From: Daniel Borkmann <daniel@iogearbox.net>
To: davem@davemloft.net
Cc: ast@plumgrid.com, keescook@chromium.org, nschichan@freebox.fr,
netdev@vger.kernel.org, Daniel Borkmann <daniel@iogearbox.net>
Subject: [PATCH net-next 3/4] net: filter: add __GFP_NOWARN flag for larger kmem allocs
Date: Wed, 6 May 2015 16:12:29 +0200 [thread overview]
Message-ID: <0ea8655bc24a1ea3da6da66adcb2410aebc55db6.1430908146.git.daniel@iogearbox.net> (raw)
In-Reply-To: <cover.1430908145.git.daniel@iogearbox.net>
In-Reply-To: <cover.1430908145.git.daniel@iogearbox.net>
When seccomp BPF was added, it was discussed to add __GFP_NOWARN
flag for their configuration path as f.e. up to 32K allocations are
more prone to fail under stress. As we're going to reuse BPF API,
add __GFP_NOWARN flags where larger kmalloc() and friends allocations
could fail.
It doesn't make much sense to pass around __GFP_NOWARN everywhere as
an extra argument only for seccomp while we just as well could run
into similar issues for socket filters, where it's not desired to
have a user application throw a WARN() due to allocation failure.
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Cc: Nicolas Schichan <nschichan@freebox.fr>
Cc: Alexei Starovoitov <ast@plumgrid.com>
Cc: Kees Cook <keescook@chromium.org>
---
net/core/filter.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/net/core/filter.c b/net/core/filter.c
index f887084..45c015d 100644
--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -371,7 +371,8 @@ static int bpf_convert_filter(struct sock_filter *prog, int len,
return -EINVAL;
if (new_prog) {
- addrs = kcalloc(len, sizeof(*addrs), GFP_KERNEL);
+ addrs = kcalloc(len, sizeof(*addrs),
+ GFP_KERNEL | __GFP_NOWARN);
if (!addrs)
return -ENOMEM;
}
@@ -839,7 +840,9 @@ static int bpf_prog_store_orig_filter(struct bpf_prog *fp,
fkprog = fp->orig_prog;
fkprog->len = fprog->len;
- fkprog->filter = kmemdup(fp->insns, fsize, GFP_KERNEL);
+
+ fkprog->filter = kmemdup(fp->insns, fsize,
+ GFP_KERNEL | __GFP_NOWARN);
if (!fkprog->filter) {
kfree(fp->orig_prog);
return -ENOMEM;
@@ -941,7 +944,7 @@ static struct bpf_prog *bpf_migrate_filter(struct bpf_prog *fp)
* pass. At this time, the user BPF is stored in fp->insns.
*/
old_prog = kmemdup(fp->insns, old_len * sizeof(struct sock_filter),
- GFP_KERNEL);
+ GFP_KERNEL | __GFP_NOWARN);
if (!old_prog) {
err = -ENOMEM;
goto out_err;
--
1.9.3
next prev parent reply other threads:[~2015-05-06 14:12 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-05-06 14:12 [PATCH net-next 0/4] BPF updates Daniel Borkmann
2015-05-06 14:12 ` [PATCH net-next 1/4] net: filter: add a callback to allow classic post-verifier transformations Daniel Borkmann
2015-05-06 15:12 ` Alexei Starovoitov
2015-05-06 14:12 ` [PATCH net-next 2/4] seccomp: simplify seccomp_prepare_filter and reuse bpf_prepare_filter Daniel Borkmann
2015-05-06 15:15 ` Alexei Starovoitov
2015-05-06 14:12 ` Daniel Borkmann [this message]
2015-05-06 15:16 ` [PATCH net-next 3/4] net: filter: add __GFP_NOWARN flag for larger kmem allocs Alexei Starovoitov
2015-05-06 14:12 ` [PATCH net-next 4/4] seccomp, filter: add and use bpf_prog_create_from_user from seccomp Daniel Borkmann
2015-05-06 15:21 ` Alexei Starovoitov
2015-05-09 21:33 ` [PATCH net-next 0/4] BPF updates David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0ea8655bc24a1ea3da6da66adcb2410aebc55db6.1430908146.git.daniel@iogearbox.net \
--to=daniel@iogearbox.net \
--cc=ast@plumgrid.com \
--cc=davem@davemloft.net \
--cc=keescook@chromium.org \
--cc=netdev@vger.kernel.org \
--cc=nschichan@freebox.fr \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).