Commit 7cd94146 authored by Eric Paris's avatar Eric Paris Committed by James Morris
Browse files

Security: round mmap hint address above mmap_min_addr 



If mmap_min_addr is set and a process attempts to mmap (not fixed) with a
non-null hint address less than mmap_min_addr the mapping will fail the
security checks.  Since this is just a hint address this patch will round
such a hint address above mmap_min_addr.

gcj was found to try to be very frugal with vm usage and give hint addresses
in the 8k-32k range.  Without this patch all such programs failed and with
the patch they happily get a higher address.

This patch is wrappad in CONFIG_SECURITY since mmap_min_addr doesn't exist
without it and there would be no security check possible no matter what.  So
we should not bother compiling in this rounding if it is just a waste of
time.

Signed-off-by: default avatarEric Paris <eparis@redhat.com>
Signed-off-by: default avatarJames Morris <jmorris@namei.org>
parent 8869477a

include/linux/mm.h

+16 −0
Original line number Diff line number Diff line
@@ -12,6 +12,7 @@ 
#include <linux/prio_tree.h>

#include <linux/debug_locks.h>

#include <linux/mm_types.h>

#include <linux/security.h>



struct mempolicy;

struct anon_vma;
@@ -512,6 +513,21 @@ static inline void set_page_links(struct page *page, enum zone_type zone, 
	set_page_section(page, pfn_to_section_nr(pfn));

}



/*

 * If a hint addr is less than mmap_min_addr change hint to be as

 * low as possible but still greater than mmap_min_addr

 */

static inline unsigned long round_hint_to_min(unsigned long hint)

{

#ifdef CONFIG_SECURITY

	hint &= PAGE_MASK;

	if (((void *)hint != NULL) &&

	    (hint < mmap_min_addr))

		return PAGE_ALIGN(mmap_min_addr);

#endif

	return hint;

}



/*

 * Some inline functions in vmstat.h depend on page_zone()

 */

mm/mmap.c

+3 −0
Original line number Diff line number Diff line
@@ -912,6 +912,9 @@ unsigned long do_mmap_pgoff(struct file * file, unsigned long addr, 
	if (!len)

		return -EINVAL;



	if (!(flags & MAP_FIXED))

		addr = round_hint_to_min(addr);



	error = arch_mmap_check(addr, len, flags);

	if (error)

		return error;

mm/nommu.c

+3 −0
Original line number Diff line number Diff line
@@ -829,6 +829,9 @@ unsigned long do_mmap_pgoff(struct file *file, 
	void *result;

	int ret;



	if (!(flags & MAP_FIXED))

		addr = round_hint_to_min(addr);



	/* decide whether we should attempt the mapping, and if so what sort of

	 * mapping */

	ret = validate_mmap_request(file, addr, len, prot, flags, pgoff,

CRA Git | Maintained and supported by SUSTech CRA and CCSE