[PATCH for-4.9.y 11/14] selinux: use GFP_NOWAIT in the AVC kmem_caches

[PATCH for-4.9.y 00/14] Few upstream fixes from OnePlus6's kernel tree · Amit Pundir <hidden> · 2018-08-29
[PATCH for-4.9.y 01/14] cfq: Give a chance for arming slice idle timer in case of group_idle · Amit Pundir <hidden> · 2018-08-29
[PATCH for-4.9.y 02/14] kthread: Fix use-after-free if kthread fork fails · Amit Pundir <hidden> · 2018-08-29
[PATCH for-4.9.y 03/14] kthread: fix boot hang (regression) on MIPS/OpenRISC · Amit Pundir <hidden> · 2018-08-29
[PATCH for-4.9.y 04/14] random: convert get_random_int/long into get_random_u32/u64 · Amit Pundir <hidden> · 2018-08-29
Re: [PATCH for-4.9.y 04/14] random: convert get_random_int/long into get_random_u32/u64 · Greg KH <gregkh@linuxfoundation.org> · 2018-09-16
[PATCH for-4.9.y 05/14] staging: rt5208: Fix a sleep-in-atomic bug in xd_copy_page · Amit Pundir <hidden> · 2018-08-29
[PATCH for-4.9.y 06/14] staging/rts5208: Fix read overflow in memcpy · Amit Pundir <hidden> · 2018-08-29
[PATCH for-4.9.y 07/14] IB/rxe: do not copy extra stack memory to skb · Amit Pundir <hidden> · 2018-08-29
[PATCH for-4.9.y 08/14] block,blkcg: use __GFP_NOWARN for best-effort allocations in blkcg · Amit Pundir <hidden> · 2018-08-29
[PATCH for-4.9.y 09/14] nl80211: fix null-ptr dereference on invalid mesh configuration · Amit Pundir <hidden> · 2018-08-29
[PATCH for-4.9.y 10/14] locking/rwsem-xadd: Fix missed wakeup due to reordering of load · Amit Pundir <hidden> · 2018-08-29
[PATCH for-4.9.y 11/14] selinux: use GFP_NOWAIT in the AVC kmem_caches · Amit Pundir <hidden> · 2018-08-29
[PATCH for-4.9.y 12/14] locking/osq_lock: Fix osq_lock queue corruption · Amit Pundir <hidden> · 2018-08-29
[PATCH for-4.9.y 13/14] mm, vmscan: clear PGDAT_WRITEBACK when zone is balanced · Amit Pundir <hidden> · 2018-08-29
[PATCH for-4.9.y 14/14] mm: remove seemingly spurious reclaimability check from laptop_mode gating · Amit Pundir <hidden> · 2018-08-29
Re: [PATCH for-4.9.y 00/14] Few upstream fixes from OnePlus6's kernel tree · Greg KH <gregkh@linuxfoundation.org> · 2018-09-16

STALE2843d REVIEWED: 1 (1M)

From: Amit Pundir <hidden>
Date: 2018-08-29 00:07:19
Subsystem: selinux security module, the rest · Maintainers: Paul Moore, Stephen Smalley, Linus Torvalds

From: Michal Hocko <mhocko@kernel.org>

commit 476accbe2f6ef69caeebe99f52a286e12ac35aee upstream.

There is a strange __GFP_NOMEMALLOC usage pattern in SELinux,
specifically GFP_ATOMIC | __GFP_NOMEMALLOC which doesn't make much
sense.  GFP_ATOMIC on its own allows to access memory reserves while
__GFP_NOMEMALLOC dictates we cannot use memory reserves.  Replace this
with the much more sane GFP_NOWAIT in the AVC code as we can tolerate
memory allocation failures in that code.

Signed-off-by: Michal Hocko <mhocko@kernel.org>
Acked-by: Mel Gorman <mgorman@suse.de>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Amit Pundir <redacted>
---
To be applied on 4.4.y as well.
Build tested on v4.4.153.

 security/selinux/avc.c | 14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index e60c79de13e1..52f3c550abcc 100644
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c

@@ -348,27 +348,26 @@ static struct avc_xperms_decision_node
 	struct avc_xperms_decision_node *xpd_node;
 	struct extended_perms_decision *xpd;
 
-	xpd_node = kmem_cache_zalloc(avc_xperms_decision_cachep,
-				GFP_ATOMIC | __GFP_NOMEMALLOC);
+	xpd_node = kmem_cache_zalloc(avc_xperms_decision_cachep, GFP_NOWAIT);
 	if (!xpd_node)
 		return NULL;
 
 	xpd = &xpd_node->xpd;
 	if (which & XPERMS_ALLOWED) {
 		xpd->allowed = kmem_cache_zalloc(avc_xperms_data_cachep,
-						GFP_ATOMIC | __GFP_NOMEMALLOC);
+						GFP_NOWAIT);
 		if (!xpd->allowed)
 			goto error;
 	}
 	if (which & XPERMS_AUDITALLOW) {
 		xpd->auditallow = kmem_cache_zalloc(avc_xperms_data_cachep,
-						GFP_ATOMIC | __GFP_NOMEMALLOC);
+						GFP_NOWAIT);
 		if (!xpd->auditallow)
 			goto error;
 	}
 	if (which & XPERMS_DONTAUDIT) {
 		xpd->dontaudit = kmem_cache_zalloc(avc_xperms_data_cachep,
-						GFP_ATOMIC | __GFP_NOMEMALLOC);
+						GFP_NOWAIT);
 		if (!xpd->dontaudit)
 			goto error;
 	}

@@ -396,8 +395,7 @@ static struct avc_xperms_node *avc_xperms_alloc(void)
 {
 	struct avc_xperms_node *xp_node;
 
-	xp_node = kmem_cache_zalloc(avc_xperms_cachep,
-				GFP_ATOMIC|__GFP_NOMEMALLOC);
+	xp_node = kmem_cache_zalloc(avc_xperms_cachep, GFP_NOWAIT);
 	if (!xp_node)
 		return xp_node;
 	INIT_LIST_HEAD(&xp_node->xpd_head);

@@ -550,7 +548,7 @@ static struct avc_node *avc_alloc_node(void)
 {
 	struct avc_node *node;
 
-	node = kmem_cache_zalloc(avc_node_cachep, GFP_ATOMIC|__GFP_NOMEMALLOC);
+	node = kmem_cache_zalloc(avc_node_cachep, GFP_NOWAIT);
 	if (!node)
 		goto out;

-- 
2.7.4

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help