lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Wed, 21 Jul 2021 11:15:05 -0700
From:   Casey Schaufler <casey@...aufler-ca.com>
To:     Paolo Abeni <pabeni@...hat.com>, netdev@...r.kernel.org
Cc:     "David S. Miller" <davem@...emloft.net>,
        Jakub Kicinski <kuba@...nel.org>,
        Florian Westphal <fw@...len.de>,
        Eric Dumazet <edumazet@...gle.com>,
        linux-security-module@...r.kernel.org, selinux@...r.kernel.org,
        Casey Schaufler <casey@...aufler-ca.com>
Subject: Re: [PATCH RFC 0/9] sk_buff: optimize layout for GRO

On 7/21/2021 9:44 AM, Paolo Abeni wrote:
> This is a very early draft - in a different world would be
> replaced by hallway discussion at in-person conference - aimed at
> outlining some ideas and collect feedback on the overall outlook.
> There are still bugs to be fixed, more test and benchmark need, etc.
>
> There are 3 main goals:
> - [try to] avoid the overhead for uncommon conditions at GRO time
>   (patches 1-4)
> - enable backpressure for the veth GRO path (patches 5-6)
> - reduce the number of cacheline used by the sk_buff lifecycle
>   from 4 to 3, at least in some common scenarios (patches 1,7-9).
>   The idea here is avoid the initialization of some fields and
>   control their validity with a bitmask, as presented by at least
>   Florian and Jesper in the past.

If I understand correctly, you're creating an optimized case
which excludes ct, secmark, vlan and UDP tunnel. Is this correct,
and if so, why those particular fields? What impact will this have
in the non-optimal (with any of the excluded fields) case?

>
> The above requires a bit of code churn in some places and, yes,
> a few new bits in the sk_buff struct (using some existing holes)
>
> Paolo Abeni (9):
>   sk_buff: track nfct status in newly added skb->_state
>   sk_buff: track dst status in skb->_state
>   sk_buff: move the active_extensions into the state bitfield
>   net: optimize GRO for the common case.
>   skbuff: introduce has_sk state bit.
>   veth: use skb_prepare_for_gro()
>   sk_buff: move inner header fields after tail
>   sk_buff: move vlan field after tail.
>   sk_buff: access secmark via getter/setter
>
>  drivers/net/veth.c               |   2 +-
>  include/linux/skbuff.h           | 117 ++++++++++++++++++++++---------
>  include/net/dst.h                |   3 +
>  include/net/sock.h               |   9 +++
>  net/core/dev.c                   |  31 +++++---
>  net/core/skbuff.c                |  40 +++++++----
>  net/netfilter/nfnetlink_queue.c  |   6 +-
>  net/netfilter/nft_meta.c         |   6 +-
>  net/netfilter/xt_CONNSECMARK.c   |   8 +--
>  net/netfilter/xt_SECMARK.c       |   2 +-
>  security/apparmor/lsm.c          |  15 ++--
>  security/selinux/hooks.c         |  10 +--
>  security/smack/smack_lsm.c       |   4 +-
>  security/smack/smack_netfilter.c |   4 +-
>  14 files changed, 175 insertions(+), 82 deletions(-)
>

Powered by blists - more mailing lists