| View previous topic :: View next topic |
| Author |
Message |
Bones McCracker
Veteran
Joined: 14 Mar 2006
Posts: 1611
Location: U.S.A.
|
 Posted: Thu Jul 23, 2009 4:28 pm Post subject: 2.6.30-r4: DEFAULT_MMAP_MIN_ADDR [Solved] |
 |
|
This is what was generated as a default value when I ran 'make oldconfig' to prepare to build gentoo-sources-2.6.30-r4 on an x86 (Pentium 4 with only 768 MiB RAM).
CONFIG_DEFAULT_MMAP_MIN_ADDR=4096
However, the help text for this kernel configuration variable reads as follows, apparently suggesting a value of 65536. So I'm wondering if the default is fixed number or generated based on this machine's resources, and I'm wondering what people think this should be set to.
| Code: |
CONFIG_DEFAULT_MMAP_MIN_ADDR:
This is the portion of low virtual memory which should be protected
from userspace allocation. Keeping a user from writing to low pages
can help reduce the impact of kernel NULL pointer bugs.
For most ia64, ppc64 and x86 users with lots of address space
a value of 65536 is reasonable and should cause no problems.
On arm and other archs it should not be higher than 32768.
Programs which use vm86 functionality would either need additional
permissions from either the LSM or the capabilities module or have
this protection disabled.
This value can be changed after boot using the
/proc/sys/vm/mmap_min_addr tunable.
Symbol: DEFAULT_MMAP_MIN_ADDR [=4096]
Prompt: Low address space to protect from user allocation
Defined at mm/Kconfig:229
Location:
-> Processor type and features |
I assume this has to do with the null pointer exploit was talked about recently.
_________________
| patrix_neo wrote: | The human thought: I cannot win.
The ratbrain in me : I can only go forward and that's it. |
Last edited by Bones McCracker on Fri Jul 31, 2009 2:41 am; edited 1 time in total |
|
| Back to top |
|
 |
chris.c.hogan
Apprentice
Joined: 02 Oct 2005
Posts: 189
|
| Posted: Thu Jul 30, 2009 2:37 am Post subject: |
|
|
I had this question myself and did some Googling... It's how I found your message.
Reading http://lkml.indiana.edu/hypermail/linux/kernel/0806.2/2733.html, it looks like most distributions are setting this to 64k. However, that seems to be causing problems for Wine and DOSEmu. Several bug reports are suggesting setting it to 0. However, that removes the protections that MMAP_MIN_ADDR provides. Setting it to PAGE_SIZE (4k in my case) allows the emulators to run while still providing some protections against null pointer exploits. As pointed out in the link, "there's a few things in the kernel that are bigger than 4K (or rather, lead to pointers beyond 4K)"
My interpretation of the above is to set it to 64k and see if you have any problems. It looks like LSM, SELinux and CAP might support per application control. /proc/sys/vm/mmap_min_addr is also available.
As a side, shouldn't this be in Kernel & Hardware? |
|
| Back to top |
|
|
Bones McCracker
Veteran
Joined: 14 Mar 2006
Posts: 1611
Location: U.S.A.
|
| Posted: Thu Jul 30, 2009 3:45 am Post subject: |
|
|
Thank you.
Yes it should be. |
|
| Back to top |
|
|
desultory
Bodhisattva
Joined: 04 Nov 2005
Posts: 9410
|
| Posted: Fri Jul 31, 2009 2:51 am Post subject: |
|
|
| Moved from Off the Wall to Kernel & Hardware, at BoneKracker's request. |
|
| Back to top |
|
|
|
Kernel & Hardware
