[RFC,0/3] Fix ENOMEM errors during policy reload

Message ID	20181113135255.26045-1-omosnace@redhat.com (mailing list archive)
Headers	show Return-Path: <selinux-bounces@tycho.nsa.gov> Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 2B6BA13BF for <patchwork-selinux@patchwork.kernel.org>; Tue, 13 Nov 2018 13:55:45 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 14E0629C08 for <patchwork-selinux@patchwork.kernel.org>; Tue, 13 Nov 2018 13:55:45 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 09EF42A963; Tue, 13 Nov 2018 13:55:45 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.2 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from ucol19pa14.eemsg.mail.mil (ucol19pa14.eemsg.mail.mil [214.24.24.87]) (using TLSv1.2 with cipher DHE-RSA-AES256-SHA256 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 4D3752A8EB for <patchwork-selinux@patchwork.kernel.org>; Tue, 13 Nov 2018 13:55:43 +0000 (UTC) X-EEMSG-check-008: 643586846\|UCOL19PA14_EEMSG_MP12.csd.disa.mil X-IronPort-AV: E=Sophos;i="5.54,499,1534809600"; d="scan'208";a="643586846" Received: from emsm-gh1-uea10.ncsc.mil ([214.29.60.2]) by ucol19pa14.eemsg.mail.mil with ESMTP; 13 Nov 2018 13:55:42 +0000 X-IronPort-AV: E=Sophos;i="5.54,499,1534809600"; d="scan'208";a="17777660" IronPort-PHdr: 9a23:tIeMQR3a0QZUU+p+smDT+DRfVm0co7zxezQtwd8Zse8XLv/xwZ3uMQTl6Ol3ixeRBMOHs60C07KempujcFRI2YyGvnEGfc4EfD4+ouJSoTYdBtWYA1bwNv/gYn9yNs1DUFh44yPzahANS47xaFLIv3K98yMZFAnhOgppPOT1HZPZg9iq2+yo9JDffwdFiCChbb9uMR67sRjfus4KjIV4N60/0AHJonxGe+RXwWNnO1eelAvi68mz4ZBu7T1et+ou+MBcX6r6eb84TaFDAzQ9L281/szrugLdQgaJ+3ART38ZkhtMAwjC8RH6QpL8uTb0u+ZhxCWXO9D9QKsqUjq+8ahkVB7oiD8GNzEn9mHXltdwh79frB64uhBz35LYbISTOfV5Y63dYMgaRXJfUclNSyxPDIS8b44VAOoAO+ZTso3xqlQKoBe7AwSjCvnvyjtVjXHo26M03fkqHQXf0AEhGt4DtmnfotfoO6cISe27zLfGwzvAYf1RxDn98IrFfg0vrP6DQb1+ftTeyVI0GgPZjFids5DpMimJ2ugTtWWQ8upuVfioi24iswx/uz6vydo2iobXhIIe11fK9SJiwIYzP9K3VFB0Yd25G5ZXsCGaMox2QtgkQ25ypCk11KYLuYSlcycXyJQo3QLfZ+abfIiP5xLuTeCcKip2inJifbKwnRey8U64x+3/SMa0ylBKoTRBktXWsXANzRPT5tCISvt6+Ueh1jKP2B7J5u5YJkA0kLLXK5Egwr4slpoTrF/MEjXql0Xxia+bcFgv9Ouw6+n/f7nrqZCRO5V0hw3jKKgihMOyDfoiPgQTR2SX5/mw2bP58UHkQrhHjuc6n6fbvZzAOMgXuqi0CBJP3Ik58RawFTKm3cwdnXkAMV1KZgqKj5PsO1HSOPD4Cuq/g0i0nDdr2f/GOrrhD43RLnfZirfhfKt961VGxAovzdFQ+5JUCrYbLPL1RkDxr8DXAgU8Mwy1x+brENR91oUAVmKTGqKVLazfvFCS6u8vPuWAfpEZtTnjJ/Q/+vLilXo5lkUcfamt05sXcne4HvF+LkWCf3XshtYBEWEXvgsxVeDlk1qCUSNVZ3muQa08/So2CJ6mDIjfRoCth6aN3CGgHpJMfGxGBVeMEWnwe4WeR/gMcD6SItNmkjEcV7ihTIkh2guytA/60bVnKPHZ+i8ftZLl0dh6/fbTlQ0s+jxuFMSRyWaNT3t7nmkQXT85wLh/oVBhyleEyaV4gf5YGsZP6PNKSQc6Mpjcz+1kC93pVALBesqJSVm9TdW7BzExUs8xz8UJY0ZnFNWolgrD0DayA78Ji7yLA4Q586zd33j1IsZy1WzG2bIvj1Y4X8RPMnemibRn9wjJAI7JkVuWmLq2dagG2y7N7miDx3KUvE5ESA5wTbnFXXcHa0TLsdv540TCT7myCbg6KQZB19CNKrFLatzoilVGQu3vONLAbGKtg22wHwqHxquQbIr2fGUQxDvSCFAenAAJ/HaGLhMzBj+7rGLEDTxuDkrvY0f2/uZitny3VEg0zxuFb0d5zbq65gYVheCAS/MUxr8Euz0uqzZzHFagxN/WCMCPpwlmfKVBe989501H1W3BvQxnIpOgN7xihkIZcwlvpUzhyg93CoRensgwt34l1hZ9KaeC3FNGbTOY0oj6OqfLJWnq4BCvd6nW10nC39mM/qcA9u84q0njvQGuDUci6Glo09hL3Hua+pXKDRAdXYj3Ukkp6xhwv6vabTUl54PIyX1sNrG5siXf1N00H+YlxROgfthFPKOCCgDyD9UQB9KyJ+wyh1ipchUEMfhJ9K46JcOmcOCG2LKwMeZ7mjKmimpG4IVn3UKK7SZ8TPDH34odyfGCwgSHTyv8jEumss3vn4BEZDUSHm6hxij/H4NefLN9fZwMCWu0JM233Np+jYb3W3FE7F6jG08G2MixdBWPc1zyxxdQ2F8LrnygnCu30yZ7kyo1rqaF2izB3fjifgIdOmFXXGlikUvsIY+sgtAEXUincxQplBy/5Urg26dbpKN/L2/cQUpTeyj2LmdiXbGqtrqFecJP74kosSpPWuSmfV+aUqL9owcd0y77G2texSs7dy2ztpXigRN6jGOdLHBurHvWYsxw3g/f5N3aRf5QwjUGXzN0iT/JCVigJ9Op58mbl4/fsuCiUGKsTodTcS7vzYOEqiS7/3FlARqxnv2ogd3nDBQ10TTh29ltTyXIow72YpP32KSiLeJnYk5oCUf/68VkHIF+iZA9hJIO1ngcnZWV+2QIkXvpPdVcw6L+Y2IHRSQXzN7N/AjlxEpjI2qRx43jS3WdxtVuZ8GgbWMQxiIy8dpKBbyJ7LxfgyR1uEG4oRjKYfh6gzcd0+ch52AUg+EOogotwTuSDqoUHUZGISzmjw6I4MymrKVLeGavdqC91FR4nd+8F7yCvAdcV2v5eps4Gy9/8Nl/OkrW0HLv8oHkZMXQbdULux2MiRjAkuxVJYktmfoLmSpmOXvxvXM/xO49lxBu2ou6vIefIWV34K25GgJYNiHyZ84L9DHil6BentqR34CqBZhhFCsEU4bvTfKyCj0Sre7nNwGMEDIitnibBaDTHQiF6Edpt3jPCYykN2mLJHkFytVvXBydK1ZbgAAQQjo6goI5GRqwy8H6dkd2+CwR5kXkpRRW0uJnKQPzUmHBqwe0cj00UoSQLAJK7gFe4EfYKcKe7vhtEC5F5Z2utgqNKnCcZwRTFmwGQFCLB1X5Mrmp/9nA/PCSBvCiIPvWfbWOteteWu+QxZ2xyYRp4TCMNsSTPnllFPA721RMUm5nFMjDnDUPUSMXnTrXb8GHvBe85jF3rsen/fvwQw3j4o+PC7pJMdVz4BC6m7yDOPCMiypjMjZXyJcMxX7OyLgC018fkD1hdjm3EbQdri7BVqzRlbVLDx4AbCNzMtFE76Um3glCIcTbkM/61qZkjv4pDFdITUfumsCmZcwNJWGwL07IC1iQO7SHPzLLxdv7YaSmSb1flO9UrQG/uS6HE0//OTSOjzvpVxCvMOFUiyGbOB1euJ2jfRt2DGjjTc7magelP9Ntij0227I0jGvQNWEAKTh8b19NrrqI4CNbgvR/H3JO42FgLemDlSaZ4ffXKooKsftrBSR0kvxV7G48y7RL8CFOXOZ1lzfKrt5yv1GmlfGCyjx5XxVUrjZGn4GLvUJ5OaXF7JZAX23E/BEM7WmKDRQFucdlAMX1u69M0tjPiL7zKDBa/t3J+sscAc7UJ9+ZP3olMBrkAyTbAxUfTT6sL23fgFZdkP6K/H2Pspc6soTsmIYJSrJDSVM6DO0aCkV4E9wZO5p4RCkkkaScjM8G/nqxsgXeRNhAvpDGSvKTAe/jKDCHgrlYfxEI26/3LZwPNo3n3Exvcl16nIPQG0XOW9BMoyphYxQ7oEVL7XhyVGoz21jqagm1+n8cCea0ngIqigt5eekt7ynj41M2JlrMuSsxn1I8lsnigTCUbDH+NrywXZ1MByryqUcxLovxQxxpYg2qgUxkKDDESqpNj7thcGBrjxPcuZtPGPNHUKJEYR8RyuuMaPky11RTtDmnz1dd5eTZEZtiiBcqcZm0on1a3wJjbcI6KrLIK6pMzllQgKWOvimy2e0q2wAeJlwC8GWLdC4GpUwELL8mKDS0/uZ08wyNhyNDeHQQV/otuv9l7V0yO+Kbwi36zrFDNF6+N/aEL6yDoWjBldSEQlQq1kMHj0NF56R50d8/c0qIUEAi1LSRFwkINcrGLQFacc9S+WPOcimQqurNwIh6P4OnGuDvV++Ou74egli4EwYxA4QM8sMBE4G20EHeLMfoML4FyRIp5ATwPFuLFelHdgiXnTkAuMyw0Jh33YxBKT4HGmV9LT+75rDJqQ82mPCDRss5Ym8GXosYMXI7QNe6lDRDv3RHFza6yf4ZyBKY4D/iuCvQCDj8b9xsZPeQZBNsB9G2+Skx86esk17X94/SJ2fkOtR+otXP8/8Vp46bC/NISrlwq0ndl5NESHyqUm7PFN+1KILza4Q3bNz7FGi1XUKlhzIyVcfxM86nLrKUjgHwWYZUrI6b0SgmNcCnDDEeGAl/p/0C5KJ6ag0OeJQ6bgTutwsiM6y/JxqY3ci1Q2q3LztZUeVfx/2gZ7NL1yoscvO6yHw4Q54g1em37EgNSIsJjhzFxPajZoheUTToFXBHfQXAuzY5nXB7Nuku2uc/3A/IsV4EPjCXc+xpbXdJv80gCVOXOnp6EGw4SEGAjYDb+A6jw6gS/zdBn9ZTyeBFsn/+sYHEbT2xRqOrsovaszA8bdc4vqJ9K4rjLdWatJnGhDzQUIHQshGZUC69D/dalMJQLzheQPZUmGElItcLuY9Z6UowT8s+PLJOCLI2qrCtczpkAjYYzTUFWIOYwDwCnuC81qPGlhiNbZsiMQYLsJFZj9QBVC52Zz8Rq7W4V4XKjWOETHYEIBsL5wRW+A0AjpNwfvzi4IfQVJ9M0CJWrOhpXSvXDZRo7Fz7SnyMgVfkVvqhlfCp3RhIw/LoyNUbXwR/CUdFzeZMikQoMK13K7UXvoPSqTCIe1/1sH7vxee7KlRc0tHbd1r9DIXZr2X8STEc9WcSRYBR1HHVDY4SnBZhaKY3uFVMJ5irelrk5zM62YtmAqK1Vd2vx1Y5t3YJXTmqE9tGC+Firl3XRCdpY5exqJXqI59SWHNf+IWBq1dFl0VgKyy5xoBGK8FK+T4MWCJAoSuGsdu3Vc1D3dN2D54QLdd+oXj9HrhENIKWo30stbzl0mXZ9CwksFem2DWzHLe1TuxD8G0aBgUmOX6eqlI0Ausy7GjS6EvCsk1x/+tBAbiPl0pxqi5nHp9SHjZJyWylL1NrQXlEqepaLqrVc9ZbQ/YvexCiIAA+GuQg30yS+kF4h3H5bDJutgFC4SDSQxE0VTUJgrfqgTAerMWnNCQbS5JOaDUtdSbFKwSVmSBNphlfcF1qW4oEAtlZ57EbwJFU8dTYRUarMyEFUwRoNhgk3vpHiU5DrEKYdDjbDQqpafnPtRl3ct2KrMKzLfT5+wBHipj8sO0j8qUOSHKnlReqQdDEoI/2rseKuVeWdKfkL+28ZmfMTDzXjRC1hbopFJfK8DbOPwpcMZl102IkYYLmCW7JIxtJO74bK1BcVaBgZtVMuvpaaNN8eKYV5a9tAQqKRhHuGIyqt/RGK0jcRDTAICWb8+y/p43T4abbSef+esyG32zHTL5vPpdm9Tn7HK/n0Y5f+0XswPhi6lh3SUPYPCCdstvuOhkH5M64dkvtppcpBy/ZAI9skHrxwUFNb9EYQyyx8JUW0pxZ6nfwSf5g0kfpre1S86Jp5pUw479018i7P7rSKe5dsU99GBeYHAJq9o8iAGJnXWBefvcRKOvNfaQelc3us/r4F7AL5x2V9e1ZbsHHJ0LYlsmkFD6cTR1EnAEcqT8VNQacz+SKm7NoRsalq+n53Vgt41ukIh4F0r9t/4GE9bSMpOPNaBvR17cEULDwRszvtrQsp1+S5fo8mbESeGx6eRGoHfMBWc4awmfgyaEqwjw2E8PfAb3v5P5DW2g+njL6lJB3B08WFe8MHbqX4YRemX81m+neNt0QbqBClXiAGAWhEr8D03Gr7TWYIHVrgxHJyRHwQniz4EXwrSBmXSvG183jnVZNVrmrGUdSWDKkOUBkvzOUJwrkrcf5t6sz4kE3NGzkqd2MmXCuOLNSBcL/IsKTLTMzpFINg507Xsav1pwDGdqhPNcR92lzbvnZ62OrlS9NubtIh4ra4sGI5/rWHHigj6uBq7WOxTBV0WY4vVAh6t+6MvHB+tyKT+6u12kPUyd1oxHBUAKtqrzHs1AUPlSG0EbVmIMQONFUxn041lz76+giR9Iz7x9SFoHaZ/MNvTrzIif7wU6DY9IrUSmTyzRXHlbyEVh2Bqc83GbwsdnSlXfX/V0oR5V/e1bhhRNpE4UyMVgt50QPwiofDQgNbgiWDLSpBUTmLosEUlMOaRad07i5fac321N8wrW16O/Vc+N8G7IHNuxBgQ6WgFhbBpUWvLUFT71ifV9d6LXaphPmC4jgQ/jmiWQwOuOoTcxA9sAZrXQi6B6lRxW88ZdD86obiJeQe65cZpjMuNpz711p5D4IcixNjgNyjxa+UeAbv+Ds/MTUsICv6ua1T6YtRuMX9xcuC2R5lZvwj0gpocvL2OdEVo3VlYP//RhDI3GUvIba0gF8JvQVJoOqfbZg8nAHKDYEJ3IKI9Wacf484zViMD/L/VxNHtsMZc8EPMrKgQ1VhFXpWKtS9sXHBFCVEIJzd8E072rt1j8565w8Uvzv6DWuP5DQ80lNP+9fjCVrjN/Co+wVzuTJBSgP5XmWcQN1wj+Dy5aRF/bw5/uDx8/OW1MAACE2T59XJCCe9gy/Wuq1iJLpXxuQ6s/yhpI+aU2RSmW1nKQEqaZMDfVAhz763jdEEID1gOiZs9226GtYrldHCpp87QXZGKVDOZV2IRH4mdO3SUh8Byv/fsbUewEwuOqXwOcD/eF+N0r4ZY8GLRMI0bX66WBaTgF2Ur75ok6ZXf4NZNthUP7ErGpa6YFnK6AUJ1WduZrqritIqFAxHQ8pZ78wriBAeknIggJVR77+uKQchQsETd55pUhMFHqyOGI74DrHT75VjKiKCPEO9DWcVKkOXFtpMi9kRBO1wppucaOznf9bqmNGgj99oP8y3jx9Shu8vDHjqqMO1D875rG3qi8BuX1ET+WZlSfEE1NDw+oWjfRUN3G38lG4YX8efKPs77R9Y8ft748s5zI4expnNxUPQODoLib3la7AVpSGrdZ0nBeQvIDLaripIG4ZMbFrmjz5QH0o9Q7ShhtquE4MWTOp59InbNG6PME+wCOjFEDBeVoM678Pu8z04w1YBNAqYE9slT0wmvOMQTcAEYmSRDxv3AE5dWVJdo5C4hYGFq4uxyyFpbRC4hpOPm2GD4Sk/tCBhc6QhT8wQNJxySTTr6yBwJYr1C4A+Zt47S+L7XIVceGQE8phGWP62YoXz+viL+6sveYKRMouyLmoXPIYdMj2/2yw1cYPOAe+3rpLOV2/PacYw6vDFT+/QDifXOOQdWGHkh4jP0Ly7AXuJVoyO6Io51QlPL76j4VH3xbkTasyQyyRoVHBy2l2NuYdbAQ/s4qPYQEGTOcNIeObILtLorUlEFVZSXjPEGNtDvOu916gmI8uI3J7/UDzevjg6CjjOdqWXwYeSMvU8ME39vu9SWaMf3RnyU4XXgF48u7FHAEpv/RHO9aJyN7Xgdkz3e8eIvFqNyB88tJGgI9v6YCIlsyNdBw= X-IPAS-Result: A2ASAgBo1+pb/wHyM5BjGwEBAQEDAQEBBwMBAQGBZYFWKwNmgQInjG+LHosijjSBXRQBARgPBAGHeyI4FgEDAQEBAQEBAgFsHAyCNiSCaAIkExQgCwMDCQJACAgDAS0DAQUBCxcBBwsFFgIEgwABgXQNAwELm348jAkzhC0BE0A/hGcFEodFhCoXgUA/g3WBbwGBWQKBLgESAYV6AokQBIY0hVaKOAmGOT6KIAsYgViFBIJshyuNKIouBgIJBw8hgTkhNDBxTSMVO4JsE4IUDAuDSoUUhT9xAQGBAwEBimqCPgEB Received: from tarius.tycho.ncsc.mil ([144.51.242.1]) by EMSM-GH1-UEA10.NCSC.MIL with ESMTP; 13 Nov 2018 13:55:34 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id wADDtXWh020108; Tue, 13 Nov 2018 08:55:34 -0500 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id wADDtSBv038740 for <selinux@prometheus.infosec.tycho.ncsc.mil>; Tue, 13 Nov 2018 08:55:28 -0500 Received: from goalie.tycho.ncsc.mil (goalie.tycho.ncsc.mil [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id wADDtRcN020089 for <selinux@tycho.nsa.gov>; Tue, 13 Nov 2018 08:55:27 -0500 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A1CvAQCk1upbl3sVGNZjHAEBAQQBAQcEAQGBZYFWK2mBAieMb4seiyKQGgsBASeERYM7IjgWAQMBAQEBAQECFAEBAQEBBhgGTIV0UoEVAQUBIgESG4MGAYF0DQMBC5t7PIwJM4QtARNAhSYFEodFhCoXgUA/g3WBbwGBWQKHPAKJEASMCoo4CYY5PoogCxiBWIUEgmyHK40oii4GAgkHDyGBOVWBIU0jFYMoEoIUDAIJg0qFFIU/QDIBji0BAQ X-IPAS-Result: A1CvAQCk1upbl3sVGNZjHAEBAQQBAQcEAQGBZYFWK2mBAieMb4seiyKQGgsBASeERYM7IjgWAQMBAQEBAQECFAEBAQEBBhgGTIV0UoEVAQUBIgESG4MGAYF0DQMBC5t7PIwJM4QtARNAhSYFEodFhCoXgUA/g3WBbwGBWQKHPAKJEASMCoo4CYY5PoogCxiBWIUEgmyHK40oii4GAgkHDyGBOVWBIU0jFYMoEoIUDAIJg0qFFIU/QDIBji0BAQ X-IronPort-AV: E=Sophos;i="5.54,499,1534824000"; d="scan'208";a="412409" Received: from emsm-gh1-uea11.ncsc.mil ([214.29.60.35]) by goalie.tycho.ncsc.mil with ESMTP; 13 Nov 2018 08:55:27 -0500 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A0COAQBk1upbl3sVGNZjHAEBAQQBAQcEAQGBZYFWK2mBAieMb4seiyKQGgsBASeERYM7IjgWAQMBAQEBAQECARMBAQEBAQYYBkwMgjYkgw5SgRUBBQEiARIbgwYBgXQNAwELm3w8jAkzhC0BE0CFJgUSh0WEKheBQD+DdYFvAYFZAoc8AokQBIwKijgJhjk+iiALGIFYhQSCbIcrjSiKLgYCCQcPIYE5VYEhTSMVgygSghQMAgmDSoUUhT8/MwGOLQEB X-IPAS-Result: A0COAQBk1upbl3sVGNZjHAEBAQQBAQcEAQGBZYFWK2mBAieMb4seiyKQGgsBASeERYM7IjgWAQMBAQEBAQECARMBAQEBAQYYBkwMgjYkgw5SgRUBBQEiARIbgwYBgXQNAwELm3w8jAkzhC0BE0CFJgUSh0WEKheBQD+DdYFvAYFZAoc8AokQBIwKijgJhjk+iiALGIFYhQSCbIcrjSiKLgYCCQcPIYE5VYEhTSMVgygSghQMAgmDSoUUhT8/MwGOLQEB X-IronPort-AV: E=Sophos;i="5.54,499,1534809600"; d="scan'208";a="20545417" X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown Received: from uhil3cpa12.eemsg.mail.mil ([214.24.21.123]) by emsm-gh1-uea11.NCSC.MIL with ESMTP; 13 Nov 2018 13:55:26 +0000 X-EEMSG-check-005: 0 X-EEMSG-check-006: 000-001;b1d0556a-bad8-46da-8be3-6745235c8eaf Authentication-Results: uhil19pa04.eemsg.mail.mil; dkim=none (message not signed) header.i=none; spf=None smtp.pra=omosnace@redhat.com; spf=Pass smtp.mailfrom=omosnace@redhat.com; spf=None smtp.helo=postmaster@mail-wr1-f67.google.com; dmarc=pass (p=none dis=none) d=redhat.com X-EEMSG-check-008: 328082271\|UHIL19PA04_EEMSG_MP2.csd.disa.mil X-EEMSG-check-001: false X-EEMSG-SBRS: 2.7 X-EEMSG-ORIG-IP: 209.85.221.67 X-EEMSG-check-002: true X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A0D2AADc1upbf0PdVdFjHAEBAQQBAQcEAQGBVAQBAQsBgVWBFIEpjG+LHosikBoLAQETFIRFgzsaBwEEMwoNAQMBAQEBAQEBAQETAQEJCwsIGwwlDII2JIMOUoEVAQUBIgESG4MGAYF0DQQLm3s8jAkzhC0BE0CFJgUJAQiHRYQqF4FAP4N1gW8BgVkChzwCiRAEjAqKOAmGOT6KIAsYgViFBIJshyuNKIouBgIJBw8hgThWgSFNIxWDKBKCFAwLg0qFFIU/PjQBji0BAQ X-IPAS-Result: A0D2AADc1upbf0PdVdFjHAEBAQQBAQcEAQGBVAQBAQsBgVWBFIEpjG+LHosikBoLAQETFIRFgzsaBwEEMwoNAQMBAQEBAQEBAQETAQEJCwsIGwwlDII2JIMOUoEVAQUBIgESG4MGAYF0DQQLm3s8jAkzhC0BE0CFJgUJAQiHRYQqF4FAP4N1gW8BgVkChzwCiRAEjAqKOAmGOT6KIAsYgViFBIJshyuNKIouBgIJBw8hgThWgSFNIxWDKBKCFAwLg0qFFIU/PjQBji0BAQ Received: from mail-wr1-f67.google.com ([209.85.221.67]) by uhil19pa04.eemsg.mail.mil with ESMTP/TLS/AES128-SHA; 13 Nov 2018 13:53:15 +0000 Received: by mail-wr1-f67.google.com with SMTP id z13-v6so13411591wrs.3 for <selinux@tycho.nsa.gov>; Tue, 13 Nov 2018 05:53:15 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=qzTKoVTQzijKM3v9xW80COz5P41lxlSZ+u1CMt/SSFg=; b=hM/sIZJjateD3cBf/HF8ZPzqExTRkU5fZo7xCs7hOrPqubfqL7t0nxzIvdeMVWfTpW Oae9qRU+0/xRQqLH5Kx0b5DCFE5gAr2+ST3xZ8xE5172YTl+WLU4Xl51uNCU9kO8ZvHR smojFRMBBS0CLWOQul46ch8WEhTjSQT1BFGUTY43hz1FVqikYzb8SloXAz2c+HGayUUt Re5kZXsxpG9uHaeepiUrYhithbngSq3tQjq/812qrZcCBlo+l7hKh9pPLt3m55zYfc+B euT8XHJMuU6Lb7y5aWyRiVPs6Hj12kTXGVGWBZaREeK5st2G7nUftL6MzVC74y7oI4Ut BVJw== X-Gm-Message-State: AGRZ1gJ37QKCdyYnYKS6we4a551Yq7B5bjrtJfcT74LA8DqUK2LuHG1z 60QbKmJbkYxGErJdU6IBPL+a8g== X-Google-Smtp-Source: AJdET5crUHXdgBop31SDUxHRTWyY+BZBzlW5XoD1HhbUjRQmOEkeXWU0Lt/DncZTVIbVpnoJep+nkA== X-Received: by 2002:a5d:5544:: with SMTP id g4-v6mr5066220wrw.222.1542117188129; Tue, 13 Nov 2018 05:53:08 -0800 (PST) Received: from localhost.localdomain.com (nat-pool-brq-t.redhat.com. [213.175.37.10]) by smtp.gmail.com with ESMTPSA id t187-v6sm10342609wmt.45.2018.11.13.05.53.07 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 13 Nov 2018 05:53:07 -0800 (PST) X-EEMSG-check-009: 444-444 From: Ondrej Mosnacek <omosnace@redhat.com> To: selinux@vger.kernel.org, Paul Moore <paul@paul-moore.com> Date: Tue, 13 Nov 2018 14:52:52 +0100 Message-Id: <20181113135255.26045-1-omosnace@redhat.com> X-Mailer: git-send-email 2.17.2 Subject: [RFC PATCH 0/3] Fix ENOMEM errors during policy reload X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" <selinux.tycho.nsa.gov> List-Post: <mailto:selinux@tycho.nsa.gov> List-Help: <mailto:selinux-request@tycho.nsa.gov?subject=help> Cc: Stephen Smalley <sds@tycho.nsa.gov>, selinux@tycho.nsa.gov MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" <selinux-bounces@tycho.nsa.gov> X-Virus-Scanned: ClamAV using ClamSMTP
Series	Fix ENOMEM errors during policy reload \| expand [RFC,0/3] Fix ENOMEM errors during policy reload [RFC,1/3] selinux: refactor sidtab conversion [RFC,2/3] selinux: use separate table for initial SID lookup [RFC,3/3] selinux: overhaul sidtab to fix bug and improve performance

Message ID

20181113135255.26045-1-omosnace@redhat.com (mailing list archive)

Headers

IronPort-PHdr: 
 9a23:tIeMQR3a0QZUU+p+smDT+DRfVm0co7zxezQtwd8Zse8XLv/xwZ3uMQTl6Ol3ixeRBMOHs60C07KempujcFRI2YyGvnEGfc4EfD4+ouJSoTYdBtWYA1bwNv/gYn9yNs1DUFh44yPzahANS47xaFLIv3K98yMZFAnhOgppPOT1HZPZg9iq2+yo9JDffwdFiCChbb9uMR67sRjfus4KjIV4N60/0AHJonxGe+RXwWNnO1eelAvi68mz4ZBu7T1et+ou+MBcX6r6eb84TaFDAzQ9L281/szrugLdQgaJ+3ART38ZkhtMAwjC8RH6QpL8uTb0u+ZhxCWXO9D9QKsqUjq+8ahkVB7oiD8GNzEn9mHXltdwh79frB64uhBz35LYbISTOfV5Y63dYMgaRXJfUclNSyxPDIS8b44VAOoAO+ZTso3xqlQKoBe7AwSjCvnvyjtVjXHo26M03fkqHQXf0AEhGt4DtmnfotfoO6cISe27zLfGwzvAYf1RxDn98IrFfg0vrP6DQb1+ftTeyVI0GgPZjFids5DpMimJ2ugTtWWQ8upuVfioi24iswx/uz6vydo2iobXhIIe11fK9SJiwIYzP9K3VFB0Yd25G5ZXsCGaMox2QtgkQ25ypCk11KYLuYSlcycXyJQo3QLfZ+abfIiP5xLuTeCcKip2inJifbKwnRey8U64x+3/SMa0ylBKoTRBktXWsXANzRPT5tCISvt6+Ueh1jKP2B7J5u5YJkA0kLLXK5Egwr4slpoTrF/MEjXql0Xxia+bcFgv9Ouw6+n/f7nrqZCRO5V0hw3jKKgihMOyDfoiPgQTR2SX5/mw2bP58UHkQrhHjuc6n6fbvZzAOMgXuqi0CBJP3Ik58RawFTKm3cwdnXkAMV1KZgqKj5PsO1HSOPD4Cuq/g0i0nDdr2f/GOrrhD43RLnfZirfhfKt961VGxAovzdFQ+5JUCrYbLPL1RkDxr8DXAgU8Mwy1x+brENR91oUAVmKTGqKVLazfvFCS6u8vPuWAfpEZtTnjJ/Q/+vLilXo5lkUcfamt05sXcne4HvF+LkWCf3XshtYBEWEXvgsxVeDlk1qCUSNVZ3muQa08/So2CJ6mDIjfRoCth6aN3CGgHpJMfGxGBVeMEWnwe4WeR/gMcD6SItNmkjEcV7ihTIkh2guytA/60bVnKPHZ+i8ftZLl0dh6/fbTlQ0s+jxuFMSRyWaNT3t7nmkQXT85wLh/oVBhyleEyaV4gf5YGsZP6PNKSQc6Mpjcz+1kC93pVALBesqJSVm9TdW7BzExUs8xz8UJY0ZnFNWolgrD0DayA78Ji7yLA4Q586zd33j1IsZy1WzG2bIvj1Y4X8RPMnemibRn9wjJAI7JkVuWmLq2dagG2y7N7miDx3KUvE5ESA5wTbnFXXcHa0TLsdv540TCT7myCbg6KQZB19CNKrFLatzoilVGQu3vONLAbGKtg22wHwqHxquQbIr2fGUQxDvSCFAenAAJ/HaGLhMzBj+7rGLEDTxuDkrvY0f2/uZitny3VEg0zxuFb0d5zbq65gYVheCAS/MUxr8Euz0uqzZzHFagxN/WCMCPpwlmfKVBe989501H1W3BvQxnIpOgN7xihkIZcwlvpUzhyg93CoRensgwt34l1hZ9KaeC3FNGbTOY0oj6OqfLJWnq4BCvd6nW10nC39mM/qcA9u84q0njvQGuDUci6Glo09hL3Hua+pXKDRAdXYj3Ukkp6xhwv6vabTUl54PIyX1sNrG5siXf1N00H+YlxROgfthFPKOCCgDyD9UQB9KyJ+wyh1ipchUEMfhJ9K46JcOmcOCG2LKwMeZ7mjKmimpG4IVn3UKK7SZ8TPDH34odyfGCwgSHTyv8jEumss3vn4BEZDUSHm6hxij/H4NefLN9fZwMCWu0JM233Np+jYb3W3FE7F6jG08G2MixdBWPc1zyxxdQ2F8LrnygnCu30yZ7kyo1rqaF2izB3fjifgIdOmFXXGlikUvsIY+sgtAEXUincxQplBy/5Urg26dbpKN/L2/cQUpTeyj2LmdiXbGqtrqFecJP74kosSpPWuSmfV+aUqL9owcd0y77G2texSs7dy2ztpXigRN6jGOdLHBurHvWYsxw3g/f5N3aRf5QwjUGXzN0iT/JCVigJ9Op58mbl4/fsuCiUGKsTodTcS7vzYOEqiS7/3FlARqxnv2ogd3nDBQ10TTh29ltTyXIow72YpP32KSiLeJnYk5oCUf/68VkHIF+iZA9hJIO1ngcnZWV+2QIkXvpPdVcw6L+Y2IHRSQXzN7N/AjlxEpjI2qRx43jS3WdxtVuZ8GgbWMQxiIy8dpKBbyJ7LxfgyR1uEG4oRjKYfh6gzcd0+ch52AUg+EOogotwTuSDqoUHUZGISzmjw6I4MymrKVLeGavdqC91FR4nd+8F7yCvAdcV2v5eps4Gy9/8Nl/OkrW0HLv8oHkZMXQbdULux2MiRjAkuxVJYktmfoLmSpmOXvxvXM/xO49lxBu2ou6vIefIWV34K25GgJYNiHyZ84L9DHil6BentqR34CqBZhhFCsEU4bvTfKyCj0Sre7nNwGMEDIitnibBaDTHQiF6Edpt3jPCYykN2mLJHkFytVvXBydK1ZbgAAQQjo6goI5GRqwy8H6dkd2+CwR5kXkpRRW0uJnKQPzUmHBqwe0cj00UoSQLAJK7gFe4EfYKcKe7vhtEC5F5Z2utgqNKnCcZwRTFmwGQFCLB1X5Mrmp/9nA/PCSBvCiIPvWfbWOteteWu+QxZ2xyYRp4TCMNsSTPnllFPA721RMUm5nFMjDnDUPUSMXnTrXb8GHvBe85jF3rsen/fvwQw3j4o+PC7pJMdVz4BC6m7yDOPCMiypjMjZXyJcMxX7OyLgC018fkD1hdjm3EbQdri7BVqzRlbVLDx4AbCNzMtFE76Um3glCIcTbkM/61qZkjv4pDFdITUfumsCmZcwNJWGwL07IC1iQO7SHPzLLxdv7YaSmSb1flO9UrQG/uS6HE0//OTSOjzvpVxCvMOFUiyGbOB1euJ2jfRt2DGjjTc7magelP9Ntij0227I0jGvQNWEAKTh8b19NrrqI4CNbgvR/H3JO42FgLemDlSaZ4ffXKooKsftrBSR0kvxV7G48y7RL8CFOXOZ1lzfKrt5yv1GmlfGCyjx5XxVUrjZGn4GLvUJ5OaXF7JZAX23E/BEM7WmKDRQFucdlAMX1u69M0tjPiL7zKDBa/t3J+sscAc7UJ9+ZP3olMBrkAyTbAxUfTT6sL23fgFZdkP6K/H2Pspc6soTsmIYJSrJDSVM6DO0aCkV4E9wZO5p4RCkkkaScjM8G/nqxsgXeRNhAvpDGSvKTAe/jKDCHgrlYfxEI26/3LZwPNo3n3Exvcl16nIPQG0XOW9BMoyphYxQ7oEVL7XhyVGoz21jqagm1+n8cCea0ngIqigt5eekt7ynj41M2JlrMuSsxn1I8lsnigTCUbDH+NrywXZ1MByryqUcxLovxQxxpYg2qgUxkKDDESqpNj7thcGBrjxPcuZtPGPNHUKJEYR8RyuuMaPky11RTtDmnz1dd5eTZEZtiiBcqcZm0on1a3wJjbcI6KrLIK6pMzllQgKWOvimy2e0q2wAeJlwC8GWLdC4GpUwELL8mKDS0/uZ08wyNhyNDeHQQV/otuv9l7V0yO+Kbwi36zrFDNF6+N/aEL6yDoWjBldSEQlQq1kMHj0NF56R50d8/c0qIUEAi1LSRFwkINcrGLQFacc9S+WPOcimQqurNwIh6P4OnGuDvV++Ou74egli4EwYxA4QM8sMBE4G20EHeLMfoML4FyRIp5ATwPFuLFelHdgiXnTkAuMyw0Jh33YxBKT4HGmV9LT+75rDJqQ82mPCDRss5Ym8GXosYMXI7QNe6lDRDv3RHFza6yf4ZyBKY4D/iuCvQCDj8b9xsZPeQZBNsB9G2+Skx86esk17X94/SJ2fkOtR+otXP8/8Vp46bC/NISrlwq0ndl5NESHyqUm7PFN+1KILza4Q3bNz7FGi1XUKlhzIyVcfxM86nLrKUjgHwWYZUrI6b0SgmNcCnDDEeGAl/p/0C5KJ6ag0OeJQ6bgTutwsiM6y/JxqY3ci1Q2q3LztZUeVfx/2gZ7NL1yoscvO6yHw4Q54g1em37EgNSIsJjhzFxPajZoheUTToFXBHfQXAuzY5nXB7Nuku2uc/3A/IsV4EPjCXc+xpbXdJv80gCVOXOnp6EGw4SEGAjYDb+A6jw6gS/zdBn9ZTyeBFsn/+sYHEbT2xRqOrsovaszA8bdc4vqJ9K4rjLdWatJnGhDzQUIHQshGZUC69D/dalMJQLzheQPZUmGElItcLuY9Z6UowT8s+PLJOCLI2qrCtczpkAjYYzTUFWIOYwDwCnuC81qPGlhiNbZsiMQYLsJFZj9QBVC52Zz8Rq7W4V4XKjWOETHYEIBsL5wRW+A0AjpNwfvzi4IfQVJ9M0CJWrOhpXSvXDZRo7Fz7SnyMgVfkVvqhlfCp3RhIw/LoyNUbXwR/CUdFzeZMikQoMK13K7UXvoPSqTCIe1/1sH7vxee7KlRc0tHbd1r9DIXZr2X8STEc9WcSRYBR1HHVDY4SnBZhaKY3uFVMJ5irelrk5zM62YtmAqK1Vd2vx1Y5t3YJXTmqE9tGC+Firl3XRCdpY5exqJXqI59SWHNf+IWBq1dFl0VgKyy5xoBGK8FK+T4MWCJAoSuGsdu3Vc1D3dN2D54QLdd+oXj9HrhENIKWo30stbzl0mXZ9CwksFem2DWzHLe1TuxD8G0aBgUmOX6eqlI0Ausy7GjS6EvCsk1x/+tBAbiPl0pxqi5nHp9SHjZJyWylL1NrQXlEqepaLqrVc9ZbQ/YvexCiIAA+GuQg30yS+kF4h3H5bDJutgFC4SDSQxE0VTUJgrfqgTAerMWnNCQbS5JOaDUtdSbFKwSVmSBNphlfcF1qW4oEAtlZ57EbwJFU8dTYRUarMyEFUwRoNhgk3vpHiU5DrEKYdDjbDQqpafnPtRl3ct2KrMKzLfT5+wBHipj8sO0j8qUOSHKnlReqQdDEoI/2rseKuVeWdKfkL+28ZmfMTDzXjRC1hbopFJfK8DbOPwpcMZl102IkYYLmCW7JIxtJO74bK1BcVaBgZtVMuvpaaNN8eKYV5a9tAQqKRhHuGIyqt/RGK0jcRDTAICWb8+y/p43T4abbSef+esyG32zHTL5vPpdm9Tn7HK/n0Y5f+0XswPhi6lh3SUPYPCCdstvuOhkH5M64dkvtppcpBy/ZAI9skHrxwUFNb9EYQyyx8JUW0pxZ6nfwSf5g0kfpre1S86Jp5pUw479018i7P7rSKe5dsU99GBeYHAJq9o8iAGJnXWBefvcRKOvNfaQelc3us/r4F7AL5x2V9e1ZbsHHJ0LYlsmkFD6cTR1EnAEcqT8VNQacz+SKm7NoRsalq+n53Vgt41ukIh4F0r9t/4GE9bSMpOPNaBvR17cEULDwRszvtrQsp1+S5fo8mbESeGx6eRGoHfMBWc4awmfgyaEqwjw2E8PfAb3v5P5DW2g+njL6lJB3B08WFe8MHbqX4YRemX81m+neNt0QbqBClXiAGAWhEr8D03Gr7TWYIHVrgxHJyRHwQniz4EXwrSBmXSvG183jnVZNVrmrGUdSWDKkOUBkvzOUJwrkrcf5t6sz4kE3NGzkqd2MmXCuOLNSBcL/IsKTLTMzpFINg507Xsav1pwDGdqhPNcR92lzbvnZ62OrlS9NubtIh4ra4sGI5/rWHHigj6uBq7WOxTBV0WY4vVAh6t+6MvHB+tyKT+6u12kPUyd1oxHBUAKtqrzHs1AUPlSG0EbVmIMQONFUxn041lz76+giR9Iz7x9SFoHaZ/MNvTrzIif7wU6DY9IrUSmTyzRXHlbyEVh2Bqc83GbwsdnSlXfX/V0oR5V/e1bhhRNpE4UyMVgt50QPwiofDQgNbgiWDLSpBUTmLosEUlMOaRad07i5fac321N8wrW16O/Vc+N8G7IHNuxBgQ6WgFhbBpUWvLUFT71ifV9d6LXaphPmC4jgQ/jmiWQwOuOoTcxA9sAZrXQi6B6lRxW88ZdD86obiJeQe65cZpjMuNpz711p5D4IcixNjgNyjxa+UeAbv+Ds/MTUsICv6ua1T6YtRuMX9xcuC2R5lZvwj0gpocvL2OdEVo3VlYP//RhDI3GUvIba0gF8JvQVJoOqfbZg8nAHKDYEJ3IKI9Wacf484zViMD/L/VxNHtsMZc8EPMrKgQ1VhFXpWKtS9sXHBFCVEIJzd8E072rt1j8565w8Uvzv6DWuP5DQ80lNP+9fjCVrjN/Co+wVzuTJBSgP5XmWcQN1wj+Dy5aRF/bw5/uDx8/OW1MAACE2T59XJCCe9gy/Wuq1iJLpXxuQ6s/yhpI+aU2RSmW1nKQEqaZMDfVAhz763jdEEID1gOiZs9226GtYrldHCpp87QXZGKVDOZV2IRH4mdO3SUh8Byv/fsbUewEwuOqXwOcD/eF+N0r4ZY8GLRMI0bX66WBaTgF2Ur75ok6ZXf4NZNthUP7ErGpa6YFnK6AUJ1WduZrqritIqFAxHQ8pZ78wriBAeknIggJVR77+uKQchQsETd55pUhMFHqyOGI74DrHT75VjKiKCPEO9DWcVKkOXFtpMi9kRBO1wppucaOznf9bqmNGgj99oP8y3jx9Shu8vDHjqqMO1D875rG3qi8BuX1ET+WZlSfEE1NDw+oWjfRUN3G38lG4YX8efKPs77R9Y8ft748s5zI4expnNxUPQODoLib3la7AVpSGrdZ0nBeQvIDLaripIG4ZMbFrmjz5QH0o9Q7ShhtquE4MWTOp59InbNG6PME+wCOjFEDBeVoM678Pu8z04w1YBNAqYE9slT0wmvOMQTcAEYmSRDxv3AE5dWVJdo5C4hYGFq4uxyyFpbRC4hpOPm2GD4Sk/tCBhc6QhT8wQNJxySTTr6yBwJYr1C4A+Zt47S+L7XIVceGQE8phGWP62YoXz+viL+6sveYKRMouyLmoXPIYdMj2/2yw1cYPOAe+3rpLOV2/PacYw6vDFT+/QDifXOOQdWGHkh4jP0Ly7AXuJVoyO6Io51QlPL76j4VH3xbkTasyQyyRoVHBy2l2NuYdbAQ/s4qPYQEGTOcNIeObILtLorUlEFVZSXjPEGNtDvOu916gmI8uI3J7/UDzevjg6CjjOdqWXwYeSMvU8ME39vu9SWaMf3RnyU4XXgF48u7FHAEpv/RHO9aJyN7Xgdkz3e8eIvFqNyB88tJGgI9v6YCIlsyNdBw=
From: Ondrej Mosnacek <omosnace@redhat.com>
To: selinux@vger.kernel.org, Paul Moore <paul@paul-moore.com>
Date: Tue, 13 Nov 2018 14:52:52 +0100
Message-Id: <20181113135255.26045-1-omosnace@redhat.com>
Subject: [RFC PATCH 0/3] Fix ENOMEM errors during policy reload
Precedence: list
Cc: Stephen Smalley <sds@tycho.nsa.gov>, selinux@tycho.nsa.gov
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: selinux-bounces@tycho.nsa.gov
Sender: "Selinux" <selinux-bounces@tycho.nsa.gov>

Series

Fix ENOMEM errors during policy reload | expand

Message

Ondrej Mosnacek Nov. 13, 2018, 1:52 p.m. UTC

This patchset is an alternative, hopefully better (but also more risky),
solution of the ENOMEM problem ([1]) that I first tried to solve in [2].

In this version I encapsulate the initial SID table within sidtab and
also switch back from converting the sidtab in-place to converting into
a new sidtab and then just switching the pointer (keeping the code ready
for switching to RCU locks).

The change is split into three patches for easier review. Some changes
done in the first two patches are effectively undone by the last patch,
so it might actually make more sense to send the final version as one
squashed patch (please let me know which is better for you).

The first patch moves the sidtab conversion logic into sidtab.c. This
allows hiding sidtab_insert() from sidtab.h in the second patch, where
it becomes an internal function.

The second patch separates the handling of initial SIDs into a separate
lookup table inside sidtab. After this change, the main table always
contains N entries with keys from 0 to (N-1). This property is then
leveraged in the last patch.

Finally, the third patch rewrites the main sidtab to a more efficient
implementation that also gracefully handles context conversions during
policy reloads, which no longer produces the ENOMEM errors.

After applying this patchset, the time it takes to insert new sidtab
entries is drastically reduced. I measured the time to populate the
table with N new entries by repeatedly writing to
/sys/fs/selinux/context. A graph of the results is available at [3].

The SID -> context lookups are now also faster. With the old
implementation, these are O(N) once N goes above 128. The new
implementation can handle them theoretically in O(log N), but in
practice the slope is almost flat, so they are practically
almost constant-time.

Review and feedback welcome.

[1] https://github.com/SELinuxProject/selinux-kernel/issues/38
[2] https://lore.kernel.org/selinux/20181031122718.18735-1-omosnace@redhat.com/
[3] https://docs.google.com/spreadsheets/d/e/2PACX-1vRUArNJR6kckm2SEs4dRZlijNVdCTmsNuWRGe7X3fC01YkBHpxXHnmcssxEiMF3Z7ivtXN2L5MC0ry-/pubhtml

Ondrej Mosnacek (3):
  selinux: refactor sidtab conversion
  selinux: use separate table for initial SID lookup
  selinux: overhaul sidtab to fix bug and improve performance

 security/selinux/ss/mls.c      |  23 +-
 security/selinux/ss/mls.h      |   3 +-
 security/selinux/ss/policydb.c |  10 +-
 security/selinux/ss/services.c | 188 +++++------
 security/selinux/ss/services.h |   2 +-
 security/selinux/ss/sidtab.c   | 550 ++++++++++++++++++++-------------
 security/selinux/ss/sidtab.h   |  90 ++++--
 7 files changed, 498 insertions(+), 368 deletions(-)