[PATCH RFC 0/9] sk_buff: optimize layout for GRO

Casey Schaufler casey at schaufler-ca.com
Wed Jul 21 18:15:05 UTC 2021 

On 7/21/2021 9:44 AM, Paolo Abeni wrote:
> This is a very early draft - in a different world would be
> replaced by hallway discussion at in-person conference - aimed at
> outlining some ideas and collect feedback on the overall outlook.
> There are still bugs to be fixed, more test and benchmark need, etc.
>
> There are 3 main goals:
> - [try to] avoid the overhead for uncommon conditions at GRO time
>   (patches 1-4)
> - enable backpressure for the veth GRO path (patches 5-6)
> - reduce the number of cacheline used by the sk_buff lifecycle
>   from 4 to 3, at least in some common scenarios (patches 1,7-9).
>   The idea here is avoid the initialization of some fields and
>   control their validity with a bitmask, as presented by at least
>   Florian and Jesper in the past.

If I understand correctly, you're creating an optimized case
which excludes ct, secmark, vlan and UDP tunnel. Is this correct,
and if so, why those particular fields? What impact will this have
in the non-optimal (with any of the excluded fields) case?

>
> The above requires a bit of code churn in some places and, yes,
> a few new bits in the sk_buff struct (using some existing holes)
>
> Paolo Abeni (9):
>   sk_buff: track nfct status in newly added skb->_state
>   sk_buff: track dst status in skb->_state
>   sk_buff: move the active_extensions into the state bitfield
>   net: optimize GRO for the common case.
>   skbuff: introduce has_sk state bit.
>   veth: use skb_prepare_for_gro()
>   sk_buff: move inner header fields after tail
>   sk_buff: move vlan field after tail.
>   sk_buff: access secmark via getter/setter
>
>  drivers/net/veth.c               |   2 +-
>  include/linux/skbuff.h           | 117 ++++++++++++++++++++++---------
>  include/net/dst.h                |   3 +
>  include/net/sock.h               |   9 +++
>  net/core/dev.c                   |  31 +++++---
>  net/core/skbuff.c                |  40 +++++++----
>  net/netfilter/nfnetlink_queue.c  |   6 +-
>  net/netfilter/nft_meta.c         |   6 +-
>  net/netfilter/xt_CONNSECMARK.c   |   8 +--
>  net/netfilter/xt_SECMARK.c       |   2 +-
>  security/apparmor/lsm.c          |  15 ++--
>  security/selinux/hooks.c         |  10 +--
>  security/smack/smack_lsm.c       |   4 +-
>  security/smack/smack_netfilter.c |   4 +-
>  14 files changed, 175 insertions(+), 82 deletions(-)
>

More information about the Linux-security-module-archive mailing list