On Thu, Aug 8, 2024 at 4:34 PM Paul Moore <paul@xxxxxxxxxxxxxx> wrote: > > Unfortunately it appears that vma_is_initial_heap() is currently broken > for applications that do not currently have any heap allocated, e.g. > brk == start_brk. The breakage is such that it will cause SELinux to > check for the process/execheap permission on memory regions that cross > brk/start_brk even when there is no heap. > > The proper fix would be to correct vma_is_initial_heap(), but as there > are multiple callers I am hesitant to unilaterally modify the helper > out of concern that I would end up breaking some other subsystem. The > mm developers have been made aware of the situation and hopefully they > will have a fix at some point in the future, but we need a fix soon so > we are simply going to revert our use of vma_is_initial_heap() in favor > of our old logic/code which works as expected, even in the face of a > zero size heap. We can return to using vma_is_initial_heap() at some > point in the future when it is fixed. > > Cc: stable@xxxxxxxxxxxxxxx > Reported-by: Marc Reisner <reisner.marc@xxxxxxxxx> > Closes: https://lore.kernel.org/all/ZrPmoLKJEf1wiFmM@xxxxxxxxxxxxxxx > Fixes: 68df1baf158f ("selinux: use vma_is_initial_stack() and vma_is_initial_heap()") > Signed-off-by: Paul Moore <paul@xxxxxxxxxxxxxx> > --- > security/selinux/hooks.c | 12 +++++++++++- > 1 file changed, 11 insertions(+), 1 deletion(-) As a FYI, this passes the selinux-testsuite and the execheap reproducer. -- paul-moore.com
