diff options
| author |   Christian Göttsche <cgzones@googlemail.com> | 2023-08-18 17:12:16 +0200 |
|---|---|---|
| committer |   Paul Moore <paul@paul-moore.com> | 2023-09-13 13:46:58 -0400 |
| commit | 37b7ea3ca3062f5b7f02c2b335f203e4d411793d (patch) | |
| tree | cb6340ab5b74882ef8c793c43f315bcef2594fa6 /security/selinux/ss/policydb.c | |
| parent | selinux: simplify avtab slot calculation (diff) | |
| download | wireguard-linux-37b7ea3ca3062f5b7f02c2b335f203e4d411793d.tar.xz wireguard-linux-37b7ea3ca3062f5b7f02c2b335f203e4d411793d.zip | |
selinux: improve role transition hashing
The number of buckets is calculated by performing a binary AND against
the mask of the hash table, which is one less than its size (which is a
power of two). This leads to all top bits being discarded, e.g. with
the Reference Policy on Debian there exists 376 entries, leading to a
size of 512, discarding the top 23 bits.
Use jhash to improve the hash table utilization:
# current
roletr: 376 entries and 124/512 buckets used,
longest chain length 8, sum of chain length^2 1496
# patch
roletr: 376 entries and 266/512 buckets used,
longest chain length 4, sum of chain length^2 646
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Reviewed-by: Stephen Smalley <stephen.smalley.work@gmail.com>
[PM: line wrap in the commit description]
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'security/selinux/ss/policydb.c')
| -rw-r--r-- | security/selinux/ss/policydb.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c index d420c6c12f54..595a435ea9c8 100644 --- a/security/selinux/ss/policydb.c +++ b/security/selinux/ss/policydb.c @@ -491,7 +491,7 @@ static u32 role_trans_hash(const void *k) { const struct role_trans_key *key = k; - return key->role + (key->type << 3) + (key->tclass << 5); + return jhash_3words(key->role, key->type, (u32)key->tclass << 16 | key->tclass, 0); } static int role_trans_cmp(const void *k1, const void *k2) |