From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 42E58C0015E for ; Wed, 19 Jul 2023 10:27:58 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 8EBFC280051; Wed, 19 Jul 2023 06:27:57 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 89B2028004C; Wed, 19 Jul 2023 06:27:57 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 789C7280051; Wed, 19 Jul 2023 06:27:57 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id 694D828004C for ; Wed, 19 Jul 2023 06:27:57 -0400 (EDT) Received: from smtpin08.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id 2DFE2801BF for ; Wed, 19 Jul 2023 10:27:57 +0000 (UTC) X-FDA: 81027985794.08.2498D4F Received: from szxga02-in.huawei.com (szxga02-in.huawei.com [45.249.212.188]) by imf23.hostedemail.com (Postfix) with ESMTP id 2430014001C for ; Wed, 19 Jul 2023 10:27:49 +0000 (UTC) Authentication-Results: imf23.hostedemail.com; dkim=none; spf=pass (imf23.hostedemail.com: domain of wangkefeng.wang@huawei.com designates 45.249.212.188 as permitted sender) smtp.mailfrom=wangkefeng.wang@huawei.com; dmarc=pass (policy=quarantine) header.from=huawei.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1689762475; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=InuS2o5lWrgW/7LDk5G1MdrvnIS5WU3OByEbQAEldcc=; b=W397o/ufK9R3DGMMywuP4BFAge4hKr/FKVJZt0IKL0lhQqSl3g4iU6+yp4db/EUSR7fe2C JkmzmU5lsg+Rj3Y7d9ozwJZkFAwgCU6DeHPZNIILOYbMHywKpRv7dIWlY78s6Z37kYeVOK RYL588Ms8d1lhsKO68jPPoJpEMqELnk= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1689762475; a=rsa-sha256; cv=none; b=s+1OLLsdeQ6Ux+SDWyrS0OCr/qXbN8kEytno+wYErWVDKPcjbSqfaf6qsn/bESXs1XqhoF A3ClQmRl7jOCtA1fULHc8WuX5hYCC7MXtJGnixHvetHgUfmiYgWWA/TwhzHkJS+2SBm3GA 11py6pT4ceshPmepQHiEGA2Wl8sD+lg= ARC-Authentication-Results: i=1; imf23.hostedemail.com; dkim=none; spf=pass (imf23.hostedemail.com: domain of wangkefeng.wang@huawei.com designates 45.249.212.188 as permitted sender) smtp.mailfrom=wangkefeng.wang@huawei.com; dmarc=pass (policy=quarantine) header.from=huawei.com Received: from dggpemm500001.china.huawei.com (unknown [172.30.72.55]) by szxga02-in.huawei.com (SkyGuard) with ESMTP id 4R5X0L6b1JzVjfR; Wed, 19 Jul 2023 18:21:06 +0800 (CST) Received: from [10.174.177.243] (10.174.177.243) by dggpemm500001.china.huawei.com (7.185.36.107) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.27; Wed, 19 Jul 2023 18:22:29 +0800 Message-ID: Date: Wed, 19 Jul 2023 18:22:29 +0800 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.10.1 Subject: Re: [PATCH v2 3/4] selinux: use vma_is_initial_stack() and vma_is_initial_heap() Content-Language: en-US To: =?UTF-8?Q?Christian_G=c3=b6ttsche?= CC: Andrew Morton , , , , , , , , Paul Moore , Stephen Smalley , Eric Paris References: <20230719075127.47736-1-wangkefeng.wang@huawei.com> <20230719075127.47736-4-wangkefeng.wang@huawei.com> From: Kefeng Wang In-Reply-To: Content-Type: text/plain; charset="UTF-8"; format=flowed Content-Transfer-Encoding: 8bit X-Originating-IP: [10.174.177.243] X-ClientProxiedBy: dggems706-chm.china.huawei.com (10.3.19.183) To dggpemm500001.china.huawei.com (7.185.36.107) X-CFilter-Loop: Reflected X-Rspamd-Queue-Id: 2430014001C X-Rspam-User: X-Stat-Signature: nazs9f568dqrnei749uz6j5wzyn6pwtn X-Rspamd-Server: rspam03 X-HE-Tag: 1689762469-896297 X-HE-Meta: U2FsdGVkX19V4nbH54Xj08P30siS4RYubEvV5TEukSiqmGP3DpNXqXRCil87StofAa86mX65+dNbzLBBUbYVChQto2xCGgG5SNmWfupEyO+dpqU8AKNj1Vv8EbD3oq+YI9U8+rBDyBDlkwlxqEL4osUHDsImVuIYjqVyrfBA+yYSaNEHYD7dtScOk4kd1aPrKoctPtoeHMxjdLLGKk/vo/k1FOiCBaMjOvMS35/DvHKyV3ZPqDOpAVPOoDom5xbQu/elgRV+/eHxnsLEkwcAfOpoWNKApeaObMX78zBheKUgI+6JKUo4cis3B00y2esR7DGfXZr7d+d6uCVKz96aXly9cpDLTEt629LJN+0OHc60TS8dWx8Lne9kCnRE2CGvWFRONNNwGwTQmhHcVgVeTrEPMaRH8VyMPPVyMev+QO0pWOpOV3TyJLij9cnFBh8/MphcDmDzMEVOMcZmfYGjaDgMb+eosN7YK8VrDe9T7vJLwe7ib9bkIUGJVSa8UHFKnjPc4HcBCwwCskLDTr7ymBKzDgl9m6QdtMzTHCLRMf0Ok+2MuWHdhZce82of28RRzYba5bzRIb+/ByQr2jT6eWDAsxXRxJeGAoSJ+6YcNgeSdJvAJe+FEgitslFQYUDcURMsYMPiSvAygB7kHgQCaU0KkF5qE/ifZ5V9y+wVo2NYa6gEM9sf6yVqBL3ao6OqIyYr4dG8CGi5D4AL4JIuSrU4ih+RvEIsw1fWYJ584LOId5m68lMWLc7tLcRR11uCsVYbuJ75NR6jTyZ3NYi+kxlQdBniSqaw1l1onbAaUIYj8kT9LVpPR7BbPO9gNHdDK4kNsYBUWSF9fa5J0Eh2mc8UVgo+WYFKa5QKbj/s9BThvA7ETam0VQrIYSNb8GUbmH7YQXh8s9P9dgKX6yfWV4f+ad09iRJritflMdnRU/o0U/AjT6enWeg05DCCbwYzjz2mVUlCEMJxWMuErDR jmgP8dk2 P1JFuxtTN0txJsongckHqs3MiUAdmyAP5+ZTUj8IKZQlOR/WHL9OX9UMhT+MGhPevKa94efGPoRXn9gw/r2rVChpslMhxCUB8snIXPKZOwdB0OP4zCi23Pvw7HxZ2kTZh2zTLpo+VBKZBXA7BM/8htRbq1B7GZYs0NXJCrajaNScbY4nabGxzdszHpI4QnHcSPn5wFrhvKihqSB5MhsC3yfxPMmeeStKmhfPatUetBegD45zcRlJ2NCyWg7/KME0I+VwLIi6hF8g7qcwLOacDNv0j0lOZ+1hbKFMuETMjs7bywd6MZ/AO+TfH0bqF/UpTdbcqcWUVaI5Qp4QracV2yyYGU8Yhcw5n1ALEUH9l0v5pRVCz7zXG4jpeKGzEyIKjS9g8Yq7D+LEHALCc+m8KQXl08PbFX5DWjOUt X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On 2023/7/19 17:02, Christian Göttsche wrote: > On Wed, 19 Jul 2023 at 09:40, Kefeng Wang wrote: >> >> Use the helpers to simplify code. >> >> Cc: Paul Moore >> Cc: Stephen Smalley >> Cc: Eric Paris >> Acked-by: Paul Moore >> Signed-off-by: Kefeng Wang >> --- >> security/selinux/hooks.c | 7 ++----- >> 1 file changed, 2 insertions(+), 5 deletions(-) >> >> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c >> index d06e350fedee..ee8575540a8e 100644 >> --- a/security/selinux/hooks.c >> +++ b/security/selinux/hooks.c >> @@ -3762,13 +3762,10 @@ static int selinux_file_mprotect(struct vm_area_struct *vma, >> if (default_noexec && >> (prot & PROT_EXEC) && !(vma->vm_flags & VM_EXEC)) { >> int rc = 0; >> - if (vma->vm_start >= vma->vm_mm->start_brk && >> - vma->vm_end <= vma->vm_mm->brk) { >> + if (vma_is_initial_heap(vma)) { > > This seems to change the condition from > > vma->vm_start >= vma->vm_mm->start_brk && vma->vm_end <= vma->vm_mm->brk > > to > > vma->vm_start <= vma->vm_mm->brk && vma->vm_end >= vma->vm_mm->start_brk > > (or AND arguments swapped) > > vma->vm_end >= vma->vm_mm->start_brk && vma->vm_start <= vma->vm_mm->brk > > Is this intended? The new condition is to check whether there is intersection between [startbrk,brk] and [vm_start,vm_end], it contains orignal check, so I think it is ok, but for selinux check, I am not sure if there is some other problem. > >> rc = avc_has_perm(sid, sid, SECCLASS_PROCESS, >> PROCESS__EXECHEAP, NULL); >> - } else if (!vma->vm_file && >> - ((vma->vm_start <= vma->vm_mm->start_stack && >> - vma->vm_end >= vma->vm_mm->start_stack) || >> + } else if (!vma->vm_file && (vma_is_initial_stack(vma) || >> vma_is_stack_for_current(vma))) { >> rc = avc_has_perm(sid, sid, SECCLASS_PROCESS, >> PROCESS__EXECSTACK, NULL); >> -- >> 2.27.0 >>