Commit 3eb81a61 authored by David Howells's avatar David Howells Committed by james toy

Ignore the address parameter in the various file_mmap() security checks

when CONFIG_MMU=n as the address hint is ignored under those
circumstances, and in any case the minimum mapping address check is
pointless in NOMMU mode.
Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
Reported-by: default avatarGraff Yang <graf.yang@analog.com>
Cc: James Morris <jmorris@namei.org>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
parent 9fa417de
......@@ -609,6 +609,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
* @reqprot contains the protection requested by the application.
* @prot contains the protection that will be applied by the kernel.
* @flags contains the operational flags.
* @addr contains the mapping address, and should be ignored in NOMMU mode.
* Return 0 if permission is granted.
* @file_mprotect:
* Check permissions before changing memory access permissions.
......
......@@ -974,7 +974,7 @@ static int validate_mmap_request(struct file *file,
}
/* allow the security API to have its say */
ret = security_file_mmap(file, reqprot, prot, flags, addr, 0);
ret = security_file_mmap(file, reqprot, prot, flags, 0, 0);
if (ret < 0)
return ret;
......
......@@ -1005,6 +1005,7 @@ int cap_file_mmap(struct file *file, unsigned long reqprot,
{
int ret = 0;
#ifdef CONFIG_MMU
if (addr < dac_mmap_min_addr) {
ret = cap_capable(current, current_cred(), CAP_SYS_RAWIO,
SECURITY_CAP_AUDIT);
......@@ -1012,5 +1013,6 @@ int cap_file_mmap(struct file *file, unsigned long reqprot,
if (ret == 0)
current->flags |= PF_SUPERPRIV;
}
#endif
return ret;
}
......@@ -3046,6 +3046,7 @@ static int selinux_file_mmap(struct file *file, unsigned long reqprot,
unsigned long addr, unsigned long addr_only)
{
int rc = 0;
#ifdef CONFIG_MMU
u32 sid = current_sid();
/*
......@@ -3060,6 +3061,7 @@ static int selinux_file_mmap(struct file *file, unsigned long reqprot,
if (rc)
return rc;
}
#endif
/* do DAC check on address space usage */
rc = cap_file_mmap(file, reqprot, prot, flags, addr, addr_only);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment