[PATCH 1/5] SELinux: remove the unused ae.used

Eric Paris <eparis@xxxxxxxxxx> · Thu, 12 Feb 2009 14:50:43 -0500

Currently SELinux code has an atomic which was intended to track how many
times an avc entry was used and to evict entries when they haven't been
used recently.  Instead we never let this atomic get above 1 and evict when
it is first checked for eviction since it hits zero.  This is a total waste
of time so I'm completely dropping ae.used.

This change resulted in about a 3% faster avc_has_perm_noaudit when running
oprofile against a tbench benchmark.

Signed-off-by: Eric Paris <eparis@xxxxxxxxxx>
---

 security/selinux/avc.c |   28 +++++++---------------------
 1 files changed, 7 insertions(+), 21 deletions(-)

diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index 703aba1..abfe378 100644
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -88,7 +88,6 @@ struct avc_entry {
 	u32			tsid;
 	u16			tclass;
 	struct av_decision	avd;
-	atomic_t		used;	/* used recently */
 };
 
 struct avc_node {
@@ -321,16 +320,13 @@ static inline int avc_reclaim_node(void)
 
 		rcu_read_lock();
 		list_for_each_entry(node, &avc_cache.slots[hvalue], list) {
-			if (atomic_dec_and_test(&node->ae.used)) {
-				/* Recently Unused */
-				avc_node_delete(node);
-				avc_cache_stats_incr(reclaims);
-				ecx++;
-				if (ecx >= AVC_CACHE_RECLAIM) {
-					rcu_read_unlock();
-					spin_unlock_irqrestore(&avc_cache.slots_lock[hvalue], flags);
-					goto out;
-				}
+			avc_node_delete(node);
+			avc_cache_stats_incr(reclaims);
+			ecx++;
+			if (ecx >= AVC_CACHE_RECLAIM) {
+				rcu_read_unlock();
+				spin_unlock_irqrestore(&avc_cache.slots_lock[hvalue], flags);
+				goto out;
 			}
 		}
 		rcu_read_unlock();
@@ -350,7 +346,6 @@ static struct avc_node *avc_alloc_node(void)
 
 	INIT_RCU_HEAD(&node->rhead);
 	INIT_LIST_HEAD(&node->list);
-	atomic_set(&node->ae.used, 1);
 	avc_cache_stats_incr(allocations);
 
 	if (atomic_inc_return(&avc_cache.active_nodes) > avc_cache_threshold)
@@ -383,15 +378,6 @@ static inline struct avc_node *avc_search_node(u32 ssid, u32 tsid, u16 tclass)
 		}
 	}
 
-	if (ret == NULL) {
-		/* cache miss */
-		goto out;
-	}
-
-	/* cache hit */
-	if (atomic_read(&ret->ae.used) != 1)
-		atomic_set(&ret->ae.used, 1);
-out:
 	return ret;
 }
 


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.




