[0/3] avtab hotspot optimizations

Message

Jacob Satterfield Sept. 6, 2023, 3:46 p.m. UTC

As the refpolicy and the default Fedora policy continue to grow in
size, especially with regard to rules / access vectors, the memory
usage of the policydb and runtime to search through it increases.
Looking at /proc/slabinfo indicates that the avtab_node_cachep
kmem_cache is significantly responsible for overall memory usage and
was a good target for optimizations. Running "perf record" on the
"load_policy" command shows that a majority of time is spent adding
rules into the avtab.

This patch series is a first attempt at optimizing these hot spots
within the security server implementation to help it scale with 
additional rules in the future.

Patches 1-2 deal specifically with the hashtable implementation within
avtab and how memory is allocated for individual nodes.

Patch 3 is a runtime optimization discovered through profiling the
"load_policy".

Jacob Satterfield (3):
  selinux: use arrays for avtab hashtable nodes
  selinux: shrink conditional avtab node array
  selinux: hweight optimization in avtab_read_item

 security/selinux/ss/avtab.c       | 143 ++++++++++++++++++------------
 security/selinux/ss/avtab.h       |  36 ++++++--
 security/selinux/ss/conditional.c |  57 +++++++-----
 security/selinux/ss/conditional.h |   2 +-
 security/selinux/ss/services.c    |  20 +++--
 5 files changed, 166 insertions(+), 92 deletions(-)