aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--include/linux/security.h7
-rw-r--r--kernel/sysctl.c2
-rw-r--r--mm/Kconfig1
-rw-r--r--security/Makefile3
4 files changed, 12 insertions, 1 deletions
diff --git a/include/linux/security.h b/include/linux/security.h
index 466cbadbd1ef..2c627d361c02 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -95,8 +95,13 @@ struct seq_file;
95extern int cap_netlink_send(struct sock *sk, struct sk_buff *skb); 95extern int cap_netlink_send(struct sock *sk, struct sk_buff *skb);
96extern int cap_netlink_recv(struct sk_buff *skb, int cap); 96extern int cap_netlink_recv(struct sk_buff *skb, int cap);
97 97
98#ifdef CONFIG_MMU
98extern unsigned long mmap_min_addr; 99extern unsigned long mmap_min_addr;
99extern unsigned long dac_mmap_min_addr; 100extern unsigned long dac_mmap_min_addr;
101#else
102#define dac_mmap_min_addr 0UL
103#endif
104
100/* 105/*
101 * Values used in the task_security_ops calls 106 * Values used in the task_security_ops calls
102 */ 107 */
@@ -121,6 +126,7 @@ struct request_sock;
121#define LSM_UNSAFE_PTRACE 2 126#define LSM_UNSAFE_PTRACE 2
122#define LSM_UNSAFE_PTRACE_CAP 4 127#define LSM_UNSAFE_PTRACE_CAP 4
123 128
129#ifdef CONFIG_MMU
124/* 130/*
125 * If a hint addr is less than mmap_min_addr change hint to be as 131 * If a hint addr is less than mmap_min_addr change hint to be as
126 * low as possible but still greater than mmap_min_addr 132 * low as possible but still greater than mmap_min_addr
@@ -135,6 +141,7 @@ static inline unsigned long round_hint_to_min(unsigned long hint)
135} 141}
136extern int mmap_min_addr_handler(struct ctl_table *table, int write, 142extern int mmap_min_addr_handler(struct ctl_table *table, int write,
137 void __user *buffer, size_t *lenp, loff_t *ppos); 143 void __user *buffer, size_t *lenp, loff_t *ppos);
144#endif
138 145
139#ifdef CONFIG_SECURITY 146#ifdef CONFIG_SECURITY
140 147
diff --git a/kernel/sysctl.c b/kernel/sysctl.c
index 45e4bef0012a..856a24eadf7e 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -1214,6 +1214,7 @@ static struct ctl_table vm_table[] = {
1214 .proc_handler = proc_dointvec_jiffies, 1214 .proc_handler = proc_dointvec_jiffies,
1215 }, 1215 },
1216#endif 1216#endif
1217#ifdef CONFIG_MMU
1217 { 1218 {
1218 .procname = "mmap_min_addr", 1219 .procname = "mmap_min_addr",
1219 .data = &dac_mmap_min_addr, 1220 .data = &dac_mmap_min_addr,
@@ -1221,6 +1222,7 @@ static struct ctl_table vm_table[] = {
1221 .mode = 0644, 1222 .mode = 0644,
1222 .proc_handler = mmap_min_addr_handler, 1223 .proc_handler = mmap_min_addr_handler,
1223 }, 1224 },
1225#endif
1224#ifdef CONFIG_NUMA 1226#ifdef CONFIG_NUMA
1225 { 1227 {
1226 .procname = "numa_zonelist_order", 1228 .procname = "numa_zonelist_order",
diff --git a/mm/Kconfig b/mm/Kconfig
index 43ea8c3a2bbf..ee9f3e0f2b69 100644
--- a/mm/Kconfig
+++ b/mm/Kconfig
@@ -221,6 +221,7 @@ config KSM
221 221
222config DEFAULT_MMAP_MIN_ADDR 222config DEFAULT_MMAP_MIN_ADDR
223 int "Low address space to protect from user allocation" 223 int "Low address space to protect from user allocation"
224 depends on MMU
224 default 4096 225 default 4096
225 help 226 help
226 This is the portion of low virtual memory which should be protected 227 This is the portion of low virtual memory which should be protected
diff --git a/security/Makefile b/security/Makefile
index bb44e350c618..da20a193c8dd 100644
--- a/security/Makefile
+++ b/security/Makefile
@@ -8,7 +8,8 @@ subdir-$(CONFIG_SECURITY_SMACK) += smack
8subdir-$(CONFIG_SECURITY_TOMOYO) += tomoyo 8subdir-$(CONFIG_SECURITY_TOMOYO) += tomoyo
9 9
10# always enable default capabilities 10# always enable default capabilities
11obj-y += commoncap.o min_addr.o 11obj-y += commoncap.o
12obj-$(CONFIG_MMU) += min_addr.o
12 13
13# Object file lists 14# Object file lists
14obj-$(CONFIG_SECURITY) += security.o capability.o 15obj-$(CONFIG_SECURITY) += security.o capability.o