mirror of
https://github.com/adulau/aha.git
synced 2024-12-26 18:56:14 +00:00
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6: Keys: KEYCTL_SESSION_TO_PARENT needs TIF_NOTIFY_RESUME architecture support NOMMU: Optimise away the {dac_,}mmap_min_addr tests security/min_addr.c: make init_mmap_min_addr() static keys: PTR_ERR return of wrong pointer in keyctl_get_security()
This commit is contained in:
commit
efc8e7f4c8
6 changed files with 24 additions and 3 deletions
|
@ -95,8 +95,13 @@ struct seq_file;
|
||||||
extern int cap_netlink_send(struct sock *sk, struct sk_buff *skb);
|
extern int cap_netlink_send(struct sock *sk, struct sk_buff *skb);
|
||||||
extern int cap_netlink_recv(struct sk_buff *skb, int cap);
|
extern int cap_netlink_recv(struct sk_buff *skb, int cap);
|
||||||
|
|
||||||
|
#ifdef CONFIG_MMU
|
||||||
extern unsigned long mmap_min_addr;
|
extern unsigned long mmap_min_addr;
|
||||||
extern unsigned long dac_mmap_min_addr;
|
extern unsigned long dac_mmap_min_addr;
|
||||||
|
#else
|
||||||
|
#define dac_mmap_min_addr 0UL
|
||||||
|
#endif
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Values used in the task_security_ops calls
|
* Values used in the task_security_ops calls
|
||||||
*/
|
*/
|
||||||
|
@ -121,6 +126,7 @@ struct request_sock;
|
||||||
#define LSM_UNSAFE_PTRACE 2
|
#define LSM_UNSAFE_PTRACE 2
|
||||||
#define LSM_UNSAFE_PTRACE_CAP 4
|
#define LSM_UNSAFE_PTRACE_CAP 4
|
||||||
|
|
||||||
|
#ifdef CONFIG_MMU
|
||||||
/*
|
/*
|
||||||
* If a hint addr is less than mmap_min_addr change hint to be as
|
* If a hint addr is less than mmap_min_addr change hint to be as
|
||||||
* low as possible but still greater than mmap_min_addr
|
* low as possible but still greater than mmap_min_addr
|
||||||
|
@ -135,6 +141,7 @@ static inline unsigned long round_hint_to_min(unsigned long hint)
|
||||||
}
|
}
|
||||||
extern int mmap_min_addr_handler(struct ctl_table *table, int write,
|
extern int mmap_min_addr_handler(struct ctl_table *table, int write,
|
||||||
void __user *buffer, size_t *lenp, loff_t *ppos);
|
void __user *buffer, size_t *lenp, loff_t *ppos);
|
||||||
|
#endif
|
||||||
|
|
||||||
#ifdef CONFIG_SECURITY
|
#ifdef CONFIG_SECURITY
|
||||||
|
|
||||||
|
|
|
@ -1214,6 +1214,7 @@ static struct ctl_table vm_table[] = {
|
||||||
.proc_handler = proc_dointvec_jiffies,
|
.proc_handler = proc_dointvec_jiffies,
|
||||||
},
|
},
|
||||||
#endif
|
#endif
|
||||||
|
#ifdef CONFIG_MMU
|
||||||
{
|
{
|
||||||
.procname = "mmap_min_addr",
|
.procname = "mmap_min_addr",
|
||||||
.data = &dac_mmap_min_addr,
|
.data = &dac_mmap_min_addr,
|
||||||
|
@ -1221,6 +1222,7 @@ static struct ctl_table vm_table[] = {
|
||||||
.mode = 0644,
|
.mode = 0644,
|
||||||
.proc_handler = mmap_min_addr_handler,
|
.proc_handler = mmap_min_addr_handler,
|
||||||
},
|
},
|
||||||
|
#endif
|
||||||
#ifdef CONFIG_NUMA
|
#ifdef CONFIG_NUMA
|
||||||
{
|
{
|
||||||
.procname = "numa_zonelist_order",
|
.procname = "numa_zonelist_order",
|
||||||
|
|
|
@ -221,6 +221,7 @@ config KSM
|
||||||
|
|
||||||
config DEFAULT_MMAP_MIN_ADDR
|
config DEFAULT_MMAP_MIN_ADDR
|
||||||
int "Low address space to protect from user allocation"
|
int "Low address space to protect from user allocation"
|
||||||
|
depends on MMU
|
||||||
default 4096
|
default 4096
|
||||||
help
|
help
|
||||||
This is the portion of low virtual memory which should be protected
|
This is the portion of low virtual memory which should be protected
|
||||||
|
|
|
@ -8,7 +8,8 @@ subdir-$(CONFIG_SECURITY_SMACK) += smack
|
||||||
subdir-$(CONFIG_SECURITY_TOMOYO) += tomoyo
|
subdir-$(CONFIG_SECURITY_TOMOYO) += tomoyo
|
||||||
|
|
||||||
# always enable default capabilities
|
# always enable default capabilities
|
||||||
obj-y += commoncap.o min_addr.o
|
obj-y += commoncap.o
|
||||||
|
obj-$(CONFIG_MMU) += min_addr.o
|
||||||
|
|
||||||
# Object file lists
|
# Object file lists
|
||||||
obj-$(CONFIG_SECURITY) += security.o capability.o
|
obj-$(CONFIG_SECURITY) += security.o capability.o
|
||||||
|
|
|
@ -1194,7 +1194,7 @@ long keyctl_get_security(key_serial_t keyid,
|
||||||
* have the authorisation token handy */
|
* have the authorisation token handy */
|
||||||
instkey = key_get_instantiation_authkey(keyid);
|
instkey = key_get_instantiation_authkey(keyid);
|
||||||
if (IS_ERR(instkey))
|
if (IS_ERR(instkey))
|
||||||
return PTR_ERR(key_ref);
|
return PTR_ERR(instkey);
|
||||||
key_put(instkey);
|
key_put(instkey);
|
||||||
|
|
||||||
key_ref = lookup_user_key(keyid, KEY_LOOKUP_PARTIAL, 0);
|
key_ref = lookup_user_key(keyid, KEY_LOOKUP_PARTIAL, 0);
|
||||||
|
@ -1236,6 +1236,7 @@ long keyctl_get_security(key_serial_t keyid,
|
||||||
*/
|
*/
|
||||||
long keyctl_session_to_parent(void)
|
long keyctl_session_to_parent(void)
|
||||||
{
|
{
|
||||||
|
#ifdef TIF_NOTIFY_RESUME
|
||||||
struct task_struct *me, *parent;
|
struct task_struct *me, *parent;
|
||||||
const struct cred *mycred, *pcred;
|
const struct cred *mycred, *pcred;
|
||||||
struct cred *cred, *oldcred;
|
struct cred *cred, *oldcred;
|
||||||
|
@ -1326,6 +1327,15 @@ not_permitted:
|
||||||
error_keyring:
|
error_keyring:
|
||||||
key_ref_put(keyring_r);
|
key_ref_put(keyring_r);
|
||||||
return ret;
|
return ret;
|
||||||
|
|
||||||
|
#else /* !TIF_NOTIFY_RESUME */
|
||||||
|
/*
|
||||||
|
* To be removed when TIF_NOTIFY_RESUME has been implemented on
|
||||||
|
* m68k/xtensa
|
||||||
|
*/
|
||||||
|
#warning TIF_NOTIFY_RESUME not implemented
|
||||||
|
return -EOPNOTSUPP;
|
||||||
|
#endif /* !TIF_NOTIFY_RESUME */
|
||||||
}
|
}
|
||||||
|
|
||||||
/*****************************************************************************/
|
/*****************************************************************************/
|
||||||
|
|
|
@ -43,7 +43,7 @@ int mmap_min_addr_handler(struct ctl_table *table, int write,
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
int __init init_mmap_min_addr(void)
|
static int __init init_mmap_min_addr(void)
|
||||||
{
|
{
|
||||||
update_mmap_min_addr();
|
update_mmap_min_addr();
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue