diff options
| author | Yuichi Nakamura <ynakam@hitachisoft.jp> | 2007-08-23 22:55:11 -0400 |
|---|---|---|
| committer | James Morris <jmorris@namei.org> | 2007-10-16 18:59:30 -0400 |
| commit | 3232c110b56bd01c5f0fdfd16b4d695f2e05b0a9 (patch) | |
| tree | b369f8dc55e9d27bbd0b8b4b6843c0736d61b005 /security/selinux/ss/avtab.h | |
| parent | 821f3eff7cdb9d6c7076effabd46c96c322daed1 (diff) | |
SELinux: tune avtab to reduce memory usage
This patch reduces memory usage of SELinux by tuning avtab. Number of hash
slots in avtab was 32768. Unused slots used memory when number of rules is
fewer. This patch decides number of hash slots dynamically based on number
of rules. (chain length)^2 is also printed out in avtab_hash_eval to see
standard deviation of avtab hash table.
Signed-off-by: Yuichi Nakamura<ynakam@hitachisoft.jp>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/selinux/ss/avtab.h')
| -rw-r--r-- | security/selinux/ss/avtab.h | 16 |
1 files changed, 11 insertions, 5 deletions
diff --git a/security/selinux/ss/avtab.h b/security/selinux/ss/avtab.h index 0a90d939af93..d8edf8ca56d1 100644 --- a/security/selinux/ss/avtab.h +++ b/security/selinux/ss/avtab.h | |||
| @@ -16,6 +16,9 @@ | |||
| 16 | * This program is free software; you can redistribute it and/or modify | 16 | * This program is free software; you can redistribute it and/or modify |
| 17 | * it under the terms of the GNU General Public License as published by | 17 | * it under the terms of the GNU General Public License as published by |
| 18 | * the Free Software Foundation, version 2. | 18 | * the Free Software Foundation, version 2. |
| 19 | * | ||
| 20 | * Updated: Yuichi Nakamura <ynakam@hitachisoft.jp> | ||
| 21 | * Tuned number of hash slots for avtab to reduce memory usage | ||
| 19 | */ | 22 | */ |
| 20 | #ifndef _SS_AVTAB_H_ | 23 | #ifndef _SS_AVTAB_H_ |
| 21 | #define _SS_AVTAB_H_ | 24 | #define _SS_AVTAB_H_ |
| @@ -50,9 +53,13 @@ struct avtab_node { | |||
| 50 | struct avtab { | 53 | struct avtab { |
| 51 | struct avtab_node **htable; | 54 | struct avtab_node **htable; |
| 52 | u32 nel; /* number of elements */ | 55 | u32 nel; /* number of elements */ |
| 56 | u32 nslot; /* number of hash slots */ | ||
| 57 | u16 mask; /* mask to compute hash func */ | ||
| 58 | |||
| 53 | }; | 59 | }; |
| 54 | 60 | ||
| 55 | int avtab_init(struct avtab *); | 61 | int avtab_init(struct avtab *); |
| 62 | int avtab_alloc(struct avtab *, u32); | ||
| 56 | struct avtab_datum *avtab_search(struct avtab *h, struct avtab_key *k); | 63 | struct avtab_datum *avtab_search(struct avtab *h, struct avtab_key *k); |
| 57 | void avtab_destroy(struct avtab *h); | 64 | void avtab_destroy(struct avtab *h); |
| 58 | void avtab_hash_eval(struct avtab *h, char *tag); | 65 | void avtab_hash_eval(struct avtab *h, char *tag); |
| @@ -74,11 +81,10 @@ struct avtab_node *avtab_search_node_next(struct avtab_node *node, int specified | |||
| 74 | void avtab_cache_init(void); | 81 | void avtab_cache_init(void); |
| 75 | void avtab_cache_destroy(void); | 82 | void avtab_cache_destroy(void); |
| 76 | 83 | ||
| 77 | #define AVTAB_HASH_BITS 15 | 84 | #define MAX_AVTAB_HASH_BITS 13 |
| 78 | #define AVTAB_HASH_BUCKETS (1 << AVTAB_HASH_BITS) | 85 | #define MAX_AVTAB_HASH_BUCKETS (1 << MAX_AVTAB_HASH_BITS) |
| 79 | #define AVTAB_HASH_MASK (AVTAB_HASH_BUCKETS-1) | 86 | #define MAX_AVTAB_HASH_MASK (MAX_AVTAB_HASH_BUCKETS-1) |
| 80 | 87 | #define MAX_AVTAB_SIZE MAX_AVTAB_HASH_BUCKETS | |
| 81 | #define AVTAB_SIZE AVTAB_HASH_BUCKETS | ||
| 82 | 88 | ||
| 83 | #endif /* _SS_AVTAB_H_ */ | 89 | #endif /* _SS_AVTAB_H_ */ |
| 84 | 90 | ||