diff options
| author |   Eric Paris <eparis@redhat.com> | 2007-12-04 11:06:55 -0500 |
|---|---|---|
| committer |   James Morris <jmorris@namei.org> | 2007-12-06 00:25:30 +1100 |
| commit | 5a211a5deabcafdc764817d5b4510c767d317ddc (patch) | |
| tree | d330ce692f43c1b02c84ff81284e6191d567e02f /mm | |
| parent | Security: round mmap hint address above mmap_min_addr (diff) | |
| download | linux-dev-5a211a5deabcafdc764817d5b4510c767d317ddc.tar.xz linux-dev-5a211a5deabcafdc764817d5b4510c767d317ddc.zip | |
VM/Security: add security hook to do_brk
Given a specifically crafted binary do_brk() can be used to get low
pages available in userspace virtually memory and can thus be used to
circumvent the mmap_min_addr low memory protection. Add security checks
in do_brk().
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Alan Cox <alan@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'mm')
| -rw-r--r-- | mm/mmap.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/mm/mmap.c b/mm/mmap.c index f4cfc6ac08db..15678aa6ec73 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -1941,6 +1941,10 @@ unsigned long do_brk(unsigned long addr, unsigned long len) if (is_hugepage_only_range(mm, addr, len)) return -EINVAL; + error = security_file_mmap(0, 0, 0, 0, addr, 1); + if (error) + return error; + flags = VM_DATA_DEFAULT_FLAGS | VM_ACCOUNT | mm->def_flags; error = arch_mmap_check(addr, len, flags); |