[PATCH 1/1] Smack: Create smack_rule cache to optimize memory usage

Casey Schaufler casey at schaufler-ca.com
Tue Apr 9 23:30:48 UTC 2019


On 3/14/2019 2:06 AM, Vishal Goel wrote:
> This patch allows for small memory optimization by creating the
> kmem cache for "struct smack_rule" instead of using kzalloc.
> For adding new smack rule, kzalloc is used to allocate the memory
> for "struct smack_rule". kzalloc will always allocate 32 or 64 bytes
> for 1 structure depending upon the kzalloc cache sizes available in
> system. Although the size of structure is 20 bytes only, resulting
> in memory wastage per object in the default pool.
>
> For e.g., if there are 20000 rules, then it will save 240KB(20000*12)
> which is crucial for small memory targets.
>
> Signed-off-by: Vishal Goel <vishal.goel at samsung.com>
> Signed-off-by: Amit Sahrawat <a.sahrawat at samsung.com>

I have taken this patch in for
	https://github.com/cschaufler/next-smack.git#smack-for-5.2

> ---
>   security/smack/smack.h     |  1 +
>   security/smack/smack_lsm.c | 12 ++++++++++--
>   security/smack/smackfs.c   |  2 +-
>   3 files changed, 12 insertions(+), 3 deletions(-)
>
> diff --git a/security/smack/smack.h b/security/smack/smack.h
> index 6a71fc7..a5d7461 100644
> --- a/security/smack/smack.h
> +++ b/security/smack/smack.h
> @@ -354,6 +354,7 @@ int smk_tskacc(struct task_smack *, struct smack_known *,
>   
>   #define SMACK_HASH_SLOTS 16
>   extern struct hlist_head smack_known_hash[SMACK_HASH_SLOTS];
> +extern struct kmem_cache *smack_rule_cache;
>   
>   /*
>    * Is the directory transmuting?
> diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
> index 319add3..16b6cf5 100644
> --- a/security/smack/smack_lsm.c
> +++ b/security/smack/smack_lsm.c
> @@ -56,6 +56,7 @@
>   static LIST_HEAD(smk_ipv6_port_list);
>   #endif
>   static struct kmem_cache *smack_inode_cache;
> +struct kmem_cache *smack_rule_cache;
>   int smack_enabled;
>   
>   static const match_table_t smk_mount_tokens = {
> @@ -349,7 +350,7 @@ static int smk_copy_rules(struct list_head *nhead, struct list_head *ohead,
>   	int rc = 0;
>   
>   	list_for_each_entry_rcu(orp, ohead, list) {
> -		nrp = kzalloc(sizeof(struct smack_rule), gfp);
> +		nrp = kmem_cache_zalloc(smack_rule_cache, gfp);
>   		if (nrp == NULL) {
>   			rc = -ENOMEM;
>   			break;
> @@ -1995,7 +1996,7 @@ static void smack_cred_free(struct cred *cred)
>   	list_for_each_safe(l, n, &tsp->smk_rules) {
>   		rp = list_entry(l, struct smack_rule, list);
>   		list_del(&rp->list);
> -		kfree(rp);
> +		kmem_cache_free(smack_rule_cache, rp);
>   	}
>   	kfree(tsp);
>   }
> @@ -4788,10 +4789,17 @@ static __init int smack_init(void)
>   	if (!smack_inode_cache)
>   		return -ENOMEM;
>   
> +	smack_rule_cache = KMEM_CACHE(smack_rule, 0);
> +	if (!smack_rule_cache) {
> +		kmem_cache_destroy(smack_inode_cache);
> +		return -ENOMEM;
> +	}
> +
>   	tsp = new_task_smack(&smack_known_floor, &smack_known_floor,
>   				GFP_KERNEL);
>   	if (tsp == NULL) {
>   		kmem_cache_destroy(smack_inode_cache);
> +		kmem_cache_destroy(smack_rule_cache);
>   		return -ENOMEM;
>   	}
>   
> diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c
> index 2a8a1f5..d8a0e25 100644
> --- a/security/smack/smackfs.c
> +++ b/security/smack/smackfs.c
> @@ -236,7 +236,7 @@ static int smk_set_access(struct smack_parsed_rule *srp,
>   	}
>   
>   	if (found == 0) {
> -		sp = kzalloc(sizeof(*sp), GFP_KERNEL);
> +		sp = kmem_cache_zalloc(smack_rule_cache, GFP_KERNEL);
>   		if (sp == NULL) {
>   			rc = -ENOMEM;
>   			goto out;



More information about the Linux-security-module-archive mailing list