aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2009-12-17 19:58:26 -0500
committerLinus Torvalds <torvalds@linux-foundation.org>2009-12-17 19:58:26 -0500
commitefc8e7f4c83dc85acbf5f54a8b1b24ae75b20aaa (patch)
treecf7df8a837b719623e13b3ab19e8cfce1e270883
parentb5c96f89177b460ef89ecd777d5f2fefd4534d3f (diff)
parenta00ae4d21b2fa9379914f270ffffd8d3bec55430 (diff)
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6: Keys: KEYCTL_SESSION_TO_PARENT needs TIF_NOTIFY_RESUME architecture support NOMMU: Optimise away the {dac_,}mmap_min_addr tests security/min_addr.c: make init_mmap_min_addr() static keys: PTR_ERR return of wrong pointer in keyctl_get_security()
-rw-r--r--include/linux/security.h7
-rw-r--r--kernel/sysctl.c2
-rw-r--r--mm/Kconfig1
-rw-r--r--security/Makefile3
-rw-r--r--security/keys/keyctl.c12
-rw-r--r--security/min_addr.c2
6 files changed, 24 insertions, 3 deletions
diff --git a/include/linux/security.h b/include/linux/security.h
index 466cbadbd1ef..2c627d361c02 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -95,8 +95,13 @@ struct seq_file;
95extern int cap_netlink_send(struct sock *sk, struct sk_buff *skb); 95extern int cap_netlink_send(struct sock *sk, struct sk_buff *skb);
96extern int cap_netlink_recv(struct sk_buff *skb, int cap); 96extern int cap_netlink_recv(struct sk_buff *skb, int cap);
97 97
98#ifdef CONFIG_MMU
98extern unsigned long mmap_min_addr; 99extern unsigned long mmap_min_addr;
99extern unsigned long dac_mmap_min_addr; 100extern unsigned long dac_mmap_min_addr;
101#else
102#define dac_mmap_min_addr 0UL
103#endif
104
100/* 105/*
101 * Values used in the task_security_ops calls 106 * Values used in the task_security_ops calls
102 */ 107 */
@@ -121,6 +126,7 @@ struct request_sock;
121#define LSM_UNSAFE_PTRACE 2 126#define LSM_UNSAFE_PTRACE 2
122#define LSM_UNSAFE_PTRACE_CAP 4 127#define LSM_UNSAFE_PTRACE_CAP 4
123 128
129#ifdef CONFIG_MMU
124/* 130/*
125 * If a hint addr is less than mmap_min_addr change hint to be as 131 * If a hint addr is less than mmap_min_addr change hint to be as
126 * low as possible but still greater than mmap_min_addr 132 * low as possible but still greater than mmap_min_addr
@@ -135,6 +141,7 @@ static inline unsigned long round_hint_to_min(unsigned long hint)
135} 141}
136extern int mmap_min_addr_handler(struct ctl_table *table, int write, 142extern int mmap_min_addr_handler(struct ctl_table *table, int write,
137 void __user *buffer, size_t *lenp, loff_t *ppos); 143 void __user *buffer, size_t *lenp, loff_t *ppos);
144#endif
138 145
139#ifdef CONFIG_SECURITY 146#ifdef CONFIG_SECURITY
140 147
diff --git a/kernel/sysctl.c b/kernel/sysctl.c
index 6665761c006d..8a68b2448468 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -1214,6 +1214,7 @@ static struct ctl_table vm_table[] = {
1214 .proc_handler = proc_dointvec_jiffies, 1214 .proc_handler = proc_dointvec_jiffies,
1215 }, 1215 },
1216#endif 1216#endif
1217#ifdef CONFIG_MMU
1217 { 1218 {
1218 .procname = "mmap_min_addr", 1219 .procname = "mmap_min_addr",
1219 .data = &dac_mmap_min_addr, 1220 .data = &dac_mmap_min_addr,
@@ -1221,6 +1222,7 @@ static struct ctl_table vm_table[] = {
1221 .mode = 0644, 1222 .mode = 0644,
1222 .proc_handler = mmap_min_addr_handler, 1223 .proc_handler = mmap_min_addr_handler,
1223 }, 1224 },
1225#endif
1224#ifdef CONFIG_NUMA 1226#ifdef CONFIG_NUMA
1225 { 1227 {
1226 .procname = "numa_zonelist_order", 1228 .procname = "numa_zonelist_order",
diff --git a/mm/Kconfig b/mm/Kconfig
index 43ea8c3a2bbf..ee9f3e0f2b69 100644
--- a/mm/Kconfig
+++ b/mm/Kconfig
@@ -221,6 +221,7 @@ config KSM
221 221
222config DEFAULT_MMAP_MIN_ADDR 222config DEFAULT_MMAP_MIN_ADDR
223 int "Low address space to protect from user allocation" 223 int "Low address space to protect from user allocation"
224 depends on MMU
224 default 4096 225 default 4096
225 help 226 help
226 This is the portion of low virtual memory which should be protected 227 This is the portion of low virtual memory which should be protected
diff --git a/security/Makefile b/security/Makefile
index bb44e350c618..da20a193c8dd 100644
--- a/security/Makefile
+++ b/security/Makefile
@@ -8,7 +8,8 @@ subdir-$(CONFIG_SECURITY_SMACK) += smack
8subdir-$(CONFIG_SECURITY_TOMOYO) += tomoyo 8subdir-$(CONFIG_SECURITY_TOMOYO) += tomoyo
9 9
10# always enable default capabilities 10# always enable default capabilities
11obj-y += commoncap.o min_addr.o 11obj-y += commoncap.o
12obj-$(CONFIG_MMU) += min_addr.o
12 13
13# Object file lists 14# Object file lists
14obj-$(CONFIG_SECURITY) += security.o capability.o 15obj-$(CONFIG_SECURITY) += security.o capability.o
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c
index 06ec722897be..e9c2e7c584d9 100644
--- a/security/keys/keyctl.c
+++ b/security/keys/keyctl.c
@@ -1194,7 +1194,7 @@ long keyctl_get_security(key_serial_t keyid,
1194 * have the authorisation token handy */ 1194 * have the authorisation token handy */
1195 instkey = key_get_instantiation_authkey(keyid); 1195 instkey = key_get_instantiation_authkey(keyid);
1196 if (IS_ERR(instkey)) 1196 if (IS_ERR(instkey))
1197 return PTR_ERR(key_ref); 1197 return PTR_ERR(instkey);
1198 key_put(instkey); 1198 key_put(instkey);
1199 1199
1200 key_ref = lookup_user_key(keyid, KEY_LOOKUP_PARTIAL, 0); 1200 key_ref = lookup_user_key(keyid, KEY_LOOKUP_PARTIAL, 0);
@@ -1236,6 +1236,7 @@ long keyctl_get_security(key_serial_t keyid,
1236 */ 1236 */
1237long keyctl_session_to_parent(void) 1237long keyctl_session_to_parent(void)
1238{ 1238{
1239#ifdef TIF_NOTIFY_RESUME
1239 struct task_struct *me, *parent; 1240 struct task_struct *me, *parent;
1240 const struct cred *mycred, *pcred; 1241 const struct cred *mycred, *pcred;
1241 struct cred *cred, *oldcred; 1242 struct cred *cred, *oldcred;
@@ -1326,6 +1327,15 @@ not_permitted:
1326error_keyring: 1327error_keyring:
1327 key_ref_put(keyring_r); 1328 key_ref_put(keyring_r);
1328 return ret; 1329 return ret;
1330
1331#else /* !TIF_NOTIFY_RESUME */
1332 /*
1333 * To be removed when TIF_NOTIFY_RESUME has been implemented on
1334 * m68k/xtensa
1335 */
1336#warning TIF_NOTIFY_RESUME not implemented
1337 return -EOPNOTSUPP;
1338#endif /* !TIF_NOTIFY_RESUME */
1329} 1339}
1330 1340
1331/*****************************************************************************/ 1341/*****************************************************************************/
diff --git a/security/min_addr.c b/security/min_addr.c
index fc43c9d37084..e86f297522bf 100644
--- a/security/min_addr.c
+++ b/security/min_addr.c
@@ -43,7 +43,7 @@ int mmap_min_addr_handler(struct ctl_table *table, int write,
43 return ret; 43 return ret;
44} 44}
45 45
46int __init init_mmap_min_addr(void) 46static int __init init_mmap_min_addr(void)
47{ 47{
48 update_mmap_min_addr(); 48 update_mmap_min_addr();
49 49