releases/2.6.32.3/nommu-optimise-away-the-dac_-mmap_min_addr-tests.patch

   1 From 6e1415467614e854fee660ff6648bd10fa976e95 Mon Sep 17 00:00:00 2001
   2 From: David Howells <dhowells@redhat.com>
   3 Date: Tue, 15 Dec 2009 19:27:45 +0000
   4 Subject: NOMMU: Optimise away the {dac_,}mmap_min_addr tests
   5
   6 From: David Howells <dhowells@redhat.com>
   7
   8 commit 6e1415467614e854fee660ff6648bd10fa976e95 upstream.
   9
  10 In NOMMU mode clamp dac_mmap_min_addr to zero to cause the tests on it to be
  11 skipped by the compiler.  We do this as the minimum mmap address doesn't make
  12 any sense in NOMMU mode.
  13
  14 mmap_min_addr and round_hint_to_min() can be discarded entirely in NOMMU mode.
  15
  16 Signed-off-by: David Howells <dhowells@redhat.com>
  17 Acked-by: Eric Paris <eparis@redhat.com>
  18 Signed-off-by: James Morris <jmorris@namei.org>
  19 Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  20
  21 ---
  22  include/linux/security.h |    7 +++++++
  23  kernel/sysctl.c          |    2 ++
  24  mm/Kconfig               |    1 +
  25  security/Makefile        |    3 ++-
  26  4 files changed, 12 insertions(+), 1 deletion(-)
  27
  28 --- a/include/linux/security.h
  29 +++ b/include/linux/security.h
  30 @@ -95,8 +95,13 @@ struct seq_file;
  31  extern int cap_netlink_send(struct sock *sk, struct sk_buff *skb);
  32  extern int cap_netlink_recv(struct sk_buff *skb, int cap);
  33
  34 +#ifdef CONFIG_MMU
  35  extern unsigned long mmap_min_addr;
  36  extern unsigned long dac_mmap_min_addr;
  37 +#else
  38 +#define dac_mmap_min_addr      0UL
  39 +#endif
  40 +
  41  /*
  42   * Values used in the task_security_ops calls
  43   */
  44 @@ -121,6 +126,7 @@ struct request_sock;
  45  #define LSM_UNSAFE_PTRACE      2
  46  #define LSM_UNSAFE_PTRACE_CAP  4
  47
  48 +#ifdef CONFIG_MMU
  49  /*
  50   * If a hint addr is less than mmap_min_addr change hint to be as
  51   * low as possible but still greater than mmap_min_addr
  52 @@ -135,6 +141,7 @@ static inline unsigned long round_hint_t
  53  }
  54  extern int mmap_min_addr_handler(struct ctl_table *table, int write,
  55                                  void __user *buffer, size_t *lenp, loff_t *ppos);
  56 +#endif
  57
  58  #ifdef CONFIG_SECURITY
  59
  60 --- a/kernel/sysctl.c
  61 +++ b/kernel/sysctl.c
  62 @@ -1200,6 +1200,7 @@ static struct ctl_table vm_table[] = {
  63                 .extra2         = (void *)&hugetlb_infinity,
  64         },
  65  #endif
  66 +#ifdef CONFIG_MMU
  67         {
  68                 .ctl_name       = VM_LOWMEM_RESERVE_RATIO,
  69                 .procname       = "lowmem_reserve_ratio",
  70 @@ -1353,6 +1354,7 @@ static struct ctl_table vm_table[] = {
  71                 .mode           = 0644,
  72                 .proc_handler   = &mmap_min_addr_handler,
  73         },
  74 +#endif
  75  #ifdef CONFIG_NUMA
  76         {
  77                 .ctl_name       = CTL_UNNUMBERED,
  78 --- a/mm/Kconfig
  79 +++ b/mm/Kconfig
  80 @@ -227,6 +227,7 @@ config KSM
  81
  82  config DEFAULT_MMAP_MIN_ADDR
  83          int "Low address space to protect from user allocation"
  84 +       depends on MMU
  85          default 4096
  86          help
  87           This is the portion of low virtual memory which should be protected
  88 --- a/security/Makefile
  89 +++ b/security/Makefile
  90 @@ -8,7 +8,8 @@ subdir-$(CONFIG_SECURITY_SMACK)         += smac
  91  subdir-$(CONFIG_SECURITY_TOMOYO)        += tomoyo
  92
  93  # always enable default capabilities
  94 -obj-y          += commoncap.o min_addr.o
  95 +obj-y                                  += commoncap.o
  96 +obj-$(CONFIG_MMU)                      += min_addr.o
  97
  98  # Object file lists
  99  obj-$(CONFIG_SECURITY)                 += security.o capability.o