diff options
| author | Michal Hocko <mhocko@kernel.org> | 2017-08-03 04:11:52 -0400 |
|---|---|---|
| committer | Paul Moore <paul@paul-moore.com> | 2017-08-08 09:12:23 -0400 |
| commit | 476accbe2f6ef69caeebe99f52a286e12ac35aee (patch) | |
| tree | fa8f78eebbc6c5657634751906db4d445359cce5 /security | |
| parent | af63f4193f9fbbbac50fc766417d74735afd87ef (diff) | |
selinux: use GFP_NOWAIT in the AVC kmem_caches
There is a strange __GFP_NOMEMALLOC usage pattern in SELinux,
specifically GFP_ATOMIC | __GFP_NOMEMALLOC which doesn't make much
sense. GFP_ATOMIC on its own allows to access memory reserves while
__GFP_NOMEMALLOC dictates we cannot use memory reserves. Replace this
with the much more sane GFP_NOWAIT in the AVC code as we can tolerate
memory allocation failures in that code.
Signed-off-by: Michal Hocko <mhocko@kernel.org>
Acked-by: Mel Gorman <mgorman@suse.de>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'security')
| -rw-r--r-- | security/selinux/avc.c | 14 |
1 files changed, 6 insertions, 8 deletions
diff --git a/security/selinux/avc.c b/security/selinux/avc.c index e60c79de13e1..52f3c550abcc 100644 --- a/security/selinux/avc.c +++ b/security/selinux/avc.c | |||
| @@ -348,27 +348,26 @@ static struct avc_xperms_decision_node | |||
| 348 | struct avc_xperms_decision_node *xpd_node; | 348 | struct avc_xperms_decision_node *xpd_node; |
| 349 | struct extended_perms_decision *xpd; | 349 | struct extended_perms_decision *xpd; |
| 350 | 350 | ||
| 351 | xpd_node = kmem_cache_zalloc(avc_xperms_decision_cachep, | 351 | xpd_node = kmem_cache_zalloc(avc_xperms_decision_cachep, GFP_NOWAIT); |
| 352 | GFP_ATOMIC | __GFP_NOMEMALLOC); | ||
| 353 | if (!xpd_node) | 352 | if (!xpd_node) |
| 354 | return NULL; | 353 | return NULL; |
| 355 | 354 | ||
| 356 | xpd = &xpd_node->xpd; | 355 | xpd = &xpd_node->xpd; |
| 357 | if (which & XPERMS_ALLOWED) { | 356 | if (which & XPERMS_ALLOWED) { |
| 358 | xpd->allowed = kmem_cache_zalloc(avc_xperms_data_cachep, | 357 | xpd->allowed = kmem_cache_zalloc(avc_xperms_data_cachep, |
| 359 | GFP_ATOMIC | __GFP_NOMEMALLOC); | 358 | GFP_NOWAIT); |
| 360 | if (!xpd->allowed) | 359 | if (!xpd->allowed) |
| 361 | goto error; | 360 | goto error; |
| 362 | } | 361 | } |
| 363 | if (which & XPERMS_AUDITALLOW) { | 362 | if (which & XPERMS_AUDITALLOW) { |
| 364 | xpd->auditallow = kmem_cache_zalloc(avc_xperms_data_cachep, | 363 | xpd->auditallow = kmem_cache_zalloc(avc_xperms_data_cachep, |
| 365 | GFP_ATOMIC | __GFP_NOMEMALLOC); | 364 | GFP_NOWAIT); |
| 366 | if (!xpd->auditallow) | 365 | if (!xpd->auditallow) |
| 367 | goto error; | 366 | goto error; |
| 368 | } | 367 | } |
| 369 | if (which & XPERMS_DONTAUDIT) { | 368 | if (which & XPERMS_DONTAUDIT) { |
| 370 | xpd->dontaudit = kmem_cache_zalloc(avc_xperms_data_cachep, | 369 | xpd->dontaudit = kmem_cache_zalloc(avc_xperms_data_cachep, |
| 371 | GFP_ATOMIC | __GFP_NOMEMALLOC); | 370 | GFP_NOWAIT); |
| 372 | if (!xpd->dontaudit) | 371 | if (!xpd->dontaudit) |
| 373 | goto error; | 372 | goto error; |
| 374 | } | 373 | } |
| @@ -396,8 +395,7 @@ static struct avc_xperms_node *avc_xperms_alloc(void) | |||
| 396 | { | 395 | { |
| 397 | struct avc_xperms_node *xp_node; | 396 | struct avc_xperms_node *xp_node; |
| 398 | 397 | ||
| 399 | xp_node = kmem_cache_zalloc(avc_xperms_cachep, | 398 | xp_node = kmem_cache_zalloc(avc_xperms_cachep, GFP_NOWAIT); |
| 400 | GFP_ATOMIC|__GFP_NOMEMALLOC); | ||
| 401 | if (!xp_node) | 399 | if (!xp_node) |
| 402 | return xp_node; | 400 | return xp_node; |
| 403 | INIT_LIST_HEAD(&xp_node->xpd_head); | 401 | INIT_LIST_HEAD(&xp_node->xpd_head); |
| @@ -550,7 +548,7 @@ static struct avc_node *avc_alloc_node(void) | |||
| 550 | { | 548 | { |
| 551 | struct avc_node *node; | 549 | struct avc_node *node; |
| 552 | 550 | ||
| 553 | node = kmem_cache_zalloc(avc_node_cachep, GFP_ATOMIC|__GFP_NOMEMALLOC); | 551 | node = kmem_cache_zalloc(avc_node_cachep, GFP_NOWAIT); |
| 554 | if (!node) | 552 | if (!node) |
| 555 | goto out; | 553 | goto out; |
| 556 | 554 | ||