selinux: add __GFP_NOWARN to hashtab_init() allocations

As reported by syzbot, hashtab_init() can be affected by abnormally large policy loads which would cause the kernel's allocator to emit a warning in some configurations. Since the SELinux hashtab_init() code handles the case where the allocation fails, due to a large request or some other reason, we can safely add the __GFP_NOWARN flag to squelch these abnormally large allocation warnings. Reported-by: syzbot+bc2c99c2929c3d219fb3@syzkaller.appspotmail.com Tested-by: syzbot+bc2c99c2929c3d219fb3@syzkaller.appspotmail.com Signed-off-by: Paul Moore <paul@paul-moore.com>
author: Paul Moore <paul@paul-moore.com> 2025-06-18 12:17:33 -0400
committer: Paul Moore <paul@paul-moore.com> 2025-06-19 17:24:57 -0400
commit: 9ab71d9204c32a9814d38528d066fdf6fa128604 (patch)
tree: 8d860b419c813ccfedd3a348e514c86b36d26cd4
parent: 951b2de06a0bd64930949c7d3bd5a113cdf24189 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/security/selinux/ss/hashtab.c b/security/selinux/ss/hashtab.c
index 383fd2d70878..1382eb3bfde1 100644
--- a/security/selinux/ss/hashtab.c
+++ b/security/selinux/ss/hashtab.c
@@ -40,7 +40,8 @@ int hashtab_init(struct hashtab *h, u32 nel_hint)
 	h->htable = NULL;
 
 	if (size) {
-		h->htable = kcalloc(size, sizeof(*h->htable), GFP_KERNEL);
+		h->htable = kcalloc(size, sizeof(*h->htable),
+				    GFP_KERNEL | __GFP_NOWARN);
 		if (!h->htable)
 			return -ENOMEM;
 		h->size = size;
author	Paul Moore <paul@paul-moore.com>	2025-06-18 12:17:33 -0400
committer	Paul Moore <paul@paul-moore.com>	2025-06-19 17:24:57 -0400
commit	9ab71d9204c32a9814d38528d066fdf6fa128604 (patch)
tree	8d860b419c813ccfedd3a348e514c86b36d26cd4
parent	951b2de06a0bd64930949c7d3bd5a113cdf24189 (diff)