[PATCH] mm/nommu.c: Fix improperly call of security API in mmap

All of lore.kernel.org
 help / color / mirror / Atom feed

From: <graff.yang@gmail.com>
To: <dhowells@redhat.com>, <linux-kernel@vger.kernel.org>,
	<gyang@blackfin.uclinux.org>
Cc: <akpm@linux-foundation.org>,
	<uclinux-dist-devel@blackfin.uclinux.org>,
	Graff Yang <graf.yang@analog.com>
Subject: [PATCH] mm/nommu.c: Fix improperly call of security API in mmap
Date: Wed, 14 Oct 2009 18:28:54 +0800	[thread overview]
Message-ID: <1255516134-4838-1-git-send-email-graff.yang@gmail.com> (raw)

From: Graff Yang <graf.yang@analog.com>

The original code calling security_file_mmap() use user's hint address
as it's 5th argument(addr). This is improper, as the hint address may be
NULL.
In this case, the security_file_mmap() may incorrectly return -EPERM.

This patch moved the calling of security_file_mmap() out of
validate_mmap_request() to do_mmap_pgoff(), and call this
security API with the address that attempting to mmap.

Signed-off-by: Graff Yang <graf.yang@analog.com>
---
 mm/nommu.c |   18 ++++++++++++------
 1 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/mm/nommu.c b/mm/nommu.c
index 3a5e989..fc986d4 100644
--- a/mm/nommu.c
+++ b/mm/nommu.c
@@ -862,7 +862,6 @@ static int validate_mmap_request(struct file *file,
 				 unsigned long *_capabilities)
 {
 	unsigned long capabilities, rlen;
-	unsigned long reqprot = prot;
 	int ret;
 
 	/* do the simple checks first */
@@ -1013,11 +1012,6 @@ static int validate_mmap_request(struct file *file,
 			prot |= PROT_EXEC;
 	}
 
-	/* allow the security API to have its say */
-	ret = security_file_mmap(file, reqprot, prot, flags, addr, 0);
-	if (ret < 0)
-		return ret;
-
 	/* looks okay */
 	*_capabilities = capabilities;
 	return 0;
@@ -1231,6 +1225,7 @@ unsigned long do_mmap_pgoff(struct file *file,
 	struct vm_area_struct *vma;
 	struct vm_region *region;
 	struct rb_node *rb;
+	unsigned long reqprot = prot;
 	unsigned long capabilities, vm_flags, result;
 	int ret;
 
@@ -1327,6 +1322,12 @@ unsigned long do_mmap_pgoff(struct file *file,
 				continue;
 			}
 
+			/* allow the security API to have its say */
+			ret = security_file_mmap(file, reqprot, prot, flags,
+							pregion->vm_start, 0);
+			if (ret < 0)
+				goto error_just_free;
+
 			/* we've found a region we can share */
 			atomic_inc(&pregion->vm_usage);
 			vma->vm_region = pregion;
@@ -1394,6 +1395,11 @@ unsigned long do_mmap_pgoff(struct file *file,
 	if (ret < 0)
 		goto error_put_region;
 
+	ret = security_file_mmap(file, reqprot, prot, flags,
+					vma->vm_start, 0);
+	if (ret < 0)
+		goto error_put_region;
+
 	/* okay... we have a mapping; now we have to register it */
 	result = vma->vm_start;
 
-- 
1.6.4.4

next             reply	other threads:[~2009-10-14 10:31 UTC|newest]

Thread overview: 24+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-10-14 10:28 graff.yang [this message]
2009-10-14 14:08 ` [PATCH] mm/nommu.c: Fix improperly call of security API in mmap David Howells
2009-10-15  2:21   ` graff yang
2009-10-15  3:45     ` graff yang
2009-10-15  7:07       ` David Howells
2009-10-16  7:06   ` [Uclinux-dist-devel] " Mike Frysinger
2009-10-16 15:01   ` Eric Paris
2009-10-16 15:14     ` David Howells
2009-10-16 15:21       ` Eric Paris
2009-10-16 15:43         ` David Howells
2009-10-16 15:55           ` Eric Paris
2009-11-17 22:13             ` Andrew Morton
2009-11-17 23:24               ` Mike Frysinger
2009-11-18 21:10               ` Eric Paris
2009-11-20 15:00               ` David Howells
2009-11-20 17:42                 ` Andrew Morton
2009-11-20 17:54                   ` David Howells
2009-11-20 19:32                     ` Eric Paris
2009-11-20 19:50                       ` Andrew Morton
2009-11-20 19:58                         ` Eric Paris
2009-11-21  0:16                       ` David Howells
2009-11-21 16:15                         ` Eric Paris
2009-11-23 10:10                           ` John Johansen
2009-10-16 15:43       ` [Uclinux-dist-devel] " Mike Frysinger

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:3a5e989 dfblob:fc986d4 )
 OR (
bs:"[PATCH] mm/nommu.c: Fix improperly call of security API in mmap" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1255516134-4838-1-git-send-email-graff.yang@gmail.com \
    --to=graff.yang@gmail.com \
    --cc=akpm@linux-foundation.org \
    --cc=dhowells@redhat.com \
    --cc=graf.yang@analog.com \
    --cc=gyang@blackfin.uclinux.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=uclinux-dist-devel@blackfin.uclinux.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.