From: Siarhei Liakh <siarhei.liakh@concurrent-rt.com>
To: Paul Moore <paul@paul-moore.com>
Cc: selinux@vger.kernel.org, colin.king@canonical.com,
Eric Paris <eparis@parisplace.org>,
gregkh@linuxfoundation.org, jeffv@google.com,
omosnace@redhat.com,
Stephen Smalley <stephen.smalley.work@gmail.com>,
tglx@linutronix.de
Subject: Re: [PATCH 1/2] SELinux: Add median to debug output of hash table stats
Date: Tue, 2 Jun 2020 16:42:15 -0400 [thread overview]
Message-ID: <20200602204214.GA29793@concurrent-rt.com> (raw)
In-Reply-To: <CAHC9VhRuYa2nA18tnQCwfAUW+whce1a84W802GKk135ztoN8Cw@mail.gmail.com>
The 05/13/2020 17:55, Paul Moore wrote:
> On Wed, Apr 29, 2020 at 4:29 PM <siarhei.liakh@concurrent-rt.com> wrote:
> >
> > From: Siarhei Liakh <siarhei.liakh@concurrent-rt.com>
> >
> > This change introduces a median() function which is then used to report
> > 25th, 50th, and 75th percentile metrics within distributions of hash table
> > bucket chain lengths. This allows to better assess and compare relative
> > effectiveness of different hash functions. Specifically, it allows to
> > ensure new functions not only reduce the maximum, but also improve (or, at
> > least, have no negative impact) on the median.
[ . . . ]
> > diff --git a/security/selinux/Kconfig b/security/selinux/Kconfig
> > index 9e921fc72538..57c427e019c9 100644
> > --- a/security/selinux/Kconfig
> > +++ b/security/selinux/Kconfig
> > @@ -115,3 +115,13 @@ config SECURITY_SELINUX_SID2STR_CACHE_SIZE
> > conversion. Setting this option to 0 disables the cache completely.
> >
> > If unsure, keep the default value.
> > +
> > +config SECURITY_SELINUX_DEBUG_HASHES
> > + bool "Print additional information about hash tables"
> > + depends on SECURITY_SELINUX
> > + default n
> > + help
> > + This option allows to gather and display additional information about
> > + some of the key hash tables within SELinux.
> > +
> > + If unsure, keep the default value.
>
> I forgot to mention this earlier, but I think this is another case
> where we don't need to add another Kconfig option.
Right. What is your preferred way to control conditional inclusion of
code spread out across several files?
My issue is that there already are two different symbols which require
coordination to activate this functionality: DEBUG_HASHES defined and used
locally within policydb.c and simple DEBUG which is needed for pr_debug()
statements throughout the code.
Personally, I prefer something global and controlled from a single well-known
place, hence the Kconfig. However, I also see your point about reducing
Kconfig... But if not Kconfig, then what? Should I just create an additional
.h file with all SELinux-specific debug symbols and have it included
everywhere in SELinux?
How would you approach this?
Thank you.
--
Siarhei Liakh
Concurrent Real-Time
next prev parent reply other threads:[~2020-06-02 20:42 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-29 20:29 [PATCH 0/2] SELinux: Improve hashing siarhei.liakh
2020-04-29 20:29 ` [PATCH 1/2] SELinux: Add median to debug output of hash table stats siarhei.liakh
2020-05-13 21:55 ` Paul Moore
2020-06-02 20:42 ` Siarhei Liakh [this message]
2020-06-06 13:05 ` Paul Moore
2020-04-29 20:29 ` [PATCH 2/2] SELinux: Introduce hash3() as alternative to shift-xor siarhei.liakh
2020-05-05 21:18 ` Paul Moore
2020-05-06 21:42 ` Siarhei Liakh
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200602204214.GA29793@concurrent-rt.com \
--to=siarhei.liakh@concurrent-rt.com \
--cc=colin.king@canonical.com \
--cc=eparis@parisplace.org \
--cc=gregkh@linuxfoundation.org \
--cc=jeffv@google.com \
--cc=omosnace@redhat.com \
--cc=paul@paul-moore.com \
--cc=selinux@vger.kernel.org \
--cc=stephen.smalley.work@gmail.com \
--cc=tglx@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.