From 35efb79b87d60910b98c94f9be81f4269b8cd7fd Mon Sep 17 00:00:00 2001 From: Jan200101 Date: Thu, 22 Aug 2024 18:43:02 +0200 Subject: kernel 6.9.12 selinux vma revert --- ...nux-revert-our-use-of-vma_is_initial_heap.patch | 57 ++++++++++++++++++++++ SPECS/kernel.spec | 7 ++- 2 files changed, 63 insertions(+), 1 deletion(-) create mode 100644 SOURCES/0001-selinux-revert-our-use-of-vma_is_initial_heap.patch diff --git a/SOURCES/0001-selinux-revert-our-use-of-vma_is_initial_heap.patch b/SOURCES/0001-selinux-revert-our-use-of-vma_is_initial_heap.patch new file mode 100644 index 0000000..da1afef --- /dev/null +++ b/SOURCES/0001-selinux-revert-our-use-of-vma_is_initial_heap.patch @@ -0,0 +1,57 @@ +From 05a3d6e9307250a5911d75308e4363466794ab21 Mon Sep 17 00:00:00 2001 +From: Paul Moore +Date: Thu, 8 Aug 2024 11:57:38 -0400 +Subject: [PATCH] selinux: revert our use of vma_is_initial_heap() + +Unfortunately it appears that vma_is_initial_heap() is currently broken +for applications that do not currently have any heap allocated, e.g. +brk == start_brk. The breakage is such that it will cause SELinux to +check for the process/execheap permission on memory regions that cross +brk/start_brk even when there is no heap. + +The proper fix would be to correct vma_is_initial_heap(), but as there +are multiple callers I am hesitant to unilaterally modify the helper +out of concern that I would end up breaking some other subsystem. The +mm developers have been made aware of the situation and hopefully they +will have a fix at some point in the future, but we need a fix soon so +we are simply going to revert our use of vma_is_initial_heap() in favor +of our old logic/code which works as expected, even in the face of a +zero size heap. We can return to using vma_is_initial_heap() at some +point in the future when it is fixed. + +Cc: stable@vger.kernel.org +Reported-by: Marc Reisner +Closes: https://lore.kernel.org/all/ZrPmoLKJEf1wiFmM@marcreisner.com +Fixes: 68df1baf158f ("selinux: use vma_is_initial_stack() and vma_is_initial_heap()") +Signed-off-by: Paul Moore +Signed-off-by: Jan200101 +--- + security/selinux/hooks.c | 12 +++++++++++- + 1 file changed, 11 insertions(+), 1 deletion(-) + +diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c +index 55c78c318ccd..bfa61e005aac 100644 +--- a/security/selinux/hooks.c ++++ b/security/selinux/hooks.c +@@ -3852,7 +3852,17 @@ static int selinux_file_mprotect(struct vm_area_struct *vma, + if (default_noexec && + (prot & PROT_EXEC) && !(vma->vm_flags & VM_EXEC)) { + int rc = 0; +- if (vma_is_initial_heap(vma)) { ++ /* ++ * We don't use the vma_is_initial_heap() helper as it has ++ * a history of problems and is currently broken on systems ++ * where there is no heap, e.g. brk == start_brk. Before ++ * replacing the conditional below with vma_is_initial_heap(), ++ * or something similar, please ensure that the logic is the ++ * same as what we have below or you have tested every possible ++ * corner case you can think to test. ++ */ ++ if (vma->vm_start >= vma->vm_mm->start_brk && ++ vma->vm_end <= vma->vm_mm->brk) { + rc = avc_has_perm(sid, sid, SECCLASS_PROCESS, + PROCESS__EXECHEAP, NULL); + } else if (!vma->vm_file && (vma_is_initial_stack(vma) || +-- +2.46.0 + diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec index e379ed1..d929021 100644 --- a/SPECS/kernel.spec +++ b/SPECS/kernel.spec @@ -169,7 +169,7 @@ Summary: The Linux kernel # This is needed to do merge window version magic %define patchlevel 9 # This allows pkg_release to have configurable %%{?dist} tag -%define specrelease 204%{?buildid}%{?dist} +%define specrelease 205%{?buildid}%{?dist} # This defines the kabi tarball version %define kabiversion 6.9.12 @@ -1049,6 +1049,7 @@ Patch415: v0-speaker-multifix.patch Patch416: v0-oxp-sensors.patch Patch417: loki-mini-pro-hda-pin-fixes.patch Patch418: dcn32-dcn301-dcn321-mpo-reverts.patch +Patch419: 0001-selinux-revert-our-use-of-vma_is_initial_heap.patch # Allow to set custom USB pollrate for specific devices like so: # usbcore.interrupt_interval_override=045e:00db:16,1bcf:0005:1 @@ -1955,6 +1956,7 @@ ApplyOptionalPatch v0-speaker-multifix.patch ApplyOptionalPatch v0-oxp-sensors.patch ApplyOptionalPatch loki-mini-pro-hda-pin-fixes.patch ApplyOptionalPatch dcn32-dcn301-dcn321-mpo-reverts.patch +ApplyOptionalPatch 0001-selinux-revert-our-use-of-vma_is_initial_heap.patch # Allow to set custom USB pollrate for specific devices like so: # usbcore.interrupt_interval_override=045e:00db:16,1bcf:0005:1 @@ -4135,6 +4137,9 @@ fi\ # # %changelog +* Thu Aug 22 2024 Jan200101 - 6.9.12-205.fsync +- kernel-fsync v6.9.12 selinux vma revert + * Fri Aug 09 2024 Jan200101 - 6.9.12-204.fsync - kernel-fsync v6.9.12 Ally X audio correction -- cgit v1.2.3