On Thu, Aug 8, 2024 at 3:35 PM Marc Reisner <reisner.marc@xxxxxxxxx> wrote: > On Thu, Aug 08, 2024 at 02:00:09PM -0400, Liam R. Howlett wrote: > > Have a look at the mmapstress 3 test in ltp [1]. The tests pokes holes > > and mmaps into those holes throughout the brk range. > > > > [1]. https://github.com/linux-test-project/ltp/blob/master/testcases/kernel/mem/mmapstress/mmapstress03.c > > In investigating this further, with additional reproducers, I believe > that the whole bug is in vma_is_initial_heap(). That's my feeling at this point too. Unfortunately, there are a few callers other than SELinux so I don't want to change the helper function without an explicit ACK from the mm folks and I think now that we understand the problem we want to get this fixed ASAP in Linus' tree (and get it marked for -stable). I just posted a patch that reverts just our use of vma_is_initial_heap() in favor of our old logic and adds a few lines of comments about the problem with vma_is_initial_heap(). I'm okay with moving back to vma_is_initial_heap() when it's fixed, but I'd prefer it to be fixed for a while before we transition back to it. We've gotten burned twice now with vma_is_initial_heap() so I'm going to be a little extra cautious here. https://lore.kernel.org/selinux/20240808203353.202352-2-paul@xxxxxxxxxxxxxx > What do you all think about this patch? If it doesn't have any obvious > flaws I can submit it (along with a revert for the revert). I'll leave the mm folks to weigh in on the fix to vma_is_initial_heap(), but as I said above, please don't submit a patch to SELinux right now, I want the fixed version of vma_is_initial_heap() to "soak" for a bit before we go back to it. -- paul-moore.com
