hash.h - OpenGrok history log for /linux/security/selinux/include/hash.h

Revision (<<< Hide revision tags) (Show revision tags >>>)	Date	Author	Comments
# 51e3b98d	03-Dec-2025	Linus Torvalds <torvalds@linux-foundation.org>	Merge tag 'selinux-pr-20251201' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux Pull selinux updates from Paul Moore: - Improve the granularity of SELinux labeling for memfd files Merge tag 'selinux-pr-20251201' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux Pull selinux updates from Paul Moore: - Improve the granularity of SELinux labeling for memfd files Currently when creating a memfd file, SELinux treats it the same as any other tmpfs, or hugetlbfs, file. While simple, the drawback is that it is not possible to differentiate between memfd and tmpfs files. This adds a call to the security_inode_init_security_anon() LSM hook and wires up SELinux to provide a set of memfd specific access controls, including the ability to control the execution of memfds. As usual, the commit message has more information. - Improve the SELinux AVC lookup performance Adopt MurmurHash3 for the SELinux AVC hash function instead of the custom hash function currently used. MurmurHash3 is already used for the SELinux access vector table so the impact to the code is minimal, and performance tests have shown improvements in both hash distribution and latency. See the commit message for the performance measurments. - Introduce a Kconfig option for the SELinux AVC bucket/slot size While we have the ability to grow the number of AVC hash buckets today, the size of the buckets (slot size) is fixed at 512. This pull request makes that slot size configurable at build time through a new Kconfig knob, CONFIG_SECURITY_SELINUX_AVC_HASH_BITS. * tag 'selinux-pr-20251201' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux: selinux: improve bucket distribution uniformity of avc_hash() selinux: Move avtab_hash() to a shared location for future reuse selinux: Introduce a new config to make avc cache slot size adjustable memfd,selinux: call security_inode_init_security_anon() show more ...
Revision tags: v6.18, v6.18-rc7, v6.18-rc6, v6.18-rc5, v6.18-rc4, v6.18-rc3
# 20d387d7	23-Oct-2025	Hongru Zhang <zhanghongru@xiaomi.com>	selinux: improve bucket distribution uniformity of avc_hash() Reuse the already implemented MurmurHash3 algorithm. Under heavy stress testing (on an 8-core system sustaining over 50,000 authenticati selinux: improve bucket distribution uniformity of avc_hash() Reuse the already implemented MurmurHash3 algorithm. Under heavy stress testing (on an 8-core system sustaining over 50,000 authentication events per second), sample once per second and take the mean of 1800 samples: 1. Bucket utilization rate and length of longest chain +--------------------------+-----------------------------------------+ \| \| bucket utilization rate / longest chain \| \| +--------------------+--------------------+ \| \| no-patch \| with-patch \| +--------------------------+--------------------+--------------------+ \| 512 nodes, 512 buckets \| 52.5%/7.5 \| 60.2%/5.7 \| +--------------------------+--------------------+--------------------+ \| 1024 nodes, 512 buckets \| 68.9%/12.1 \| 80.2%/9.7 \| +--------------------------+--------------------+--------------------+ \| 2048 nodes, 512 buckets \| 83.7%/19.4 \| 93.4%/16.3 \| +--------------------------+--------------------+--------------------+ \| 8192 nodes, 8192 buckets \| 49.5%/11.4 \| 60.3%/7.4 \| +--------------------------+--------------------+--------------------+ 2. avc_search_node latency (total latency of hash operation and table lookup) +--------------------------+-----------------------------------------+ \| \| latency of function avc_search_node \| \| +--------------------+--------------------+ \| \| no-patch \| with-patch \| +--------------------------+--------------------+--------------------+ \| 512 nodes, 512 buckets \| 87ns \| 84ns \| +--------------------------+--------------------+--------------------+ \| 1024 nodes, 512 buckets \| 97ns \| 96ns \| +--------------------------+--------------------+--------------------+ \| 2048 nodes, 512 buckets \| 118ns \| 113ns \| +--------------------------+--------------------+--------------------+ \| 8192 nodes, 8192 buckets \| 106ns \| 99ns \| +--------------------------+--------------------+--------------------+ Although MurmurHash3 has higher overhead than the bitwise operations in the original algorithm, the data shows that the MurmurHash3 achieves better distribution, reducing average lookup time. Consequently, the total latency of hashing and table lookup is lower than before. Signed-off-by: Hongru Zhang <zhanghongru@xiaomi.com> [PM: whitespace fixes] Signed-off-by: Paul Moore <paul@paul-moore.com> show more ...
# 929126ef	23-Oct-2025	Hongru Zhang <zhanghongru@xiaomi.com>	selinux: Move avtab_hash() to a shared location for future reuse This is a preparation patch, no functional change. Signed-off-by: Hongru Zhang <zhanghongru@xiaomi.com> Signed-off-by: Paul Moore <p selinux: Move avtab_hash() to a shared location for future reuse This is a preparation patch, no functional change. Signed-off-by: Hongru Zhang <zhanghongru@xiaomi.com> Signed-off-by: Paul Moore <paul@paul-moore.com> show more ...