On Fri, Apr 17, 2020 at 4:12 AM Ondrej Mosnacek <omosnace@xxxxxxxxxx> wrote: > > Always hashing the string representation is inefficient. Just hash the > contents of the structure directly (using jhash). If the context is > invalid (str & len are set), then hash the string as before, otherwise > hash the structured data. > > Since the context hashing function is now faster (about 10 times), this > patch decreases the overhead of security_transition_sid(), which is > called from many hooks. > > The jhash function seemed as a good choice, since it is used as the > default hashing algorithm in rhashtable. > > Signed-off-by: Ondrej Mosnacek <omosnace@xxxxxxxxxx> > --- > security/selinux/Makefile | 2 +- > security/selinux/ss/context.c | 32 +++++++++++++++++++++++++++++++ > security/selinux/ss/context.h | 6 ++++-- > security/selinux/ss/ebitmap.c | 14 ++++++++++++++ > security/selinux/ss/ebitmap.h | 1 + > security/selinux/ss/mls.h | 11 +++++++++++ > security/selinux/ss/policydb.c | 7 ++----- > security/selinux/ss/services.c | 35 ++++------------------------------ > security/selinux/ss/services.h | 3 --- > 9 files changed, 69 insertions(+), 42 deletions(-) > create mode 100644 security/selinux/ss/context.c Merged into selinux/next, with the spelling correction ;) -- paul moore www.paul-moore.com
