Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit efc8e7f4 authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge branch 'for-linus' of... 

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6:
  Keys: KEYCTL_SESSION_TO_PARENT needs TIF_NOTIFY_RESUME architecture support
  NOMMU: Optimise away the {dac_,}mmap_min_addr tests
  security/min_addr.c: make init_mmap_min_addr() static
  keys: PTR_ERR return of wrong pointer in keyctl_get_security()
parents b5c96f89 a00ae4d2

include/linux/security.h

+7 −0
Original line number Diff line number Diff line
@@ -95,8 +95,13 @@ struct seq_file; 
extern int cap_netlink_send(struct sock *sk, struct sk_buff *skb);

extern int cap_netlink_recv(struct sk_buff *skb, int cap);



#ifdef CONFIG_MMU

extern unsigned long mmap_min_addr;

extern unsigned long dac_mmap_min_addr;

#else

#define dac_mmap_min_addr	0UL

#endif



/*

 * Values used in the task_security_ops calls

 */
@@ -121,6 +126,7 @@ struct request_sock; 
#define LSM_UNSAFE_PTRACE	2

#define LSM_UNSAFE_PTRACE_CAP	4



#ifdef CONFIG_MMU

/*

 * If a hint addr is less than mmap_min_addr change hint to be as

 * low as possible but still greater than mmap_min_addr
@@ -135,6 +141,7 @@ static inline unsigned long round_hint_to_min(unsigned long hint) 
}

extern int mmap_min_addr_handler(struct ctl_table *table, int write,

				 void __user *buffer, size_t *lenp, loff_t *ppos);

#endif



#ifdef CONFIG_SECURITY

kernel/sysctl.c

+2 −0
Original line number Diff line number Diff line
@@ -1214,6 +1214,7 @@ static struct ctl_table vm_table[] = { 
		.proc_handler	= proc_dointvec_jiffies,

	},

#endif

#ifdef CONFIG_MMU

	{

		.procname	= "mmap_min_addr",

		.data		= &dac_mmap_min_addr,
@@ -1221,6 +1222,7 @@ static struct ctl_table vm_table[] = { 
		.mode		= 0644,

		.proc_handler	= mmap_min_addr_handler,

	},

#endif

#ifdef CONFIG_NUMA

	{

		.procname	= "numa_zonelist_order",

mm/Kconfig

+1 −0
Original line number Diff line number Diff line
@@ -221,6 +221,7 @@ config KSM 


config DEFAULT_MMAP_MIN_ADDR

        int "Low address space to protect from user allocation"

	depends on MMU

        default 4096

        help

	  This is the portion of low virtual memory which should be protected

security/Makefile

+2 −1
Original line number Diff line number Diff line
@@ -8,7 +8,8 @@ subdir-$(CONFIG_SECURITY_SMACK) += smack 
subdir-$(CONFIG_SECURITY_TOMOYO)        += tomoyo



# always enable default capabilities

obj-y		+= commoncap.o min_addr.o

obj-y					+= commoncap.o

obj-$(CONFIG_MMU)			+= min_addr.o



# Object file lists

obj-$(CONFIG_SECURITY)			+= security.o capability.o

security/keys/keyctl.c

+11 −1
Original line number Diff line number Diff line
@@ -1194,7 +1194,7 @@ long keyctl_get_security(key_serial_t keyid, 
		 * have the authorisation token handy */

		instkey = key_get_instantiation_authkey(keyid);

		if (IS_ERR(instkey))

			return PTR_ERR(key_ref);

			return PTR_ERR(instkey);

		key_put(instkey);



		key_ref = lookup_user_key(keyid, KEY_LOOKUP_PARTIAL, 0);
@@ -1236,6 +1236,7 @@ long keyctl_get_security(key_serial_t keyid, 
 */

long keyctl_session_to_parent(void)

{

#ifdef TIF_NOTIFY_RESUME

	struct task_struct *me, *parent;

	const struct cred *mycred, *pcred;

	struct cred *cred, *oldcred;
@@ -1326,6 +1327,15 @@ not_permitted: 
error_keyring:

	key_ref_put(keyring_r);

	return ret;



#else /* !TIF_NOTIFY_RESUME */

	/*

	 * To be removed when TIF_NOTIFY_RESUME has been implemented on

	 * m68k/xtensa

	 */

#warning TIF_NOTIFY_RESUME not implemented

	return -EOPNOTSUPP;

#endif /* !TIF_NOTIFY_RESUME */

}



/*****************************************************************************/