lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <56156461.3080000@tycho.nsa.gov> Date: Wed, 7 Oct 2015 14:28:49 -0400 From: Stephen Smalley <sds@...ho.nsa.gov> To: Sangwoo <sangwoo2.park@....com>, paul@...l-moore.com, eparis@...isplace.org, james.l.morris@...cle.com, serge@...lyn.com Cc: selinux@...ho.nsa.gov, linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH] security: selinux: Use a kmem_cache for allocation struct file_security_struct On 10/05/2015 01:45 AM, Sangwoo wrote: > The size of struct file_security_struct is 16byte at my setup. > But, the real allocation size for per each file_security_struct > is 64bytes in my setup that kmalloc min size is 64bytes > because ARCH_DMA_MINALIGN is 64. > > This allocation is called every times at file allocation(alloc_file()). > So, the total slack memory size(allocated size - request size) > is increased exponentially. > > E.g) Min Kmalloc Size : 64bytes, Unit : bytes > Allocated Size | Request Size | Slack Size | Allocation Count > --------------------------------------------------------------- > 770048 | 192512 | 577536 | 12032 > > At the result, this change reduce memory usage 42bytes per each > file_security_struct > > Signed-off-by: Sangwoo <sangwoo2.park@....com> Acked-by: Stephen Smalley <sds@...ho.nsa.gov> > --- > security/selinux/hooks.c | 8 ++++++-- > 1 file changed, 6 insertions(+), 2 deletions(-) > > diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c > index 3f8d567..c20e082 100644 > --- a/security/selinux/hooks.c > +++ b/security/selinux/hooks.c > @@ -126,6 +126,7 @@ int selinux_enabled = 1; > #endif > > static struct kmem_cache *sel_inode_cache; > +static struct kmem_cache *file_security_cache; > > /** > * selinux_secmark_enabled - Check to see if SECMARK is currently enabled > @@ -287,7 +288,7 @@ static int file_alloc_security(struct file *file) > struct file_security_struct *fsec; > u32 sid = current_sid(); > > - fsec = kzalloc(sizeof(struct file_security_struct), GFP_KERNEL); > + fsec = kmem_cache_zalloc(file_security_cache, GFP_KERNEL); > if (!fsec) > return -ENOMEM; > > @@ -302,7 +303,7 @@ static void file_free_security(struct file *file) > { > struct file_security_struct *fsec = file->f_security; > file->f_security = NULL; > - kfree(fsec); > + kmem_cache_free(file_security_cache, fsec); > } > > static int superblock_alloc_security(struct super_block *sb) > @@ -6086,6 +6087,9 @@ static __init int selinux_init(void) > sel_inode_cache = kmem_cache_create("selinux_inode_security", > sizeof(struct inode_security_struct), > 0, SLAB_PANIC, NULL); > + file_security_cache = kmem_cache_create("selinux_file_security", > + sizeof(struct file_security_struct), > + 0, SLAB_PANIC, NULL); > avc_init(); > > security_add_hooks(selinux_hooks, ARRAY_SIZE(selinux_hooks)); > -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists