diff options
author | Eric Paris <eparis@redhat.com> | 2007-11-26 23:47:40 (GMT) |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2007-12-05 13:25:10 (GMT) |
commit | 7cd94146cd504016315608e297219f9fb7b1413b (patch) | |
tree | 1d118d6af0a6d3efb9be66f7305827aee2ceffea /mm | |
parent | 8869477a49c3e99def1fcdadd6bbc407fea14b45 (diff) | |
download | linux-7cd94146cd504016315608e297219f9fb7b1413b.tar.xz |
Security: round mmap hint address above mmap_min_addr
If mmap_min_addr is set and a process attempts to mmap (not fixed) with a
non-null hint address less than mmap_min_addr the mapping will fail the
security checks. Since this is just a hint address this patch will round
such a hint address above mmap_min_addr.
gcj was found to try to be very frugal with vm usage and give hint addresses
in the 8k-32k range. Without this patch all such programs failed and with
the patch they happily get a higher address.
This patch is wrappad in CONFIG_SECURITY since mmap_min_addr doesn't exist
without it and there would be no security check possible no matter what. So
we should not bother compiling in this rounding if it is just a waste of
time.
Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'mm')
-rw-r--r-- | mm/mmap.c | 3 | ||||
-rw-r--r-- | mm/nommu.c | 3 |
2 files changed, 6 insertions, 0 deletions
@@ -912,6 +912,9 @@ unsigned long do_mmap_pgoff(struct file * file, unsigned long addr, if (!len) return -EINVAL; + if (!(flags & MAP_FIXED)) + addr = round_hint_to_min(addr); + error = arch_mmap_check(addr, len, flags); if (error) return error; @@ -829,6 +829,9 @@ unsigned long do_mmap_pgoff(struct file *file, void *result; int ret; + if (!(flags & MAP_FIXED)) + addr = round_hint_to_min(addr); + /* decide whether we should attempt the mapping, and if so what sort of * mapping */ ret = validate_mmap_request(file, addr, len, prot, flags, pgoff, |