Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6 (bb50cbbd) · Commits · e / devices / android_kernel_teracube_emerald

Documentation/sysctl/vm.txt

+15 −0

Original line number	Original line	Diff line number	Diff line
	@@ -31,6 +31,7 @@ Currently, these files are in /proc/sys/vm:
	- min_unmapped_ratio		- min_unmapped_ratio
	- min_slab_ratio		- min_slab_ratio
	- panic_on_oom		- panic_on_oom
			- mmap_min_address

	==============================================================		==============================================================

	@@ -216,3 +217,17 @@ above-mentioned.
	The default value is 0.		The default value is 0.
	1 and 2 are for failover of clustering. Please select either		1 and 2 are for failover of clustering. Please select either
	according to your policy of failover.		according to your policy of failover.

			==============================================================

			mmap_min_addr

			This file indicates the amount of address space which a user process will
			be restricted from mmaping. Since kernel null dereference bugs could
			accidentally operate based on the information in the first couple of pages
			of memory userspace processes should not be allowed to write to them. By
			default this value is set to 0 and no protections will be enforced by the
			security module. Setting this value to something like 64k will allow the
			vast majority of applications to work correctly and provide defense in depth
			against future potential kernel bugs.

include/linux/security.h

+12 −5

Original line number	Original line	Diff line number	Diff line
	@@ -71,6 +71,7 @@ struct xfrm_user_sec_ctx;
	extern int cap_netlink_send(struct sock sk, struct sk_buff skb);		extern int cap_netlink_send(struct sock sk, struct sk_buff skb);
	extern int cap_netlink_recv(struct sk_buff *skb, int cap);		extern int cap_netlink_recv(struct sk_buff *skb, int cap);

			extern unsigned long mmap_min_addr;
	/*		/*
	* Values used in the task_security_ops calls		* Values used in the task_security_ops calls
	*/		*/
	@@ -1241,8 +1242,9 @@ struct security_operations {
	int (file_ioctl) (struct file file, unsigned int cmd,		int (file_ioctl) (struct file file, unsigned int cmd,
	unsigned long arg);		unsigned long arg);
	int (file_mmap) (struct file file,		int (file_mmap) (struct file file,
	unsigned long reqprot,		unsigned long reqprot, unsigned long prot,
	unsigned long prot, unsigned long flags);		unsigned long flags, unsigned long addr,
			unsigned long addr_only);
	int (file_mprotect) (struct vm_area_struct vma,		int (file_mprotect) (struct vm_area_struct vma,
	unsigned long reqprot,		unsigned long reqprot,
	unsigned long prot);		unsigned long prot);
	@@ -1814,9 +1816,12 @@ static inline int security_file_ioctl (struct file *file, unsigned int cmd,

	static inline int security_file_mmap (struct file *file, unsigned long reqprot,		static inline int security_file_mmap (struct file *file, unsigned long reqprot,
	unsigned long prot,		unsigned long prot,
	unsigned long flags)		unsigned long flags,
			unsigned long addr,
			unsigned long addr_only)
	{		{
	return security_ops->file_mmap (file, reqprot, prot, flags);		return security_ops->file_mmap (file, reqprot, prot, flags, addr,
			addr_only);
	}		}

	static inline int security_file_mprotect (struct vm_area_struct *vma,		static inline int security_file_mprotect (struct vm_area_struct *vma,
	@@ -2489,7 +2494,9 @@ static inline int security_file_ioctl (struct file *file, unsigned int cmd,

	static inline int security_file_mmap (struct file *file, unsigned long reqprot,		static inline int security_file_mmap (struct file *file, unsigned long reqprot,
	unsigned long prot,		unsigned long prot,
	unsigned long flags)		unsigned long flags,
			unsigned long addr,
			unsigned long addr_only)
	{		{
	return 0;		return 0;
	}		}

kernel/sysctl.c

+10 −0

Original line number	Original line	Diff line number	Diff line
	@@ -949,6 +949,16 @@ static ctl_table vm_table[] = {
	.strategy = &sysctl_jiffies,		.strategy = &sysctl_jiffies,
	},		},
	#endif		#endif
			#ifdef CONFIG_SECURITY
			{
			.ctl_name = CTL_UNNUMBERED,
			.procname = "mmap_min_addr",
			.data = &mmap_min_addr,
			.maxlen = sizeof(unsigned long),
			.mode = 0644,
			.proc_handler = &proc_doulongvec_minmax,
			},
			#endif
	#if defined(CONFIG_X86_32) \|\| \		#if defined(CONFIG_X86_32) \|\| \
	(defined(CONFIG_SUPERH) && defined(CONFIG_VSYSCALL))		(defined(CONFIG_SUPERH) && defined(CONFIG_VSYSCALL))
	{		{

mm/mmap.c

+2 −2

Original line number	Original line	Diff line number	Diff line
	@@ -1023,7 +1023,7 @@ unsigned long do_mmap_pgoff(struct file * file, unsigned long addr,
	}		}
	}		}

	error = security_file_mmap(file, reqprot, prot, flags);		error = security_file_mmap(file, reqprot, prot, flags, addr, 0);
	if (error)		if (error)
	return error;		return error;

mm/mremap.c

+11 −2

Original line number	Original line	Diff line number	Diff line
	@@ -291,6 +291,10 @@ unsigned long do_mremap(unsigned long addr,
	if ((addr <= new_addr) && (addr+old_len) > new_addr)		if ((addr <= new_addr) && (addr+old_len) > new_addr)
	goto out;		goto out;

			ret = security_file_mmap(0, 0, 0, 0, new_addr, 1);
			if (ret)
			goto out;

	ret = do_munmap(mm, new_addr, new_len);		ret = do_munmap(mm, new_addr, new_len);
	if (ret)		if (ret)
	goto out;		goto out;
	@@ -390,8 +394,13 @@ unsigned long do_mremap(unsigned long addr,

	new_addr = get_unmapped_area(vma->vm_file, 0, new_len,		new_addr = get_unmapped_area(vma->vm_file, 0, new_len,
	vma->vm_pgoff, map_flags);		vma->vm_pgoff, map_flags);
			if (new_addr & ~PAGE_MASK) {
	ret = new_addr;		ret = new_addr;
	if (new_addr & ~PAGE_MASK)		goto out;
			}

			ret = security_file_mmap(0, 0, 0, 0, new_addr, 1);
			if (ret)
	goto out;		goto out;
	}		}
	ret = move_vma(vma, addr, old_len, new_len, new_addr);		ret = move_vma(vma, addr, old_len, new_len, new_addr);