netfilter: nft_set_pipapo: prefer kvmalloc for scratch maps

The scratchmap size depends on the number of elements in the set.
For huge sets, each scratch map can easily require very large
allocations, e.g. for 100k entries each scratch map will require
close to 64kbyte of memory.

Signed-off-by: Florian Westphal <fw@strlen.de>
Reviewed-by: Stefano Brivio <sbrivio@redhat.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/net/netfilter/nft_set_pipapo.c b/net/netfilter/nft_set_pipapo.c
index 28e67c4d713258fb20f796a57ab97792c8274600..1a19649c28511a208d91fc6f174cd06bd9202057 100644 (file)
--- a/net/netfilter/nft_set_pipapo.c
+++ b/net/netfilter/nft_set_pipapo.c
@@ -1152,7 +1152,7 @@ static void pipapo_free_scratch(const struct nft_pipapo_match *m, unsigned int c
 
        mem = s;
        mem -= s->align_off;
-       kfree(mem);
+       kvfree(mem);
 }
 
 /**
@@ -1173,10 +1173,9 @@ static int pipapo_realloc_scratch(struct nft_pipapo_match *clone,
                void *scratch_aligned;
                u32 align_off;
 #endif
-               scratch = kzalloc_node(struct_size(scratch, map,
-                                                  bsize_max * 2) +
-                                      NFT_PIPAPO_ALIGN_HEADROOM,
-                                      GFP_KERNEL_ACCOUNT, cpu_to_node(i));
+               scratch = kvzalloc_node(struct_size(scratch, map, bsize_max * 2) +
+                                       NFT_PIPAPO_ALIGN_HEADROOM,
+                                       GFP_KERNEL_ACCOUNT, cpu_to_node(i));
                if (!scratch) {
                        /* On failure, there's no need to undo previous
                         * allocations: this means that some scratch maps have