_only) |
| 2199 | { | 2219 | { |
| 2200 | if ((addr < mmap_min_addr) && !capable(CAP_SYS_RAWIO)) | 2220 | return cap_file_mmap(file, reqprot, prot, flags, addr, addr_only); |
| 2201 | return -EACCES; | ||
| 2202 | return 0; | ||
| 2203 | } | 2221 | } |
| 2204 | 2222 | ||
| 2205 | static inline int security_file_mprotect(struct vm_area_struct *vma, | 2223 | static inline int security_file_mprotect(struct vm_area_struct *vma, |
diff --git a/kernel/sysctl.c b/kernel/sysctl.c index 98e02328c67d..58be76017fd0 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c | |||
| @@ -49,6 +49,7 @@ | |||
| 49 | #include <linux/acpi.h> | 49 | #include <linux/acpi.h> |
| 50 | #include <linux/reboot.h> | 50 | #include <linux/reboot.h> |
| 51 | #include <linux/ftrace.h> | 51 | #include <linux/ftrace.h> |
| 52 | #include <linux/security.h> | ||
| 52 | #include <linux/slow-work.h> | 53 | #include <linux/slow-work.h> |
| 53 | #include <linux/perf_counter.h> | 54 | #include <linux/perf_counter.h> |
| 54 | 55 | ||
| @@ -1306,10 +1307,10 @@ static struct ctl_table vm_table[] = { | |||
| 1306 | { | 1307 | { |
| 1307 | .ctl_name = CTL_UNNUMBERED, | 1308 | .ctl_name = CTL_UNNUMBERED, |
| 1308 | .procname = "mmap_min_addr", | 1309 | .procname = "mmap_min_addr", |
| 1309 | .data = &mmap_min_addr, | 1310 | .data = &dac_mmap_min_addr, |
| 1310 | .maxlen = sizeof(unsigned long), | 1311 | .maxlen = sizeof(unsigned long), |
| 1311 | .mode = 0644, | 1312 | .mode = 0644, |
| 1312 | .proc_handler = &proc_doulongvec_minmax, | 1313 | .proc_handler = &mmap_min_addr_handler, |
| 1313 | }, | 1314 | }, |
| 1314 | #ifdef CONFIG_NUMA | 1315 | #ifdef CONFIG_NUMA |
| 1315 | { | 1316 | { |
diff --git a/mm/Kconfig b/mm/Kconfig index c948d4ca8bde..fe5f674d7a7d 100644 --- a/mm/Kconfig +++ b/mm/Kconfig | |||
| @@ -225,9 +225,9 @@ config DEFAULT_MMAP_MIN_ADDR | |||
| 225 | For most ia64, ppc64 and x86 users with lots of address space | 225 | For most ia64, ppc64 and x86 users with lots of address space |
| 226 | a value of 65536 is reasonable and should cause no problems. | 226 | a value of 65536 is reasonable and should cause no problems. |
| 227 | On arm and other archs it should not be higher than 32768. | 227 | On arm and other archs it should not be higher than 32768. |
| 228 | Programs which use vm86 functionality would either need additional | 228 | Programs which use vm86 functionality or have some need to map |
| 229 | permissions from either the LSM or the capabilities module or have | 229 | this low address space will need CAP_SYS_RAWIO or disable this |
| 230 | this protection disabled. | 230 | protection by setting the value to 0. |
| 231 | 231 | ||
| 232 | This value can be changed after boot using the | 232 | This value can be changed after boot using the |
| 233 | /proc/sys/vm/mmap_min_addr tunable. | 233 | /proc/sys/vm/mmap_min_addr tunable. |
| @@ -88,9 +88,6 @@ int sysctl_overcommit_ratio = 50; /* default is 50% */ | |||
| 88 | int sysctl_max_map_count __read_mostly = DEFAULT_MAX_MAP_COUNT; | 88 | int sysctl_max_map_count __read_mostly = DEFAULT_MAX_MAP_COUNT; |
| 89 | struct percpu_counter vm_committed_as; | 89 | struct percpu_counter vm_committed_as; |
| 90 | 90 | ||
| 91 | /* amount of vm to protect from userspace access */ | ||
| 92 | unsigned long mmap_min_addr = CONFIG_DEFAULT_MMAP_MIN_ADDR; | ||
| 93 | |||
| 94 | /* | 91 | /* |
| 95 | * Check that a process has enough memory to allocate a new virtual | 92 | * Check that a process has enough memory to allocate a new virtual |
| 96 | * mapping. 0 means there is enough memory for the allocation to | 93 | * mapping. 0 means there is enough memory for the allocation to |
diff --git a/mm/nommu.c b/mm/nommu.c index 53cab10fece4..28754c40be98 100644 --- a/mm/nommu.c +++ b/mm/nommu.c | |||
| @@ -69,9 +69,6 @@ int sysctl_max_map_count = DEFAULT_MAX_MAP_COUNT; | |||
| 69 | int sysctl_nr_trim_pages = CONFIG_NOMMU_INITIAL_TRIM_EXCESS; | 69 | int sysctl_nr_trim_pages = CONFIG_NOMMU_INITIAL_TRIM_EXCESS; |
| 70 | int heap_stack_gap = 0; | 70 | int heap_stack_gap = 0; |
| 71 | 71 | ||
| 72 | /* amou | ||
