* [RFC][PATCH 1/6] mprotect patch for use by SLIM
@ 2006-07-14 17:24 Kylene Jo Hall
2006-07-14 17:42 ` Dave Hansen
0 siblings, 1 reply; 3+ messages in thread
From: Kylene Jo Hall @ 2006-07-14 17:24 UTC (permalink / raw)
To: linux-kernel, LSM ML; +Cc: Dave Safford, Mimi Zohar, Serge Hallyn
This small patch makes mprotect available for use by SLIM for
write revocation.
Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
Signed-off-by: Kylene Hall <kjhall@us.ibm.com>
---
include/linux/mm.h | 2 ++
mm/mprotect.c | 14 ++++++++++++--
2 files changed, 14 insertions(+), 2 deletions(-)
Index: linux-2.6.17/mm/mprotect.c
===================================================================
--- linux-2.6.17.orig/mm/mprotect.c
+++ linux-2.6.17/mm/mprotect.c
@@ -19,6 +19,7 @@
#include <linux/mempolicy.h>
#include <linux/personality.h>
#include <linux/syscalls.h>
+#include <linux/module.h>
#include <linux/swap.h>
#include <linux/swapops.h>
#include <asm/uaccess.h>
@@ -179,8 +180,7 @@ fail:
return error;
}
-asmlinkage long
-sys_mprotect(unsigned long start, size_t len, unsigned long prot)
+int do_mprotect(unsigned long start, size_t len, unsigned long prot)
{
unsigned long vm_flags, nstart, end, tmp, reqprot;
struct vm_area_struct *vma, *prev;
@@ -278,3 +278,13 @@ out:
up_write(¤t->mm->mmap_sem);
return error;
}
+EXPORT_SYMBOL_GPL(do_mprotect);
+
+asmlinkage long
+sys_mprotect(unsigned long start, size_t len, unsigned long prot)
+{
+ int ret;
+
+ ret = do_mprotect(start, len, prot);
+ return ret;
+}
Index: linux-2.6.17/include/linux/mm.h
===================================================================
--- linux-2.6.17.orig/include/linux/mm.h
+++ linux-2.6.17/include/linux/mm.h
@@ -138,6 +138,8 @@ extern unsigned int kobjsize(const void
#define VM_EXEC 0x00000004
#define VM_SHARED 0x00000008
+extern int do_mprotect(unsigned long start, size_t len, unsigned long prot);
+
/* mprotect() hardcodes VM_MAYREAD >> 4 == VM_READ, and so for r/w/x bits. */
#define VM_MAYREAD 0x00000010 /* limits for mprotect() etc */
#define VM_MAYWRITE 0x00000020
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [RFC][PATCH 1/6] mprotect patch for use by SLIM
2006-07-14 17:24 [RFC][PATCH 1/6] mprotect patch for use by SLIM Kylene Jo Hall
@ 2006-07-14 17:42 ` Dave Hansen
0 siblings, 0 replies; 3+ messages in thread
From: Dave Hansen @ 2006-07-14 17:42 UTC (permalink / raw)
To: Kylene Jo Hall
Cc: linux-kernel, LSM ML, Dave Safford, Mimi Zohar, Serge Hallyn
On Fri, 2006-07-14 at 10:24 -0700, Kylene Jo Hall wrote:
> This small patch makes mprotect available for use by SLIM for
> write revocation.
Hmmm. Do you really want mprotect() itself? Or, do you just want to
keep people from writing? (there is a difference :)
If somebody mmap()s something with write permissions, I would expect
them to expect to see rw in /proc/<pid>/maps. If you use mprotect() on
that mmap() to remove the write permissions, the permissions will be
reflected in /proc/<pid>/maps.
-- Dave
^ permalink raw reply [flat|nested] 3+ messages in thread
* [RFC][PATCH 1/6] mprotect patch for use by SLIM
@ 2006-07-24 17:51 Kylene Jo Hall
0 siblings, 0 replies; 3+ messages in thread
From: Kylene Jo Hall @ 2006-07-24 17:51 UTC (permalink / raw)
To: linux-kernel, LSM ML; +Cc: Dave Safford, Mimi Zohar, Serge Hallyn
This small patch makes mprotect available for use by SLIM for
write revocation.
Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
Signed-off-by: Kylene Hall <kjhall@us.ibm.com>
---
include/linux/mm.h | 2 ++
mm/mprotect.c | 14 ++++++++++++--
2 files changed, 14 insertions(+), 2 deletions(-)
Index: linux-2.6.17/mm/mprotect.c
===================================================================
--- linux-2.6.17.orig/mm/mprotect.c
+++ linux-2.6.17/mm/mprotect.c
@@ -19,6 +19,7 @@
#include <linux/mempolicy.h>
#include <linux/personality.h>
#include <linux/syscalls.h>
+#include <linux/module.h>
#include <linux/swap.h>
#include <linux/swapops.h>
#include <asm/uaccess.h>
@@ -179,8 +180,7 @@ fail:
return error;
}
-asmlinkage long
-sys_mprotect(unsigned long start, size_t len, unsigned long prot)
+int do_mprotect(unsigned long start, size_t len, unsigned long prot)
{
unsigned long vm_flags, nstart, end, tmp, reqprot;
struct vm_area_struct *vma, *prev;
@@ -278,3 +278,13 @@ out:
up_write(¤t->mm->mmap_sem);
return error;
}
+EXPORT_SYMBOL_GPL(do_mprotect);
+
+asmlinkage long
+sys_mprotect(unsigned long start, size_t len, unsigned long prot)
+{
+ int ret;
+
+ ret = do_mprotect(start, len, prot);
+ return ret;
+}
Index: linux-2.6.17/include/linux/mm.h
===================================================================
--- linux-2.6.17.orig/include/linux/mm.h
+++ linux-2.6.17/include/linux/mm.h
@@ -138,6 +138,8 @@ extern unsigned int kobjsize(const void
#define VM_EXEC 0x00000004
#define VM_SHARED 0x00000008
+extern int do_mprotect(unsigned long start, size_t len, unsigned long prot);
+
/* mprotect() hardcodes VM_MAYREAD >> 4 == VM_READ, and so for r/w/x bits. */
#define VM_MAYREAD 0x00000010 /* limits for mprotect() etc */
#define VM_MAYWRITE 0x00000020
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2006-07-24 17:51 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-07-14 17:24 [RFC][PATCH 1/6] mprotect patch for use by SLIM Kylene Jo Hall
2006-07-14 17:42 ` Dave Hansen
-- strict thread matches above, loose matches on Subject: below --
2006-07-24 17:51 Kylene Jo Hall
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox