Sorry if this top-posts or something, sent from my phone while waiting around in the airport...
We investigated fiddling with the default hash table sizes and were able to improve throughput rather dramatically (~50%, vs the 80% from this patch). Matt may remember better, but I believe the problem was significant memory overhead.
Specifically, each module (and I believe the base policy is also treated as a "module") gets its own set of 8 hash tables. Unfortunately the module complexity varies rather wildly... as a result you either spend eons iterating over mostly empty hash tables in each module or you spend eons doing strcmp while performing lookups.
I'm just going from memory, of course, but that was our first course of action and it had some noticable downsides.
Cheers,
Kyle Moffett
On Jul 18, 2010 5:39 PM, "Joe Nall" <joe@xxxxxxxx> wrote:Am I interpreting the code correctly, that a hashtable with with 512 buckets is used to lookup types?
On Jul 18, 2010, at 4:11 PM, Kyle Moffett wrote:
> Hmm, it looks like this email never made it to ...
On my development machine:
seinfo -t | wc -l
WARNING: This policy contained disabled aliases; they have been removed.
4820
Average bucket depth of 9.4 seems kind of high. Is there any harm in raising the #buckets while this patch is discussed on the list?
joe
> --
>
> Cheers,
> Kyle Moffett
>
> On Fri, Jul 16, 2010 at 17:50, Matthew Robertson
> <Matthew.L.Rob...
> This message was distributed to subscribers of the selinux mailing list.
> If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
> the words "unsubscribe selinux" without quotes as the message.
