diff options
author | Yuichi Nakamura <ynakam@hitachisoft.jp> | 2007-08-24 06:55:11 +0400 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2007-10-17 02:59:30 +0400 |
commit | 3232c110b56bd01c5f0fdfd16b4d695f2e05b0a9 (patch) | |
tree | b369f8dc55e9d27bbd0b8b4b6843c0736d61b005 /security/selinux/ss/conditional.c | |
parent | 821f3eff7cdb9d6c7076effabd46c96c322daed1 (diff) | |
download | linux-3232c110b56bd01c5f0fdfd16b4d695f2e05b0a9.tar.xz |
SELinux: tune avtab to reduce memory usage
This patch reduces memory usage of SELinux by tuning avtab. Number of hash
slots in avtab was 32768. Unused slots used memory when number of rules is
fewer. This patch decides number of hash slots dynamically based on number
of rules. (chain length)^2 is also printed out in avtab_hash_eval to see
standard deviation of avtab hash table.
Signed-off-by: Yuichi Nakamura<ynakam@hitachisoft.jp>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/selinux/ss/conditional.c')
-rw-r--r-- | security/selinux/ss/conditional.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/security/selinux/ss/conditional.c b/security/selinux/ss/conditional.c index d2737edba541..45b93a827c80 100644 --- a/security/selinux/ss/conditional.c +++ b/security/selinux/ss/conditional.c @@ -456,6 +456,10 @@ int cond_read_list(struct policydb *p, void *fp) len = le32_to_cpu(buf[0]); + rc = avtab_alloc(&(p->te_cond_avtab), p->te_avtab.nel); + if (rc) + goto err; + for (i = 0; i < len; i++) { node = kzalloc(sizeof(struct cond_node), GFP_KERNEL); if (!node) |