aboutsummaryrefslogtreecommitdiffstats
path: root/include/linux/security.h
diff options
context:
space:
mode:
authorAlan Cox <alan@lxorguk.ukuu.org.uk>2007-08-22 14:01:28 -0700
committerLinus Torvalds <torvalds@woody.linux-foundation.org>2007-08-22 19:52:45 -0700
commit34b4e4aa3c470ce8fa2bd78abb1741b4b58baad7 (patch)
tree91d620288f1aaf63c12dc84ca1015465818601f2 /include/linux/security.h
parentafe1ab4d577892822de2c8e803fbfaed6ec44ba3 (diff)
downloadkernel_samsung_aries-34b4e4aa3c470ce8fa2bd78abb1741b4b58baad7.zip
kernel_samsung_aries-34b4e4aa3c470ce8fa2bd78abb1741b4b58baad7.tar.gz
kernel_samsung_aries-34b4e4aa3c470ce8fa2bd78abb1741b4b58baad7.tar.bz2
fix NULL pointer dereference in __vm_enough_memory()
The new exec code inserts an accounted vma into an mm struct which is not current->mm. The existing memory check code has a hard coded assumption that this does not happen as does the security code. As the correct mm is known we pass the mm to the security method and the helper function. A new security test is added for the case where we need to pass the mm and the existing one is modified to pass current->mm to avoid the need to change large amounts of code. (Thanks to Tobias for fixing rejects and testing) Signed-off-by: Alan Cox <alan@redhat.com> Cc: WU Fengguang <wfg@mail.ustc.edu.cn> Cc: James Morris <jmorris@redhat.com> Cc: Tobias Diedrich <ranma+kernel@tdiedrich.de> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'include/linux/security.h')
-rw-r--r--include/linux/security.h20
1 files changed, 15 insertions, 5 deletions
diff --git a/include/linux/security.h b/include/linux/security.h
index c11dc8a..1a15526 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -54,7 +54,7 @@ extern int cap_inode_removexattr(struct dentry *dentry, char *name);
extern int cap_task_post_setuid (uid_t old_ruid, uid_t old_euid, uid_t old_suid, int flags);
extern void cap_task_reparent_to_init (struct task_struct *p);
extern int cap_syslog (int type);
-extern int cap_vm_enough_memory (long pages);
+extern int cap_vm_enough_memory (struct mm_struct *mm, long pages);
struct msghdr;
struct sk_buff;
@@ -1125,6 +1125,7 @@ struct request_sock;
* Return 0 if permission is granted.
* @vm_enough_memory:
* Check permissions for allocating a new virtual mapping.
+ * @mm contains the mm struct it is being added to.
* @pages contains the number of pages.
* Return 0 if permission is granted.
*
@@ -1169,7 +1170,7 @@ struct security_operations {
int (*quota_on) (struct dentry * dentry);
int (*syslog) (int type);
int (*settime) (struct timespec *ts, struct timezone *tz);
- int (*vm_enough_memory) (long pages);
+ int (*vm_enough_memory) (struct mm_struct *mm, long pages);
int (*bprm_alloc_security) (struct linux_binprm * bprm);
void (*bprm_free_security) (struct linux_binprm * bprm);
@@ -1469,10 +1470,14 @@ static inline int security_settime(struct timespec *ts, struct timezone *tz)
return security_ops->settime(ts, tz);
}
-
static inline int security_vm_enough_memory(long pages)
{
- return security_ops->vm_enough_memory(pages);
+ return security_ops->vm_enough_memory(current->mm, pages);
+}
+
+static inline int security_vm_enough_memory_mm(struct mm_struct *mm, long pages)
+{
+ return security_ops->vm_enough_memory(mm, pages);
}
static inline int security_bprm_alloc (struct linux_binprm *bprm)
@@ -2219,7 +2224,12 @@ static inline int security_settime(struct timespec *ts, struct timezone *tz)
static inline int security_vm_enough_memory(long pages)
{
- return cap_vm_enough_memory(pages);
+ return cap_vm_enough_memory(current->mm, pages);
+}
+
+static inline int security_vm_enough_memory_mm(struct mm_struct *mm, long pages)
+{
+ return cap_vm_enough_memory(mm, pages);
}
static inline int security_bprm_alloc (struct linux_binprm *bprm)