Re: [PATCH] mm/nommu.c: Fix improperly call of security API in mmap

[John Johansen]

Eric Paris wrote:
> On Sat, 2009-11-21 at 00:16 +0000, David Howells wrote:
>> Eric Paris <eparis@xxxxxxxxxx> wrote:
>>
>>> +/* sec_flags for security_file_mmap */
>>> +#define SECURITY_MMAP_ADDR_ONLY	0x01
>>> +#define SECURITY_MMAP_NOT_ADDR	0x02
>> Please add comments to these to indicate what they're intended to convey.
>> Would ADDR_ONLY be better as EXACT_ADDR?
> 
> I think I should point out that this hook checks 2 things.  Originally
> it was only used to check if a file should be allowed to be mmaped.  It
> was later enhanced to check if the return address of mmap, if it is file
> backed or anonymous, is acceptable.  These flags only influence the
> later.
> 
> ADDR_ONLY means the security system should only check the address.
> NOT_ADDR means they security system should not check the address.
> 
> You need ADDR_ONLY when the hook is called on map that is not file
> backed or where that has already been dealt with.  You need NOT_ADDR
> only for nommu where the whole idea of mmap_min_addr is pointless.
> 
> I'm not sure what comments would convey....
> 
> /* security hook should only check the address */
> #define SECURITY_MMAP_ADDR_ONLY	0x01
> /* security hook should not check the address */
> #define SECURITY_MMAP_NOT_ADDR	0x02
> 
> Does that add something?
> 
> Still haven't heard where people scream they absolutely need this today,
> so I'm going to ask James to carry it in his for-next tree.
> 
The comments convey a tad more but I don't think they are necessary, and
I concur, it would be good if it went into the for-next tree.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/