Re: [PATCH v3 3/4] selinux: use vma_is_initial_stack() and vma_is_initial_heap()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Aug 8, 2024 at 3:35 PM Marc Reisner <reisner.marc@xxxxxxxxx> wrote:
> On Thu, Aug 08, 2024 at 02:00:09PM -0400, Liam R. Howlett wrote:
> > Have a look at the mmapstress 3 test in ltp [1].  The tests pokes holes
> > and mmaps into those holes throughout the brk range.
> >
> > [1]. https://github.com/linux-test-project/ltp/blob/master/testcases/kernel/mem/mmapstress/mmapstress03.c
>
> In investigating this further, with additional reproducers, I believe
> that the whole bug is in vma_is_initial_heap().

That's my feeling at this point too.  Unfortunately, there are a few
callers other than SELinux so I don't want to change the helper
function without an explicit ACK from the mm folks and I think now
that we understand the problem we want to get this fixed ASAP in
Linus' tree (and get it marked for -stable).

I just posted a patch that reverts just our use of
vma_is_initial_heap() in favor of our old logic and adds a few lines
of comments about the problem with vma_is_initial_heap().  I'm okay
with moving back to vma_is_initial_heap() when it's fixed, but I'd
prefer it to be fixed for a while before we transition back to it.
We've gotten burned twice now with vma_is_initial_heap() so I'm going
to be a little extra cautious here.

https://lore.kernel.org/selinux/20240808203353.202352-2-paul@xxxxxxxxxxxxxx

> What do you all think about this patch? If it doesn't have any obvious
> flaws I can submit it (along with a revert for the revert).

I'll leave the mm folks to weigh in on the fix to
vma_is_initial_heap(), but as I said above, please don't submit a
patch to SELinux right now, I want the fixed version of
vma_is_initial_heap() to "soak" for a bit before we go back to it.

-- 
paul-moore.com





[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux