On Wed, Sep 6, 2023 at 11:47 AM Jacob Satterfield <jsatterfield.linux@xxxxxxxxx> wrote: > > avtab_read_item() is a hot function called when reading each rule in a > binary policydb. With the current Fedora policy and refpolicy, this > function is called nearly 100,000 times per policy load. > > A single avtab node is only permitted to have a single specifier to > describe the data it holds. As such, a check is performed to make sure > only one specifier is set. Previously this was done via a for-loop. > However, there is already an optimal function for finding the number of > bits set (hamming weight) and on some architectures, dedicated > instructions (popcount) which can be executed much more efficiently. > > Even when using -mcpu=generic on a x86-64 Fedora 38 VM, this commit > results in a modest 2-4% speedup for policy loading due to a substantial > reduction in the number of instructions executed. > > Signed-off-by: Jacob Satterfield <jsatterfield.linux@xxxxxxxxx> Reviewed-by: Stephen Smalley <stephen.smalley.work@xxxxxxxxx> > --- > security/selinux/ss/avtab.c | 7 ++----- > 1 file changed, 2 insertions(+), 5 deletions(-)