Skip to content

Commit 476accb

Browse files
Michal Hockopcmoore
Michal Hocko
authored and
pcmoore
committed
selinux: use GFP_NOWAIT in the AVC kmem_caches
There is a strange __GFP_NOMEMALLOC usage pattern in SELinux, specifically GFP_ATOMIC | __GFP_NOMEMALLOC which doesn't make much sense. GFP_ATOMIC on its own allows to access memory reserves while __GFP_NOMEMALLOC dictates we cannot use memory reserves. Replace this with the much more sane GFP_NOWAIT in the AVC code as we can tolerate memory allocation failures in that code. Signed-off-by: Michal Hocko <[email protected]> Acked-by: Mel Gorman <[email protected]> Signed-off-by: Paul Moore <[email protected]>
1 parent af63f41 commit 476accb

File tree

1 file changed

+6
-8
lines changed

1 file changed

+6
-8
lines changed

security/selinux/avc.c

Lines changed: 6 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -348,27 +348,26 @@ static struct avc_xperms_decision_node
348348
struct avc_xperms_decision_node *xpd_node;
349349
struct extended_perms_decision *xpd;
350350

351-
xpd_node = kmem_cache_zalloc(avc_xperms_decision_cachep,
352-
GFP_ATOMIC | __GFP_NOMEMALLOC);
351+
xpd_node = kmem_cache_zalloc(avc_xperms_decision_cachep, GFP_NOWAIT);
353352
if (!xpd_node)
354353
return NULL;
355354

356355
xpd = &xpd_node->xpd;
357356
if (which & XPERMS_ALLOWED) {
358357
xpd->allowed = kmem_cache_zalloc(avc_xperms_data_cachep,
359-
GFP_ATOMIC | __GFP_NOMEMALLOC);
358+
GFP_NOWAIT);
360359
if (!xpd->allowed)
361360
goto error;
362361
}
363362
if (which & XPERMS_AUDITALLOW) {
364363
xpd->auditallow = kmem_cache_zalloc(avc_xperms_data_cachep,
365-
GFP_ATOMIC | __GFP_NOMEMALLOC);
364+
GFP_NOWAIT);
366365
if (!xpd->auditallow)
367366
goto error;
368367
}
369368
if (which & XPERMS_DONTAUDIT) {
370369
xpd->dontaudit = kmem_cache_zalloc(avc_xperms_data_cachep,
371-
GFP_ATOMIC | __GFP_NOMEMALLOC);
370+
GFP_NOWAIT);
372371
if (!xpd->dontaudit)
373372
goto error;
374373
}
@@ -396,8 +395,7 @@ static struct avc_xperms_node *avc_xperms_alloc(void)
396395
{
397396
struct avc_xperms_node *xp_node;
398397

399-
xp_node = kmem_cache_zalloc(avc_xperms_cachep,
400-
GFP_ATOMIC|__GFP_NOMEMALLOC);
398+
xp_node = kmem_cache_zalloc(avc_xperms_cachep, GFP_NOWAIT);
401399
if (!xp_node)
402400
return xp_node;
403401
INIT_LIST_HEAD(&xp_node->xpd_head);
@@ -550,7 +548,7 @@ static struct avc_node *avc_alloc_node(void)
550548
{
551549
struct avc_node *node;
552550

553-
node = kmem_cache_zalloc(avc_node_cachep, GFP_ATOMIC|__GFP_NOMEMALLOC);
551+
node = kmem_cache_zalloc(avc_node_cachep, GFP_NOWAIT);
554552
if (!node)
555553
goto out;
556554

0 commit comments

Comments
 (0)