linux-hardened/security/selinux/ss
Eric Paris 6371dcd36f selinux: convert the policy type_attr_map to flex_array
Current selinux policy can have over 3000 types.  The type_attr_map in
policy is an array sized by the number of types times sizeof(struct ebitmap)
(12 on x86_64).  Basic math tells us the array is going to be of length
3000 x 12 = 36,000 bytes.  The largest 'safe' allocation on a long running
system is 16k.  Most of the time a 32k allocation will work.  But on long
running systems a 64k allocation (what we need) can fail quite regularly.
In order to deal with this I am converting the type_attr_map to use
flex_arrays.  Let the library code deal with breaking this into PAGE_SIZE
pieces.

-v2
rework some of the if(!obj) BUG() to be BUG_ON(!obj)
drop flex_array_put() calls and just use a _get() object directly

-v3
make apply to James' tree (drop the policydb_write changes)

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by:  Stephen D. Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
2010-08-02 15:38:39 +10:00
..
avtab.c selinux: cleanup return codes in avtab_read_item() 2010-08-02 15:35:01 +10:00
avtab.h SELinux: Reduce max avtab size to avoid page allocation failures 2010-03-16 08:31:02 +11:00
conditional.c selinux: fix error codes in cond_read_bool() 2010-08-02 15:35:04 +10:00
conditional.h selinux: conditional expression type validation was off-by-one 2008-08-07 08:56:16 +10:00
constraint.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
context.h selinux: allow MLS->non-MLS and vice versa upon policy reload 2010-02-04 09:06:36 +11:00
ebitmap.c netlabel: fix export of SELinux categories > 127 2010-02-25 17:49:20 +11:00
ebitmap.h SELinux: kills warnings in Improve SELinux performance when AVC misses 2007-10-17 08:59:36 +10:00
hashtab.c selinux: Unify for- and while-loop style 2008-08-15 08:40:47 +10:00
hashtab.h SELinux: hashtab.h whitespace, syntax, and other cleanups 2008-04-28 09:29:04 +10:00
Makefile selinux: generate flask headers during kernel build 2009-10-07 21:56:44 +11:00
mls.c Security: Fix coding style in security/ 2010-04-09 15:13:48 +10:00
mls.h selinux: allow MLS->non-MLS and vice versa upon policy reload 2010-02-04 09:06:36 +11:00
mls_types.h selinux: allow MLS->non-MLS and vice versa upon policy reload 2010-02-04 09:06:36 +11:00
policydb.c selinux: convert the policy type_attr_map to flex_array 2010-08-02 15:38:39 +10:00
policydb.h selinux: convert the policy type_attr_map to flex_array 2010-08-02 15:38:39 +10:00
services.c selinux: convert the policy type_attr_map to flex_array 2010-08-02 15:38:39 +10:00
services.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
sidtab.c selinux: Unify for- and while-loop style 2008-08-15 08:40:47 +10:00
sidtab.h selinux: support deferred mapping of contexts 2008-07-14 15:01:34 +10:00
symtab.c selinux: fix error codes in symtab_init() 2010-08-02 15:35:04 +10:00
symtab.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00