| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 09 Apr 2013 10:52:17 -0400 From: Paul Moore <pmoore@...hat.com> To: Eric Dumazet <eric.dumazet@...il.com> Cc: Casey Schaufler <casey@...aufler-ca.com>, David Miller <davem@...emloft.net>, netdev@...r.kernel.org, mvadkert@...hat.com, selinux@...ho.nsa.gov, linux-security-module@...r.kernel.org Subject: Re: [PATCH] tcp: assign the sock correctly to an outgoing SYNACK packet On Tuesday, April 09, 2013 07:31:04 AM Eric Dumazet wrote: > On Tue, 2013-04-09 at 10:19 -0400, Paul Moore wrote: > > On Tuesday, April 09, 2013 07:00:22 AM Eric Dumazet wrote: > > > On Tue, 2013-04-09 at 09:19 -0400, Paul Moore wrote: > > > > As Casey already mentioned, if this isn't acceptable please help me > > > > understand why. > > > > > > You see something which is not the reality. If you do such analysis, > > > better do it properly, because any change you are going to submit will > > > be doubly checked by people who really care. > > > > I am attempting to do it properly, I simply made a mistake. Ben also > > pointed it out. As you wrote yesterday, "Lets go forward". > > > > After fixing the BITS_PER_LONG problem I looked at it again and it appears > > that by simply replacing the "secmark" field with a blob we retain the > > size of the sk_buff as well as the cacheline positions of all the fields, > > e.g. dma_cookie no longer moves cachelines. Thoughts? > > If you take a look at recent history of changes on sk_buff, you can see > we added very recently fields for encapsulation support. These were > absolutely wanted for modern operations at datacenter level. > > This effort might still need new room, so I prefer not filling sk_buff > right now. Has anyone proposed any additional encapsulation patches which need additional fields in the sk_buff? Are you aware of any additional encapsulation patches which are in progress? When would you consider it "safe"? > Take a look at the cloned sk_buff. We need an extra atomic_t at the end, > so if make sk_buff bigger than 0xf8 bytes, fclone_cache will use an > extra cache line as well. Not a big deal, but RPC workloads like netperf > -t TCP_RR will probably show a regression. > > ls -l /sys/kernel/slab/skbuff_fclone_cache Perhaps I'm misunderstanding, but these comments above only apply if we were to increase the size of the sk_buff struct, yes? What I proposed, replacing "secmark" with a blob, does not currently change the size of the sk_buff struct so the performance and memory usage should remain unchanged as well. -- paul moore security and virtualization @ redhat -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists