[PATCH 1/2] apparmor: Use a memory pool instead per-CPU caches
Sebastian Andrzej Siewior
bigeasy at linutronix.de
Mon Apr 15 10:50:05 UTC 2019
On 2019-04-05 15:34:57 [+0200], To linux-security-module at vger.kernel.org wrote:
> The get_buffers() macro may provide one or two buffers to the caller.
> Those buffers are preallocated on init for each CPU. By default it
> 2* 2 * MAX_PATH * POSSIBLE_CPU
> which equals 64KiB on a system with 4 CPUs or 1MiB with 64 CPUs and so
> Replace the per-CPU buffers with a common memory pool which is shared
> across all CPUs. The pool grows on demand and never shrinks.
> By using this pool it is possible to request a buffer and keeping
> preemption enabled which avoids the hack in profile_transition().
> During light testing I didn't get more than two buffers in total with
> this patch. So it seems to make sense to allocate the buffers on demand
> and keep them for further use for a quick access.
> Signed-off-by: Sebastian Andrzej Siewior <bigeasy at linutronix.de>
a gentle ping.
More information about the Linux-security-module-archive