fix: uniqMcs use all cpu

Signed-off-by: ningmingxiao <[email protected]>

Author: ningmingxiao

go-selinux/selinux_linux.go

@@ -39,13 +39,15 @@ const (
 
 type selinuxState struct {
 	mcsList       map[string]bool
+	cond          *sync.Cond
 	selinuxfs     string
+	maxMCSCount   int
 	selinuxfsOnce sync.Once
-	enabledSet    bool
-	enabled       bool
+	mu            sync.Mutex
 	sync.Mutex
+	enabledSet bool
+	enabled    bool
 }
-
 type level struct {
 	cats *big.Int
 	sens int
@@ -937,11 +939,18 @@ func mcsAdd(mcs string) error {
 		return nil
 	}
 	state.Lock()
-	defer state.Unlock()
+	state.mu.Lock()
+	if len(state.mcsList) >= state.maxMCSCount {
+		state.Unlock()
+		state.cond.Wait()
+	}
+	state.mu.Unlock()
 	if state.mcsList[mcs] {
+		state.Unlock()
 		return ErrMCSAlreadyExists
 	}
 	state.mcsList[mcs] = true
+	state.Unlock()
 	return nil
 }
 
@@ -952,6 +961,9 @@ func mcsDelete(mcs string) {
 	state.Lock()
 	defer state.Unlock()
 	state.mcsList[mcs] = false
+	state.mu.Lock()
+	state.cond.Signal()
+	state.mu.Unlock()
 }
 
 func intToMcs(id int, catRange uint32) string {
@@ -980,7 +992,6 @@ func uniqMcs(catRange uint32) string {
 		c1, c2 uint32
 		mcs    string
 	)
-
 	for {
 		_ = binary.Read(rand.Reader, binary.LittleEndian, &n)
 		c1 = n % catRange
@@ -991,6 +1002,14 @@ func uniqMcs(catRange uint32) string {
 		} else if c1 > c2 {
 			c1, c2 = c2, c1
 		}
+		state.Lock()
+		if state.maxMCSCount == 0 {
+			state.maxMCSCount = int(catRange * (catRange - 1) / 2)
+		}
+		if state.cond == nil {
+			state.cond = sync.NewCond(&state.mu)
+		}
+		state.Unlock()
 		mcs = fmt.Sprintf("s0:c%d,c%d", c1, c2)
 		if err := mcsAdd(mcs); err != nil {
 			continue