Attachment #230721 for bug #284746




 */
static inline unsigned long round_hint_to_min(unsigned long hint)
{
#ifdef CONFIG_SECURITY
	hint &= PAGE_MASK;
	if (((void *)hint != NULL) &&
	    (hint < mmap_min_addr))
		return PAGE_ALIGN(mmap_min_addr);
#endif
	return hint;
}


Lines 2139-2144 static inline int security_file_mmap(str Link Here

(-)a/include/linux/security.h (+2 lines)
2139	unsigned long addr,	2139	unsigned long addr,
2140	unsigned long addr_only)	2140	unsigned long addr_only)
2141	{	2141	{
		2142	if ((addr < mmap_min_addr) && !capable(CAP_SYS_RAWIO))
		2143	return -EACCES;
2142	return 0;	2144	return 0;
2143	}	2145	}
2144		2146

Lines 1138-1144 static struct ctl_table vm_table[] = { Link Here

(-)a/kernel/sysctl.c (-2 lines)
1138	.strategy = &sysctl_jiffies,	1138	.strategy = &sysctl_jiffies,
1139	},	1139	},
1140	#endif	1140	#endif
1141	#ifdef CONFIG_SECURITY
1142	{	1141	{
1143	.ctl_name = CTL_UNNUMBERED,	1142	.ctl_name = CTL_UNNUMBERED,
1144	.procname = "mmap_min_addr",	1143	.procname = "mmap_min_addr",
Lines 1147-1153 static struct ctl_table vm_table[] = { Link Here
1147	.mode = 0644,	1146	.mode = 0644,
1148	.proc_handler = &proc_doulongvec_minmax,	1147	.proc_handler = &proc_doulongvec_minmax,
1149	},	1148	},
1150	#endif
1151	#ifdef CONFIG_NUMA	1149	#ifdef CONFIG_NUMA
1152	{	1150	{
1153	.ctl_name = CTL_UNNUMBERED,	1151	.ctl_name = CTL_UNNUMBERED,





config MMU_NOTIFIER
	bool

config DEFAULT_MMAP_MIN_ADDR
	int "Low address space to protect from user allocation"
	default 4096
	help
	This is the portion of low virtual memory which should be protected
	from userspace allocation.  Keeping a user from writing to low pages
	can help reduce the impact of kernel NULL pointer bugs.

	For most ia64, ppc64 and x86 users with lots of address space
	a value of 65536 is reasonable and should cause no problems.
	On arm and other archs it should not be higher than 32768.
	Programs which use vm86 functionality would either need additional
	permissions from either the LSM or the capabilities module or have
	this protection disabled.

	This value can be changed after boot using the
	/proc/sys/vm/mmap_min_addr tunable.


Lines 86-91 int sysctl_overcommit_ratio = 50; /* def Link Here

(-)a/mm/mmap.c (+3 lines)
86	int sysctl_max_map_count __read_mostly = DEFAULT_MAX_MAP_COUNT;	86	int sysctl_max_map_count __read_mostly = DEFAULT_MAX_MAP_COUNT;
87	atomic_long_t vm_committed_space = ATOMIC_LONG_INIT(0);	87	atomic_long_t vm_committed_space = ATOMIC_LONG_INIT(0);
88		88
		89	/* amount of vm to protect from userspace access */
		90	unsigned long mmap_min_addr = CONFIG_DEFAULT_MMAP_MIN_ADDR;
		91
89	/*	92	/*
90	* Check that a process has enough memory to allocate a new virtual	93	* Check that a process has enough memory to allocate a new virtual
91	* mapping. 0 means there is enough memory for the allocation to	94	* mapping. 0 means there is enough memory for the allocation to





	  See <http://www.linuxjournal.com/article.php?sid=6279> for
	  more information about this module.
	  
	  If you are unsure how to answer this question, answer N.

config SECURITY_DEFAULT_MMAP_MIN_ADDR
        int "Low address space to protect from user allocation"
        depends on SECURITY
        default 0
        help
	  This is the portion of low virtual memory which should be protected
	  from userspace allocation.  Keeping a user from writing to low pages
	  can help reduce the impact of kernel NULL pointer bugs.

	  For most ia64, ppc64 and x86 users with lots of address space
	  a value of 65536 is reasonable and should cause no problems.
	  On arm and other archs it should not be higher than 32768.
	  Programs which use vm86 functionality would either need additional
	  permissions from either the LSM or the capabilities module or have
	  this protection disabled.

	  This value can be changed after boot using the
	  /proc/sys/vm/mmap_min_addr tunable.

	  If you are unsure how to answer this question, answer N.

source security/selinux/Kconfig
source security/smack/Kconfig

Lines 26-34 extern void security_fixup_ops(struct se Link Here

(-)a/security/security.c (-3 lines)
26		26
27	struct security_operations security_ops; / Initialized to NULL */	27	struct security_operations security_ops; / Initialized to NULL */
28		28
29	/* amount of vm to protect from userspace access */
30	unsigned long mmap_min_addr = CONFIG_SECURITY_DEFAULT_MMAP_MIN_ADDR;
31
32	static inline int verify(struct security_operations *ops)	29	static inline int verify(struct security_operations *ops)
33	{	30	{
34	/* verify the security_operations structure exists */	31	/* verify the security_operations structure exists */

Return to bug 284746

Lines 571-582 static inline void set_page_links(struct Link Here

(-)a/include/linux/mm.h (-2 lines)
571	*/	571	*/
572	static inline unsigned long round_hint_to_min(unsigned long hint)	572	static inline unsigned long round_hint_to_min(unsigned long hint)
573	{	573	{
574	#ifdef CONFIG_SECURITY
575	hint &= PAGE_MASK;	574	hint &= PAGE_MASK;
576	if (((void *)hint != NULL) &&	575	if (((void *)hint != NULL) &&
577	(hint < mmap_min_addr))	576	(hint < mmap_min_addr))
578	return PAGE_ALIGN(mmap_min_addr);	577	return PAGE_ALIGN(mmap_min_addr);
579	#endif
580	return hint;	578	return hint;
581	}	579	}
582		580

Lines 222-224 config UNEVICTABLE_LRU Link Here

(-)a/mm/Kconfig (+19 lines)
222		222
223	config MMU_NOTIFIER	223	config MMU_NOTIFIER
224	bool	224	bool
		225
		226	config DEFAULT_MMAP_MIN_ADDR
		227	int "Low address space to protect from user allocation"
		228	default 4096
		229	help
		230	This is the portion of low virtual memory which should be protected
		231	from userspace allocation. Keeping a user from writing to low pages
		232	can help reduce the impact of kernel NULL pointer bugs.
		233
		234	For most ia64, ppc64 and x86 users with lots of address space
		235	a value of 65536 is reasonable and should cause no problems.
		236	On arm and other archs it should not be higher than 32768.
		237	Programs which use vm86 functionality would either need additional
		238	permissions from either the LSM or the capabilities module or have
		239	this protection disabled.
		240
		241	This value can be changed after boot using the
		242	/proc/sys/vm/mmap_min_addr tunable.
		243

Lines 100-127 config SECURITY_ROOTPLUG Link Here

(-)a/security/Kconfig (-21 / +1 lines)
100		100
101	See <http://www.linuxjournal.com/article.php?sid=6279> for	101	See <http://www.linuxjournal.com/article.php?sid=6279> for
102	more information about this module.	102	more information about this module.
103
104	If you are unsure how to answer this question, answer N.
105
106	config SECURITY_DEFAULT_MMAP_MIN_ADDR
107	int "Low address space to protect from user allocation"
108	depends on SECURITY
109	default 0
110	help
111	This is the portion of low virtual memory which should be protected
112	from userspace allocation. Keeping a user from writing to low pages
113	can help reduce the impact of kernel NULL pointer bugs.
114
115	For most ia64, ppc64 and x86 users with lots of address space
116	a value of 65536 is reasonable and should cause no problems.
117	On arm and other archs it should not be higher than 32768.
118	Programs which use vm86 functionality would either need additional
119	permissions from either the LSM or the capabilities module or have
120	this protection disabled.
121
122	This value can be changed after boot using the
123	/proc/sys/vm/mmap_min_addr tunable.
124		103
		104	If you are unsure how to answer this question, answer N.
125		105
126	source security/selinux/Kconfig	106	source security/selinux/Kconfig
127	source security/smack/Kconfig	107	source security/smack/Kconfig