path: root/mm
diff options
authorEric Paris <eparis@redhat.com>2007-11-26 18:47:40 -0500
committerJames Morris <jmorris@namei.org>2007-12-06 00:25:10 +1100
commit7cd94146cd504016315608e297219f9fb7b1413b (patch)
tree1d118d6af0a6d3efb9be66f7305827aee2ceffea /mm
parentsecurity: protect from stack expantion into low vm addresses (diff)
Security: round mmap hint address above mmap_min_addr
If mmap_min_addr is set and a process attempts to mmap (not fixed) with a non-null hint address less than mmap_min_addr the mapping will fail the security checks. Since this is just a hint address this patch will round such a hint address above mmap_min_addr. gcj was found to try to be very frugal with vm usage and give hint addresses in the 8k-32k range. Without this patch all such programs failed and with the patch they happily get a higher address. This patch is wrappad in CONFIG_SECURITY since mmap_min_addr doesn't exist without it and there would be no security check possible no matter what. So we should not bother compiling in this rounding if it is just a waste of time. Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'mm')
2 files changed, 6 insertions, 0 deletions
diff --git a/mm/mmap.c b/mm/mmap.c
index 938313c76d02..f4cfc6ac08db 100644
--- a/mm/mmap.c
+++ b/mm/mmap.c
@@ -912,6 +912,9 @@ unsigned long do_mmap_pgoff(struct file * file, unsigned long addr,
if (!len)
return -EINVAL;
+ if (!(flags & MAP_FIXED))
+ addr = round_hint_to_min(addr);
error = arch_mmap_check(addr, len, flags);
if (error)
return error;
diff --git a/mm/nommu.c b/mm/nommu.c
index 35622c590925..b989cb928a7c 100644
--- a/mm/nommu.c
+++ b/mm/nommu.c
@@ -829,6 +829,9 @@ unsigned long do_mmap_pgoff(struct file *file,
void *result;
int ret;
+ if (!(flags & MAP_FIXED))
+ addr = round_hint_to_min(addr);
/* decide whether we should attempt the mapping, and if so what sort of
* mapping */
ret = validate_mmap_request(file, addr, len, prot, flags, pgoff,