warning: the frame size of 1072 bytes is larger than 1024 bytes

All of lore.kernel.org
 help / color / mirror / Atom feed

* warning: the frame size of 1072 bytes is larger than 1024 bytes
@ 2010-06-10  4:50 Justin P. Mattock
  2010-06-10 12:27 ` Stephen Smalley
  0 siblings, 1 reply; 3+ messages in thread
From: Justin P. Mattock @ 2010-06-10  4:50 UTC (permalink / raw)
  To: selinux

I've racked my brain with this one today
with no results, but only what/where(maybe)
is the cause for this:

policydb_destroy(&oldpolicydb);

if I change the &oldpolicydb to
either &newpolicydb or &policydb
I can get a clean compile without any
warning message like below.

security/selinux/ss/services.c: In function 'security_load_policy':
security/selinux/ss/services.c:1882: warning: the frame size of 1072 
bytes is larger than 1024 bytes

is this a bug in policydb?
any ideas on this one?

Justin P. Mattock

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: warning: the frame size of 1072 bytes is larger than 1024 bytes
  2010-06-10  4:50 warning: the frame size of 1072 bytes is larger than 1024 bytes Justin P. Mattock
@ 2010-06-10 12:27 ` Stephen Smalley
  2010-06-10 13:41   ` Justin P. Mattock
  0 siblings, 1 reply; 3+ messages in thread
From: Stephen Smalley @ 2010-06-10 12:27 UTC (permalink / raw)
  To: Justin P. Mattock; +Cc: selinux

On Wed, 2010-06-09 at 21:50 -0700, Justin P. Mattock wrote:
> I've racked my brain with this one today
> with no results, but only what/where(maybe)
> is the cause for this:
> 
> policydb_destroy(&oldpolicydb);
> 
> if I change the &oldpolicydb to
> either &newpolicydb or &policydb
> I can get a clean compile without any
> warning message like below.
> 
> security/selinux/ss/services.c: In function 'security_load_policy':
> security/selinux/ss/services.c:1882: warning: the frame size of 1072 
> bytes is larger than 1024 bytes
> 
> is this a bug in policydb?
> any ideas on this one?

This is just a warning that the stack frame size for
security_load_policy() exceeds the limit specified by CONFIG_FRAME_WARN
(set under the Kernel hacking menu). On 64-bit it defaults to 2048; else
it defaults to 1024.

You can just change your CONFIG_FRAME_WARN setting (to 0 to disable
checking altogether, or increase it to retain checking but allow this
case).

The code fix would be to change security_load_policy() to allocate
oldpolicydb and newpolicydb on the heap rather than temporarily storing
them on the stack.

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: warning: the frame size of 1072 bytes is larger than 1024 bytes
  2010-06-10 12:27 ` Stephen Smalley
@ 2010-06-10 13:41   ` Justin P. Mattock
  0 siblings, 0 replies; 3+ messages in thread
From: Justin P. Mattock @ 2010-06-10 13:41 UTC (permalink / raw)
  To: Stephen Smalley; +Cc: selinux

On 06/10/2010 05:27 AM, Stephen Smalley wrote:
> On Wed, 2010-06-09 at 21:50 -0700, Justin P. Mattock wrote:
>> I've racked my brain with this one today
>> with no results, but only what/where(maybe)
>> is the cause for this:
>>
>> policydb_destroy(&oldpolicydb);
>>
>> if I change the&oldpolicydb to
>> either&newpolicydb or&policydb
>> I can get a clean compile without any
>> warning message like below.
>>
>> security/selinux/ss/services.c: In function 'security_load_policy':
>> security/selinux/ss/services.c:1882: warning: the frame size of 1072
>> bytes is larger than 1024 bytes
>>
>> is this a bug in policydb?
>> any ideas on this one?
>
> This is just a warning that the stack frame size for
> security_load_policy() exceeds the limit specified by CONFIG_FRAME_WARN
> (set under the Kernel hacking menu). On 64-bit it defaults to 2048; else
> it defaults to 1024.
>
> You can just change your CONFIG_FRAME_WARN setting (to 0 to disable
> checking altogether, or increase it to retain checking but allow this
> case).
>
> The code fix would be to change security_load_policy() to allocate
> oldpolicydb and newpolicydb on the heap rather than temporarily storing
> them on the stack.
>

That worked.. set my .config to 0
and voila kernel compiles without that warning
message. I've been looking at that
warning message for years now, and all due to me
setting  CONFIG_FRAME_WARN(duh!!)

As for the real fix to the issue

 > The code fix would be to change security_load_policy() to allocate
 > oldpolicydb and newpolicydb on the heap rather than temporarily storing
 > them on the stack.

Id have to do some research on this. A quick search
does give archives of other peoples patches when such warning
messages are received in the kernel, but looking at them, there a bit
large of changes i.g. changing oldpolicydb and newpolicydb
to allocate themselves on the heap rather than on the stack.
(but could be wrong).

Thanks for the info on this..

Justin P. Mattock


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2010-06-10 13:41 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-06-10  4:50 warning: the frame size of 1072 bytes is larger than 1024 bytes Justin P. Mattock
2010-06-10 12:27 ` Stephen Smalley
2010-06-10 13:41   ` Justin P. Mattock

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.