Re: suspicious __GFP_NOMEMALLOC in selinux

[Mel Gorman]

On Thu, Aug 03, 2017 at 10:11:52AM +0200, Michal Hocko wrote:
> > The GFP_ATOMIC|__GFP_NOMEMALLOC use in SELinux appears to be limited
> > to security/selinux/avc.c, and digging a bit, I'm guessing commit
> > fa1aa143ac4a copied the combination from 6290c2c43973 ("selinux: tag
> > avc cache alloc as non-critical") and the avc_alloc_node() function.
> 
> Thanks for the pointer. That makes much more sense now. Back in 2012 we
> really didn't have a good way to distinguish non sleeping and atomic
> with reserves allocations.
>  

Yes, and GFP_NOWAIT is the right way to express that now. It'll still
wake kswapd but it won't stall on direct reclaim and won't dip into
reserves.

Thanks Michal.

> ---
> From 6d506a75da83c0724ed399966971711f37d67411 Mon Sep 17 00:00:00 2001
> From: Michal Hocko <mhocko@xxxxxxxx>
> Date: Thu, 3 Aug 2017 10:04:20 +0200
> Subject: [PATCH] selinux: replace GFP_ATOMIC | __GFP_NOMEMALLOC with
>  GFP_NOWAIT
> 
> selinux avc code uses a weird combination of gfp flags. It asks for
> GFP_ATOMIC which allows access to memory reserves while it requests
> to not consume memory reserves by __GFP_NOMEMALLOC. This seems to be
> copying the pattern from 6290c2c43973 ("selinux: tag avc cache alloc as
> non-critical").
> 
> Back then (before d0164adc89f6 ("mm, page_alloc: distinguish between
> being unable to sleep, unwilling to sleep and avoiding waking kswapd"))
> we didn't have a good way to distinguish nowait and atomic allocations
> so the construct made some sense. Now we do not have to play tricks
> though and GFP_NOWAIT will provide the required semantic (aka do not
> sleep and do not consume any memory reserves).
> 
> Signed-off-by: Michal Hocko <mhocko@xxxxxxxx>

Looks right to me

Acked-by: Mel Gorman <mgorman@xxxxxxx>

-- 
Mel Gorman
SUSE Labs