diff options
| -rw-r--r-- | include/linux/mm.h | 2 | ||||
| -rw-r--r-- | include/linux/security.h | 2 | ||||
| -rw-r--r-- | kernel/sysctl.c | 2 | ||||
| -rw-r--r-- | mm/Kconfig | 19 | ||||
| -rw-r--r-- | mm/mmap.c | 3 | ||||
| -rw-r--r-- | security/Kconfig | 22 | ||||
| -rw-r--r-- | security/security.c | 3 |
7 files changed, 25 insertions, 28 deletions
diff --git a/include/linux/mm.h b/include/linux/mm.h index bff1f0d475c7..0c21af6abffb 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h | |||
| @@ -580,12 +580,10 @@ static inline void set_page_links(struct page *page, enum zone_type zone, | |||
| 580 | */ | 580 | */ |
| 581 | static inline unsigned long round_hint_to_min(unsigned long hint) | 581 | static inline unsigned long round_hint_to_min(unsigned long hint) |
| 582 | { | 582 | { |
| 583 | #ifdef CONFIG_SECURITY | ||
| 584 | hint &= PAGE_MASK; | 583 | hint &= PAGE_MASK; |
| 585 | if (((void *)hint != NULL) && | 584 | if (((void *)hint != NULL) && |
| 586 | (hint < mmap_min_addr)) | 585 | (hint < mmap_min_addr)) |
| 587 | return PAGE_ALIGN(mmap_min_addr); | 586 | return PAGE_ALIGN(mmap_min_addr); |
| 588 | #endif | ||
| 589 | return hint; | 587 | return hint; |
| 590 | } | 588 | } |
| 591 | 589 | ||
diff --git a/include/linux/security.h b/include/linux/security.h index d5fd6163606f..5eff459b3833 100644 --- a/include/linux/security.h +++ b/include/linux/security.h | |||
| @@ -2197,6 +2197,8 @@ static inline int security_file_mmap(struct file *file, unsigned long reqprot, | |||
| 2197 | unsigned long addr, | 2197 | unsigned long addr, |
| 2198 | unsigned long addr_only) | 2198 | unsigned long addr_only) |
| 2199 | { | 2199 | { |
| 2200 | if ((addr < mmap_min_addr) && !capable(CAP_SYS_RAWIO)) | ||
| 2201 | return -EACCES; | ||
| 2200 | return 0; | 2202 | return 0; |
| 2201 | } | 2203 | } |
| 2202 | 2204 | ||
diff --git a/kernel/sysctl.c b/kernel/sysctl.c index 149581fb48ab..45bd711a242e 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c | |||
| @@ -1237,7 +1237,6 @@ static struct ctl_table vm_table[] = { | |||
| 1237 | .strategy = &sysctl_jiffies, | 1237 | .strategy = &sysctl_jiffies, |
| 1238 | }, | 1238 | }, |
| 1239 | #endif | 1239 | #endif |
| 1240 | #ifdef CONFIG_SECURITY | ||
| 1241 | { | 1240 | { |
| 1242 | .ctl_name = CTL_UNNUMBERED, | 1241 | .ctl_name = CTL_UNNUMBERED, |
| 1243 | .procname = "mmap_min_addr", | 1242 | .procname = "mmap_min_addr", |
| @@ -1246,7 +1245,6 @@ static struct ctl_table vm_table[] = { | |||
| 1246 | .mode = 0644, | 1245 | .mode = 0644, |
| 1247 | .proc_handler = &proc_doulongvec_minmax, | 1246 | .proc_handler = &proc_doulongvec_minmax, |
| 1248 | }, | 1247 | }, |
| 1249 | #endif | ||
| 1250 | #ifdef CONFIG_NUMA | 1248 | #ifdef CONFIG_NUMA |
| 1251 | { | 1249 | { |
| 1252 | .ctl_name = CTL_UNNUMBERED, | 1250 | .ctl_name = CTL_UNNUMBERED, |
diff --git a/mm/Kconfig b/mm/Kconfig index c2b57d81e153..71830ba7b986 100644 --- a/mm/Kconfig +++ b/mm/Kconfig | |||
| @@ -226,6 +226,25 @@ config HAVE_MLOCKED_PAGE_BIT | |||
| 226 | config MMU_NOTIFIER | 226 | config MMU_NOTIFIER |
| 227 | bool | 227 | bool |
| 228 | 228 | ||
| 229 | config DEFAULT_MMAP_MIN_ADDR | ||
| 230 | int "Low address space to protect from user allocation" | ||
| 231 | default 4096 | ||
| 232 | help | ||
| 233 | This is the portion of low virtual memory which should be protected | ||
| 234 | from userspace allocation. Keeping a user from writing to low pages | ||
| 235 | can help reduce the impact of kernel NULL pointer bugs. | ||
| 236 | |||
| 237 | For most ia64, ppc64 and x86 users with lots of address space | ||
| 238 | a value of 65536 is reasonable and should cause no problems. | ||
| 239 | On arm and other archs it should not be higher than 32768. | ||
| 240 | Programs which use vm86 functionality would either need additional | ||
| 241 | permissions from either the LSM or the capabilities module or have | ||
| 242 | this protection disabled. | ||
| 243 | |||
| 244 | This value can be changed after boot using the | ||
| 245 | /proc/sys/vm/mmap_min_addr tunable. | ||
| 246 | |||
| 247 | |||
| 229 | config NOMMU_INITIAL_TRIM_EXCESS | 248 | config NOMMU_INITIAL_TRIM_EXCESS |
| 230 | int "Turn on mmap() excess space trimming before booting" | 249 | int "Turn on mmap() excess space trimming before booting" |
| 231 | depends on !MMU | 250 | depends on !MMU |
| @@ -87,6 +87,9 @@ int sysctl_overcommit_ratio = 50; /* default is 50% */ | |||
| 87 | int sysctl_max_map_count __read_mostly = DEFAULT_MAX_MAP_COUNT; | 87 | int sysctl_max_map_count __read_mostly = DEFAULT_MAX_MAP_COUNT; |
| 88 | struct percpu_counter vm_committed_as; | 88 | struct percpu_counter vm_committed_as; |
| 89 | 89 | ||
| 90 | /* amount of vm to protect from userspace access */ | ||
| 91 | unsigned long mmap_min_addr = CONFIG_DEFAULT_MMAP_MIN_ADDR; | ||
| 92 | |||
| 90 | /* | 93 | /* |
| 91 | * Check that a process has enough memory to allocate a new virtual | 94 | * Check that a process has enough memory to allocate a new virtual |
| 92 | * mapping. 0 means there is enough memory for the allocation to | 95 | * mapping. 0 means there is enough memory for the allocation to |
diff --git a/security/Kconfig b/security/Kconfig index bb244774e9d7..d23c839038f0 100644 --- a/security/Kconfig +++ b/security/Kconfig | |||
| @@ -110,28 +110,8 @@ config SECURITY_ROOTPLUG | |||
| 110 | 110 | ||
| 111 | See <http://www.linuxjournal.com/article.php?sid=6279> for | 111 | See <http://www.linuxjournal.com/article.php?sid=6279> for |
| 112 | more information about this module. | 112 | more information about this module. |
| 113 | |||
| 114 | If you are unsure how to answer this question, answer N. | ||
| 115 | |||
| 116 | config SECURITY_DEFAULT_MMAP_MIN_ADDR | ||
| 117 | int "Low address space to protect from user allocation" | ||
| 118 | depends on SECURITY | ||
| 119 | default 0 | ||
| 120 | help | ||
| 121 | This is the portion of low virtual memory which should be protected | ||
| 122 | from userspace allocation. Keeping a user from writing to low pages | ||
| 123 | can help reduce the impact of kernel NULL pointer bugs. | ||
| 124 | |||
| 125 | For most ia64, ppc64 and x86 users with lots of address space | ||
| 126 | a value of 65536 is reasonable and should cause no problems. | ||
| 127 | On arm and other archs it should not be higher than 32768. | ||
| 128 | Programs which use vm86 functionality would either need additional | ||
| 129 | permissions from either the LSM or the capabilities module or have | ||
| 130 | this protection disabled. | ||
| 131 | |||
| 132 | This value can be changed after boot using the | ||
| 133 | /proc/sys/vm/mmap_min_addr tunable. | ||
| 134 | 113 | ||
| 114 | If you are unsure how to answer this question, answer N. | ||
| 135 | 115 | ||
| 136 | source security/selinux/Kconfig | 116 | source security/selinux/Kconfig |
| 137 | source security/smack/Kconfig | 117 | source security/smack/Kconfig |
diff --git a/security/security.c b/security/security.c index 5284255c5cdf..dc7674fbfc7a 100644 --- a/security/security.c +++ b/security/security.c | |||
| @@ -26,9 +26,6 @@ extern void security_fixup_ops(struct security_operations *ops); | |||
| 26 | 26 | ||
| 27 | struct security_operations *security_ops; /* Initialized to NULL */ | 27 | struct security_operations *security_ops; /* Initialized to NULL */ |
| 28 | 28 | ||
| 29 | /* amount of vm to protect from userspace access */ | ||
| 30 | unsigned long mmap_min_addr = CONFIG_SECURITY_DEFAULT_MMAP_MIN_ADDR; | ||
| 31 | |||
| 32 | static inline int verify(struct security_operations *ops) | 29 | static inline int verify(struct security_operations *ops) |
| 33 | { | 30 | { |
| 34 | /* verify the security_operations structure exists */ | 31 | /* verify the security_operations structure exists */ |