security: use mmap_min_addr indepedently of security models
This patch removes the dependency of mmap_min_addr on CONFIG_SECURITY. It also sets a default mmap_min_addr of 4096. mmapping of addresses below 4096 will only be possible for processes with CAP_SYS_RAWIO. Signed-off-by: Christoph Lameter <cl@linux-foundation.org> Acked-by: Eric Paris <eparis@redhat.com> Looks-ok-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: James Morris <jmorris@namei.org>
This commit is contained in:
parent
7d2948b124
commit
e0a94c2a63
|
@ -580,12 +580,10 @@ static inline void set_page_links(struct page *page, enum zone_type zone,
|
|||
*/
|
||||
static inline unsigned long round_hint_to_min(unsigned long hint)
|
||||
{
|
||||
#ifdef CONFIG_SECURITY
|
||||
hint &= PAGE_MASK;
|
||||
if (((void *)hint != NULL) &&
|
||||
(hint < mmap_min_addr))
|
||||
return PAGE_ALIGN(mmap_min_addr);
|
||||
#endif
|
||||
return hint;
|
||||
}
|
||||
|
||||
|
|
|
@ -2197,6 +2197,8 @@ static inline int security_file_mmap(struct file *file, unsigned long reqprot,
|
|||
unsigned long addr,
|
||||
unsigned long addr_only)
|
||||
{
|
||||
if ((addr < mmap_min_addr) && !capable(CAP_SYS_RAWIO))
|
||||
return -EACCES;
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
|
|
@ -1237,7 +1237,6 @@ static struct ctl_table vm_table[] = {
|
|||
.strategy = &sysctl_jiffies,
|
||||
},
|
||||
#endif
|
||||
#ifdef CONFIG_SECURITY
|
||||
{
|
||||
.ctl_name = CTL_UNNUMBERED,
|
||||
.procname = "mmap_min_addr",
|
||||
|
@ -1246,7 +1245,6 @@ static struct ctl_table vm_table[] = {
|
|||
.mode = 0644,
|
||||
.proc_handler = &proc_doulongvec_minmax,
|
||||
},
|
||||
#endif
|
||||
#ifdef CONFIG_NUMA
|
||||
{
|
||||
.ctl_name = CTL_UNNUMBERED,
|
||||
|
|
19
mm/Kconfig
19
mm/Kconfig
|
@ -226,6 +226,25 @@ config HAVE_MLOCKED_PAGE_BIT
|
|||
config MMU_NOTIFIER
|
||||
bool
|
||||
|
||||
config DEFAULT_MMAP_MIN_ADDR
|
||||
int "Low address space to protect from user allocation"
|
||||
default 4096
|
||||
help
|
||||
This is the portion of low virtual memory which should be protected
|
||||
from userspace allocation. Keeping a user from writing to low pages
|
||||
can help reduce the impact of kernel NULL pointer bugs.
|
||||
|
||||
For most ia64, ppc64 and x86 users with lots of address space
|
||||
a value of 65536 is reasonable and should cause no problems.
|
||||
On arm and other archs it should not be higher than 32768.
|
||||
Programs which use vm86 functionality would either need additional
|
||||
permissions from either the LSM or the capabilities module or have
|
||||
this protection disabled.
|
||||
|
||||
This value can be changed after boot using the
|
||||
/proc/sys/vm/mmap_min_addr tunable.
|
||||
|
||||
|
||||
config NOMMU_INITIAL_TRIM_EXCESS
|
||||
int "Turn on mmap() excess space trimming before booting"
|
||||
depends on !MMU
|
||||
|
|
|
@ -87,6 +87,9 @@ int sysctl_overcommit_ratio = 50; /* default is 50% */
|
|||
int sysctl_max_map_count __read_mostly = DEFAULT_MAX_MAP_COUNT;
|
||||
struct percpu_counter vm_committed_as;
|
||||
|
||||
/* amount of vm to protect from userspace access */
|
||||
unsigned long mmap_min_addr = CONFIG_DEFAULT_MMAP_MIN_ADDR;
|
||||
|
||||
/*
|
||||
* Check that a process has enough memory to allocate a new virtual
|
||||
* mapping. 0 means there is enough memory for the allocation to
|
||||
|
|
|
@ -110,29 +110,9 @@ config SECURITY_ROOTPLUG
|
|||
|
||||
See <http://www.linuxjournal.com/article.php?sid=6279> for
|
||||
more information about this module.
|
||||
|
||||
|
||||
If you are unsure how to answer this question, answer N.
|
||||
|
||||
config SECURITY_DEFAULT_MMAP_MIN_ADDR
|
||||
int "Low address space to protect from user allocation"
|
||||
depends on SECURITY
|
||||
default 0
|
||||
help
|
||||
This is the portion of low virtual memory which should be protected
|
||||
from userspace allocation. Keeping a user from writing to low pages
|
||||
can help reduce the impact of kernel NULL pointer bugs.
|
||||
|
||||
For most ia64, ppc64 and x86 users with lots of address space
|
||||
a value of 65536 is reasonable and should cause no problems.
|
||||
On arm and other archs it should not be higher than 32768.
|
||||
Programs which use vm86 functionality would either need additional
|
||||
permissions from either the LSM or the capabilities module or have
|
||||
this protection disabled.
|
||||
|
||||
This value can be changed after boot using the
|
||||
/proc/sys/vm/mmap_min_addr tunable.
|
||||
|
||||
|
||||
source security/selinux/Kconfig
|
||||
source security/smack/Kconfig
|
||||
source security/tomoyo/Kconfig
|
||||
|
|
|
@ -26,9 +26,6 @@ extern void security_fixup_ops(struct security_operations *ops);
|
|||
|
||||
struct security_operations *security_ops; /* Initialized to NULL */
|
||||
|
||||
/* amount of vm to protect from userspace access */
|
||||
unsigned long mmap_min_addr = CONFIG_SECURITY_DEFAULT_MMAP_MIN_ADDR;
|
||||
|
||||
static inline int verify(struct security_operations *ops)
|
||||
{
|
||||
/* verify the security_operations structure exists */
|
||||
|
|
Loading…
Reference in New Issue