linux/security/selinux/include
Eric Paris 76f7ba35d4 SELinux: shrink sizeof av_inhert selinux_class_perm and context
I started playing with pahole today and decided to put it against the
selinux structures.  Found we could save a little bit of space on x86_64
(and no harm on i686) just reorganizing some structs.

Object size changes:
av_inherit: 24 -> 16
selinux_class_perm: 48 -> 40
context: 80 -> 72

Admittedly there aren't many of av_inherit or selinux_class_perm's in
the kernel (33 and 1 respectively) But the change to the size of struct
context reverberate out a bit.  I can get some hard number if they are
needed, but I don't see why they would be.  We do change which cacheline
context->len and context->str would be on, but I don't see that as a
problem since we are clearly going to have to load both if the context
is to be of any value.  I've run with the patch and don't seem to be
having any problems.

An example of what's going on using struct av_inherit would be:

form: to:
struct av_inherit {			struct av_inherit {
	u16 tclass;				const char **common_pts;
	const char **common_pts;		u32 common_base;
	u32 common_base;			u16 tclass;
};

(notice all I did was move u16 tclass to the end of the struct instead
of the beginning)

Memory layout before the change:
struct av_inherit {
	u16 tclass; /* 2 */
	/* 6 bytes hole */
	const char** common_pts; /* 8 */
	u32 common_base; /* 4 */
	/* 4 byes padding */

	/* size: 24, cachelines: 1 */
	/* sum members: 14, holes: 1, sum holes: 6 */
	/* padding: 4 */
};

Memory layout after the change:
struct av_inherit {
	const char ** common_pts; /* 8 */
	u32 common_base; /* 4 */
	u16 tclass; /* 2 */
	/* 2 bytes padding */

	/* size: 16, cachelines: 1 */
	/* sum members: 14, holes: 0, sum holes: 0 */
	/* padding: 2 */
};

Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
2009-01-05 19:19:55 +11:00
..
audit.h SELinux: keep the code clean formating and syntax 2008-07-14 15:01:36 +10:00
av_inherit.h [SELinux]: Add support for DCCP 2006-12-02 21:22:24 -08:00
av_perm_to_string.h CRED: Add a kernel_service object class to SELinux 2008-11-14 10:39:27 +11:00
av_permissions.h CRED: Add a kernel_service object class to SELinux 2008-11-14 10:39:27 +11:00
avc_ss.h SELinux: shrink sizeof av_inhert selinux_class_perm and context 2009-01-05 19:19:55 +11:00
avc.h SELinux: add boundary support and thread context assignment 2008-08-29 00:33:33 +10:00
class_to_string.h CRED: Add a kernel_service object class to SELinux 2008-11-14 10:39:27 +11:00
common_perm_to_string.h
conditional.h
flask.h CRED: Add a kernel_service object class to SELinux 2008-11-14 10:39:27 +11:00
initial_sid_to_string.h
netif.h SELinux: Convert the netif code to use ifindex values 2008-01-30 08:17:21 +11:00
netlabel.h selinux: Cache NetLabel secattrs in the socket's security struct 2008-10-10 10:16:33 -04:00
netnode.h SELinux: Add a network node caching mechanism similar to the sel_netif_*() functions 2008-01-30 08:17:23 +11:00
netport.h SELinux: add netport.[ch] 2008-04-18 20:26:17 +10:00
objsec.h CRED: Make execve() take advantage of copy-on-write credentials 2008-11-14 10:39:24 +11:00
security.h SELinux: add boundary support and thread context assignment 2008-08-29 00:33:33 +10:00
xfrm.h LSM: Make the Labeled IPsec hooks more stack friendly 2008-04-12 19:07:52 -07:00