Skip to content

Commit

Permalink
NOMMU: Optimise away the {dac_,}mmap_min_addr tests
Browse files Browse the repository at this point in the history
In NOMMU mode clamp dac_mmap_min_addr to zero to cause the tests on it to be
skipped by the compiler.  We do this as the minimum mmap address doesn't make
any sense in NOMMU mode.

mmap_min_addr and round_hint_to_min() can be discarded entirely in NOMMU mode.

Signed-off-by: David Howells <[email protected]>
Acked-by: Eric Paris <[email protected]>
Signed-off-by: James Morris <[email protected]>
  • Loading branch information
dhowells authored and James Morris committed Dec 16, 2009
1 parent dd880fb commit 6e14154
Show file tree
Hide file tree
Showing 4 changed files with 12 additions and 1 deletion.
7 changes: 7 additions & 0 deletions include/linux/security.h
Original file line number Diff line number Diff line change
Expand Up @@ -95,8 +95,13 @@ struct seq_file;
extern int cap_netlink_send(struct sock *sk, struct sk_buff *skb);
extern int cap_netlink_recv(struct sk_buff *skb, int cap);

#ifdef CONFIG_MMU
extern unsigned long mmap_min_addr;
extern unsigned long dac_mmap_min_addr;
#else
#define dac_mmap_min_addr 0UL
#endif

/*
* Values used in the task_security_ops calls
*/
Expand All @@ -121,6 +126,7 @@ struct request_sock;
#define LSM_UNSAFE_PTRACE 2
#define LSM_UNSAFE_PTRACE_CAP 4

#ifdef CONFIG_MMU
/*
* If a hint addr is less than mmap_min_addr change hint to be as
* low as possible but still greater than mmap_min_addr
Expand All @@ -135,6 +141,7 @@ static inline unsigned long round_hint_to_min(unsigned long hint)
}
extern int mmap_min_addr_handler(struct ctl_table *table, int write,
void __user *buffer, size_t *lenp, loff_t *ppos);
#endif

#ifdef CONFIG_SECURITY

Expand Down
2 changes: 2 additions & 0 deletions kernel/sysctl.c
Original file line number Diff line number Diff line change
Expand Up @@ -1214,13 +1214,15 @@ static struct ctl_table vm_table[] = {
.proc_handler = proc_dointvec_jiffies,
},
#endif
#ifdef CONFIG_MMU
{
.procname = "mmap_min_addr",
.data = &dac_mmap_min_addr,
.maxlen = sizeof(unsigned long),
.mode = 0644,
.proc_handler = mmap_min_addr_handler,
},
#endif
#ifdef CONFIG_NUMA
{
.procname = "numa_zonelist_order",
Expand Down
1 change: 1 addition & 0 deletions mm/Kconfig
Original file line number Diff line number Diff line change
Expand Up @@ -221,6 +221,7 @@ config KSM

config DEFAULT_MMAP_MIN_ADDR
int "Low address space to protect from user allocation"
depends on MMU
default 4096
help
This is the portion of low virtual memory which should be protected
Expand Down
3 changes: 2 additions & 1 deletion security/Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,8 @@ subdir-$(CONFIG_SECURITY_SMACK) += smack
subdir-$(CONFIG_SECURITY_TOMOYO) += tomoyo

# always enable default capabilities
obj-y += commoncap.o min_addr.o
obj-y += commoncap.o
obj-$(CONFIG_MMU) += min_addr.o

# Object file lists
obj-$(CONFIG_SECURITY) += security.o capability.o
Expand Down

0 comments on commit 6e14154

Please sign in to comment.