rpms/kernel/F-13 linux-2.6-selinux-avtab-size.patch, NONE, 1.1 kernel.spec, 1.2025, 1.2026

Eric Paris eparis at fedoraproject.org
Mon May 10 16:57:23 UTC 2010 

Author: eparis

Update of /cvs/pkgs/rpms/kernel/F-13
In directory cvs01.phx2.fedoraproject.org:/tmp/cvs-serv25022

Modified Files:
	kernel.spec 
Added Files:
	linux-2.6-selinux-avtab-size.patch 
Log Message:
* Mon May 10 2010 Eric Paris <eparis at redhat.com>
- reduce size of selinux poliy memory allocation (rhbz#590363)


linux-2.6-selinux-avtab-size.patch:
 avtab.h |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- NEW FILE linux-2.6-selinux-avtab-size.patch ---
commit 6c9ff1013b7a21099da838eeef7c3f23ee347957
Author: Stephen Smalley <sds at tycho.nsa.gov>
Date:   Mon Mar 15 10:42:11 2010 -0400

    SELinux: Reduce max avtab size to avoid page allocation failures
    
    Reduce MAX_AVTAB_HASH_BITS so that the avtab allocation is an order 2
    allocation rather than an order 4 allocation on x86_64.  This
    addresses reports of page allocation failures:
    http://marc.info/?l=selinux&m=126757230625867&w=2
    https://bugzilla.redhat.com/show_bug.cgi?id=570433
    
    Reported-by:  Russell Coker <russell at coker.com.au>
    Signed-off-by:  Stephen D. Smalley <sds at tycho.nsa.gov>
    Acked-by: Eric Paris <eparis at redhat.com>
    Signed-off-by: James Morris <jmorris at namei.org>

diff --git a/security/selinux/ss/avtab.h b/security/selinux/ss/avtab.h
index 8da6a84..cd4f734 100644
--- a/security/selinux/ss/avtab.h
+++ b/security/selinux/ss/avtab.h
@@ -82,7 +82,7 @@ struct avtab_node *avtab_search_node_next(struct avtab_node *node, int specified
 void avtab_cache_init(void);
 void avtab_cache_destroy(void);
 
-#define MAX_AVTAB_HASH_BITS 13
+#define MAX_AVTAB_HASH_BITS 11
 #define MAX_AVTAB_HASH_BUCKETS (1 << MAX_AVTAB_HASH_BITS)
 #define MAX_AVTAB_HASH_MASK (MAX_AVTAB_HASH_BUCKETS-1)
 #define MAX_AVTAB_SIZE MAX_AVTAB_HASH_BUCKETS


Index: kernel.spec
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/F-13/kernel.spec,v
retrieving revision 1.2025
retrieving revision 1.2026
diff -u -p -r1.2025 -r1.2026
--- kernel.spec	10 May 2010 14:54:14 -0000	1.2025
+++ kernel.spec	10 May 2010 16:57:21 -0000	1.2026
@@ -685,6 +685,7 @@ Patch520: linux-2.6.30-hush-rom-warning.
 Patch530: linux-2.6-silence-fbcon-logo.patch
 Patch570: linux-2.6-selinux-mprotect-checks.patch
 Patch580: linux-2.6-sparc-selinux-mprotect-checks.patch
+Patch581: linux-2.6-selinux-avtab-size.patch
 
 Patch600: linux-2.6-acpi-sleep-live-sci-live.patch
 Patch601: linux-2.6-pci-fixup-resume.patch
@@ -1399,6 +1400,8 @@ ApplyPatch linux-2.6-silence-fbcon-logo.
 #ApplyPatch linux-2.6-selinux-mprotect-checks.patch
 # Fix SELinux for sparc
 #ApplyPatch linux-2.6-sparc-selinux-mprotect-checks.patch
+# Shirk size of memory allocation required to load policy.  In 2.6.34
+ApplyPatch linux-2.6-selinux-avtab-size.patch
 
 # Changes to upstream defaults.
 
@@ -2202,6 +2205,9 @@ fi
 # and build.
 
 %changelog
+* Mon May 10 2010 Eric Paris <eparis at redhat.com>
+- reduce size of selinux poliy memory allocation (rhbz#590363)
+
 * Mon May 10 2010 Kyle McMartin <kyle at redhat.com>
 - crypto-aesni-kill-module_alias.patch: kill MODULE_ALIAS to prevent
   aesni-intel from autoloading.

More information about the scm-commits mailing list