diff mbox series

[1/1] Smack: Create smack_rule cache to optimize memory usage

Message ID 1552554393-11691-1-git-send-email-vishal.goel@samsung.com (mailing list archive)
State New, archived
Headers show
Series [1/1] Smack: Create smack_rule cache to optimize memory usage | expand

Commit Message

Vishal Goel March 14, 2019, 9:06 a.m. UTC
This patch allows for small memory optimization by creating the
kmem cache for "struct smack_rule" instead of using kzalloc.
For adding new smack rule, kzalloc is used to allocate the memory
for "struct smack_rule". kzalloc will always allocate 32 or 64 bytes
for 1 structure depending upon the kzalloc cache sizes available in
system. Although the size of structure is 20 bytes only, resulting
in memory wastage per object in the default pool.

For e.g., if there are 20000 rules, then it will save 240KB(20000*12)
which is crucial for small memory targets.

Signed-off-by: Vishal Goel <vishal.goel@samsung.com>
Signed-off-by: Amit Sahrawat <a.sahrawat@samsung.com>
---
 security/smack/smack.h     |  1 +
 security/smack/smack_lsm.c | 12 ++++++++++--
 security/smack/smackfs.c   |  2 +-
 3 files changed, 12 insertions(+), 3 deletions(-)

Comments

Casey Schaufler March 14, 2019, 5:07 p.m. UTC | #1
On 3/14/2019 2:06 AM, Vishal Goel wrote:
> This patch allows for small memory optimization by creating the
> kmem cache for "struct smack_rule" instead of using kzalloc.
> For adding new smack rule, kzalloc is used to allocate the memory
> for "struct smack_rule". kzalloc will always allocate 32 or 64 bytes
> for 1 structure depending upon the kzalloc cache sizes available in
> system. Although the size of structure is 20 bytes only, resulting
> in memory wastage per object in the default pool.
>
> For e.g., if there are 20000 rules, then it will save 240KB(20000*12)
> which is crucial for small memory targets.
>
> Signed-off-by: Vishal Goel <vishal.goel@samsung.com>
> Signed-off-by: Amit Sahrawat <a.sahrawat@samsung.com>

I will take this for 5.2.
Thank you. Keep up the good work.

> ---
>   security/smack/smack.h     |  1 +
>   security/smack/smack_lsm.c | 12 ++++++++++--
>   security/smack/smackfs.c   |  2 +-
>   3 files changed, 12 insertions(+), 3 deletions(-)
>
> diff --git a/security/smack/smack.h b/security/smack/smack.h
> index 6a71fc7..a5d7461 100644
> --- a/security/smack/smack.h
> +++ b/security/smack/smack.h
> @@ -354,6 +354,7 @@ int smk_tskacc(struct task_smack *, struct smack_known *,
>   
>   #define SMACK_HASH_SLOTS 16
>   extern struct hlist_head smack_known_hash[SMACK_HASH_SLOTS];
> +extern struct kmem_cache *smack_rule_cache;
>   
>   /*
>    * Is the directory transmuting?
> diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
> index 319add3..16b6cf5 100644
> --- a/security/smack/smack_lsm.c
> +++ b/security/smack/smack_lsm.c
> @@ -56,6 +56,7 @@
>   static LIST_HEAD(smk_ipv6_port_list);
>   #endif
>   static struct kmem_cache *smack_inode_cache;
> +struct kmem_cache *smack_rule_cache;
>   int smack_enabled;
>   
>   static const match_table_t smk_mount_tokens = {
> @@ -349,7 +350,7 @@ static int smk_copy_rules(struct list_head *nhead, struct list_head *ohead,
>   	int rc = 0;
>   
>   	list_for_each_entry_rcu(orp, ohead, list) {
> -		nrp = kzalloc(sizeof(struct smack_rule), gfp);
> +		nrp = kmem_cache_zalloc(smack_rule_cache, gfp);
>   		if (nrp == NULL) {
>   			rc = -ENOMEM;
>   			break;
> @@ -1995,7 +1996,7 @@ static void smack_cred_free(struct cred *cred)
>   	list_for_each_safe(l, n, &tsp->smk_rules) {
>   		rp = list_entry(l, struct smack_rule, list);
>   		list_del(&rp->list);
> -		kfree(rp);
> +		kmem_cache_free(smack_rule_cache, rp);
>   	}
>   	kfree(tsp);
>   }
> @@ -4788,10 +4789,17 @@ static __init int smack_init(void)
>   	if (!smack_inode_cache)
>   		return -ENOMEM;
>   
> +	smack_rule_cache = KMEM_CACHE(smack_rule, 0);
> +	if (!smack_rule_cache) {
> +		kmem_cache_destroy(smack_inode_cache);
> +		return -ENOMEM;
> +	}
> +
>   	tsp = new_task_smack(&smack_known_floor, &smack_known_floor,
>   				GFP_KERNEL);
>   	if (tsp == NULL) {
>   		kmem_cache_destroy(smack_inode_cache);
> +		kmem_cache_destroy(smack_rule_cache);
>   		return -ENOMEM;
>   	}
>   
> diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c
> index 2a8a1f5..d8a0e25 100644
> --- a/security/smack/smackfs.c
> +++ b/security/smack/smackfs.c
> @@ -236,7 +236,7 @@ static int smk_set_access(struct smack_parsed_rule *srp,
>   	}
>   
>   	if (found == 0) {
> -		sp = kzalloc(sizeof(*sp), GFP_KERNEL);
> +		sp = kmem_cache_zalloc(smack_rule_cache, GFP_KERNEL);
>   		if (sp == NULL) {
>   			rc = -ENOMEM;
>   			goto out;
Casey Schaufler April 9, 2019, 11:30 p.m. UTC | #2
On 3/14/2019 2:06 AM, Vishal Goel wrote:
> This patch allows for small memory optimization by creating the
> kmem cache for "struct smack_rule" instead of using kzalloc.
> For adding new smack rule, kzalloc is used to allocate the memory
> for "struct smack_rule". kzalloc will always allocate 32 or 64 bytes
> for 1 structure depending upon the kzalloc cache sizes available in
> system. Although the size of structure is 20 bytes only, resulting
> in memory wastage per object in the default pool.
>
> For e.g., if there are 20000 rules, then it will save 240KB(20000*12)
> which is crucial for small memory targets.
>
> Signed-off-by: Vishal Goel <vishal.goel@samsung.com>
> Signed-off-by: Amit Sahrawat <a.sahrawat@samsung.com>

I have taken this patch in for
	https://github.com/cschaufler/next-smack.git#smack-for-5.2

> ---
>   security/smack/smack.h     |  1 +
>   security/smack/smack_lsm.c | 12 ++++++++++--
>   security/smack/smackfs.c   |  2 +-
>   3 files changed, 12 insertions(+), 3 deletions(-)
>
> diff --git a/security/smack/smack.h b/security/smack/smack.h
> index 6a71fc7..a5d7461 100644
> --- a/security/smack/smack.h
> +++ b/security/smack/smack.h
> @@ -354,6 +354,7 @@ int smk_tskacc(struct task_smack *, struct smack_known *,
>   
>   #define SMACK_HASH_SLOTS 16
>   extern struct hlist_head smack_known_hash[SMACK_HASH_SLOTS];
> +extern struct kmem_cache *smack_rule_cache;
>   
>   /*
>    * Is the directory transmuting?
> diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
> index 319add3..16b6cf5 100644
> --- a/security/smack/smack_lsm.c
> +++ b/security/smack/smack_lsm.c
> @@ -56,6 +56,7 @@
>   static LIST_HEAD(smk_ipv6_port_list);
>   #endif
>   static struct kmem_cache *smack_inode_cache;
> +struct kmem_cache *smack_rule_cache;
>   int smack_enabled;
>   
>   static const match_table_t smk_mount_tokens = {
> @@ -349,7 +350,7 @@ static int smk_copy_rules(struct list_head *nhead, struct list_head *ohead,
>   	int rc = 0;
>   
>   	list_for_each_entry_rcu(orp, ohead, list) {
> -		nrp = kzalloc(sizeof(struct smack_rule), gfp);
> +		nrp = kmem_cache_zalloc(smack_rule_cache, gfp);
>   		if (nrp == NULL) {
>   			rc = -ENOMEM;
>   			break;
> @@ -1995,7 +1996,7 @@ static void smack_cred_free(struct cred *cred)
>   	list_for_each_safe(l, n, &tsp->smk_rules) {
>   		rp = list_entry(l, struct smack_rule, list);
>   		list_del(&rp->list);
> -		kfree(rp);
> +		kmem_cache_free(smack_rule_cache, rp);
>   	}
>   	kfree(tsp);
>   }
> @@ -4788,10 +4789,17 @@ static __init int smack_init(void)
>   	if (!smack_inode_cache)
>   		return -ENOMEM;
>   
> +	smack_rule_cache = KMEM_CACHE(smack_rule, 0);
> +	if (!smack_rule_cache) {
> +		kmem_cache_destroy(smack_inode_cache);
> +		return -ENOMEM;
> +	}
> +
>   	tsp = new_task_smack(&smack_known_floor, &smack_known_floor,
>   				GFP_KERNEL);
>   	if (tsp == NULL) {
>   		kmem_cache_destroy(smack_inode_cache);
> +		kmem_cache_destroy(smack_rule_cache);
>   		return -ENOMEM;
>   	}
>   
> diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c
> index 2a8a1f5..d8a0e25 100644
> --- a/security/smack/smackfs.c
> +++ b/security/smack/smackfs.c
> @@ -236,7 +236,7 @@ static int smk_set_access(struct smack_parsed_rule *srp,
>   	}
>   
>   	if (found == 0) {
> -		sp = kzalloc(sizeof(*sp), GFP_KERNEL);
> +		sp = kmem_cache_zalloc(smack_rule_cache, GFP_KERNEL);
>   		if (sp == NULL) {
>   			rc = -ENOMEM;
>   			goto out;
diff mbox series

Patch

diff --git a/security/smack/smack.h b/security/smack/smack.h
index 6a71fc7..a5d7461 100644
--- a/security/smack/smack.h
+++ b/security/smack/smack.h
@@ -354,6 +354,7 @@  int smk_tskacc(struct task_smack *, struct smack_known *,
 
 #define SMACK_HASH_SLOTS 16
 extern struct hlist_head smack_known_hash[SMACK_HASH_SLOTS];
+extern struct kmem_cache *smack_rule_cache;
 
 /*
  * Is the directory transmuting?
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 319add3..16b6cf5 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -56,6 +56,7 @@ 
 static LIST_HEAD(smk_ipv6_port_list);
 #endif
 static struct kmem_cache *smack_inode_cache;
+struct kmem_cache *smack_rule_cache;
 int smack_enabled;
 
 static const match_table_t smk_mount_tokens = {
@@ -349,7 +350,7 @@  static int smk_copy_rules(struct list_head *nhead, struct list_head *ohead,
 	int rc = 0;
 
 	list_for_each_entry_rcu(orp, ohead, list) {
-		nrp = kzalloc(sizeof(struct smack_rule), gfp);
+		nrp = kmem_cache_zalloc(smack_rule_cache, gfp);
 		if (nrp == NULL) {
 			rc = -ENOMEM;
 			break;
@@ -1995,7 +1996,7 @@  static void smack_cred_free(struct cred *cred)
 	list_for_each_safe(l, n, &tsp->smk_rules) {
 		rp = list_entry(l, struct smack_rule, list);
 		list_del(&rp->list);
-		kfree(rp);
+		kmem_cache_free(smack_rule_cache, rp);
 	}
 	kfree(tsp);
 }
@@ -4788,10 +4789,17 @@  static __init int smack_init(void)
 	if (!smack_inode_cache)
 		return -ENOMEM;
 
+	smack_rule_cache = KMEM_CACHE(smack_rule, 0);
+	if (!smack_rule_cache) {
+		kmem_cache_destroy(smack_inode_cache);
+		return -ENOMEM;
+	}
+
 	tsp = new_task_smack(&smack_known_floor, &smack_known_floor,
 				GFP_KERNEL);
 	if (tsp == NULL) {
 		kmem_cache_destroy(smack_inode_cache);
+		kmem_cache_destroy(smack_rule_cache);
 		return -ENOMEM;
 	}
 
diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c
index 2a8a1f5..d8a0e25 100644
--- a/security/smack/smackfs.c
+++ b/security/smack/smackfs.c
@@ -236,7 +236,7 @@  static int smk_set_access(struct smack_parsed_rule *srp,
 	}
 
 	if (found == 0) {
-		sp = kzalloc(sizeof(*sp), GFP_KERNEL);
+		sp = kmem_cache_zalloc(smack_rule_cache, GFP_KERNEL);
 		if (sp == NULL) {
 			rc = -ENOMEM;
 			goto out;