From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id E3AEFC3DA4A for ; Thu, 8 Aug 2024 20:43:24 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 66FA56B008C; Thu, 8 Aug 2024 16:43:24 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 61F466B0092; Thu, 8 Aug 2024 16:43:24 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 4E6746B0095; Thu, 8 Aug 2024 16:43:24 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 2FAF86B008C for ; Thu, 8 Aug 2024 16:43:24 -0400 (EDT) Received: from smtpin18.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id 9EB96C107B for ; Thu, 8 Aug 2024 20:43:23 +0000 (UTC) X-FDA: 82430253486.18.D4FBD42 Received: from mail-yb1-f182.google.com (mail-yb1-f182.google.com [209.85.219.182]) by imf14.hostedemail.com (Postfix) with ESMTP id D2FC8100007 for ; Thu, 8 Aug 2024 20:43:21 +0000 (UTC) Authentication-Results: imf14.hostedemail.com; dkim=pass header.d=paul-moore.com header.s=google header.b=ZRPKLhvk; spf=pass (imf14.hostedemail.com: domain of paul@paul-moore.com designates 209.85.219.182 as permitted sender) smtp.mailfrom=paul@paul-moore.com; dmarc=pass (policy=none) header.from=paul-moore.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1723149769; a=rsa-sha256; cv=none; b=ysanW6wJR59dhcsIScWXFBfAvBO7xTpGhly89mr6JOFiIFyV3GitH4CvYgfBW6fud1ZhYb SW3zQXuh85fksVlWIfRBpaxqjSkyUFMxS1jzuZxxSllBRV3mxamI+UWWddzKhFdGyxfOQj Bij7LC7fygSd9+EFmKnRaY29wPMYaig= ARC-Authentication-Results: i=1; imf14.hostedemail.com; dkim=pass header.d=paul-moore.com header.s=google header.b=ZRPKLhvk; spf=pass (imf14.hostedemail.com: domain of paul@paul-moore.com designates 209.85.219.182 as permitted sender) smtp.mailfrom=paul@paul-moore.com; dmarc=pass (policy=none) header.from=paul-moore.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1723149769; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=2O/x8B7y2mxuE7n+m8qQYp3H5sJi/9SEnvOkvV6m0ko=; b=FiEOHQeGk9HShLRxfYyYiMsDPqvT0CuyRHSNDdnCGj1Gw/7iH57b3HlgPcZjkSGCIHyLMK 9Haja92aYRppPXU3WnSoppWJIJEijjrV3JLNv0CKnJtEuYOz8dsM4pRzdCut6AOpzFKWY3 +5jtAweXDXwozvfHh/HVtyVaxR9mfD8= Received: by mail-yb1-f182.google.com with SMTP id 3f1490d57ef6-e0bf97a2b96so1348844276.3 for ; Thu, 08 Aug 2024 13:43:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore.com; s=google; t=1723149801; x=1723754601; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=2O/x8B7y2mxuE7n+m8qQYp3H5sJi/9SEnvOkvV6m0ko=; b=ZRPKLhvkTAPjZl/86d7t2nnm4Nk5qUisu8NuAdz1MKHaVO2ttd5NHMvGo5gJxEydqA +/HunSHHJ9jvyflp1hFF6OEswjWDLqbNkDBNAYV3cY9Pm9/B6aTB9+6R5dgXIIntD1T2 Auu8bfX8r0g9EjQzWz3YJWHbFhrVhkrMrORiOD2qrTyURBSSIcv79gAmrrvL99Epxs+J SCQlieR3u3EWjyiYXmX2U4k1UnStzI6jGtLr8jLVcQ8cjRNZwo+MHgfIQGSefewYkVxI lS578Mwp6eyejmyTh4fiypDgK8m9mEAeRSuXCWcRpliXRxgDmWetjaE288lFdpx75WhV hhAQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1723149801; x=1723754601; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=2O/x8B7y2mxuE7n+m8qQYp3H5sJi/9SEnvOkvV6m0ko=; b=e1dCUES8b702uIrs9G0DUohL2Wewv8wfgxEUOZ/dx6FrYoIs5U1Ert+hctmmVspWzl xgL0ge5in6T1QO9imx4oYOsTg6gMRXYhd+k/nww29jz0N2VLpeMIWFX1chowifJ69YOd TDfb3yU299ifRH2dI630bWwy1OvWqu7i9BiLOGsRnaggG5xXfZBPTV0uuN9/ZEkkSSjf fHOWXh+cR+1LKnhBwJLzsAtJFDcxQ+FyjuObtzkHdm14dDaJY9I2NMV1gg7HeqzbVMMp S2FIkFQVfrzUpN0KpxY8mNaoDZu/SzpVjkGwRc5tFrtJjyyDYZkBDKUSG3pmCINmIjre 6DAw== X-Forwarded-Encrypted: i=1; AJvYcCURIUkgEJg44voUhDe6k0qSIHr1qRr33DAdWNGa3QD8eY45a5yyg83rpu6y3P/yGJcwcEQvNX9erFR6zxgxQQhq9ew= X-Gm-Message-State: AOJu0YwaFuWoDFmAhPg1mhXFMCElubPAheZq9ueJ2Gok4KjpQAO2/Ym3 +t1e5XfvtxOFXBj5NeIA4AXYRLsZciicVh99GpXJBKfu2nXmnWMq6po+B/N0B7HFYl/u44EQrPC 914nu1RGh0zwgsojhqVlElSi6a5qn6FSRESqC X-Google-Smtp-Source: AGHT+IFC1OE8KRHMmKr7rH6deuBf4mReLOmlhhp4bt2rRsDL0UNunfMv48tgujt16YhA6szzxv4EBxiOmRjYSPwsTEs= X-Received: by 2002:a05:6902:1b09:b0:e03:5fee:66a with SMTP id 3f1490d57ef6-e0e9dbbe0e0mr3791769276.42.1723149800910; Thu, 08 Aug 2024 13:43:20 -0700 (PDT) MIME-Version: 1.0 References: <20240808130909.1027860-1-wangkefeng.wang@huawei.com> In-Reply-To: From: Paul Moore Date: Thu, 8 Aug 2024 16:43:10 -0400 Message-ID: Subject: Re: [PATCH] Revert "selinux: use vma_is_initial_stack() and vma_is_initial_heap()" To: Stephen Smalley Cc: Kefeng Wang , Ondrej Mosnacek , selinux@vger.kernel.org, Marc Reisner , david@redhat.com, Vlastimil Babka , "Liam R . Howlett" , Lorenzo Stoakes , linux-mm@kvack.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Stat-Signature: s1p4ng8ufpkwbh85thzfbax8s64o6uoj X-Rspamd-Queue-Id: D2FC8100007 X-Rspam-User: X-Rspamd-Server: rspam10 X-HE-Tag: 1723149801-618963 X-HE-Meta: U2FsdGVkX19YYShVEQAT9K09PpdALoVnf0FCO8BTiw2EzjAPwZncBMut08x0DikZwbtNs+tbVpHsZ2pgxjKM+LHBOFYPGGXo6Xtj22+79ArLACMHT7givIklxMgDTXMIJbqqsa0/sp/kUS98z1KI5qBlyCevSIiUXeO7I11xB1xfef9BNzzr+N1mj4bS/1pXkGvw3tocJijK0/FxU2QsEN7eXZeGa/p1JN29jzybylksYFsVuXJhiocTES6pGFYuNBOjIy+tqTfFEZkxLjKBXZK1haG/bTAzV4lNACeMrDGH1gTmKzJsxnitvAyY/g+SlJtFsVd8M87Njw3/vAqau1l2jt6sHwnf42nwhWcSWEc1EhApp7NFYkfQDD1HSEHAbjGr59iZqd6GzfoeynmklPqQv0+U93Mj2DMGtI6TzSivewXeDVKpc4Rk7LH0vIJrwaX1nYQbSBMdK2CWlRymiFFoSbizaBW96yiU4cy3wjz/GU7elwVEBJHpByH7whatPFU12CkNjIRKRzdr+DnLShDfM5fHl9aWMn3kWl6YaDat9SQCynL11ORRWkBdl29sjESJySjWfP/s707Ni4yIn5riP/Mzx2pk6oCSXm1zSd+BPueG5wLuMhwwqpEjfHGaVVtr3y1sLM/iW4Q44vS6BT9gU/KavHm8wrRWxPROUAVZrsw6OsOKPuqO1Ae2anwYhOKX4Nm9Y644GPLcTMXfo59HtHSsUgNZeF+s58dekZJ88ULTX9VOhSV5hKQl8o58G7c8d/yg8H5zYwZDc9lLu/jacMJm5Q/hTpt6c/pHU4G59OhLkHw+fDVd1A9XIVxRL5lVEmXOh3VTZWMiGsqCKC4yi5INmNUIqO9tst3A9ksVNq2meTH37yVyMurFqsrnhw2xGjj3feJy02JAJjJE9Y3UPeQgyMO3lltSe5EUViAje4ywRx7DuE288J09dbxEa1vzRH0iQ7SYqYu+qZx G5qusxvn m/BzPD+FitBqWLDaWy9C9lXvF1FqcQl5k81Wu3B7o/CEuFtI8exBQ66hrZk/brzV4Pa1aY7jQ3KG+eE7mHzuZgNyxROnRBufulBDySGNdixWw+tI1hg3H274qTZARwK+kb/vbblX4VB+4OyYTb8FbFXlvjDMV90cVo/10HFz+GqjDd2R9+Kse+85xxnPrdBFt5/moh292+VZzMo7CD/BrhfkTLxZKqIQDL54+zqgm5MgTfrUYs1/6TLblIumyyYWyUJne5vsKHxC/vb0EvA7LOQSg5BjqLFiy5hNqaYa5K5m82xFFeBHPD284xduIUQQjIZ3qSWtNWo4hVGFyKHU3YGt6pdKLjA3MgNZ6nZm6zqY16KXBL8qFHTfatJG8hSUnXp9T7B52cQ1qJ+8Zgiun1ZdQHb+x+3Ibyh3h/Pav6toPfUalxCMOpcVq9J+VYp4YwgzQLfRujLjPuQTLMEKYIo5l8jvt3Kavb6FKRleZZ5Sts+vdhkLjUthSWnu7rNpZHNfmWyYKcG5Exb0ZzqcnIKt0tVESzWuVutYJJv4Cr1VZqcU= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000151, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Thu, Aug 8, 2024 at 2:54=E2=80=AFPM Stephen Smalley wrote: > On Thu, Aug 8, 2024 at 11:48=E2=80=AFAM Paul Moore = wrote: > > On Thu, Aug 8, 2024 at 9:40=E2=80=AFAM Stephen Smalley > > wrote: > > > > > > On Thu, Aug 8, 2024 at 9:09=E2=80=AFAM Kefeng Wang wrote: > > > > > > > > This reverts commit 68df1baf158fddc07b6f0333e4c81fe1ccecd6ff. > > > > > > > > The selinux only want to check whether the VMA range is within the = heap > > > > range or not, but vma_is_initial_heap() helper will check the inter= section > > > > between the two ranges, which leads to some issue, let's turn back = to the > > > > original validation. > > > > > > > > Reported-by: Marc Reisner > > > > Closes: https://lore.kernel.org/all/ZrPmoLKJEf1wiFmM@marcreisner.co= m/ > > > > Fixes: 68df1baf158f ("selinux: use vma_is_initial_stack() and vma_i= s_initial_heap()") > > > > Signed-off-by: Kefeng Wang > > > > > > I was only going to recommend reverting the change to the heap check > > > but in case Paul is fine with a straight revert, > > > Acked-by: Stephen Smalley > > > > I was hoping that the mm folks would put together a quick patch to fix > > what looks like a problem with the helper, but I'm not sure when that > > is going to happen and with other callers I don't want to change the > > helper and break a different part of the kernel. Unfortunately that > > leaves us with needing a revert, but like Stephen said, I think > > reverting just the heap helper is the right thing to do right now; I > > also want to put a comment in there for the next time someone tries to > > re-add the vma_is_initial_heap(). Give me some time, I'll have a > > patch out for this later today. > > FWIW, I tossed the reproducer code from Marc Reisner into a branch of > the SELinux testsuite and wrapped it up with an added test to the mmap > tests here: > https://github.com/stephensmalley/selinux-testsuite/tree/execheapregressi= on > > Passes with the revert, fails without. > Would need to be modified to be portable to actually be suitable for > inclusion though. Thanks Stephen. FWIW, I think improving this test such that it could be included in the test suite would be a very good thing to do. --=20 paul-moore.com