summaryrefslogtreecommitdiffstats
path: root/security/selinux/ss/conditional.c
diff options
context:
space:
mode:
authorYuichi Nakamura <ynakam@hitachisoft.jp>2007-08-24 11:55:11 +0900
committerJames Morris <jmorris@namei.org>2007-10-17 08:59:30 +1000
commit3232c110b56bd01c5f0fdfd16b4d695f2e05b0a9 (patch)
treeb369f8dc55e9d27bbd0b8b4b6843c0736d61b005 /security/selinux/ss/conditional.c
parent821f3eff7cdb9d6c7076effabd46c96c322daed1 (diff)
downloadlinux-3232c110b56bd01c5f0fdfd16b4d695f2e05b0a9.tar.gz
linux-3232c110b56bd01c5f0fdfd16b4d695f2e05b0a9.tar.bz2
linux-3232c110b56bd01c5f0fdfd16b4d695f2e05b0a9.zip
SELinux: tune avtab to reduce memory usage
This patch reduces memory usage of SELinux by tuning avtab. Number of hash slots in avtab was 32768. Unused slots used memory when number of rules is fewer. This patch decides number of hash slots dynamically based on number of rules. (chain length)^2 is also printed out in avtab_hash_eval to see standard deviation of avtab hash table. Signed-off-by: Yuichi Nakamura<ynakam@hitachisoft.jp> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/selinux/ss/conditional.c')
-rw-r--r--security/selinux/ss/conditional.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/security/selinux/ss/conditional.c b/security/selinux/ss/conditional.c
index d2737edba541..45b93a827c80 100644
--- a/security/selinux/ss/conditional.c
+++ b/security/selinux/ss/conditional.c
@@ -456,6 +456,10 @@ int cond_read_list(struct policydb *p, void *fp)
len = le32_to_cpu(buf[0]);
+ rc = avtab_alloc(&(p->te_cond_avtab), p->te_avtab.nel);
+ if (rc)
+ goto err;
+
for (i = 0; i < len; i++) {
node = kzalloc(sizeof(struct cond_node), GFP_KERNEL);
if (!node)