* [PATCH] security: selinux: use kmem_cache for ebitmap
@ 2017-06-05 9:10 Junil Lee
2017-06-05 21:39 ` Paul Moore
0 siblings, 1 reply; 6+ messages in thread
From: Junil Lee @ 2017-06-05 9:10 UTC (permalink / raw)
To: paul, sds, eparis
Cc: james.l.morris, serge, william.c.roberts, adobriyan,
junil0814.lee, akpm, dledford, danielj, mka, selinux,
linux-security-module, linux-kernel
The allocated size for each ebitmap_node is 192byte by kzalloc().
Then, ebitmap_node size is fixed, so it's possible to use only 144byte
for each object by kmem_cache_zalloc().
It can reduce some dynamic allocation size.
Signed-off-by: Junil Lee <junil0814.lee@lge.com>
---
security/selinux/ss/ebitmap.c | 24 +++++++++++++++++++-----
security/selinux/ss/ebitmap.h | 3 +++
security/selinux/ss/services.c | 4 ++++
3 files changed, 26 insertions(+), 5 deletions(-)
diff --git a/security/selinux/ss/ebitmap.c b/security/selinux/ss/ebitmap.c
index 9db4709a..076c96f 100644
--- a/security/selinux/ss/ebitmap.c
+++ b/security/selinux/ss/ebitmap.c
@@ -24,6 +24,8 @@
#define BITS_PER_U64 (sizeof(u64) * 8)
+static struct kmem_cache *ebitmap_node_cachep;
+
int ebitmap_cmp(struct ebitmap *e1, struct ebitmap *e2)
{
struct ebitmap_node *n1, *n2;
@@ -54,7 +56,7 @@ int ebitmap_cpy(struct ebitmap *dst, struct ebitmap *src)
n = src->node;
prev = NULL;
while (n) {
- new = kzalloc(sizeof(*new), GFP_ATOMIC);
+ new = kmem_cache_zalloc(ebitmap_node_cachep, GFP_ATOMIC);
if (!new) {
ebitmap_destroy(dst);
return -ENOMEM;
@@ -162,7 +164,7 @@ int ebitmap_netlbl_import(struct ebitmap *ebmap,
if (e_iter == NULL ||
offset >= e_iter->startbit + EBITMAP_SIZE) {
e_prev = e_iter;
- e_iter = kzalloc(sizeof(*e_iter), GFP_ATOMIC);
+ e_iter = kmem_cache_zalloc(ebitmap_node_cachep, GFP_ATOMIC);
if (e_iter == NULL)
goto netlbl_import_failure;
e_iter->startbit = offset - (offset % EBITMAP_SIZE);
@@ -299,7 +301,7 @@ int ebitmap_set_bit(struct ebitmap *e, unsigned long bit, int value)
if (!value)
return 0;
- new = kzalloc(sizeof(*new), GFP_ATOMIC);
+ new = kmem_cache_zalloc(ebitmap_node_cachep, GFP_ATOMIC);
if (!new)
return -ENOMEM;
@@ -332,7 +334,7 @@ void ebitmap_destroy(struct ebitmap *e)
while (n) {
temp = n;
n = n->next;
- kfree(temp);
+ kmem_cache_free(ebitmap_node_cachep, temp);
}
e->highbit = 0;
@@ -400,7 +402,7 @@ int ebitmap_read(struct ebitmap *e, void *fp)
if (!n || startbit >= n->startbit + EBITMAP_SIZE) {
struct ebitmap_node *tmp;
- tmp = kzalloc(sizeof(*tmp), GFP_KERNEL);
+ tmp = kmem_cache_zalloc(ebitmap_node_cachep, GFP_KERNEL);
if (!tmp) {
printk(KERN_ERR
"SELinux: ebitmap: out of memory\n");
@@ -519,3 +521,15 @@ int ebitmap_write(struct ebitmap *e, void *fp)
}
return 0;
}
+
+void ebitmap_cache_init(void)
+{
+ ebitmap_node_cachep = kmem_cache_create("ebitmap_node",
+ sizeof(struct ebitmap_node),
+ 0, SLAB_PANIC, NULL);
+}
+
+void ebitmap_cache_destroy(void)
+{
+ kmem_cache_destroy(ebitmap_node_cachep);
+}
diff --git a/security/selinux/ss/ebitmap.h b/security/selinux/ss/ebitmap.h
index 9637b8c..6d5a9ac 100644
--- a/security/selinux/ss/ebitmap.h
+++ b/security/selinux/ss/ebitmap.h
@@ -130,6 +130,9 @@ void ebitmap_destroy(struct ebitmap *e);
int ebitmap_read(struct ebitmap *e, void *fp);
int ebitmap_write(struct ebitmap *e, void *fp);
+void ebitmap_cache_init(void);
+void ebitmap_cache_destroy(void);
+
#ifdef CONFIG_NETLABEL
int ebitmap_netlbl_export(struct ebitmap *ebmap,
struct netlbl_lsm_catmap **catmap);
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 2021666..2f02fa6 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -2054,9 +2054,11 @@ int security_load_policy(void *data, size_t len)
if (!ss_initialized) {
avtab_cache_init();
+ ebitmap_cache_init();
rc = policydb_read(&policydb, fp);
if (rc) {
avtab_cache_destroy();
+ ebitmap_cache_destroy();
goto out;
}
@@ -2067,6 +2069,7 @@ int security_load_policy(void *data, size_t len)
if (rc) {
policydb_destroy(&policydb);
avtab_cache_destroy();
+ ebitmap_cache_destroy();
goto out;
}
@@ -2074,6 +2077,7 @@ int security_load_policy(void *data, size_t len)
if (rc) {
policydb_destroy(&policydb);
avtab_cache_destroy();
+ ebitmap_cache_destroy();
goto out;
}
--
2.6.2
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH] security: selinux: use kmem_cache for ebitmap
2017-06-05 9:10 [PATCH] security: selinux: use kmem_cache for ebitmap Junil Lee
@ 2017-06-05 21:39 ` Paul Moore
[not found] ` <872857aa-7587-79a9-cf31-4508eacdb3f7@lge.com>
0 siblings, 1 reply; 6+ messages in thread
From: Paul Moore @ 2017-06-05 21:39 UTC (permalink / raw)
To: Junil Lee
Cc: Stephen Smalley, Eric Paris, James Morris, serge,
william.c.roberts, adobriyan, akpm, dledford, danielj, mka,
selinux, linux-security-module, linux-kernel
On Mon, Jun 5, 2017 at 5:10 AM, Junil Lee <junil0814.lee@lge.com> wrote:
> The allocated size for each ebitmap_node is 192byte by kzalloc().
> Then, ebitmap_node size is fixed, so it's possible to use only 144byte
> for each object by kmem_cache_zalloc().
> It can reduce some dynamic allocation size.
>
> Signed-off-by: Junil Lee <junil0814.lee@lge.com>
> ---
> security/selinux/ss/ebitmap.c | 24 +++++++++++++++++++-----
> security/selinux/ss/ebitmap.h | 3 +++
> security/selinux/ss/services.c | 4 ++++
> 3 files changed, 26 insertions(+), 5 deletions(-)
>
> diff --git a/security/selinux/ss/ebitmap.c b/security/selinux/ss/ebitmap.c
> index 9db4709a..076c96f 100644
> --- a/security/selinux/ss/ebitmap.c
> +++ b/security/selinux/ss/ebitmap.c
> @@ -24,6 +24,8 @@
>
> #define BITS_PER_U64 (sizeof(u64) * 8)
>
> +static struct kmem_cache *ebitmap_node_cachep;
> +
> int ebitmap_cmp(struct ebitmap *e1, struct ebitmap *e2)
> {
> struct ebitmap_node *n1, *n2;
> @@ -54,7 +56,7 @@ int ebitmap_cpy(struct ebitmap *dst, struct ebitmap *src)
> n = src->node;
> prev = NULL;
> while (n) {
> - new = kzalloc(sizeof(*new), GFP_ATOMIC);
> + new = kmem_cache_zalloc(ebitmap_node_cachep, GFP_ATOMIC);
> if (!new) {
> ebitmap_destroy(dst);
> return -ENOMEM;
> @@ -162,7 +164,7 @@ int ebitmap_netlbl_import(struct ebitmap *ebmap,
> if (e_iter == NULL ||
> offset >= e_iter->startbit + EBITMAP_SIZE) {
> e_prev = e_iter;
> - e_iter = kzalloc(sizeof(*e_iter), GFP_ATOMIC);
> + e_iter = kmem_cache_zalloc(ebitmap_node_cachep, GFP_ATOMIC);
> if (e_iter == NULL)
> goto netlbl_import_failure;
> e_iter->startbit = offset - (offset % EBITMAP_SIZE);
> @@ -299,7 +301,7 @@ int ebitmap_set_bit(struct ebitmap *e, unsigned long bit, int value)
> if (!value)
> return 0;
>
> - new = kzalloc(sizeof(*new), GFP_ATOMIC);
> + new = kmem_cache_zalloc(ebitmap_node_cachep, GFP_ATOMIC);
> if (!new)
> return -ENOMEM;
I believe there is a kfree() in ebitmap_set_bit() that also needs to
be converted.
--
paul moore
www.paul-moore.com
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] security: selinux: use kmem_cache for ebitmap
[not found] ` <872857aa-7587-79a9-cf31-4508eacdb3f7@lge.com>
@ 2017-06-07 13:50 ` Paul Moore
0 siblings, 0 replies; 6+ messages in thread
From: Paul Moore @ 2017-06-07 13:50 UTC (permalink / raw)
To: 이준일/연구원/MC연구소
BSP실 BSP6팀(junil0814.lee@lge.com)
Cc: Stephen Smalley, Eric Paris, James Morris, serge,
william.c.roberts, adobriyan, akpm, dledford, danielj, mka,
selinux, linux-security-module, linux-kernel
On Tue, Jun 6, 2017 at 7:38 PM, 이준일/연구원/MC연구소 BSP실
BSP6팀(junil0814.lee@lge.com) <junil0814.lee@lge.com> wrote:
> Paul Moore wrote on 2017-06-06 오전 6:39:
>> On Mon, Jun 5, 2017 at 5:10 AM, Junil Lee <junil0814.lee@lge.com> wrote:
>>> The allocated size for each ebitmap_node is 192byte by kzalloc().
>>> Then, ebitmap_node size is fixed, so it's possible to use only 144byte
>>> for each object by kmem_cache_zalloc().
>>> It can reduce some dynamic allocation size.
>>>
>>> Signed-off-by: Junil Lee <junil0814.lee@lge.com>
>>> ---
>>> security/selinux/ss/ebitmap.c | 24 +++++++++++++++++++-----
>>> security/selinux/ss/ebitmap.h | 3 +++
>>> security/selinux/ss/services.c | 4 ++++
>>> 3 files changed, 26 insertions(+), 5 deletions(-)
>>>
>>> diff --git a/security/selinux/ss/ebitmap.c
>> b/security/selinux/ss/ebitmap.c
>>> index 9db4709a..076c96f 100644
>>> --- a/security/selinux/ss/ebitmap.c
>>> +++ b/security/selinux/ss/ebitmap.c
>>> @@ -24,6 +24,8 @@
>>>
>>> #define BITS_PER_U64 (sizeof(u64) * 8)
>>>
>>> +static struct kmem_cache *ebitmap_node_cachep;
>>> +
>>> int ebitmap_cmp(struct ebitmap *e1, struct ebitmap *e2)
>>> {
>>> struct ebitmap_node *n1, *n2;
>>> @@ -54,7 +56,7 @@ int ebitmap_cpy(struct ebitmap *dst, struct ebitmap
>> *src)
>>> n = src->node;
>>> prev = NULL;
>>> while (n) {
>>> - new = kzalloc(sizeof(*new), GFP_ATOMIC);
>>> + new = kmem_cache_zalloc(ebitmap_node_cachep, GFP_ATOMIC);
>>> if (!new) {
>>> ebitmap_destroy(dst);
>>> return -ENOMEM;
>>> @@ -162,7 +164,7 @@ int ebitmap_netlbl_import(struct ebitmap *ebmap,
>>> if (e_iter == NULL ||
>>> offset >= e_iter->startbit + EBITMAP_SIZE) {
>>> e_prev = e_iter;
>>> - e_iter = kzalloc(sizeof(*e_iter), GFP_ATOMIC);
>>> + e_iter = kmem_cache_zalloc(ebitmap_node_cachep, GFP_ATOMIC);
>>> if (e_iter == NULL)
>>> goto netlbl_import_failure;
>>> e_iter->startbit = offset - (offset % EBITMAP_SIZE);
>>> @@ -299,7 +301,7 @@ int ebitmap_set_bit(struct ebitmap *e, unsigned
>> long bit, int value)
>>> if (!value)
>>> return 0;
>>>
>>> - new = kzalloc(sizeof(*new), GFP_ATOMIC);
>>> + new = kmem_cache_zalloc(ebitmap_node_cachep, GFP_ATOMIC);
>>> if (!new)
>>> return -ENOMEM;
>>
>> I believe there is a kfree() in ebitmap_set_bit() that also needs to
>> be converted.
>>
>
> Thanks for your advice Paul.
> reattach patch v2.
Please submit patches inline, just as you did for your original
posting. It make it easier to review and apply.
Thanks.
--
paul moore
www.paul-moore.com
^ permalink raw reply [flat|nested] 6+ messages in thread
* RE: [PATCH] security: selinux: use kmem_cache for ebitmap
2017-06-09 20:16 ` Paul Moore
@ 2017-06-12 2:16 ` Junil Lee
0 siblings, 0 replies; 6+ messages in thread
From: Junil Lee @ 2017-06-12 2:16 UTC (permalink / raw)
To: 'Paul Moore'
Cc: 'Stephen Smalley', 'Eric Paris',
'James Morris',
serge, william.c.roberts, adobriyan, akpm, dledford, danielj,
mka, selinux, linux-security-module, linux-kernel
Dear Paul.
Thank you for your support.
I hope you'll be always happy.
Thanks,
Junil Lee.
> -----Original Message-----
> From: Paul Moore [mailto:paul@paul-moore.com]
> Sent: Saturday, June 10, 2017 5:17 AM
> To: Junil Lee <junil0814.lee@lge.com>
> Cc: Stephen Smalley <sds@tycho.nsa.gov>; Eric Paris <eparis@parisplace.org>;
> James Morris <james.l.morris@oracle.com>; serge@hallyn.com;
> william.c.roberts@intel.com; adobriyan@gmail.com; akpm@linux-foundation.org;
> dledford@redhat.com; danielj@mellanox.com; mka@chromium.org;
> selinux@tycho.nsa.gov; linux-security-module@vger.kernel.org; linux-
> kernel@vger.kernel.org
> Subject: Re: [PATCH] security: selinux: use kmem_cache for ebitmap
>
> On Thu, Jun 8, 2017 at 12:18 AM, Junil Lee <junil0814.lee@lge.com> wrote:
> > The allocated size for each ebitmap_node is 192byte by kzalloc().
> > Then, ebitmap_node size is fixed, so it's possible to use only 144byte
> > for each object by kmem_cache_zalloc().
> > It can reduce some dynamic allocation size.
> >
> > Signed-off-by: Junil Lee <junil0814.lee@lge.com>
> > ---
> > security/selinux/ss/ebitmap.c | 26 ++++++++++++++++++++------
> > security/selinux/ss/ebitmap.h | 3 +++
> > security/selinux/ss/services.c | 4 ++++
> > 3 files changed, 27 insertions(+), 6 deletions(-)
>
> I just applied this to selinux/next, thank you.
>
> > diff --git a/security/selinux/ss/ebitmap.c
> > b/security/selinux/ss/ebitmap.c index 9db4709a..ad38299 100644
> > --- a/security/selinux/ss/ebitmap.c
> > +++ b/security/selinux/ss/ebitmap.c
> > @@ -24,6 +24,8 @@
> >
> > #define BITS_PER_U64 (sizeof(u64) * 8)
> >
> > +static struct kmem_cache *ebitmap_node_cachep;
> > +
> > int ebitmap_cmp(struct ebitmap *e1, struct ebitmap *e2) {
> > struct ebitmap_node *n1, *n2;
> > @@ -54,7 +56,7 @@ int ebitmap_cpy(struct ebitmap *dst, struct ebitmap
> *src)
> > n = src->node;
> > prev = NULL;
> > while (n) {
> > - new = kzalloc(sizeof(*new), GFP_ATOMIC);
> > + new = kmem_cache_zalloc(ebitmap_node_cachep,
> > + GFP_ATOMIC);
> > if (!new) {
> > ebitmap_destroy(dst);
> > return -ENOMEM; @@ -162,7 +164,7 @@ int
> > ebitmap_netlbl_import(struct ebitmap *ebmap,
> > if (e_iter == NULL ||
> > offset >= e_iter->startbit + EBITMAP_SIZE) {
> > e_prev = e_iter;
> > - e_iter = kzalloc(sizeof(*e_iter), GFP_ATOMIC);
> > + e_iter =
> > + kmem_cache_zalloc(ebitmap_node_cachep, GFP_ATOMIC);
> > if (e_iter == NULL)
> > goto netlbl_import_failure;
> > e_iter->startbit = offset - (offset %
> > EBITMAP_SIZE); @@ -288,7 +290,7 @@ int ebitmap_set_bit(struct ebitmap *e,
> unsigned long bit, int value)
> > prev->next = n->next;
> > else
> > e->node = n->next;
> > - kfree(n);
> > + kmem_cache_free(ebitmap_node_cachep,
> > + n);
> > }
> > return 0;
> > }
> > @@ -299,7 +301,7 @@ int ebitmap_set_bit(struct ebitmap *e, unsigned long
> bit, int value)
> > if (!value)
> > return 0;
> >
> > - new = kzalloc(sizeof(*new), GFP_ATOMIC);
> > + new = kmem_cache_zalloc(ebitmap_node_cachep, GFP_ATOMIC);
> > if (!new)
> > return -ENOMEM;
> >
> > @@ -332,7 +334,7 @@ void ebitmap_destroy(struct ebitmap *e)
> > while (n) {
> > temp = n;
> > n = n->next;
> > - kfree(temp);
> > + kmem_cache_free(ebitmap_node_cachep, temp);
> > }
> >
> > e->highbit = 0;
> > @@ -400,7 +402,7 @@ int ebitmap_read(struct ebitmap *e, void *fp)
> >
> > if (!n || startbit >= n->startbit + EBITMAP_SIZE) {
> > struct ebitmap_node *tmp;
> > - tmp = kzalloc(sizeof(*tmp), GFP_KERNEL);
> > + tmp = kmem_cache_zalloc(ebitmap_node_cachep,
> > + GFP_KERNEL);
> > if (!tmp) {
> > printk(KERN_ERR
> > "SELinux: ebitmap: out of
> > memory\n"); @@ -519,3 +521,15 @@ int ebitmap_write(struct ebitmap *e,
> void *fp)
> > }
> > return 0;
> > }
> > +
> > +void ebitmap_cache_init(void)
> > +{
> > + ebitmap_node_cachep = kmem_cache_create("ebitmap_node",
> > + sizeof(struct
> ebitmap_node),
> > + 0, SLAB_PANIC,
> > +NULL); }
> > +
> > +void ebitmap_cache_destroy(void)
> > +{
> > + kmem_cache_destroy(ebitmap_node_cachep);
> > +}
> > diff --git a/security/selinux/ss/ebitmap.h
> > b/security/selinux/ss/ebitmap.h index 9637b8c..6d5a9ac 100644
> > --- a/security/selinux/ss/ebitmap.h
> > +++ b/security/selinux/ss/ebitmap.h
> > @@ -130,6 +130,9 @@ void ebitmap_destroy(struct ebitmap *e); int
> > ebitmap_read(struct ebitmap *e, void *fp); int ebitmap_write(struct
> > ebitmap *e, void *fp);
> >
> > +void ebitmap_cache_init(void);
> > +void ebitmap_cache_destroy(void);
> > +
> > #ifdef CONFIG_NETLABEL
> > int ebitmap_netlbl_export(struct ebitmap *ebmap,
> > struct netlbl_lsm_catmap **catmap); diff
> > --git a/security/selinux/ss/services.c
> > b/security/selinux/ss/services.c index 2021666..2f02fa6 100644
> > --- a/security/selinux/ss/services.c
> > +++ b/security/selinux/ss/services.c
> > @@ -2054,9 +2054,11 @@ int security_load_policy(void *data, size_t
> > len)
> >
> > if (!ss_initialized) {
> > avtab_cache_init();
> > + ebitmap_cache_init();
> > rc = policydb_read(&policydb, fp);
> > if (rc) {
> > avtab_cache_destroy();
> > + ebitmap_cache_destroy();
> > goto out;
> > }
> >
> > @@ -2067,6 +2069,7 @@ int security_load_policy(void *data, size_t len)
> > if (rc) {
> > policydb_destroy(&policydb);
> > avtab_cache_destroy();
> > + ebitmap_cache_destroy();
> > goto out;
> > }
> >
> > @@ -2074,6 +2077,7 @@ int security_load_policy(void *data, size_t len)
> > if (rc) {
> > policydb_destroy(&policydb);
> > avtab_cache_destroy();
> > + ebitmap_cache_destroy();
> > goto out;
> > }
> >
> > --
> > 2.6.2
> >
>
>
>
> --
> paul moore
> www.paul-moore.com
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] security: selinux: use kmem_cache for ebitmap
2017-06-08 4:18 Junil Lee
@ 2017-06-09 20:16 ` Paul Moore
2017-06-12 2:16 ` Junil Lee
0 siblings, 1 reply; 6+ messages in thread
From: Paul Moore @ 2017-06-09 20:16 UTC (permalink / raw)
To: Junil Lee
Cc: Stephen Smalley, Eric Paris, James Morris, serge,
william.c.roberts, adobriyan, akpm, dledford, danielj, mka,
selinux, linux-security-module, linux-kernel
On Thu, Jun 8, 2017 at 12:18 AM, Junil Lee <junil0814.lee@lge.com> wrote:
> The allocated size for each ebitmap_node is 192byte by kzalloc().
> Then, ebitmap_node size is fixed, so it's possible to use only 144byte
> for each object by kmem_cache_zalloc().
> It can reduce some dynamic allocation size.
>
> Signed-off-by: Junil Lee <junil0814.lee@lge.com>
> ---
> security/selinux/ss/ebitmap.c | 26 ++++++++++++++++++++------
> security/selinux/ss/ebitmap.h | 3 +++
> security/selinux/ss/services.c | 4 ++++
> 3 files changed, 27 insertions(+), 6 deletions(-)
I just applied this to selinux/next, thank you.
> diff --git a/security/selinux/ss/ebitmap.c b/security/selinux/ss/ebitmap.c
> index 9db4709a..ad38299 100644
> --- a/security/selinux/ss/ebitmap.c
> +++ b/security/selinux/ss/ebitmap.c
> @@ -24,6 +24,8 @@
>
> #define BITS_PER_U64 (sizeof(u64) * 8)
>
> +static struct kmem_cache *ebitmap_node_cachep;
> +
> int ebitmap_cmp(struct ebitmap *e1, struct ebitmap *e2)
> {
> struct ebitmap_node *n1, *n2;
> @@ -54,7 +56,7 @@ int ebitmap_cpy(struct ebitmap *dst, struct ebitmap *src)
> n = src->node;
> prev = NULL;
> while (n) {
> - new = kzalloc(sizeof(*new), GFP_ATOMIC);
> + new = kmem_cache_zalloc(ebitmap_node_cachep, GFP_ATOMIC);
> if (!new) {
> ebitmap_destroy(dst);
> return -ENOMEM;
> @@ -162,7 +164,7 @@ int ebitmap_netlbl_import(struct ebitmap *ebmap,
> if (e_iter == NULL ||
> offset >= e_iter->startbit + EBITMAP_SIZE) {
> e_prev = e_iter;
> - e_iter = kzalloc(sizeof(*e_iter), GFP_ATOMIC);
> + e_iter = kmem_cache_zalloc(ebitmap_node_cachep, GFP_ATOMIC);
> if (e_iter == NULL)
> goto netlbl_import_failure;
> e_iter->startbit = offset - (offset % EBITMAP_SIZE);
> @@ -288,7 +290,7 @@ int ebitmap_set_bit(struct ebitmap *e, unsigned long bit, int value)
> prev->next = n->next;
> else
> e->node = n->next;
> - kfree(n);
> + kmem_cache_free(ebitmap_node_cachep, n);
> }
> return 0;
> }
> @@ -299,7 +301,7 @@ int ebitmap_set_bit(struct ebitmap *e, unsigned long bit, int value)
> if (!value)
> return 0;
>
> - new = kzalloc(sizeof(*new), GFP_ATOMIC);
> + new = kmem_cache_zalloc(ebitmap_node_cachep, GFP_ATOMIC);
> if (!new)
> return -ENOMEM;
>
> @@ -332,7 +334,7 @@ void ebitmap_destroy(struct ebitmap *e)
> while (n) {
> temp = n;
> n = n->next;
> - kfree(temp);
> + kmem_cache_free(ebitmap_node_cachep, temp);
> }
>
> e->highbit = 0;
> @@ -400,7 +402,7 @@ int ebitmap_read(struct ebitmap *e, void *fp)
>
> if (!n || startbit >= n->startbit + EBITMAP_SIZE) {
> struct ebitmap_node *tmp;
> - tmp = kzalloc(sizeof(*tmp), GFP_KERNEL);
> + tmp = kmem_cache_zalloc(ebitmap_node_cachep, GFP_KERNEL);
> if (!tmp) {
> printk(KERN_ERR
> "SELinux: ebitmap: out of memory\n");
> @@ -519,3 +521,15 @@ int ebitmap_write(struct ebitmap *e, void *fp)
> }
> return 0;
> }
> +
> +void ebitmap_cache_init(void)
> +{
> + ebitmap_node_cachep = kmem_cache_create("ebitmap_node",
> + sizeof(struct ebitmap_node),
> + 0, SLAB_PANIC, NULL);
> +}
> +
> +void ebitmap_cache_destroy(void)
> +{
> + kmem_cache_destroy(ebitmap_node_cachep);
> +}
> diff --git a/security/selinux/ss/ebitmap.h b/security/selinux/ss/ebitmap.h
> index 9637b8c..6d5a9ac 100644
> --- a/security/selinux/ss/ebitmap.h
> +++ b/security/selinux/ss/ebitmap.h
> @@ -130,6 +130,9 @@ void ebitmap_destroy(struct ebitmap *e);
> int ebitmap_read(struct ebitmap *e, void *fp);
> int ebitmap_write(struct ebitmap *e, void *fp);
>
> +void ebitmap_cache_init(void);
> +void ebitmap_cache_destroy(void);
> +
> #ifdef CONFIG_NETLABEL
> int ebitmap_netlbl_export(struct ebitmap *ebmap,
> struct netlbl_lsm_catmap **catmap);
> diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
> index 2021666..2f02fa6 100644
> --- a/security/selinux/ss/services.c
> +++ b/security/selinux/ss/services.c
> @@ -2054,9 +2054,11 @@ int security_load_policy(void *data, size_t len)
>
> if (!ss_initialized) {
> avtab_cache_init();
> + ebitmap_cache_init();
> rc = policydb_read(&policydb, fp);
> if (rc) {
> avtab_cache_destroy();
> + ebitmap_cache_destroy();
> goto out;
> }
>
> @@ -2067,6 +2069,7 @@ int security_load_policy(void *data, size_t len)
> if (rc) {
> policydb_destroy(&policydb);
> avtab_cache_destroy();
> + ebitmap_cache_destroy();
> goto out;
> }
>
> @@ -2074,6 +2077,7 @@ int security_load_policy(void *data, size_t len)
> if (rc) {
> policydb_destroy(&policydb);
> avtab_cache_destroy();
> + ebitmap_cache_destroy();
> goto out;
> }
>
> --
> 2.6.2
>
--
paul moore
www.paul-moore.com
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH] security: selinux: use kmem_cache for ebitmap
@ 2017-06-08 4:18 Junil Lee
2017-06-09 20:16 ` Paul Moore
0 siblings, 1 reply; 6+ messages in thread
From: Junil Lee @ 2017-06-08 4:18 UTC (permalink / raw)
To: paul, sds, eparis
Cc: james.l.morris, serge, william.c.roberts, adobriyan,
junil0814.lee, akpm, dledford, danielj, mka, selinux,
linux-security-module, linux-kernel
The allocated size for each ebitmap_node is 192byte by kzalloc().
Then, ebitmap_node size is fixed, so it's possible to use only 144byte
for each object by kmem_cache_zalloc().
It can reduce some dynamic allocation size.
Signed-off-by: Junil Lee <junil0814.lee@lge.com>
---
security/selinux/ss/ebitmap.c | 26 ++++++++++++++++++++------
security/selinux/ss/ebitmap.h | 3 +++
security/selinux/ss/services.c | 4 ++++
3 files changed, 27 insertions(+), 6 deletions(-)
diff --git a/security/selinux/ss/ebitmap.c b/security/selinux/ss/ebitmap.c
index 9db4709a..ad38299 100644
--- a/security/selinux/ss/ebitmap.c
+++ b/security/selinux/ss/ebitmap.c
@@ -24,6 +24,8 @@
#define BITS_PER_U64 (sizeof(u64) * 8)
+static struct kmem_cache *ebitmap_node_cachep;
+
int ebitmap_cmp(struct ebitmap *e1, struct ebitmap *e2)
{
struct ebitmap_node *n1, *n2;
@@ -54,7 +56,7 @@ int ebitmap_cpy(struct ebitmap *dst, struct ebitmap *src)
n = src->node;
prev = NULL;
while (n) {
- new = kzalloc(sizeof(*new), GFP_ATOMIC);
+ new = kmem_cache_zalloc(ebitmap_node_cachep, GFP_ATOMIC);
if (!new) {
ebitmap_destroy(dst);
return -ENOMEM;
@@ -162,7 +164,7 @@ int ebitmap_netlbl_import(struct ebitmap *ebmap,
if (e_iter == NULL ||
offset >= e_iter->startbit + EBITMAP_SIZE) {
e_prev = e_iter;
- e_iter = kzalloc(sizeof(*e_iter), GFP_ATOMIC);
+ e_iter = kmem_cache_zalloc(ebitmap_node_cachep, GFP_ATOMIC);
if (e_iter == NULL)
goto netlbl_import_failure;
e_iter->startbit = offset - (offset % EBITMAP_SIZE);
@@ -288,7 +290,7 @@ int ebitmap_set_bit(struct ebitmap *e, unsigned long bit, int value)
prev->next = n->next;
else
e->node = n->next;
- kfree(n);
+ kmem_cache_free(ebitmap_node_cachep, n);
}
return 0;
}
@@ -299,7 +301,7 @@ int ebitmap_set_bit(struct ebitmap *e, unsigned long bit, int value)
if (!value)
return 0;
- new = kzalloc(sizeof(*new), GFP_ATOMIC);
+ new = kmem_cache_zalloc(ebitmap_node_cachep, GFP_ATOMIC);
if (!new)
return -ENOMEM;
@@ -332,7 +334,7 @@ void ebitmap_destroy(struct ebitmap *e)
while (n) {
temp = n;
n = n->next;
- kfree(temp);
+ kmem_cache_free(ebitmap_node_cachep, temp);
}
e->highbit = 0;
@@ -400,7 +402,7 @@ int ebitmap_read(struct ebitmap *e, void *fp)
if (!n || startbit >= n->startbit + EBITMAP_SIZE) {
struct ebitmap_node *tmp;
- tmp = kzalloc(sizeof(*tmp), GFP_KERNEL);
+ tmp = kmem_cache_zalloc(ebitmap_node_cachep, GFP_KERNEL);
if (!tmp) {
printk(KERN_ERR
"SELinux: ebitmap: out of memory\n");
@@ -519,3 +521,15 @@ int ebitmap_write(struct ebitmap *e, void *fp)
}
return 0;
}
+
+void ebitmap_cache_init(void)
+{
+ ebitmap_node_cachep = kmem_cache_create("ebitmap_node",
+ sizeof(struct ebitmap_node),
+ 0, SLAB_PANIC, NULL);
+}
+
+void ebitmap_cache_destroy(void)
+{
+ kmem_cache_destroy(ebitmap_node_cachep);
+}
diff --git a/security/selinux/ss/ebitmap.h b/security/selinux/ss/ebitmap.h
index 9637b8c..6d5a9ac 100644
--- a/security/selinux/ss/ebitmap.h
+++ b/security/selinux/ss/ebitmap.h
@@ -130,6 +130,9 @@ void ebitmap_destroy(struct ebitmap *e);
int ebitmap_read(struct ebitmap *e, void *fp);
int ebitmap_write(struct ebitmap *e, void *fp);
+void ebitmap_cache_init(void);
+void ebitmap_cache_destroy(void);
+
#ifdef CONFIG_NETLABEL
int ebitmap_netlbl_export(struct ebitmap *ebmap,
struct netlbl_lsm_catmap **catmap);
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 2021666..2f02fa6 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -2054,9 +2054,11 @@ int security_load_policy(void *data, size_t len)
if (!ss_initialized) {
avtab_cache_init();
+ ebitmap_cache_init();
rc = policydb_read(&policydb, fp);
if (rc) {
avtab_cache_destroy();
+ ebitmap_cache_destroy();
goto out;
}
@@ -2067,6 +2069,7 @@ int security_load_policy(void *data, size_t len)
if (rc) {
policydb_destroy(&policydb);
avtab_cache_destroy();
+ ebitmap_cache_destroy();
goto out;
}
@@ -2074,6 +2077,7 @@ int security_load_policy(void *data, size_t len)
if (rc) {
policydb_destroy(&policydb);
avtab_cache_destroy();
+ ebitmap_cache_destroy();
goto out;
}
--
2.6.2
^ permalink raw reply related [flat|nested] 6+ messages in thread
end of thread, other threads:[~2017-06-12 2:16 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-06-05 9:10 [PATCH] security: selinux: use kmem_cache for ebitmap Junil Lee
2017-06-05 21:39 ` Paul Moore
[not found] ` <872857aa-7587-79a9-cf31-4508eacdb3f7@lge.com>
2017-06-07 13:50 ` Paul Moore
2017-06-08 4:18 Junil Lee
2017-06-09 20:16 ` Paul Moore
2017-06-12 2:16 ` Junil Lee
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).