Dear Paul. Thank you for your support. I hope you'll be always happy. Thanks, Junil Lee. > -----Original Message----- > From: Paul Moore [mailto:paul@xxxxxxxxxxxxxx] > Sent: Saturday, June 10, 2017 5:17 AM > To: Junil Lee <junil0814.lee@xxxxxxx> > Cc: Stephen Smalley <sds@xxxxxxxxxxxxx>; Eric Paris <eparis@xxxxxxxxxxxxxx>; > James Morris <james.l.morris@xxxxxxxxxx>; serge@xxxxxxxxxx; > william.c.roberts@xxxxxxxxx; adobriyan@xxxxxxxxx; akpm@xxxxxxxxxxxxxxxxxxxx; > dledford@xxxxxxxxxx; danielj@xxxxxxxxxxxx; mka@xxxxxxxxxxxx; > selinux@xxxxxxxxxxxxx; linux-security-module@xxxxxxxxxxxxxxx; linux- > kernel@xxxxxxxxxxxxxxx > Subject: Re: [PATCH] security: selinux: use kmem_cache for ebitmap > > On Thu, Jun 8, 2017 at 12:18 AM, Junil Lee <junil0814.lee@xxxxxxx> wrote: > > The allocated size for each ebitmap_node is 192byte by kzalloc(). > > Then, ebitmap_node size is fixed, so it's possible to use only 144byte > > for each object by kmem_cache_zalloc(). > > It can reduce some dynamic allocation size. > > > > Signed-off-by: Junil Lee <junil0814.lee@xxxxxxx> > > --- > > security/selinux/ss/ebitmap.c | 26 ++++++++++++++++++++------ > > security/selinux/ss/ebitmap.h | 3 +++ > > security/selinux/ss/services.c | 4 ++++ > > 3 files changed, 27 insertions(+), 6 deletions(-) > > I just applied this to selinux/next, thank you. > > > diff --git a/security/selinux/ss/ebitmap.c > > b/security/selinux/ss/ebitmap.c index 9db4709a..ad38299 100644 > > --- a/security/selinux/ss/ebitmap.c > > +++ b/security/selinux/ss/ebitmap.c > > @@ -24,6 +24,8 @@ > > > > #define BITS_PER_U64 (sizeof(u64) * 8) > > > > +static struct kmem_cache *ebitmap_node_cachep; > > + > > int ebitmap_cmp(struct ebitmap *e1, struct ebitmap *e2) { > > struct ebitmap_node *n1, *n2; > > @@ -54,7 +56,7 @@ int ebitmap_cpy(struct ebitmap *dst, struct ebitmap > *src) > > n = src->node; > > prev = NULL; > > while (n) { > > - new = kzalloc(sizeof(*new), GFP_ATOMIC); > > + new = kmem_cache_zalloc(ebitmap_node_cachep, > > + GFP_ATOMIC); > > if (!new) { > > ebitmap_destroy(dst); > > return -ENOMEM; @@ -162,7 +164,7 @@ int > > ebitmap_netlbl_import(struct ebitmap *ebmap, > > if (e_iter == NULL || > > offset >= e_iter->startbit + EBITMAP_SIZE) { > > e_prev = e_iter; > > - e_iter = kzalloc(sizeof(*e_iter), GFP_ATOMIC); > > + e_iter = > > + kmem_cache_zalloc(ebitmap_node_cachep, GFP_ATOMIC); > > if (e_iter == NULL) > > goto netlbl_import_failure; > > e_iter->startbit = offset - (offset % > > EBITMAP_SIZE); @@ -288,7 +290,7 @@ int ebitmap_set_bit(struct ebitmap *e, > unsigned long bit, int value) > > prev->next = n->next; > > else > > e->node = n->next; > > - kfree(n); > > + kmem_cache_free(ebitmap_node_cachep, > > + n); > > } > > return 0; > > } > > @@ -299,7 +301,7 @@ int ebitmap_set_bit(struct ebitmap *e, unsigned long > bit, int value) > > if (!value) > > return 0; > > > > - new = kzalloc(sizeof(*new), GFP_ATOMIC); > > + new = kmem_cache_zalloc(ebitmap_node_cachep, GFP_ATOMIC); > > if (!new) > > return -ENOMEM; > > > > @@ -332,7 +334,7 @@ void ebitmap_destroy(struct ebitmap *e) > > while (n) { > > temp = n; > > n = n->next; > > - kfree(temp); > > + kmem_cache_free(ebitmap_node_cachep, temp); > > } > > > > e->highbit = 0; > > @@ -400,7 +402,7 @@ int ebitmap_read(struct ebitmap *e, void *fp) > > > > if (!n || startbit >= n->startbit + EBITMAP_SIZE) { > > struct ebitmap_node *tmp; > > - tmp = kzalloc(sizeof(*tmp), GFP_KERNEL); > > + tmp = kmem_cache_zalloc(ebitmap_node_cachep, > > + GFP_KERNEL); > > if (!tmp) { > > printk(KERN_ERR > > "SELinux: ebitmap: out of > > memory\n"); @@ -519,3 +521,15 @@ int ebitmap_write(struct ebitmap *e, > void *fp) > > } > > return 0; > > } > > + > > +void ebitmap_cache_init(void) > > +{ > > + ebitmap_node_cachep = kmem_cache_create("ebitmap_node", > > + sizeof(struct > ebitmap_node), > > + 0, SLAB_PANIC, > > +NULL); } > > + > > +void ebitmap_cache_destroy(void) > > +{ > > + kmem_cache_destroy(ebitmap_node_cachep); > > +} > > diff --git a/security/selinux/ss/ebitmap.h > > b/security/selinux/ss/ebitmap.h index 9637b8c..6d5a9ac 100644 > > --- a/security/selinux/ss/ebitmap.h > > +++ b/security/selinux/ss/ebitmap.h > > @@ -130,6 +130,9 @@ void ebitmap_destroy(struct ebitmap *e); int > > ebitmap_read(struct ebitmap *e, void *fp); int ebitmap_write(struct > > ebitmap *e, void *fp); > > > > +void ebitmap_cache_init(void); > > +void ebitmap_cache_destroy(void); > > + > > #ifdef CONFIG_NETLABEL > > int ebitmap_netlbl_export(struct ebitmap *ebmap, > > struct netlbl_lsm_catmap **catmap); diff > > --git a/security/selinux/ss/services.c > > b/security/selinux/ss/services.c index 2021666..2f02fa6 100644 > > --- a/security/selinux/ss/services.c > > +++ b/security/selinux/ss/services.c > > @@ -2054,9 +2054,11 @@ int security_load_policy(void *data, size_t > > len) > > > > if (!ss_initialized) { > > avtab_cache_init(); > > + ebitmap_cache_init(); > > rc = policydb_read(&policydb, fp); > > if (rc) { > > avtab_cache_destroy(); > > + ebitmap_cache_destroy(); > > goto out; > > } > > > > @@ -2067,6 +2069,7 @@ int security_load_policy(void *data, size_t len) > > if (rc) { > > policydb_destroy(&policydb); > > avtab_cache_destroy(); > > + ebitmap_cache_destroy(); > > goto out; > > } > > > > @@ -2074,6 +2077,7 @@ int security_load_policy(void *data, size_t len) > > if (rc) { > > policydb_destroy(&policydb); > > avtab_cache_destroy(); > > + ebitmap_cache_destroy(); > > goto out; > > } > > > > -- > > 2.6.2 > > > > > > -- > paul moore > www.paul-moore.com