Re: [Security] [PATCH] install_special_mapping skips security_file_mmapcheck.

From: James Morris
Date: Thu Dec 09 2010 - 16:44:56 EST

Next message: Matthew Garrett: "[PATCH 1/3] X86: Revamp reboot behaviour to match Windows more closely"
Previous message: Greg KH: "Re: brcm80211 hangs when disabling wireless"
In reply to: Andrew Morton: "Re: [Security] [PATCH] install_special_mapping skipssecurity_file_mmap check."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 9 Dec 2010, Andrew Morton wrote:

> This should return the security_file_mmap() errno rather than assuming
> EPERM. Although it happens to be the case that EPERM is the only errno
> which security_file_mmap() presently returns, afacit.
>
> Ditto insert_vm_struct(), with s/EPERM/ENOMEM/
>
> Please review and test?

Reviewed-by: James Morris <jmorris@xxxxxxxxx>

>
>
> --- a/mm/mmap.c~mm-install_special_mapping-skips-security_file_mmap-check-fix
> +++ a/mm/mmap.c
> @@ -2463,6 +2463,7 @@ int install_special_mapping(struct mm_st
> unsigned long vm_flags, struct page **pages)
> {
> struct vm_area_struct *vma;
> + int ret;
>
> vma = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL);
> if (unlikely(vma == NULL))
> @@ -2479,21 +2480,21 @@ int install_special_mapping(struct mm_st
> vma->vm_ops = &special_mapping_vmops;
> vma->vm_private_data = pages;
>
> - if (security_file_mmap(NULL, 0, 0, 0, vma->vm_start, 1)) {
> - kmem_cache_free(vm_area_cachep, vma);
> - return -EPERM;
> - }
> -
> - if (unlikely(insert_vm_struct(mm, vma))) {
> - kmem_cache_free(vm_area_cachep, vma);
> - return -ENOMEM;
> - }
> + ret = security_file_mmap(NULL, 0, 0, 0, vma->vm_start, 1);
> + if (ret < 0)
> + goto out;
> +
> + ret = insert_vm_struct(mm, vma);
> + if (ret < 0)
> + goto out;
>
> mm->total_vm += len >> PAGE_SHIFT;
>
> perf_event_mmap(vma);
> -
> return 0;
> +out:
> + kmem_cache_free(vm_area_cachep, vma);
> + return ret;
> }
>
> static DEFINE_MUTEX(mm_all_locks_mutex);
> _
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
>

--
James Morris
<jmorris@xxxxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Matthew Garrett: "[PATCH 1/3] X86: Revamp reboot behaviour to match Windows more closely"
Previous message: Greg KH: "Re: brcm80211 hangs when disabling wireless"
In reply to: Andrew Morton: "Re: [Security] [PATCH] install_special_mapping skipssecurity_file_mmap check."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]