diff options
author | Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> | 2016-11-14 14:11:52 +0300 |
---|---|---|
committer | John Johansen <john.johansen@canonical.com> | 2017-01-16 00:41:09 +0300 |
commit | a7f6c1b63b863d29f126d9b163ad5b40008544b2 (patch) | |
tree | 0d6d855aafdd750417ce67c5ca9c490fe9ce7056 /security/apparmor | |
parent | b8aa8453918ebfd93d78de56c2afd4b735e02e27 (diff) | |
download | linux-a7f6c1b63b863d29f126d9b163ad5b40008544b2.tar.xz |
AppArmor: Use GFP_KERNEL for __aa_kvmalloc().
Calling kmalloc(GFP_NOIO) with order == PAGE_ALLOC_COSTLY_ORDER is not
recommended because it might fall into infinite retry loop without
invoking the OOM killer.
Since aa_dfa_unpack() is the only caller of kvzalloc() and
aa_dfa_unpack() which is calling kvzalloc() via unpack_table() is
doing kzalloc(GFP_KERNEL), it is safe to use GFP_KERNEL from
__aa_kvmalloc().
Since aa_simple_write_to_buffer() is the only caller of kvmalloc()
and aa_simple_write_to_buffer() is calling copy_from_user() which
is GFP_KERNEL context (see memdup_user_nul()), it is safe to use
GFP_KERNEL from __aa_kvmalloc().
Therefore, replace GFP_NOIO with GFP_KERNEL. Also, since we have
vmalloc() fallback, add __GFP_NORETRY so that we don't invoke the OOM
killer by kmalloc(GFP_KERNEL) with order == PAGE_ALLOC_COSTLY_ORDER.
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security/apparmor')
-rw-r--r-- | security/apparmor/lib.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/security/apparmor/lib.c b/security/apparmor/lib.c index c1827e068454..2ef422a25474 100644 --- a/security/apparmor/lib.c +++ b/security/apparmor/lib.c @@ -95,7 +95,8 @@ void *__aa_kvmalloc(size_t size, gfp_t flags) /* do not attempt kmalloc if we need more than 16 pages at once */ if (size <= (16*PAGE_SIZE)) - buffer = kmalloc(size, flags | GFP_NOIO | __GFP_NOWARN); + buffer = kmalloc(size, flags | GFP_KERNEL | __GFP_NORETRY | + __GFP_NOWARN); if (!buffer) { if (flags & __GFP_ZERO) buffer = vzalloc(size); |