Received: by 2002:a25:c593:0:0:0:0:0 with SMTP id v141csp3726257ybe; Sun, 8 Sep 2019 20:43:26 -0700 (PDT) X-Google-Smtp-Source: APXvYqxCOpfcFjSOGQCsWCPu9T5NnvzuX6uI3sv4R7YA4fQn61hXR3w6mQUtqfgVlHojLSXs+OgI X-Received: by 2002:a50:a4ba:: with SMTP id w55mr10741051edb.240.1568000606454; Sun, 08 Sep 2019 20:43:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1568000606; cv=none; d=google.com; s=arc-20160816; b=thKxl3NBEA0fMas3MjpfJ+oJStSF+C3qTwTZeyRZ3sXJWhefJvyLJVCNzibJJOWpFM BnwCiNUhd3GSOC/6kxTm4EcQ5YmVk2LjCh5aNfHya/f+2CAf2+qmcHGorr+UjEeo4MiX F894IBfgty9+CdtrhQC4ok9nBhPs8oAsh5PRH+ft76PQmEy9+PZceuNt9sWNnEklIoMr 2NerH32TmEsHsuQaAiPYD+wJ8zDgKUuTD0MJzEL09WtPp7jLiOFapfhso0oxaPkjeL/g j+5dA1FiQcmGqZx4QNQNsmOpPnlZj6tpAJwgghCJcfIzwlC4WTDvPqX0qgPXqR3pg+ie 61oA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=iY1U/mBPRvCJcscYMcKkQvFtfJFTJa/aSuS12dwHHCk=; b=VG+FaSujzpxvtCRVjp8FTH2Qfp3Ho7XghUgRORmP3cR4MOt1Sc9VddDRrb5hEZE/hy JtEwyRgbHRo2vsPv+ntAedSdZ4wrZfiQpuj+RJWa8g30vwqDqU0wtrz5YuQkIW5czknF jIPFX4Hm4qsw2G4ZFfv3YeWrw4hY3ZzZsM+mh6/OfluBR2bp/sS6gFwwEjvAFJj3hqEz anVhO+1f/GufQwiXCYq6CI+Ko1JBDI1dRgDnHTs51ouMsi4Az4Ls5daqOFl8B2amMU0m lAeXFLDlPbzP6WPAMu+fEnJN3fHPw55QFzxbFjjUSY/5JkX7fvwg2X6fUCoyH7+F155h BYag== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z35si8710450edb.146.2019.09.08.20.43.02; Sun, 08 Sep 2019 20:43:26 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2394354AbfIGSwp (ORCPT + 99 others); Sat, 7 Sep 2019 14:52:45 -0400 Received: from correo.us.es ([193.147.175.20]:44704 "EHLO mail.us.es" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2392530AbfIGSwp (ORCPT ); Sat, 7 Sep 2019 14:52:45 -0400 Received: from antivirus1-rhel7.int (unknown [192.168.2.11]) by mail.us.es (Postfix) with ESMTP id 3FBFF11EB22 for ; Sat, 7 Sep 2019 20:52:41 +0200 (CEST) Received: from antivirus1-rhel7.int (localhost [127.0.0.1]) by antivirus1-rhel7.int (Postfix) with ESMTP id 31B9BFF2EB for ; Sat, 7 Sep 2019 20:52:41 +0200 (CEST) Received: by antivirus1-rhel7.int (Postfix, from userid 99) id 24C3CB8004; Sat, 7 Sep 2019 20:52:41 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on antivirus1-rhel7.int X-Spam-Level: X-Spam-Status: No, score=-108.2 required=7.5 tests=ALL_TRUSTED,BAYES_50, SMTPAUTH_US2,USER_IN_WHITELIST autolearn=disabled version=3.4.1 Received: from antivirus1-rhel7.int (localhost [127.0.0.1]) by antivirus1-rhel7.int (Postfix) with ESMTP id 09FE7B7FF6; Sat, 7 Sep 2019 20:52:39 +0200 (CEST) Received: from 192.168.1.97 (192.168.1.97) by antivirus1-rhel7.int (F-Secure/fsigk_smtp/550/antivirus1-rhel7.int); Sat, 07 Sep 2019 20:52:39 +0200 (CEST) X-Virus-Status: clean(F-Secure/fsigk_smtp/550/antivirus1-rhel7.int) Received: from us.es (sys.soleta.eu [212.170.55.40]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: 1984lsi) by entrada.int (Postfix) with ESMTPSA id D7E514265A5A; Sat, 7 Sep 2019 20:52:38 +0200 (CEST) Date: Sat, 7 Sep 2019 20:52:40 +0200 X-SMTPAUTHUS: auth mail.us.es From: Pablo Neira Ayuso To: Arnd Bergmann Cc: Jozsef Kadlecsik , Florian Westphal , "David S. Miller" , Jakub Kicinski , wenxu , netfilter-devel , coreteam@netfilter.org, Networking , "linux-kernel@vger.kernel.org" Subject: Re: [PATCH net-next] netfilter: nf_tables: avoid excessive stack usage Message-ID: <20190907185240.goswawbhq4tbmyox@salvia> References: <20190906151242.1115282-1-arnd@arndb.de> <20190907180754.dz7gstqfj7djlbrs@salvia> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: NeoMutt/20170113 (1.7.2) X-Virus-Scanned: ClamAV using ClamSMTP Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, Sep 07, 2019 at 08:41:22PM +0200, Arnd Bergmann wrote: > On Sat, Sep 7, 2019 at 8:07 PM Pablo Neira Ayuso wrote: > > > > Hi Arnd, > > > > On Fri, Sep 06, 2019 at 05:12:30PM +0200, Arnd Bergmann wrote: > > > The nft_offload_ctx structure is much too large to put on the > > > stack: > > > > > > net/netfilter/nf_tables_offload.c:31:23: error: stack frame size of 1200 bytes in function 'nft_flow_rule_create' [-Werror,-Wframe-larger-than=] > > > > > > Use dynamic allocation here, as we do elsewhere in the same > > > function. > > > > > > Fixes: c9626a2cbdb2 ("netfilter: nf_tables: add hardware offload support") > > > Signed-off-by: Arnd Bergmann > > > --- > > > Since we only really care about two members of the structure, an > > > alternative would be a larger rewrite, but that is probably too > > > late for v5.4. > > > > Thanks for this patch. > > > > I'm attaching a patch to reduce this structure size a bit. Do you > > think this alternative patch is ok until this alternative rewrite > > happens? > > I haven't tried it yet, but it looks like that would save 8 of the > 48 bytes in each for each of the 24 registers (12 bytes on m68k > or i386, which only use 4 byte alignment for nft_data), so > this wouldn't make too much difference. I'll take your patch as is. > > Anyway I agree we should to get this structure away from the > > stack, even after this is still large, so your patch (or a variant of > > it) will be useful sooner than later I think. > > What I was thinking for a possible smaller fix would be to not > pass the ctx into the expr->ops->offload callback but > only pass the 'dep' member. Since I've never seen this code > before, I have no idea if that would be an improvement > in the end. We might need this more fields of this context structure, this code is very new, still under development, let's revisit this later. Thanks.