selinux: use GFP_NOWAIT in the AVC kmem_caches
There is a strange __GFP_NOMEMALLOC usage pattern in SELinux, specifically GFP_ATOMIC | __GFP_NOMEMALLOC which doesn't make much sense. GFP_ATOMIC on its own allows to access memory reserves while __GFP_NOMEMALLOC dictates we cannot use memory reserves. Replace this with the much more sane GFP_NOWAIT in the AVC code as we can tolerate memory allocation failures in that code. Signed-off-by: Michal Hocko <mhocko@kernel.org> Acked-by: Mel Gorman <mgorman@suse.de> Signed-off-by: Paul Moore <paul@paul-moore.com>
This commit is contained in:
Michal Hocko
Paul Moore
Родитель
af63f4193f
Коммит
476accbe2f
|
|
@ -348,27 +348,26 @@ static struct avc_xperms_decision_node
|
||||||
struct avc_xperms_decision_node *xpd_node;
|
struct avc_xperms_decision_node *xpd_node;
|
||||||
struct extended_perms_decision *xpd;
|
struct extended_perms_decision *xpd;
|
||||||
|
|
||||||
xpd_node = kmem_cache_zalloc(avc_xperms_decision_cachep,
|
xpd_node = kmem_cache_zalloc(avc_xperms_decision_cachep, GFP_NOWAIT);
|
||||||
GFP_ATOMIC | __GFP_NOMEMALLOC);
|
|
||||||
if (!xpd_node)
|
if (!xpd_node)
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|
||||||
xpd = &xpd_node->xpd;
|
xpd = &xpd_node->xpd;
|
||||||
if (which & XPERMS_ALLOWED) {
|
if (which & XPERMS_ALLOWED) {
|
||||||
xpd->allowed = kmem_cache_zalloc(avc_xperms_data_cachep,
|
xpd->allowed = kmem_cache_zalloc(avc_xperms_data_cachep,
|
||||||
GFP_ATOMIC | __GFP_NOMEMALLOC);
|
GFP_NOWAIT);
|
||||||
if (!xpd->allowed)
|
if (!xpd->allowed)
|
||||||
goto error;
|
goto error;
|
||||||
}
|
}
|
||||||
if (which & XPERMS_AUDITALLOW) {
|
if (which & XPERMS_AUDITALLOW) {
|
||||||
xpd->auditallow = kmem_cache_zalloc(avc_xperms_data_cachep,
|
xpd->auditallow = kmem_cache_zalloc(avc_xperms_data_cachep,
|
||||||
GFP_ATOMIC | __GFP_NOMEMALLOC);
|
GFP_NOWAIT);
|
||||||
if (!xpd->auditallow)
|
if (!xpd->auditallow)
|
||||||
goto error;
|
goto error;
|
||||||
}
|
}
|
||||||
if (which & XPERMS_DONTAUDIT) {
|
if (which & XPERMS_DONTAUDIT) {
|
||||||
xpd->dontaudit = kmem_cache_zalloc(avc_xperms_data_cachep,
|
xpd->dontaudit = kmem_cache_zalloc(avc_xperms_data_cachep,
|
||||||
GFP_ATOMIC | __GFP_NOMEMALLOC);
|
GFP_NOWAIT);
|
||||||
if (!xpd->dontaudit)
|
if (!xpd->dontaudit)
|
||||||
goto error;
|
goto error;
|
||||||
}
|
}
|
||||||
|
|
@ -396,8 +395,7 @@ static struct avc_xperms_node *avc_xperms_alloc(void)
|
||||||
{
|
{
|
||||||
struct avc_xperms_node *xp_node;
|
struct avc_xperms_node *xp_node;
|
||||||
|
|
||||||
xp_node = kmem_cache_zalloc(avc_xperms_cachep,
|
xp_node = kmem_cache_zalloc(avc_xperms_cachep, GFP_NOWAIT);
|
||||||
GFP_ATOMIC|__GFP_NOMEMALLOC);
|
|
||||||
if (!xp_node)
|
if (!xp_node)
|
||||||
return xp_node;
|
return xp_node;
|
||||||
INIT_LIST_HEAD(&xp_node->xpd_head);
|
INIT_LIST_HEAD(&xp_node->xpd_head);
|
||||||
|
|
@ -550,7 +548,7 @@ static struct avc_node *avc_alloc_node(void)
|
||||||
{
|
{
|
||||||
struct avc_node *node;
|
struct avc_node *node;
|
||||||
|
|
||||||
node = kmem_cache_zalloc(avc_node_cachep, GFP_ATOMIC|__GFP_NOMEMALLOC);
|
node = kmem_cache_zalloc(avc_node_cachep, GFP_NOWAIT);
|
||||||
if (!node)
|
if (!node)
|
||||||
goto out;
|
goto out;
|
||||||
|
|
||||||
|
|
|
||||||
Загрузка…
Ссылка в новой задаче