lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 27 Jan 2011 13:15:18 +0100
From:	Steffen Klassert <steffen.klassert@...unet.com>
To:	Dave Hansen <dave@...ux.vnet.ibm.com>
Cc:	Eric Paris <eparis@...hat.com>,
	Andrew Morton <akpm@...ux-foundation.org>,
	linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org
Subject: Re: flex_array related problems on selinux policy loading

On Wed, Jan 26, 2011 at 08:10:16AM -0800, Dave Hansen wrote:
> > 
> > Btw. why the struct flex_array needs to have page size?
> 
> It was designed as an alternative to _large_ allocations and we didn't
> expect people to want to use it for small things.  But, it doesn't
> _need_ to stay that way, we just did it like that for simplicity.
> 

Ok, I thought that. In case of selinux, the informations on how big
the array will be comes from the userspace. In the most cases, people
use big selinux policies like the selinux reference policy, these
arrays are quite big. But if somebody uses just a dummy policy, the
arrays are small or empty in some cases.

> > If we would make
> > flex_array of dynamic size, say metadata plus the maximum size of the array
> > in the case that the metadata and the array fit into a single page, and
> > metadata plus space for all the base pointers we need to dereference the
> > parts, if the metadata and array is beyond page size. With this, the struct
> > flex_array would have a reasonable size in any case, even if the array to
> > store is small or of zero size.
> 
> Sounds like a good idea to me.  Done right, it should only really affect
> the allocation path since we use kmalloc() already, and we can still
> plain kfree() it.
> 

So lets do it like that. I'll propose another patch, may take some days.

Steffen
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ