From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 71C58C001DE for ; Wed, 19 Jul 2023 15:25:27 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 0408928006D; Wed, 19 Jul 2023 11:25:27 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id F333328004C; Wed, 19 Jul 2023 11:25:26 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id DFABF28006D; Wed, 19 Jul 2023 11:25:26 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id D11AE28004C for ; Wed, 19 Jul 2023 11:25:26 -0400 (EDT) Received: from smtpin13.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id 86221C03C9 for ; Wed, 19 Jul 2023 15:25:26 +0000 (UTC) X-FDA: 81028735452.13.BEE4AE7 Received: from mail-yw1-f170.google.com (mail-yw1-f170.google.com [209.85.128.170]) by imf24.hostedemail.com (Postfix) with ESMTP id 96A50180015 for ; Wed, 19 Jul 2023 15:25:24 +0000 (UTC) Authentication-Results: imf24.hostedemail.com; dkim=pass header.d=paul-moore.com header.s=google header.b=OEkJOsaD; spf=pass (imf24.hostedemail.com: domain of paul@paul-moore.com designates 209.85.128.170 as permitted sender) smtp.mailfrom=paul@paul-moore.com; dmarc=pass (policy=none) header.from=paul-moore.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1689780324; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=E9cCLj0zM8JjUOyomZEKsWMrdNLR9qOvsZrkfrcN/wI=; b=1Q9I+pCIJcpkVYXWf5P/Ch2PdNV4fbXcKgaZKTqj3zsJ6ULOF385CfstvxZaXMssPtUnXD xGalViXXgd326b7Yw3MFRzaA4D245PrzX3aWBUzhGH3ZAs9m0nBWi7+1XmLuRA2HV3tf69 pt9H0CZu/9lKSvfhEVMpDSAediEnaOU= ARC-Authentication-Results: i=1; imf24.hostedemail.com; dkim=pass header.d=paul-moore.com header.s=google header.b=OEkJOsaD; spf=pass (imf24.hostedemail.com: domain of paul@paul-moore.com designates 209.85.128.170 as permitted sender) smtp.mailfrom=paul@paul-moore.com; dmarc=pass (policy=none) header.from=paul-moore.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1689780324; a=rsa-sha256; cv=none; b=yecCODchKWBpCHxePGGsndRyLxNkUlsjxTEO1czFnPpOrR2QjKuTAdSW1LZFoodIS1r/OP AqUNKFKiGhrsx8bRSYjT5fgax2Plfd6cGheFxaRlB6r1igmY9UeLxpx69qJt1LBitc6BHW 2x1d9SHB1KcPL4zQHwuhsJNylLBZXuQ= Received: by mail-yw1-f170.google.com with SMTP id 00721157ae682-579ed2829a8so69862927b3.1 for ; Wed, 19 Jul 2023 08:25:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore.com; s=google; t=1689780323; x=1692372323; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=E9cCLj0zM8JjUOyomZEKsWMrdNLR9qOvsZrkfrcN/wI=; b=OEkJOsaDK/Sdhd+3KExw0lzHKRrWqkDKbK3EdKZwnico2hN66bMte46sznr3D2q8Ij kbEqswBd4Nce8EcmHj//I9ODApZC3L90+sXmFcS3ViqD/041bQU+p1oZEBIpbGHxQdRW Bkx5xcshP6g0XlBXSCaQ//9PGUg4t0Ev53G19Jn7Bfe4HXMoys0m8SzehU1V6F7QP7eC 8lD4s/Cq7UyYFbJ2XhyBKI9zR6lTkAPuQK2Be95WCrVId1mNkjbCaiY+OoJI9U3Jthni rSjU8rQv78mbNQMwp1Pir4wiHsocaFkhglAJQrREt1ieUgUGlrDPdPr85ltO3yU7F7at iaVg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1689780323; x=1692372323; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=E9cCLj0zM8JjUOyomZEKsWMrdNLR9qOvsZrkfrcN/wI=; b=g1pkDAA7IdvX7ursUgOA7Z1moBvaxr75PQgCnc7VLuCzYWAZk1HZM+yhXK7xK15OqH kdar1L7JiYKJsCtflTHV6vvde1/LvbGYvs1yDjQ0kQGgvUA8KRQ9rQKcaAWMf9CzUg1C 7W7vKoFBFsHOepI0VKvK0DTBmovBDFfcU1cHMnYwoE/+ZQuYunzVXTPGZIJ2WUj5q4Nt mVeXe0NXrUPNzrCMwBHICbO397O1/iUlIqWUqS+xCTCkOJcl8Gd39XtFgB/FZ0DY84v+ pbVtMUZU5exL8v1wF8uFEpNeU/0HQNOlROmuabPl5XwwGOfwA0mOGYRJOYHvJkoepzd+ cR1A== X-Gm-Message-State: ABy/qLb4jmlmRpG20tMMAx18hLxkeVfAwzTSKwky/dztkzRoAcTy0WZN VqShGon2d5uiufIjHBzyNsC8qlcsILySkF0ekyu0JCofjbLdOefYJg== X-Google-Smtp-Source: APBJJlEKuWkfr0ZOUpBDkgDJSGU1WICL7JKLe65DOhMheQvB+Dy8YyA22pUEoTNZB9gyg+Sk1cUZ7AumngsAXFfSIUo= X-Received: by 2002:a0d:cb10:0:b0:57a:8de9:29e7 with SMTP id n16-20020a0dcb10000000b0057a8de929e7mr18181677ywd.28.1689780323608; Wed, 19 Jul 2023 08:25:23 -0700 (PDT) MIME-Version: 1.0 References: <20230719075127.47736-1-wangkefeng.wang@huawei.com> <20230719075127.47736-4-wangkefeng.wang@huawei.com> In-Reply-To: From: Paul Moore Date: Wed, 19 Jul 2023 11:25:12 -0400 Message-ID: Subject: Re: [PATCH v2 3/4] selinux: use vma_is_initial_stack() and vma_is_initial_heap() To: Kefeng Wang , =?UTF-8?Q?Christian_G=C3=B6ttsche?= Cc: Andrew Morton , amd-gfx@lists.freedesktop.org, dri-devel@lists.freedesktop.org, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, linux-perf-users@vger.kernel.org, selinux@vger.kernel.org, Stephen Smalley , Eric Paris Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Queue-Id: 96A50180015 X-Rspam-User: X-Stat-Signature: 6s5k7iia4enfw9g59xu8x47a7mhc47fm X-Rspamd-Server: rspam01 X-HE-Tag: 1689780324-42741 X-HE-Meta: U2FsdGVkX1879PfoRaFlkKEFKGnf2RfrdUaFoSUBXDOVnODC3HKmAwnTMjwa8vf67dZ9rVJRtgO2lz5Y2JbwkA9QSas0l6Jjdo6JwHwwmjByG102uA82Jpw+l4aytKTPqSqmFqOw9pshA6Z93L0mYgUYsKDvMk2ZfwZQF8HxBOTVp3hkqA3uWojrK8Ify6ZQZ1bWg3cOWiVkJaKamxCbwN6rKzjOdSF+aA7+qpE89lBCRUFLdPHFUvhBgZ7RzpYYBuphAi1OybtPO3YI+EcIWMXW2B7cJ3dJ/lmjNmJ+vVHnimss7H75l49IpTqRyKYcPmnoaB6bz5VBFXQwI3TvkLTuDRZqBRo/Jw2qzM6ieEvGbNb4xieZH3VtsqBeyUeMsdCDQMlu4h5hWgVl1zimVEDs9JEyh3dzFEte2Obj/C782qAHtYztZDy9DOXDVLqSFUHKijbzdf8Ns9LEIaFnVntttTX2GnMe50+NgoGBkG6/UbfLcHR14E3Lly0pRS4maDXxb3f2jtv8eSoTO8oKBUayrmrVUhxPKUgpq6aApz3DRmebD1NMymaqMT8UKcjjEt1qb1GmyDTt1F+jlb7P5U570m7Gg8mjNG3p2hAcND3oGocUVomiLkDaUD1o6Mmvx8pvX2z8VfD4VAFQ7d8vsLzUWhGnWvZVNZyz5RJL7ASTDhAhndYgcyRCpPNQ02pG21hXVddgr+Zv5PtN4dL06n7jQJbHZhGA8ONycD4bYZWONOsNa9rwjK3FqcudgaZ95DiVoTYTuLdo7zacncMnxujD3Ht14XXZ+mp546bGq7RO7+Rjs4lEgL/McWg5WDQjIgeL5TVuk39Xy027Al3CCYa32hn9Yxrj1u3RyHdpOkjyGYQOIXH52ry4tTsMVmBM78Yu3/iBW/xiML6SME8lxV8SiVGF5sh2998i6TLsJyIOREHrjoPgyEpkvxXNb8J3LhBS8w0Exk80dY2phFt ynTHcpuD oQjtcwNoo3Hr58V1wvC4JNRq7oYJYYdnECDQB9Nhz275k2EIheMu4EzAbEtLefRYrUIaZjWKRilYrcIwwtWzIk7jT5Jxh6x8Ycs17LjYMVtkALTww+VvUsiHMB/z373A3+GSGpPspVIvm64vcihKkQnPAbcp13bcufYKgZyIw5dz4PkZdiHZ2c88noNqaoebYKMTF5tt1BeLQd5x3ABfnePP4JAEFVcnuQ8Udqk7V33uW3srK+deue+0hqctH/ERpGcPUJ3VCfdEjf5TapukET5w0w5/kGAF2YTMS7dadFRWANBS2cSgLr+jhKfrinIq1iwDdF2l3u0N7tVG6QUyl+sASrE9gcea3N3feO4LpAV8+v9LiLRwJ6kKQ1QaHG6pR3NVxYM3BNCMPs7MkvEaJDTuGcYCOIg/9W4OcXf5bCkpIMtQqOcyXFWNg+fzQ8fgdFr8zpdQAKc4tPZvcK0x0TD/fA1GF4iIhkDY3RirK25KAkHQie9RNU9/pAUTDtOGWQP5ClPQ6Fmhe9js= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Wed, Jul 19, 2023 at 6:23=E2=80=AFAM Kefeng Wang wrote: > On 2023/7/19 17:02, Christian G=C3=B6ttsche wrote: > > On Wed, 19 Jul 2023 at 09:40, Kefeng Wang = wrote: > >> > >> Use the helpers to simplify code. > >> > >> Cc: Paul Moore > >> Cc: Stephen Smalley > >> Cc: Eric Paris > >> Acked-by: Paul Moore > >> Signed-off-by: Kefeng Wang > >> --- > >> security/selinux/hooks.c | 7 ++----- > >> 1 file changed, 2 insertions(+), 5 deletions(-) > >> > >> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c > >> index d06e350fedee..ee8575540a8e 100644 > >> --- a/security/selinux/hooks.c > >> +++ b/security/selinux/hooks.c > >> @@ -3762,13 +3762,10 @@ static int selinux_file_mprotect(struct vm_are= a_struct *vma, > >> if (default_noexec && > >> (prot & PROT_EXEC) && !(vma->vm_flags & VM_EXEC)) { > >> int rc =3D 0; > >> - if (vma->vm_start >=3D vma->vm_mm->start_brk && > >> - vma->vm_end <=3D vma->vm_mm->brk) { > >> + if (vma_is_initial_heap(vma)) { > > > > This seems to change the condition from > > > > vma->vm_start >=3D vma->vm_mm->start_brk && vma->vm_end <=3D vma->= vm_mm->brk > > > > to > > > > vma->vm_start <=3D vma->vm_mm->brk && vma->vm_end >=3D vma->vm_mm-= >start_brk > > > > (or AND arguments swapped) > > > > vma->vm_end >=3D vma->vm_mm->start_brk && vma->vm_start <=3D vma->= vm_mm->brk > > > > Is this intended? > > The new condition is to check whether there is intersection between > [startbrk,brk] and [vm_start,vm_end], it contains orignal check, so > I think it is ok, but for selinux check, I am not sure if there is > some other problem. This particular SELinux vma check is see if the vma falls within the heap; can you confirm that this change preserves this? --=20 paul-moore.com