Skip top menus
National Security Agency and Central Security Service with agency logos.NSA/CSS Memorial Wall
Home    About NSA    Research    Business    Careers    Public Info    History
Introduction to Research    Security-Enhanced Linux    Information Assurance Research    Technology Transfer    Publications    Related Links

>>SELinux Mailing List: by thread

Search
What's new?
Contents
Overview
What's New
Frequently Asked Questions
Background
Documentation
License
Download
Participating
Mail List
Archive Summary
Archive by Thread
Archive by Author
Archive by Date
Archive by Subject
Remaining Work
Contributors
Related Work
Press Releases
  • Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]
From: James Morris <jmorris_at_intercode.com.au>
subject: [PATCH] safe memory allocation flags
Date: Thu, 6 Sep 2001 23:02:01 +1000 (EST)
  • This message: [ Message body ]
  • Next message: Stephen Smalley: "[PATCH] Bug fix for file alloc_security hook call"
  • Previous message: Conan Callen: "Re: checkpolicy creates core file"


The patch below allows netdev_precondition() to be called safely from interrupt context.

This can occur, for example, in the IP networking input path, which runs under a softirq. Under these conditions, kernel memory needs to be allocated with the GFP_ATOMIC flag. If anyone has seen an oops upon network traffic immedately after booting, this may have been the cause.

  • James -- James Morris <jmorris@intercode.com.au>

diff -urN -X /tmp/xmdiff module.orig/selinux_plug/hooks.c module/selinux_plug/hooks.c
--- module.orig/selinux_plug/hooks.c Thu Aug 23 14:20:50 2001
+++ module/selinux_plug/hooks.c Thu Sep 6 21:57:33 2001 @@ -308,7 +308,7 @@
 {

         struct netdev_security_struct *nsec = dev->security;

  • nsec = kmalloc(sizeof(struct netdev_security_struct), GFP_KERNEL); + nsec = kmalloc(sizeof(struct netdev_security_struct), SAFE_ALLOC); if (!nsec) return -ENOMEM; memset(nsec, 0, sizeof(struct netdev_security_struct)); diff -urN -X /tmp/xmdiff module.orig/selinux_plug/include/linux/flask/flask_types.h module/selinux_plug/include/linux/flask/flask_types.h
    --- module.orig/selinux_plug/include/linux/flask/flask_types.h Thu Jul 19 06:38:10 2001
    +++ module/selinux_plug/include/linux/flask/flask_types.h Thu Sep 6 21:58:37 2001 @@ -76,5 +76,15 @@

 #define CUR_SID current->sid 

+#ifdef __KERNEL__
+/*
+ * Use this for memory allocation flags (e.g. for kmalloc()) when the interrupt
+ * state is unknown.
+ */
+#include <linux/interrupt.h>
+
+#define SAFE_ALLOC (in_interrupt () ? GFP_ATOMIC : GFP_KERNEL)
+#endif
+

 #endif

diff -urN -X /tmp/xmdiff module.orig/selinux_plug/ss/global.h module/selinux_plug/ss/global.h
--- module.orig/selinux_plug/ss/global.h Thu Jul 19 06:38:07 2001
+++ module/selinux_plug/ss/global.h Thu Sep 6 22:19:22 2001 @@ -77,7 +77,7 @@
 #include <asm/uaccess.h>
 #include "selinux_plug.h" 

-#define malloc(size) kmalloc(size, GFP_ATOMIC)
+#define malloc(size) kmalloc(size, SAFE_ALLOC)
 #define free(ptr) kfree(ptr)

 typedef struct file FILE; 

--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
  • Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

This archive was generated by hypermail 2.2.0 on Wed 11 Jun 2008 - 08:10:54 EDT

Information Assurance | Signals & Intelligence        Links | Accessibility | Privacy & Security