Attachment #230723 for bug #284746




 */
static inline unsigned long round_hint_to_min(unsigned long hint)
{
#ifdef CONFIG_SECURITY
	hint &= PAGE_MASK;
	if (((void *)hint != NULL) &&
	    (hint < mmap_min_addr))
		return PAGE_ALIGN(mmap_min_addr);
#endif
	return hint;
}


Lines 2203-2208 static inline int security_file_mmap(str Link Here

(-)a/include/linux/security.h (+2 lines)
2203	unsigned long addr,	2203	unsigned long addr,
2204	unsigned long addr_only)	2204	unsigned long addr_only)
2205	{	2205	{
		2206	if ((addr < mmap_min_addr) && !capable(CAP_SYS_RAWIO))
		2207	return -EACCES;
2206	return 0;	2208	return 0;
2207	}	2209	}
2208		2210

Lines 1221-1227 static struct ctl_table vm_table[] = { Link Here

(-)a/kernel/sysctl.c (-2 lines)
1221	.strategy = &sysctl_jiffies,	1221	.strategy = &sysctl_jiffies,
1222	},	1222	},
1223	#endif	1223	#endif
1224	#ifdef CONFIG_SECURITY
1225	{	1224	{
1226	.ctl_name = CTL_UNNUMBERED,	1225	.ctl_name = CTL_UNNUMBERED,
1227	.procname = "mmap_min_addr",	1226	.procname = "mmap_min_addr",
Lines 1230-1236 static struct ctl_table vm_table[] = { Link Here
1230	.mode = 0644,	1229	.mode = 0644,
1231	.proc_handler = &proc_doulongvec_minmax,	1230	.proc_handler = &proc_doulongvec_minmax,
1232	},	1231	},
1233	#endif
1234	#ifdef CONFIG_NUMA	1232	#ifdef CONFIG_NUMA
1235	{	1233	{
1236	.ctl_name = CTL_UNNUMBERED,	1234	.ctl_name = CTL_UNNUMBERED,





config MMU_NOTIFIER
	bool

config DEFAULT_MMAP_MIN_ADDR
	int "Low address space to protect from user allocation"
	default 4096
	help
	This is the portion of low virtual memory which should be protected
	from userspace allocation.  Keeping a user from writing to low pages
	can help reduce the impact of kernel NULL pointer bugs.

	For most ia64, ppc64 and x86 users with lots of address space
	a value of 65536 is reasonable and should cause no problems.
	On arm and other archs it should not be higher than 32768.
	Programs which use vm86 functionality would either need additional
	permissions from either the LSM or the capabilities module or have
	this protection disabled.

	This value can be changed after boot using the
	/proc/sys/vm/mmap_min_addr tunable.


Lines 86-91 int sysctl_overcommit_ratio = 50; /* def Link Here

(-)a/mm/mmap.c (+3 lines)
86	int sysctl_max_map_count __read_mostly = DEFAULT_MAX_MAP_COUNT;	86	int sysctl_max_map_count __read_mostly = DEFAULT_MAX_MAP_COUNT;
87	struct percpu_counter vm_committed_as;	87	struct percpu_counter vm_committed_as;
88		88
		89	/* amount of vm to protect from userspace access */
		90	unsigned long mmap_min_addr = CONFIG_DEFAULT_MMAP_MIN_ADDR;
		91
89	/*	92	/*
90	* Check that a process has enough memory to allocate a new virtual	93	* Check that a process has enough memory to allocate a new virtual
91	* mapping. 0 means there is enough memory for the allocation to	94	* mapping. 0 means there is enough memory for the allocation to





	  See <http://www.linuxjournal.com/article.php?sid=6279> for
	  more information about this module.
	  
	  If you are unsure how to answer this question, answer N.

config SECURITY_DEFAULT_MMAP_MIN_ADDR
        int "Low address space to protect from user allocation"
        depends on SECURITY
        default 0
        help
	  This is the portion of low virtual memory which should be protected
	  from userspace allocation.  Keeping a user from writing to low pages
	  can help reduce the impact of kernel NULL pointer bugs.

	  For most ia64, ppc64 and x86 users with lots of address space
	  a value of 65536 is reasonable and should cause no problems.
	  On arm and other archs it should not be higher than 32768.
	  Programs which use vm86 functionality would either need additional
	  permissions from either the LSM or the capabilities module or have
	  this protection disabled.

	  This value can be changed after boot using the
	  /proc/sys/vm/mmap_min_addr tunable.

	  If you are unsure how to answer this question, answer N.

source security/selinux/Kconfig
source security/smack/Kconfig

Lines 26-34 extern void security_fixup_ops(struct se Link Here

(-)a/security/security.c (-3 lines)
26		26
27	struct security_operations security_ops; / Initialized to NULL */	27	struct security_operations security_ops; / Initialized to NULL */
28		28
29	/* amount of vm to protect from userspace access */
30	unsigned long mmap_min_addr = CONFIG_SECURITY_DEFAULT_MMAP_MIN_ADDR;
31
32	static inline int verify(struct security_operations *ops)	29	static inline int verify(struct security_operations *ops)
33	{	30	{
34	/* verify the security_operations structure exists */	31	/* verify the security_operations structure exists */

Return to bug 284746

Lines 590-601 static inline void set_page_links(struct Link Here

(-)a/include/linux/mm.h (-2 lines)
590	*/	590	*/
591	static inline unsigned long round_hint_to_min(unsigned long hint)	591	static inline unsigned long round_hint_to_min(unsigned long hint)
592	{	592	{
593	#ifdef CONFIG_SECURITY
594	hint &= PAGE_MASK;	593	hint &= PAGE_MASK;
595	if (((void *)hint != NULL) &&	594	if (((void *)hint != NULL) &&
596	(hint < mmap_min_addr))	595	(hint < mmap_min_addr))
597	return PAGE_ALIGN(mmap_min_addr);	596	return PAGE_ALIGN(mmap_min_addr);
598	#endif
599	return hint;	597	return hint;
600	}	598	}
601		599

Lines 109-136 config SECURITY_ROOTPLUG Link Here

(-)a/security/Kconfig (-21 / +1 lines)
109		109
110	See <http://www.linuxjournal.com/article.php?sid=6279> for	110	See <http://www.linuxjournal.com/article.php?sid=6279> for
111	more information about this module.	111	more information about this module.
112
113	If you are unsure how to answer this question, answer N.
114
115	config SECURITY_DEFAULT_MMAP_MIN_ADDR
116	int "Low address space to protect from user allocation"
117	depends on SECURITY
118	default 0
119	help
120	This is the portion of low virtual memory which should be protected
121	from userspace allocation. Keeping a user from writing to low pages
122	can help reduce the impact of kernel NULL pointer bugs.
123
124	For most ia64, ppc64 and x86 users with lots of address space
125	a value of 65536 is reasonable and should cause no problems.
126	On arm and other archs it should not be higher than 32768.
127	Programs which use vm86 functionality would either need additional
128	permissions from either the LSM or the capabilities module or have
129	this protection disabled.
130
131	This value can be changed after boot using the
132	/proc/sys/vm/mmap_min_addr tunable.
133		112
		113	If you are unsure how to answer this question, answer N.
134		114
135	source security/selinux/Kconfig	115	source security/selinux/Kconfig
136	source security/smack/Kconfig	116	source security/smack/Kconfig

Lines 216-218 config UNEVICTABLE_LRU Link Here

(-)a/mm/Kconfig (+19 lines)
216		216
217	config MMU_NOTIFIER	217	config MMU_NOTIFIER
218	bool	218	bool
		219
		220	config DEFAULT_MMAP_MIN_ADDR
		221	int "Low address space to protect from user allocation"
		222	default 4096
		223	help
		224	This is the portion of low virtual memory which should be protected
		225	from userspace allocation. Keeping a user from writing to low pages
		226	can help reduce the impact of kernel NULL pointer bugs.
		227
		228	For most ia64, ppc64 and x86 users with lots of address space
		229	a value of 65536 is reasonable and should cause no problems.
		230	On arm and other archs it should not be higher than 32768.
		231	Programs which use vm86 functionality would either need additional
		232	permissions from either the LSM or the capabilities module or have
		233	this protection disabled.
		234
		235	This value can be changed after boot using the
		236	/proc/sys/vm/mmap_min_addr tunable.
		237