commit 23bdecb000c806cf4ec52764499a600f7200d7a9
author Eric Paris <eparis@redhat.com> Mon Nov 29 15:47:09 2010 -0500
committer Eric Paris <eparis@redhat.com> Tue Nov 30 17:28:57 2010 -0500
tree f13a523f6bec22c5e7ec58ea02a4988aefe7c8ac
parent c41ab6a1b9028de33e74101cb0aae13098a56fdb

selinux: convert type_val_to_struct to flex_array

In rawhide type_val_to_struct will allocate 26848 bytes, an order 3
allocations.  While this hasn't been seen to fail it isn't outside the
realm of possibiliy on systems with severe memory fragmentation.  Convert
to flex_array so no allocation will ever be bigger than PAGE_SIZE.

Signed-off-by: Eric Paris <eparis@redhat.com>

security/selinux/ss/services.c

diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index ab6dbce..afcbc19 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -530,12 +530,18 @@
 	struct context lo_scontext;
 	struct context lo_tcontext;
 	struct av_decision lo_avd;
-	struct type_datum *source
-		= policydb.type_val_to_struct[scontext->type - 1];
-	struct type_datum *target
-		= policydb.type_val_to_struct[tcontext->type - 1];
+	struct type_datum *source;
+	struct type_datum *target;
 	u32 masked = 0;
 
+	source = flex_array_get_ptr(policydb.type_val_to_struct_array,
+				    scontext->type - 1);
+	BUG_ON(!source);
+
+	target = flex_array_get_ptr(policydb.type_val_to_struct_array,
+				    tcontext->type - 1);
+	BUG_ON(!target);
+
 	if (source->bounds) {
 		memset(&lo_avd, 0, sizeof(lo_avd));
 
@@ -828,7 +834,8 @@
 
 	index = new_context->type;
 	while (true) {
-		type = policydb.type_val_to_struct[index - 1];
+		type = flex_array_get_ptr(policydb.type_val_to_struct_array,
+					  index - 1);
 		BUG_ON(!type);
 
 		/* not bounded anymore */