Back to home page

LXR

 
 

    


0001 #include <linux/init.h>
0002 #include <linux/mm.h>
0003 #include <linux/security.h>
0004 #include <linux/sysctl.h>
0005 
0006 /* amount of vm to protect from userspace access by both DAC and the LSM*/
0007 unsigned long mmap_min_addr;
0008 /* amount of vm to protect from userspace using CAP_SYS_RAWIO (DAC) */
0009 unsigned long dac_mmap_min_addr = CONFIG_DEFAULT_MMAP_MIN_ADDR;
0010 /* amount of vm to protect from userspace using the LSM = CONFIG_LSM_MMAP_MIN_ADDR */
0011 
0012 /*
0013  * Update mmap_min_addr = max(dac_mmap_min_addr, CONFIG_LSM_MMAP_MIN_ADDR)
0014  */
0015 static void update_mmap_min_addr(void)
0016 {
0017 #ifdef CONFIG_LSM_MMAP_MIN_ADDR
0018     if (dac_mmap_min_addr > CONFIG_LSM_MMAP_MIN_ADDR)
0019         mmap_min_addr = dac_mmap_min_addr;
0020     else
0021         mmap_min_addr = CONFIG_LSM_MMAP_MIN_ADDR;
0022 #else
0023     mmap_min_addr = dac_mmap_min_addr;
0024 #endif
0025 }
0026 
0027 /*
0028  * sysctl handler which just sets dac_mmap_min_addr = the new value and then
0029  * calls update_mmap_min_addr() so non MAP_FIXED hints get rounded properly
0030  */
0031 int mmap_min_addr_handler(struct ctl_table *table, int write,
0032               void __user *buffer, size_t *lenp, loff_t *ppos)
0033 {
0034     int ret;
0035 
0036     if (write && !capable(CAP_SYS_RAWIO))
0037         return -EPERM;
0038 
0039     ret = proc_doulongvec_minmax(table, write, buffer, lenp, ppos);
0040 
0041     update_mmap_min_addr();
0042 
0043     return ret;
0044 }
0045 
0046 static int __init init_mmap_min_addr(void)
0047 {
0048     update_mmap_min_addr();
0049 
0050     return 0;
0051 }
0052 pure_initcall(init_mmap_min_addr);