lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 3 Aug 2017 09:56:32 +0100
From:   Mel Gorman <mgorman@...e.de>
To:     Michal Hocko <mhocko@...nel.org>
Cc:     Paul Moore <pmoore@...hat.com>,
        Jeff Vander Stoep <jeffv@...gle.com>, linux-mm@...ck.org,
        LKML <linux-kernel@...r.kernel.org>, selinux@...ho.nsa.gov
Subject: Re: suspicious __GFP_NOMEMALLOC in selinux

On Thu, Aug 03, 2017 at 10:11:52AM +0200, Michal Hocko wrote:
> > The GFP_ATOMIC|__GFP_NOMEMALLOC use in SELinux appears to be limited
> > to security/selinux/avc.c, and digging a bit, I'm guessing commit
> > fa1aa143ac4a copied the combination from 6290c2c43973 ("selinux: tag
> > avc cache alloc as non-critical") and the avc_alloc_node() function.
> 
> Thanks for the pointer. That makes much more sense now. Back in 2012 we
> really didn't have a good way to distinguish non sleeping and atomic
> with reserves allocations.
>  

Yes, and GFP_NOWAIT is the right way to express that now. It'll still
wake kswapd but it won't stall on direct reclaim and won't dip into
reserves.

Thanks Michal.

> ---
> From 6d506a75da83c0724ed399966971711f37d67411 Mon Sep 17 00:00:00 2001
> From: Michal Hocko <mhocko@...e.com>
> Date: Thu, 3 Aug 2017 10:04:20 +0200
> Subject: [PATCH] selinux: replace GFP_ATOMIC | __GFP_NOMEMALLOC with
>  GFP_NOWAIT
> 
> selinux avc code uses a weird combination of gfp flags. It asks for
> GFP_ATOMIC which allows access to memory reserves while it requests
> to not consume memory reserves by __GFP_NOMEMALLOC. This seems to be
> copying the pattern from 6290c2c43973 ("selinux: tag avc cache alloc as
> non-critical").
> 
> Back then (before d0164adc89f6 ("mm, page_alloc: distinguish between
> being unable to sleep, unwilling to sleep and avoiding waking kswapd"))
> we didn't have a good way to distinguish nowait and atomic allocations
> so the construct made some sense. Now we do not have to play tricks
> though and GFP_NOWAIT will provide the required semantic (aka do not
> sleep and do not consume any memory reserves).
> 
> Signed-off-by: Michal Hocko <mhocko@...e.com>

Looks right to me

Acked-by: Mel Gorman <mgorman@...e.de>

-- 
Mel Gorman
SUSE Labs

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ