[PATCH] SELinux: make mmap hint addresses greater than mmap_min_addr

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The new protection to keep users from writing to the first couple of
pages of virtual memory also is stopping mmap operations which are only
giving a hint address greater than 0 but less than mmap_min_addr.  This
patch should take the address given to mmap and move it up to
mmap_min_addr thus eliminating the security denial.

--

Testing on this patch resulted in expected results.  With my
mmap_min_addr set to 40960

About to MAP_FIXED addr:40960
Works.
About to MAP_FIXED addr:32768
mmap: Permission denied

So MAP_FXIED operations were getting denied.

About to mmap with hint addr:40960
Works.
About to mmap with hint addr:32768
Requested addr:32768 but got addr:40960

So given a low hint address we just got 40960

About to mmap with hint addr:4096
Requested addr:4096 but got addr:40960
About to mmap with hint addr:8192
Requested addr:8192 but got addr:3086798848

Here I didn't munmap between each mmap call.  In this case 4096 hint got
bumped to 40960 (mmap_min_addr) and worked fine.  A new hint, 8192 also
got bumped to 40960 but the kernel found it couldn't use that and
instead found a whole new open memory area.  Appears to be working as
expected.

 mm/mmap.c  |    7 +++++++
 mm/nommu.c |    7 +++++++
 2 files changed, 14 insertions(+), 0 deletions(-)

diff --git a/mm/mmap.c b/mm/mmap.c
index bce4995..ecd1dcc 100644
--- a/mm/mmap.c
+++ b/mm/mmap.c
@@ -916,6 +916,13 @@ unsigned long do_mmap_pgoff(struct file * file, unsigned long addr,
 	if (!len)
 		return -EINVAL;
 
+	/*
+	 * If a hint addr is less than mmap_min_addr change addr to be as
+	 * low as possible but still greater than mmap_min_addr
+	 */
+	if (!(flags & MAP_FIXED) && (addr != NULL) && (addr < mmap_min_addr))
+		addr = (mmap_min_addr + ~PAGE_MASK) & PAGE_MASK;
+
 	error = arch_mmap_check(addr, len, flags);
 	if (error)
 		return error;
diff --git a/mm/nommu.c b/mm/nommu.c
index 989e2e9..6c13728 100644
--- a/mm/nommu.c
+++ b/mm/nommu.c
@@ -805,6 +805,13 @@ unsigned long do_mmap_pgoff(struct file *file,
 	void *result;
 	int ret;
 
+	/*
+ 	* If a hint addr is less than mmap_min_addr change addr to be as
+ 	* low as possible, but still greater than mmap_min_addr
+ 	*/
+	if (!(flags & MAP_FIXED) && (addr != NULL) && (addr < mmap_min_addr))
+		addr = (mmap_min_addr + ~PAGE_MASK) & PAGE_MASK;
+
 	/* decide whether we should attempt the mapping, and if so what sort of
 	 * mapping */
 	ret = validate_mmap_request(file, addr, len, prot, flags, pgoff,


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux