Re: [RFC 5/5] security: smack: add kmem_cache for smack_master_list allocations

[Casey Schaufler <casey@schaufler-ca.com>]

On 6/13/2013 8:29 AM, Tomasz Stanislawski wrote:
> On ARM, sizeof(struct smack_master_list) == 12. Allocation by kmalloc() uses a
> 32-byte-long chunk to allocate 12 bytes. Just ask ksize().  It means that 63%
> of memory is simply wasted for padding bytes.
>
> The problem is fixed in this patch by using kmem_cache. The cache allocates
> struct smack_master_list using 16-byte-long chunks according to ksize(). This
> reduces amount of used memory by 50%.

As with patch 4, I need to see performance numbers. Saving 50%
is good, but if there are 20,000 rules you're only saving 320K
of memory.

>
> Signed-off-by: Tomasz Stanislawski <t.stanislaws@samsung.com>
> ---
>  security/smack/smack.h     |    7 +++++++
>  security/smack/smack_lsm.c |    8 ++++++++
>  security/smack/smackfs.c   |    8 ++------
>  3 files changed, 17 insertions(+), 6 deletions(-)
>
> diff --git a/security/smack/smack.h b/security/smack/smack.h
> index 38ba673..463f818 100644
> --- a/security/smack/smack.h
> +++ b/security/smack/smack.h
> @@ -194,6 +194,12 @@ struct smk_audit_info {
>  	struct smack_audit_data sad;
>  #endif
>  };
> +
> +struct smack_master_list {
> +	struct list_head	list;
> +	struct smack_rule	*smk_rule;
> +};
> +
>  /*
>   * These functions are in smack_lsm.c
>   */
> @@ -235,6 +241,7 @@ extern struct list_head smk_netlbladdr_list;
>  
>  /* Cache for fast and thrifty allocations */
>  extern struct kmem_cache *smack_rule_cache;
> +extern struct kmem_cache *smack_master_list_cache;
>  
>  extern struct security_operations smack_ops;
>  
> diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
> index 7aa696a..1d4a1b0 100644
> --- a/security/smack/smack_lsm.c
> +++ b/security/smack/smack_lsm.c
> @@ -3566,6 +3566,7 @@ static __init void init_smack_known_list(void)
>  
>  /* KMEM caches for fast and thrifty allocations */
>  struct kmem_cache *smack_rule_cache;
> +struct kmem_cache *smack_master_list_cache;
>  
>  /**
>   * smack_init - initialize the smack system
> @@ -3584,9 +3585,16 @@ static __init int smack_init(void)
>  	if (!smack_rule_cache)
>  		return -ENOMEM;
>  
> +	smack_master_list_cache = KMEM_CACHE(smack_master_list, 0);
> +	if (!smack_master_list_cache) {
> +		kmem_cache_destroy(smack_rule_cache);
> +		return -ENOMEM;
> +	}
> +
>  	tsp = new_task_smack(smack_known_floor.smk_known,
>  				smack_known_floor.smk_known, GFP_KERNEL);
>  	if (tsp == NULL) {
> +		kmem_cache_destroy(smack_master_list_cache);
>  		kmem_cache_destroy(smack_rule_cache);
>  		return -ENOMEM;
>  	}
> diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c
> index c08b1ec..c7a1b0d 100644
> --- a/security/smack/smackfs.c
> +++ b/security/smack/smackfs.c
> @@ -104,11 +104,6 @@ LIST_HEAD(smk_netlbladdr_list);
>   * Rule lists are maintained for each label.
>   * This master list is just for reading /smack/load and /smack/load2.
>   */
> -struct smack_master_list {
> -	struct list_head	list;
> -	struct smack_rule	*smk_rule;
> -};
> -
>  LIST_HEAD(smack_rule_list);
>  
>  struct smack_parsed_rule {
> @@ -233,7 +228,8 @@ static int smk_set_access(struct smack_parsed_rule *srp,
>  		 * it needs to get added for reporting.
>  		 */
>  		if (global) {
> -			smlp = kzalloc(sizeof(*smlp), GFP_KERNEL);
> +			smlp = kmem_cache_zalloc(smack_master_list_cache,
> +							GFP_KERNEL);
>  			if (smlp != NULL) {
>  				smlp->smk_rule = sp;
>  				list_add_rcu(&smlp->list, &smack_rule_list);