From: "Justin P. Mattock" <justinmattock@gmail.com>
To: Stephen Smalley <sds@tycho.nsa.gov>
Cc: selinux@tycho.nsa.gov
Subject: Re: warning: the frame size of 1072 bytes is larger than 1024 bytes
Date: Thu, 10 Jun 2010 06:41:33 -0700 [thread overview]
Message-ID: <4C10EB8D.6060608@gmail.com> (raw)
In-Reply-To: <1276172855.25808.17.camel@moss-pluto.epoch.ncsc.mil>
On 06/10/2010 05:27 AM, Stephen Smalley wrote:
> On Wed, 2010-06-09 at 21:50 -0700, Justin P. Mattock wrote:
>> I've racked my brain with this one today
>> with no results, but only what/where(maybe)
>> is the cause for this:
>>
>> policydb_destroy(&oldpolicydb);
>>
>> if I change the&oldpolicydb to
>> either&newpolicydb or&policydb
>> I can get a clean compile without any
>> warning message like below.
>>
>> security/selinux/ss/services.c: In function 'security_load_policy':
>> security/selinux/ss/services.c:1882: warning: the frame size of 1072
>> bytes is larger than 1024 bytes
>>
>> is this a bug in policydb?
>> any ideas on this one?
>
> This is just a warning that the stack frame size for
> security_load_policy() exceeds the limit specified by CONFIG_FRAME_WARN
> (set under the Kernel hacking menu). On 64-bit it defaults to 2048; else
> it defaults to 1024.
>
> You can just change your CONFIG_FRAME_WARN setting (to 0 to disable
> checking altogether, or increase it to retain checking but allow this
> case).
>
> The code fix would be to change security_load_policy() to allocate
> oldpolicydb and newpolicydb on the heap rather than temporarily storing
> them on the stack.
>
That worked.. set my .config to 0
and voila kernel compiles without that warning
message. I've been looking at that
warning message for years now, and all due to me
setting CONFIG_FRAME_WARN(duh!!)
As for the real fix to the issue
> The code fix would be to change security_load_policy() to allocate
> oldpolicydb and newpolicydb on the heap rather than temporarily storing
> them on the stack.
Id have to do some research on this. A quick search
does give archives of other peoples patches when such warning
messages are received in the kernel, but looking at them, there a bit
large of changes i.g. changing oldpolicydb and newpolicydb
to allocate themselves on the heap rather than on the stack.
(but could be wrong).
Thanks for the info on this..
Justin P. Mattock
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
prev parent reply other threads:[~2010-06-10 13:41 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-06-10 4:50 warning: the frame size of 1072 bytes is larger than 1024 bytes Justin P. Mattock
2010-06-10 12:27 ` Stephen Smalley
2010-06-10 13:41 ` Justin P. Mattock [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4C10EB8D.6060608@gmail.com \
--to=justinmattock@gmail.com \
--cc=sds@tycho.nsa.gov \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.