aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2009-08-17 16:38:58 -0400
committerLinus Torvalds <torvalds@linux-foundation.org>2009-08-17 16:38:58 -0400
commit52dec22e739eec8f3a0154f768a599f5489048bd (patch)
treeea45071114d7f5b5b84d9615f1e8a16afc6438e4
parent08e53fcb0db34baca3db84a457b6d67faabee4c6 (diff)
parent1d9959734a1949ea4f2427bd2d8b21ede6b2441c (diff)
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6: security: define round_hint_to_min in !CONFIG_SECURITY Security/SELinux: seperate lsm specific mmap_min_addr SELinux: call cap_file_mmap in selinux_file_mmap Capabilities: move cap_file_mmap to commoncap.c
-rw-r--r--include/linux/mm.h15
-rw-r--r--include/linux/security.h24
-rw-r--r--kernel/sysctl.c7
-rw-r--r--mm/Kconfig6
-rw-r--r--mm/mmap.c3
-rw-r--r--mm/nommu.c3
-rw-r--r--security/Kconfig16
-rw-r--r--security/Makefile2
-rw-r--r--security/capability.c9
-rw-r--r--security/commoncap.c30
-rw-r--r--security/min_addr.c49
-rw-r--r--security/selinux/hooks.c14
12 files changed, 137 insertions, 41 deletions
diff --git a/include/linux/mm.h b/include/linux/mm.h
index ba3a7cb1eaa0..9a72cc78e6b8 100644
--- a/include/linux/mm.h
+++ b/include/linux/mm.h
@@ -34,8 +34,6 @@ extern int sysctl_legacy_va_layout;
34#define sysctl_legacy_va_layout 0 34#define sysctl_legacy_va_layout 0
35#endif 35#endif
36 36
37extern unsigned long mmap_min_addr;
38
39#include <asm/page.h> 37#include <asm/page.h>
40#include <asm/pgtable.h> 38#include <asm/pgtable.h>
41#include <asm/processor.h> 39#include <asm/processor.h>
@@ -575,19 +573,6 @@ static inline void set_page_links(struct page *page, enum zone_type zone,
575} 573}
576 574
577/* 575/*
578 * If a hint addr is less than mmap_min_addr change hint to be as
579 * low as possible but still greater than mmap_min_addr
580 */
581static inline unsigned long round_hint_to_min(unsigned long hint)
582{
583 hint &= PAGE_MASK;
584 if (((void *)hint != NULL) &&
585 (hint < mmap_min_addr))
586 return PAGE_ALIGN(mmap_min_addr);
587 return hint;
588}
589
590/*
591 * Some inline functions in vmstat.h depend on page_zone() 576 * Some inline functions in vmstat.h depend on page_zone()
592 */ 577 */
593#include <linux/vmstat.h> 578#include <linux/vmstat.h>
diff --git a/include/linux/security.h b/include/linux/security.h
index 5eff459b3833..1f16eea2017b 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -28,6 +28,7 @@
28#include <linux/resource.h> 28#include <linux/resource.h>
29#include <linux/sem.h> 29#include <linux/sem.h>
30#include <linux/shm.h> 30#include <linux/shm.h>
31#include <linux/mm.h> /* PAGE_ALIGN */
31#include <linux/msg.h> 32#include <linux/msg.h>
32#include <linux/sched.h> 33#include <linux/sched.h>
33#include <linux/key.h> 34#include <linux/key.h>
@@ -66,6 +67,9 @@ extern int cap_inode_setxattr(struct dentry *dentry, const char *name,
66extern int cap_inode_removexattr(struct dentry *dentry, const char *name); 67extern int cap_inode_removexattr(struct dentry *dentry, const char *name);
67extern int cap_inode_need_killpriv(struct dentry *dentry); 68extern int cap_inode_need_killpriv(struct dentry *dentry);
68extern int cap_inode_killpriv(struct dentry *dentry); 69extern int cap_inode_killpriv(struct dentry *dentry);
70extern int cap_file_mmap(struct file *file, unsigned long reqprot,
71 unsigned long prot, unsigned long flags,
72 unsigned long addr, unsigned long addr_only);
69extern int cap_task_fix_setuid(struct cred *new, const struct cred *old, int flags); 73extern int cap_task_fix_setuid(struct cred *new, const struct cred *old, int flags);
70extern int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3, 74extern int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3,
71 unsigned long arg4, unsigned long arg5); 75 unsigned long arg4, unsigned long arg5);
@@ -92,6 +96,7 @@ extern int cap_netlink_send(struct sock *sk, struct sk_buff *skb);
92extern int cap_netlink_recv(struct sk_buff *skb, int cap); 96extern int cap_netlink_recv(struct sk_buff *skb, int cap);
93 97
94extern unsigned long mmap_min_addr; 98extern unsigned long mmap_min_addr;
99extern unsigned long dac_mmap_min_addr;
95/* 100/*
96 * Values used in the task_security_ops calls 101 * Values used in the task_security_ops calls
97 */ 102 */
@@ -116,6 +121,21 @@ struct request_sock;
116#define LSM_UNSAFE_PTRACE 2 121#define LSM_UNSAFE_PTRACE 2
117#define LSM_UNSAFE_PTRACE_CAP 4 122#define LSM_UNSAFE_PTRACE_CAP 4
118 123
124/*
125 * If a hint addr is less than mmap_min_addr change hint to be as
126 * low as possible but still greater than mmap_min_addr
127 */
128static inline unsigned long round_hint_to_min(unsigned long hint)
129{
130 hint &= PAGE_MASK;
131 if (((void *)hint != NULL) &&
132 (hint < mmap_min_addr))
133 return PAGE_ALIGN(mmap_min_addr);
134 return hint;
135}
136extern int mmap_min_addr_handler(struct ctl_table *table, int write, struct file *filp,
137 void __user *buffer, size_t *lenp, loff_t *ppos);
138
119#ifdef CONFIG_SECURITY 139#ifdef CONFIG_SECURITY
120 140
121struct security_mnt_opts { 141struct security_mnt_opts {
@@ -2197,9 +2217,7 @@ static inline int security_file_mmap(struct file *file, unsigned long reqprot,
2197 unsigned long addr, 2217 unsigned long addr,
2198 unsigned long addr_only) 2218 unsigned long addr_only)
2199{ 2219{
2200 if ((addr < mmap_min_addr) && !capable(CAP_SYS_RAWIO)) 2220 return cap_file_mmap(file, reqprot, prot, flags, addr, addr_only);
2201 return -EACCES;
2202 return 0;
2203} 2221}
2204 2222
2205static inline int security_file_mprotect(struct vm_area_struct *vma, 2223static inline int security_file_mprotect(struct vm_area_struct *vma,
diff --git a/kernel/sysctl.c b/kernel/sysctl.c
index 98e02328c67d..58be76017fd0 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -49,6 +49,7 @@
49#include <linux/acpi.h> 49#include <linux/acpi.h>
50#include <linux/reboot.h> 50#include <linux/reboot.h>
51#include <linux/ftrace.h> 51#include <linux/ftrace.h>
52#include <linux/security.h>
52#include <linux/slow-work.h> 53#include <linux/slow-work.h>
53#include <linux/perf_counter.h> 54#include <linux/perf_counter.h>
54 55
@@ -1306,10 +1307,10 @@ static struct ctl_table vm_table[] = {
1306 { 1307 {
1307 .ctl_name = CTL_UNNUMBERED, 1308 .ctl_name = CTL_UNNUMBERED,
1308 .procname = "mmap_min_addr", 1309 .procname = "mmap_min_addr",
1309 .data = &mmap_min_addr, 1310 .data = &dac_mmap_min_addr,
1310 .maxlen = sizeof(unsigned long), 1311 .maxlen = sizeof(unsigned long),
1311 .mode = 0644, 1312 .mode = 0644,
1312 .proc_handler = &proc_doulongvec_minmax, 1313 .proc_handler = &mmap_min_addr_handler,
1313 }, 1314 },
1314#ifdef CONFIG_NUMA 1315#ifdef CONFIG_NUMA
1315 { 1316 {
diff --git a/mm/Kconfig b/mm/Kconfig
index c948d4ca8bde..fe5f674d7a7d 100644
--- a/mm/Kconfig
+++ b/mm/Kconfig
@@ -225,9 +225,9 @@ config DEFAULT_MMAP_MIN_ADDR
225 For most ia64, ppc64 and x86 users with lots of address space 225 For most ia64, ppc64 and x86 users with lots of address space
226 a value of 65536 is reasonable and should cause no problems. 226 a value of 65536 is reasonable and should cause no problems.
227 On arm and other archs it should not be higher than 32768. 227 On arm and other archs it should not be higher than 32768.
228 Programs which use vm86 functionality would either need additional 228 Programs which use vm86 functionality or have some need to map
229 permissions from either the LSM or the capabilities module or have 229 this low address space will need CAP_SYS_RAWIO or disable this
230 this protection disabled. 230 protection by setting the value to 0.
231 231
232 This value can be changed after boot using the 232 This value can be changed after boot using the
233 /proc/sys/vm/mmap_min_addr tunable. 233 /proc/sys/vm/mmap_min_addr tunable.
diff --git a/mm/mmap.c b/mm/mmap.c
index 34579b23ebd5..8101de490c73 100644
--- a/mm/mmap.c
+++ b/mm/mmap.c
@@ -88,9 +88,6 @@ int sysctl_overcommit_ratio = 50; /* default is 50% */
88int sysctl_max_map_count __read_mostly = DEFAULT_MAX_MAP_COUNT; 88int sysctl_max_map_count __read_mostly = DEFAULT_MAX_MAP_COUNT;
89struct percpu_counter vm_committed_as; 89struct percpu_counter vm_committed_as;
90 90
91/* amount of vm to protect from userspace access */
92unsigned long mmap_min_addr = CONFIG_DEFAULT_MMAP_MIN_ADDR;
93
94/* 91/*
95 * Check that a process has enough memory to allocate a new virtual 92 * Check that a process has enough memory to allocate a new virtual
96 * mapping. 0 means there is enough memory for the allocation to 93 * mapping. 0 means there is enough memory for the allocation to
diff --git a/mm/nommu.c b/mm/nommu.c
index 53cab10fece4..28754c40be98 100644
--- a/mm/nommu.c
+++ b/mm/nommu.c
@@ -69,9 +69,6 @@ int sysctl_max_map_count = DEFAULT_MAX_MAP_COUNT;
69int sysctl_nr_trim_pages = CONFIG_NOMMU_INITIAL_TRIM_EXCESS; 69int sysctl_nr_trim_pages = CONFIG_NOMMU_INITIAL_TRIM_EXCESS;
70int heap_stack_gap = 0; 70int heap_stack_gap = 0;
71 71
72/* amou