[apparmor] [PATCH] AppArmor: be less aggressive about kmalloc usage

[John Johansen]

On 07/06/2010 05:42 PM, Kees Cook wrote:
> When allocating memory, skip kmalloc for large profiles since it is not
> critical to have physically contiguous memory for these.  Additionally,
> do not allow the memory subsystem to perform any IO so that the system
> will not thrash under kernel memory pressure, and will just fall back
> to vmalloc as well.
> 
> Hopefully this will help reduce the symptoms seen in LP: #602261.
> 
Right I'm not convinced this will stop thrashing as vmalloc could
very well be the cause of that.  But I like the idea in general

applied.

> Signed-off-by: Kees Cook <kees.cook at canonical.com>
> ---
>  security/apparmor/apparmorfs.c |    8 +++++---
>  1 files changed, 5 insertions(+), 3 deletions(-)
> 
> diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
> index 5fb9385..a01dc1a 100644
> --- a/security/apparmor/apparmorfs.c
> +++ b/security/apparmor/apparmorfs.c
> @@ -26,7 +26,7 @@
>  #include "include/policy.h"
>  
>  /**
> - * kvmalloc - do allocation prefering kmalloc but falling back to vmalloc
> + * kvmalloc - do allocation preferring kmalloc but falling back to vmalloc
>   * @size: size of allocation
>   *
>   * Return: allocated buffer or NULL if failed
> @@ -36,12 +36,14 @@
>   */
>  static void *kvmalloc(size_t size)
>  {
> -	void *buffer;
> +	void *buffer = NULL;
>  
>  	if (size == 0)
>  		return NULL;
>  
> -	buffer = kmalloc(size, GFP_KERNEL | __GFP_NOWARN);
> +	/* do not attempt kmalloc if we need more than 16 pages at once */
> +	if (size <= (16*PAGE_SIZE))
> +		buffer = kmalloc(size, GFP_NOIO | __GFP_NOWARN);
>  	if (!buffer)
>  		buffer = vmalloc(size);
>  	return buffer;