summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authorCasey Schaufler <cschaufler@localhost.localdomain>2019-04-02 11:37:12 -0700
committerCasey Schaufler <cschaufler@localhost.localdomain>2019-04-02 11:45:41 -0700
commit4e328b08882a68649df2c2b76fd208b0d0b85503 (patch)
tree1d11925b2e79b19646ff675a0d02bae725f4b21e /security
parent460d95a1d69d5c0352379a3651c9cb6ec09e4ddb (diff)
Smack: Create smack_rule cache to optimize memory usage
This patch allows for small memory optimization by creating the kmem cache for "struct smack_rule" instead of using kzalloc. For adding new smack rule, kzalloc is used to allocate the memory for "struct smack_rule". kzalloc will always allocate 32 or 64 bytes for 1 structure depending upon the kzalloc cache sizes available in system. Although the size of structure is 20 bytes only, resulting in memory wastage per object in the default pool. For e.g., if there are 20000 rules, then it will save 240KB(20000*12) which is crucial for small memory targets. Signed-off-by: Vishal Goel <vishal.goel@samsung.com> Signed-off-by: Amit Sahrawat <a.sahrawat@samsung.com> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Diffstat (limited to 'security')
-rw-r--r--security/smack/smack.h1
-rw-r--r--security/smack/smack_lsm.c11
-rw-r--r--security/smack/smackfs.c2
3 files changed, 11 insertions, 3 deletions
diff --git a/security/smack/smack.h b/security/smack/smack.h
index cf52af77d15e..e41ca1d58484 100644
--- a/security/smack/smack.h
+++ b/security/smack/smack.h
@@ -348,6 +348,7 @@ extern struct list_head smack_onlycap_list;
#define SMACK_HASH_SLOTS 16
extern struct hlist_head smack_known_hash[SMACK_HASH_SLOTS];
+extern struct kmem_cache *smack_rule_cache;
static inline struct task_smack *smack_cred(const struct cred *cred)
{
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 5c1613519d5a..bd45c9139d34 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -59,6 +59,7 @@ DEFINE_MUTEX(smack_ipv6_lock);
static LIST_HEAD(smk_ipv6_port_list);
#endif
static struct kmem_cache *smack_inode_cache;
+struct kmem_cache *smack_rule_cache;
int smack_enabled;
#define A(s) {"smack"#s, sizeof("smack"#s) - 1, Opt_##s}
@@ -354,7 +355,7 @@ static int smk_copy_rules(struct list_head *nhead, struct list_head *ohead,
int rc = 0;
list_for_each_entry_rcu(orp, ohead, list) {
- nrp = kzalloc(sizeof(struct smack_rule), gfp);
+ nrp = kmem_cache_zalloc(smack_rule_cache, gfp);
if (nrp == NULL) {
rc = -ENOMEM;
break;
@@ -1931,7 +1932,7 @@ static void smack_cred_free(struct cred *cred)
list_for_each_safe(l, n, &tsp->smk_rules) {
rp = list_entry(l, struct smack_rule, list);
list_del(&rp->list);
- kfree(rp);
+ kmem_cache_free(smack_rule_cache, rp);
}
}
@@ -4758,6 +4759,12 @@ static __init int smack_init(void)
if (!smack_inode_cache)
return -ENOMEM;
+ smack_rule_cache = KMEM_CACHE(smack_rule, 0);
+ if (!smack_rule_cache) {
+ kmem_cache_destroy(smack_inode_cache);
+ return -ENOMEM;
+ }
+
/*
* Set the security state for the initial task.
*/
diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c
index 8406738b45f2..47f73a0dabb1 100644
--- a/security/smack/smackfs.c
+++ b/security/smack/smackfs.c
@@ -236,7 +236,7 @@ static int smk_set_access(struct smack_parsed_rule *srp,
}
if (found == 0) {
- sp = kzalloc(sizeof(*sp), GFP_KERNEL);
+ sp = kmem_cache_zalloc(smack_rule_cache, GFP_KERNEL);
if (sp == NULL) {
rc = -ENOMEM;
goto out;