selinux: use GFP_NOWAIT in the AVC kmem_caches
There is a strange __GFP_NOMEMALLOC usage pattern in SELinux, specifically GFP_ATOMIC | __GFP_NOMEMALLOC which doesn't make much sense. GFP_ATOMIC on its own allows to access memory reserves while __GFP_NOMEMALLOC dictates we cannot use memory reserves. Replace this with the much more sane GFP_NOWAIT in the AVC code as we can tolerate memory allocation failures in that code. Signed-off-by: Michal Hocko <mhocko@kernel.org> Acked-by: Mel Gorman <mgorman@suse.de> Signed-off-by: Paul Moore <paul@paul-moore.com>
This commit is contained in:
parent
af63f4193f
commit
476accbe2f
@ -348,27 +348,26 @@ static struct avc_xperms_decision_node
|
||||
struct avc_xperms_decision_node *xpd_node;
|
||||
struct extended_perms_decision *xpd;
|
||||
|
||||
xpd_node = kmem_cache_zalloc(avc_xperms_decision_cachep,
|
||||
GFP_ATOMIC | __GFP_NOMEMALLOC);
|
||||
xpd_node = kmem_cache_zalloc(avc_xperms_decision_cachep, GFP_NOWAIT);
|
||||
if (!xpd_node)
|
||||
return NULL;
|
||||
|
||||
xpd = &xpd_node->xpd;
|
||||
if (which & XPERMS_ALLOWED) {
|
||||
xpd->allowed = kmem_cache_zalloc(avc_xperms_data_cachep,
|
||||
GFP_ATOMIC | __GFP_NOMEMALLOC);
|
||||
GFP_NOWAIT);
|
||||
if (!xpd->allowed)
|
||||
goto error;
|
||||
}
|
||||
if (which & XPERMS_AUDITALLOW) {
|
||||
xpd->auditallow = kmem_cache_zalloc(avc_xperms_data_cachep,
|
||||
GFP_ATOMIC | __GFP_NOMEMALLOC);
|
||||
GFP_NOWAIT);
|
||||
if (!xpd->auditallow)
|
||||
goto error;
|
||||
}
|
||||
if (which & XPERMS_DONTAUDIT) {
|
||||
xpd->dontaudit = kmem_cache_zalloc(avc_xperms_data_cachep,
|
||||
GFP_ATOMIC | __GFP_NOMEMALLOC);
|
||||
GFP_NOWAIT);
|
||||
if (!xpd->dontaudit)
|
||||
goto error;
|
||||
}
|
||||
@ -396,8 +395,7 @@ static struct avc_xperms_node *avc_xperms_alloc(void)
|
||||
{
|
||||
struct avc_xperms_node *xp_node;
|
||||
|
||||
xp_node = kmem_cache_zalloc(avc_xperms_cachep,
|
||||
GFP_ATOMIC|__GFP_NOMEMALLOC);
|
||||
xp_node = kmem_cache_zalloc(avc_xperms_cachep, GFP_NOWAIT);
|
||||
if (!xp_node)
|
||||
return xp_node;
|
||||
INIT_LIST_HEAD(&xp_node->xpd_head);
|
||||
@ -550,7 +548,7 @@ static struct avc_node *avc_alloc_node(void)
|
||||
{
|
||||
struct avc_node *node;
|
||||
|
||||
node = kmem_cache_zalloc(avc_node_cachep, GFP_ATOMIC|__GFP_NOMEMALLOC);
|
||||
node = kmem_cache_zalloc(avc_node_cachep, GFP_NOWAIT);
|
||||
if (!node)
|
||||
goto out;
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user