mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-09-05 08:45:22 +00:00
Code Issues Releases Wiki Activity

parser: fix 16 bit state limitation

Browse Source 
The hfa stores next/check transitions in 16 bit fields to reduce memory
usage. However this means the state machine can on contain 2^16
states.

Allow the next/check tables to be 32 bit. This theoretically could allow
for 2^32 states however the base table uses the top 8 bits as flags
giving us only 2^24 bits to index into the next/check tables. With
most states having at least 1 transition this effectively caps the
number of states at 2^24.

To obtain 2^32 possible states a flags table needs to be added. Add
a skeleton around supporting a flags table, so we can note the remaining
work that needs to be done. This patch will only allow for 2^24 states.

Bug: https://gitlab.com/apparmor/apparmor/-/issues/419

Signed-off-by: John Johansen <john.johansen@canonical.com>
This commit is contained in:
John Johansen
2024-08-14 08:57:08 -07:00
parent 22e1863e20
commit f86fda02f5
9 changed files with 109 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
parser/common_optarg.c
View File

@@ -71,6 +71,10 @@ optflag_table_t dumpflag_table[] = {
{ 1, "diff-progress", "Dump progress of differential encoding",
DUMP_DFA_DIFF_PROGRESS | DUMP_DFA_DIFF_STATS },
{ 1, "rule-merge", "dump information about rule merging", DUMP_RULE_MERGE},
{ 1, "state32", "Dump encoding 32 bit states",
DUMP_DFA_STATE32 },
{ 1, "flags_table", "Dump encoding flags table",
DUMP_DFA_FLAGS_TABLE },
{ 0, NULL, NULL, 0 },
};
@@ -78,7 +82,8 @@ optflag_table_t dfaoptflag_table[] = {
{ 2, "0", "no optimizations",
CONTROL_DFA_TREE_NORMAL | CONTROL_DFA_TREE_SIMPLE |
CONTROL_DFA_MINIMIZE | CONTROL_DFA_REMOVE_UNREACHABLE |
CONTROL_DFA_DIFF_ENCODE
CONTROL_DFA_DIFF_ENCODE | CONTROL_DFA_STATE32 |
CONTROL_DFA_FLAGS_TABLE
},
{ 1, "equiv", "use equivalent classes", CONTROL_DFA_EQUIV },
{ 1, "expr-normalize", "expression tree normalization",
@@ -102,6 +107,10 @@ optflag_table_t dfaoptflag_table[] = {
{ 1, "diff-encode", "Differentially encode transitions",
CONTROL_DFA_DIFF_ENCODE },
{ 1, "rule-merge", "turn on rule merging", CONTROL_RULE_MERGE},
{ 1, "state32", "use 32 bit state transitions",
CONTROL_DFA_STATE32 },
{ 1, "flags-table", "use independent flags table",
CONTROL_DFA_FLAGS_TABLE },
{ 0, NULL, NULL, 0 },
};