lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 15 Oct 2007 16:28:44 +0200
From:	Patrick McHardy <kaber@...sh.net>
To:	hadi@...erus.ca
CC:	Herbert Xu <herbert@...dor.apana.org.au>,
	David Miller <davem@...emloft.net>, netdev@...r.kernel.org,
	kuznet@....inr.ac.ru
Subject: Re: [PATCH 5/10] [NET]: Avoid unnecessary cloning for ingress	filtering

jamal wrote:
> Also, iirc this started as a netfilter optimization thing starting with
> tail-calls - can someone (Patrick?) clue me how it helps in that
> optimization aspect? 


Most NF_HOOK invocations look like this:

return NF_HOOK(....);

NF_HOOK does (did):

({int __ret; \
if ((__ret=nf_hook_thresh(pf, hook, &(skb), indev, outdev, okfn, \
			  thresh, 1)) == 1) \
         __ret = (okfn)(skb); \
__ret;})

So the (okfn) invocation would allow a tail-call optimization, but gcc
doesn't do them in case the address of a local variable or parameter
is passed to an external function previously (&skb). With Herbert
patches we avoid this and gcc can generate optimized tail calls.
This in turn allows to remove the inline from the okfns without any
additional function call overhead, which avoids having two copies
of the same function in the CONFIG_NETFILTER=y case (one inlined,
one out-of-line so the address can be passed to nf_hook_slow()).
Removing just 4 inlines in net/ipv4 saved 3376 bytes of text with
CONFIG_NETFILTER=y on x86_64.

Besides that it generates better code in all netfilter code since
we don't have to constantly dereference **pskb. As a simple example
the xt_MARK target_v1() function shrinks by an entire 17 byte (or 16%)
because of this change :)


-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ