rpms/kernel/F-13 linux-2.6-selinux-avtab-size.patch, NONE, 1.1 kernel.spec, 1.2025, 1.2026
Eric Paris
eparis at fedoraproject.org
Mon May 10 16:57:23 UTC 2010
Author: eparis
Update of /cvs/pkgs/rpms/kernel/F-13
In directory cvs01.phx2.fedoraproject.org:/tmp/cvs-serv25022
Modified Files:
kernel.spec
Added Files:
linux-2.6-selinux-avtab-size.patch
Log Message:
* Mon May 10 2010 Eric Paris <eparis at redhat.com>
- reduce size of selinux poliy memory allocation (rhbz#590363)
linux-2.6-selinux-avtab-size.patch:
avtab.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- NEW FILE linux-2.6-selinux-avtab-size.patch ---
commit 6c9ff1013b7a21099da838eeef7c3f23ee347957
Author: Stephen Smalley <sds at tycho.nsa.gov>
Date: Mon Mar 15 10:42:11 2010 -0400
SELinux: Reduce max avtab size to avoid page allocation failures
Reduce MAX_AVTAB_HASH_BITS so that the avtab allocation is an order 2
allocation rather than an order 4 allocation on x86_64. This
addresses reports of page allocation failures:
http://marc.info/?l=selinux&m=126757230625867&w=2
https://bugzilla.redhat.com/show_bug.cgi?id=570433
Reported-by: Russell Coker <russell at coker.com.au>
Signed-off-by: Stephen D. Smalley <sds at tycho.nsa.gov>
Acked-by: Eric Paris <eparis at redhat.com>
Signed-off-by: James Morris <jmorris at namei.org>
diff --git a/security/selinux/ss/avtab.h b/security/selinux/ss/avtab.h
index 8da6a84..cd4f734 100644
--- a/security/selinux/ss/avtab.h
+++ b/security/selinux/ss/avtab.h
@@ -82,7 +82,7 @@ struct avtab_node *avtab_search_node_next(struct avtab_node *node, int specified
void avtab_cache_init(void);
void avtab_cache_destroy(void);
-#define MAX_AVTAB_HASH_BITS 13
+#define MAX_AVTAB_HASH_BITS 11
#define MAX_AVTAB_HASH_BUCKETS (1 << MAX_AVTAB_HASH_BITS)
#define MAX_AVTAB_HASH_MASK (MAX_AVTAB_HASH_BUCKETS-1)
#define MAX_AVTAB_SIZE MAX_AVTAB_HASH_BUCKETS
Index: kernel.spec
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/F-13/kernel.spec,v
retrieving revision 1.2025
retrieving revision 1.2026
diff -u -p -r1.2025 -r1.2026
--- kernel.spec 10 May 2010 14:54:14 -0000 1.2025
+++ kernel.spec 10 May 2010 16:57:21 -0000 1.2026
@@ -685,6 +685,7 @@ Patch520: linux-2.6.30-hush-rom-warning.
Patch530: linux-2.6-silence-fbcon-logo.patch
Patch570: linux-2.6-selinux-mprotect-checks.patch
Patch580: linux-2.6-sparc-selinux-mprotect-checks.patch
+Patch581: linux-2.6-selinux-avtab-size.patch
Patch600: linux-2.6-acpi-sleep-live-sci-live.patch
Patch601: linux-2.6-pci-fixup-resume.patch
@@ -1399,6 +1400,8 @@ ApplyPatch linux-2.6-silence-fbcon-logo.
#ApplyPatch linux-2.6-selinux-mprotect-checks.patch
# Fix SELinux for sparc
#ApplyPatch linux-2.6-sparc-selinux-mprotect-checks.patch
+# Shirk size of memory allocation required to load policy. In 2.6.34
+ApplyPatch linux-2.6-selinux-avtab-size.patch
# Changes to upstream defaults.
@@ -2202,6 +2205,9 @@ fi
# and build.
%changelog
+* Mon May 10 2010 Eric Paris <eparis at redhat.com>
+- reduce size of selinux poliy memory allocation (rhbz#590363)
+
* Mon May 10 2010 Kyle McMartin <kyle at redhat.com>
- crypto-aesni-kill-module_alias.patch: kill MODULE_ALIAS to prevent
aesni-intel from autoloading.
More information about the scm-commits
mailing list