[PATCH 1/1] Smack: Create smack_rule cache to optimize memory usage
Casey Schaufler
casey at schaufler-ca.com
Tue Apr 9 23:30:48 UTC 2019
On 3/14/2019 2:06 AM, Vishal Goel wrote:
> This patch allows for small memory optimization by creating the
> kmem cache for "struct smack_rule" instead of using kzalloc.
> For adding new smack rule, kzalloc is used to allocate the memory
> for "struct smack_rule". kzalloc will always allocate 32 or 64 bytes
> for 1 structure depending upon the kzalloc cache sizes available in
> system. Although the size of structure is 20 bytes only, resulting
> in memory wastage per object in the default pool.
>
> For e.g., if there are 20000 rules, then it will save 240KB(20000*12)
> which is crucial for small memory targets.
>
> Signed-off-by: Vishal Goel <vishal.goel at samsung.com>
> Signed-off-by: Amit Sahrawat <a.sahrawat at samsung.com>
I have taken this patch in for
https://github.com/cschaufler/next-smack.git#smack-for-5.2
> ---
> security/smack/smack.h | 1 +
> security/smack/smack_lsm.c | 12 ++++++++++--
> security/smack/smackfs.c | 2 +-
> 3 files changed, 12 insertions(+), 3 deletions(-)
>
> diff --git a/security/smack/smack.h b/security/smack/smack.h
> index 6a71fc7..a5d7461 100644
> --- a/security/smack/smack.h
> +++ b/security/smack/smack.h
> @@ -354,6 +354,7 @@ int smk_tskacc(struct task_smack *, struct smack_known *,
>
> #define SMACK_HASH_SLOTS 16
> extern struct hlist_head smack_known_hash[SMACK_HASH_SLOTS];
> +extern struct kmem_cache *smack_rule_cache;
>
> /*
> * Is the directory transmuting?
> diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
> index 319add3..16b6cf5 100644
> --- a/security/smack/smack_lsm.c
> +++ b/security/smack/smack_lsm.c
> @@ -56,6 +56,7 @@
> static LIST_HEAD(smk_ipv6_port_list);
> #endif
> static struct kmem_cache *smack_inode_cache;
> +struct kmem_cache *smack_rule_cache;
> int smack_enabled;
>
> static const match_table_t smk_mount_tokens = {
> @@ -349,7 +350,7 @@ static int smk_copy_rules(struct list_head *nhead, struct list_head *ohead,
> int rc = 0;
>
> list_for_each_entry_rcu(orp, ohead, list) {
> - nrp = kzalloc(sizeof(struct smack_rule), gfp);
> + nrp = kmem_cache_zalloc(smack_rule_cache, gfp);
> if (nrp == NULL) {
> rc = -ENOMEM;
> break;
> @@ -1995,7 +1996,7 @@ static void smack_cred_free(struct cred *cred)
> list_for_each_safe(l, n, &tsp->smk_rules) {
> rp = list_entry(l, struct smack_rule, list);
> list_del(&rp->list);
> - kfree(rp);
> + kmem_cache_free(smack_rule_cache, rp);
> }
> kfree(tsp);
> }
> @@ -4788,10 +4789,17 @@ static __init int smack_init(void)
> if (!smack_inode_cache)
> return -ENOMEM;
>
> + smack_rule_cache = KMEM_CACHE(smack_rule, 0);
> + if (!smack_rule_cache) {
> + kmem_cache_destroy(smack_inode_cache);
> + return -ENOMEM;
> + }
> +
> tsp = new_task_smack(&smack_known_floor, &smack_known_floor,
> GFP_KERNEL);
> if (tsp == NULL) {
> kmem_cache_destroy(smack_inode_cache);
> + kmem_cache_destroy(smack_rule_cache);
> return -ENOMEM;
> }
>
> diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c
> index 2a8a1f5..d8a0e25 100644
> --- a/security/smack/smackfs.c
> +++ b/security/smack/smackfs.c
> @@ -236,7 +236,7 @@ static int smk_set_access(struct smack_parsed_rule *srp,
> }
>
> if (found == 0) {
> - sp = kzalloc(sizeof(*sp), GFP_KERNEL);
> + sp = kmem_cache_zalloc(smack_rule_cache, GFP_KERNEL);
> if (sp == NULL) {
> rc = -ENOMEM;
> goto out;
More information about the Linux-security-module-archive
mailing list