From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0C554EB64DA for ; Wed, 19 Jul 2023 09:02:38 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 49DB8280040; Wed, 19 Jul 2023 05:02:38 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 44DB128003D; Wed, 19 Jul 2023 05:02:38 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 315C1280040; Wed, 19 Jul 2023 05:02:38 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 2128D28003D for ; Wed, 19 Jul 2023 05:02:38 -0400 (EDT) Received: from smtpin10.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id B1B93120230 for ; Wed, 19 Jul 2023 09:02:37 +0000 (UTC) X-FDA: 81027770754.10.428828B Received: from mail-ua1-f52.google.com (mail-ua1-f52.google.com [209.85.222.52]) by imf13.hostedemail.com (Postfix) with ESMTP id DCBDB2002B for ; Wed, 19 Jul 2023 09:02:34 +0000 (UTC) Authentication-Results: imf13.hostedemail.com; dkim=pass header.d=googlemail.com header.s=20221208 header.b=roMthWZe; dmarc=pass (policy=quarantine) header.from=googlemail.com; spf=pass (imf13.hostedemail.com: domain of cgzones@googlemail.com designates 209.85.222.52 as permitted sender) smtp.mailfrom=cgzones@googlemail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1689757354; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=dxIwZYUXAuriCTTrhHVqHKddrsis7m+qCsP3HgdIynU=; b=mGo9KrLvPzckjePuJ/p7lKulN1cO5vOQLSM7V4V+cCw1vGIko21acbk2ItDyzowXRbc533 RgNx015W/DKSFrVXEPoogD9kV/IJE8Yi9zXt6tTTLh7iSOdGNxjZCUZz+jhKy1xkOINyPH E1WX8VuLpkh/CtW8ZjXMRvlqCqjk62A= ARC-Authentication-Results: i=1; imf13.hostedemail.com; dkim=pass header.d=googlemail.com header.s=20221208 header.b=roMthWZe; dmarc=pass (policy=quarantine) header.from=googlemail.com; spf=pass (imf13.hostedemail.com: domain of cgzones@googlemail.com designates 209.85.222.52 as permitted sender) smtp.mailfrom=cgzones@googlemail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1689757354; a=rsa-sha256; cv=none; b=l/T7Z79BuRzKMkQJlTZXo+DCxdHuIDrlDotcMgTUSbkCGRdkKrB//8keyo/sekSzPYCaBc jKxzMU2eXB2h4YLDrAq+7x5FSAXasfBt96wU1war6qqctNQFH1KylhdE2p0DZSrsU9poTa kU0hWH1T9VFUjYAls1SyKiRZEPuyRh0= Received: by mail-ua1-f52.google.com with SMTP id a1e0cc1a2514c-784f7f7deddso2170182241.3 for ; Wed, 19 Jul 2023 02:02:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20221208; t=1689757354; x=1692349354; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=dxIwZYUXAuriCTTrhHVqHKddrsis7m+qCsP3HgdIynU=; b=roMthWZenYjFJbkbM2mH9bPO4Bf42B0BRdA0sdFpwN48PKQ9gk4TZacDsuyYpWMUtU l7XYUiMzUMAy/phDMUaatUjESkkXKZSAnkJ4YsFYi4LHKq1cuYFBne+6nU2905/UPcSF eiRoC/YPnk4Xfg/OHZHNVe0aaySC7Dum98v/RDAWN8si4j+7KTylat/B7KzsdUU52gR0 ATZdikwexy+mWOAK83xK6JMDtH6htGdJ9v/DCaLbaPTlmTZwkNX8scIlclg0p8FahA0R h6FoIIVMuIN5v6FVCN4uWBK72xyHC8S/m8tYhlYULPyoo8BMP5rmm5j7YoomYtBCUVRH okmA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1689757354; x=1692349354; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=dxIwZYUXAuriCTTrhHVqHKddrsis7m+qCsP3HgdIynU=; b=FIKlNq6qrcsn7WKpBi58BI9TF7neEVpQCEhuD2JciSkrVI3RVevVSotPGHBnUTARkM goJNEMe4J5Z9dvZqe14i6eNZpRR0tKG8RfNbAdRlp9syn0TP0Oy1gNTW3iNG6cZrBEKT Yy7rryzmZZuWcw70hFNd8dYzABzwJXqlnv0+4rVgMZ/s1gbjgNb9V4NXxBcMy7PA8Ejh ManHcTwYeIf4XAHqn/3sXIVpB4lu49Ovpp4buS2dROXHgX74y30/gSQ6H5G3PSZmtXYf zyPJmIFrLvuqsTjCsdoMkEUbt4BpzpT04N6X8JU1bq+LD6Ndt0eAh8GTsjQjzgnWHjt8 Qgwg== X-Gm-Message-State: ABy/qLavU0zzY+N+Wbd3ASAv7QHNwZiPMoRdT65qfm0Z6Zfmg8bSYnVo fZYKaJrXHDHFra9rdEOfvlKm93kYd1w331CpA1M= X-Google-Smtp-Source: APBJJlFGC7hcxDjV2bvRpf7CwCMnWqPqtKrErYoLtJJRVn7WV3aGJI76Q4oBgWPzIE71Uc7VS02UNu6Z+sX11RmvnXE= X-Received: by 2002:a67:ce82:0:b0:443:6e00:d32 with SMTP id c2-20020a67ce82000000b004436e000d32mr8825653vse.8.1689757353731; Wed, 19 Jul 2023 02:02:33 -0700 (PDT) MIME-Version: 1.0 References: <20230719075127.47736-1-wangkefeng.wang@huawei.com> <20230719075127.47736-4-wangkefeng.wang@huawei.com> In-Reply-To: <20230719075127.47736-4-wangkefeng.wang@huawei.com> From: =?UTF-8?Q?Christian_G=C3=B6ttsche?= Date: Wed, 19 Jul 2023 11:02:22 +0200 Message-ID: Subject: Re: [PATCH v2 3/4] selinux: use vma_is_initial_stack() and vma_is_initial_heap() To: Kefeng Wang Cc: Andrew Morton , amd-gfx@lists.freedesktop.org, dri-devel@lists.freedesktop.org, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, linux-perf-users@vger.kernel.org, selinux@vger.kernel.org, Paul Moore , Stephen Smalley , Eric Paris Content-Type: text/plain; charset="UTF-8" X-Rspamd-Queue-Id: DCBDB2002B X-Rspam-User: X-Rspamd-Server: rspam04 X-Stat-Signature: quac4mqdyfjajs7frpmymd3hjkkieciw X-HE-Tag: 1689757354-993159 X-HE-Meta: U2FsdGVkX1+KEDpIRH7cb01gkOlbalBySxn7fQN4i9bcuilsu1jr6/8me/2RmpbK4JPd6t39ZwAw7WTCn6MfOpWWcYUZXBAYSLNY/s+CsDk+ab3aRbxI/5OhDFSJDSz2B0ecEJvqcIcX6oJ9ptTBTJIa93U58y6Bv+jgt/pccYOF0NZxe8Gt97tHCWbDhch3OCBkrwRvO8ohoxeIuNOI0kY3+qReJLVDXtvh4YwT14Z0z+8PThdBvilqXHC6KtUa3OPu6gP9Uu8Ufh6qRCA1NjlZMxA0hspsd7B8Huu0nSdSSTEw4sY3IoBOuQgMdALrkCftBkndjpHpFVquFHIuXMvVI0A6OlEADg+ecGmEfgEQ5/ykI6aJqRVWQx5VJSnEXUtoT7aCEzSkBNJbdyXNx6wYjh9IoNn/K5CaL1iZ6h6owa//2EX6gyGdUJIsPvdn9pk6oeVzKL5ebw6o/u6C8s7li32TwuyzMaCnq/CuipBa8zu/zUzJQCq3TjL/AOjNK7w6YxSkx8WPxqRKhboYHXuYK6pcEN5F7NT6MwIQwG15A19CLbq4QFEY63c5fsZG3LaFZytagI8S829B/nYAQh6jSaoAO2Wux/7kdF2+9vfps1RxaSijkBSswwhh6AzglGgJriCKZjBEf2X4/GhRw0tcgGfDRc4Ank2I9NqAdkdEIJomL/BuPfI92F4eGUhX0jrfu7pzTqaTdS9SIx1OspswPf3SNW5IRKqBQLawzooAtfIGmjKGkbupmfF7wdgeXbz8hrUPmecTMZRQNXqBozBoLeyeFf6384Cokf3hW1Na25lrNPXpkuat1xAwttXZD7eEcyfMiCD7+++/CmjFHauIEeJacTuECbzh4ekTT3AbX9SpBeiY91aalUtZS4Wz/uw+nNySTDViQh69tL0cPBL02AS0k6XLLqrDWBBWkNBpcG2eX+6Gji30Y4EG6KpXZm7N9raWorWpYEspjYe QU42C8zP HBH8PBo/U7Bm1K66Q51hegYv2ElEa62m8ZYNUS0i3iUge9O4PJcbpWrzX0UXitT7bf6LrJkSYbDV5NnQEdJDocoR2e0vmu4g99dKlNcJDa7i7Im5/K61KtO/qxJhCjFTf4LL0GzBJvM1XwkiUUusKvYElCgRgMtFVB83rmWCYvikU0Ud3IXQFIiUe6Q0gH29v0hoIamhBv+RzBGRePvz+XR59EppuAqlMl4CE1YQSYtLPmbz25e+vCfVmNL7q7ZAa9PgHTsC9KTKJP6kcE4RSWskBAxRLCU1cIDXdRxbW+TGT1BuvFAn571crOXH3eSzaoexbXjFfxLPbRVIrNT4Q6Wk01m8MwiXznwocJ4QBlO34Mvr/eKRku+aWmzRZi25VJJBr+2xMC7rlroMDQWAsQ0oA+lrjdxf4R+44DBY5RiipuBBi0avdJfp6cbDRYNfF/gPLylb6rilpI0DebROoKmCChlqR6tWuPL0XaREnINMGjLx1n+wVPUZdZGkxsqwuzcQLczm7Iu0KdSpicT+blgtJ4PwWOJz1bbGgpwfxAIEvZXC1fJtMXb8vH4h5U2B8xXfrxXE2xrTa9lKZ1oSzkrc6qFPuHx8E4rRcFitN7VKtnZJOGtL8GlmsR27MiKW2zmui X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Wed, 19 Jul 2023 at 09:40, Kefeng Wang wrote: > > Use the helpers to simplify code. > > Cc: Paul Moore > Cc: Stephen Smalley > Cc: Eric Paris > Acked-by: Paul Moore > Signed-off-by: Kefeng Wang > --- > security/selinux/hooks.c | 7 ++----- > 1 file changed, 2 insertions(+), 5 deletions(-) > > diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c > index d06e350fedee..ee8575540a8e 100644 > --- a/security/selinux/hooks.c > +++ b/security/selinux/hooks.c > @@ -3762,13 +3762,10 @@ static int selinux_file_mprotect(struct vm_area_struct *vma, > if (default_noexec && > (prot & PROT_EXEC) && !(vma->vm_flags & VM_EXEC)) { > int rc = 0; > - if (vma->vm_start >= vma->vm_mm->start_brk && > - vma->vm_end <= vma->vm_mm->brk) { > + if (vma_is_initial_heap(vma)) { This seems to change the condition from vma->vm_start >= vma->vm_mm->start_brk && vma->vm_end <= vma->vm_mm->brk to vma->vm_start <= vma->vm_mm->brk && vma->vm_end >= vma->vm_mm->start_brk (or AND arguments swapped) vma->vm_end >= vma->vm_mm->start_brk && vma->vm_start <= vma->vm_mm->brk Is this intended? > rc = avc_has_perm(sid, sid, SECCLASS_PROCESS, > PROCESS__EXECHEAP, NULL); > - } else if (!vma->vm_file && > - ((vma->vm_start <= vma->vm_mm->start_stack && > - vma->vm_end >= vma->vm_mm->start_stack) || > + } else if (!vma->vm_file && (vma_is_initial_stack(vma) || > vma_is_stack_for_current(vma))) { > rc = avc_has_perm(sid, sid, SECCLASS_PROCESS, > PROCESS__EXECSTACK, NULL); > -- > 2.27.0 >