From 47bdd890c209568d11f258169126b6230c861d7c Mon Sep 17 00:00:00 2001 From: Alan Cox Date: Wed, 22 Aug 2007 14:01:28 -0700 Subject: [PATCH] --- yaml --- r: 64235 b: refs/heads/master c: 34b4e4aa3c470ce8fa2bd78abb1741b4b58baad7 h: refs/heads/master i: 64233: 5bccf15da03c55ffe337e4e478ce0d06666c1fa8 64231: 40d30e6d3e99f7265400bb034ea61cd34193a596 v: v3 --- [refs] | 2 +- trunk/include/linux/mm.h | 2 +- trunk/include/linux/security.h | 20 +++++++++++++++----- trunk/mm/mmap.c | 6 +++--- trunk/mm/nommu.c | 2 +- trunk/security/commoncap.c | 4 ++-- trunk/security/dummy.c | 4 ++-- trunk/security/selinux/hooks.c | 4 ++-- 8 files changed, 27 insertions(+), 17 deletions(-) diff --git a/[refs] b/[refs] index ac2e8e0434f3..30d104a7e3c9 100644 --- a/[refs] +++ b/[refs] @@ -1,2 +1,2 @@ --- -refs/heads/master: afe1ab4d577892822de2c8e803fbfaed6ec44ba3 +refs/heads/master: 34b4e4aa3c470ce8fa2bd78abb1741b4b58baad7 diff --git a/trunk/include/linux/mm.h b/trunk/include/linux/mm.h index 655094dc9440..1692dd6cb915 100644 --- a/trunk/include/linux/mm.h +++ b/trunk/include/linux/mm.h @@ -1042,7 +1042,7 @@ static inline void vma_nonlinear_insert(struct vm_area_struct *vma, } /* mmap.c */ -extern int __vm_enough_memory(long pages, int cap_sys_admin); +extern int __vm_enough_memory(struct mm_struct *mm, long pages, int cap_sys_admin); extern void vma_adjust(struct vm_area_struct *vma, unsigned long start, unsigned long end, pgoff_t pgoff, struct vm_area_struct *insert); extern struct vm_area_struct *vma_merge(struct mm_struct *, diff --git a/trunk/include/linux/security.h b/trunk/include/linux/security.h index c11dc8aa0351..1a15526e9f67 100644 --- a/trunk/include/linux/security.h +++ b/trunk/include/linux/security.h @@ -54,7 +54,7 @@ extern int cap_inode_removexattr(struct dentry *dentry, char *name); extern int cap_task_post_setuid (uid_t old_ruid, uid_t old_euid, uid_t old_suid, int flags); extern void cap_task_reparent_to_init (struct task_struct *p); extern int cap_syslog (int type); -extern int cap_vm_enough_memory (long pages); +extern int cap_vm_enough_memory (struct mm_struct *mm, long pages); struct msghdr; struct sk_buff; @@ -1125,6 +1125,7 @@ struct request_sock; * Return 0 if permission is granted. * @vm_enough_memory: * Check permissions for allocating a new virtual mapping. + * @mm contains the mm struct it is being added to. * @pages contains the number of pages. * Return 0 if permission is granted. * @@ -1169,7 +1170,7 @@ struct security_operations { int (*quota_on) (struct dentry * dentry); int (*syslog) (int type); int (*settime) (struct timespec *ts, struct timezone *tz); - int (*vm_enough_memory) (long pages); + int (*vm_enough_memory) (struct mm_struct *mm, long pages); int (*bprm_alloc_security) (struct linux_binprm * bprm); void (*bprm_free_security) (struct linux_binprm * bprm); @@ -1469,10 +1470,14 @@ static inline int security_settime(struct timespec *ts, struct timezone *tz) return security_ops->settime(ts, tz); } - static inline int security_vm_enough_memory(long pages) { - return security_ops->vm_enough_memory(pages); + return security_ops->vm_enough_memory(current->mm, pages); +} + +static inline int security_vm_enough_memory_mm(struct mm_struct *mm, long pages) +{ + return security_ops->vm_enough_memory(mm, pages); } static inline int security_bprm_alloc (struct linux_binprm *bprm) @@ -2219,7 +2224,12 @@ static inline int security_settime(struct timespec *ts, struct timezone *tz) static inline int security_vm_enough_memory(long pages) { - return cap_vm_enough_memory(pages); + return cap_vm_enough_memory(current->mm, pages); +} + +static inline int security_vm_enough_memory_mm(struct mm_struct *mm, long pages) +{ + return cap_vm_enough_memory(mm, pages); } static inline int security_bprm_alloc (struct linux_binprm *bprm) diff --git a/trunk/mm/mmap.c b/trunk/mm/mmap.c index b6537211b9cc..0d40e66c841b 100644 --- a/trunk/mm/mmap.c +++ b/trunk/mm/mmap.c @@ -93,7 +93,7 @@ atomic_t vm_committed_space = ATOMIC_INIT(0); * Note this is a helper function intended to be used by LSMs which * wish to use this logic. */ -int __vm_enough_memory(long pages, int cap_sys_admin) +int __vm_enough_memory(struct mm_struct *mm, long pages, int cap_sys_admin) { unsigned long free, allowed; @@ -166,7 +166,7 @@ int __vm_enough_memory(long pages, int cap_sys_admin) /* Don't let a single process grow too big: leave 3% of the size of this process for other processes */ - allowed -= current->mm->total_vm / 32; + allowed -= mm->total_vm / 32; /* * cast `allowed' as a signed long because vm_committed_space @@ -2077,7 +2077,7 @@ int insert_vm_struct(struct mm_struct * mm, struct vm_area_struct * vma) if (__vma && __vma->vm_start < vma->vm_end) return -ENOMEM; if ((vma->vm_flags & VM_ACCOUNT) && - security_vm_enough_memory(vma_pages(vma))) + security_vm_enough_memory_mm(mm, vma_pages(vma))) return -ENOMEM; vma_link(mm, vma, prev, rb_link, rb_parent); return 0; diff --git a/trunk/mm/nommu.c b/trunk/mm/nommu.c index 9eef6a398555..8ed0cb43118a 100644 --- a/trunk/mm/nommu.c +++ b/trunk/mm/nommu.c @@ -1270,7 +1270,7 @@ EXPORT_SYMBOL(get_unmapped_area); * Note this is a helper function intended to be used by LSMs which * wish to use this logic. */ -int __vm_enough_memory(long pages, int cap_sys_admin) +int __vm_enough_memory(struct mm_struct *mm, long pages, int cap_sys_admin) { unsigned long free, allowed; diff --git a/trunk/security/commoncap.c b/trunk/security/commoncap.c index 338606eb7238..7520361663e8 100644 --- a/trunk/security/commoncap.c +++ b/trunk/security/commoncap.c @@ -315,13 +315,13 @@ int cap_syslog (int type) return 0; } -int cap_vm_enough_memory(long pages) +int cap_vm_enough_memory(struct mm_struct *mm, long pages) { int cap_sys_admin = 0; if (cap_capable(current, CAP_SYS_ADMIN) == 0) cap_sys_admin = 1; - return __vm_enough_memory(pages, cap_sys_admin); + return __vm_enough_memory(mm, pages, cap_sys_admin); } EXPORT_SYMBOL(cap_capable); diff --git a/trunk/security/dummy.c b/trunk/security/dummy.c index 19d813d5e083..853ec2292798 100644 --- a/trunk/security/dummy.c +++ b/trunk/security/dummy.c @@ -108,13 +108,13 @@ static int dummy_settime(struct timespec *ts, struct timezone *tz) return 0; } -static int dummy_vm_enough_memory(long pages) +static int dummy_vm_enough_memory(struct mm_struct *mm, long pages) { int cap_sys_admin = 0; if (dummy_capable(current, CAP_SYS_ADMIN) == 0) cap_sys_admin = 1; - return __vm_enough_memory(pages, cap_sys_admin); + return __vm_enough_memory(mm, pages, cap_sys_admin); } static int dummy_bprm_alloc_security (struct linux_binprm *bprm) diff --git a/trunk/security/selinux/hooks.c b/trunk/security/selinux/hooks.c index 6237933f7d82..d8bc4172819c 100644 --- a/trunk/security/selinux/hooks.c +++ b/trunk/security/selinux/hooks.c @@ -1584,7 +1584,7 @@ static int selinux_syslog(int type) * Do not audit the selinux permission check, as this is applied to all * processes that allocate mappings. */ -static int selinux_vm_enough_memory(long pages) +static int selinux_vm_enough_memory(struct mm_struct *mm, long pages) { int rc, cap_sys_admin = 0; struct task_security_struct *tsec = current->security; @@ -1600,7 +1600,7 @@ static int selinux_vm_enough_memory(long pages) if (rc == 0) cap_sys_admin = 1; - return __vm_enough_memory(pages, cap_sys_admin); + return __vm_enough_memory(mm, pages, cap_sys_admin); } /* binprm security operations */