From: Tomasz Stanislawski <t.stanislaws@samsung.com>
To: linux-security-module@vger.kernel.org
Cc: m.szyprowski@samsung.com, kyungmin.park@samsung.com,
r.krypa@samsung.com, linux-kernel@vger.kernel.org,
casey@schaufler-ca.com,
Tomasz Stanislawski <t.stanislaws@samsung.com>
Subject: [RFC 1/5] security: smack: avoid kmalloc allocations while loading a rule string
Date: Thu, 13 Jun 2013 17:29:08 +0200 [thread overview]
Message-ID: <1371137352-31273-2-git-send-email-t.stanislaws@samsung.com> (raw)
In-Reply-To: <1371137352-31273-1-git-send-email-t.stanislaws@samsung.com>
The maximal length for a rule line for long format is introduced as
SMK_LOAD2LEN. This allows a buffer for a rule string to be allocated
on a stack instead of a heap (aka kmalloc cache).
Limiting the length of a rule line helps to avoid allocations of a very long
contiguous buffer from a heap if user calls write() for a very long chunk.
Such an allocation often causes a lot swapper/writeback havoc and it is very
likely to fails.
Moreover, stack allocation is slightly faster than from kmalloc.
Signed-off-by: Tomasz Stanislawski <t.stanislaws@samsung.com>
---
security/smack/smackfs.c | 15 ++++++---------
1 file changed, 6 insertions(+), 9 deletions(-)
diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c
index 53a08b8..9a3cd0d 100644
--- a/security/smack/smackfs.c
+++ b/security/smack/smackfs.c
@@ -137,6 +137,7 @@ const char *smack_cipso_option = SMACK_CIPSO_OPTION;
* SMK_ACCESS: Maximum possible combination of access permissions
* SMK_ACCESSLEN: Maximum length for a rule access field
* SMK_LOADLEN: Smack rule length
+ * SMK_LOAD2LEN: Smack maximal long rule length excluding \0
*/
#define SMK_OACCESS "rwxa"
#define SMK_ACCESS "rwxat"
@@ -144,6 +145,7 @@ const char *smack_cipso_option = SMACK_CIPSO_OPTION;
#define SMK_ACCESSLEN (sizeof(SMK_ACCESS) - 1)
#define SMK_OLOADLEN (SMK_LABELLEN + SMK_LABELLEN + SMK_OACCESSLEN)
#define SMK_LOADLEN (SMK_LABELLEN + SMK_LABELLEN + SMK_ACCESSLEN)
+#define SMK_LOAD2LEN (2 * SMK_LONGLABEL + SMK_ACCESSLEN + 2)
/*
* Stricly for CIPSO level manipulation.
@@ -447,8 +449,7 @@ static ssize_t smk_write_rules_list(struct file *file, const char __user *buf,
{
struct smack_known *skp;
struct smack_parsed_rule *rule;
- char *data;
- int datalen;
+ char data[SMK_LOAD2LEN + 1];
int rc = -EINVAL;
int load = 0;
@@ -465,13 +466,10 @@ static ssize_t smk_write_rules_list(struct file *file, const char __user *buf,
*/
if (count != SMK_OLOADLEN && count != SMK_LOADLEN)
return -EINVAL;
- datalen = SMK_LOADLEN;
- } else
- datalen = count + 1;
+ }
- data = kzalloc(datalen, GFP_KERNEL);
- if (data == NULL)
- return -ENOMEM;
+ if (count > SMK_LOAD2LEN)
+ count = SMK_LOAD2LEN;
if (copy_from_user(data, buf, count) != 0) {
rc = -EFAULT;
@@ -522,7 +520,6 @@ static ssize_t smk_write_rules_list(struct file *file, const char __user *buf,
out_free_rule:
kfree(rule);
out:
- kfree(data);
return rc;
}
--
1.7.9.5
next prev parent reply other threads:[~2013-06-13 15:29 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-06-13 15:29 [RFC 0/5] Optimizations for memory handling in smk_write_rules_list() Tomasz Stanislawski
2013-06-13 15:29 ` Tomasz Stanislawski [this message]
2013-06-15 19:32 ` [RFC 1/5] security: smack: avoid kmalloc allocations while loading a rule string Casey Schaufler
2013-06-17 11:24 ` Tomasz Stanislawski
2013-06-17 22:38 ` Casey Schaufler
2013-06-13 15:29 ` [RFC 2/5] security: smack: avoid kmalloc() in smk_parse_long_rule() Tomasz Stanislawski
2013-06-15 19:41 ` Casey Schaufler
2013-06-13 15:29 ` [RFC 3/5] security: smack: fix memleak in smk_write_rules_list() Tomasz Stanislawski
2013-06-15 19:54 ` Casey Schaufler
2013-06-13 15:29 ` [RFC 4/5] security: smack: add kmem_cache for smack_rule allocations Tomasz Stanislawski
2013-06-15 20:00 ` Casey Schaufler
2013-06-13 15:29 ` [RFC 5/5] security: smack: add kmem_cache for smack_master_list allocations Tomasz Stanislawski
2013-06-15 20:08 ` Casey Schaufler
2013-06-19 14:08 ` [PATCH] security: smack: fix memleak in smk_write_rules_list() Tomasz Stanislawski
2013-06-28 19:33 ` Casey Schaufler
2013-08-01 20:01 ` Casey Schaufler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1371137352-31273-2-git-send-email-t.stanislaws@samsung.com \
--to=t.stanislaws@samsung.com \
--cc=casey@schaufler-ca.com \
--cc=kyungmin.park@samsung.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=m.szyprowski@samsung.com \
--cc=r.krypa@samsung.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.