selinux: convert to kvmalloc

The flex arrays were being used for constant sized arrays, so there's no benefit to using flex_arrays over something simpler. Link: http://lkml.kernel.org/r/20181217131929.11727-4-kent.overstreet@gmail.com Signed-off-by: Kent Overstreet <kent.overstreet@gmail.com> Cc: Paul Moore <paul@paul-moore.com> Cc: Stephen Smalley <sds@tycho.nsa.gov> Cc: Eric Paris <eparis@parisplace.org> Cc: Alexey Dobriyan <adobriyan@gmail.com> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Dave Hansen <dave.hansen@intel.com> Cc: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> Cc: Matthew Wilcox <willy@infradead.org> Cc: Neil Horman <nhorman@tuxdriver.com> Cc: Pravin B Shelar <pshelar@ovn.org> Cc: Shaohua Li <shli@kernel.org> Cc: Vlad Yasevich <vyasevich@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2019-03-11 23:31:10 -07:00 · 2019-03-11 23:31:10 -07:00 · acdf52d97f
commit acdf52d97f
parent b330e6a49d
6 changed files with 62 additions and 144 deletions
--- a/security/selinux/ss/avtab.c
+++ b/security/selinux/ss/avtab.c
@ -93,12 +93,10 @@ avtab_insert_node(struct avtab *h, int hvalue,
 		newnode->next = prev->next;
 		prev->next = newnode;
 	} else {
-		newnode->next = flex_array_get_ptr(h->htable, hvalue);
+		struct avtab_node **n = &h->htable[hvalue];
-		if (flex_array_put_ptr(h->htable, hvalue, newnode,
+
-				       GFP_KERNEL|__GFP_ZERO)) {
+		newnode->next = *n;
-			kmem_cache_free(avtab_node_cachep, newnode);
+		*n = newnode;
 			return NULL;
 		}
 	}
 	h->nel++;
@ -111,11 +109,11 @@ static int avtab_insert(struct avtab *h, struct avtab_key *key, struct avtab_dat
 	struct avtab_node *prev, *cur, *newnode;
 	u16 specified = key->specified & ~(AVTAB_ENABLED|AVTAB_ENABLED_OLD);
-	if (!h || !h->htable)
+	if (!h)
 		return -EINVAL;
 	hvalue = avtab_hash(key, h->mask);
-	for (prev = NULL, cur = flex_array_get_ptr(h->htable, hvalue);
+	for (prev = NULL, cur = h->htable[hvalue];
 	     cur;
 	     prev = cur, cur = cur->next) {
 		if (key->source_type == cur->key.source_type &&
@ -156,10 +154,10 @@ avtab_insert_nonunique(struct avtab *h, struct avtab_key *key, struct avtab_datu
 	struct avtab_node *prev, *cur;
 	u16 specified = key->specified & ~(AVTAB_ENABLED|AVTAB_ENABLED_OLD);
-	if (!h || !h->htable)
+	if (!h)
 		return NULL;
 	hvalue = avtab_hash(key, h->mask);
-	for (prev = NULL, cur = flex_array_get_ptr(h->htable, hvalue);
+	for (prev = NULL, cur = h->htable[hvalue];
 	     cur;
 	     prev = cur, cur = cur->next) {
 		if (key->source_type == cur->key.source_type &&
@ -186,11 +184,11 @@ struct avtab_datum *avtab_search(struct avtab *h, struct avtab_key *key)
 	struct avtab_node *cur;
 	u16 specified = key->specified & ~(AVTAB_ENABLED|AVTAB_ENABLED_OLD);
-	if (!h || !h->htable)
+	if (!h)
 		return NULL;
 	hvalue = avtab_hash(key, h->mask);
-	for (cur = flex_array_get_ptr(h->htable, hvalue); cur;
+	for (cur = h->htable[hvalue]; cur;
 	     cur = cur->next) {
 		if (key->source_type == cur->key.source_type &&
 		    key->target_type == cur->key.target_type &&
@ -222,11 +220,11 @@ avtab_search_node(struct avtab *h, struct avtab_key *key)
 	struct avtab_node *cur;
 	u16 specified = key->specified & ~(AVTAB_ENABLED|AVTAB_ENABLED_OLD);
-	if (!h || !h->htable)
+	if (!h)
 		return NULL;
 	hvalue = avtab_hash(key, h->mask);
-	for (cur = flex_array_get_ptr(h->htable, hvalue); cur;
+	for (cur = h->htable[hvalue]; cur;
 	     cur = cur->next) {
 		if (key->source_type == cur->key.source_type &&
 		    key->target_type == cur->key.target_type &&
@ -281,11 +279,11 @@ void avtab_destroy(struct avtab *h)
 	int i;
 	struct avtab_node *cur, *temp;
-	if (!h || !h->htable)
+	if (!h)
 		return;
 	for (i = 0; i < h->nslot; i++) {
-		cur = flex_array_get_ptr(h->htable, i);
+		cur = h->htable[i];
 		while (cur) {
 			temp = cur;
 			cur = cur->next;
@ -295,7 +293,7 @@ void avtab_destroy(struct avtab *h)
 			kmem_cache_free(avtab_node_cachep, temp);
 		}
 	}
-	flex_array_free(h->htable);
+	kvfree(h->htable);
 	h->htable = NULL;
 	h->nslot = 0;
 	h->mask = 0;
@ -303,6 +301,7 @@ void avtab_destroy(struct avtab *h)
 int avtab_init(struct avtab *h)
 {
 	kvfree(h->htable);
 	h->htable = NULL;
 	h->nel = 0;
 	return 0;
@ -329,8 +328,7 @@ int avtab_alloc(struct avtab *h, u32 nrules)
 		nslot = MAX_AVTAB_HASH_BUCKETS;
 	mask = nslot - 1;
-	h->htable = flex_array_alloc(sizeof(struct avtab_node *), nslot,
+	h->htable = kvcalloc(nslot, sizeof(void *), GFP_KERNEL);
 				     GFP_KERNEL | __GFP_ZERO);
 	if (!h->htable)
 		return -ENOMEM;
@ -353,7 +351,7 @@ void avtab_hash_eval(struct avtab *h, char *tag)
 	max_chain_len = 0;
 	chain2_len_sum = 0;
 	for (i = 0; i < h->nslot; i++) {
-		cur = flex_array_get_ptr(h->htable, i);
+		cur = h->htable[i];
 		if (cur) {
 			slots_used++;
 			chain_len = 0;
@ -646,7 +644,7 @@ int avtab_write(struct policydb *p, struct avtab *a, void *fp)
 		return rc;
 	for (i = 0; i < a->nslot; i++) {
-		for (cur = flex_array_get_ptr(a->htable, i); cur;
+		for (cur = a->htable[i]; cur;
 		     cur = cur->next) {
 			rc = avtab_write_item(p, cur, fp);
 			if (rc)
--- a/security/selinux/ss/avtab.h
+++ b/security/selinux/ss/avtab.h
@ -24,7 +24,6 @@
 #define _SS_AVTAB_H_
 #include "security.h"
 #include <linux/flex_array.h>
 struct avtab_key {
 	u16 source_type;	/* source type */
@ -84,11 +83,10 @@ struct avtab_node {
 };
 struct avtab {
-	struct flex_array *htable;
+	struct avtab_node **htable;
 	u32 nel;	/* number of elements */
 	u32 nslot;      /* number of hash slots */
 	u32 mask;       /* mask to compute hash func */
 };
 int avtab_init(struct avtab *);
--- a/security/selinux/ss/conditional.c
+++ b/security/selinux/ss/conditional.c
@ -195,7 +195,6 @@ int cond_index_bool(void *key, void *datum, void *datap)
 {
 	struct policydb *p;
 	struct cond_bool_datum *booldatum;
 	struct flex_array *fa;
 	booldatum = datum;
 	p = datap;
@ -203,10 +202,7 @@ int cond_index_bool(void *key, void *datum, void *datap)
 	if (!booldatum->value || booldatum->value > p->p_bools.nprim)
 		return -EINVAL;
-	fa = p->sym_val_to_name[SYM_BOOLS];
+	p->sym_val_to_name[SYM_BOOLS][booldatum->value - 1] = key;
 	if (flex_array_put_ptr(fa, booldatum->value - 1, key,
 			       GFP_KERNEL | __GFP_ZERO))
 		BUG();
 	p->bool_val_to_struct[booldatum->value - 1] = booldatum;
 	return 0;
--- a/security/selinux/ss/policydb.c
+++ b/security/selinux/ss/policydb.c
@ -36,7 +36,6 @@
 #include <linux/string.h>
 #include <linux/errno.h>
 #include <linux/audit.h>
 #include <linux/flex_array.h>
 #include "security.h"
 #include "policydb.h"
@ -341,17 +340,14 @@ static int common_index(void *key, void *datum, void *datap)
 {
 	struct policydb *p;
 	struct common_datum *comdatum;
 	struct flex_array *fa;
 	comdatum = datum;
 	p = datap;
 	if (!comdatum->value || comdatum->value > p->p_commons.nprim)
 		return -EINVAL;
-	fa = p->sym_val_to_name[SYM_COMMONS];
+	p->sym_val_to_name[SYM_COMMONS][comdatum->value - 1] = key;
-	if (flex_array_put_ptr(fa, comdatum->value - 1, key,
+
 			       GFP_KERNEL | __GFP_ZERO))
 		BUG();
 	return 0;
 }
@ -359,16 +355,13 @@ static int class_index(void *key, void *datum, void *datap)
 {
 	struct policydb *p;
 	struct class_datum *cladatum;
 	struct flex_array *fa;
 	cladatum = datum;
 	p = datap;
 	if (!cladatum->value || cladatum->value > p->p_classes.nprim)
 		return -EINVAL;
-	fa = p->sym_val_to_name[SYM_CLASSES];
+
-	if (flex_array_put_ptr(fa, cladatum->value - 1, key,
+	p->sym_val_to_name[SYM_CLASSES][cladatum->value - 1] = key;
 			       GFP_KERNEL | __GFP_ZERO))
 		BUG();
 	p->class_val_to_struct[cladatum->value - 1] = cladatum;
 	return 0;
 }
@ -377,7 +370,6 @@ static int role_index(void *key, void *datum, void *datap)
 {
 	struct policydb *p;
 	struct role_datum *role;
 	struct flex_array *fa;
 	role = datum;
 	p = datap;
@ -386,10 +378,7 @@ static int role_index(void *key, void *datum, void *datap)
 	    || role->bounds > p->p_roles.nprim)
 		return -EINVAL;
-	fa = p->sym_val_to_name[SYM_ROLES];
+	p->sym_val_to_name[SYM_ROLES][role->value - 1] = key;
 	if (flex_array_put_ptr(fa, role->value - 1, key,
 			       GFP_KERNEL | __GFP_ZERO))
 		BUG();
 	p->role_val_to_struct[role->value - 1] = role;
 	return 0;
 }
@ -398,7 +387,6 @@ static int type_index(void *key, void *datum, void *datap)
 {
 	struct policydb *p;
 	struct type_datum *typdatum;
 	struct flex_array *fa;
 	typdatum = datum;
 	p = datap;
@ -408,15 +396,8 @@ static int type_index(void *key, void *datum, void *datap)
 		    || typdatum->value > p->p_types.nprim
 		    || typdatum->bounds > p->p_types.nprim)
 			return -EINVAL;
-		fa = p->sym_val_to_name[SYM_TYPES];
+		p->sym_val_to_name[SYM_TYPES][typdatum->value - 1] = key;
-		if (flex_array_put_ptr(fa, typdatum->value - 1, key,
+		p->type_val_to_struct_array[typdatum->value - 1] = typdatum;
 				       GFP_KERNEL | __GFP_ZERO))
 			BUG();
 		fa = p->type_val_to_struct_array;
 		if (flex_array_put_ptr(fa, typdatum->value - 1, typdatum,
 				       GFP_KERNEL | __GFP_ZERO))
 			BUG();
 	}
 	return 0;
@ -426,7 +407,6 @@ static int user_index(void *key, void *datum, void *datap)
 {
 	struct policydb *p;
 	struct user_datum *usrdatum;
 	struct flex_array *fa;
 	usrdatum = datum;
 	p = datap;
@ -435,10 +415,7 @@ static int user_index(void *key, void *datum, void *datap)
 	    || usrdatum->bounds > p->p_users.nprim)
 		return -EINVAL;
-	fa = p->sym_val_to_name[SYM_USERS];
+	p->sym_val_to_name[SYM_USERS][usrdatum->value - 1] = key;
 	if (flex_array_put_ptr(fa, usrdatum->value - 1, key,
 			       GFP_KERNEL | __GFP_ZERO))
 		BUG();
 	p->user_val_to_struct[usrdatum->value - 1] = usrdatum;
 	return 0;
 }
@ -447,7 +424,6 @@ static int sens_index(void *key, void *datum, void *datap)
 {
 	struct policydb *p;
 	struct level_datum *levdatum;
 	struct flex_array *fa;
 	levdatum = datum;
 	p = datap;
@ -456,10 +432,8 @@ static int sens_index(void *key, void *datum, void *datap)
 		if (!levdatum->level->sens ||
 		    levdatum->level->sens > p->p_levels.nprim)
 			return -EINVAL;
-		fa = p->sym_val_to_name[SYM_LEVELS];
+
-		if (flex_array_put_ptr(fa, levdatum->level->sens - 1, key,
+		p->sym_val_to_name[SYM_LEVELS][levdatum->level->sens - 1] = key;
 				       GFP_KERNEL | __GFP_ZERO))
 			BUG();
 	}
 	return 0;
@ -469,7 +443,6 @@ static int cat_index(void *key, void *datum, void *datap)
 {
 	struct policydb *p;
 	struct cat_datum *catdatum;
 	struct flex_array *fa;
 	catdatum = datum;
 	p = datap;
@ -477,10 +450,8 @@ static int cat_index(void *key, void *datum, void *datap)
 	if (!catdatum->isalias) {
 		if (!catdatum->value || catdatum->value > p->p_cats.nprim)
 			return -EINVAL;
-		fa = p->sym_val_to_name[SYM_CATS];
+
-		if (flex_array_put_ptr(fa, catdatum->value - 1, key,
+		p->sym_val_to_name[SYM_CATS][catdatum->value - 1] = key;
 				       GFP_KERNEL | __GFP_ZERO))
 			BUG();
 	}
 	return 0;
@ -568,35 +539,23 @@ static int policydb_index(struct policydb *p)
 	if (!p->user_val_to_struct)
 		return -ENOMEM;
-	/* Yes, I want the sizeof the pointer, not the structure */
+	p->type_val_to_struct_array = kvcalloc(p->p_types.nprim,
-	p->type_val_to_struct_array = flex_array_alloc(sizeof(struct type_datum *),
+					       sizeof(*p->type_val_to_struct_array),
-						       p->p_types.nprim,
+					       GFP_KERNEL);
 						       GFP_KERNEL | __GFP_ZERO);
 	if (!p->type_val_to_struct_array)
 		return -ENOMEM;
 	rc = flex_array_prealloc(p->type_val_to_struct_array, 0,
 				 p->p_types.nprim, GFP_KERNEL | __GFP_ZERO);
 	if (rc)
 		goto out;
 	rc = cond_init_bool_indexes(p);
 	if (rc)
 		goto out;
 	for (i = 0; i < SYM_NUM; i++) {
-		p->sym_val_to_name[i] = flex_array_alloc(sizeof(char *),
+		p->sym_val_to_name[i] = kvcalloc(p->symtab[i].nprim,
-							 p->symtab[i].nprim,
+						 sizeof(char *),
-							 GFP_KERNEL | __GFP_ZERO);
+						 GFP_KERNEL);
 		if (!p->sym_val_to_name[i])
 			return -ENOMEM;
 		rc = flex_array_prealloc(p->sym_val_to_name[i],
 					 0, p->symtab[i].nprim,
 					 GFP_KERNEL | __GFP_ZERO);
 		if (rc)
 			goto out;
 		rc = hashtab_map(p->symtab[i].table, index_f[i], p);
 		if (rc)
 			goto out;
@ -810,16 +769,13 @@ void policydb_destroy(struct policydb *p)
 		hashtab_destroy(p->symtab[i].table);
 	}
-	for (i = 0; i < SYM_NUM; i++) {
+	for (i = 0; i < SYM_NUM; i++)
-		if (p->sym_val_to_name[i])
+		kvfree(p->sym_val_to_name[i]);
 			flex_array_free(p->sym_val_to_name[i]);
 	}
 	kfree(p->class_val_to_struct);
 	kfree(p->role_val_to_struct);
 	kfree(p->user_val_to_struct);
-	if (p->type_val_to_struct_array)
+	kvfree(p->type_val_to_struct_array);
 		flex_array_free(p->type_val_to_struct_array);
 	avtab_destroy(&p->te_avtab);
@ -872,17 +828,9 @@ void policydb_destroy(struct policydb *p)
 	hashtab_map(p->range_tr, range_tr_destroy, NULL);
 	hashtab_destroy(p->range_tr);
-	if (p->type_attr_map_array) {
+	for (i = 0; i < p->p_types.nprim; i++)
-		for (i = 0; i < p->p_types.nprim; i++) {
+		ebitmap_destroy(&p->type_attr_map_array[i]);
-			struct ebitmap *e;
+	kvfree(p->type_attr_map_array);
 			e = flex_array_get(p->type_attr_map_array, i);
 			if (!e)
 				continue;
 			ebitmap_destroy(e);
 		}
 		flex_array_free(p->type_attr_map_array);
 	}
 	ebitmap_destroy(&p->filename_trans_ttypes);
 	ebitmap_destroy(&p->policycaps);
@ -1770,8 +1718,7 @@ static int type_bounds_sanity_check(void *key, void *datum, void *datap)
 			return -EINVAL;
 		}
-		upper = flex_array_get_ptr(p->type_val_to_struct_array,
+		upper = p->type_val_to_struct_array[upper->bounds - 1];
 					   upper->bounds - 1);
 		BUG_ON(!upper);
 		if (upper->attribute) {
@ -2543,23 +2490,15 @@ int policydb_read(struct policydb *p, void *fp)
 	if (rc)
 		goto bad;
-	rc = -ENOMEM;
+	p->type_attr_map_array = kvcalloc(p->p_types.nprim,
-	p->type_attr_map_array = flex_array_alloc(sizeof(struct ebitmap),
+					  sizeof(*p->type_attr_map_array),
-						  p->p_types.nprim,
+					  GFP_KERNEL);
 						  GFP_KERNEL | __GFP_ZERO);
 	if (!p->type_attr_map_array)
 		goto bad;
 	/* preallocate so we don't have to worry about the put ever failing */
 	rc = flex_array_prealloc(p->type_attr_map_array, 0, p->p_types.nprim,
 				 GFP_KERNEL | __GFP_ZERO);
 	if (rc)
 		goto bad;
 	for (i = 0; i < p->p_types.nprim; i++) {
-		struct ebitmap *e = flex_array_get(p->type_attr_map_array, i);
+		struct ebitmap *e = &p->type_attr_map_array[i];
 		BUG_ON(!e);
 		ebitmap_init(e);
 		if (p->policyvers >= POLICYDB_VERSION_AVTAB) {
 			rc = ebitmap_read(e, fp);
@ -3554,9 +3493,8 @@ int policydb_write(struct policydb *p, void *fp)
 		return rc;
 	for (i = 0; i < p->p_types.nprim; i++) {
-		struct ebitmap *e = flex_array_get(p->type_attr_map_array, i);
+		struct ebitmap *e = &p->type_attr_map_array[i];
 		BUG_ON(!e);
 		rc = ebitmap_write(e, fp);
 		if (rc)
 			return rc;
--- a/security/selinux/ss/policydb.h
+++ b/security/selinux/ss/policydb.h
@ -24,8 +24,6 @@
 #ifndef _SS_POLICYDB_H_
 #define _SS_POLICYDB_H_
 #include <linux/flex_array.h>
 #include "symtab.h"
 #include "avtab.h"
 #include "sidtab.h"
@ -251,13 +249,13 @@ struct policydb {
 #define p_cats symtab[SYM_CATS]
 	/* symbol names indexed by (value - 1) */
-	struct flex_array *sym_val_to_name[SYM_NUM];
+	char		**sym_val_to_name[SYM_NUM];
 	/* class, role, and user attributes indexed by (value - 1) */
 	struct class_datum **class_val_to_struct;
 	struct role_datum **role_val_to_struct;
 	struct user_datum **user_val_to_struct;
-	struct flex_array *type_val_to_struct_array;
+	struct type_datum **type_val_to_struct_array;
 	/* type enforcement access vectors and transitions */
 	struct avtab te_avtab;
@ -294,7 +292,7 @@ struct policydb {
 	struct hashtab *range_tr;
 	/* type -> attribute reverse mapping */
-	struct flex_array *type_attr_map_array;
+	struct ebitmap *type_attr_map_array;
 	struct ebitmap policycaps;
@ -369,9 +367,7 @@ static inline int put_entry(const void *buf, size_t bytes, int num, struct polic
 static inline char *sym_name(struct policydb *p, unsigned int sym_num, unsigned int element_nr)
 {
-	struct flex_array *fa = p->sym_val_to_name[sym_num];
+	return p->sym_val_to_name[sym_num][element_nr];
 	return flex_array_get_ptr(fa, element_nr);
 }
 extern u16 string_to_security_class(struct policydb *p, const char *name);
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@ -49,7 +49,6 @@
 #include <linux/sched.h>
 #include <linux/audit.h>
 #include <linux/mutex.h>
 #include <linux/flex_array.h>
 #include <linux/vmalloc.h>
 #include <net/netlabel.h>
@ -545,15 +544,13 @@ static void type_attribute_bounds_av(struct policydb *policydb,
 	struct type_datum *target;
 	u32 masked = 0;
-	source = flex_array_get_ptr(policydb->type_val_to_struct_array,
+	source = policydb->type_val_to_struct_array[scontext->type - 1];
 				    scontext->type - 1);
 	BUG_ON(!source);
 	if (!source->bounds)
 		return;
-	target = flex_array_get_ptr(policydb->type_val_to_struct_array,
+	target = policydb->type_val_to_struct_array[tcontext->type - 1];
 				    tcontext->type - 1);
 	BUG_ON(!target);
 	memset(&lo_avd, 0, sizeof(lo_avd));
@ -653,11 +650,9 @@ static void context_struct_compute_av(struct policydb *policydb,
 	 */
 	avkey.target_class = tclass;
 	avkey.specified = AVTAB_AV | AVTAB_XPERMS;
-	sattr = flex_array_get(policydb->type_attr_map_array,
+	sattr = &policydb->type_attr_map_array[scontext->type - 1];
 			       scontext->type - 1);
 	BUG_ON(!sattr);
-	tattr = flex_array_get(policydb->type_attr_map_array,
+	tattr = &policydb->type_attr_map_array[tcontext->type - 1];
 			       tcontext->type - 1);
 	BUG_ON(!tattr);
 	ebitmap_for_each_positive_bit(sattr, snode, i) {
 		ebitmap_for_each_positive_bit(tattr, tnode, j) {
@ -900,8 +895,7 @@ int security_bounded_transition(struct selinux_state *state,
 	index = new_context->type;
 	while (true) {
-		type = flex_array_get_ptr(policydb->type_val_to_struct_array,
+		type = policydb->type_val_to_struct_array[index - 1];
 					  index - 1);
 		BUG_ON(!type);
 		/* not bounded anymore */
@ -1064,11 +1058,9 @@ void security_compute_xperms_decision(struct selinux_state *state,
 	avkey.target_class = tclass;
 	avkey.specified = AVTAB_XPERMS;
-	sattr = flex_array_get(policydb->type_attr_map_array,
+	sattr = &policydb->type_attr_map_array[scontext->type - 1];
 				scontext->type - 1);
 	BUG_ON(!sattr);
-	tattr = flex_array_get(policydb->type_attr_map_array,
+	tattr = &policydb->type_attr_map_array[tcontext->type - 1];
 				tcontext->type - 1);
 	BUG_ON(!tattr);
 	ebitmap_for_each_positive_bit(sattr, snode, i) {
 		ebitmap_for_each_positive_bit(tattr, tnode, j) {