[apparmor] [PATCH v2] APPARMOR: add sid to profile mapping and sidrecycling

[Seth Arnold]

Please forgive the rubbish blackberry quoting.

+
+/* find the first zero bit in the sid_bitmap array */
+spin_lock(&aa_sid_hash_table->lock);
+for (i = 0; i < AA_SID_BITMAP_SIZE; i++) {
+for (j = 0; j < 32; j++) {
+if (!(sid_bitmap[i] & (1 << j))) {
+/* convert offset to sid */
+sid = i * 32 + j;
+goto alloc_ok;
+}
+}
+}
+spin_unlock(&aa_sid_hash_table->lock);

This could be 32768 bit comparisons performed under spinlock (unlikely, perhaps, but that is the size of the datastructures...). At the least a check for sid_bitmap[I]!=0xFFFFFFFF should be placed in the outer for loop, but that could still leave 1024 word comparisons under spinlock, which feels expensive to me.

Thanks