While reworking the LSM initialization code the
/proc/sys/vm/mmap_min_addr handler was inadvertently caught up in the
change and the procfs entry wasn't setup when CONFIG_SECURITY was not
selected at kernel build time. This patch restores the previous behavior
and ensures that the procfs entry is setup regardless of the
CONFIG_SECURITY state.
Future work will improve upon this, likely by moving the procfs handler
into the mm subsystem, but this patch should resolve the immediate
regression.
Fixes: 4ab5efcc2829 ("lsm: consolidate all of the LSM framework initcalls")
Reported-by: Lorenzo Stoakes <lorenzo.stoakes@oracle.com>
Reviewed-by: Lorenzo Stoakes <lorenzo.stoakes@oracle.com>
Tested-by: Lorenzo Stoakes <lorenzo.stoakes@oracle.com>
Reviewed-by: Kees Cook <kees@kernel.org>
Signed-off-by: Paul Moore <paul@paul-moore.com>
/* LSM framework initializers */
-#ifdef CONFIG_MMU
-int min_addr_init(void);
-#else
-static inline int min_addr_init(void)
-{
- return 0;
-}
-#endif /* CONFIG_MMU */
-
#ifdef CONFIG_SECURITYFS
int securityfs_init(void);
#else
*/
static int __init security_initcall_pure(void)
{
- int rc_adr, rc_lsm;
-
- rc_adr = min_addr_init();
- rc_lsm = lsm_initcall(pure);
-
- return (rc_adr ? rc_adr : rc_lsm);
+ return lsm_initcall(pure);
}
pure_initcall(security_initcall_pure);
#include <linux/sysctl.h>
#include <linux/minmax.h>
-#include "lsm.h"
-
/* amount of vm to protect from userspace access by both DAC and the LSM*/
unsigned long mmap_min_addr;
/* amount of vm to protect from userspace using CAP_SYS_RAWIO (DAC) */
},
};
-int __init min_addr_init(void)
+static int __init mmap_min_addr_init(void)
{
register_sysctl_init("vm", min_addr_sysctl_table);
update_mmap_min_addr();
return 0;
}
+pure_initcall(mmap_min_addr_init);
projects / thirdparty / linux.git / commitdiff
