[4/5] selinux: use vma_is_stack() and vma_is_heap()

Message ID	20230712143831.120701-5-wangkefeng.wang@huawei.com (mailing list archive)
State	Handled Elsewhere
Delegated to:	Paul Moore
Headers	show Return-Path: <selinux-owner@vger.kernel.org> From: Kefeng Wang <wangkefeng.wang@huawei.com> To: Andrew Morton <akpm@linux-foundation.org> CC: <amd-gfx@lists.freedesktop.org>, <dri-devel@lists.freedesktop.org>, <linux-kernel@vger.kernel.org>, <linux-fsdevel@vger.kernel.org>, <linux-mm@kvack.org>, <linux-perf-users@vger.kernel.org>, <selinux@vger.kernel.org>, Kefeng Wang <wangkefeng.wang@huawei.com> Subject: [PATCH 4/5] selinux: use vma_is_stack() and vma_is_heap() Date: Wed, 12 Jul 2023 22:38:30 +0800 Message-ID: <20230712143831.120701-5-wangkefeng.wang@huawei.com> In-Reply-To: <20230712143831.120701-1-wangkefeng.wang@huawei.com> References: <20230712143831.120701-1-wangkefeng.wang@huawei.com> MIME-Version: 1.0 Content-Transfer-Encoding: 7BIT Content-Type: text/plain; charset=US-ASCII Precedence: bulk
Series	mm: convert to vma_is_heap/stack() \| expand [0/5] mm: convert to vma_is_heap/stack() [1/5] mm: introduce vma_is_stack() and vma_is_heap() [2/5] mm: use vma_is_stack() and vma_is_heap() [3/5] drm/amdkfd: use vma_is_stack() and vma_is_heap() [4/5] selinux: use vma_is_stack() and vma_is_heap() [5/5] perf/core: use vma_is_stack() and vma_is_heap()

Message ID

20230712143831.120701-5-wangkefeng.wang@huawei.com (mailing list archive)

State

Handled Elsewhere

Delegated to:

Paul Moore

Headers

From: Kefeng Wang <wangkefeng.wang@huawei.com>
To: Andrew Morton <akpm@linux-foundation.org>
CC: <amd-gfx@lists.freedesktop.org>, <dri-devel@lists.freedesktop.org>,
        <linux-kernel@vger.kernel.org>, <linux-fsdevel@vger.kernel.org>,
        <linux-mm@kvack.org>, <linux-perf-users@vger.kernel.org>,
        <selinux@vger.kernel.org>, Kefeng Wang <wangkefeng.wang@huawei.com>
Subject: [PATCH 4/5] selinux: use vma_is_stack() and vma_is_heap()
Date: Wed, 12 Jul 2023 22:38:30 +0800
Message-ID: <20230712143831.120701-5-wangkefeng.wang@huawei.com>
In-Reply-To: <20230712143831.120701-1-wangkefeng.wang@huawei.com>
References: <20230712143831.120701-1-wangkefeng.wang@huawei.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 7BIT
Content-Type: text/plain; charset=US-ASCII
Precedence: bulk

Series

mm: convert to vma_is_heap/stack() | expand

Comments

Paul Moore July 17, 2023, 4:12 p.m. UTC | #1

On Wed, Jul 12, 2023 at 10:25 AM Kefeng Wang <wangkefeng.wang@huawei.com> wrote:
>
> Use the helpers to simplify code.
>
> Signed-off-by: Kefeng Wang <wangkefeng.wang@huawei.com>
> ---
>  security/selinux/hooks.c | 7 ++-----
>  1 file changed, 2 insertions(+), 5 deletions(-)
>
> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
> index 4e46cf3d67b6..289ef2d6a427 100644
> --- a/security/selinux/hooks.c
> +++ b/security/selinux/hooks.c
> @@ -3775,13 +3775,10 @@ static int selinux_file_mprotect(struct vm_area_struct *vma,
>         if (default_noexec &&
>             (prot & PROT_EXEC) && !(vma->vm_flags & VM_EXEC)) {
>                 int rc = 0;
> -               if (vma->vm_start >= vma->vm_mm->start_brk &&
> -                   vma->vm_end <= vma->vm_mm->brk) {
> +               if (vma_is_heap(vma)) {
>                         rc = avc_has_perm(sid, sid, SECCLASS_PROCESS,
>                                           PROCESS__EXECHEAP, NULL);
> -               } else if (!vma->vm_file &&
> -                          ((vma->vm_start <= vma->vm_mm->start_stack &&
> -                            vma->vm_end >= vma->vm_mm->start_stack) ||
> +               } else if (!vma->vm_file && vma_is_stack(vma) ||
>                             vma_is_stack_for_current(vma))) {

With the parens fix that Andrew already provided.

Acked-by: Paul Moore <paul@paul-moore.com>

>                         rc = avc_has_perm(sid, sid, SECCLASS_PROCESS,
>                                           PROCESS__EXECSTACK, NULL);
> --
> 2.41.0

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 4e46cf3d67b6..289ef2d6a427 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -3775,13 +3775,10 @@  static int selinux_file_mprotect(struct vm_area_struct *vma,
 	if (default_noexec &&
 	    (prot & PROT_EXEC) && !(vma->vm_flags & VM_EXEC)) {
 		int rc = 0;
-		if (vma->vm_start >= vma->vm_mm->start_brk &&
-		    vma->vm_end <= vma->vm_mm->brk) {
+		if (vma_is_heap(vma)) {
 			rc = avc_has_perm(sid, sid, SECCLASS_PROCESS,
 					  PROCESS__EXECHEAP, NULL);
-		} else if (!vma->vm_file &&
-			   ((vma->vm_start <= vma->vm_mm->start_stack &&
-			     vma->vm_end >= vma->vm_mm->start_stack) ||
+		} else if (!vma->vm_file && vma_is_stack(vma) ||
 			    vma_is_stack_for_current(vma))) {
 			rc = avc_has_perm(sid, sid, SECCLASS_PROCESS,
 					  PROCESS__EXECSTACK, NULL);

[4/5] selinux: use vma_is_stack() and vma_is_heap()

Commit Message

Comments

Patch