selinux: store role transitions in a hash table Currently, they are stored in a linked list, which adds significant overhead to security_transition_sid(). On Fedora, with 428 role transitions in policy, converting this list to a hash table cuts down its run time by about 50%. This was measured by running 'stress-ng --msg 1 --msg-ops 100000' under perf with and without this patch. Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com>

commit: e67b2ec9f6171895e774f6543626913960e019df [log] [tgz]
author: Ondrej Mosnacek <omosnace@redhat.com> Tue Apr 07 20:28:58 2020 +0200
committer: Paul Moore <paul@paul-moore.com> Fri Apr 17 15:20:22 2020 -0400
tree: e1520bce539fd62639ab310c6c9385522b48c73f
parent: 433e3aa37773e8a36858b9417c3e345eff79a079 [diff] [blame]
diff --git a/security/selinux/ss/policydb.h b/security/selinux/ss/policydb.h
index 72e2932..d3adb52 100644
--- a/security/selinux/ss/policydb.h
+++ b/security/selinux/ss/policydb.h

@@ -81,12 +81,14 @@ struct role_datum {
 	struct ebitmap types;		/* set of authorized types for role */
 };
 
-struct role_trans {
+struct role_trans_key {
 	u32 role;		/* current role */
 	u32 type;		/* program executable type, or new object type */
 	u32 tclass;		/* process class, or new object class */
+};
+
+struct role_trans_datum {
 	u32 new_role;		/* new role */
-	struct role_trans *next;
 };
 
 struct filename_trans_key {
@@ -261,7 +263,7 @@ struct policydb {
 	struct avtab te_avtab;
 
 	/* role transitions */
-	struct role_trans *role_tr;
+	struct hashtab *role_tr;
 
 	/* file transitions with the last path component */
 	/* quickly exclude lookups when parent ttype has no rules */
commit	e67b2ec9f6171895e774f6543626913960e019df	[log] [tgz]
author	Ondrej Mosnacek <omosnace@redhat.com>	Tue Apr 07 20:28:58 2020 +0200
committer	Paul Moore <paul@paul-moore.com>	Fri Apr 17 15:20:22 2020 -0400
tree	e1520bce539fd62639ab310c6c9385522b48c73f
parent	433e3aa37773e8a36858b9417c3e345eff79a079 [diff] [blame]