[PATCH] selinux: Remove load size limit
Load size was limited to 64MB, this was legacy limitation due to vmalloc() which was removed a while ago. Limiting load size to 64MB is both pointless and affects real world use cases. Signed-off-by: zhanglin --- security/selinux/selinuxfs.c | 4 1 file changed, 4 deletions(-) diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index f3a5a138a096..4249400e9712 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c @@ -549,10 +549,6 @@ static ssize_t sel_write_load(struct file *file, const char __user *buf, if (*ppos != 0) goto out; - length = -EFBIG; - if (count > 64 * 1024 * 1024) - goto out; - length = -ENOMEM; data = vmalloc(count); if (!data) -- 2.17.1
[PATCH] selinux: improve performance of sel_write_load()
remove unecessary multiplications of sel_write_load(). Signed-off-by: zhanglin --- security/selinux/selinuxfs.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index f3a5a138a096..4b2d87b6fcf9 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c @@ -117,6 +117,7 @@ static void selinux_fs_info_free(struct super_block *sb) #define SEL_CLASS_INO_OFFSET 0x0400 #define SEL_POLICYCAP_INO_OFFSET 0x0800 #define SEL_INO_MASK 0x00ff +#define SEL_LOAD_MAX 0x0400 #define TMPBUFLEN 12 static ssize_t sel_read_enforce(struct file *filp, char __user *buf, @@ -550,7 +551,7 @@ static ssize_t sel_write_load(struct file *file, const char __user *buf, goto out; length = -EFBIG; - if (count > 64 * 1024 * 1024) + if (count > SEL_LOAD_MAX) goto out; length = -ENOMEM; -- 2.17.1
[PATCH] [PATCH v3] sock: fix potential memory leak in proto_register()
If protocols registered exceeded PROTO_INUSE_NR, prot will be added to proto_list, but no available bit left for prot in proto_inuse_idx. Changes since v2: * Propagate the error code properly Signed-off-by: zhanglin --- net/core/sock.c | 31 +-- 1 file changed, 21 insertions(+), 10 deletions(-) diff --git a/net/core/sock.c b/net/core/sock.c index bc3512f230a3..f39163071384 100644 --- a/net/core/sock.c +++ b/net/core/sock.c @@ -3139,16 +3139,17 @@ static __init int net_inuse_init(void) core_initcall(net_inuse_init); -static void assign_proto_idx(struct proto *prot) +static int assign_proto_idx(struct proto *prot) { prot->inuse_idx = find_first_zero_bit(proto_inuse_idx, PROTO_INUSE_NR); if (unlikely(prot->inuse_idx == PROTO_INUSE_NR - 1)) { pr_err("PROTO_INUSE_NR exhausted\n"); - return; + return -ENOSPC; } set_bit(prot->inuse_idx, proto_inuse_idx); + return 0; } static void release_proto_idx(struct proto *prot) @@ -3157,8 +3158,9 @@ static void release_proto_idx(struct proto *prot) clear_bit(prot->inuse_idx, proto_inuse_idx); } #else -static inline void assign_proto_idx(struct proto *prot) +static inline int assign_proto_idx(struct proto *prot) { + return 0; } static inline void release_proto_idx(struct proto *prot) @@ -3207,6 +3209,8 @@ static int req_prot_init(const struct proto *prot) int proto_register(struct proto *prot, int alloc_slab) { + int ret = -ENOBUFS; + if (alloc_slab) { prot->slab = kmem_cache_create_usercopy(prot->name, prot->obj_size, 0, @@ -3243,20 +3247,27 @@ int proto_register(struct proto *prot, int alloc_slab) } mutex_lock(_list_mutex); + ret = assign_proto_idx(prot); + if (ret) { + mutex_unlock(_list_mutex); + goto out_free_timewait_sock_slab_name; + } list_add(>node, _list); - assign_proto_idx(prot); mutex_unlock(_list_mutex); - return 0; + return ret; out_free_timewait_sock_slab_name: - kfree(prot->twsk_prot->twsk_slab_name); + if (alloc_slab && prot->twsk_prot) + kfree(prot->twsk_prot->twsk_slab_name); out_free_request_sock_slab: - req_prot_cleanup(prot->rsk_prot); + if (alloc_slab) { + req_prot_cleanup(prot->rsk_prot); - kmem_cache_destroy(prot->slab); - prot->slab = NULL; + kmem_cache_destroy(prot->slab); + prot->slab = NULL; + } out: - return -ENOBUFS; + return ret; } EXPORT_SYMBOL(proto_register); -- 2.17.1
[PATCH v2] sock: fix potential memory leak in proto_register()
If protocols registered exceeded PROTO_INUSE_NR, prot will be added to proto_list, but no available bit left for prot in proto_inuse_idx. Signed-off-by: zhanglin --- net/core/sock.c | 24 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/net/core/sock.c b/net/core/sock.c index bc3512f230a3..c7ae32705705 100644 --- a/net/core/sock.c +++ b/net/core/sock.c @@ -3139,16 +3139,17 @@ static __init int net_inuse_init(void) core_initcall(net_inuse_init); -static void assign_proto_idx(struct proto *prot) +static int assign_proto_idx(struct proto *prot) { prot->inuse_idx = find_first_zero_bit(proto_inuse_idx, PROTO_INUSE_NR); if (unlikely(prot->inuse_idx == PROTO_INUSE_NR - 1)) { pr_err("PROTO_INUSE_NR exhausted\n"); - return; + return -ENOSPC; } set_bit(prot->inuse_idx, proto_inuse_idx); + return 0; } static void release_proto_idx(struct proto *prot) @@ -3157,8 +3158,9 @@ static void release_proto_idx(struct proto *prot) clear_bit(prot->inuse_idx, proto_inuse_idx); } #else -static inline void assign_proto_idx(struct proto *prot) +static inline int assign_proto_idx(struct proto *prot) { + return 0; } static inline void release_proto_idx(struct proto *prot) @@ -3243,18 +3245,24 @@ int proto_register(struct proto *prot, int alloc_slab) } mutex_lock(_list_mutex); + if (assign_proto_idx(prot)) { + mutex_unlock(_list_mutex); + goto out_free_timewait_sock_slab_name; + } list_add(>node, _list); - assign_proto_idx(prot); mutex_unlock(_list_mutex); return 0; out_free_timewait_sock_slab_name: - kfree(prot->twsk_prot->twsk_slab_name); + if (alloc_slab && prot->twsk_prot) + kfree(prot->twsk_prot->twsk_slab_name); out_free_request_sock_slab: - req_prot_cleanup(prot->rsk_prot); + if (alloc_slab) { + req_prot_cleanup(prot->rsk_prot); - kmem_cache_destroy(prot->slab); - prot->slab = NULL; + kmem_cache_destroy(prot->slab); + prot->slab = NULL; + } out: return -ENOBUFS; } -- 2.17.1
[PATCH] sock: fix potential memory leak in proto_register()
If protocols registered exceeded PROTO_INUSE_NR, prot will be added to proto_list, but no available bit left for prot in proto_inuse_idx. Signed-off-by: zhanglin --- net/core/sock.c | 21 ++--- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/net/core/sock.c b/net/core/sock.c index bc3512f230a3..25388d429f6a 100644 --- a/net/core/sock.c +++ b/net/core/sock.c @@ -3139,16 +3139,17 @@ static __init int net_inuse_init(void) core_initcall(net_inuse_init); -static void assign_proto_idx(struct proto *prot) +static int assign_proto_idx(struct proto *prot) { prot->inuse_idx = find_first_zero_bit(proto_inuse_idx, PROTO_INUSE_NR); if (unlikely(prot->inuse_idx == PROTO_INUSE_NR - 1)) { pr_err("PROTO_INUSE_NR exhausted\n"); - return; + return -ENOSPC; } set_bit(prot->inuse_idx, proto_inuse_idx); + return 0; } static void release_proto_idx(struct proto *prot) @@ -3243,18 +3244,24 @@ int proto_register(struct proto *prot, int alloc_slab) } mutex_lock(_list_mutex); + if (assign_proto_idx(prot)) { + mutex_unlock(_list_mutex); + goto out_free_timewait_sock_slab_name; + } list_add(>node, _list); - assign_proto_idx(prot); mutex_unlock(_list_mutex); return 0; out_free_timewait_sock_slab_name: - kfree(prot->twsk_prot->twsk_slab_name); + if (alloc_slab && prot->twsk_prot) + kfree(prot->twsk_prot->twsk_slab_name); out_free_request_sock_slab: - req_prot_cleanup(prot->rsk_prot); + if (alloc_slab) { + req_prot_cleanup(prot->rsk_prot); - kmem_cache_destroy(prot->slab); - prot->slab = NULL; + kmem_cache_destroy(prot->slab); + prot->slab = NULL; + } out: return -ENOBUFS; } -- 2.17.1