summaryrefslogtreecommitdiff
path: root/security/apparmor
diff options
context:
space:
mode:
authorTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>2016-11-14 14:11:52 +0300
committerJohn Johansen <john.johansen@canonical.com>2017-01-16 00:41:09 +0300
commita7f6c1b63b863d29f126d9b163ad5b40008544b2 (patch)
tree0d6d855aafdd750417ce67c5ca9c490fe9ce7056 /security/apparmor
parentb8aa8453918ebfd93d78de56c2afd4b735e02e27 (diff)
downloadlinux-a7f6c1b63b863d29f126d9b163ad5b40008544b2.tar.xz
AppArmor: Use GFP_KERNEL for __aa_kvmalloc().
Calling kmalloc(GFP_NOIO) with order == PAGE_ALLOC_COSTLY_ORDER is not recommended because it might fall into infinite retry loop without invoking the OOM killer. Since aa_dfa_unpack() is the only caller of kvzalloc() and aa_dfa_unpack() which is calling kvzalloc() via unpack_table() is doing kzalloc(GFP_KERNEL), it is safe to use GFP_KERNEL from __aa_kvmalloc(). Since aa_simple_write_to_buffer() is the only caller of kvmalloc() and aa_simple_write_to_buffer() is calling copy_from_user() which is GFP_KERNEL context (see memdup_user_nul()), it is safe to use GFP_KERNEL from __aa_kvmalloc(). Therefore, replace GFP_NOIO with GFP_KERNEL. Also, since we have vmalloc() fallback, add __GFP_NORETRY so that we don't invoke the OOM killer by kmalloc(GFP_KERNEL) with order == PAGE_ALLOC_COSTLY_ORDER. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security/apparmor')
-rw-r--r--security/apparmor/lib.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/security/apparmor/lib.c b/security/apparmor/lib.c
index c1827e068454..2ef422a25474 100644
--- a/security/apparmor/lib.c
+++ b/security/apparmor/lib.c
@@ -95,7 +95,8 @@ void *__aa_kvmalloc(size_t size, gfp_t flags)
/* do not attempt kmalloc if we need more than 16 pages at once */
if (size <= (16*PAGE_SIZE))
- buffer = kmalloc(size, flags | GFP_NOIO | __GFP_NOWARN);
+ buffer = kmalloc(size, flags | GFP_KERNEL | __GFP_NORETRY |
+ __GFP_NOWARN);
if (!buffer) {
if (flags & __GFP_ZERO)
buffer = vzalloc(size);