From: Greg KH <gregkh@suse.de>
To: linux-kernel@vger.kernel.org, stable@kernel.org
Cc: stable-review@kernel.org, torvalds@linux-foundation.org,
akpm@linux-foundation.org, alan@lxorguk.ukuu.org.uk,
Christoph Lameter <cl@linux-foundation.org>,
Eric Paris <eparis@redhat.com>, James Morris <jmorris@namei.org>
Subject: [patch 02/24] security: use mmap_min_addr indepedently of security models
Date: Fri, 17 Jul 2009 13:08:53 -0700 [thread overview]
Message-ID: <20090717201228.282566328@mini.kroah.org> (raw)
In-Reply-To: <20090717201639.GA14209@kroah.com>
[-- Attachment #1: security-use-mmap_min_addr-indepedently-of-security-models.patch --]
[-- Type: text/plain, Size: 5239 bytes --]
2.6.30-stable review patch. If anyone has any objections, please let us know.
------------------
From: Christoph Lameter <cl@linux-foundation.org>
commit e0a94c2a63f2644826069044649669b5e7ca75d3 upstream.
This patch removes the dependency of mmap_min_addr on CONFIG_SECURITY.
It also sets a default mmap_min_addr of 4096.
mmapping of addresses below 4096 will only be possible for processes
with CAP_SYS_RAWIO.
Signed-off-by: Christoph Lameter <cl@linux-foundation.org>
Acked-by: Eric Paris <eparis@redhat.com>
Looks-ok-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: James Morris <jmorris@namei.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
include/linux/mm.h | 2 --
include/linux/security.h | 2 ++
kernel/sysctl.c | 2 --
mm/Kconfig | 19 +++++++++++++++++++
mm/mmap.c | 3 +++
security/Kconfig | 22 +---------------------
security/security.c | 3 ---
7 files changed, 25 insertions(+), 28 deletions(-)
--- a/include/linux/mm.h
+++ b/include/linux/mm.h
@@ -580,12 +580,10 @@ static inline void set_page_links(struct
*/
static inline unsigned long round_hint_to_min(unsigned long hint)
{
-#ifdef CONFIG_SECURITY
hint &= PAGE_MASK;
if (((void *)hint != NULL) &&
(hint < mmap_min_addr))
return PAGE_ALIGN(mmap_min_addr);
-#endif
return hint;
}
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -2197,6 +2197,8 @@ static inline int security_file_mmap(str
unsigned long addr,
unsigned long addr_only)
{
+ if ((addr < mmap_min_addr) && !capable(CAP_SYS_RAWIO))
+ return -EACCES;
return 0;
}
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -1225,7 +1225,6 @@ static struct ctl_table vm_table[] = {
.strategy = &sysctl_jiffies,
},
#endif
-#ifdef CONFIG_SECURITY
{
.ctl_name = CTL_UNNUMBERED,
.procname = "mmap_min_addr",
@@ -1234,7 +1233,6 @@ static struct ctl_table vm_table[] = {
.mode = 0644,
.proc_handler = &proc_doulongvec_minmax,
},
-#endif
#ifdef CONFIG_NUMA
{
.ctl_name = CTL_UNNUMBERED,
--- a/mm/Kconfig
+++ b/mm/Kconfig
@@ -226,6 +226,25 @@ config HAVE_MLOCKED_PAGE_BIT
config MMU_NOTIFIER
bool
+config DEFAULT_MMAP_MIN_ADDR
+ int "Low address space to protect from user allocation"
+ default 4096
+ help
+ This is the portion of low virtual memory which should be protected
+ from userspace allocation. Keeping a user from writing to low pages
+ can help reduce the impact of kernel NULL pointer bugs.
+
+ For most ia64, ppc64 and x86 users with lots of address space
+ a value of 65536 is reasonable and should cause no problems.
+ On arm and other archs it should not be higher than 32768.
+ Programs which use vm86 functionality would either need additional
+ permissions from either the LSM or the capabilities module or have
+ this protection disabled.
+
+ This value can be changed after boot using the
+ /proc/sys/vm/mmap_min_addr tunable.
+
+
config NOMMU_INITIAL_TRIM_EXCESS
int "Turn on mmap() excess space trimming before booting"
depends on !MMU
--- a/mm/mmap.c
+++ b/mm/mmap.c
@@ -87,6 +87,9 @@ int sysctl_overcommit_ratio = 50; /* def
int sysctl_max_map_count __read_mostly = DEFAULT_MAX_MAP_COUNT;
struct percpu_counter vm_committed_as;
+/* amount of vm to protect from userspace access */
+unsigned long mmap_min_addr = CONFIG_DEFAULT_MMAP_MIN_ADDR;
+
/*
* Check that a process has enough memory to allocate a new virtual
* mapping. 0 means there is enough memory for the allocation to
--- a/security/Kconfig
+++ b/security/Kconfig
@@ -110,28 +110,8 @@ config SECURITY_ROOTPLUG
See <http://www.linuxjournal.com/article.php?sid=6279> for
more information about this module.
-
- If you are unsure how to answer this question, answer N.
-
-config SECURITY_DEFAULT_MMAP_MIN_ADDR
- int "Low address space to protect from user allocation"
- depends on SECURITY
- default 0
- help
- This is the portion of low virtual memory which should be protected
- from userspace allocation. Keeping a user from writing to low pages
- can help reduce the impact of kernel NULL pointer bugs.
-
- For most ia64, ppc64 and x86 users with lots of address space
- a value of 65536 is reasonable and should cause no problems.
- On arm and other archs it should not be higher than 32768.
- Programs which use vm86 functionality would either need additional
- permissions from either the LSM or the capabilities module or have
- this protection disabled.
-
- This value can be changed after boot using the
- /proc/sys/vm/mmap_min_addr tunable.
+ If you are unsure how to answer this question, answer N.
source security/selinux/Kconfig
source security/smack/Kconfig
--- a/security/security.c
+++ b/security/security.c
@@ -26,9 +26,6 @@ extern void security_fixup_ops(struct se
struct security_operations *security_ops; /* Initialized to NULL */
-/* amount of vm to protect from userspace access */
-unsigned long mmap_min_addr = CONFIG_SECURITY_DEFAULT_MMAP_MIN_ADDR;
-
static inline int verify(struct security_operations *ops)
{
/* verify the security_operations structure exists */
next prev parent reply other threads:[~2009-07-17 20:23 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20090717200851.907421303@mini.kroah.org>
2009-07-17 20:16 ` [patch 00/24] 2.6.30.2-stable review Greg KH
2009-07-17 20:08 ` [patch 01/24] Add -fno-delete-null-pointer-checks to gcc CFLAGS Greg KH
2009-07-17 20:08 ` Greg KH [this message]
2009-07-17 20:08 ` [patch 03/24] tun/tap: Fix crashes if open() /dev/net/tun and then poll() it. (CVE-2009-1897) Greg KH
2009-07-17 20:08 ` [patch 04/24] personality: fix PER_CLEAR_ON_SETID (CVE-2009-1895) Greg KH
2009-07-17 20:08 ` [patch 05/24] Blackfin: fix accidental reset in some boot modes Greg KH
2009-07-17 20:08 ` [patch 06/24] Blackfin: redo handling of bad irqs Greg KH
2009-07-17 20:08 ` [patch 07/24] Blackfin: fix deadlock in SMP IPI handler Greg KH
2009-07-17 20:08 ` [patch 08/24] Blackfin: fix command line corruption with DEBUG_DOUBLEFAULT Greg KH
2009-07-17 20:09 ` [patch 09/24] futex: Fix the write access fault problem for real Greg KH
2009-07-17 20:09 ` [patch 10/24] futexes: Fix infinite loop in get_futex_key() on huge page Greg KH
2009-07-17 20:09 ` [patch 11/24] kernel/resource.c: fix sign extension in reserve_setup() Greg KH
2009-07-17 20:09 ` [patch 12/24] alpha: fix percpu build breakage Greg KH
2009-07-17 20:09 ` [patch 13/24] dma-debug: fix off-by-one error in overlap function Greg KH
2009-07-17 20:09 ` [patch 14/24] blocK: Restore barrier support for md and probably other virtual devices Greg KH
2009-07-17 20:09 ` [patch 15/24] md/raid5: suspend shouldnt affect read requests Greg KH
2009-07-17 20:09 ` [patch 16/24] md: fix error path when duplicate name is found on md device creation Greg KH
2009-07-17 20:09 ` [patch 17/24] md: avoid dereferencing NULL pointer when accessing suspend_* sysfs attributes Greg KH
2009-07-17 20:09 ` [patch 18/24] Revert "ipv4: arp announce, arp_proxy and windows ip conflict verification" Greg KH
2009-07-17 20:09 ` [patch 19/24] floppy: fix lock imbalance Greg KH
2009-07-17 20:09 ` [patch 20/24] Fix pci_unmap_addr() et al on i386 Greg KH
2009-07-17 20:09 ` [patch 21/24] Fix iommu address space allocation Greg KH
2009-07-17 20:09 ` [patch 22/24] fuse: fix bad return value in fuse_file_poll() Greg KH
2009-07-17 20:09 ` [patch 23/24] fuse: fix return value of fuse_dev_write() Greg KH
2009-07-17 20:09 ` [patch 24/24] Dont use -fwrapv compiler option: its buggy in gcc-4.1.x Greg KH
2009-07-17 20:36 ` [patch 00/24] 2.6.30.2-stable review Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090717201228.282566328@mini.kroah.org \
--to=gregkh@suse.de \
--cc=akpm@linux-foundation.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=cl@linux-foundation.org \
--cc=eparis@redhat.com \
--cc=jmorris@namei.org \
--cc=linux-kernel@vger.kernel.org \
--cc=stable-review@kernel.org \
--cc=stable@kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).