• James Morris's avatar
    [PATCH] Reduce SELinux kernel memory use on 64-bit systems · 7c830b4a
    James Morris authored
    The patch below reduces kernel memory used by SELinux policy rules by about
    37% on 64-bit systems.  This is because the size of struct avtab_node is 40
    bytes on 64-bit, and defaults to a size-64 slab.
    
    Creating a slab cache specifically for these structs saves considerable
    amounts of kernel memory on 64-bit systems with large rulesets.  'Strict'
    policy has over 300k rules, while 'targeted' policy has around 3k rules.
    
    Here's the slabtop output with 64 and 40 byte sized slabs to show the
    memory savings, for strict policy:
    
    303475 303447  99%    0.06K   4975       61     19900K avtab_node 
    303456 303447  99%    0.04K   3161       96     12644K avtab_node
    
    Also, there are 57% more objects per slab.
    Signed-off-by: default avatarJames Morris <jmorris@redhat.com>
    Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
    Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
    7c830b4a
avtab.h 2.79 KB