From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 12D71EB64DA for ; Thu, 20 Jul 2023 21:16:30 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 9B26428015F; Thu, 20 Jul 2023 17:16:29 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 93B6D28004C; Thu, 20 Jul 2023 17:16:29 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 7B4B128015F; Thu, 20 Jul 2023 17:16:29 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 64CAD28004C for ; Thu, 20 Jul 2023 17:16:29 -0400 (EDT) Received: from smtpin19.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id 280EBA02BC for ; Thu, 20 Jul 2023 21:16:29 +0000 (UTC) X-FDA: 81033248898.19.BCED2CE Received: from mail-ot1-f51.google.com (mail-ot1-f51.google.com [209.85.210.51]) by imf10.hostedemail.com (Postfix) with ESMTP id 4F1C4C001C for ; Thu, 20 Jul 2023 21:16:26 +0000 (UTC) Authentication-Results: imf10.hostedemail.com; dkim=pass header.d=paul-moore.com header.s=google header.b=PlsOhuAw; dmarc=pass (policy=none) header.from=paul-moore.com; spf=pass (imf10.hostedemail.com: domain of paul@paul-moore.com designates 209.85.210.51 as permitted sender) smtp.mailfrom=paul@paul-moore.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1689887786; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=qG+ThjVmfgJOgCEH3FGED5B6h6SrS5o6Axcjc3bwSOI=; b=bfZUgD2/XGBux2J2s+fSxeUt3liznetclgHH2f3LeBcgvian9dZX6VPOYw8GQwptu1vQwz c8vPbKNi8rxl8qLJYPa5xRUxOui/mdo7dDK14spvT3BNZ2CW6Yi4Ju0ln8Zv7YxKqy7dI4 QhrY9PThttIQ/sIRZXMzmCEHcw1NEVQ= ARC-Authentication-Results: i=1; imf10.hostedemail.com; dkim=pass header.d=paul-moore.com header.s=google header.b=PlsOhuAw; dmarc=pass (policy=none) header.from=paul-moore.com; spf=pass (imf10.hostedemail.com: domain of paul@paul-moore.com designates 209.85.210.51 as permitted sender) smtp.mailfrom=paul@paul-moore.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1689887786; a=rsa-sha256; cv=none; b=zJZtlI4kIxePlSRTKyL9hR1KSzUjc0yMitYlrXclUHsPAI640QkjtYFjP9A0XptAYRKrk1 jch6FvbCKn/zP8jeHiz4ZaCuxCPeJzNna8oIw58t+muY8ezHgDfJ4Qs2s5TpNLZtkDRdVc gK9uWUACc1zGtaBGOeKU+w3aAcQeUMk= Received: by mail-ot1-f51.google.com with SMTP id 46e09a7af769-6bb07d274feso779372a34.0 for ; Thu, 20 Jul 2023 14:16:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore.com; s=google; t=1689887785; x=1690492585; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=qG+ThjVmfgJOgCEH3FGED5B6h6SrS5o6Axcjc3bwSOI=; b=PlsOhuAwUTnsUHdCrAacS252UIxiMGOunaN7sjGqk6IdEDvWSfDkeAaUkUyPQ8TsWM dSwDx1M0yS6cP18SL/J1e1PXgjFT+K9g6o5oDfjX5KtL6NSbkgGERWclg4dqpb5RXbRk mgSxD4tswhi0vnWZ7QVrXYqDP0D8ob9/9QUQ6YAxjdxcpwGDgQkVMpn2oIljVP+8n250 Cvgx17BBdzoeGzK2qImORkfKCzx9ew4k1bBToLGVABe29MENH0fq/kJj3qouvSeuyZdO /Z1VN2fJikHf9jRa4qnEkTjqz53WsvY8WrwXfru0TXBwVShYekLaJiGmdg8c8HjFud4b s4CQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1689887785; x=1690492585; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=qG+ThjVmfgJOgCEH3FGED5B6h6SrS5o6Axcjc3bwSOI=; b=Svj6MRwUb9iQGRyg3Qx8OSWyaF2oOwbkETSSunIo1r2RnUxtwm1bOlZ8r071qWJqkT cZh3kkYLYbwq5B/HAlv+OYdjxTpB9nZ4CsXttNKcwLdpgSoiwU/hj8D58zSu4kBjuZWj t9ytTPwiwzMj+IQHevo62RoSXuJm0Sb3AcfWHyqhD3GesIg9km8b+8JsKxd1MbDUZFBg MtFoZV7VhD6ebFPhLxs7UxJyOagAtFIpK6qgBpFUhcNiZVn4bb6QOhExtb4vK4EtGyTr GkCAjBPdhPuka5+ETwDfYVyocGWyjcoaE400DcvKi3FJfBVJgaaG64eZFKcFV8x0TsXl pz1w== X-Gm-Message-State: ABy/qLbKUe8cCltKULu2wgZNP18IMon9dP9PMknG7zPLZNDoTMU/bTBp MftJMIQ8KI2N7CeqDYiE/St8x6gi1keNla7xYAgn X-Google-Smtp-Source: APBJJlEhgxTXc1qyzkAvHpHuXwIG3OtHxUZ6QwrqTdkR8L2OyhsuJu/aP2P2r4S2KF4Tr6uErZhsPZjFCuLra+hXwe4= X-Received: by 2002:aca:1218:0:b0:3a4:8e9b:e5cb with SMTP id 24-20020aca1218000000b003a48e9be5cbmr84720ois.1.1689887785358; Thu, 20 Jul 2023 14:16:25 -0700 (PDT) MIME-Version: 1.0 References: <20230719075127.47736-1-wangkefeng.wang@huawei.com> <20230719075127.47736-4-wangkefeng.wang@huawei.com> <1e839238-c78d-71e0-28ae-7efff0e04953@huawei.com> In-Reply-To: <1e839238-c78d-71e0-28ae-7efff0e04953@huawei.com> From: Paul Moore Date: Thu, 20 Jul 2023 17:16:14 -0400 Message-ID: Subject: Re: [PATCH v2 3/4] selinux: use vma_is_initial_stack() and vma_is_initial_heap() To: Kefeng Wang Cc: =?UTF-8?Q?Christian_G=C3=B6ttsche?= , Andrew Morton , amd-gfx@lists.freedesktop.org, dri-devel@lists.freedesktop.org, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, linux-perf-users@vger.kernel.org, selinux@vger.kernel.org, Stephen Smalley , Eric Paris Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Queue-Id: 4F1C4C001C X-Rspam-User: X-Rspamd-Server: rspam04 X-Stat-Signature: tbbwg78ztrs18xxg1u68rzkbxa15tqem X-HE-Tag: 1689887786-921852 X-HE-Meta: U2FsdGVkX1+3V2iHUYEPpwb2CYZOQ4TUjvjy6OzdBMfJdj8WT2rE/PandlJ8cIdDHvSgkUknwOGb+ZvLEdeCc1FlHEg3e1ocVgYdkucYghDkz4f45mQ8tIkfjPLu7HmLuXkjovz2JTvJxk6oL9zpio0jCLcJScmtpEGbkiB03xDj0MWebJpHr1hppiqNike5rBThOI/jf/lHSWA8wNYltRyvd5wLKf58//qVpduQ1AzyNHz1ycfMMvLL9awV3FWAbfBAsVgHMBwZNcPzkb/t4I0y4DUyH1rxUsFK+itFPHxn9ec0LvHYx4H8ffZCoALp4mGmzS0UIdCCiUqMGFxFfgT48EBb6WY39hX6bOAnM5XEbrLwZ0aJW5NMr/iFx8BiUHj3u0iZLbUWFTfuOVbMTCu34Sa3HK8+Np3HSualsABPhdynXiisfFFXxmlx5Ardn0vgv3IJBk58DH2mHhpGnz9P/tcl76jKnjCMHDSMYvWv7cjK5ccLnCGwWy4N/vSuukO2nN3rhpZjwbr4O3DvDp3n0dev+102HT5Gz/f6xIHVL8ktyezSXLXxNd4Oqgb3Kc0HloeLo2EK1YhWxro6Y50E4y9m35ZIxEY56vLAzvveeus+FfDNGrLCoR8BNXX81KbqVSvuIwNHNnJs1oSKi51ixKMBcLUNPHzzl2Vj9yejsCbN81mMEY0et9X0qw8aJybtWDgCk9PIF5yI0yCnz0IqMylu8HBoegG7AQl4oSWDTDKiA7Id/SSiHkaJwW68O1C94O4ntAx9XSOTHyScmJs8gXinLDuzUC7sdG9re/SJApmuz9Er+zK1QqXifVNvbb6LR7w9moDvmgkI6sXEgmhGsRb2x2lNVev7XgSjP1hznX0D77mMILSF2nVB4zROD/B5MBeotlb6lnoNa+9JlS/v8hna3LgrHfcZQ6uBCQWIAd5P6hL/LW1KrRHwjtYmd1lweKgK+/hNSHtuRUB +3ueS04k +eNLtJJF2Id0LW8NaxE3ZbDFLSYcr1Le91S9Pxc1bbuY970iL1Vz5lhGagtMwq8kq749HHx4tRqFhgll6jQ4F2S4pHt8ydXDICxmkerjAh+Bvk4VnBkYPKK3xHGZqjZT3X/AUjWgWsbvsHFr5Yk+DPbhPOn0M9D4+ECfudvz7qVEVlk5t7xVXCqLSLRyL+mN9K2eB1vvrOtiYI3Fc8/BvYLqGl7QlOxUh3H1KO0JyTaQdOzOXd169as0/d5q4Qq2CDipj5t/EYzEzAzvmu9HXg+O8+CUTygkIlWn1OCvg6GCrsmuNjmcv8ouPiq35xab95Tz2JBtfm5Y2hE+z7qdX52e6VXqSJRW7/cJLSbIdstA168GDCtyEVfAhw/fPlmHlQ9zZk0p2sPOSG2SnrU1N3+1oWO7A89Nj9jULrAQy6FPT4W0z5OEMlB1WRbw2W32gTduSM/PADcl5GfE/l/xz3n7rGq10VU1yEj+/hLG+jDQZTZd9Pg3lx2TIzHyxAVcgO8XyfGLH/vVQe1g= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Thu, Jul 20, 2023 at 4:28=E2=80=AFAM Kefeng Wang wrote: > On 2023/7/19 23:25, Paul Moore wrote: > > On Wed, Jul 19, 2023 at 6:23=E2=80=AFAM Kefeng Wang wrote: > >> On 2023/7/19 17:02, Christian G=C3=B6ttsche wrote: > >>> On Wed, 19 Jul 2023 at 09:40, Kefeng Wang wrote: > >>>> > >>>> Use the helpers to simplify code. > >>>> > >>>> Cc: Paul Moore > >>>> Cc: Stephen Smalley > >>>> Cc: Eric Paris > >>>> Acked-by: Paul Moore > >>>> Signed-off-by: Kefeng Wang > >>>> --- > >>>> security/selinux/hooks.c | 7 ++----- > >>>> 1 file changed, 2 insertions(+), 5 deletions(-) > >>>> > >>>> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c > >>>> index d06e350fedee..ee8575540a8e 100644 > >>>> --- a/security/selinux/hooks.c > >>>> +++ b/security/selinux/hooks.c > >>>> @@ -3762,13 +3762,10 @@ static int selinux_file_mprotect(struct vm_a= rea_struct *vma, > >>>> if (default_noexec && > >>>> (prot & PROT_EXEC) && !(vma->vm_flags & VM_EXEC)) { > >>>> int rc =3D 0; > >>>> - if (vma->vm_start >=3D vma->vm_mm->start_brk && > >>>> - vma->vm_end <=3D vma->vm_mm->brk) { > >>>> + if (vma_is_initial_heap(vma)) { > >>> > >>> This seems to change the condition from > >>> > >>> vma->vm_start >=3D vma->vm_mm->start_brk && vma->vm_end <=3D vm= a->vm_mm->brk > >>> > >>> to > >>> > >>> vma->vm_start <=3D vma->vm_mm->brk && vma->vm_end >=3D vma->vm_= mm->start_brk > >>> > >>> (or AND arguments swapped) > >>> > >>> vma->vm_end >=3D vma->vm_mm->start_brk && vma->vm_start <=3D vm= a->vm_mm->brk > >>> > >>> Is this intended? > >> > >> The new condition is to check whether there is intersection between > >> [startbrk,brk] and [vm_start,vm_end], it contains orignal check, so > >> I think it is ok, but for selinux check, I am not sure if there is > >> some other problem. > > > > This particular SELinux vma check is see if the vma falls within the > > heap; can you confirm that this change preserves this? > > Yes, within is one case of new vma scope check. Thanks for the confirmation. --=20 paul-moore.com