From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 811A2C52D71
	for <linux-mm@archiver.kernel.org>; Thu,  8 Aug 2024 18:54:39 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 201DA6B0089; Thu,  8 Aug 2024 14:54:39 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 1B1FA6B009A; Thu,  8 Aug 2024 14:54:39 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 079F16B009C; Thu,  8 Aug 2024 14:54:39 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13])
	by kanga.kvack.org (Postfix) with ESMTP id DC56E6B0089
	for <linux-mm@kvack.org>; Thu,  8 Aug 2024 14:54:38 -0400 (EDT)
Received: from smtpin30.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay04.hostedemail.com (Postfix) with ESMTP id 8B9551A16DD
	for <linux-mm@kvack.org>; Thu,  8 Aug 2024 18:54:38 +0000 (UTC)
X-FDA: 82429979436.30.79990F2
Received: from mail-pg1-f171.google.com (mail-pg1-f171.google.com [209.85.215.171])
	by imf13.hostedemail.com (Postfix) with ESMTP id CBB812000F
	for <linux-mm@kvack.org>; Thu,  8 Aug 2024 18:54:35 +0000 (UTC)
Authentication-Results: imf13.hostedemail.com;
	dkim=pass header.d=gmail.com header.s=20230601 header.b="K6ns4/P9";
	spf=pass (imf13.hostedemail.com: domain of stephen.smalley.work@gmail.com designates 209.85.215.171 as permitted sender) smtp.mailfrom=stephen.smalley.work@gmail.com;
	dmarc=pass (policy=none) header.from=gmail.com
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1723143210;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=9b/UCPdympi6kLEXUDe5cOZpoiMP6gQXppImwep3XMY=;
	b=guy2xei2ZK6C+yRrbEKSzIUgqZ7K7ZwtbtGAF6H6/sEuBebq61MT20getsAdj0MxG8t9Ew
	6vZJQJiCJBrO0Zdfa1WgwO2jlCcNE/q5rAQrRQdq/710N709Rxl/ZLfhqKSeODBZVyEHpY
	pgxCYYNGNmHlDg8A+4rpUahn+UuneGU=
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1723143210; a=rsa-sha256;
	cv=none;
	b=5zzQzein/yJ1nw6+o4wLwN8PuuBuuni9Wu1w2gG/gk4c2A2TewrUDjwK4LYawGV4DOv4QH
	Ichpb7FfHMvAiThies9CgzmlYFImvPPWPTp5tceAV58in6lJlh0QoG56jFGJvik9itd9/0
	gwj1KxJk9eXj7QOMXhnfdqFjwgILYvo=
ARC-Authentication-Results: i=1;
	imf13.hostedemail.com;
	dkim=pass header.d=gmail.com header.s=20230601 header.b="K6ns4/P9";
	spf=pass (imf13.hostedemail.com: domain of stephen.smalley.work@gmail.com designates 209.85.215.171 as permitted sender) smtp.mailfrom=stephen.smalley.work@gmail.com;
	dmarc=pass (policy=none) header.from=gmail.com
Received: by mail-pg1-f171.google.com with SMTP id 41be03b00d2f7-7a18ba4143bso1095152a12.2
        for <linux-mm@kvack.org>; Thu, 08 Aug 2024 11:54:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1723143274; x=1723748074; darn=kvack.org;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:from:to:cc:subject:date
         :message-id:reply-to;
        bh=9b/UCPdympi6kLEXUDe5cOZpoiMP6gQXppImwep3XMY=;
        b=K6ns4/P9XkQMG8fhm7xQSRzqJn76YYNVMfsetR05e9CmYZtk/anUxpp/0aGAdTr3pv
         fvTb9+0MrW4f1JSt3H23ByrxfmZiwFL/ilhKFPYMagjxS8lYYWW3o264VuG2Z+ergAgX
         n4uUUxyWjWs6HGybcxCW91JFTgjfGRpWZGVjNx6ZuPIDyIK9LAHXAGPTEYJlKetTc6pH
         ACT1LcPCSfqo+bQ5Ewewx3GtHUKApRVSo113p0uJSuWmcDwUlu9cllqg8YRt0cQCwKe3
         9/t7ZOnuMVboKRc6WWzabGj4MaNl/g2O+y8UiDpmQJLDLSFqpgDvEN/iSm3EQFxQ8BCe
         fRPQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1723143274; x=1723748074;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=9b/UCPdympi6kLEXUDe5cOZpoiMP6gQXppImwep3XMY=;
        b=BmGm8vCb+H134+yn6IY3lJWNx+vcMaDBtQFXxoAXjJIdWLGirHs51+5HTdz0A2IstN
         SKzCc7JfCPKQRM/CfdfC40wr0W+otJhFdgj+9QfYuT0rjbu3F6iS2CECia+WA9Pgv9li
         4Z63rIWidBCCPInEGEo7NqMcGhD76q3LoJhjRgkzUL5iMEBCmfE76bfulmr10vFtWp/t
         oWWrBMMGkhU06u0eNtZYC+caTwT5LZuK0CdeAPwGz8430jT91FH73MVslc2Ahncqhzfz
         my4ZOcaLhPULAp/z46Bf4jxqhahV67Uv8dbT9m2coD/o540L3eRRTgN0jHz2/K1w8j4t
         nLeA==
X-Forwarded-Encrypted: i=1; AJvYcCU6SfU69t289SfbkP1dLLurp2ejscGuL0kCFZpgu8fmqHbrcnVh2kuMkFQs2pfqP+xfnTbjMpGTej+cboLXPPQt13c=
X-Gm-Message-State: AOJu0Yx/TpMmvoi2fYDyi7swwyeXtJXPn0HWWfy5ioUF5IM07oaQVeFL
	mMuVGHCWP7hUT6D4KIT2iL3YTCZeEYyRQk6c2Gy4Q2OpFdCYqVDQugvA4vYgkKIZqhZBa4TzvrG
	ySGrBHmJLWz4QpmIVa6My+U5ehx0=
X-Google-Smtp-Source: AGHT+IGwMBTqKaAq4eS3RFXifkuhq6wTRECTBzVLrh6vpi706SqYKXjJnvJE5ovIM52rejttWGvvbqyLRR6pL+905DE=
X-Received: by 2002:a17:90b:180a:b0:2c4:e333:35e5 with SMTP id
 98e67ed59e1d1-2d1c347484emr3267942a91.36.1723143274456; Thu, 08 Aug 2024
 11:54:34 -0700 (PDT)
MIME-Version: 1.0
References: <20240808130909.1027860-1-wangkefeng.wang@huawei.com>
 <CAEjxPJ4b2Xcptmi2cJNyh=N=1ky=yfg_wVB1yDLwr8uuhujxew@mail.gmail.com> <CAHC9VhRz=drY-=W64VezugemWsBgaQZS_NQ2TZzrS0-fhZgg6A@mail.gmail.com>
In-Reply-To: <CAHC9VhRz=drY-=W64VezugemWsBgaQZS_NQ2TZzrS0-fhZgg6A@mail.gmail.com>
From: Stephen Smalley <stephen.smalley.work@gmail.com>
Date: Thu, 8 Aug 2024 14:54:23 -0400
Message-ID: <CAEjxPJ5JsNF=ypOFJxLGB3aBOAXLC7av+_HWS_FObfdGz+d0AQ@mail.gmail.com>
Subject: Re: [PATCH] Revert "selinux: use vma_is_initial_stack() and vma_is_initial_heap()"
To: Paul Moore <paul@paul-moore.com>
Cc: Kefeng Wang <wangkefeng.wang@huawei.com>, Ondrej Mosnacek <omosnace@redhat.com>, 
	selinux@vger.kernel.org, Marc Reisner <reisner.marc@gmail.com>, david@redhat.com, 
	Vlastimil Babka <vbabka@suse.cz>, "Liam R . Howlett" <Liam.Howlett@oracle.com>, 
	Lorenzo Stoakes <lorenzo.stoakes@oracle.com>, linux-mm@kvack.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Stat-Signature: ehdyugod1wkx5d6n6ukd3odrp9xidh6q
X-Rspamd-Queue-Id: CBB812000F
X-Rspam-User: 
X-Rspamd-Server: rspam08
X-HE-Tag: 1723143275-856433
X-HE-Meta: U2FsdGVkX1/92E8/Uz1JPrSwtoO92Y20DReDX1YKZg4SctqgJoMnF/rB+2KVFRS9KZAph1t9aQarGVzRf2BB6EDwC/m9J9OdcEu10Fw02vl0ZK8WyO1CisKOUXLzXdS3avhwypScWwHlT6GJt+IcUuFPOsiUUi26BVmbvJ6Uh/lAQRS+lQvAWTNrfIRXaiXeD9ZQUpLSoooOEyJ6jLzPQ04tZnnE6AKeg/NUucEpYcEGfeZbpltOSVqXW8gAVIA07xddbpXq8KhZAkZEU2ImJK2Ew3t0w2IVmjk+jaZmoeaAnkLTjUb2kGB/FL9UkhddNZH9zJDb225cjbxq+W2kdhB6bXdK7iBmH4pLHqiibxWr/1M1oVFj04KA74IRSmmul4gqn23flff2rtiCKP7RxnennSijsXvkxiWcx4mosJODFRwE8gQBqbYO5Qq0Cw5S3tF2bGtR8riDRQ7RDkDiQgRQgPP/CYxbDRkkn1N+BoUhGNrw8bfdqt9H2ZjkW0i85lYxAR8Q2dWypVDcCEHBRwTEYD7FcXPqnpDjff2Xqe0+mNfQG55fD2JKBLxP5ey3jh6nyhQwWQK2jZcK26F38swiI5aQqjn39QJeyft450KQ8uNg5zaA775kQGM1RxNlyUfTv5HDxWrmDZXGwYzAAPBzKXdYLNdpIcncFx2JQMLZ/YXw68LjuNUCuhV5vooaR7Ic4JooZ5waXpzCC5bUGkGuYRqaR7Lwyvda5/gmGzeyroFokCINWZXiu5sU4NsT6cYDLhOxOiSbpbECqtAvMPJo7YlrGaqiwZ0pWpllfDRw7QUut2TqhLbM6Uy+oklB2EGSMKZ67mxZFHBn5VU6mIpQieThf/+esLMKMFoggYhqXDzRlLIwupl7qqncIw55MmtzVwViA3sTyVnaZvVLYQvxuW2ae2YrZ3usmWuZVANnY2dicXBTceG53wHreph0gJZw2kFKbzZjYw9tnxK
 JnftrViD
 C0IapIn8YxCeJ3F/08KOft1UfuDuYmV5yDTnjMe225xBkZjen5FgqvvZU25HcU0v2DgtYHYaHowbX8f0w9nvZBBpi2UGhiyuV49dAkfFGMcI8RXw2g8rotJQI722LZgvmo8NbntsHJlB1tgW+HRa0Kn1HPSfWEyF03WmSvrZ6cVsUBuTzikP1wdmEbb+W8HEFYhTo1cylbIc6YjC5va3zdYyTx+Jj8wjLRjHHXWHrgIhrujK6swd6omT4qhD2Io3HhLHwATpOBKYDohmSLIM9MASxJVUGwb1pQKvAU4pAscpmSVS0lcdDbyedtg68C4CRxj2i1OoFxQrtgndFhs5t9C78VR8JVNAZiauN6kTsJo3b0NTGAHTEqsEHFOZOoBaD7I4FTOapWDuvb2IocF59XT3ocFNRKoA6aXQyoUcvSZ4SfSvwz2BwAjSRTPJITGgmq8ff8e1gQHO7tJXuDy1f3HyMvl6vvyaIAzIlTYVWHb7pkhp4tlc73xkEOy51qAJcXsS2dCvrnKI0hn7rNftRBOK9JaxAIwNAb7nKzl/8zTm+PvdVa337K04FaeVs/s+Nv8qoMxHM0c+GdARIuaJB2Hp84vTNlwQe9sh4yow7+nI8y+IWSAcyQA+Bh24nIzPN2UNWr4tBI5B64tPtm/mdBFVrEg==
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
List-Subscribe: <mailto:majordomo@kvack.org>
List-Unsubscribe: <mailto:majordomo@kvack.org>

On Thu, Aug 8, 2024 at 11:48=E2=80=AFAM Paul Moore <paul@paul-moore.com> wr=
ote:
>
> On Thu, Aug 8, 2024 at 9:40=E2=80=AFAM Stephen Smalley
> <stephen.smalley.work@gmail.com> wrote:
> >
> > On Thu, Aug 8, 2024 at 9:09=E2=80=AFAM Kefeng Wang <wangkefeng.wang@hua=
wei.com> wrote:
> > >
> > > This reverts commit 68df1baf158fddc07b6f0333e4c81fe1ccecd6ff.
> > >
> > > The selinux only want to check whether the VMA range is within the he=
ap
> > > range or not, but vma_is_initial_heap() helper will check the interse=
ction
> > > between the two ranges, which leads to some issue, let's turn back to=
 the
> > > original validation.
> > >
> > > Reported-by: Marc Reisner <reisner.marc@gmail.com>
> > > Closes: https://lore.kernel.org/all/ZrPmoLKJEf1wiFmM@marcreisner.com/
> > > Fixes: 68df1baf158f ("selinux: use vma_is_initial_stack() and vma_is_=
initial_heap()")
> > > Signed-off-by: Kefeng Wang <wangkefeng.wang@huawei.com>
> >
> > I was only going to recommend reverting the change to the heap check
> > but in case Paul is fine with a straight revert,
> > Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
>
> I was hoping that the mm folks would put together a quick patch to fix
> what looks like a problem with the helper, but I'm not sure when that
> is going to happen and with other callers I don't want to change the
> helper and break a different part of the kernel.  Unfortunately that
> leaves us with needing a revert, but like Stephen said, I think
> reverting just the heap helper is the right thing to do right now; I
> also want to put a comment in there for the next time someone tries to
> re-add the vma_is_initial_heap().  Give me some time, I'll have a
> patch out for this later today.

FWIW, I tossed the reproducer code from Marc Reisner into a branch of
the SELinux testsuite and wrapped it up with an added test to the mmap
tests here:
https://github.com/stephensmalley/selinux-testsuite/tree/execheapregression

Passes with the revert, fails without.
Would need to be modified to be portable to actually be suitable for
inclusion though.