tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

lsm: preserve /proc/sys/vm/mmap_min_addr when !CONFIG_SECURITY

While reworking the LSM initialization code the
/proc/sys/vm/mmap_min_addr handler was inadvertently caught up in the
change and the procfs entry wasn't setup when CONFIG_SECURITY was not
selected at kernel build time. This patch restores the previous behavior
and ensures that the procfs entry is setup regardless of the
CONFIG_SECURITY state.

Future work will improve upon this, likely by moving the procfs handler
into the mm subsystem, but this patch should resolve the immediate
regression.

Fixes: 4ab5efcc2829 ("lsm: consolidate all of the LSM framework initcalls")
Reported-by: Lorenzo Stoakes <lorenzo.stoakes@oracle.com>
Reviewed-by: Lorenzo Stoakes <lorenzo.stoakes@oracle.com>
Tested-by: Lorenzo Stoakes <lorenzo.stoakes@oracle.com>
Reviewed-by: Kees Cook <kees@kernel.org>
Signed-off-by: Paul Moore <paul@paul-moore.com>

Paul Moore bdde21d3 63804fed

+3 -18
-9
security/lsm.h
··· 37 37 38 38 /* LSM framework initializers */ 39 39 40 - #ifdef CONFIG_MMU 41 - int min_addr_init(void); 42 - #else 43 - static inline int min_addr_init(void) 44 - { 45 - return 0; 46 - } 47 - #endif /* CONFIG_MMU */ 48 - 49 40 #ifdef CONFIG_SECURITYFS 50 41 int securityfs_init(void); 51 42 #else
+1 -6
security/lsm_init.c
··· 489 489 */ 490 490 static int __init security_initcall_pure(void) 491 491 { 492 - int rc_adr, rc_lsm; 493 - 494 - rc_adr = min_addr_init(); 495 - rc_lsm = lsm_initcall(pure); 496 - 497 - return (rc_adr ? rc_adr : rc_lsm); 492 + return lsm_initcall(pure); 498 493 } 499 494 pure_initcall(security_initcall_pure); 500 495
+2 -3
security/min_addr.c
··· 5 5 #include <linux/sysctl.h> 6 6 #include <linux/minmax.h> 7 7 8 - #include "lsm.h" 9 - 10 8 /* amount of vm to protect from userspace access by both DAC and the LSM*/ 11 9 unsigned long mmap_min_addr; 12 10 /* amount of vm to protect from userspace using CAP_SYS_RAWIO (DAC) */ ··· 52 54 }, 53 55 }; 54 56 55 - int __init min_addr_init(void) 57 + static int __init mmap_min_addr_init(void) 56 58 { 57 59 register_sysctl_init("vm", min_addr_sysctl_table); 58 60 update_mmap_min_addr(); 59 61 60 62 return 0; 61 63 } 64 + pure_initcall(mmap_min_addr_init);