selinux: add __GFP_NOWARN to hashtab_init() allocations

As reported by syzbot, hashtab_init() can be affected by abnormally
large policy loads which would cause the kernel's allocator to emit
a warning in some configurations.  Since the SELinux hashtab_init()
code handles the case where the allocation fails, due to a large
request or some other reason, we can safely add the __GFP_NOWARN flag
to squelch these abnormally large allocation warnings.

Reported-by: syzbot+bc2c99c2929c3d219fb3@syzkaller.appspotmail.com
Tested-by: syzbot+bc2c99c2929c3d219fb3@syzkaller.appspotmail.com
Signed-off-by: Paul Moore <paul@paul-moore.com>

diff --git a/security/selinux/ss/hashtab.c b/security/selinux/ss/hashtab.c
index 383fd2d70878e52487dade8c0b4c58c93e74fb2d..1382eb3bfde1088d1b92b65a8a77f0f983e1bb00 100644 (file)
--- a/security/selinux/ss/hashtab.c
+++ b/security/selinux/ss/hashtab.c
@@ -40,7 +40,8 @@ int hashtab_init(struct hashtab *h, u32 nel_hint)
        h->htable = NULL;
 
        if (size) {
-               h->htable = kcalloc(size, sizeof(*h->htable), GFP_KERNEL);
+               h->htable = kcalloc(size, sizeof(*h->htable),
+                                   GFP_KERNEL | __GFP_NOWARN);
                if (!h->htable)
                        return -ENOMEM;
                h->size = size;