diff options
| author | Hongru Zhang <zhanghongru@xiaomi.com> | 2025-10-23 19:30:18 +0800 |
|---|---|---|
| committer | Paul Moore <paul@paul-moore.com> | 2025-10-23 18:24:30 -0400 |
| commit | 20d387d7ceab95aade436c363927b3ab81b0be36 (patch) | |
| tree | 8a2748d4d07b4f97cc328f205de14f0acd82a380 /security/selinux/include | |
| parent | 929126ef4a0e2723622eb3ba11017ca5fecd37d3 (diff) | |
selinux: improve bucket distribution uniformity of avc_hash()
Reuse the already implemented MurmurHash3 algorithm. Under heavy stress
testing (on an 8-core system sustaining over 50,000 authentication events
per second), sample once per second and take the mean of 1800 samples:
1. Bucket utilization rate and length of longest chain
+--------------------------+-----------------------------------------+
| | bucket utilization rate / longest chain |
| +--------------------+--------------------+
| | no-patch | with-patch |
+--------------------------+--------------------+--------------------+
| 512 nodes, 512 buckets | 52.5%/7.5 | 60.2%/5.7 |
+--------------------------+--------------------+--------------------+
| 1024 nodes, 512 buckets | 68.9%/12.1 | 80.2%/9.7 |
+--------------------------+--------------------+--------------------+
| 2048 nodes, 512 buckets | 83.7%/19.4 | 93.4%/16.3 |
+--------------------------+--------------------+--------------------+
| 8192 nodes, 8192 buckets | 49.5%/11.4 | 60.3%/7.4 |
+--------------------------+--------------------+--------------------+
2. avc_search_node latency (total latency of hash operation and table
lookup)
+--------------------------+-----------------------------------------+
| | latency of function avc_search_node |
| +--------------------+--------------------+
| | no-patch | with-patch |
+--------------------------+--------------------+--------------------+
| 512 nodes, 512 buckets | 87ns | 84ns |
+--------------------------+--------------------+--------------------+
| 1024 nodes, 512 buckets | 97ns | 96ns |
+--------------------------+--------------------+--------------------+
| 2048 nodes, 512 buckets | 118ns | 113ns |
+--------------------------+--------------------+--------------------+
| 8192 nodes, 8192 buckets | 106ns | 99ns |
+--------------------------+--------------------+--------------------+
Although MurmurHash3 has higher overhead than the bitwise operations in
the original algorithm, the data shows that the MurmurHash3 achieves
better distribution, reducing average lookup time. Consequently, the
total latency of hashing and table lookup is lower than before.
Signed-off-by: Hongru Zhang <zhanghongru@xiaomi.com>
[PM: whitespace fixes]
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'security/selinux/include')
| -rw-r--r-- | security/selinux/include/hash.h | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/security/selinux/include/hash.h b/security/selinux/include/hash.h index 5b429a873eb6..18956dbef8ff 100644 --- a/security/selinux/include/hash.h +++ b/security/selinux/include/hash.h @@ -3,10 +3,11 @@ #ifndef _SELINUX_HASH_H_ #define _SELINUX_HASH_H_ -/* Based on MurmurHash3, written by Austin Appleby and placed in the +/* + * Based on MurmurHash3, written by Austin Appleby and placed in the * public domain. */ -static inline u32 avtab_hash(const struct avtab_key *keyp, u32 mask) +static inline u32 av_hash(u32 key1, u32 key2, u32 key3, u32 mask) { static const u32 c1 = 0xcc9e2d51; static const u32 c2 = 0x1b873593; @@ -28,9 +29,9 @@ static inline u32 avtab_hash(const struct avtab_key *keyp, u32 mask) hash = hash * m + n; \ } while (0) - mix(keyp->target_class); - mix(keyp->target_type); - mix(keyp->source_type); + mix(key1); + mix(key2); + mix(key3); #undef mix |