From patchwork Wed Jul 12 14:38:30 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kefeng Wang X-Patchwork-Id: 13310443 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 25AE9EB64D9 for ; Wed, 12 Jul 2023 14:25:29 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 44D6A6B0078; Wed, 12 Jul 2023 10:25:24 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 3824F6B007B; Wed, 12 Jul 2023 10:25:24 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 1AF2C6B007D; Wed, 12 Jul 2023 10:25:24 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id 0801A6B0078 for ; Wed, 12 Jul 2023 10:25:24 -0400 (EDT) Received: from smtpin26.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id EA16DA0284 for ; Wed, 12 Jul 2023 14:25:21 +0000 (UTC) X-FDA: 81003182442.26.11EE8B7 Received: from szxga03-in.huawei.com (szxga03-in.huawei.com [45.249.212.189]) by imf15.hostedemail.com (Postfix) with ESMTP id D1B39A000B for ; Wed, 12 Jul 2023 14:25:18 +0000 (UTC) Authentication-Results: imf15.hostedemail.com; dkim=none; spf=pass (imf15.hostedemail.com: domain of wangkefeng.wang@huawei.com designates 45.249.212.189 as permitted sender) smtp.mailfrom=wangkefeng.wang@huawei.com; dmarc=pass (policy=quarantine) header.from=huawei.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1689171920; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=cog3zFED0zqk0ayh/5AST+3VWG2EFfyBo0064QrevtA=; b=Zeayep7Zyfi0mEV+mwPniZWf/a+xQe0rKNVB+aI5gHCM9vF6eLEbUsrsF0h5ZQLd8cXtzO fOjexsTd1Z8exSNDYGrdbru3AGla4R9AJu8IXfRa1f9cZuj84RWeSdr+Mt6gMaOkYiwLFa LbedRxPKDfpwQM4CusOm5ZP+59Fb9Ks= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1689171920; a=rsa-sha256; cv=none; b=Jl7er80mRVCPo7p2yYfzMYAcV5GW97la/5fxtY7MAAbHMG/VVvJA7uJQtD301ax8lw4tGO iI9JJPzYtVExaLUcDXJ1JsmtpEqY4ZoE//CrrjqKTqdedtdRkAUJFiP2/8PScti65MuXRL 2TVTlUuXAonQiFIBGMHemQa4o7n7SZc= ARC-Authentication-Results: i=1; imf15.hostedemail.com; dkim=none; spf=pass (imf15.hostedemail.com: domain of wangkefeng.wang@huawei.com designates 45.249.212.189 as permitted sender) smtp.mailfrom=wangkefeng.wang@huawei.com; dmarc=pass (policy=quarantine) header.from=huawei.com Received: from dggpemm500001.china.huawei.com (unknown [172.30.72.57]) by szxga03-in.huawei.com (SkyGuard) with ESMTP id 4R1KhZ0q0bzPk8H; Wed, 12 Jul 2023 22:22:54 +0800 (CST) Received: from localhost.localdomain.localdomain (10.175.113.25) by dggpemm500001.china.huawei.com (7.185.36.107) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.27; Wed, 12 Jul 2023 22:25:13 +0800 From: Kefeng Wang To: Andrew Morton CC: , , , , , , , Kefeng Wang Subject: [PATCH 4/5] selinux: use vma_is_stack() and vma_is_heap() Date: Wed, 12 Jul 2023 22:38:30 +0800 Message-ID: <20230712143831.120701-5-wangkefeng.wang@huawei.com> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20230712143831.120701-1-wangkefeng.wang@huawei.com> References: <20230712143831.120701-1-wangkefeng.wang@huawei.com> MIME-Version: 1.0 X-Originating-IP: [10.175.113.25] X-ClientProxiedBy: dggems701-chm.china.huawei.com (10.3.19.178) To dggpemm500001.china.huawei.com (7.185.36.107) X-CFilter-Loop: Reflected X-Rspamd-Queue-Id: D1B39A000B X-Rspam-User: X-Stat-Signature: p87wqzhhtipt3jht5g3icgxg4j8zuau5 X-Rspamd-Server: rspam03 X-HE-Tag: 1689171918-508276 X-HE-Meta: U2FsdGVkX18rim4/EfBBP8Rr6W8sa30xdkAdTw4PklpVJmFEsZPcXJFKx8amsrFjyGxwEtUVgcI1+ncepvxE6DyEFHshTuXaM8KkDZB+mIbRj2yZuHL7W/Wc4FNb9E9XRzjwZY72IJ3SakM82FPtPkf3lCPP6mRqzySJugAwtZZXuAAhQq/hblaugeJTOM+xvARLIsLvKE8l/MkIay9UjLuSCkWL51Voc55DigUAJiNPzZKcPBJld1tmhGqXayDbm3ZFCjZZlZiSXRfge07PEcXL1RX2HYiqbsdeG++jbF5l30vrKSe0J38OCDttLfpRCJreVysE3HIsr7+4520Ppl1Ahzr0xgZxkiYjp6BPeeIiCU8yECmu0tFNjE2rld33IRVFsc7Qgsjr3r8S5CfTwO2ZkM66Tc3j6b1BMU1do5r0sDHAfz7Nu3POsr8LUiFjKyLz2WnmIIekbrzNfAbbzmJlK4tSTCurrYKhtwLkkIHpTvN/lOqGZWWhTrTH529qiZnV2FTtxMoonUQFbSwkapFJjhexyQGgOpxmJnE3TiDSf55PaOet0NFp11fB+DXDVn7xViTY4JJbOv4xpVwDVlBpIY03aB1R8NGb8cd9//2a7PF1wiW2Obzz1s3t66i7ynKd2tEJ5Bhn/qiUojomLCva/OKuI4xMuhvZav4vRN38cTfm2WebrYGYx1raEUXbsDOB01eydfmJBSf2ZNo4QbKbPCrQn7ApflCx5qeBuiBcp7MX5Ndv61B3Srme+LPOyGgizsAnB0dT0d/p6C0tZyrE+v7rGlhvRFrHkiGDWyl1ebIRMg0jnR3lcd0s9lm6F8xUnhtvO3Nf0lv+yBRn40/1sN6hEgLMhktjf1TRiwoAZ9J5nbSK1t3pKIl8T1DGIc+je7Xrg9KK4J8OKKNzYCUm6FyJ18dlabkYnwSfKRVaOZ64GI1tLIRThWP5M5n+g/Lj4M4JlHkrHjR03cu Xg0p249l c69N0I9yEnMWp/O9qpNWNiQLE80nfztJwScimbmRl6nug8olfsg4g/JR7T+rLWUR8eolrdoNsMRD7oyKS8EEKzxkJyKyT6lRpHfbR8/e4gSW5omhF9DWjH6getyNiduhIc9R5/CWjnms+Z49vgpkupPOnOX1gzZsdYY8tH4ZK+7Lx/kVwetMyzsyJpZzmzGySpm3V X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Use the helpers to simplify code. Signed-off-by: Kefeng Wang Acked-by: Paul Moore --- security/selinux/hooks.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 4e46cf3d67b6..289ef2d6a427 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -3775,13 +3775,10 @@ static int selinux_file_mprotect(struct vm_area_struct *vma, if (default_noexec && (prot & PROT_EXEC) && !(vma->vm_flags & VM_EXEC)) { int rc = 0; - if (vma->vm_start >= vma->vm_mm->start_brk && - vma->vm_end <= vma->vm_mm->brk) { + if (vma_is_heap(vma)) { rc = avc_has_perm(sid, sid, SECCLASS_PROCESS, PROCESS__EXECHEAP, NULL); - } else if (!vma->vm_file && - ((vma->vm_start <= vma->vm_mm->start_stack && - vma->vm_end >= vma->vm_mm->start_stack) || + } else if (!vma->vm_file && vma_is_stack(vma) || vma_is_stack_for_current(vma))) { rc = avc_has_perm(sid, sid, SECCLASS_PROCESS, PROCESS__EXECSTACK, NULL);