lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <56156461.3080000@tycho.nsa.gov>
Date:	Wed, 7 Oct 2015 14:28:49 -0400
From:	Stephen Smalley <sds@...ho.nsa.gov>
To:	Sangwoo <sangwoo2.park@....com>, paul@...l-moore.com,
	eparis@...isplace.org, james.l.morris@...cle.com, serge@...lyn.com
Cc:	selinux@...ho.nsa.gov, linux-security-module@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH] security: selinux: Use a kmem_cache for allocation struct
 file_security_struct

On 10/05/2015 01:45 AM, Sangwoo wrote:
> The size of struct file_security_struct is 16byte at my setup.
> But, the real allocation size for per each file_security_struct
> is 64bytes in my setup that kmalloc min size is 64bytes
> because ARCH_DMA_MINALIGN is 64.
> 
> This allocation is called every times at file allocation(alloc_file()).
> So, the total slack memory size(allocated size - request size)
> is increased exponentially.
> 
> E.g) Min Kmalloc Size : 64bytes, Unit : bytes
>       Allocated Size | Request Size | Slack Size | Allocation Count
>     ---------------------------------------------------------------
>          770048      |    192512    |   577536   |      12032
> 
> At the result, this change reduce memory usage 42bytes per each
> file_security_struct
> 
> Signed-off-by: Sangwoo <sangwoo2.park@....com>

Acked-by:  Stephen Smalley <sds@...ho.nsa.gov>

> ---
>  security/selinux/hooks.c |    8 ++++++--
>  1 file changed, 6 insertions(+), 2 deletions(-)
> 
> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
> index 3f8d567..c20e082 100644
> --- a/security/selinux/hooks.c
> +++ b/security/selinux/hooks.c
> @@ -126,6 +126,7 @@ int selinux_enabled = 1;
>  #endif
>  
>  static struct kmem_cache *sel_inode_cache;
> +static struct kmem_cache *file_security_cache;
>  
>  /**
>   * selinux_secmark_enabled - Check to see if SECMARK is currently enabled
> @@ -287,7 +288,7 @@ static int file_alloc_security(struct file *file)
>  	struct file_security_struct *fsec;
>  	u32 sid = current_sid();
>  
> -	fsec = kzalloc(sizeof(struct file_security_struct), GFP_KERNEL);
> +	fsec = kmem_cache_zalloc(file_security_cache, GFP_KERNEL);
>  	if (!fsec)
>  		return -ENOMEM;
>  
> @@ -302,7 +303,7 @@ static void file_free_security(struct file *file)
>  {
>  	struct file_security_struct *fsec = file->f_security;
>  	file->f_security = NULL;
> -	kfree(fsec);
> +	kmem_cache_free(file_security_cache, fsec);
>  }
>  
>  static int superblock_alloc_security(struct super_block *sb)
> @@ -6086,6 +6087,9 @@ static __init int selinux_init(void)
>  	sel_inode_cache = kmem_cache_create("selinux_inode_security",
>  					    sizeof(struct inode_security_struct),
>  					    0, SLAB_PANIC, NULL);
> +	file_security_cache = kmem_cache_create("selinux_file_security",
> +					    sizeof(struct file_security_struct),
> +					    0, SLAB_PANIC, NULL);
>  	avc_init();
>  
>  	security_add_hooks(selinux_hooks, ARRAY_SIZE(selinux_hooks));
> 

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ