lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <ZFy0QjGpUCOfaSxA@corigine.com>
Date:   Thu, 11 May 2023 11:24:18 +0200
From:   Simon Horman <simon.horman@...igine.com>
To:     Christophe JAILLET <christophe.jaillet@...adoo.fr>
Cc:     Pablo Neira Ayuso <pablo@...filter.org>,
        Jozsef Kadlecsik <kadlec@...filter.org>,
        Florian Westphal <fw@...len.de>,
        "David S. Miller" <davem@...emloft.net>,
        Eric Dumazet <edumazet@...gle.com>,
        Jakub Kicinski <kuba@...nel.org>,
        Paolo Abeni <pabeni@...hat.com>, linux-kernel@...r.kernel.org,
        kernel-janitors@...r.kernel.org, netfilter-devel@...r.kernel.org,
        coreteam@...filter.org, netdev@...r.kernel.org
Subject: Re: [PATCH net-next] netfilter: Reorder fields in 'struct
 nf_conntrack_expect'

On Mon, May 08, 2023 at 06:53:14PM +0200, Christophe JAILLET wrote:
> Group some variables based on their sizes to reduce holes.
> On x86_64, this shrinks the size of 'struct nf_conntrack_expect' from 264
> to 256 bytes.
> 
> This structure deserve a dedicated cache, so reducing its size looks nice.
> 
> Signed-off-by: Christophe JAILLET <christophe.jaillet@...adoo.fr>

Thanks, this much nicer to me.

I slightly concerned that there may be implications for
fields that were on the same cacheline now being on different cachelines.
But only very slightly.

Reviewed-by: Simon Horman <simon.horman@...igine.com>

> ---
> Using pahole
> 
> Before:
> ======
> struct nf_conntrack_expect {
> 	struct hlist_node          lnode;                /*     0    16 */
> 	struct hlist_node          hnode;                /*    16    16 */
> 	struct nf_conntrack_tuple  tuple;                /*    32    40 */
> 	/* --- cacheline 1 boundary (64 bytes) was 8 bytes ago --- */
> 	struct nf_conntrack_tuple_mask mask;             /*    72    20 */
> 
> 	/* XXX 4 bytes hole, try to pack */
> 
> 	void                       (*expectfn)(struct nf_conn *, struct nf_conntrack_expect *); /*    96     8 */
> 	struct nf_conntrack_helper * helper;             /*   104     8 */
> 	struct nf_conn *           master;               /*   112     8 */
> 	struct timer_list          timeout;              /*   120    88 */
> 	/* --- cacheline 3 boundary (192 bytes) was 16 bytes ago --- */
> 	refcount_t                 use;                  /*   208     4 */
> 	unsigned int               flags;                /*   212     4 */
> 	unsigned int               class;                /*   216     4 */
> 	union nf_inet_addr         saved_addr;           /*   220    16 */
> 	union nf_conntrack_man_proto saved_proto;        /*   236     2 */
> 
> 	/* XXX 2 bytes hole, try to pack */
> 
> 	enum ip_conntrack_dir      dir;                  /*   240     4 */
> 
> 	/* XXX 4 bytes hole, try to pack */
> 
> 	struct callback_head       rcu __attribute__((__aligned__(8))); /*   248    16 */
> 
> 	/* size: 264, cachelines: 5, members: 15 */
> 	/* sum members: 254, holes: 3, sum holes: 10 */
> 	/* forced alignments: 1, forced holes: 1, sum forced holes: 4 */
> 	/* last cacheline: 8 bytes */
> } __attribute__((__aligned__(8)));
> 
> 
> After:
> =====
> struct nf_conntrack_expect {
> 	struct hlist_node          lnode;                /*     0    16 */
> 	struct hlist_node          hnode;                /*    16    16 */
> 	struct nf_conntrack_tuple  tuple;                /*    32    40 */
> 	/* --- cacheline 1 boundary (64 bytes) was 8 bytes ago --- */
> 	struct nf_conntrack_tuple_mask mask;             /*    72    20 */
> 	refcount_t                 use;                  /*    92     4 */
> 	unsigned int               flags;                /*    96     4 */
> 	unsigned int               class;                /*   100     4 */
> 	void                       (*expectfn)(struct nf_conn *, struct nf_conntrack_expect *); /*   104     8 */
> 	struct nf_conntrack_helper * helper;             /*   112     8 */
> 	struct nf_conn *           master;               /*   120     8 */
> 	/* --- cacheline 2 boundary (128 bytes) --- */
> 	struct timer_list          timeout;              /*   128    88 */
> 	/* --- cacheline 3 boundary (192 bytes) was 24 bytes ago --- */
> 	union nf_inet_addr         saved_addr;           /*   216    16 */
> 	union nf_conntrack_man_proto saved_proto;        /*   232     2 */
> 
> 	/* XXX 2 bytes hole, try to pack */
> 
> 	enum ip_conntrack_dir      dir;                  /*   236     4 */
> 	struct callback_head       rcu __attribute__((__aligned__(8))); /*   240    16 */
> 
> 	/* size: 256, cachelines: 4, members: 15 */
> 	/* sum members: 254, holes: 1, sum holes: 2 */
> 	/* forced alignments: 1 */
> } __attribute__((__aligned__(8)));
> ---
>  include/net/netfilter/nf_conntrack_expect.h | 18 +++++++++---------
>  1 file changed, 9 insertions(+), 9 deletions(-)
> 
> diff --git a/include/net/netfilter/nf_conntrack_expect.h b/include/net/netfilter/nf_conntrack_expect.h
> index 0855b60fba17..cf0d81be5a96 100644
> --- a/include/net/netfilter/nf_conntrack_expect.h
> +++ b/include/net/netfilter/nf_conntrack_expect.h
> @@ -26,6 +26,15 @@ struct nf_conntrack_expect {
>  	struct nf_conntrack_tuple tuple;
>  	struct nf_conntrack_tuple_mask mask;
>  
> +	/* Usage count. */
> +	refcount_t use;
> +
> +	/* Flags */
> +	unsigned int flags;
> +
> +	/* Expectation class */
> +	unsigned int class;
> +
>  	/* Function to call after setup and insertion */
>  	void (*expectfn)(struct nf_conn *new,
>  			 struct nf_conntrack_expect *this);
> @@ -39,15 +48,6 @@ struct nf_conntrack_expect {
>  	/* Timer function; deletes the expectation. */
>  	struct timer_list timeout;
>  
> -	/* Usage count. */
> -	refcount_t use;
> -
> -	/* Flags */
> -	unsigned int flags;
> -
> -	/* Expectation class */
> -	unsigned int class;
> -
>  #if IS_ENABLED(CONFIG_NF_NAT)
>  	union nf_inet_addr saved_addr;
>  	/* This is the original per-proto part, used to map the
> -- 
> 2.34.1
> 
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ