linux/security/selinux/ss
Eric Paris 73ff5fc0a8 selinux: cache sidtab_context_to_sid results
sidtab_context_to_sid takes up a large share of time when creating large
numbers of new inodes (~30-40% in oprofile runs).  This patch implements a
cache of 3 entries which is checked before we do a full context_to_sid lookup.
On one system this showed over a x3 improvement in the number of inodes that
could be created per second and around a 20% improvement on another system.

Any time we look up the same context string sucessivly (imagine ls -lZ) we
should hit this cache hot.  A cache miss should have a relatively minor affect
on performance next to doing the full table search.

All operations on the cache are done COMPLETELY lockless.  We know that all
struct sidtab_node objects created will never be deleted until a new policy is
loaded thus we never have to worry about a pointer being dereferenced.  Since
we also know that pointer assignment is atomic we know that the cache will
always have valid pointers.  Given this information we implement a FIFO cache
in an array of 3 pointers.  Every result (whether a cache hit or table lookup)
will be places in the 0 spot of the cache and the rest of the entries moved
down one spot.  The 3rd entry will be lost.

Races are possible and are even likely to happen.  Lets assume that 4 tasks
are hitting sidtab_context_to_sid.  The first task checks against the first
entry in the cache and it is a miss.  Now lets assume a second task updates
the cache with a new entry.  This will push the first entry back to the second
spot.  Now the first task might check against the second entry (which it
already checked) and will miss again.  Now say some third task updates the
cache and push the second entry to the third spot.  The first task my check
the third entry (for the third time!) and again have a miss.  At which point
it will just do a full table lookup.  No big deal!

Signed-off-by: Eric Paris <eparis@redhat.com>
2010-12-07 16:44:01 -05:00
..
avtab.c SELinux: allow userspace to read policy back out of the kernel 2010-10-21 10:12:58 +11:00
avtab.h SELinux: allow userspace to read policy back out of the kernel 2010-10-21 10:12:58 +11:00
conditional.c selinux: convert part of the sym_val_to_name array to use flex_array 2010-11-30 17:28:58 -05:00
conditional.h SELinux: allow userspace to read policy back out of the kernel 2010-10-21 10:12:58 +11:00
constraint.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
context.h selinux: allow MLS->non-MLS and vice versa upon policy reload 2010-02-04 09:06:36 +11:00
ebitmap.c SELinux: allow userspace to read policy back out of the kernel 2010-10-21 10:12:58 +11:00
ebitmap.h SELinux: allow userspace to read policy back out of the kernel 2010-10-21 10:12:58 +11:00
hashtab.c selinux: Unify for- and while-loop style 2008-08-15 08:40:47 +10:00
hashtab.h SELinux: hashtab.h whitespace, syntax, and other cleanups 2008-04-28 09:29:04 +10:00
mls.c selinux: convert part of the sym_val_to_name array to use flex_array 2010-11-30 17:28:58 -05:00
mls.h selinux: allow MLS->non-MLS and vice versa upon policy reload 2010-02-04 09:06:36 +11:00
mls_types.h selinux: allow MLS->non-MLS and vice versa upon policy reload 2010-02-04 09:06:36 +11:00
policydb.c SELinux: merge policydb_index_classes and policydb_index_others 2010-11-30 17:28:58 -05:00
policydb.h selinux: convert part of the sym_val_to_name array to use flex_array 2010-11-30 17:28:58 -05:00
services.c selinux: convert part of the sym_val_to_name array to use flex_array 2010-11-30 17:28:58 -05:00
services.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
sidtab.c selinux: cache sidtab_context_to_sid results 2010-12-07 16:44:01 -05:00
sidtab.h selinux: cache sidtab_context_to_sid results 2010-12-07 16:44:01 -05:00
status.c selinux: fix up style problem on /selinux/status 2010-10-21 10:12:41 +11:00
symtab.c selinux: fix error codes in symtab_init() 2010-08-02 15:35:04 +10:00
symtab.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00