forked from Minki/linux
5007728980
Always hashing the string representation is inefficient. Just hash the contents of the structure directly (using jhash). If the context is invalid (str & len are set), then hash the string as before, otherwise hash the structured data. Since the context hashing function is now faster (about 10 times), this patch decreases the overhead of security_transition_sid(), which is called from many hooks. The jhash function seemed as a good choice, since it is used as the default hashing algorithm in rhashtable. Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> Reviewed-by: Jeff Vander Stoep <jeffv@google.com> Tested-by: Jeff Vander Stoep <jeffv@google.com> [PM: fixed some spelling errors in the comments pointed out by JVS] Signed-off-by: Paul Moore <paul@paul-moore.com>
33 lines
862 B
C
33 lines
862 B
C
// SPDX-License-Identifier: GPL-2.0
|
|
/*
|
|
* Implementations of the security context functions.
|
|
*
|
|
* Author: Ondrej Mosnacek <omosnacek@gmail.com>
|
|
* Copyright (C) 2020 Red Hat, Inc.
|
|
*/
|
|
|
|
#include <linux/jhash.h>
|
|
|
|
#include "context.h"
|
|
#include "mls.h"
|
|
|
|
u32 context_compute_hash(const struct context *c)
|
|
{
|
|
u32 hash = 0;
|
|
|
|
/*
|
|
* If a context is invalid, it will always be represented by a
|
|
* context struct with only the len & str set (and vice versa)
|
|
* under a given policy. Since context structs from different
|
|
* policies should never meet, it is safe to hash valid and
|
|
* invalid contexts differently. The context_cmp() function
|
|
* already operates under the same assumption.
|
|
*/
|
|
if (c->len)
|
|
return full_name_hash(NULL, c->str, c->len);
|
|
|
|
hash = jhash_3words(c->user, c->role, c->type, hash);
|
|
hash = mls_range_hash(&c->range, hash);
|
|
return hash;
|
|
}
|