security: allow Kconfig to set default mmap_min_addr protection (a5ecbcb8) · Commits · e / devices / android_kernel_teracube_emerald

security/Kconfig

+18 −0

Original line number	Original line	Diff line number	Diff line
	@@ -104,6 +104,24 @@ config SECURITY_ROOTPLUG

	If you are unsure how to answer this question, answer N.		If you are unsure how to answer this question, answer N.

			config SECURITY_DEFAULT_MMAP_MIN_ADDR
			int "Low address space to protect from user allocation"
			depends on SECURITY
			default 0
			help
			This is the portion of low virtual memory which should be protected
			from userspace allocation. Keeping a user from writing to low pages
			can help reduce the impact of kernel NULL pointer bugs.

			For most users with lots of address space a value of 65536 is
			reasonable and should cause no problems. Programs which use vm86
			functionality would either need additional permissions from either
			the LSM or the capabilities module or have this protection disabled.

			This value can be changed after boot using the
			/proc/sys/vm/mmap_min_addr tunable.


	source security/selinux/Kconfig		source security/selinux/Kconfig
	source security/smack/Kconfig		source security/smack/Kconfig

+3 −1

Original line number	Original line	Diff line number	Diff line
	@@ -23,7 +23,9 @@ extern struct security_operations dummy_security_ops;
	extern void security_fixup_ops(struct security_operations *ops);		extern void security_fixup_ops(struct security_operations *ops);

	struct security_operations security_ops; / Initialized to NULL */		struct security_operations security_ops; / Initialized to NULL */
	unsigned long mmap_min_addr; /* 0 means no protection */
			/* amount of vm to protect from userspace access */
			unsigned long mmap_min_addr = CONFIG_SECURITY_DEFAULT_MMAP_MIN_ADDR;

	static inline int verify(struct security_operations *ops)		static inline int verify(struct security_operations *ops)
	{		{