On Thu, Jul 9, 2020 at 3:20 PM Ondrej Mosnacek <omosnace@xxxxxxxxxx> wrote: > > Move (most of) the definitions of hashtab_search() and hashtab_insert() > to the header file. In combination with the previous patch, this avoids > calling the callbacks indirectly by function pointers and allows for > better optimization, leading to a drastic performance improvement of > these operations. > > With this patch, I measured a speed up in the following areas (measured > on x86_64 F32 VM with 4 CPUs): > 1. Policy load (`load_policy`) - takes ~150 ms instead of ~230 ms. > 2. `chcon -R unconfined_u:object_r:user_tmp_t:s0:c381,c519 /tmp/linux-src` > where /tmp/linux-src is an extracted linux-5.7 source tarball - > takes ~522 ms instead of ~576 ms. This is because of many > symtab_search() calls in string_to_context_struct() when there are > many categories specified in the context. > 3. `stress-ng --msg 1 --msg-ops 10000000` - takes 12.41 s instead of > 13.95 s (consumes 18.6 s of kernel CPU time instead of 21.6 s). > This is thanks to security_transition_sid() being ~43% faster after > this patch. > > Signed-off-by: Ondrej Mosnacek <omosnace@xxxxxxxxxx> > Acked-by: Stephen Smalley <stephen.smalley.work@xxxxxxxxx> > --- > security/selinux/ss/hashtab.c | 59 +++----------------------------- > security/selinux/ss/hashtab.h | 63 ++++++++++++++++++++++++++++++++--- > 2 files changed, 63 insertions(+), 59 deletions(-) Patches 1/2 and 2/2 merged into selinux/next. -- paul moore www.paul-moore.com
