security: use mmap_min_addr indepedently of security models

This patch removes the dependency of mmap_min_addr on CONFIG_SECURITY. It also sets a default mmap_min_addr of 4096. mmapping of addresses below 4096 will only be possible for processes with CAP_SYS_RAWIO. Signed-off-by: Christoph Lameter <cl@linux-foundation.org> Acked-by: Eric Paris <eparis@redhat.com> Looks-ok-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: James Morris <jmorris@namei.org>
author: Christoph Lameter <cl@linux-foundation.org> 2009-06-03 16:04:31 -0400
committer: James Morris <jmorris@namei.org> 2009-06-03 22:07:48 -0400
commit: e0a94c2a63f2644826069044649669b5e7ca75d3 (patch)
tree: debf8a9af6ac23dadd116dc1cd1f9dcefe9629c6 /mm
parent: 7d2948b1248109dbc7f4aaf9867c54b1912d494c (diff)
2 files changed, 22 insertions, 0 deletions
diff --git a/mm/Kconfig b/mm/Kconfig
index c2b57d81e153..71830ba7b986 100644
--- a/mm/Kconfig
+++ b/mm/Kconfig
@@ -226,6 +226,25 @@ config HAVE_MLOCKED_PAGE_BIT
 config MMU_NOTIFIER
        bool
+config DEFAULT_MMAP_MIN_ADDR
+        int "Low address space to protect from user allocation"
+        default 4096
+        help
+          This is the portion of low virtual memory which should be protected
+          from userspace allocation.  Keeping a user from writing to low pages
+          can help reduce the impact of kernel NULL pointer bugs.
+          For most ia64, ppc64 and x86 users with lots of address space
+          a value of 65536 is reasonable and should cause no problems.
+          On arm and other archs it should not be higher than 32768.
+          Programs which use vm86 functionality would either need additional
+          permissions from either the LSM or the capabilities module or have
+          this protection disabled.
+          This value can be changed after boot using the
+          /proc/sys/vm/mmap_min_addr tunable.
 config NOMMU_INITIAL_TRIM_EXCESS
        int "Turn on mmap() excess space trimming before booting"
        depends on !MMU
diff --git a/mm/mmap.c b/mm/mmap.c
index 6b7b1a95944b..2b43fa1aa3c8 100644
--- a/mm/mmap.c
+++ b/mm/mmap.c
@@ -87,6 +87,9 @@ int sysctl_overcommit_ratio = 50;	/* default is 50% */
 int sysctl_max_map_count __read_mostly = DEFAULT_MAX_MAP_COUNT;
 struct percpu_counter vm_committed_as;
+/* amount of vm to protect from userspace access */
+unsigned long mmap_min_addr = CONFIG_DEFAULT_MMAP_MIN_ADDR;
 /*
 * Check that a process has enough memory to allocate a new virtual
 * mapping. 0 means there is enough memory for the allocation to
author	Christoph Lameter <cl@linux-foundation.org>	2009-06-03 16:04:31 -0400
committer	James Morris <jmorris@namei.org>	2009-06-03 22:07:48 -0400
commit	e0a94c2a63f2644826069044649669b5e7ca75d3 (patch)
tree	debf8a9af6ac23dadd116dc1cd1f9dcefe9629c6 /mm
parent	7d2948b1248109dbc7f4aaf9867c54b1912d494c (diff)

diff --git a/mm/Kconfig b/mm/Kconfig index c2b57d81e153..71830ba7b986 100644 --- a/mm/Kconfig +++ b/mm/Kconfig
@@ -226,6 +226,25 @@ config HAVE_MLOCKED_PAGE_BIT
226	config MMU_NOTIFIER	226	config MMU_NOTIFIER
227	bool	227	bool
228		228
		229	config DEFAULT_MMAP_MIN_ADDR
		230	int "Low address space to protect from user allocation"
		231	default 4096
		232	help
		233	This is the portion of low virtual memory which should be protected
		234	from userspace allocation. Keeping a user from writing to low pages
		235	can help reduce the impact of kernel NULL pointer bugs.
		236
		237	For most ia64, ppc64 and x86 users with lots of address space
		238	a value of 65536 is reasonable and should cause no problems.
		239	On arm and other archs it should not be higher than 32768.
		240	Programs which use vm86 functionality would either need additional
		241	permissions from either the LSM or the capabilities module or have
		242	this protection disabled.
		243
		244	This value can be changed after boot using the
		245	/proc/sys/vm/mmap_min_addr tunable.
		246
		247
229	config NOMMU_INITIAL_TRIM_EXCESS	248	config NOMMU_INITIAL_TRIM_EXCESS
230	int "Turn on mmap() excess space trimming before booting"	249	int "Turn on mmap() excess space trimming before booting"
231	depends on !MMU	250	depends on !MMU


diff --git a/mm/mmap.c b/mm/mmap.c index 6b7b1a95944b..2b43fa1aa3c8 100644 --- a/mm/mmap.c +++ b/mm/mmap.c
@@ -87,6 +87,9 @@ int sysctl_overcommit_ratio = 50; /* default is 50% */
87	int sysctl_max_map_count __read_mostly = DEFAULT_MAX_MAP_COUNT;	87	int sysctl_max_map_count __read_mostly = DEFAULT_MAX_MAP_COUNT;
88	struct percpu_counter vm_committed_as;	88	struct percpu_counter vm_committed_as;
89		89
		90	/* amount of vm to protect from userspace access */
		91	unsigned long mmap_min_addr = CONFIG_DEFAULT_MMAP_MIN_ADDR;
		92
90	/*	93	/*
91	* Check that a process has enough memory to allocate a new virtual	94	* Check that a process has enough memory to allocate a new virtual
92	* mapping. 0 means there is enough memory for the allocation to	95	* mapping. 0 means there is enough memory for the allocation to