[PATCH] selinux: return -ENOMEM if kzalloc() fails
Paul Moore
paul at paul-moore.com
Fri Jun 30 22:30:19 UTC 2017
On Fri, Jun 30, 2017 at 9:10 AM, Tetsuo Handa
<penguin-kernel at i-love.sakura.ne.jp> wrote:
> Stephen Smalley wrote:
>> On Fri, 2017-06-30 at 10:56 +0300, Dan Carpenter wrote:
>> > We accidentally return success instead of -ENOMEM on this failure
>> > path.
>> >
>> > Fixes: 409dcf31538a ("selinux: Add a cache for quicker retreival of
>> > PKey SIDs")
>> > Signed-off-by: Dan Carpenter <dan.carpenter at oracle.com>
>>
>> NAK, that's intentional. See the comment just above the code in
>> question.
>
> If allocation failure is no problem, please consider using
> GFP_NOWAIT | __GFP_NOMEMALLOC | __GFP_NOWARN instead of
> GFP_ATOMIC, for memory reserves is mainly targeted for OOM victims.
I have a todo item to try and consolidate some of the SELinux object
cache code, this seems like something worth experimenting with when
that happens.
--
paul moore
www.paul-moore.com
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
More information about the Linux-security-module-archive
mailing list