From: Ondrej Mosnacek <omosnace@redhat.com>
To: SElinux list <selinux@vger.kernel.org>, Paul Moore <paul@paul-moore.com>
Cc: Stephen Smalley <sds@tycho.nsa.gov>
Subject: Re: [PATCH] selinux: reduce the use of hard-coded hash sizes
Date: Mon, 17 Feb 2020 12:57:22 +0100 [thread overview]
Message-ID: <CAFqZXNsRjE6ka_m13ec8aQh7mmT3oTMP+GpkbQaa0=a_gipsSg@mail.gmail.com> (raw)
In-Reply-To: <20200217114943.67607-1-omosnace@redhat.com>
On Mon, Feb 17, 2020 at 12:49 PM Ondrej Mosnacek <omosnace@redhat.com> wrote:
> Instead allocate hash tables with just the right size based on the
> actual number of elements (which is almost always known beforehand, we
> just need to defer the hashtab allocation to the right time). The only
> case when we don't know the size (with the current policy format) is the
> new filename transitions hashtable. Here I just left the existing value.
>
> After this patch, the time to load Fedora policy on x86_64 decreases
> from 950 ms to 220 ms. If the unconfined module is removed, it decreases
> from 870 ms to 170 ms. It is also likely that other operations are going
> to be faster, mainly string_to_context_struct() or mls_compute_sid(),
> but I didn't try to quantify that.
>
> The memory usage increases a bit after this patch, but only by ~1-2 MB
> (it is hard to measure precisely). I believe it is a small price to pay
> for the increased performance.
>
> Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
> ---
> security/selinux/ss/hashtab.c | 21 ++++++++++++--
> security/selinux/ss/hashtab.h | 2 +-
> security/selinux/ss/policydb.c | 53 +++++++++++++---------------------
> security/selinux/ss/policydb.h | 2 --
> 4 files changed, 40 insertions(+), 38 deletions(-)
Note: This patch applies on top of the filename transition series [1].
[1] https://lore.kernel.org/selinux/20200212112255.105678-1-omosnace@redhat.com/T/
--
Ondrej Mosnacek <omosnace at redhat dot com>
Software Engineer, Security Technologies
Red Hat, Inc.
next prev parent reply other threads:[~2020-02-17 11:57 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-02-17 11:49 [PATCH] selinux: reduce the use of hard-coded hash sizes Ondrej Mosnacek
2020-02-17 11:57 ` Ondrej Mosnacek [this message]
2020-02-18 15:01 ` Stephen Smalley
2020-02-18 15:21 ` Ondrej Mosnacek
2020-02-18 16:18 ` Stephen Smalley
2020-02-18 16:45 ` Stephen Smalley
2020-02-19 9:30 ` Ondrej Mosnacek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAFqZXNsRjE6ka_m13ec8aQh7mmT3oTMP+GpkbQaa0=a_gipsSg@mail.gmail.com' \
--to=omosnace@redhat.com \
--cc=paul@paul-moore.com \
--cc=sds@tycho.nsa.gov \
--cc=selinux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.