selinux: improve role transition hashing

cgzones · pcmoore · commit 37b7ea3ca306 · 2023-09-13T13:46:58.000-04:00
The number of buckets is calculated by performing a binary AND against
the mask of the hash table, which is one less than its size (which is a
power of two).  This leads to all top bits being discarded, e.g. with
the Reference Policy on Debian there exists 376 entries, leading to a
size of 512, discarding the top 23 bits.

Use jhash to improve the hash table utilization:

    # current
    roletr:  376 entries and 124/512 buckets used,
             longest chain length 8, sum of chain length^2 1496

    # patch
    roletr:  376 entries and 266/512 buckets used,
             longest chain length 4, sum of chain length^2 646

Signed-off-by: Christian Göttsche &lt;cgzones@googlemail.com&gt;
Reviewed-by: Stephen Smalley &lt;stephen.smalley.work@gmail.com&gt;
[PM: line wrap in the commit description]
Signed-off-by: Paul Moore &lt;paul@paul-moore.com&gt;
diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c
@@ -491,7 +491,7 @@ static u32 role_trans_hash(const void *k)
 {
 	const struct role_trans_key *key = k;
 
-	return key->role + (key->type << 3) + (key->tclass << 5);
+	return jhash_3words(key->role, key->type, (u32)key->tclass << 16 | key->tclass, 0);
 }
 
 static int role_trans_cmp(const void *k1, const void *k2)

Original file line number	Diff line number	Diff line change
`@@ -491,7 +491,7 @@ static u32 role_trans_hash(const void *k)`
`491`	`491`	`{`
`492`	`492`	`const struct role_trans_key *key = k;`
`493`	`493`
`494`		`- return key->role + (key->type << 3) + (key->tclass << 5);`
	`494`	`+ return jhash_3words(key->role, key->type, (u32)key->tclass << 16 \| key->tclass, 0);`
`495`	`495`	`}`
`496`	`496`
`497`	`497`	`static int role_trans_cmp(const void k1, const void k2)`