From: Jacob Satterfield <jsatterfield.linux@gmail.com>
To: selinux@vger.kernel.org
Cc: Jacob Satterfield <jsatterfield.linux@gmail.com>,
stephen.smalley.work@gmail.com, paul@paul-moore.com,
omosnace@redhat.com
Subject: [PATCH 3/3] selinux: hweight optimization in avtab_read_item
Date: Wed, 6 Sep 2023 15:46:06 +0000 [thread overview]
Message-ID: <20230906154611.31762-4-jsatterfield.linux@gmail.com> (raw)
In-Reply-To: <20230906154611.31762-1-jsatterfield.linux@gmail.com>
avtab_read_item() is a hot function called when reading each rule in a
binary policydb. With the current Fedora policy and refpolicy, this
function is called nearly 100,000 times per policy load.
A single avtab node is only permitted to have a single specifier to
describe the data it holds. As such, a check is performed to make sure
only one specifier is set. Previously this was done via a for-loop.
However, there is already an optimal function for finding the number of
bits set (hamming weight) and on some architectures, dedicated
instructions (popcount) which can be executed much more efficiently.
Even when using -mcpu=generic on a x86-64 Fedora 38 VM, this commit
results in a modest 2-4% speedup for policy loading due to a substantial
reduction in the number of instructions executed.
Signed-off-by: Jacob Satterfield <jsatterfield.linux@gmail.com>
---
security/selinux/ss/avtab.c | 7 ++-----
1 file changed, 2 insertions(+), 5 deletions(-)
diff --git a/security/selinux/ss/avtab.c b/security/selinux/ss/avtab.c
index b7a11f417f0a..b0e455fb395c 100644
--- a/security/selinux/ss/avtab.c
+++ b/security/selinux/ss/avtab.c
@@ -17,6 +17,7 @@
* Tuned number of hash slots for avtab to reduce memory usage
*/
+#include <linux/bitops.h>
#include <linux/kernel.h>
#include <linux/slab.h>
#include <linux/errno.h>
@@ -516,11 +517,7 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol,
return -EINVAL;
}
- set = 0;
- for (i = 0; i < ARRAY_SIZE(spec_order); i++) {
- if (key.specified & spec_order[i])
- set++;
- }
+ set = hweight16(key.specified & (AVTAB_XPERMS | AVTAB_TYPE | AVTAB_AV));
if (!set || set > 1) {
pr_err("SELinux: avtab: more than one specifier\n");
return -EINVAL;
--
2.41.0
next prev parent reply other threads:[~2023-09-06 15:47 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-06 15:46 [PATCH 0/3] avtab hotspot optimizations Jacob Satterfield
2023-09-06 15:46 ` [PATCH 1/3] selinux: use arrays for avtab hashtable nodes Jacob Satterfield
2023-09-06 17:16 ` Stephen Smalley
2023-09-13 3:23 ` Paul Moore
2023-09-14 21:57 ` Jacob Satterfield
2023-09-15 1:10 ` Paul Moore
2023-09-18 0:12 ` Jacob Satterfield
2023-09-06 15:46 ` [PATCH 2/3] selinux: shrink conditional avtab node array Jacob Satterfield
2023-09-06 17:17 ` Stephen Smalley
2023-09-06 15:46 ` Jacob Satterfield [this message]
2023-09-06 17:18 ` [PATCH 3/3] selinux: hweight optimization in avtab_read_item Stephen Smalley
2023-09-13 17:54 ` Paul Moore
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230906154611.31762-4-jsatterfield.linux@gmail.com \
--to=jsatterfield.linux@gmail.com \
--cc=omosnace@redhat.com \
--cc=paul@paul-moore.com \
--cc=selinux@vger.kernel.org \
--cc=stephen.smalley.work@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.