Re: [PATCH v4 3/3] selinux: improve bucket distribution uniformity of avc_hash()

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Paul Moore <paul@paul-moore.com>
To: Hongru Zhang <zhanghongru06@gmail.com>,
	stephen.smalley.work@gmail.com, omosnace@redhat.com
Cc: linux-kernel@vger.kernel.org, selinux@vger.kernel.org,
	zhanghongru@xiaomi.com
Subject: Re: [PATCH v4 3/3] selinux: improve bucket distribution uniformity of  avc_hash()
Date: Thu, 23 Oct 2025 18:24:27 -0400	[thread overview]
Message-ID: <5fa2cff3acf5ae62cb76f157fb36b7a8@paul-moore.com> (raw)
In-Reply-To: <4bf4246da1ad44670093e006bffd3c9e07f089ea.1761217900.git.zhanghongru@xiaomi.com>

On Oct 23, 2025 Hongru Zhang <zhanghongru06@gmail.com> wrote:
> 
> Reuse the already implemented MurmurHash3 algorithm. Under heavy stress
> testing (on an 8-core system sustaining over 50,000 authentication events
> per second), sample once per second and take the mean of 1800 samples:
> 
> 1. Bucket utilization rate and length of longest chain
> +--------------------------+-----------------------------------------+
> |                          | bucket utilization rate / longest chain |
> |                          +--------------------+--------------------+
> |                          |      no-patch      |     with-patch     |
> +--------------------------+--------------------+--------------------+
> |  512 nodes,  512 buckets |      52.5%/7.5     |     60.2%/5.7      |
> +--------------------------+--------------------+--------------------+
> | 1024 nodes,  512 buckets |      68.9%/12.1    |     80.2%/9.7      |
> +--------------------------+--------------------+--------------------+
> | 2048 nodes,  512 buckets |      83.7%/19.4    |     93.4%/16.3     |
> +--------------------------+--------------------+--------------------+
> | 8192 nodes, 8192 buckets |      49.5%/11.4    |     60.3%/7.4      |
> +--------------------------+--------------------+--------------------+
> 
> 2. avc_search_node latency (total latency of hash operation and table
> lookup)
> +--------------------------+-----------------------------------------+
> |                          |   latency of function avc_search_node   |
> |                          +--------------------+--------------------+
> |                          |      no-patch      |     with-patch     |
> +--------------------------+--------------------+--------------------+
> |  512 nodes,  512 buckets |        87ns        |        84ns        |
> +--------------------------+--------------------+--------------------+
> | 1024 nodes,  512 buckets |        97ns        |        96ns        |
> +--------------------------+--------------------+--------------------+
> | 2048 nodes,  512 buckets |       118ns        |       113ns        |
> +--------------------------+--------------------+--------------------+
> | 8192 nodes, 8192 buckets |       106ns        |        99ns        |
> +--------------------------+--------------------+--------------------+
> 
> Although MurmurHash3 has higher overhead than the bitwise operations in
> the original algorithm, the data shows that the MurmurHash3 achieves
> better distribution, reducing average lookup time. Consequently, the
> total latency of hashing and table lookup is lower than before.
> 
> Signed-off-by: Hongru Zhang <zhanghongru@xiaomi.com>
> ---
>  security/selinux/avc.c          |  3 ++-
>  security/selinux/include/hash.h | 11 ++++++-----
>  security/selinux/ss/avtab.c     |  6 ++++++
>  3 files changed, 14 insertions(+), 6 deletions(-)

Merged into selinux/dev, thanks!

--
paul-moore.com

     prev parent reply	other threads:[~2025-10-23 22:24 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-10-23 11:27 [PATCH v4 0/3] selinux: speed up avc_search_node() with large number of avc nodes Hongru Zhang
2025-10-23 11:29 ` [PATCH v4 1/3] selinux: Introduce a new config to make avc cache slot size adjustable Hongru Zhang
2025-10-23 22:24   ` Paul Moore
2025-10-23 11:29 ` [PATCH v4 2/3] selinux: Move avtab_hash() to a shared location for future reuse Hongru Zhang
2025-10-23 22:24   ` Paul Moore
2025-10-23 11:30 ` [PATCH v4 3/3] selinux: improve bucket distribution uniformity of avc_hash() Hongru Zhang
2025-10-23 22:24   ` Paul Moore [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=5fa2cff3acf5ae62cb76f157fb36b7a8@paul-moore.com \
    --to=paul@paul-moore.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=omosnace@redhat.com \
    --cc=selinux@vger.kernel.org \
    --cc=stephen.smalley.work@gmail.com \
    --cc=zhanghongru06@gmail.com \
    --cc=zhanghongru@xiaomi.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.