Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit acdf52d9 authored by Kent Overstreet's avatar Kent Overstreet Committed by Linus Torvalds
Browse files

selinux: convert to kvmalloc 

The flex arrays were being used for constant sized arrays, so there's no
benefit to using flex_arrays over something simpler.

Link: http://lkml.kernel.org/r/20181217131929.11727-4-kent.overstreet@gmail.com


Signed-off-by: default avatarKent Overstreet <kent.overstreet@gmail.com>
Cc: Paul Moore <paul@paul-moore.com>
Cc: Stephen Smalley <sds@tycho.nsa.gov>
Cc: Eric Paris <eparis@parisplace.org>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Dave Hansen <dave.hansen@intel.com>
Cc: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Cc: Matthew Wilcox <willy@infradead.org>
Cc: Neil Horman <nhorman@tuxdriver.com>
Cc: Pravin B Shelar <pshelar@ovn.org>
Cc: Shaohua Li <shli@kernel.org>
Cc: Vlad Yasevich <vyasevich@gmail.com>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent b330e6a4

security/selinux/ss/avtab.c

+19 −21
Original line number Diff line number Diff line
@@ -93,12 +93,10 @@ avtab_insert_node(struct avtab *h, int hvalue, 
		newnode->next = prev->next;

		prev->next = newnode;

	} else {

		newnode->next = flex_array_get_ptr(h->htable, hvalue);

		if (flex_array_put_ptr(h->htable, hvalue, newnode,

				       GFP_KERNEL|__GFP_ZERO)) {

			kmem_cache_free(avtab_node_cachep, newnode);

			return NULL;

		}

		struct avtab_node **n = &h->htable[hvalue];



		newnode->next = *n;

		*n = newnode;

	}



	h->nel++;
@@ -111,11 +109,11 @@ static int avtab_insert(struct avtab *h, struct avtab_key *key, struct avtab_dat 
	struct avtab_node *prev, *cur, *newnode;

	u16 specified = key->specified & ~(AVTAB_ENABLED|AVTAB_ENABLED_OLD);



	if (!h || !h->htable)

	if (!h)

		return -EINVAL;



	hvalue = avtab_hash(key, h->mask);

	for (prev = NULL, cur = flex_array_get_ptr(h->htable, hvalue);

	for (prev = NULL, cur = h->htable[hvalue];

	     cur;

	     prev = cur, cur = cur->next) {

		if (key->source_type == cur->key.source_type &&
@@ -156,10 +154,10 @@ avtab_insert_nonunique(struct avtab *h, struct avtab_key *key, struct avtab_datu 
	struct avtab_node *prev, *cur;

	u16 specified = key->specified & ~(AVTAB_ENABLED|AVTAB_ENABLED_OLD);



	if (!h || !h->htable)

	if (!h)

		return NULL;

	hvalue = avtab_hash(key, h->mask);

	for (prev = NULL, cur = flex_array_get_ptr(h->htable, hvalue);

	for (prev = NULL, cur = h->htable[hvalue];

	     cur;

	     prev = cur, cur = cur->next) {

		if (key->source_type == cur->key.source_type &&
@@ -186,11 +184,11 @@ struct avtab_datum *avtab_search(struct avtab *h, struct avtab_key *key) 
	struct avtab_node *cur;

	u16 specified = key->specified & ~(AVTAB_ENABLED|AVTAB_ENABLED_OLD);



	if (!h || !h->htable)

	if (!h)

		return NULL;



	hvalue = avtab_hash(key, h->mask);

	for (cur = flex_array_get_ptr(h->htable, hvalue); cur;

	for (cur = h->htable[hvalue]; cur;

	     cur = cur->next) {

		if (key->source_type == cur->key.source_type &&

		    key->target_type == cur->key.target_type &&
@@ -222,11 +220,11 @@ avtab_search_node(struct avtab *h, struct avtab_key *key) 
	struct avtab_node *cur;

	u16 specified = key->specified & ~(AVTAB_ENABLED|AVTAB_ENABLED_OLD);



	if (!h || !h->htable)

	if (!h)

		return NULL;



	hvalue = avtab_hash(key, h->mask);

	for (cur = flex_array_get_ptr(h->htable, hvalue); cur;

	for (cur = h->htable[hvalue]; cur;

	     cur = cur->next) {

		if (key->source_type == cur->key.source_type &&

		    key->target_type == cur->key.target_type &&
@@ -281,11 +279,11 @@ void avtab_destroy(struct avtab *h) 
	int i;

	struct avtab_node *cur, *temp;



	if (!h || !h->htable)

	if (!h)

		return;



	for (i = 0; i < h->nslot; i++) {

		cur = flex_array_get_ptr(h->htable, i);

		cur = h->htable[i];

		while (cur) {

			temp = cur;

			cur = cur->next;
@@ -295,7 +293,7 @@ void avtab_destroy(struct avtab *h) 
			kmem_cache_free(avtab_node_cachep, temp);

		}

	}

	flex_array_free(h->htable);

	kvfree(h->htable);

	h->htable = NULL;

	h->nslot = 0;

	h->mask = 0;
@@ -303,6 +301,7 @@ void avtab_destroy(struct avtab *h) 


int avtab_init(struct avtab *h)

{

	kvfree(h->htable);

	h->htable = NULL;

	h->nel = 0;

	return 0;
@@ -329,8 +328,7 @@ int avtab_alloc(struct avtab *h, u32 nrules) 
		nslot = MAX_AVTAB_HASH_BUCKETS;

	mask = nslot - 1;



	h->htable = flex_array_alloc(sizeof(struct avtab_node *), nslot,

				     GFP_KERNEL | __GFP_ZERO);

	h->htable = kvcalloc(nslot, sizeof(void *), GFP_KERNEL);

	if (!h->htable)

		return -ENOMEM;
@@ -353,7 +351,7 @@ void avtab_hash_eval(struct avtab *h, char *tag) 
	max_chain_len = 0;

	chain2_len_sum = 0;

	for (i = 0; i < h->nslot; i++) {

		cur = flex_array_get_ptr(h->htable, i);

		cur = h->htable[i];

		if (cur) {

			slots_used++;

			chain_len = 0;
@@ -646,7 +644,7 @@ int avtab_write(struct policydb *p, struct avtab *a, void *fp) 
		return rc;



	for (i = 0; i < a->nslot; i++) {

		for (cur = flex_array_get_ptr(a->htable, i); cur;

		for (cur = a->htable[i]; cur;

		     cur = cur->next) {

			rc = avtab_write_item(p, cur, fp);

			if (rc)

security/selinux/ss/avtab.h

+1 −3
Original line number Diff line number Diff line
@@ -24,7 +24,6 @@ 
#define _SS_AVTAB_H_



#include "security.h"

#include <linux/flex_array.h>



struct avtab_key {

	u16 source_type;	/* source type */
@@ -84,11 +83,10 @@ struct avtab_node { 
};



struct avtab {

	struct flex_array *htable;

	struct avtab_node **htable;

	u32 nel;	/* number of elements */

	u32 nslot;      /* number of hash slots */

	u32 mask;       /* mask to compute hash func */



};



int avtab_init(struct avtab *);

security/selinux/ss/conditional.c

+1 −5
Original line number Diff line number Diff line
@@ -195,7 +195,6 @@ int cond_index_bool(void *key, void *datum, void *datap) 
{

	struct policydb *p;

	struct cond_bool_datum *booldatum;

	struct flex_array *fa;



	booldatum = datum;

	p = datap;
@@ -203,10 +202,7 @@ int cond_index_bool(void *key, void *datum, void *datap) 
	if (!booldatum->value || booldatum->value > p->p_bools.nprim)

		return -EINVAL;



	fa = p->sym_val_to_name[SYM_BOOLS];

	if (flex_array_put_ptr(fa, booldatum->value - 1, key,

			       GFP_KERNEL | __GFP_ZERO))

		BUG();

	p->sym_val_to_name[SYM_BOOLS][booldatum->value - 1] = key;

	p->bool_val_to_struct[booldatum->value - 1] = booldatum;



	return 0;

security/selinux/ss/policydb.c

+30 −92
Original line number Diff line number Diff line
@@ -36,7 +36,6 @@ 
#include <linux/string.h>

#include <linux/errno.h>

#include <linux/audit.h>

#include <linux/flex_array.h>

#include "security.h"



#include "policydb.h"
@@ -341,17 +340,14 @@ static int common_index(void *key, void *datum, void *datap) 
{

	struct policydb *p;

	struct common_datum *comdatum;

	struct flex_array *fa;



	comdatum = datum;

	p = datap;

	if (!comdatum->value || comdatum->value > p->p_commons.nprim)

		return -EINVAL;



	fa = p->sym_val_to_name[SYM_COMMONS];

	if (flex_array_put_ptr(fa, comdatum->value - 1, key,

			       GFP_KERNEL | __GFP_ZERO))

		BUG();

	p->sym_val_to_name[SYM_COMMONS][comdatum->value - 1] = key;



	return 0;

}
@@ -359,16 +355,13 @@ static int class_index(void *key, void *datum, void *datap) 
{

	struct policydb *p;

	struct class_datum *cladatum;

	struct flex_array *fa;



	cladatum = datum;

	p = datap;

	if (!cladatum->value || cladatum->value > p->p_classes.nprim)

		return -EINVAL;

	fa = p->sym_val_to_name[SYM_CLASSES];

	if (flex_array_put_ptr(fa, cladatum->value - 1, key,

			       GFP_KERNEL | __GFP_ZERO))

		BUG();



	p->sym_val_to_name[SYM_CLASSES][cladatum->value - 1] = key;

	p->class_val_to_struct[cladatum->value - 1] = cladatum;

	return 0;

}
@@ -377,7 +370,6 @@ static int role_index(void *key, void *datum, void *datap) 
{

	struct policydb *p;

	struct role_datum *role;

	struct flex_array *fa;



	role = datum;

	p = datap;
@@ -386,10 +378,7 @@ static int role_index(void *key, void *datum, void *datap) 
	    || role->bounds > p->p_roles.nprim)

		return -EINVAL;



	fa = p->sym_val_to_name[SYM_ROLES];

	if (flex_array_put_ptr(fa, role->value - 1, key,

			       GFP_KERNEL | __GFP_ZERO))

		BUG();

	p->sym_val_to_name[SYM_ROLES][role->value - 1] = key;

	p->role_val_to_struct[role->value - 1] = role;

	return 0;

}
@@ -398,7 +387,6 @@ static int type_index(void *key, void *datum, void *datap) 
{

	struct policydb *p;

	struct type_datum *typdatum;

	struct flex_array *fa;



	typdatum = datum;

	p = datap;
@@ -408,15 +396,8 @@ static int type_index(void *key, void *datum, void *datap) 
		    || typdatum->value > p->p_types.nprim

		    || typdatum->bounds > p->p_types.nprim)

			return -EINVAL;

		fa = p->sym_val_to_name[SYM_TYPES];

		if (flex_array_put_ptr(fa, typdatum->value - 1, key,

				       GFP_KERNEL | __GFP_ZERO))

			BUG();



		fa = p->type_val_to_struct_array;

		if (flex_array_put_ptr(fa, typdatum->value - 1, typdatum,

				       GFP_KERNEL | __GFP_ZERO))

			BUG();

		p->sym_val_to_name[SYM_TYPES][typdatum->value - 1] = key;

		p->type_val_to_struct_array[typdatum->value - 1] = typdatum;

	}



	return 0;
@@ -426,7 +407,6 @@ static int user_index(void *key, void *datum, void *datap) 
{

	struct policydb *p;

	struct user_datum *usrdatum;

	struct flex_array *fa;



	usrdatum = datum;

	p = datap;
@@ -435,10 +415,7 @@ static int user_index(void *key, void *datum, void *datap) 
	    || usrdatum->bounds > p->p_users.nprim)

		return -EINVAL;



	fa = p->sym_val_to_name[SYM_USERS];

	if (flex_array_put_ptr(fa, usrdatum->value - 1, key,

			       GFP_KERNEL | __GFP_ZERO))

		BUG();

	p->sym_val_to_name[SYM_USERS][usrdatum->value - 1] = key;

	p->user_val_to_struct[usrdatum->value - 1] = usrdatum;

	return 0;

}
@@ -447,7 +424,6 @@ static int sens_index(void *key, void *datum, void *datap) 
{

	struct policydb *p;

	struct level_datum *levdatum;

	struct flex_array *fa;



	levdatum = datum;

	p = datap;
@@ -456,10 +432,8 @@ static int sens_index(void *key, void *datum, void *datap) 
		if (!levdatum->level->sens ||

		    levdatum->level->sens > p->p_levels.nprim)

			return -EINVAL;

		fa = p->sym_val_to_name[SYM_LEVELS];

		if (flex_array_put_ptr(fa, levdatum->level->sens - 1, key,

				       GFP_KERNEL | __GFP_ZERO))

			BUG();



		p->sym_val_to_name[SYM_LEVELS][levdatum->level->sens - 1] = key;

	}



	return 0;
@@ -469,7 +443,6 @@ static int cat_index(void *key, void *datum, void *datap) 
{

	struct policydb *p;

	struct cat_datum *catdatum;

	struct flex_array *fa;



	catdatum = datum;

	p = datap;
@@ -477,10 +450,8 @@ static int cat_index(void *key, void *datum, void *datap) 
	if (!catdatum->isalias) {

		if (!catdatum->value || catdatum->value > p->p_cats.nprim)

			return -EINVAL;

		fa = p->sym_val_to_name[SYM_CATS];

		if (flex_array_put_ptr(fa, catdatum->value - 1, key,

				       GFP_KERNEL | __GFP_ZERO))

			BUG();



		p->sym_val_to_name[SYM_CATS][catdatum->value - 1] = key;

	}



	return 0;
@@ -568,35 +539,23 @@ static int policydb_index(struct policydb *p) 
	if (!p->user_val_to_struct)

		return -ENOMEM;



	/* Yes, I want the sizeof the pointer, not the structure */

	p->type_val_to_struct_array = flex_array_alloc(sizeof(struct type_datum *),

						       p->p_types.nprim,

						       GFP_KERNEL | __GFP_ZERO);

	p->type_val_to_struct_array = kvcalloc(p->p_types.nprim,

					       sizeof(*p->type_val_to_struct_array),

					       GFP_KERNEL);

	if (!p->type_val_to_struct_array)

		return -ENOMEM;



	rc = flex_array_prealloc(p->type_val_to_struct_array, 0,

				 p->p_types.nprim, GFP_KERNEL | __GFP_ZERO);

	if (rc)

		goto out;



	rc = cond_init_bool_indexes(p);

	if (rc)

		goto out;



	for (i = 0; i < SYM_NUM; i++) {

		p->sym_val_to_name[i] = flex_array_alloc(sizeof(char *),

							 p->symtab[i].nprim,

							 GFP_KERNEL | __GFP_ZERO);

		p->sym_val_to_name[i] = kvcalloc(p->symtab[i].nprim,

						 sizeof(char *),

						 GFP_KERNEL);

		if (!p->sym_val_to_name[i])

			return -ENOMEM;



		rc = flex_array_prealloc(p->sym_val_to_name[i],

					 0, p->symtab[i].nprim,

					 GFP_KERNEL | __GFP_ZERO);

		if (rc)

			goto out;



		rc = hashtab_map(p->symtab[i].table, index_f[i], p);

		if (rc)

			goto out;
@@ -810,16 +769,13 @@ void policydb_destroy(struct policydb *p) 
		hashtab_destroy(p->symtab[i].table);

	}



	for (i = 0; i < SYM_NUM; i++) {

		if (p->sym_val_to_name[i])

			flex_array_free(p->sym_val_to_name[i]);

	}

	for (i = 0; i < SYM_NUM; i++)

		kvfree(p->sym_val_to_name[i]);



	kfree(p->class_val_to_struct);

	kfree(p->role_val_to_struct);

	kfree(p->user_val_to_struct);

	if (p->type_val_to_struct_array)

		flex_array_free(p->type_val_to_struct_array);

	kvfree(p->type_val_to_struct_array);



	avtab_destroy(&p->te_avtab);
@@ -872,17 +828,9 @@ void policydb_destroy(struct policydb *p) 
	hashtab_map(p->range_tr, range_tr_destroy, NULL);

	hashtab_destroy(p->range_tr);



	if (p->type_attr_map_array) {

		for (i = 0; i < p->p_types.nprim; i++) {

			struct ebitmap *e;



			e = flex_array_get(p->type_attr_map_array, i);

			if (!e)

				continue;

			ebitmap_destroy(e);

		}

		flex_array_free(p->type_attr_map_array);

	}

	for (i = 0; i < p->p_types.nprim; i++)

		ebitmap_destroy(&p->type_attr_map_array[i]);

	kvfree(p->type_attr_map_array);



	ebitmap_destroy(&p->filename_trans_ttypes);

	ebitmap_destroy(&p->policycaps);
@@ -1770,8 +1718,7 @@ static int type_bounds_sanity_check(void *key, void *datum, void *datap) 
			return -EINVAL;

		}



		upper = flex_array_get_ptr(p->type_val_to_struct_array,

					   upper->bounds - 1);

		upper = p->type_val_to_struct_array[upper->bounds - 1];

		BUG_ON(!upper);



		if (upper->attribute) {
@@ -2543,23 +2490,15 @@ int policydb_read(struct policydb *p, void *fp) 
	if (rc)

		goto bad;



	rc = -ENOMEM;

	p->type_attr_map_array = flex_array_alloc(sizeof(struct ebitmap),

						  p->p_types.nprim,

						  GFP_KERNEL | __GFP_ZERO);

	p->type_attr_map_array = kvcalloc(p->p_types.nprim,

					  sizeof(*p->type_attr_map_array),

					  GFP_KERNEL);

	if (!p->type_attr_map_array)

		goto bad;



	/* preallocate so we don't have to worry about the put ever failing */

	rc = flex_array_prealloc(p->type_attr_map_array, 0, p->p_types.nprim,

				 GFP_KERNEL | __GFP_ZERO);

	if (rc)

		goto bad;



	for (i = 0; i < p->p_types.nprim; i++) {

		struct ebitmap *e = flex_array_get(p->type_attr_map_array, i);

		struct ebitmap *e = &p->type_attr_map_array[i];



		BUG_ON(!e);

		ebitmap_init(e);

		if (p->policyvers >= POLICYDB_VERSION_AVTAB) {

			rc = ebitmap_read(e, fp);
@@ -3554,9 +3493,8 @@ int policydb_write(struct policydb *p, void *fp) 
		return rc;



	for (i = 0; i < p->p_types.nprim; i++) {

		struct ebitmap *e = flex_array_get(p->type_attr_map_array, i);

		struct ebitmap *e = &p->type_attr_map_array[i];



		BUG_ON(!e);

		rc = ebitmap_write(e, fp);

		if (rc)

			return rc;

security/selinux/ss/policydb.h

+4 −8
Original line number Diff line number Diff line
@@ -24,8 +24,6 @@ 
#ifndef _SS_POLICYDB_H_

#define _SS_POLICYDB_H_



#include <linux/flex_array.h>



#include "symtab.h"

#include "avtab.h"

#include "sidtab.h"
@@ -251,13 +249,13 @@ struct policydb { 
#define p_cats symtab[SYM_CATS]



	/* symbol names indexed by (value - 1) */

	struct flex_array *sym_val_to_name[SYM_NUM];

	char		**sym_val_to_name[SYM_NUM];



	/* class, role, and user attributes indexed by (value - 1) */

	struct class_datum **class_val_to_struct;

	struct role_datum **role_val_to_struct;

	struct user_datum **user_val_to_struct;

	struct flex_array *type_val_to_struct_array;

	struct type_datum **type_val_to_struct_array;



	/* type enforcement access vectors and transitions */

	struct avtab te_avtab;
@@ -294,7 +292,7 @@ struct policydb { 
	struct hashtab *range_tr;



	/* type -> attribute reverse mapping */

	struct flex_array *type_attr_map_array;

	struct ebitmap *type_attr_map_array;



	struct ebitmap policycaps;
@@ -369,9 +367,7 @@ static inline int put_entry(const void *buf, size_t bytes, int num, struct polic 


static inline char *sym_name(struct policydb *p, unsigned int sym_num, unsigned int element_nr)

{

	struct flex_array *fa = p->sym_val_to_name[sym_num];



	return flex_array_get_ptr(fa, element_nr);

	return p->sym_val_to_name[sym_num][element_nr];

}



extern u16 string_to_security_class(struct policydb *p, const char *name);