gh0s7/mckernel
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

mcexec: upgrade CAP_SYS_RAWIO while do_mmap_pgoff()

Browse Source 
for mmap_min_addr check avoidance
This commit is contained in:
NAKAMURA Gou
2013-08-28 14:49:26 +09:00
parent fe05e1107c
commit 15beb40f17
1 changed files with 19 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
executer/kernel/syscall.c
View File

@@ -8,6 +8,8 @@
#include <linux/anon_inodes.h> #include <linux/anon_inodes.h>
#include <linux/mman.h> #include <linux/mman.h>
#include <linux/file.h> #include <linux/file.h>
#include <linux/cred.h>
#include <linux/capability.h>
#include <asm/uaccess.h> #include <asm/uaccess.h>
#include <asm/delay.h> #include <asm/delay.h>
#include <asm/io.h> #include <asm/io.h>
@@ -315,12 +317,26 @@ int reserve_user_space(struct mcctrl_usrdata *usrdata, unsigned long *startp, un
struct vm_area_struct *vma; struct vm_area_struct *vma;
unsigned long start; unsigned long start;
unsigned long end; unsigned long end;
struct cred *promoted;
const struct cred *original;
file = anon_inode_getfile("[mckernel]", &rus_fops, usrdata, O_RDWR); file = anon_inode_getfile("[mckernel]", &rus_fops, usrdata, O_RDWR);
if (IS_ERR(file)) { if (IS_ERR(file)) {
return PTR_ERR(file); return PTR_ERR(file);
} }
promoted = prepare_creds();
if (!promoted) {
printk("mcctrl:user space reservation failed. ENOMEM\n");
fput(file);
return -ENOMEM;
}
/*
* CAP_SYS_RAWIO for mmap_min_addr check avoidance
*/
cap_raise(promoted->cap_effective, CAP_SYS_RAWIO);
original = override_creds(promoted);
#define DESIRED_USER_END 0x800000000000 #define DESIRED_USER_END 0x800000000000
#define GAP_FOR_MCEXEC 0x008000000000UL #define GAP_FOR_MCEXEC 0x008000000000UL
end = DESIRED_USER_END; end = DESIRED_USER_END;
@@ -332,6 +348,9 @@ int reserve_user_space(struct mcctrl_usrdata *usrdata, unsigned long *startp, un
start = do_mmap_pgoff(file, 0, end, start = do_mmap_pgoff(file, 0, end,
PROT_READ|PROT_WRITE, MAP_FIXED|MAP_SHARED, 0); PROT_READ|PROT_WRITE, MAP_FIXED|MAP_SHARED, 0);
up_write(&current->mm->mmap_sem); up_write(&current->mm->mmap_sem);
revert_creds(original);
put_cred(promoted);
fput(file); fput(file);
if (IS_ERR_VALUE(start)) { if (IS_ERR_VALUE(start)) {
printk("mcctrl:user space reservation failed.\n"); printk("mcctrl:user space reservation failed.\n");