avtab: out of memory

avtab: out of memory

[Carsten Grohmann]

Hi!

Today the loading (make load) of my policy file failed with follow log
message

May 14 17:27:43 cvs kernel: ss:  loading policy configuration from
/etc/security/selinux/policy.9
May 14 17:27:43 cvs kernel: security: avtab: out of memory
....
May 14 17:37:47 cvs kernel: security:  5 users, 8 roles, 542 types
May 14 17:37:47 cvs kernel: security:  29 classes, 65787 rules

The load faild without the rules of cups und courier too. 
Now my policy file has only a size of 1.6 mb. I added only a few rules
for cvs and amanda and I think its not to great. 
MS-like: After the reboot it works fine without problems.

I don't know whats my misstake. Could anyone help me?

Thanks

  Carsten

--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: avtab: out of memory

[Stephen Smalley]

On Tue, 14 May 2002, Carsten Grohmann wrote:

> May 14 17:27:43 cvs kernel: ss:  loading policy configuration from
> /etc/security/selinux/policy.9
> May 14 17:27:43 cvs kernel: security: avtab: out of memory
> ....
> May 14 17:37:47 cvs kernel: security:  5 users, 8 roles, 542 types
> May 14 17:37:47 cvs kernel: security:  29 classes, 65787 rules
>
> The load faild without the rules of cups und courier too.
> Now my policy file has only a size of 1.6 mb. I added only a few rules
> for cvs and amanda and I think its not to great.
> MS-like: After the reboot it works fine without problems.
>
> I don't know whats my misstake. Could anyone help me?

The security server uses atomic allocation, so it will fail if the
allocation would sleep.  We could permit blocking allocation in the case
of a policy reload by a userspace process, which might help.  Was your
machine under heavy load?

I've loaded policies twice that size via make load without any problem,
and switched back and forth repeatedly.  If you can reproduce the problem
reliably and you're willing to send me the policy that triggers the
behavior, I can also try it here.

--
Stephen D. Smalley, NAI Labs
ssmalley@nai.com





--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: avtab: out of memory

[Carsten Grohmann]

Stephen Smalley schrieb:

> The security server uses atomic allocation, so it will fail if the
> allocation would sleep.  We could permit blocking allocation in the case
> of a policy reload by a userspace process, which might help.  Was your
> machine under heavy load?

No. It's only a small cvs server, without load at this time.
 
> I've loaded policies twice that size via make load without any problem,
> and switched back and forth repeatedly.  If you can reproduce the problem
> reliably and you're willing to send me the policy that triggers the
> behavior, I can also try it here.

Today I can not reproduce this error. It was not the first time and all
other times the problem disappeared after the second or third repeat. I
will send you the policy if I get this problem next time. OK?

Carsten

PS: I use the actuell package 2002050211.

--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: avtab: out of memory

[Stephen Smalley]

[-- Attachment #1: Type: TEXT/PLAIN, Size: 674 bytes --]


On Wed, 15 May 2002, Carsten Grohmann wrote:

> Today I can not reproduce this error. It was not the first time and all
> other times the problem disappeared after the second or third repeat. I
> will send you the policy if I get this problem next time. OK?
>
> PS: I use the actuell package 2002050211.

The attached patch (also committed to the sourceforge CVS) allows blocking
(sleeping) allocation during a policy load, which should be safe as it
only occurs in process context without holding any spinlocks.  To apply,
save it to ~/avtab.patch and cd lsm-2.4 && patch -p0 < ~/avtab.patch.
Then, rebuild your kernel.

--
Stephen D. Smalley, NAI Labs
ssmalley@nai.com



[-- Attachment #2: Type: TEXT/PLAIN, Size: 9436 bytes --]

Index: security/selinux/ss/avtab.c
===================================================================
RCS file: /cvsroot/selinux/nsa/lsm-2.4/security/selinux/ss/avtab.c,v
retrieving revision 1.1.1.2
diff -u -r1.1.1.2 avtab.c
--- security/selinux/ss/avtab.c	22 Jan 2002 17:07:17 -0000	1.1.1.2
+++ security/selinux/ss/avtab.c	15 May 2002 12:22:18 -0000
@@ -50,7 +50,7 @@
 			break;
 	}
 
-	newnode = (avtab_ptr_t) malloc(sizeof(struct avtab_node));
+	newnode = (avtab_ptr_t) malloc_sleep(sizeof(struct avtab_node));
 	if (newnode == NULL)
 		return -ENOMEM;
 	memset(newnode, 0, sizeof(struct avtab_node));
@@ -154,7 +154,7 @@
 {
 	int i;
 
-	h->htable = malloc(sizeof(avtab_ptr_t)*AVTAB_SIZE);
+	h->htable = malloc_sleep(sizeof(avtab_ptr_t)*AVTAB_SIZE);
 	if (!h->htable)
 		return -1;
 	for (i = 0; i < AVTAB_SIZE; i++)
Index: security/selinux/ss/ebitmap.c
===================================================================
RCS file: /cvsroot/selinux/nsa/lsm-2.4/security/selinux/ss/ebitmap.c,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 ebitmap.c
--- security/selinux/ss/ebitmap.c	20 Dec 2001 23:30:04 -0000	1.1.1.1
+++ security/selinux/ss/ebitmap.c	15 May 2002 12:22:18 -0000
@@ -285,7 +285,7 @@
 			printf("security: ebitmap: truncated map\n");
 			goto bad;
 		}
-		n = (ebitmap_node_t *) malloc(sizeof(ebitmap_node_t));
+		n = (ebitmap_node_t *) malloc_sleep(sizeof(ebitmap_node_t));
 		if (!n) {
 			printf("security: ebitmap: out of memory\n");
 			goto bad;
Index: security/selinux/ss/global.h
===================================================================
RCS file: /cvsroot/selinux/nsa/lsm-2.4/security/selinux/ss/global.h,v
retrieving revision 1.1.1.3
diff -u -r1.1.1.3 global.h
--- security/selinux/ss/global.h	3 May 2002 12:51:51 -0000	1.1.1.3
+++ security/selinux/ss/global.h	15 May 2002 12:22:18 -0000
@@ -64,6 +64,8 @@
 
 #define wmb() 
 
+#define malloc_sleep(size) malloc(size)
+
 #else
 
 #include <linux/kernel.h>	/* printk */
@@ -84,6 +86,7 @@
 #include "selinux_plug.h"
 
 #define malloc(size) kmalloc(size, GFP_ATOMIC)
+#define malloc_sleep(size) kmalloc(size, GFP_KERNEL)
 #define free(ptr) kfree(ptr)
 
 typedef struct file FILE;
Index: security/selinux/ss/policydb.c
===================================================================
RCS file: /cvsroot/selinux/nsa/lsm-2.4/security/selinux/ss/policydb.c,v
retrieving revision 1.1.1.2
diff -u -r1.1.1.2 policydb.c
--- security/selinux/ss/policydb.c	3 May 2002 12:51:52 -0000	1.1.1.2
+++ security/selinux/ss/policydb.c	15 May 2002 12:22:19 -0000
@@ -40,14 +40,14 @@
 	char *key = 0;
 	role_datum_t *role;
 
-	role = malloc(sizeof(role_datum_t));
+	role = malloc_sleep(sizeof(role_datum_t));
 	if (!role)
 		return -1;
 	memset(role, 0, sizeof(role_datum_t));
 	role->value = ++p->p_roles.nprim;
 	if (role->value != OBJECT_R_VAL)
 		return -1;
-	key = malloc(strlen(OBJECT_R)+1);
+	key = malloc_sleep(strlen(OBJECT_R)+1);
 	if (!key)
 		return -1;
 	strcpy(key, OBJECT_R);
@@ -189,7 +189,7 @@
 int policydb_index_classes(policydb_t * p)
 {
 	p->p_common_val_to_name = (char **)
-	    malloc(p->p_commons.nprim * sizeof(char *));
+	    malloc_sleep(p->p_commons.nprim * sizeof(char *));
 	if (!p->p_common_val_to_name)
 		return -1;
 
@@ -197,12 +197,12 @@
 		return -1;
 
 	p->class_val_to_struct = (class_datum_t **)
-	    malloc(p->p_classes.nprim * sizeof(class_datum_t *));
+	    malloc_sleep(p->p_classes.nprim * sizeof(class_datum_t *));
 	if (!p->class_val_to_struct)
 		return -1;
 
 	p->p_class_val_to_name = (char **)
-	    malloc(p->p_classes.nprim * sizeof(char *));
+	    malloc_sleep(p->p_classes.nprim * sizeof(char *));
 	if (!p->p_class_val_to_name)
 		return -1;
 
@@ -236,18 +236,18 @@
 #endif
 
 	p->role_val_to_struct = (role_datum_t **)
-	    malloc(p->p_roles.nprim * sizeof(role_datum_t *));
+	    malloc_sleep(p->p_roles.nprim * sizeof(role_datum_t *));
 	if (!p->role_val_to_struct)
 		return -1;
 
 	p->user_val_to_struct = (user_datum_t **)
-	    malloc(p->p_users.nprim * sizeof(user_datum_t *));
+	    malloc_sleep(p->p_users.nprim * sizeof(user_datum_t *));
 	if (!p->user_val_to_struct)
 		return -1;
 
 	for (i = SYM_ROLES; i < SYM_NUM; i++) {
 		p->sym_val_to_name[i] = (char **)
-		    malloc(p->symtab[i].nprim * sizeof(char *));
+		    malloc_sleep(p->symtab[i].nprim * sizeof(char *));
 		if (!p->sym_val_to_name[i])
 			return -1;
 		if (hashtab_map(p->symtab[i].table, index_f[i], p))
@@ -537,7 +537,7 @@
 	__u32 buf[32], len;
 	int items, items2;
 
-	perdatum = malloc(sizeof(perm_datum_t));
+	perdatum = malloc_sleep(sizeof(perm_datum_t));
 	if (!perdatum)
 		return -1;
 	memset(perdatum, 0, sizeof(perm_datum_t));
@@ -552,7 +552,7 @@
 	if (mls_read_perm(perdatum, fp))
 		goto bad;
 
-	key = malloc(len + 1);
+	key = malloc_sleep(len + 1);
 	if (!key)
 		goto bad;
 	items = fread(key, 1, len, fp);
@@ -578,7 +578,7 @@
 	__u32 buf[32], len, nel;
 	int items, i;
 
-	comdatum = malloc(sizeof(common_datum_t));
+	comdatum = malloc_sleep(sizeof(common_datum_t));
 	if (!comdatum)
 		return -1;
 	memset(comdatum, 0, sizeof(common_datum_t));
@@ -595,7 +595,7 @@
 	comdatum->permissions.nprim = le32_to_cpu(buf[2]);
 	nel = le32_to_cpu(buf[3]);
 
-	key = malloc(len + 1);
+	key = malloc_sleep(len + 1);
 	if (!key)
 		goto bad;
 	items = fread(key, 1, len, fp);
@@ -626,7 +626,7 @@
 	__u32 buf[32];
 	int items;
 
-	expr = malloc(sizeof(constraint_expr_t));
+	expr = malloc_sleep(sizeof(constraint_expr_t));
 	if (!expr)
 		return NULL;
 	memset(expr, 0, sizeof(constraint_expr_t));
@@ -678,7 +678,7 @@
 	__u32 buf[32], len, len2, ncons, nel;
 	int items, i;
 
-	cladatum = (class_datum_t *) malloc(sizeof(class_datum_t));
+	cladatum = (class_datum_t *) malloc_sleep(sizeof(class_datum_t));
 	if (!cladatum)
 		return -1;
 	memset(cladatum, 0, sizeof(class_datum_t));
@@ -698,7 +698,7 @@
 
 	ncons = le32_to_cpu(buf[5]);
 
-	key = malloc(len + 1);
+	key = malloc_sleep(len + 1);
 	if (!key)
 		goto bad;
 	items = fread(key, 1, len, fp);
@@ -707,7 +707,7 @@
 	key[len] = 0;
 
 	if (len2) {
-		cladatum->comkey = malloc(len2 + 1);
+		cladatum->comkey = malloc_sleep(len2 + 1);
 		if (!cladatum->comkey)
 			goto bad;
 		items = fread(cladatum->comkey, 1, len2, fp);
@@ -729,7 +729,7 @@
 
 	l = NULL;
 	for (i = 0; i < ncons; i++) {
-		c = malloc(sizeof(constraint_node_t));
+		c = malloc_sleep(sizeof(constraint_node_t));
 		if (!c)
 			goto bad;
 		memset(c, 0, sizeof(constraint_node_t));
@@ -770,7 +770,7 @@
 	__u32 buf[32], len;
 	int items;
 
-	role = malloc(sizeof(role_datum_t));
+	role = malloc_sleep(sizeof(role_datum_t));
 	if (!role)
 		return -1;
 	memset(role, 0, sizeof(role_datum_t));
@@ -782,7 +782,7 @@
 	len = le32_to_cpu(buf[0]);
 	role->value = le32_to_cpu(buf[1]);
 
-	key = malloc(len + 1);
+	key = malloc_sleep(len + 1);
 	if (!key)
 		goto bad;
 	items = fread(key, 1, len, fp);
@@ -825,7 +825,7 @@
 	__u32 buf[32], len;
 	int items;
 
-	typdatum = malloc(sizeof(type_datum_t));
+	typdatum = malloc_sleep(sizeof(type_datum_t));
 	if (!typdatum)
 		return -1;
 	memset(typdatum, 0, sizeof(type_datum_t));
@@ -838,7 +838,7 @@
 	typdatum->value = le32_to_cpu(buf[1]);
 	typdatum->primary = le32_to_cpu(buf[2]);
 
-	key = malloc(len + 1);
+	key = malloc_sleep(len + 1);
 	if (!key)
 		goto bad;
 	items = fread(key, 1, len, fp);
@@ -864,7 +864,7 @@
 	int items;
 
 
-	usrdatum = malloc(sizeof(user_datum_t));
+	usrdatum = malloc_sleep(sizeof(user_datum_t));
 	if (!usrdatum)
 		return -1;
 	memset(usrdatum, 0, sizeof(user_datum_t));
@@ -876,7 +876,7 @@
 	len = le32_to_cpu(buf[0]);
 	usrdatum->value = le32_to_cpu(buf[1]);
 
-	key = malloc(len + 1);
+	key = malloc_sleep(len + 1);
 	if (!key)
 		goto bad;
 	items = fread(key, 1, len, fp);
@@ -949,7 +949,7 @@
 		printf("security:  policydb string length %d does not match expected length %d\n", len, strlen(POLICYDB_STRING));
 		return -1;
 	}
-	policydb_str = malloc(len + 1);
+	policydb_str = malloc_sleep(len + 1);
 	if (!policydb_str) {
 		printf("security:  unable to allocate memory for policydb string of length %d\n", len);
 		return -1;
@@ -1017,7 +1017,7 @@
 	nel = le32_to_cpu(buf[0]);
 	ltr = NULL;
 	for (i = 0; i < nel; i++) {
-		tr = malloc(sizeof(struct role_trans));
+		tr = malloc_sleep(sizeof(struct role_trans));
 		if (!tr) {
 			goto bad;
 		}
@@ -1042,7 +1042,7 @@
 	nel = le32_to_cpu(buf[0]);
 	lra = NULL;
 	for (i = 0; i < nel; i++) {
-		ra = malloc(sizeof(struct role_allow));
+		ra = malloc_sleep(sizeof(struct role_allow));
 		if (!ra) {
 			goto bad;
 		}
@@ -1073,7 +1073,7 @@
 		nel = le32_to_cpu(buf[0]);
 		l = NULL;
 		for (j = 0; j < nel; j++) {
-			c = malloc(sizeof(ocontext_t));
+			c = malloc_sleep(sizeof(ocontext_t));
 			if (!c) {
 				goto bad;
 			}
@@ -1099,7 +1099,7 @@
 				if (items != 1)
 					goto bad;
 				len = le32_to_cpu(buf[0]);
-				c->u.name = malloc(len + 1);
+				c->u.name = malloc_sleep(len + 1);
 				if (!c->u.name) {
 					goto bad;
 				}
@@ -1147,7 +1147,7 @@
 				if (items != 1)
 					goto bad;
 				len = le32_to_cpu(buf[0]);
-				c->u.name = malloc(len + 1);
+				c->u.name = malloc_sleep(len + 1);
 				if (!c->u.name) {
 					goto bad;
 				}

boot.msg

[Carsten Grohmann]

Hi !

I found in my boot.msg follow lines:

Security Scaffold v1.0.0 initialized
AVC:  allocated 14760 bytes during initialization.
SELinux:  module inserted
SELinux:  Starting in permissive mode
There is already a security framework initialized, register_security
failed.
Failure registering capabilities with the kernel
selinux_register_security:  Registering secondary module capability
Capability LSM initialized

Is it OK with the "failed" in line 5? 

Thanks for your comments.

Carsten

--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: boot.msg

[James Morris]

On Thu, 23 May 2002, Carsten Grohmann wrote:

> Hi !
> 
> I found in my boot.msg follow lines:
> 
> Security Scaffold v1.0.0 initialized
> AVC:  allocated 14760 bytes during initialization.
> SELinux:  module inserted
> SELinux:  Starting in permissive mode
> There is already a security framework initialized, register_security
> failed.
> Failure registering capabilities with the kernel
> selinux_register_security:  Registering secondary module capability
> Capability LSM initialized
> 
> Is it OK with the "failed" in line 5? 
> 

Yes, this is normal, as the SELinux module is already loaded.  The 
capabilities module is then stacked explicitly by SELinux.


- James
-- 
James Morris
<jmorris@intercode.com.au>



--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.