Cyrill Gorcunov <gorcunov@xxxxxxxxxx> writes: > On Mon, Sep 24, 2012 at 08:49:42PM +0400, Cyrill Gorcunov wrote: >> > I got past that with: >> > >> > diff --git a/include/linux/security.h b/include/linux/security.h >> > index 01ef030..14e394d 100644 >> > --- a/include/linux/security.h >> > +++ b/include/linux/security.h >> > @@ -118,6 +118,7 @@ void reset_security_ops(void); >> > extern unsigned long mmap_min_addr; >> > extern unsigned long dac_mmap_min_addr; >> > #else >> > +#define mmap_min_addr 0UL >> > #define dac_mmap_min_addr 0UL >> > #endif >> > > > I think better to add CONFIG_MMU test here. > --- > From: Cyrill Gorcunov <gorcunov@xxxxxxxxxx> > Subject: prctl: prctl_set_mm -- Don't test for mmap_min_addr on non-MMU config > > In case if CONFIG_MMU is not set the @mmap_min_addr > is undefined leading to build error. Thus test for > it iif CONFIG_MMU is present. > > Note this code snippet depends on CONFIG_CHECKPOINT_RESTORE=y. > > Reported-by: Mark Salter <msalter@xxxxxxxxxx> > Signed-off-by: Cyrill Gorcunov <gorcunov@xxxxxxxxxx> > --- > kernel/sys.c | 4 ++++ > 1 file changed, 4 insertions(+) > > Index: linux-2.6.git/kernel/sys.c > =================================================================== > --- linux-2.6.git.orig/kernel/sys.c > +++ linux-2.6.git/kernel/sys.c > @@ -1865,7 +1865,11 @@ static int prctl_set_mm(int opt, unsigne > if (opt == PR_SET_MM_EXE_FILE) > return prctl_set_mm_exe_file(mm, (unsigned int)addr); > > +#ifdef CONFIG_MMU > if (addr >= TASK_SIZE || addr < mmap_min_addr) > +#else > + if (addr >= TASK_SIZE) > +#endif I expect what you want is a call to access_ok, rather than hard coding details about task layout here. This test certainly looks wrong for a 32bit process on a 64bit kernel. If I read your test right it appears I can set values of say 0x100000000 on a 32bit process... As for mmap_min_addr I would expect your find_vma check would make that test unnecessary, simply by not finding a vma... Eric > return -EINVAL; > > error = -EINVAL; -- To unsubscribe from this list: send the line "unsubscribe linux-arch" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
