LCOV - code coverage report
Current view: top level - security - min_addr.c (source / functions) Hit Total Coverage
Test: combined.info Lines: 6 12 50.0 %
Date: 2022-04-01 14:58:12 Functions: 1 2 50.0 %
Branches: 1 8 12.5 %

           Branch data     Line data    Source code
       1                 :            : // SPDX-License-Identifier: GPL-2.0
       2                 :            : #include <linux/init.h>
       3                 :            : #include <linux/mm.h>
       4                 :            : #include <linux/security.h>
       5                 :            : #include <linux/sysctl.h>
       6                 :            : 
       7                 :            : /* amount of vm to protect from userspace access by both DAC and the LSM*/
       8                 :            : unsigned long mmap_min_addr;
       9                 :            : /* amount of vm to protect from userspace using CAP_SYS_RAWIO (DAC) */
      10                 :            : unsigned long dac_mmap_min_addr = CONFIG_DEFAULT_MMAP_MIN_ADDR;
      11                 :            : /* amount of vm to protect from userspace using the LSM = CONFIG_LSM_MMAP_MIN_ADDR */
      12                 :            : 
      13                 :            : /*
      14                 :            :  * Update mmap_min_addr = max(dac_mmap_min_addr, CONFIG_LSM_MMAP_MIN_ADDR)
      15                 :            :  */
      16                 :          3 : static void update_mmap_min_addr(void)
      17                 :            : {
      18                 :            : #ifdef CONFIG_LSM_MMAP_MIN_ADDR
      19                 :          3 :         if (dac_mmap_min_addr > CONFIG_LSM_MMAP_MIN_ADDR)
      20                 :          0 :                 mmap_min_addr = dac_mmap_min_addr;
      21                 :            :         else
      22                 :          3 :                 mmap_min_addr = CONFIG_LSM_MMAP_MIN_ADDR;
      23                 :            : #else
      24                 :            :         mmap_min_addr = dac_mmap_min_addr;
      25                 :            : #endif
      26                 :            : }
      27                 :            : 
      28                 :            : /*
      29                 :            :  * sysctl handler which just sets dac_mmap_min_addr = the new value and then
      30                 :            :  * calls update_mmap_min_addr() so non MAP_FIXED hints get rounded properly
      31                 :            :  */
      32                 :          0 : int mmap_min_addr_handler(struct ctl_table *table, int write,
      33                 :            :                           void __user *buffer, size_t *lenp, loff_t *ppos)
      34                 :            : {
      35                 :          0 :         int ret;
      36                 :            : 
      37   [ #  #  #  # ]:          0 :         if (write && !capable(CAP_SYS_RAWIO))
      38                 :            :                 return -EPERM;
      39                 :            : 
      40                 :          0 :         ret = proc_doulongvec_minmax(table, write, buffer, lenp, ppos);
      41                 :            : 
      42         [ #  # ]:          0 :         update_mmap_min_addr();
      43                 :            : 
      44                 :            :         return ret;
      45                 :            : }
      46                 :            : 
      47                 :          3 : static int __init init_mmap_min_addr(void)
      48                 :            : {
      49         [ -  + ]:          3 :         update_mmap_min_addr();
      50                 :            : 
      51                 :          3 :         return 0;
      52                 :            : }
      53                 :            : pure_initcall(init_mmap_min_addr);

Generated by: LCOV version 1.14