From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id EA52DC001DC for ; Wed, 19 Jul 2023 10:24:28 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231265AbjGSKY1 (ORCPT ); Wed, 19 Jul 2023 06:24:27 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45764 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231232AbjGSKYO (ORCPT ); Wed, 19 Jul 2023 06:24:14 -0400 Received: from szxga02-in.huawei.com (szxga02-in.huawei.com [45.249.212.188]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4EAF6E42; Wed, 19 Jul 2023 03:23:46 -0700 (PDT) Received: from dggpemm500001.china.huawei.com (unknown [172.30.72.55]) by szxga02-in.huawei.com (SkyGuard) with ESMTP id 4R5X0L6b1JzVjfR; Wed, 19 Jul 2023 18:21:06 +0800 (CST) Received: from [10.174.177.243] (10.174.177.243) by dggpemm500001.china.huawei.com (7.185.36.107) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.27; Wed, 19 Jul 2023 18:22:29 +0800 Message-ID: Date: Wed, 19 Jul 2023 18:22:29 +0800 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.10.1 Subject: Re: [PATCH v2 3/4] selinux: use vma_is_initial_stack() and vma_is_initial_heap() Content-Language: en-US To: =?UTF-8?Q?Christian_G=c3=b6ttsche?= CC: Andrew Morton , , , , , , , , Paul Moore , Stephen Smalley , Eric Paris References: <20230719075127.47736-1-wangkefeng.wang@huawei.com> <20230719075127.47736-4-wangkefeng.wang@huawei.com> From: Kefeng Wang In-Reply-To: Content-Type: text/plain; charset="UTF-8"; format=flowed Content-Transfer-Encoding: 8bit X-Originating-IP: [10.174.177.243] X-ClientProxiedBy: dggems706-chm.china.huawei.com (10.3.19.183) To dggpemm500001.china.huawei.com (7.185.36.107) X-CFilter-Loop: Reflected Precedence: bulk List-ID: X-Mailing-List: linux-perf-users@vger.kernel.org On 2023/7/19 17:02, Christian Göttsche wrote: > On Wed, 19 Jul 2023 at 09:40, Kefeng Wang wrote: >> >> Use the helpers to simplify code. >> >> Cc: Paul Moore >> Cc: Stephen Smalley >> Cc: Eric Paris >> Acked-by: Paul Moore >> Signed-off-by: Kefeng Wang >> --- >> security/selinux/hooks.c | 7 ++----- >> 1 file changed, 2 insertions(+), 5 deletions(-) >> >> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c >> index d06e350fedee..ee8575540a8e 100644 >> --- a/security/selinux/hooks.c >> +++ b/security/selinux/hooks.c >> @@ -3762,13 +3762,10 @@ static int selinux_file_mprotect(struct vm_area_struct *vma, >> if (default_noexec && >> (prot & PROT_EXEC) && !(vma->vm_flags & VM_EXEC)) { >> int rc = 0; >> - if (vma->vm_start >= vma->vm_mm->start_brk && >> - vma->vm_end <= vma->vm_mm->brk) { >> + if (vma_is_initial_heap(vma)) { > > This seems to change the condition from > > vma->vm_start >= vma->vm_mm->start_brk && vma->vm_end <= vma->vm_mm->brk > > to > > vma->vm_start <= vma->vm_mm->brk && vma->vm_end >= vma->vm_mm->start_brk > > (or AND arguments swapped) > > vma->vm_end >= vma->vm_mm->start_brk && vma->vm_start <= vma->vm_mm->brk > > Is this intended? The new condition is to check whether there is intersection between [startbrk,brk] and [vm_start,vm_end], it contains orignal check, so I think it is ok, but for selinux check, I am not sure if there is some other problem. > >> rc = avc_has_perm(sid, sid, SECCLASS_PROCESS, >> PROCESS__EXECHEAP, NULL); >> - } else if (!vma->vm_file && >> - ((vma->vm_start <= vma->vm_mm->start_stack && >> - vma->vm_end >= vma->vm_mm->start_stack) || >> + } else if (!vma->vm_file && (vma_is_initial_stack(vma) || >> vma_is_stack_for_current(vma))) { >> rc = avc_has_perm(sid, sid, SECCLASS_PROCESS, >> PROCESS__EXECSTACK, NULL); >> -- >> 2.27.0 >>