Received: by 2002:a25:1506:0:0:0:0:0 with SMTP id 6csp5968307ybv;
        Wed, 12 Feb 2020 03:40:51 -0800 (PST)
X-Google-Smtp-Source: APXvYqwGVwSXKPRxeEU/aKRAurEXsoBq7lZyzAc2xD8QB7Vz0eeWdwApVZ55KDVu9Q3cKNn72skz
X-Received: by 2002:aca:dd05:: with SMTP id u5mr5947824oig.91.1581507651047;
        Wed, 12 Feb 2020 03:40:51 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1581507651; cv=none;
        d=google.com; s=arc-20160816;
        b=GJnEdTdTacMQWSexvBsAwBBTzVX18CGvedZg0xopqApzaVFP1un6AVNzzGHOPTL5x5
         +As9w5BrEW7tXnclmfD4q4vO13Rg5Qi0/OkAn67UEtybNeFSw6GUckLBW9Pi6dL0Bsxn
         fGR9jQ7k+AE3eb7O427WSE8jB16vDum8vIaeeE1Sdd+h6bpmAiLyyBWlyHZrCuSEJw1Y
         wZys5O7jnimGC/2DkYGlIceWws7rnabDLZeGV1dNRFvsQDIDypfgNfmaxt2iILjtXuvX
         HhAjRSH1KYxOz1swd3JYh0W1X7u2Jzu9gGbv3Z+YNWafU0iBmd3Xi8cj9aki6h1KnCuW
         5+4A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:dkim-signature;
        bh=FfAXyeidMWXjbA4H6fILpgXDELOT1ZKn0WXC3ILBGCI=;
        b=h1DL+3aLLZsTzI1nVvoh9xLahTur7oEEPxpofSNwhJn8HLRjbq/FOS6uSGt9JrvntC
         /nRJBsiifevtEJ4b4I15xtQ0AwaPAXCDegkBIIvneFK3BGNzfxZgcNb/bvHCNmfElC3A
         ugnU1UxaW7TnDa8THhPc5AsoDlf+EWuTvty35H1AyIF87wHT/lMeCrNOrRgmyLdYj/uR
         jGVK8T57q/PTcPdLh6bk9O3uh90cVGUYOm0374PbEN1sx8bERsCzUr+jSzCA5X/0eke7
         Zp7yVjM6ySWGHkopYIPP0yJrPpA27DU+l6jbhjHoQ3xc6tCsY5UQyEwPjV9IZorfojsx
         k0PA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=ROy4OD1T;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id y23si77355oti.65.2020.02.12.03.40.38;
        Wed, 12 Feb 2020 03:40:51 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=ROy4OD1T;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727361AbgBLLka (ORCPT <rfc822;kkoh.linux@gmail.com>
        + 99 others); Wed, 12 Feb 2020 06:40:30 -0500
Received: from us-smtp-delivery-1.mimecast.com ([205.139.110.120]:44117 "EHLO
        us-smtp-1.mimecast.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org
        with ESMTP id S1726351AbgBLLka (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 12 Feb 2020 06:40:30 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
        s=mimecast20190719; t=1581507628;
        h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
         to:to:cc:cc:mime-version:mime-version:content-type:content-type:
         in-reply-to:in-reply-to:references:references;
        bh=FfAXyeidMWXjbA4H6fILpgXDELOT1ZKn0WXC3ILBGCI=;
        b=ROy4OD1TVdf4Vs/55xD6IbH0TSWiTJtEH0pSYNo8MoaEfEMp6g5jZH0vh4Vveu+j4QMdT4
        rfkzDPSP29ng9wMqDqlJgdzkqE/FhkWq3pd3pD0DNEKNTevyCShi8DfseeXbLSFqFIwIuX
        nbDkUij2h54niePmuitpwv9poWW9Hag=
Received: from mail-ot1-f71.google.com (mail-ot1-f71.google.com
 [209.85.210.71]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-24-fhmtvf6xPCWDDJ1x69FbVQ-1; Wed, 12 Feb 2020 06:40:22 -0500
X-MC-Unique: fhmtvf6xPCWDDJ1x69FbVQ-1
Received: by mail-ot1-f71.google.com with SMTP id t10so1029878otc.9
        for <linux-kernel@vger.kernel.org>; Wed, 12 Feb 2020 03:40:22 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=FfAXyeidMWXjbA4H6fILpgXDELOT1ZKn0WXC3ILBGCI=;
        b=VFt/feO04b6VW1abM998iOUOZ2X4RE7S2MOr3WjGPLwnL4MPgp+b56rYlg5Fhfgyau
         Ad4+RRyngIkL2RIhX/PkCIk89tQ8Pp6ejrVDElU4DUMEJ67/PTOJhrRtLdzkVMS9BzXo
         AJ5UEV2tLq6F5kj5RP9mkc4buOylRhcWTTZJEvMr26QyU65JBdIJfVUxWU1JU8IEMZgk
         jraWhZYYqT+SAWKxqnuxaY3kWdsFycea952pDCX0q82CopMQaDMfJW25M/QLChLf2+Ch
         qAx41VKmje9R/RZn6uuA12BAnrf9IUXsBNYXcw7l4jKP7y72MAgBZ76LgkMSP+E9XdPI
         I4zg==
X-Gm-Message-State: APjAAAXoaoUbtUxvilc55s8juEkqhn6eDIcZXkuHzqBIEq3lHPLrF0gb
        Jy/U04o2GrsJSs/kw70i3ahgw1xqNKRUTUvNuymzm6VIwmnYkJlrsxETGWYViduf0/fujymxw76
        uPdVLrvKx+kG9puBxt/sEUBB9B3A/oh0Ic/61lDDF
X-Received: by 2002:a9d:7ccc:: with SMTP id r12mr9308335otn.22.1581507621551;
        Wed, 12 Feb 2020 03:40:21 -0800 (PST)
X-Received: by 2002:a9d:7ccc:: with SMTP id r12mr9308318otn.22.1581507621291;
 Wed, 12 Feb 2020 03:40:21 -0800 (PST)
MIME-Version: 1.0
References: <20200116213937.77795-1-dev@lynxeye.de>
In-Reply-To: <20200116213937.77795-1-dev@lynxeye.de>
From:   Ondrej Mosnacek <omosnace@redhat.com>
Date:   Wed, 12 Feb 2020 12:40:07 +0100
Message-ID: <CAFqZXNsfq+JbTtEZtk-2NO8ciGLFy+n3hNP6HX9hTDOdCit5hA@mail.gmail.com>
Subject: Re: [PATCH RFC] selinux: policydb - convert filename trans hash to rhashtable
To:     Lucas Stach <dev@lynxeye.de>
Cc:     Paul Moore <paul@paul-moore.com>,
        Stephen Smalley <sds@tycho.nsa.gov>,
        Eric Paris <eparis@parisplace.org>,
        SElinux list <selinux@vger.kernel.org>,
        Linux kernel mailing list <linux-kernel@vger.kernel.org>,
        Richard Haines <richard_c_haines@btinternet.com>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Hi Lucas,

On Thu, Jan 16, 2020 at 10:48 PM Lucas Stach <dev@lynxeye.de> wrote:
> The current hash is too small for current usages in, e.g. the Fedora standard
> policy. On file creates a considerable amount of CPU time is spent walking the
> the hash chains. Increasing the number of hash buckets somewhat mitigates the
> issue, but doesn't completely get rid of the long hash chains.
>
> This patch does take the bit more invasive route by converting the filename
> trans hash to a rhashtable to allow this hash to scale with load.
>
> fs_mark create benchmark on a SSD device, no ramdisk:
> Count          Size       Files/sec     App Overhead
> before:
> 10000          512        512.3           147715
> after:
> 10000          512        572.3            75141
>
> filenametr_cmp(), which was the topmost function in the CPU cycle trace before
> at ~5% of the overall CPU time, is now down in the noise.
>
> Signed-off-by: Lucas Stach <dev@lynxeye.de>
> ---
>  security/selinux/ss/policydb.c | 140 +++++++++++++++++++++++----------
>  security/selinux/ss/policydb.h |  14 ++--
>  security/selinux/ss/services.c |  31 +-------
>  3 files changed, 109 insertions(+), 76 deletions(-)
>

FYI, I posted a related patch series [1] that should have a similar
effect on the file create performance, plus it also reduces memory
taken up by the file transition rules. It would be great if you could
test it vs. your (fixed) patch to see if it works for you.

Thanks!

[1] https://lore.kernel.org/selinux/20200212112255.105678-1-omosnace@redhat.com/T/

-- 
Ondrej Mosnacek <omosnace at redhat dot com>
Software Engineer, Security Technologies
Red Hat, Inc.