selinux: use GFP_NOWAIT in the AVC kmem_caches

There is a strange __GFP_NOMEMALLOC usage pattern in SELinux,
specifically GFP_ATOMIC | __GFP_NOMEMALLOC which doesn't make much
sense.  GFP_ATOMIC on its own allows to access memory reserves while
__GFP_NOMEMALLOC dictates we cannot use memory reserves.  Replace this
with the much more sane GFP_NOWAIT in the AVC code as we can tolerate
memory allocation failures in that code.

Signed-off-by: Michal Hocko <mhocko@kernel.org>
Acked-by: Mel Gorman <mgorman@suse.de>
Signed-off-by: Paul Moore <paul@paul-moore.com>

diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index e60c79de13e1c74ea6129cfb5431d5d2415cdc2d..52f3c550abcc4f99d9933a7bf17703f17d9d48b6 100644 (file)
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -348,27 +348,26 @@ static struct avc_xperms_decision_node
        struct avc_xperms_decision_node *xpd_node;
        struct extended_perms_decision *xpd;
 
-       xpd_node = kmem_cache_zalloc(avc_xperms_decision_cachep,
-                               GFP_ATOMIC | __GFP_NOMEMALLOC);
+       xpd_node = kmem_cache_zalloc(avc_xperms_decision_cachep, GFP_NOWAIT);
        if (!xpd_node)
                return NULL;
 
        xpd = &xpd_node->xpd;
        if (which & XPERMS_ALLOWED) {
                xpd->allowed = kmem_cache_zalloc(avc_xperms_data_cachep,
-                                               GFP_ATOMIC | __GFP_NOMEMALLOC);
+                                               GFP_NOWAIT);
                if (!xpd->allowed)
                        goto error;
        }
        if (which & XPERMS_AUDITALLOW) {
                xpd->auditallow = kmem_cache_zalloc(avc_xperms_data_cachep,
-                                               GFP_ATOMIC | __GFP_NOMEMALLOC);
+                                               GFP_NOWAIT);
                if (!xpd->auditallow)
                        goto error;
        }
        if (which & XPERMS_DONTAUDIT) {
                xpd->dontaudit = kmem_cache_zalloc(avc_xperms_data_cachep,
-                                               GFP_ATOMIC | __GFP_NOMEMALLOC);
+                                               GFP_NOWAIT);
                if (!xpd->dontaudit)
                        goto error;
        }
@@ -396,8 +395,7 @@ static struct avc_xperms_node *avc_xperms_alloc(void)
 {
        struct avc_xperms_node *xp_node;
 
-       xp_node = kmem_cache_zalloc(avc_xperms_cachep,
-                               GFP_ATOMIC|__GFP_NOMEMALLOC);
+       xp_node = kmem_cache_zalloc(avc_xperms_cachep, GFP_NOWAIT);
        if (!xp_node)
                return xp_node;
        INIT_LIST_HEAD(&xp_node->xpd_head);
@@ -550,7 +548,7 @@ static struct avc_node *avc_alloc_node(void)
 {
        struct avc_node *node;
 
-       node = kmem_cache_zalloc(avc_node_cachep, GFP_ATOMIC|__GFP_NOMEMALLOC);
+       node = kmem_cache_zalloc(avc_node_cachep, GFP_NOWAIT);
        if (!node)
                goto out;