From 50077289804c9bd4e6cfd5b3a10d4da0487f7e42 Mon Sep 17 00:00:00 2001 From: Ondrej Mosnacek Date: Fri, 17 Apr 2020 10:11:56 +0200 Subject: selinux: hash context structure directly Always hashing the string representation is inefficient. Just hash the contents of the structure directly (using jhash). If the context is invalid (str & len are set), then hash the string as before, otherwise hash the structured data. Since the context hashing function is now faster (about 10 times), this patch decreases the overhead of security_transition_sid(), which is called from many hooks. The jhash function seemed as a good choice, since it is used as the default hashing algorithm in rhashtable. Signed-off-by: Ondrej Mosnacek Reviewed-by: Jeff Vander Stoep Tested-by: Jeff Vander Stoep [PM: fixed some spelling errors in the comments pointed out by JVS] Signed-off-by: Paul Moore --- security/selinux/ss/context.h | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'security/selinux/ss/context.h') diff --git a/security/selinux/ss/context.h b/security/selinux/ss/context.h index 3ba044fe02ed..e7ae7e21449b 100644 --- a/security/selinux/ss/context.h +++ b/security/selinux/ss/context.h @@ -196,9 +196,11 @@ static inline int context_cmp(struct context *c1, struct context *c2) mls_context_cmp(c1, c2)); } -static inline unsigned int context_compute_hash(const char *s) +u32 context_compute_hash(const struct context *c); + +static inline void context_add_hash(struct context *context) { - return full_name_hash(NULL, s, strlen(s)); + context->hash = context_compute_hash(context); } #endif /* _SS_CONTEXT_H_ */ -- cgit v1.2.3-59-g8ed1b