Commit 5979431a authored by Michal Hocko's avatar Michal Hocko Committed by Kleber Sacilotto de Souza

selinux: use GFP_NOWAIT in the AVC kmem_caches

BugLink: https://bugs.launchpad.net/bugs/1798539

commit 476accbe upstream.

There is a strange __GFP_NOMEMALLOC usage pattern in SELinux,
specifically GFP_ATOMIC | __GFP_NOMEMALLOC which doesn't make much
sense.  GFP_ATOMIC on its own allows to access memory reserves while
__GFP_NOMEMALLOC dictates we cannot use memory reserves.  Replace this
with the much more sane GFP_NOWAIT in the AVC code as we can tolerate
memory allocation failures in that code.
Signed-off-by: default avatarMichal Hocko <mhocko@kernel.org>
Acked-by: default avatarMel Gorman <mgorman@suse.de>
Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
Signed-off-by: default avatarAmit Pundir <amit.pundir@linaro.org>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: default avatarStefan Bader <stefan.bader@canonical.com>
Signed-off-by: default avatarKleber Sacilotto de Souza <kleber.souza@canonical.com>
parent 3f5fc866
...@@ -348,27 +348,26 @@ static struct avc_xperms_decision_node ...@@ -348,27 +348,26 @@ static struct avc_xperms_decision_node
struct avc_xperms_decision_node *xpd_node; struct avc_xperms_decision_node *xpd_node;
struct extended_perms_decision *xpd; struct extended_perms_decision *xpd;
xpd_node = kmem_cache_zalloc(avc_xperms_decision_cachep, xpd_node = kmem_cache_zalloc(avc_xperms_decision_cachep, GFP_NOWAIT);
GFP_ATOMIC | __GFP_NOMEMALLOC);
if (!xpd_node) if (!xpd_node)
return NULL; return NULL;
xpd = &xpd_node->xpd; xpd = &xpd_node->xpd;
if (which & XPERMS_ALLOWED) { if (which & XPERMS_ALLOWED) {
xpd->allowed = kmem_cache_zalloc(avc_xperms_data_cachep, xpd->allowed = kmem_cache_zalloc(avc_xperms_data_cachep,
GFP_ATOMIC | __GFP_NOMEMALLOC); GFP_NOWAIT);
if (!xpd->allowed) if (!xpd->allowed)
goto error; goto error;
} }
if (which & XPERMS_AUDITALLOW) { if (which & XPERMS_AUDITALLOW) {
xpd->auditallow = kmem_cache_zalloc(avc_xperms_data_cachep, xpd->auditallow = kmem_cache_zalloc(avc_xperms_data_cachep,
GFP_ATOMIC | __GFP_NOMEMALLOC); GFP_NOWAIT);
if (!xpd->auditallow) if (!xpd->auditallow)
goto error; goto error;
} }
if (which & XPERMS_DONTAUDIT) { if (which & XPERMS_DONTAUDIT) {
xpd->dontaudit = kmem_cache_zalloc(avc_xperms_data_cachep, xpd->dontaudit = kmem_cache_zalloc(avc_xperms_data_cachep,
GFP_ATOMIC | __GFP_NOMEMALLOC); GFP_NOWAIT);
if (!xpd->dontaudit) if (!xpd->dontaudit)
goto error; goto error;
} }
...@@ -396,8 +395,7 @@ static struct avc_xperms_node *avc_xperms_alloc(void) ...@@ -396,8 +395,7 @@ static struct avc_xperms_node *avc_xperms_alloc(void)
{ {
struct avc_xperms_node *xp_node; struct avc_xperms_node *xp_node;
xp_node = kmem_cache_zalloc(avc_xperms_cachep, xp_node = kmem_cache_zalloc(avc_xperms_cachep, GFP_NOWAIT);
GFP_ATOMIC|__GFP_NOMEMALLOC);
if (!xp_node) if (!xp_node)
return xp_node; return xp_node;
INIT_LIST_HEAD(&xp_node->xpd_head); INIT_LIST_HEAD(&xp_node->xpd_head);
...@@ -550,7 +548,7 @@ static struct avc_node *avc_alloc_node(void) ...@@ -550,7 +548,7 @@ static struct avc_node *avc_alloc_node(void)
{ {
struct avc_node *node; struct avc_node *node;
node = kmem_cache_zalloc(avc_node_cachep, GFP_ATOMIC|__GFP_NOMEMALLOC); node = kmem_cache_zalloc(avc_node_cachep, GFP_NOWAIT);
if (!node) if (!node)
goto out; goto out;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment