| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <a2552992ca2fa29754340eaa05b1a185fca7a381.1770309837.git.pabeni@redhat.com>
Date: Thu, 5 Feb 2026 17:44:14 +0100
From: Paolo Abeni <pabeni@...hat.com>
To: netdev@...r.kernel.org
Cc: Steffen Klassert <steffen.klassert@...unet.com>,
Herbert Xu <herbert@...dor.apana.org.au>,
"David S. Miller" <davem@...emloft.net>,
Eric Dumazet <edumazet@...gle.com>,
Jakub Kicinski <kuba@...nel.org>,
Simon Horman <horms@...nel.org>
Subject: [RFC PATCH] xfrm: reduce struct sec_path size
The mentioned struct has an hole and uses unnecessary wide type to
store a MAC length.
It's also embedded into the skb_extensions, and the latter, due
to recent CAN changes, may exceeds the 192 bytes mark (3 cachelines
on x86_64 arch) on some reasonable configuration.
Reordering and the sec_path fields and shrinking xfrm_offload.orig_mac_len
to 16 bits, we can save 8 bytes and keep skb_extensions size under
control.
Before:
struct sec_path {
int len;
int olen;
int verified_cnt;
/* XXX 4 bytes hole, try to pack */$
struct xfrm_state * xvec[6];
struct xfrm_offload ovec[1];
/* size: 88, cachelines: 2, members: 5 */
/* sum members: 84, holes: 1, sum holes: 4 */
/* last cacheline: 24 bytes */
};
After:
struct sec_path {
int len;
int olen;
struct xfrm_offload ovec[1];
int verified_cnt;
struct xfrm_state * xvec[6];
/* size: 80, cachelines: 2, members: 5 */
/* last cacheline: 16 bytes */
};
Signed-off-by: Paolo Abeni <pabeni@...hat.com>
---
only build tested, any feedback appreciated.
---
include/net/xfrm.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index 0a14daaa5dd4..41122cb83901 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -1156,7 +1156,7 @@ struct xfrm_offload {
#define CRYPTO_INVALID_PROTOCOL 128
/* Used to keep whole l2 header for transport mode GRO */
- __u32 orig_mac_len;
+ __u16 orig_mac_len;
__u8 proto;
__u8 inner_ipproto;
@@ -1165,10 +1165,10 @@ struct xfrm_offload {
struct sec_path {
int len;
int olen;
+ struct xfrm_offload ovec[XFRM_MAX_OFFLOAD_DEPTH];
int verified_cnt;
struct xfrm_state *xvec[XFRM_MAX_DEPTH];
- struct xfrm_offload ovec[XFRM_MAX_OFFLOAD_DEPTH];
};
struct sec_path *secpath_set(struct sk_buff *skb);
--
2.52.0
Powered by blists - more mailing lists