From: Ondrej Mosnacek <omosnace@redhat.com>
To: Jeffrey Vander Stoep <jeffv@google.com>
Cc: SElinux list <selinux@vger.kernel.org>,
Paul Moore <paul@paul-moore.com>,
Stephen Smalley <sds@tycho.nsa.gov>
Subject: Re: [PATCH v2 1/2] selinux: hash context structure directly
Date: Thu, 16 Apr 2020 17:15:28 +0200 [thread overview]
Message-ID: <CAFqZXNuHNNXXZy+E2WbB7dWGDc0GmL7tHFMT7cfhfKymoEyi9Q@mail.gmail.com> (raw)
In-Reply-To: <CABXk95BhDRd2nDHR4e7Nj3xtF+1RJ-K7jE4N12ciLjZBLywSbQ@mail.gmail.com>
On Thu, Apr 16, 2020 at 4:22 PM Jeffrey Vander Stoep <jeffv@google.com> wrote:
> Thanks for fixing this!
>
> On Thu, Apr 16, 2020 at 2:41 PM Ondrej Mosnacek <omosnace@redhat.com> wrote:
> >
> > Always hashing the string representation is inefficient. Just hash the
> > contents of the structure directly (using jhash). If the context is
> > invalid (str & len are set), then hash the string as before, otherwise
> > hash the structured data. Any context that is valid under the given
> > policy should always be structured, and also any context that is invalid
> > should be never structured, so the hashes should always match for the
> > same context. The fact that context_cmp() also follows this logic
> > further reinforces this assumption.
> >
> > Since the context hashing function is now faster (about 10 times), this
> > patch decreases the overhead of security_transition_sid(), which is
> > called from many hooks.
> >
> > The jhash function seemed as a good choice, since it is used as the
> > default hashing algorithm in rhashtable.
> >
> > Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
> > ---
> > security/selinux/Makefile | 2 +-
> > security/selinux/ss/context.c | 24 +++++++++++++++++++++++
> > security/selinux/ss/context.h | 6 ++++--
> > security/selinux/ss/ebitmap.c | 14 ++++++++++++++
> > security/selinux/ss/ebitmap.h | 1 +
> > security/selinux/ss/mls.h | 11 +++++++++++
> > security/selinux/ss/policydb.c | 7 ++-----
> > security/selinux/ss/services.c | 35 ++++------------------------------
> > security/selinux/ss/services.h | 3 ---
> > 9 files changed, 61 insertions(+), 42 deletions(-)
> > create mode 100644 security/selinux/ss/context.c
> >
> > diff --git a/security/selinux/Makefile b/security/selinux/Makefile
> > index 0c77ede1cc11..4d8e0e8adf0b 100644
> > --- a/security/selinux/Makefile
> > +++ b/security/selinux/Makefile
> > @@ -8,7 +8,7 @@ obj-$(CONFIG_SECURITY_SELINUX) := selinux.o
> > selinux-y := avc.o hooks.o selinuxfs.o netlink.o nlmsgtab.o netif.o \
> > netnode.o netport.o status.o \
> > ss/ebitmap.o ss/hashtab.o ss/symtab.o ss/sidtab.o ss/avtab.o \
> > - ss/policydb.o ss/services.o ss/conditional.o ss/mls.o
> > + ss/policydb.o ss/services.o ss/conditional.o ss/mls.o ss/context.o
> >
> > selinux-$(CONFIG_SECURITY_NETWORK_XFRM) += xfrm.o
> >
> > diff --git a/security/selinux/ss/context.c b/security/selinux/ss/context.c
> > new file mode 100644
> > index 000000000000..cc0895dc7b0f
> > --- /dev/null
> > +++ b/security/selinux/ss/context.c
> > @@ -0,0 +1,24 @@
> > +// SPDX-License-Identifier: GPL-2.0
> > +/*
> > + * Implementations of the security context functions.
> > + *
> > + * Author: Ondrej Mosnacek <omosnacek@gmail.com>
> > + * Copyright (C) 2018 Red Hat, Inc.
> > + */
> > +
> > +#include <linux/jhash.h>
> > +
> > +#include "context.h"
> > +#include "mls.h"
> > +
> > +u32 context_compute_hash(const struct context *c)
> > +{
> > + u32 hash = 0;
> > +
>
> You describe why this is safe in the commit message.
> Could that same explanation be a comment here?
> Otherwise it's not clear when reading the code why
> this is safe.
I assume you mean the fact that valid and invalid contexts are hashed
differently? In that case, yes I agree it deserves a comment.
> > + if (c->len)
> > + return full_name_hash(NULL, c->str, c->len);
> > +
> > + hash = jhash_3words(c->user, c->role, c->type, hash);
> > + hash = mls_range_hash(&c->range, hash);
> > + return hash;
> > +}
--
Ondrej Mosnacek <omosnace at redhat dot com>
Software Engineer, Security Technologies
Red Hat, Inc.
next prev parent reply other threads:[~2020-04-16 15:15 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-16 12:41 [PATCH v2 0/2] Hash context structures directly Ondrej Mosnacek
2020-04-16 12:41 ` [PATCH v2 1/2] selinux: hash context structure directly Ondrej Mosnacek
2020-04-16 14:21 ` Jeffrey Vander Stoep
2020-04-16 15:15 ` Ondrej Mosnacek [this message]
2020-04-16 20:26 ` Ondrej Mosnacek
2020-04-16 12:41 ` [PATCH v2 2/2] selinux: move context hashing under sidtab Ondrej Mosnacek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAFqZXNuHNNXXZy+E2WbB7dWGDc0GmL7tHFMT7cfhfKymoEyi9Q@mail.gmail.com \
--to=omosnace@redhat.com \
--cc=jeffv@google.com \
--cc=paul@paul-moore.com \
--cc=sds@tycho.nsa.gov \
--cc=selinux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).