summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAl Viro <viro@zeniv.linux.org.uk>2012-05-30 17:11:23 -0400
committerAl Viro <viro@zeniv.linux.org.uk>2012-06-01 10:37:01 -0400
commit8b3ec6814c83d76b85bd13badc48552836c24839 (patch)
tree2430a4511c7ea41f67b0d841f4c42eac43828db3
parente5467859f7f79b69fc49004403009dfdba3bec53 (diff)
take security_mmap_file() outside of ->mmap_sem
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
-rw-r--r--include/linux/security.h7
-rw-r--r--ipc/shm.c5
-rw-r--r--mm/mmap.c23
-rw-r--r--mm/nommu.c22
-rw-r--r--security/security.c33
5 files changed, 62 insertions, 28 deletions
diff --git a/include/linux/security.h b/include/linux/security.h
index f1bae0963ddc..4e5a73cdbbef 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -1745,8 +1745,8 @@ int security_file_permission(struct file *file, int mask);
int security_file_alloc(struct file *file);
void security_file_free(struct file *file);
int security_file_ioctl(struct file *file, unsigned int cmd, unsigned long arg);
-int security_mmap_file(struct file *file, unsigned long reqprot,
- unsigned long prot, unsigned long flags);
+int security_mmap_file(struct file *file, unsigned long prot,
+ unsigned long flags);
int security_mmap_addr(unsigned long addr);
int security_file_mprotect(struct vm_area_struct *vma, unsigned long reqprot,
unsigned long prot);
@@ -2183,8 +2183,7 @@ static inline int security_file_ioctl(struct file *file, unsigned int cmd,
return 0;
}
-static inline int security_mmap_file(struct file *file, unsigned long reqprot,
- unsigned long prot,
+static inline int security_mmap_file(struct file *file, unsigned long prot,
unsigned long flags)
{
return 0;
diff --git a/ipc/shm.c b/ipc/shm.c
index 406c5b208193..e3a8063b1768 100644
--- a/ipc/shm.c
+++ b/ipc/shm.c
@@ -1036,6 +1036,10 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr)
sfd->file = shp->shm_file;
sfd->vm_ops = NULL;
+ err = security_mmap_file(file, prot, flags);
+ if (err)
+ goto out_fput;
+
down_write(&current->mm->mmap_sem);
if (addr && !(shmflg & SHM_REMAP)) {
err = -EINVAL;
@@ -1058,6 +1062,7 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr)
invalid:
up_write(&current->mm->mmap_sem);
+out_fput:
fput(file);
out_nattch:
diff --git a/mm/mmap.c b/mm/mmap.c
index 49283da9a2ae..34b280f4238d 100644
--- a/mm/mmap.c
+++ b/mm/mmap.c
@@ -979,7 +979,6 @@ static unsigned long do_mmap_pgoff(struct file *file, unsigned long addr,
struct inode *inode;
vm_flags_t vm_flags;
int error;
- unsigned long reqprot = prot;
/*
* Does the application expect PROT_READ to imply PROT_EXEC?
@@ -1105,10 +1104,6 @@ static unsigned long do_mmap_pgoff(struct file *file, unsigned long addr,
if (error)
return error;
- error = security_mmap_file(file, reqprot, prot, flags);
- if (error)
- return error;
-
return mmap_region(file, addr, len, flags, vm_flags, pgoff);
}
@@ -1130,9 +1125,12 @@ unsigned long vm_mmap(struct file *file, unsigned long addr,
unsigned long ret;
struct mm_struct *mm = current->mm;
- down_write(&mm->mmap_sem);
- ret = do_mmap(file, addr, len, prot, flag, offset);
- up_write(&mm->mmap_sem);
+ ret = security_mmap_file(file, prot, flag);
+ if (!ret) {
+ down_write(&mm->mmap_sem);
+ ret = do_mmap(file, addr, len, prot, flag, offset);
+ up_write(&mm->mmap_sem);
+ }
return ret;
}
EXPORT_SYMBOL(vm_mmap);
@@ -1168,9 +1166,12 @@ SYSCALL_DEFINE6(mmap_pgoff, unsigned long, addr, unsigned long, len,
flags &= ~(MAP_EXECUTABLE | MAP_DENYWRITE);
- down_write(&current->mm->mmap_sem);
- retval = do_mmap_pgoff(file, addr, len, prot, flags, pgoff);
- up_write(&current->mm->mmap_sem);
+ retval = security_mmap_file(file, prot, flags);
+ if (!retval) {
+ down_write(&current->mm->mmap_sem);
+ retval = do_mmap_pgoff(file, addr, len, prot, flags, pgoff);
+ up_write(&current->mm->mmap_sem);
+ }
if (file)
fput(file);
diff --git a/mm/nommu.c b/mm/nommu.c
index acfe419785db..8cbfd623b04a 100644
--- a/mm/nommu.c
+++ b/mm/nommu.c
@@ -889,7 +889,6 @@ static int validate_mmap_request(struct file *file,
unsigned long *_capabilities)
{
unsigned long capabilities, rlen;
- unsigned long reqprot = prot;
int ret;
/* do the simple checks first */
@@ -1050,9 +1049,6 @@ static int validate_mmap_request(struct file *file,
ret = security_mmap_addr(addr);
if (ret < 0)
return ret;
- ret = security_mmap_file(file, reqprot, prot, flags);
- if (ret < 0)
- return ret;
/* looks okay */
*_capabilities = capabilities;
@@ -1492,9 +1488,12 @@ unsigned long vm_mmap(struct file *file, unsigned long addr,
unsigned long ret;
struct mm_struct *mm = current->mm;
- down_write(&mm->mmap_sem);
- ret = do_mmap(file, addr, len, prot, flag, offset);
- up_write(&mm->mmap_sem);
+ ret = security_mmap_file(file, prot, flag);
+ if (!ret) {
+ down_write(&mm->mmap_sem);
+ ret = do_mmap(file, addr, len, prot, flag, offset);
+ up_write(&mm->mmap_sem);
+ }
return ret;
}
EXPORT_SYMBOL(vm_mmap);
@@ -1515,9 +1514,12 @@ SYSCALL_DEFINE6(mmap_pgoff, unsigned long, addr, unsigned long, len,
flags &= ~(MAP_EXECUTABLE | MAP_DENYWRITE);
- down_write(&current->mm->mmap_sem);
- retval = do_mmap_pgoff(file, addr, len, prot, flags, pgoff);
- up_write(&current->mm->mmap_sem);
+ ret = security_mmap_file(file, prot, flags);
+ if (!ret) {
+ down_write(&current->mm->mmap_sem);
+ retval = do_mmap_pgoff(file, addr, len, prot, flags, pgoff);
+ up_write(&current->mm->mmap_sem);
+ }
if (file)
fput(file);
diff --git a/security/security.c b/security/security.c
index d91c66d3956b..3b11b3b72fe2 100644
--- a/security/security.c
+++ b/security/security.c
@@ -20,6 +20,9 @@
#include <linux/ima.h>
#include <linux/evm.h>
#include <linux/fsnotify.h>
+#include <linux/mman.h>
+#include <linux/mount.h>
+#include <linux/personality.h>
#include <net/flow.h>
#define MAX_LSM_EVM_XATTR 2
@@ -657,11 +660,35 @@ int security_file_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
return security_ops->file_ioctl(file, cmd, arg);
}
-int security_mmap_file(struct file *file, unsigned long reqprot,
- unsigned long prot, unsigned long flags)
+int security_mmap_file(struct file *file, unsigned long prot,
+ unsigned long flags)
{
+ unsigned long reqprot = prot;
int ret;
-
+ /*
+ * Does the application expect PROT_READ to imply PROT_EXEC?
+ *
+ * (the exception is when the underlying filesystem is noexec
+ * mounted, in which case we dont add PROT_EXEC.)
+ */
+ if (!(reqprot & PROT_READ))
+ goto out;
+ if (!(current->personality & READ_IMPLIES_EXEC))
+ goto out;
+ if (!file) {
+ prot |= PROT_EXEC;
+ } else if (!(file->f_path.mnt->mnt_flags & MNT_NOEXEC)) {
+#ifndef CONFIG_MMU
+ unsigned long caps = 0;
+ struct address_space *mapping = file->f_mapping;
+ if (mapping && mapping->backing_dev_info)
+ caps = mapping->backing_dev_info->capabilities;
+ if (!(caps & BDI_CAP_EXEC_MAP))
+ goto out;
+#endif
+ prot |= PROT_EXEC;
+ }
+out:
ret = security_ops->mmap_file(file, reqprot, prot, flags);
if (ret)
return ret;