aboutsummaryrefslogtreecommitdiffstats
path: root/security/selinux/avc.c
diff options
context:
space:
mode:
authorEric Paris <eparis@redhat.com>2009-01-02 17:40:06 -0500
committerJames Morris <jmorris@namei.org>2009-01-05 03:19:55 -0500
commit76f7ba35d4b5219fcc4cb072134c020ec77d030d (patch)
tree971ec5f913a688d98e9be2a04b0c675adcc4166b /security/selinux/avc.c
parent14eaddc967b16017d4a1a24d2be6c28ecbe06ed8 (diff)
SELinux: shrink sizeof av_inhert selinux_class_perm and context
I started playing with pahole today and decided to put it against the selinux structures. Found we could save a little bit of space on x86_64 (and no harm on i686) just reorganizing some structs. Object size changes: av_inherit: 24 -> 16 selinux_class_perm: 48 -> 40 context: 80 -> 72 Admittedly there aren't many of av_inherit or selinux_class_perm's in the kernel (33 and 1 respectively) But the change to the size of struct context reverberate out a bit. I can get some hard number if they are needed, but I don't see why they would be. We do change which cacheline context->len and context->str would be on, but I don't see that as a problem since we are clearly going to have to load both if the context is to be of any value. I've run with the patch and don't seem to be having any problems. An example of what's going on using struct av_inherit would be: form: to: struct av_inherit { struct av_inherit { u16 tclass; const char **common_pts; const char **common_pts; u32 common_base; u32 common_base; u16 tclass; }; (notice all I did was move u16 tclass to the end of the struct instead of the beginning) Memory layout before the change: struct av_inherit { u16 tclass; /* 2 */ /* 6 bytes hole */ const char** common_pts; /* 8 */ u32 common_base; /* 4 */ /* 4 byes padding */ /* size: 24, cachelines: 1 */ /* sum members: 14, holes: 1, sum holes: 6 */ /* padding: 4 */ }; Memory layout after the change: struct av_inherit { const char ** common_pts; /* 8 */ u32 common_base; /* 4 */ u16 tclass; /* 2 */ /* 2 bytes padding */ /* size: 16, cachelines: 1 */ /* sum members: 14, holes: 0, sum holes: 0 */ /* padding: 2 */ }; Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/selinux/avc.c')
-rw-r--r--security/selinux/avc.c16
1 files changed, 9 insertions, 7 deletions
diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index d43bd6baeeaa..eb41f43e2772 100644
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -53,18 +53,20 @@ static const char *class_to_string[] = {
53#undef S_ 53#undef S_
54 54
55static const struct av_inherit av_inherit[] = { 55static const struct av_inherit av_inherit[] = {
56#define S_(c, i, b) { c, common_##i##_perm_to_string, b }, 56#define S_(c, i, b) { .tclass = c,\
57 .common_pts = common_##i##_perm_to_string,\
58 .common_base = b },
57#include "av_inherit.h" 59#include "av_inherit.h"
58#undef S_ 60#undef S_
59}; 61};
60 62
61const struct selinux_class_perm selinux_class_perm = { 63const struct selinux_class_perm selinux_class_perm = {
62 av_perm_to_string, 64 .av_perm_to_string = av_perm_to_string,
63 ARRAY_SIZE(av_perm_to_string), 65 .av_pts_len = ARRAY_SIZE(av_perm_to_string),
64 class_to_string, 66 .class_to_string = class_to_string,
65 ARRAY_SIZE(class_to_string), 67 .cts_len = ARRAY_SIZE(class_to_string),
66 av_inherit, 68 .av_inherit = av_inherit,
67 ARRAY_SIZE(av_inherit) 69 .av_inherit_len = ARRAY_SIZE(av_inherit)
68}; 70};
69 71
70#define AVC_CACHE_SLOTS 512 72#define AVC_CACHE_SLOTS 512