Commit efc8e7f4 authored by Linus Torvalds's avatar Linus Torvalds

Merge branch 'for-linus' of...

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6:
  Keys: KEYCTL_SESSION_TO_PARENT needs TIF_NOTIFY_RESUME architecture support
  NOMMU: Optimise away the {dac_,}mmap_min_addr tests
  security/min_addr.c: make init_mmap_min_addr() static
  keys: PTR_ERR return of wrong pointer in keyctl_get_security()
parents b5c96f89 a00ae4d2
...@@ -95,8 +95,13 @@ struct seq_file; ...@@ -95,8 +95,13 @@ struct seq_file;
extern int cap_netlink_send(struct sock *sk, struct sk_buff *skb); extern int cap_netlink_send(struct sock *sk, struct sk_buff *skb);
extern int cap_netlink_recv(struct sk_buff *skb, int cap); extern int cap_netlink_recv(struct sk_buff *skb, int cap);
#ifdef CONFIG_MMU
extern unsigned long mmap_min_addr; extern unsigned long mmap_min_addr;
extern unsigned long dac_mmap_min_addr; extern unsigned long dac_mmap_min_addr;
#else
#define dac_mmap_min_addr 0UL
#endif
/* /*
* Values used in the task_security_ops calls * Values used in the task_security_ops calls
*/ */
...@@ -121,6 +126,7 @@ struct request_sock; ...@@ -121,6 +126,7 @@ struct request_sock;
#define LSM_UNSAFE_PTRACE 2 #define LSM_UNSAFE_PTRACE 2
#define LSM_UNSAFE_PTRACE_CAP 4 #define LSM_UNSAFE_PTRACE_CAP 4
#ifdef CONFIG_MMU
/* /*
* If a hint addr is less than mmap_min_addr change hint to be as * If a hint addr is less than mmap_min_addr change hint to be as
* low as possible but still greater than mmap_min_addr * low as possible but still greater than mmap_min_addr
...@@ -135,6 +141,7 @@ static inline unsigned long round_hint_to_min(unsigned long hint) ...@@ -135,6 +141,7 @@ static inline unsigned long round_hint_to_min(unsigned long hint)
} }
extern int mmap_min_addr_handler(struct ctl_table *table, int write, extern int mmap_min_addr_handler(struct ctl_table *table, int write,
void __user *buffer, size_t *lenp, loff_t *ppos); void __user *buffer, size_t *lenp, loff_t *ppos);
#endif
#ifdef CONFIG_SECURITY #ifdef CONFIG_SECURITY
......
...@@ -1214,6 +1214,7 @@ static struct ctl_table vm_table[] = { ...@@ -1214,6 +1214,7 @@ static struct ctl_table vm_table[] = {
.proc_handler = proc_dointvec_jiffies, .proc_handler = proc_dointvec_jiffies,
}, },
#endif #endif
#ifdef CONFIG_MMU
{ {
.procname = "mmap_min_addr", .procname = "mmap_min_addr",
.data = &dac_mmap_min_addr, .data = &dac_mmap_min_addr,
...@@ -1221,6 +1222,7 @@ static struct ctl_table vm_table[] = { ...@@ -1221,6 +1222,7 @@ static struct ctl_table vm_table[] = {
.mode = 0644, .mode = 0644,
.proc_handler = mmap_min_addr_handler, .proc_handler = mmap_min_addr_handler,
}, },
#endif
#ifdef CONFIG_NUMA #ifdef CONFIG_NUMA
{ {
.procname = "numa_zonelist_order", .procname = "numa_zonelist_order",
......
...@@ -221,6 +221,7 @@ config KSM ...@@ -221,6 +221,7 @@ config KSM
config DEFAULT_MMAP_MIN_ADDR config DEFAULT_MMAP_MIN_ADDR
int "Low address space to protect from user allocation" int "Low address space to protect from user allocation"
depends on MMU
default 4096 default 4096
help help
This is the portion of low virtual memory which should be protected This is the portion of low virtual memory which should be protected
......
...@@ -8,7 +8,8 @@ subdir-$(CONFIG_SECURITY_SMACK) += smack ...@@ -8,7 +8,8 @@ subdir-$(CONFIG_SECURITY_SMACK) += smack
subdir-$(CONFIG_SECURITY_TOMOYO) += tomoyo subdir-$(CONFIG_SECURITY_TOMOYO) += tomoyo
# always enable default capabilities # always enable default capabilities
obj-y += commoncap.o min_addr.o obj-y += commoncap.o
obj-$(CONFIG_MMU) += min_addr.o
# Object file lists # Object file lists
obj-$(CONFIG_SECURITY) += security.o capability.o obj-$(CONFIG_SECURITY) += security.o capability.o
......
...@@ -1194,7 +1194,7 @@ long keyctl_get_security(key_serial_t keyid, ...@@ -1194,7 +1194,7 @@ long keyctl_get_security(key_serial_t keyid,
* have the authorisation token handy */ * have the authorisation token handy */
instkey = key_get_instantiation_authkey(keyid); instkey = key_get_instantiation_authkey(keyid);
if (IS_ERR(instkey)) if (IS_ERR(instkey))
return PTR_ERR(key_ref); return PTR_ERR(instkey);
key_put(instkey); key_put(instkey);
key_ref = lookup_user_key(keyid, KEY_LOOKUP_PARTIAL, 0); key_ref = lookup_user_key(keyid, KEY_LOOKUP_PARTIAL, 0);
...@@ -1236,6 +1236,7 @@ long keyctl_get_security(key_serial_t keyid, ...@@ -1236,6 +1236,7 @@ long keyctl_get_security(key_serial_t keyid,
*/ */
long keyctl_session_to_parent(void) long keyctl_session_to_parent(void)
{ {
#ifdef TIF_NOTIFY_RESUME
struct task_struct *me, *parent; struct task_struct *me, *parent;
const struct cred *mycred, *pcred; const struct cred *mycred, *pcred;
struct cred *cred, *oldcred; struct cred *cred, *oldcred;
...@@ -1326,6 +1327,15 @@ not_permitted: ...@@ -1326,6 +1327,15 @@ not_permitted:
error_keyring: error_keyring:
key_ref_put(keyring_r); key_ref_put(keyring_r);
return ret; return ret;
#else /* !TIF_NOTIFY_RESUME */
/*
* To be removed when TIF_NOTIFY_RESUME has been implemented on
* m68k/xtensa
*/
#warning TIF_NOTIFY_RESUME not implemented
return -EOPNOTSUPP;
#endif /* !TIF_NOTIFY_RESUME */
} }
/*****************************************************************************/ /*****************************************************************************/
......
...@@ -43,7 +43,7 @@ int mmap_min_addr_handler(struct ctl_table *table, int write, ...@@ -43,7 +43,7 @@ int mmap_min_addr_handler(struct ctl_table *table, int write,
return ret; return ret;
} }
int __init init_mmap_min_addr(void) static int __init init_mmap_min_addr(void)
{ {
update_mmap_min_addr(); update_mmap_min_addr();
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment