Commit 8b3ec681 authored by Al Viro's avatar Al Viro

take security_mmap_file() outside of ->mmap_sem

Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
parent e5467859
...@@ -1745,8 +1745,8 @@ int security_file_permission(struct file *file, int mask); ...@@ -1745,8 +1745,8 @@ int security_file_permission(struct file *file, int mask);
int security_file_alloc(struct file *file); int security_file_alloc(struct file *file);
void security_file_free(struct file *file); void security_file_free(struct file *file);
int security_file_ioctl(struct file *file, unsigned int cmd, unsigned long arg); int security_file_ioctl(struct file *file, unsigned int cmd, unsigned long arg);
int security_mmap_file(struct file *file, unsigned long reqprot, int security_mmap_file(struct file *file, unsigned long prot,
unsigned long prot, unsigned long flags); unsigned long flags);
int security_mmap_addr(unsigned long addr); int security_mmap_addr(unsigned long addr);
int security_file_mprotect(struct vm_area_struct *vma, unsigned long reqprot, int security_file_mprotect(struct vm_area_struct *vma, unsigned long reqprot,
unsigned long prot); unsigned long prot);
...@@ -2183,8 +2183,7 @@ static inline int security_file_ioctl(struct file *file, unsigned int cmd, ...@@ -2183,8 +2183,7 @@ static inline int security_file_ioctl(struct file *file, unsigned int cmd,
return 0; return 0;
} }
static inline int security_mmap_file(struct file *file, unsigned long reqprot, static inline int security_mmap_file(struct file *file, unsigned long prot,
unsigned long prot,
unsigned long flags) unsigned long flags)
{ {
return 0; return 0;
......
...@@ -1036,6 +1036,10 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr) ...@@ -1036,6 +1036,10 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr)
sfd->file = shp->shm_file; sfd->file = shp->shm_file;
sfd->vm_ops = NULL; sfd->vm_ops = NULL;
err = security_mmap_file(file, prot, flags);
if (err)
goto out_fput;
down_write(&current->mm->mmap_sem); down_write(&current->mm->mmap_sem);
if (addr && !(shmflg & SHM_REMAP)) { if (addr && !(shmflg & SHM_REMAP)) {
err = -EINVAL; err = -EINVAL;
...@@ -1058,6 +1062,7 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr) ...@@ -1058,6 +1062,7 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr)
invalid: invalid:
up_write(&current->mm->mmap_sem); up_write(&current->mm->mmap_sem);
out_fput:
fput(file); fput(file);
out_nattch: out_nattch:
......
...@@ -979,7 +979,6 @@ static unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, ...@@ -979,7 +979,6 @@ static unsigned long do_mmap_pgoff(struct file *file, unsigned long addr,
struct inode *inode; struct inode *inode;
vm_flags_t vm_flags; vm_flags_t vm_flags;
int error; int error;
unsigned long reqprot = prot;
/* /*
* Does the application expect PROT_READ to imply PROT_EXEC? * Does the application expect PROT_READ to imply PROT_EXEC?
...@@ -1105,10 +1104,6 @@ static unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, ...@@ -1105,10 +1104,6 @@ static unsigned long do_mmap_pgoff(struct file *file, unsigned long addr,
if (error) if (error)
return error; return error;
error = security_mmap_file(file, reqprot, prot, flags);
if (error)
return error;
return mmap_region(file, addr, len, flags, vm_flags, pgoff); return mmap_region(file, addr, len, flags, vm_flags, pgoff);
} }
...@@ -1130,9 +1125,12 @@ unsigned long vm_mmap(struct file *file, unsigned long addr, ...@@ -1130,9 +1125,12 @@ unsigned long vm_mmap(struct file *file, unsigned long addr,
unsigned long ret; unsigned long ret;
struct mm_struct *mm = current->mm; struct mm_struct *mm = current->mm;
down_write(&mm->mmap_sem); ret = security_mmap_file(file, prot, flag);
ret = do_mmap(file, addr, len, prot, flag, offset); if (!ret) {
up_write(&mm->mmap_sem); down_write(&mm->mmap_sem);
ret = do_mmap(file, addr, len, prot, flag, offset);
up_write(&mm->mmap_sem);
}
return ret; return ret;
} }
EXPORT_SYMBOL(vm_mmap); EXPORT_SYMBOL(vm_mmap);
...@@ -1168,9 +1166,12 @@ SYSCALL_DEFINE6(mmap_pgoff, unsigned long, addr, unsigned long, len, ...@@ -1168,9 +1166,12 @@ SYSCALL_DEFINE6(mmap_pgoff, unsigned long, addr, unsigned long, len,
flags &= ~(MAP_EXECUTABLE | MAP_DENYWRITE); flags &= ~(MAP_EXECUTABLE | MAP_DENYWRITE);
down_write(&current->mm->mmap_sem); retval = security_mmap_file(file, prot, flags);
retval = do_mmap_pgoff(file, addr, len, prot, flags, pgoff); if (!retval) {
up_write(&current->mm->mmap_sem); down_write(&current->mm->mmap_sem);
retval = do_mmap_pgoff(file, addr, len, prot, flags, pgoff);
up_write(&current->mm->mmap_sem);
}
if (file) if (file)
fput(file); fput(file);
......
...@@ -889,7 +889,6 @@ static int validate_mmap_request(struct file *file, ...@@ -889,7 +889,6 @@ static int validate_mmap_request(struct file *file,
unsigned long *_capabilities) unsigned long *_capabilities)
{ {
unsigned long capabilities, rlen; unsigned long capabilities, rlen;
unsigned long reqprot = prot;
int ret; int ret;
/* do the simple checks first */ /* do the simple checks first */
...@@ -1048,9 +1047,6 @@ static int validate_mmap_request(struct file *file, ...@@ -1048,9 +1047,6 @@ static int validate_mmap_request(struct file *file,
/* allow the security API to have its say */ /* allow the security API to have its say */
ret = security_mmap_addr(addr); ret = security_mmap_addr(addr);
if (ret < 0)
return ret;
ret = security_mmap_file(file, reqprot, prot, flags);
if (ret < 0) if (ret < 0)
return ret; return ret;
...@@ -1492,9 +1488,12 @@ unsigned long vm_mmap(struct file *file, unsigned long addr, ...@@ -1492,9 +1488,12 @@ unsigned long vm_mmap(struct file *file, unsigned long addr,
unsigned long ret; unsigned long ret;
struct mm_struct *mm = current->mm; struct mm_struct *mm = current->mm;
down_write(&mm->mmap_sem); ret = security_mmap_file(file, prot, flag);
ret = do_mmap(file, addr, len, prot, flag, offset); if (!ret) {
up_write(&mm->mmap_sem); down_write(&mm->mmap_sem);
ret = do_mmap(file, addr, len, prot, flag, offset);
up_write(&mm->mmap_sem);
}
return ret; return ret;
} }
EXPORT_SYMBOL(vm_mmap); EXPORT_SYMBOL(vm_mmap);
...@@ -1515,9 +1514,12 @@ SYSCALL_DEFINE6(mmap_pgoff, unsigned long, addr, unsigned long, len, ...@@ -1515,9 +1514,12 @@ SYSCALL_DEFINE6(mmap_pgoff, unsigned long, addr, unsigned long, len,
flags &= ~(MAP_EXECUTABLE | MAP_DENYWRITE); flags &= ~(MAP_EXECUTABLE | MAP_DENYWRITE);
down_write(&current->mm->mmap_sem); ret = security_mmap_file(file, prot, flags);
retval = do_mmap_pgoff(file, addr, len, prot, flags, pgoff); if (!ret) {
up_write(&current->mm->mmap_sem); down_write(&current->mm->mmap_sem);
retval = do_mmap_pgoff(file, addr, len, prot, flags, pgoff);
up_write(&current->mm->mmap_sem);
}
if (file) if (file)
fput(file); fput(file);
......
...@@ -20,6 +20,9 @@ ...@@ -20,6 +20,9 @@
#include <linux/ima.h> #include <linux/ima.h>
#include <linux/evm.h> #include <linux/evm.h>
#include <linux/fsnotify.h> #include <linux/fsnotify.h>
#include <linux/mman.h>
#include <linux/mount.h>
#include <linux/personality.h>
#include <net/flow.h> #include <net/flow.h>
#define MAX_LSM_EVM_XATTR 2 #define MAX_LSM_EVM_XATTR 2
...@@ -657,11 +660,35 @@ int security_file_ioctl(struct file *file, unsigned int cmd, unsigned long arg) ...@@ -657,11 +660,35 @@ int security_file_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
return security_ops->file_ioctl(file, cmd, arg); return security_ops->file_ioctl(file, cmd, arg);
} }
int security_mmap_file(struct file *file, unsigned long reqprot, int security_mmap_file(struct file *file, unsigned long prot,
unsigned long prot, unsigned long flags) unsigned long flags)
{ {
unsigned long reqprot = prot;
int ret; int ret;
/*
* Does the application expect PROT_READ to imply PROT_EXEC?
*
* (the exception is when the underlying filesystem is noexec
* mounted, in which case we dont add PROT_EXEC.)
*/
if (!(reqprot & PROT_READ))
goto out;
if (!(current->personality & READ_IMPLIES_EXEC))
goto out;
if (!file) {
prot |= PROT_EXEC;
} else if (!(file->f_path.mnt->mnt_flags & MNT_NOEXEC)) {
#ifndef CONFIG_MMU
unsigned long caps = 0;
struct address_space *mapping = file->f_mapping;
if (mapping && mapping->backing_dev_info)
caps = mapping->backing_dev_info->capabilities;
if (!(caps & BDI_CAP_EXEC_MAP))
goto out;
#endif
prot |= PROT_EXEC;
}
out:
ret = security_ops->mmap_file(file, reqprot, prot, flags); ret = security_ops->mmap_file(file, reqprot, prot, flags);
if (ret) if (ret)
return ret; return ret;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment