lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Tue, 27 Nov 2007 12:04:18 +1100 (EST)
From:	James Morris <jmorris@...ei.org>
To:	Eric Paris <eparis@...hat.com>
cc:	linux-kernel@...r.kernel.org, Stephen Smalley <sds@...ho.nsa.gov>,
	selinux@...ho.nsa.gov, alan@...hat.com, chrisw@...hat.com,
	hpa@...or.com, Andrew Morton <akpm@...ux-foundation.org>,
	linux-security-module@...r.kernel.org
Subject: Re: [PATCH 1/3] mmap: protect from stack expantion into low vm
 addresses

On Mon, 26 Nov 2007, Eric Paris wrote:

> Add security checks to make sure we are not attempting to expand the
> stack into memory protected by mmap_min_addr
> 
> Signed-off-by: Eric Paris <eparis@...hat.com>

Please include the LSMs list in the CC line (added again) for posts 
relating to security.

Applied to 
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6.git#for-akpm

> ---
> 
> ** Be very careful applying/rediffing this patch.  Standard 3 lines of
> context from git diff will misapply the first hunk to expand_upwards
> instead of properly in expand_downwards.  This patch was generated using
> -U 4 to make sure it applies in the correct place.  **

Seems to have applied correctly for me.


> 
>  mm/mmap.c |    8 ++++++--
>  1 file changed, 6 insertions(+), 2 deletions(-)
> 
> --- kernel-1/mm/mmap.c
> +++ kernel-2/mm/mmap.c
> @@ -1614,17 +1614,21 @@ static inline int expand_downwards(struc
>  	 * so that the anon_vma locking is not a noop.
>  	 */
>  	if (unlikely(anon_vma_prepare(vma)))
>  		return -ENOMEM;
> +
> +	address &= PAGE_MASK;
> +	error = security_file_mmap(0, 0, 0, 0, address, 1);
> +	if (error)
> +		return error;
> +
>  	anon_vma_lock(vma);
>  
>  	/*
>  	 * vma->vm_start/vm_end cannot change under us because the caller
>  	 * is required to hold the mmap_sem in read mode.  We need the
>  	 * anon_vma lock to serialize against concurrent expand_stacks.
>  	 */
> -	address &= PAGE_MASK;
> -	error = 0;
>  
>  	/* Somebody else might have raced and expanded it already */
>  	if (address < vma->vm_start) {
>  		unsigned long size, grow;
> 
> 

-- 
James Morris
<jmorris@...ei.org>
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ