suspicious __GFP_NOMEMALLOC in selinux

From: Michal Hocko
Date: Wed Aug 02 2017 - 06:50:27 EST

while doing something completely unrelated to selinux I've noticed a
really strange __GFP_NOMEMALLOC usage pattern in selinux, especially
GFP_ATOMIC | __GFP_NOMEMALLOC doesn't make much sense to me. GFP_ATOMIC
on its own allows to access memory reserves while the later flag tells
we cannot use memory reserves at all. The primary usecase for
__GFP_NOMEMALLOC is to override a global PF_MEMALLOC should there be a

It all leads to fa1aa143ac4a ("selinux: extended permissions for
ioctls") which doesn't explain this aspect so let me ask. Why is the
flag used at all? Moreover shouldn't GFP_ATOMIC be actually GFP_NOWAIT.
What makes this path important to access memory reserves?

Michal Hocko