On Mon, Feb 17, 2020 at 12:49 PM Ondrej Mosnacek <omosnace@xxxxxxxxxx> wrote: > Instead allocate hash tables with just the right size based on the > actual number of elements (which is almost always known beforehand, we > just need to defer the hashtab allocation to the right time). The only > case when we don't know the size (with the current policy format) is the > new filename transitions hashtable. Here I just left the existing value. > > After this patch, the time to load Fedora policy on x86_64 decreases > from 950 ms to 220 ms. If the unconfined module is removed, it decreases > from 870 ms to 170 ms. It is also likely that other operations are going > to be faster, mainly string_to_context_struct() or mls_compute_sid(), > but I didn't try to quantify that. > > The memory usage increases a bit after this patch, but only by ~1-2 MB > (it is hard to measure precisely). I believe it is a small price to pay > for the increased performance. > > Signed-off-by: Ondrej Mosnacek <omosnace@xxxxxxxxxx> > --- > security/selinux/ss/hashtab.c | 21 ++++++++++++-- > security/selinux/ss/hashtab.h | 2 +- > security/selinux/ss/policydb.c | 53 +++++++++++++--------------------- > security/selinux/ss/policydb.h | 2 -- > 4 files changed, 40 insertions(+), 38 deletions(-) Note: This patch applies on top of the filename transition series [1]. [1] https://lore.kernel.org/selinux/20200212112255.105678-1-omosnace@xxxxxxxxxx/T/ -- Ondrej Mosnacek <omosnace at redhat dot com> Software Engineer, Security Technologies Red Hat, Inc.
