• Eric Paris's avatar
    selinux: convert the policy type_attr_map to flex_array · 6371dcd3
    Eric Paris authored
    Current selinux policy can have over 3000 types.  The type_attr_map in
    policy is an array sized by the number of types times sizeof(struct ebitmap)
    (12 on x86_64).  Basic math tells us the array is going to be of length
    3000 x 12 = 36,000 bytes.  The largest 'safe' allocation on a long running
    system is 16k.  Most of the time a 32k allocation will work.  But on long
    running systems a 64k allocation (what we need) can fail quite regularly.
    In order to deal with this I am converting the type_attr_map to use
    flex_arrays.  Let the library code deal with breaking this into PAGE_SIZE
    pieces.
    
    -v2
    rework some of the if(!obj) BUG() to be BUG_ON(!obj)
    drop flex_array_put() calls and just use a _get() object directly
    
    -v3
    make apply to James' tree (drop the policydb_write changes)
    Signed-off-by: default avatarEric Paris <eparis@redhat.com>
    Acked-by: default avatarStephen D. Smalley <sds@tycho.nsa.gov>
    Signed-off-by: default avatarJames Morris <jmorris@namei.org>
    6371dcd3
policydb.h 8.35 KB