From patchwork Tue Aug 28 20:13:22 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Amit Pundir X-Patchwork-Id: 145367 Delivered-To: patch@linaro.org Received: by 2002:a2e:1648:0:0:0:0:0 with SMTP id 8-v6csp1589407ljw; Tue, 28 Aug 2018 13:14:05 -0700 (PDT) X-Google-Smtp-Source: ANB0VdbwoU9xtybp+Efb9b8RhFRAgqIGS7IvJb7xO/XuUyfxvKhPHsHViehEQ15b0Ln8YFfwicQQ X-Received: by 2002:a63:9712:: with SMTP id n18-v6mr2827382pge.92.1535487245711; Tue, 28 Aug 2018 13:14:05 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1535487245; cv=none; d=google.com; s=arc-20160816; b=HbKg62Tkw+2LXViWsLV3PMqmoec0pZIWtiDtsj4GM76M0cqaEsikatjYzW92wlk3tT UttJW/dnfL3rGu+LKBNDO7AetlLkSnqcbEsIx+d/4Bft7Q1KmCqHZ56axFztzHKV95lX ooQ13LMM8pSl8lFRAPo1mmZgA0y5BmsuyhbY+/IPh6m5PLxaJ0LXtW1PKXohuj73tmcm FzWH2/QVsDTHR51Pz6WOI/UxqJFM8/+rRLr9/GKgx2+qm4G2x9ozxLo0VBHq462Sg3GS VH5gyYvNUDXa9cVA3vs766Yfx2bCCOFudRQWy0qbLmZ32Wzzj/DfG7LU/fBgiMFPk8+D pyrg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature:arc-authentication-results; bh=QG2jYi4xbZtB60lhzSK5hjQqa5E/smq1fH4liWdBk/s=; b=raksobLpd81Pmla0/s5HvCK1taRTLqPcuA1sFoR9hQZLhIIGD3n7X67h7VMpYveZ+4 a1kHla+PtcmahDN7Lha6EHZ02SzE9/3kJFb+j+sOKdQFNl/WlBxOTZmjmMvvtTcBX92l Gd7+k6m7YBVxskVg7tjBNWPdQs2FPUFhOW6t+qjQAEaogAKTZk5kjuItiXtL4SR14dPm +874Q8Y9GumpvRHG/uD+DCsuajVJs6y9oYlfsw3OqM/zx3sgyOZ0TshfHcpLuMVNt5Qa dewsiAt6/Vb7EBRi/6BvxIWrwiyZkxcImPHqkCe/ATyZhRjNeZ2ypGfPKiRBvjS+BXQx hGDQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=gVoUbeIz; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y10-v6si1906969pgf.312.2018.08.28.13.14.05; Tue, 28 Aug 2018 13:14:05 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=gVoUbeIz; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727181AbeH2AHT (ORCPT + 13 others); Tue, 28 Aug 2018 20:07:19 -0400 Received: from mail-pg1-f195.google.com ([209.85.215.195]:40970 "EHLO mail-pg1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726961AbeH2AHT (ORCPT ); Tue, 28 Aug 2018 20:07:19 -0400 Received: by mail-pg1-f195.google.com with SMTP id s15-v6so1237356pgv.8 for ; Tue, 28 Aug 2018 13:14:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=QG2jYi4xbZtB60lhzSK5hjQqa5E/smq1fH4liWdBk/s=; b=gVoUbeIzq4q2IlrFgVlJa3mgF4iiQ101kkX+fKT4apaHt/w6XoiLbzEYP8+BMPh7ZL fzqE5SnuGRTyS+YWVFmDGjFnn6P92Z69ZMWvDGaHJEHWnI1996d/oC01PoXh0m2mIbRG ul/fkfbZm0pl6lDMlhzdfk7zoY8c9pVNer8uU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=QG2jYi4xbZtB60lhzSK5hjQqa5E/smq1fH4liWdBk/s=; b=LTRWq1CIP9PdidjVoo4tprQUwbo6FKHH4j6kuVyGIglrMbmGCN8TFHbLxJjLpH2JAm GT1cK1xdDcjIt9FI3SuSY/srpIpTJq3x8iM3qGbkpy+z5rORVdamuZp1IbsGw73VB7wF 9PE0P3PvqWLf4TdNadJCgv1L/qA9RkKRWX6m/BU7PC/eHkoAKxQI4riQuCa3Z8bS66KC Nb1mDKJfxb7lkjrcIJcJ0Wvd3WfEYxlnfv8O/y9vwl9l/jSYJ1DCwSEaBKuyqxusLFlv SO+/RlEkOmVXe53D2hZq5DSgco2VUz4HS4kqQVTpzgHpiA8gdy3ezfjCfp0AM0MF4IpJ uZ0w== X-Gm-Message-State: APzg51Br0ZGg2lfx4l8w6HsSR6VBr/0tjWqMmyCN7J8QkCRJi+pWcORP 4OulpV43BGRdfBtgz7MOow/mlw== X-Received: by 2002:a62:5ec3:: with SMTP id s186-v6mr3000822pfb.146.1535487244378; Tue, 28 Aug 2018 13:14:04 -0700 (PDT) Received: from localhost.localdomain ([49.207.48.21]) by smtp.gmail.com with ESMTPSA id t86-v6sm3098181pfe.109.2018.08.28.13.14.01 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 28 Aug 2018 13:14:03 -0700 (PDT) From: Amit Pundir To: Greg KH Cc: Stable , Michal Hocko , Paul Moore Subject: [PATCH for-4.9.y 11/14] selinux: use GFP_NOWAIT in the AVC kmem_caches Date: Wed, 29 Aug 2018 01:43:22 +0530 Message-Id: <1535487205-26280-12-git-send-email-amit.pundir@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1535487205-26280-1-git-send-email-amit.pundir@linaro.org> References: <1535487205-26280-1-git-send-email-amit.pundir@linaro.org> Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Michal Hocko commit 476accbe2f6ef69caeebe99f52a286e12ac35aee upstream. There is a strange __GFP_NOMEMALLOC usage pattern in SELinux, specifically GFP_ATOMIC | __GFP_NOMEMALLOC which doesn't make much sense. GFP_ATOMIC on its own allows to access memory reserves while __GFP_NOMEMALLOC dictates we cannot use memory reserves. Replace this with the much more sane GFP_NOWAIT in the AVC code as we can tolerate memory allocation failures in that code. Signed-off-by: Michal Hocko Acked-by: Mel Gorman Signed-off-by: Paul Moore Signed-off-by: Amit Pundir --- To be applied on 4.4.y as well. Build tested on v4.4.153. security/selinux/avc.c | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) -- 2.7.4 diff --git a/security/selinux/avc.c b/security/selinux/avc.c index e60c79de13e1..52f3c550abcc 100644 --- a/security/selinux/avc.c +++ b/security/selinux/avc.c @@ -348,27 +348,26 @@ static struct avc_xperms_decision_node struct avc_xperms_decision_node *xpd_node; struct extended_perms_decision *xpd; - xpd_node = kmem_cache_zalloc(avc_xperms_decision_cachep, - GFP_ATOMIC | __GFP_NOMEMALLOC); + xpd_node = kmem_cache_zalloc(avc_xperms_decision_cachep, GFP_NOWAIT); if (!xpd_node) return NULL; xpd = &xpd_node->xpd; if (which & XPERMS_ALLOWED) { xpd->allowed = kmem_cache_zalloc(avc_xperms_data_cachep, - GFP_ATOMIC | __GFP_NOMEMALLOC); + GFP_NOWAIT); if (!xpd->allowed) goto error; } if (which & XPERMS_AUDITALLOW) { xpd->auditallow = kmem_cache_zalloc(avc_xperms_data_cachep, - GFP_ATOMIC | __GFP_NOMEMALLOC); + GFP_NOWAIT); if (!xpd->auditallow) goto error; } if (which & XPERMS_DONTAUDIT) { xpd->dontaudit = kmem_cache_zalloc(avc_xperms_data_cachep, - GFP_ATOMIC | __GFP_NOMEMALLOC); + GFP_NOWAIT); if (!xpd->dontaudit) goto error; } @@ -396,8 +395,7 @@ static struct avc_xperms_node *avc_xperms_alloc(void) { struct avc_xperms_node *xp_node; - xp_node = kmem_cache_zalloc(avc_xperms_cachep, - GFP_ATOMIC|__GFP_NOMEMALLOC); + xp_node = kmem_cache_zalloc(avc_xperms_cachep, GFP_NOWAIT); if (!xp_node) return xp_node; INIT_LIST_HEAD(&xp_node->xpd_head); @@ -550,7 +548,7 @@ static struct avc_node *avc_alloc_node(void) { struct avc_node *node; - node = kmem_cache_zalloc(avc_node_cachep, GFP_ATOMIC|__GFP_NOMEMALLOC); + node = kmem_cache_zalloc(avc_node_cachep, GFP_NOWAIT); if (!node) goto out;