From: Stephen Smalley <sds@tycho.nsa.gov>
To: Waiman Long <Waiman.Long@hp.com>
Cc: James Morris <james.l.morris@oracle.com>,
Eric Paris <eparis@parisplace.org>,
linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org, "Chandramouleeswaran,
Aswin" <aswin@hp.com>, "Norton, Scott J" <scott.norton@hp.com>
Subject: Re: [PATCH v2 1/2] SELinux: reduce overhead of mls_level_isvalid() function call
Date: Fri, 07 Jun 2013 14:09:53 -0400 [thread overview]
Message-ID: <51B221F1.7090504@tycho.nsa.gov> (raw)
In-Reply-To: <1370466902-21144-1-git-send-email-Waiman.Long@hp.com>
On 06/05/2013 05:15 PM, Waiman Long wrote:
> diff --git a/security/selinux/ss/ebitmap.c b/security/selinux/ss/ebitmap.c
> index 30f119b..100b3e6 100644
> --- a/security/selinux/ss/ebitmap.c
> +++ b/security/selinux/ss/ebitmap.c
> @@ -213,7 +213,12 @@ netlbl_import_failure:
> }
> #endif /* CONFIG_NETLABEL */
>
> -int ebitmap_contains(struct ebitmap *e1, struct ebitmap *e2)
> +/*
> + * Check to see if all the bits set in e2 are also set in e1. Optionally,
> + * if last_e2bit is non-zero, the highest set bit in e2 cannot exceed
> + * last_e2bit.
> + */
> +int ebitmap_contains(struct ebitmap *e1, struct ebitmap *e2, u32 last_e2bit)
> {
> struct ebitmap_node *n1, *n2;
> int i;
> @@ -223,6 +228,33 @@ int ebitmap_contains(struct ebitmap *e1, struct ebitmap *e2)
>
> n1 = e1->node;
> n2 = e2->node;
> + if (last_e2bit) {
> + while (n1 && n2 && (n1->startbit <= n2->startbit)) {
> + int lastsetbit = -1;
> +
> + if (n1->startbit < n2->startbit) {
> + n1 = n1->next;
> + continue;
> + }
> + for (i = EBITMAP_UNIT_NUMS - 1; i >= 0; i--) {
> + if (!n2->maps[i])
> + continue;
> + if ((n1->maps[i] & n2->maps[i]) != n2->maps[i])
> + return 0;
> + if (lastsetbit < 0)
> + lastsetbit = n2->startbit +
> + i * EBITMAP_UNIT_SIZE +
> + __fls(n2->maps[i]);
> + }
> + if ((lastsetbit >= 0) && (lastsetbit > last_e2bit))
> + return 0;
> +
> + n1 = n1->next;
> + n2 = n2->next;
> + }
> + goto done;
> + }
> +
Can't you unify this logic with the nearly identical logic below?
> while (n1 && n2 && (n1->startbit <= n2->startbit)) {
> if (n1->startbit < n2->startbit) {
> n1 = n1->next;
> @@ -237,6 +269,7 @@ int ebitmap_contains(struct ebitmap *e1, struct ebitmap *e2)
> n2 = n2->next;
> }
>
> +done:
> if (n2)
> return 0;
>
next prev parent reply other threads:[~2013-06-07 18:10 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-06-05 21:15 [PATCH v2 1/2] SELinux: reduce overhead of mls_level_isvalid() function call Waiman Long
2013-06-05 21:15 ` [PATCH v2 2/2] SELinux: Increase ebitmap_node size for 64-bit configuration Waiman Long
2013-07-10 18:33 ` Stephen Smalley
2013-07-10 19:59 ` Paul Moore
2013-07-10 19:59 ` Paul Moore
2013-06-07 18:09 ` Stephen Smalley [this message]
2013-06-07 19:50 ` [PATCH v2 1/2] SELinux: reduce overhead of mls_level_isvalid() function call Waiman Long
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=51B221F1.7090504@tycho.nsa.gov \
--to=sds@tycho.nsa.gov \
--cc=Waiman.Long@hp.com \
--cc=aswin@hp.com \
--cc=eparis@parisplace.org \
--cc=james.l.morris@oracle.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=scott.norton@hp.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.