From patchwork Thu Dec 7 15:25:25 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kefeng Wang X-Patchwork-Id: 13483438 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5E1C2C10F05 for ; Thu, 7 Dec 2023 15:26:00 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id DEC1C6B0085; Thu, 7 Dec 2023 10:25:59 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id D99246B009B; Thu, 7 Dec 2023 10:25:59 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id C61B76B009C; Thu, 7 Dec 2023 10:25:59 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id B1B396B0085 for ; Thu, 7 Dec 2023 10:25:59 -0500 (EST) Received: from smtpin12.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id 6B84614022F for ; Thu, 7 Dec 2023 15:25:59 +0000 (UTC) X-FDA: 81540397638.12.C1A6574 Received: from szxga02-in.huawei.com (szxga02-in.huawei.com [45.249.212.188]) by imf27.hostedemail.com (Postfix) with ESMTP id DD19C40028 for ; Thu, 7 Dec 2023 15:25:55 +0000 (UTC) Authentication-Results: imf27.hostedemail.com; dkim=none; dmarc=pass (policy=quarantine) header.from=huawei.com; spf=pass (imf27.hostedemail.com: domain of wangkefeng.wang@huawei.com designates 45.249.212.188 as permitted sender) smtp.mailfrom=wangkefeng.wang@huawei.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1701962757; a=rsa-sha256; cv=none; b=SYqL9vBI8R0OEz3BwYOJegL8zvUlx5XwquyAnEs+lmYV++Rv44DRZJ5ummwyR6IObyY3cP wHueb8wE47vRyaRMxc5Pnqs3qhqW0Gl1zIvu6LD1c1laJCoC2QUoBaFRRnf3m7NdF7jsnX snmeq0rZBP9YMnbzwA5NQKnZMPCje64= ARC-Authentication-Results: i=1; imf27.hostedemail.com; dkim=none; dmarc=pass (policy=quarantine) header.from=huawei.com; spf=pass (imf27.hostedemail.com: domain of wangkefeng.wang@huawei.com designates 45.249.212.188 as permitted sender) smtp.mailfrom=wangkefeng.wang@huawei.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1701962757; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:in-reply-to: references; bh=7zKPTRNAhfiTZuYx4XuffkBTZ9Sh0YSUEXn3H6TgbOw=; b=ALQW7Efc9EaLBTHpTgqsFlHePR7GU+X52WWoctc1IlOE2lCykWVHg28VO2PpSeEksVznSS uSBvuNR67INAs2OKA2uciSsd8tpXM6j9Qm5ghH0rWXbPO5mqveAF8gIbHTtiQNo1pRDAAU lHR3k1nszySbqetRURJ2weiB7mMYigM= Received: from dggpemm100001.china.huawei.com (unknown [172.30.72.55]) by szxga02-in.huawei.com (SkyGuard) with ESMTP id 4SmHzq6JSJzShwn; Thu, 7 Dec 2023 23:21:27 +0800 (CST) Received: from localhost.localdomain (10.175.112.125) by dggpemm100001.china.huawei.com (7.185.36.93) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Thu, 7 Dec 2023 23:25:49 +0800 From: Kefeng Wang To: Andrew Morton CC: , , , , , , Kefeng Wang , Ondrej Mosnacek Subject: [PATCH] mm: fix VMA heap bounds checking Date: Thu, 7 Dec 2023 23:25:25 +0800 Message-ID: <20231207152525.2607420-1-wangkefeng.wang@huawei.com> X-Mailer: git-send-email 2.27.0 MIME-Version: 1.0 X-Originating-IP: [10.175.112.125] X-ClientProxiedBy: dggems705-chm.china.huawei.com (10.3.19.182) To dggpemm100001.china.huawei.com (7.185.36.93) X-CFilter-Loop: Reflected X-Rspamd-Server: rspam08 X-Rspamd-Queue-Id: DD19C40028 X-Stat-Signature: r4i9uhje6g457qpe1qr579poyrboet8m X-Rspam-User: X-HE-Tag: 1701962755-184628 X-HE-Meta: U2FsdGVkX1+ozSs+HVBRaRrvb/AawGvVIAnb2zzrrT2/Nb+hEzgpTTUQwq8z1JXJx5VHyN6A9mYw8YDBHOZryfuy71oY7lXZjGXlhBV55YrT/UIypiaU5eS6k3s2AlTv+PDNL5+eosJHN1TAZcotylBoYFaXFlJQuVzoZi8MlHKasj6+qxi8zMYRrUkyPw1Jt+gTaWovaswMF1qFZWRp9vnen49hBx55FjMMES+YJt2luw+5HfAYcdR3ceVsjEdmREykNO1iE29JpdcwGxawHx9RnWDqOnsvGXumzU/j0jq+nnOUCBon9vdF2TAylvGVF8L0VJA+zLqYkbsEEXDV9Cz1XqxB0w04mxqQx2p5W006Fy2Tco2H+neUC6c+TboWFUSY1wx/F7W+QQDgEVQEuKwqeWiQRG+mpJKWcMbxmcyS4tFTuEvjplSm7mgkKYEaug1ygw8iS441VMYfB5Azed/XfBqhHzHTl4BHcALuUSRD2Gt9YQKvrfeMfWP12gf++oZ2W00Hwp9MDz4NWvxIWsDP97mFoJmAdJo4ter434KxQnvnfCqKqTxT6K579YnNe1AsTwNT61LdQoWpRWh0fmsLjKvMi28ZjNaF5xSLiX6yFmHsY0PQpeqlivfpbx8ToHGYsRKEoXaap2nP7DUkbrsbcoIgr6fhWdDR7rqRzuTnO4ktA14sKFy8Q3eDJShf9Yr5qS8qDsRVeqQxUXty38pmBE1Pdj/pqLmtYSpR8XKrZHiFrY2doJykRwR2sA7DuEAQqf2n3nFO8aIivWRl1d/vaOUDLCEzbgoGPPodsSRbC80J7f415Yo+OzxpwdiNs7FFrhCuy/fOohKqh5TRSxHYbmkSxd2AmxhG3+E6f8UHLsZZpAE0NIs26tADWz4GycvGHx2q4gzF6u8cl4+Wn/eYSb7e2mL/N+H2vk3WEZHfc9rpHas/JSIxaUErPi4WYDCjUJBEKoEtR1NZ5at lSUF7sWq v59AWi0LsPlIyf92GHI25Bp6mKLAclaB2LcwKnkbwMK9jNYtOtXwYL5qh4VOoCKWo9WGqunGVcGq1qiutKpsS0GecDNMry0tLFGvdJPJuHbH5iWwV2dc7asbXBDdMp86SkntztvZCbik6HXj4LVw5nxlSctST0MM0mOwjD7kKwMF6l4wfoUW0bxC4xyKcaSLMrbfEfdSE9w3Ks5xQLCCLPtRZPZbc89R+h/BBYHurkuSdWak/JPmQOvwuJJQbf2E6QhoPOm41vsLFZvGtE3sOCCSs7JbnnJb7DK+syNxbPZQW2u0hK22/K6ZjE6rLvvNiVcxp X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: After selinux converting to VMA heap check helper, the gcl triggers an execheap SELinux denial, which caused by different check logical. The old from selinux only check VMA range within VMA heap range, and the new will check the intersects between the two ranges, but the corner cases(vm_end=start_brk, brk=vm_start) doesn't be handled correctly. Since commit 11250fd12eb8 ("mm: factor out VMA stack and heap checks") only a function extraction, it seems that the issue introduced from commit 0db0c01b53a1 ("procfs: fix /proc//maps heap check"), let's fix above corner cases, meanwhile, corrent the wrong indentation of the stack and heap check helpers. Reported-and-tested-by: Ondrej Mosnacek Closes: https://lore.kernel.org/selinux/CAFqZXNv0SVT0fkOK6neP9AXbj3nxJ61JAY4+zJzvxqJaeuhbFw@mail.gmail.com/ Fixes: 0db0c01b53a1 ("procfs: fix /proc//maps heap check") Signed-off-by: Kefeng Wang --- include/linux/mm.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/include/linux/mm.h b/include/linux/mm.h index 1be544664f92..2bea89dc0bdf 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -886,8 +886,8 @@ static inline bool vma_is_anonymous(struct vm_area_struct *vma) */ static inline bool vma_is_initial_heap(const struct vm_area_struct *vma) { - return vma->vm_start <= vma->vm_mm->brk && - vma->vm_end >= vma->vm_mm->start_brk; + return vma->vm_start < vma->vm_mm->brk && + vma->vm_end > vma->vm_mm->start_brk; } /* @@ -901,8 +901,8 @@ static inline bool vma_is_initial_stack(const struct vm_area_struct *vma) * its "stack". It's not even well-defined for programs written * languages like Go. */ - return vma->vm_start <= vma->vm_mm->start_stack && - vma->vm_end >= vma->vm_mm->start_stack; + return vma->vm_start <= vma->vm_mm->start_stack && + vma->vm_end >= vma->vm_mm->start_stack; } static inline bool vma_is_temporary_stack(struct vm_area_struct *vma)