[PATCH] security: selinux: use kmem_cache for ebitmap

Paul Moore paul at paul-moore.com
Wed Jun 7 13:50:24 UTC 2017


On Tue, Jun 6, 2017 at 7:38 PM, 이준일/연구원/MC연구소 BSP실
BSP6팀(junil0814.lee at lge.com) <junil0814.lee at lge.com> wrote:
> Paul Moore wrote on 2017-06-06 오전 6:39:
>> On Mon, Jun 5, 2017 at 5:10 AM, Junil Lee <junil0814.lee at lge.com> wrote:
>>> The allocated size for each ebitmap_node is 192byte by kzalloc().
>>> Then, ebitmap_node size is fixed, so it's possible to use only 144byte
>>> for each object by kmem_cache_zalloc().
>>> It can reduce some dynamic allocation size.
>>>
>>> Signed-off-by: Junil Lee <junil0814.lee at lge.com>
>>> ---
>>> security/selinux/ss/ebitmap.c | 24 +++++++++++++++++++-----
>>> security/selinux/ss/ebitmap.h | 3 +++
>>> security/selinux/ss/services.c | 4 ++++
>>> 3 files changed, 26 insertions(+), 5 deletions(-)
>>>
>>> diff --git a/security/selinux/ss/ebitmap.c
>> b/security/selinux/ss/ebitmap.c
>>> index 9db4709a..076c96f 100644
>>> --- a/security/selinux/ss/ebitmap.c
>>> +++ b/security/selinux/ss/ebitmap.c
>>> @@ -24,6 +24,8 @@
>>>
>>> #define BITS_PER_U64 (sizeof(u64) * 8)
>>>
>>> +static struct kmem_cache *ebitmap_node_cachep;
>>> +
>>> int ebitmap_cmp(struct ebitmap *e1, struct ebitmap *e2)
>>> {
>>> struct ebitmap_node *n1, *n2;
>>> @@ -54,7 +56,7 @@ int ebitmap_cpy(struct ebitmap *dst, struct ebitmap
>> *src)
>>> n = src->node;
>>> prev = NULL;
>>> while (n) {
>>> - new = kzalloc(sizeof(*new), GFP_ATOMIC);
>>> + new = kmem_cache_zalloc(ebitmap_node_cachep, GFP_ATOMIC);
>>> if (!new) {
>>> ebitmap_destroy(dst);
>>> return -ENOMEM;
>>> @@ -162,7 +164,7 @@ int ebitmap_netlbl_import(struct ebitmap *ebmap,
>>> if (e_iter == NULL ||
>>> offset >= e_iter->startbit + EBITMAP_SIZE) {
>>> e_prev = e_iter;
>>> - e_iter = kzalloc(sizeof(*e_iter), GFP_ATOMIC);
>>> + e_iter = kmem_cache_zalloc(ebitmap_node_cachep, GFP_ATOMIC);
>>> if (e_iter == NULL)
>>> goto netlbl_import_failure;
>>> e_iter->startbit = offset - (offset % EBITMAP_SIZE);
>>> @@ -299,7 +301,7 @@ int ebitmap_set_bit(struct ebitmap *e, unsigned
>> long bit, int value)
>>> if (!value)
>>> return 0;
>>>
>>> - new = kzalloc(sizeof(*new), GFP_ATOMIC);
>>> + new = kmem_cache_zalloc(ebitmap_node_cachep, GFP_ATOMIC);
>>> if (!new)
>>> return -ENOMEM;
>>
>> I believe there is a kfree() in ebitmap_set_bit() that also needs to
>> be converted.
>>
>
> Thanks for your advice Paul.
> reattach patch v2.

Please submit patches inline, just as you did for your original
posting.  It make it easier to review and apply.

Thanks.

-- 
paul moore
www.paul-moore.com
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html



More information about the Linux-security-module-archive mailing list