lsm: preserve /proc/sys/vm/mmap_min_addr when !CONFIG_SECURITY

pcmoore · pcmoore · commit bdde21d3e77d · 2026-01-29T13:56:53.000-05:00
While reworking the LSM initialization code the /proc/sys/vm/mmap_min_addr handler was inadvertently caught up in the change and the procfs entry wasn't setup when CONFIG_SECURITY was not selected at kernel build time. This patch restores the previous behavior and ensures that the procfs entry is setup regardless of the CONFIG_SECURITY state. Future work will improve upon this, likely by moving the procfs handler into the mm subsystem, but this patch should resolve the immediate regression. Fixes: 4ab5efc ("lsm: consolidate all of the LSM framework initcalls") Reported-by: Lorenzo Stoakes <lorenzo.stoakes@oracle.com> Reviewed-by: Lorenzo Stoakes <lorenzo.stoakes@oracle.com> Tested-by: Lorenzo Stoakes <lorenzo.stoakes@oracle.com> Reviewed-by: Kees Cook <kees@kernel.org> Signed-off-by: Paul Moore <paul@paul-moore.com>
diff --git a/security/lsm.h b/security/lsm.h
@@ -37,15 +37,6 @@ int lsm_task_alloc(struct task_struct *task);
 
 /* LSM framework initializers */
 
-#ifdef CONFIG_MMU
-int min_addr_init(void);
-#else
-static inline int min_addr_init(void)
-{
-	return 0;
-}
-#endif /* CONFIG_MMU */
-
 #ifdef CONFIG_SECURITYFS
 int securityfs_init(void);
 #else
diff --git a/security/lsm_init.c b/security/lsm_init.c
@@ -489,12 +489,7 @@ int __init security_init(void)
  */
 static int __init security_initcall_pure(void)
 {
-	int rc_adr, rc_lsm;
-
-	rc_adr = min_addr_init();
-	rc_lsm = lsm_initcall(pure);
-
-	return (rc_adr ? rc_adr : rc_lsm);
+	return lsm_initcall(pure);
 }
 pure_initcall(security_initcall_pure);
 
diff --git a/security/min_addr.c b/security/min_addr.c
@@ -5,8 +5,6 @@
 #include <linux/sysctl.h>
 #include <linux/minmax.h>
 
-#include "lsm.h"
-
 /* amount of vm to protect from userspace access by both DAC and the LSM*/
 unsigned long mmap_min_addr;
 /* amount of vm to protect from userspace using CAP_SYS_RAWIO (DAC) */
@@ -54,10 +52,11 @@ static const struct ctl_table min_addr_sysctl_table[] = {
 	},
 };
 
-int __init min_addr_init(void)
+static int __init mmap_min_addr_init(void)
 {
 	register_sysctl_init("vm", min_addr_sysctl_table);
 	update_mmap_min_addr();
 
 	return 0;
 }
+pure_initcall(mmap_min_addr_init);

Original file line number	Diff line number	Diff line change
`@@ -489,12 +489,7 @@ int __init security_init(void)`
`489`	`489`	`*/`
`490`	`490`	`static int __init security_initcall_pure(void)`
`491`	`491`	`{`
`492`		`- int rc_adr, rc_lsm;`
`493`		`-`
`494`		`- rc_adr = min_addr_init();`
`495`		`- rc_lsm = lsm_initcall(pure);`
`496`		`-`
`497`		`- return (rc_adr ? rc_adr : rc_lsm);`
	`492`	`+ return lsm_initcall(pure);`
`498`	`493`	`}`
`499`	`494`	`pure_initcall(security_initcall_pure);`
`500`	`495`