From patchwork Wed May 30 14:11:00 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Enderborg X-Patchwork-Id: 10439099 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 6735F60327 for ; Wed, 30 May 2018 14:22:54 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 50C1C28E5D for ; Wed, 30 May 2018 14:22:54 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 442F028E88; Wed, 30 May 2018 14:22:54 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 1F50128E5D for ; Wed, 30 May 2018 14:22:53 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753074AbeE3OVj (ORCPT ); Wed, 30 May 2018 10:21:39 -0400 Received: from seldsegrel01.sonyericsson.com ([37.139.156.29]:11374 "EHLO SELDSEGREL01.sonyericsson.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753046AbeE3OVf (ORCPT ); Wed, 30 May 2018 10:21:35 -0400 From: Peter Enderborg To: , Paul Moore , Stephen Smalley , Eric Paris , James Morris , Daniel Jurgens , Doug Ledford , , , , "Serge E . Hallyn" , "Paul E . McKenney" CC: peter Subject: [PATCH V3 1/5 selinux-next] selinux: Make allocation atomic in policydb objects functions. Date: Wed, 30 May 2018 16:11:00 +0200 Message-ID: <20180530141104.28569-2-peter.enderborg@sony.com> X-Mailer: git-send-email 2.15.1 In-Reply-To: <20180530141104.28569-1-peter.enderborg@sony.com> References: <20180530141104.28569-1-peter.enderborg@sony.com> MIME-Version: 1.0 Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP From: peter As preparation for RCU the allocation need to be atomic, there is a lot of them so they do in this patch. Signed-off-by: Peter Enderborg --- security/selinux/ss/avtab.c | 8 +-- security/selinux/ss/conditional.c | 14 ++--- security/selinux/ss/ebitmap.c | 3 +- security/selinux/ss/hashtab.c | 6 +-- security/selinux/ss/policydb.c | 104 +++++++++++++++++++------------------- 5 files changed, 69 insertions(+), 66 deletions(-) diff --git a/security/selinux/ss/avtab.c b/security/selinux/ss/avtab.c index a2c9148b0662..1114a308aa94 100644 --- a/security/selinux/ss/avtab.c +++ b/security/selinux/ss/avtab.c @@ -72,13 +72,13 @@ avtab_insert_node(struct avtab *h, int hvalue, { struct avtab_node *newnode; struct avtab_extended_perms *xperms; - newnode = kmem_cache_zalloc(avtab_node_cachep, GFP_KERNEL); + newnode = kmem_cache_zalloc(avtab_node_cachep, GFP_ATOMIC); if (newnode == NULL) return NULL; newnode->key = *key; if (key->specified & AVTAB_XPERMS) { - xperms = kmem_cache_zalloc(avtab_xperms_cachep, GFP_KERNEL); + xperms = kmem_cache_zalloc(avtab_xperms_cachep, GFP_ATOMIC); if (xperms == NULL) { kmem_cache_free(avtab_node_cachep, newnode); return NULL; @@ -95,7 +95,7 @@ avtab_insert_node(struct avtab *h, int hvalue, } else { newnode->next = flex_array_get_ptr(h->htable, hvalue); if (flex_array_put_ptr(h->htable, hvalue, newnode, - GFP_KERNEL|__GFP_ZERO)) { + GFP_ATOMIC|__GFP_ZERO)) { kmem_cache_free(avtab_node_cachep, newnode); return NULL; } @@ -330,7 +330,7 @@ int avtab_alloc(struct avtab *h, u32 nrules) mask = nslot - 1; h->htable = flex_array_alloc(sizeof(struct avtab_node *), nslot, - GFP_KERNEL | __GFP_ZERO); + GFP_ATOMIC | __GFP_ZERO); if (!h->htable) return -ENOMEM; diff --git a/security/selinux/ss/conditional.c b/security/selinux/ss/conditional.c index c91543a617ac..a09c8a8e9472 100644 --- a/security/selinux/ss/conditional.c +++ b/security/selinux/ss/conditional.c @@ -178,7 +178,7 @@ int cond_init_bool_indexes(struct policydb *p) kfree(p->bool_val_to_struct); p->bool_val_to_struct = kmalloc_array(p->p_bools.nprim, sizeof(*p->bool_val_to_struct), - GFP_KERNEL); + GFP_ATOMIC); if (!p->bool_val_to_struct) return -ENOMEM; return 0; @@ -205,7 +205,7 @@ int cond_index_bool(void *key, void *datum, void *datap) fa = p->sym_val_to_name[SYM_BOOLS]; if (flex_array_put_ptr(fa, booldatum->value - 1, key, - GFP_KERNEL | __GFP_ZERO)) + GFP_ATOMIC | __GFP_ZERO)) BUG(); p->bool_val_to_struct[booldatum->value - 1] = booldatum; @@ -227,7 +227,7 @@ int cond_read_bool(struct policydb *p, struct hashtab *h, void *fp) u32 len; int rc; - booldatum = kzalloc(sizeof(*booldatum), GFP_KERNEL); + booldatum = kzalloc(sizeof(*booldatum), GFP_ATOMIC); if (!booldatum) return -ENOMEM; @@ -247,7 +247,7 @@ int cond_read_bool(struct policydb *p, struct hashtab *h, void *fp) goto err; rc = -ENOMEM; - key = kmalloc(len + 1, GFP_KERNEL); + key = kmalloc(len + 1, GFP_ATOMIC); if (!key) goto err; rc = next_entry(key, fp, len); @@ -332,7 +332,7 @@ static int cond_insertf(struct avtab *a, struct avtab_key *k, struct avtab_datum goto err; } - list = kzalloc(sizeof(*list), GFP_KERNEL); + list = kzalloc(sizeof(*list), GFP_ATOMIC); if (!list) { rc = -ENOMEM; goto err; @@ -420,7 +420,7 @@ static int cond_read_node(struct policydb *p, struct cond_node *node, void *fp) goto err; rc = -ENOMEM; - expr = kzalloc(sizeof(*expr), GFP_KERNEL); + expr = kzalloc(sizeof(*expr), GFP_ATOMIC); if (!expr) goto err; @@ -471,7 +471,7 @@ int cond_read_list(struct policydb *p, void *fp) for (i = 0; i < len; i++) { rc = -ENOMEM; - node = kzalloc(sizeof(*node), GFP_KERNEL); + node = kzalloc(sizeof(*node), GFP_ATOMIC); if (!node) goto err; diff --git a/security/selinux/ss/ebitmap.c b/security/selinux/ss/ebitmap.c index 5ae8c61b75bf..a49fabe6f744 100644 --- a/security/selinux/ss/ebitmap.c +++ b/security/selinux/ss/ebitmap.c @@ -403,7 +403,8 @@ int ebitmap_read(struct ebitmap *e, void *fp) if (!n || startbit >= n->startbit + EBITMAP_SIZE) { struct ebitmap_node *tmp; - tmp = kmem_cache_zalloc(ebitmap_node_cachep, GFP_KERNEL); + tmp = kmem_cache_zalloc(ebitmap_node_cachep, + GFP_ATOMIC); if (!tmp) { printk(KERN_ERR "SELinux: ebitmap: out of memory\n"); diff --git a/security/selinux/ss/hashtab.c b/security/selinux/ss/hashtab.c index ebfdaa31ee32..0944b1f8060e 100644 --- a/security/selinux/ss/hashtab.c +++ b/security/selinux/ss/hashtab.c @@ -19,7 +19,7 @@ struct hashtab *hashtab_create(u32 (*hash_value)(struct hashtab *h, const void * struct hashtab *p; u32 i; - p = kzalloc(sizeof(*p), GFP_KERNEL); + p = kzalloc(sizeof(*p), GFP_ATOMIC); if (!p) return p; @@ -27,7 +27,7 @@ struct hashtab *hashtab_create(u32 (*hash_value)(struct hashtab *h, const void * p->nel = 0; p->hash_value = hash_value; p->keycmp = keycmp; - p->htable = kmalloc_array(size, sizeof(*p->htable), GFP_KERNEL); + p->htable = kmalloc_array(size, sizeof(*p->htable), GFP_ATOMIC); if (!p->htable) { kfree(p); return NULL; @@ -60,7 +60,7 @@ int hashtab_insert(struct hashtab *h, void *key, void *datum) if (cur && (h->keycmp(h, key, cur->key) == 0)) return -EEXIST; - newnode = kmem_cache_zalloc(hashtab_node_cachep, GFP_KERNEL); + newnode = kmem_cache_zalloc(hashtab_node_cachep, GFP_ATOMIC); if (!newnode) return -ENOMEM; newnode->key = key; diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c index 6e8c8056d7ad..2a0e21d8c275 100644 --- a/security/selinux/ss/policydb.c +++ b/security/selinux/ss/policydb.c @@ -188,7 +188,7 @@ static int roles_init(struct policydb *p) int rc; struct role_datum *role; - role = kzalloc(sizeof(*role), GFP_KERNEL); + role = kzalloc(sizeof(*role), GFP_ATOMIC); if (!role) return -ENOMEM; @@ -198,7 +198,7 @@ static int roles_init(struct policydb *p) goto out; rc = -ENOMEM; - key = kstrdup(OBJECT_R, GFP_KERNEL); + key = kstrdup(OBJECT_R, GFP_ATOMIC); if (!key) goto out; @@ -350,7 +350,7 @@ static int common_index(void *key, void *datum, void *datap) fa = p->sym_val_to_name[SYM_COMMONS]; if (flex_array_put_ptr(fa, comdatum->value - 1, key, - GFP_KERNEL | __GFP_ZERO)) + GFP_ATOMIC | __GFP_ZERO)) BUG(); return 0; } @@ -367,7 +367,7 @@ static int class_index(void *key, void *datum, void *datap) return -EINVAL; fa = p->sym_val_to_name[SYM_CLASSES]; if (flex_array_put_ptr(fa, cladatum->value - 1, key, - GFP_KERNEL | __GFP_ZERO)) + GFP_ATOMIC | __GFP_ZERO)) BUG(); p->class_val_to_struct[cladatum->value - 1] = cladatum; return 0; @@ -388,7 +388,7 @@ static int role_index(void *key, void *datum, void *datap) fa = p->sym_val_to_name[SYM_ROLES]; if (flex_array_put_ptr(fa, role->value - 1, key, - GFP_KERNEL | __GFP_ZERO)) + GFP_ATOMIC | __GFP_ZERO)) BUG(); p->role_val_to_struct[role->value - 1] = role; return 0; @@ -410,12 +410,12 @@ static int type_index(void *key, void *datum, void *datap) return -EINVAL; fa = p->sym_val_to_name[SYM_TYPES]; if (flex_array_put_ptr(fa, typdatum->value - 1, key, - GFP_KERNEL | __GFP_ZERO)) + GFP_ATOMIC | __GFP_ZERO)) BUG(); fa = p->type_val_to_struct_array; if (flex_array_put_ptr(fa, typdatum->value - 1, typdatum, - GFP_KERNEL | __GFP_ZERO)) + GFP_ATOMIC | __GFP_ZERO)) BUG(); } @@ -437,7 +437,7 @@ static int user_index(void *key, void *datum, void *datap) fa = p->sym_val_to_name[SYM_USERS]; if (flex_array_put_ptr(fa, usrdatum->value - 1, key, - GFP_KERNEL | __GFP_ZERO)) + GFP_ATOMIC | __GFP_ZERO)) BUG(); p->user_val_to_struct[usrdatum->value - 1] = usrdatum; return 0; @@ -458,7 +458,7 @@ static int sens_index(void *key, void *datum, void *datap) return -EINVAL; fa = p->sym_val_to_name[SYM_LEVELS]; if (flex_array_put_ptr(fa, levdatum->level->sens - 1, key, - GFP_KERNEL | __GFP_ZERO)) + GFP_ATOMIC | __GFP_ZERO)) BUG(); } @@ -479,7 +479,7 @@ static int cat_index(void *key, void *datum, void *datap) return -EINVAL; fa = p->sym_val_to_name[SYM_CATS]; if (flex_array_put_ptr(fa, catdatum->value - 1, key, - GFP_KERNEL | __GFP_ZERO)) + GFP_ATOMIC | __GFP_ZERO)) BUG(); } @@ -550,31 +550,31 @@ static int policydb_index(struct policydb *p) p->class_val_to_struct = kcalloc(p->p_classes.nprim, sizeof(*p->class_val_to_struct), - GFP_KERNEL); + GFP_ATOMIC); if (!p->class_val_to_struct) return -ENOMEM; p->role_val_to_struct = kcalloc(p->p_roles.nprim, sizeof(*p->role_val_to_struct), - GFP_KERNEL); + GFP_ATOMIC); if (!p->role_val_to_struct) return -ENOMEM; p->user_val_to_struct = kcalloc(p->p_users.nprim, sizeof(*p->user_val_to_struct), - GFP_KERNEL); + GFP_ATOMIC); if (!p->user_val_to_struct) return -ENOMEM; /* Yes, I want the sizeof the pointer, not the structure */ p->type_val_to_struct_array = flex_array_alloc(sizeof(struct type_datum *), p->p_types.nprim, - GFP_KERNEL | __GFP_ZERO); + GFP_ATOMIC | __GFP_ZERO); if (!p->type_val_to_struct_array) return -ENOMEM; rc = flex_array_prealloc(p->type_val_to_struct_array, 0, - p->p_types.nprim, GFP_KERNEL | __GFP_ZERO); + p->p_types.nprim, GFP_ATOMIC | __GFP_ZERO); if (rc) goto out; @@ -585,13 +585,14 @@ static int policydb_index(struct policydb *p) for (i = 0; i < SYM_NUM; i++) { p->sym_val_to_name[i] = flex_array_alloc(sizeof(char *), p->symtab[i].nprim, - GFP_KERNEL | __GFP_ZERO); + GFP_ATOMIC | + __GFP_ZERO); if (!p->sym_val_to_name[i]) return -ENOMEM; rc = flex_array_prealloc(p->sym_val_to_name[i], 0, p->symtab[i].nprim, - GFP_KERNEL | __GFP_ZERO); + GFP_ATOMIC | __GFP_ZERO); if (rc) goto out; @@ -1122,7 +1123,7 @@ static int perm_read(struct policydb *p, struct hashtab *h, void *fp) __le32 buf[2]; u32 len; - perdatum = kzalloc(sizeof(*perdatum), GFP_KERNEL); + perdatum = kzalloc(sizeof(*perdatum), GFP_ATOMIC); if (!perdatum) return -ENOMEM; @@ -1133,7 +1134,7 @@ static int perm_read(struct policydb *p, struct hashtab *h, void *fp) len = le32_to_cpu(buf[0]); perdatum->value = le32_to_cpu(buf[1]); - rc = str_read(&key, GFP_KERNEL, fp, len); + rc = str_read(&key, GFP_ATOMIC, fp, len); if (rc) goto bad; @@ -1155,7 +1156,7 @@ static int common_read(struct policydb *p, struct hashtab *h, void *fp) u32 len, nel; int i, rc; - comdatum = kzalloc(sizeof(*comdatum), GFP_KERNEL); + comdatum = kzalloc(sizeof(*comdatum), GFP_ATOMIC); if (!comdatum) return -ENOMEM; @@ -1172,7 +1173,7 @@ static int common_read(struct policydb *p, struct hashtab *h, void *fp) comdatum->permissions.nprim = le32_to_cpu(buf[2]); nel = le32_to_cpu(buf[3]); - rc = str_read(&key, GFP_KERNEL, fp, len); + rc = str_read(&key, GFP_ATOMIC, fp, len); if (rc) goto bad; @@ -1228,7 +1229,7 @@ static int read_cons_helper(struct policydb *p, lc = NULL; for (i = 0; i < ncons; i++) { - c = kzalloc(sizeof(*c), GFP_KERNEL); + c = kzalloc(sizeof(*c), GFP_ATOMIC); if (!c) return -ENOMEM; @@ -1245,7 +1246,7 @@ static int read_cons_helper(struct policydb *p, le = NULL; depth = -1; for (j = 0; j < nexpr; j++) { - e = kzalloc(sizeof(*e), GFP_KERNEL); + e = kzalloc(sizeof(*e), GFP_ATOMIC); if (!e) return -ENOMEM; @@ -1290,7 +1291,7 @@ static int read_cons_helper(struct policydb *p, POLICYDB_VERSION_CONSTRAINT_NAMES) { e->type_names = kzalloc(sizeof (*e->type_names), - GFP_KERNEL); + GFP_ATOMIC); if (!e->type_names) return -ENOMEM; type_set_init(e->type_names); @@ -1320,7 +1321,7 @@ static int class_read(struct policydb *p, struct hashtab *h, void *fp) u32 len, len2, ncons, nel; int i, rc; - cladatum = kzalloc(sizeof(*cladatum), GFP_KERNEL); + cladatum = kzalloc(sizeof(*cladatum), GFP_ATOMIC); if (!cladatum) return -ENOMEM; @@ -1340,12 +1341,12 @@ static int class_read(struct policydb *p, struct hashtab *h, void *fp) ncons = le32_to_cpu(buf[5]); - rc = str_read(&key, GFP_KERNEL, fp, len); + rc = str_read(&key, GFP_ATOMIC, fp, len); if (rc) goto bad; if (len2) { - rc = str_read(&cladatum->comkey, GFP_KERNEL, fp, len2); + rc = str_read(&cladatum->comkey, GFP_ATOMIC, fp, len2); if (rc) goto bad; @@ -1413,7 +1414,7 @@ static int role_read(struct policydb *p, struct hashtab *h, void *fp) __le32 buf[3]; u32 len; - role = kzalloc(sizeof(*role), GFP_KERNEL); + role = kzalloc(sizeof(*role), GFP_ATOMIC); if (!role) return -ENOMEM; @@ -1429,7 +1430,7 @@ static int role_read(struct policydb *p, struct hashtab *h, void *fp) if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) role->bounds = le32_to_cpu(buf[2]); - rc = str_read(&key, GFP_KERNEL, fp, len); + rc = str_read(&key, GFP_ATOMIC, fp, len); if (rc) goto bad; @@ -1469,7 +1470,7 @@ static int type_read(struct policydb *p, struct hashtab *h, void *fp) __le32 buf[4]; u32 len; - typdatum = kzalloc(sizeof(*typdatum), GFP_KERNEL); + typdatum = kzalloc(sizeof(*typdatum), GFP_ATOMIC); if (!typdatum) return -ENOMEM; @@ -1495,7 +1496,7 @@ static int type_read(struct policydb *p, struct hashtab *h, void *fp) typdatum->primary = le32_to_cpu(buf[2]); } - rc = str_read(&key, GFP_KERNEL, fp, len); + rc = str_read(&key, GFP_ATOMIC, fp, len); if (rc) goto bad; @@ -1543,7 +1544,7 @@ static int user_read(struct policydb *p, struct hashtab *h, void *fp) __le32 buf[3]; u32 len; - usrdatum = kzalloc(sizeof(*usrdatum), GFP_KERNEL); + usrdatum = kzalloc(sizeof(*usrdatum), GFP_ATOMIC); if (!usrdatum) return -ENOMEM; @@ -1559,7 +1560,7 @@ static int user_read(struct policydb *p, struct hashtab *h, void *fp) if (p->policyvers >= POLICYDB_VERSION_BOUNDARY) usrdatum->bounds = le32_to_cpu(buf[2]); - rc = str_read(&key, GFP_KERNEL, fp, len); + rc = str_read(&key, GFP_ATOMIC, fp, len); if (rc) goto bad; @@ -1853,7 +1854,7 @@ static int range_read(struct policydb *p, void *fp) nel = le32_to_cpu(buf[0]); for (i = 0; i < nel; i++) { rc = -ENOMEM; - rt = kzalloc(sizeof(*rt), GFP_KERNEL); + rt = kzalloc(sizeof(*rt), GFP_ATOMIC); if (!rt) goto out; @@ -1878,7 +1879,7 @@ static int range_read(struct policydb *p, void *fp) goto out; rc = -ENOMEM; - r = kzalloc(sizeof(*r), GFP_KERNEL); + r = kzalloc(sizeof(*r), GFP_ATOMIC); if (!r) goto out; @@ -1929,12 +1930,12 @@ static int filename_trans_read(struct policydb *p, void *fp) name = NULL; rc = -ENOMEM; - ft = kzalloc(sizeof(*ft), GFP_KERNEL); + ft = kzalloc(sizeof(*ft), GFP_ATOMIC); if (!ft) goto out; rc = -ENOMEM; - otype = kmalloc(sizeof(*otype), GFP_KERNEL); + otype = kmalloc(sizeof(*otype), GFP_ATOMIC); if (!otype) goto out; @@ -1945,7 +1946,7 @@ static int filename_trans_read(struct policydb *p, void *fp) len = le32_to_cpu(buf[0]); /* path component string */ - rc = str_read(&name, GFP_KERNEL, fp, len); + rc = str_read(&name, GFP_ATOMIC, fp, len); if (rc) goto out; @@ -2011,11 +2012,11 @@ static int genfs_read(struct policydb *p, void *fp) len = le32_to_cpu(buf[0]); rc = -ENOMEM; - newgenfs = kzalloc(sizeof(*newgenfs), GFP_KERNEL); + newgenfs = kzalloc(sizeof(*newgenfs), GFP_ATOMIC); if (!newgenfs) goto out; - rc = str_read(&newgenfs->fstype, GFP_KERNEL, fp, len); + rc = str_read(&newgenfs->fstype, GFP_ATOMIC, fp, len); if (rc) goto out; @@ -2050,11 +2051,11 @@ static int genfs_read(struct policydb *p, void *fp) len = le32_to_cpu(buf[0]); rc = -ENOMEM; - newc = kzalloc(sizeof(*newc), GFP_KERNEL); + newc = kzalloc(sizeof(*newc), GFP_ATOMIC); if (!newc) goto out; - rc = str_read(&newc->u.name, GFP_KERNEL, fp, len); + rc = str_read(&newc->u.name, GFP_ATOMIC, fp, len); if (rc) goto out; @@ -2120,7 +2121,7 @@ static int ocontext_read(struct policydb *p, struct policydb_compat_info *info, l = NULL; for (j = 0; j < nel; j++) { rc = -ENOMEM; - c = kzalloc(sizeof(*c), GFP_KERNEL); + c = kzalloc(sizeof(*c), GFP_ATOMIC); if (!c) goto out; if (l) @@ -2147,7 +2148,7 @@ static int ocontext_read(struct policydb *p, struct policydb_compat_info *info, goto out; len = le32_to_cpu(buf[0]); - rc = str_read(&c->u.name, GFP_KERNEL, fp, len); + rc = str_read(&c->u.name, GFP_ATOMIC, fp, len); if (rc) goto out; @@ -2193,7 +2194,7 @@ static int ocontext_read(struct policydb *p, struct policydb_compat_info *info, goto out; len = le32_to_cpu(buf[1]); - rc = str_read(&c->u.name, GFP_KERNEL, fp, len); + rc = str_read(&c->u.name, GFP_ATOMIC, fp, len); if (rc) goto out; @@ -2244,7 +2245,8 @@ static int ocontext_read(struct policydb *p, struct policydb_compat_info *info, goto out; len = le32_to_cpu(buf[0]); - rc = str_read(&c->u.ibendport.dev_name, GFP_KERNEL, fp, len); + rc = str_read(&c->u.ibendport.dev_name, + GFP_ATOMIC, fp, len); if (rc) goto out; @@ -2311,7 +2313,7 @@ int policydb_read(struct policydb *p, void *fp) } rc = -ENOMEM; - policydb_str = kmalloc(len + 1, GFP_KERNEL); + policydb_str = kmalloc(len + 1, GFP_ATOMIC); if (!policydb_str) { printk(KERN_ERR "SELinux: unable to allocate memory for policydb " "string of length %d\n", len); @@ -2433,7 +2435,7 @@ int policydb_read(struct policydb *p, void *fp) ltr = NULL; for (i = 0; i < nel; i++) { rc = -ENOMEM; - tr = kzalloc(sizeof(*tr), GFP_KERNEL); + tr = kzalloc(sizeof(*tr), GFP_ATOMIC); if (!tr) goto bad; if (ltr) @@ -2472,7 +2474,7 @@ int policydb_read(struct policydb *p, void *fp) lra = NULL; for (i = 0; i < nel; i++) { rc = -ENOMEM; - ra = kzalloc(sizeof(*ra), GFP_KERNEL); + ra = kzalloc(sizeof(*ra), GFP_ATOMIC); if (!ra) goto bad; if (lra) @@ -2521,13 +2523,13 @@ int policydb_read(struct policydb *p, void *fp) rc = -ENOMEM; p->type_attr_map_array = flex_array_alloc(sizeof(struct ebitmap), p->p_types.nprim, - GFP_KERNEL | __GFP_ZERO); + GFP_ATOMIC | __GFP_ZERO); if (!p->type_attr_map_array) goto bad; /* preallocate so we don't have to worry about the put ever failing */ rc = flex_array_prealloc(p->type_attr_map_array, 0, p->p_types.nprim, - GFP_KERNEL | __GFP_ZERO); + GFP_ATOMIC | __GFP_ZERO); if (rc) goto bad;