LCOV - code coverage report
Current view: top level - security - min_addr.c (source / functions) Hit Total Coverage
Test: coverage.info Lines: 3 7 42.9 %
Date: 2023-08-24 13:40:31 Functions: 1 2 50.0 %

          Line data    Source code
       1             : // SPDX-License-Identifier: GPL-2.0
       2             : #include <linux/init.h>
       3             : #include <linux/mm.h>
       4             : #include <linux/security.h>
       5             : #include <linux/sysctl.h>
       6             : 
       7             : /* amount of vm to protect from userspace access by both DAC and the LSM*/
       8             : unsigned long mmap_min_addr;
       9             : /* amount of vm to protect from userspace using CAP_SYS_RAWIO (DAC) */
      10             : unsigned long dac_mmap_min_addr = CONFIG_DEFAULT_MMAP_MIN_ADDR;
      11             : /* amount of vm to protect from userspace using the LSM = CONFIG_LSM_MMAP_MIN_ADDR */
      12             : 
      13             : /*
      14             :  * Update mmap_min_addr = max(dac_mmap_min_addr, CONFIG_LSM_MMAP_MIN_ADDR)
      15             :  */
      16             : static void update_mmap_min_addr(void)
      17             : {
      18             : #ifdef CONFIG_LSM_MMAP_MIN_ADDR
      19             :         if (dac_mmap_min_addr > CONFIG_LSM_MMAP_MIN_ADDR)
      20             :                 mmap_min_addr = dac_mmap_min_addr;
      21             :         else
      22             :                 mmap_min_addr = CONFIG_LSM_MMAP_MIN_ADDR;
      23             : #else
      24           1 :         mmap_min_addr = dac_mmap_min_addr;
      25             : #endif
      26             : }
      27             : 
      28             : /*
      29             :  * sysctl handler which just sets dac_mmap_min_addr = the new value and then
      30             :  * calls update_mmap_min_addr() so non MAP_FIXED hints get rounded properly
      31             :  */
      32           0 : int mmap_min_addr_handler(struct ctl_table *table, int write,
      33             :                           void *buffer, size_t *lenp, loff_t *ppos)
      34             : {
      35             :         int ret;
      36             : 
      37           0 :         if (write && !capable(CAP_SYS_RAWIO))
      38             :                 return -EPERM;
      39             : 
      40           0 :         ret = proc_doulongvec_minmax(table, write, buffer, lenp, ppos);
      41             : 
      42             :         update_mmap_min_addr();
      43             : 
      44           0 :         return ret;
      45             : }
      46             : 
      47           1 : static int __init init_mmap_min_addr(void)
      48             : {
      49             :         update_mmap_min_addr();
      50             : 
      51           1 :         return 0;
      52             : }
      53             : pure_initcall(init_mmap_min_addr);

Generated by: LCOV version 1.14