Received: by 2002:a25:c593:0:0:0:0:0 with SMTP id v141csp3727189ybe; Sun, 8 Sep 2019 20:44:39 -0700 (PDT) X-Google-Smtp-Source: APXvYqz6Bl3gv249gl2CqVEM+6FDM3HBm+eovtJPU9AwyX0moFaPMlMno/8I78qQTWz5Ou3/R5lP X-Received: by 2002:a50:d68a:: with SMTP id r10mr22316498edi.151.1568000679383; Sun, 08 Sep 2019 20:44:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1568000679; cv=none; d=google.com; s=arc-20160816; b=UjIYK4G0JY2UHFWIcbFyl4+veN4DDBwSjcoq5gtFcxklYtKwLAOkMrTBceG0Mos85Y dZQGGb8mvXk/Rwu9432RoPgCUbQkZh8q+jwWW6wxnatVxsmXRNuQmDqeZRv1xkmrFTae OknznoWVt6oa/o+na6Dhp5rYdrzEELE0jQd1xSXSmTZnM1q+CudA/KLVScJ5xbLj0U4S E+flpnvACzagiIFD/Pkirnag3a0FtN6le2hfcKxxhcg7HgWSMqSwPVer+G6dy7td/Hof hZGiqzzvY5wbVDUajbgsh1fHJ43MkxDPYpb3T0ktbZpDDq4anNVxrLyFM41WB+bVuKmM 4oiA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version; bh=xYhp8TlOraPZEcvgQxX+zDL0OShnjbjHQGWCEKi0vzw=; b=a1JmwW1Bv32cC1XdSt51kpP7t8Oe/Za2OXqISd0cyu3TApRQuIY1rkx/ybVDmecvAM lm3JFZmng3yMcrJA5CSf0vHsH/XnhjC29SB+bu0ZCxpslKpUJ9ULChKP7/W+iTTkozIL qHxUQOPha9zjmd2JYGs/qzEHO5upv75NrXF+ehUFyxw4uNAqnxFjXsPpZxrOi+fsqr3d 8jEiKNdTmHqSgaCSMzWZOEuCdpkbGK17vSCc5h5NFa3R1PvvFeYAa7bWVZ0xSAKBmLfC bBLsVeZh2epnCyMX4dBQyQ4KibZHMvja8MMSph/T05aO0L0uylNIzJr/XgzFpp88Ms5f eJTQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id k39si8086622edb.52.2019.09.08.20.44.15; Sun, 08 Sep 2019 20:44:39 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2392981AbfIGSlj (ORCPT + 99 others); Sat, 7 Sep 2019 14:41:39 -0400 Received: from mail-qk1-f195.google.com ([209.85.222.195]:41751 "EHLO mail-qk1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1733279AbfIGSlj (ORCPT ); Sat, 7 Sep 2019 14:41:39 -0400 Received: by mail-qk1-f195.google.com with SMTP id o11so8942960qkg.8; Sat, 07 Sep 2019 11:41:38 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=xYhp8TlOraPZEcvgQxX+zDL0OShnjbjHQGWCEKi0vzw=; b=KBrNxQwfwomEYJqnvAP6KXvslf+92+qxbt1mG7Bml5dXt5SdJUVmhQi3/tJo5O8KsJ FCWzcEgMW43jg3taA5dtAYbcI+xWrcwTlKJ6kkOaGOy6JXDTAeEMtHPQUaRK/fcE3Sbq 4MxH+PLGPyxLFWqkepJkGsILaPWtd3J8tvu3cyxs033vR8F1tAz3OglFUY5uUNgJu3kQ yqru0o95ZjVi/5b6ALV3BjOgp4GtEkWqrv8jvv/UsOsif3inqgVzaEGJqkh38UpaFHx/ v4Np+ReyM7qWx5JE7VD3+oHLUu6y9CNXqOdjtDYYO2BWrcoM/cBExOAdu6HOszvdCAvf ceyQ== X-Gm-Message-State: APjAAAWMbnfQrhoxxjWPwQG117rUUOeyFEsYnqimB4jgyFY2BtDqOHf/ 4aSDLJ7KF607NbdM5hirlkbGLDF919rcn+hZhEI= X-Received: by 2002:ae9:ef8c:: with SMTP id d134mr15352039qkg.286.1567881698140; Sat, 07 Sep 2019 11:41:38 -0700 (PDT) MIME-Version: 1.0 References: <20190906151242.1115282-1-arnd@arndb.de> <20190907180754.dz7gstqfj7djlbrs@salvia> In-Reply-To: <20190907180754.dz7gstqfj7djlbrs@salvia> From: Arnd Bergmann Date: Sat, 7 Sep 2019 20:41:22 +0200 Message-ID: Subject: Re: [PATCH net-next] netfilter: nf_tables: avoid excessive stack usage To: Pablo Neira Ayuso Cc: Jozsef Kadlecsik , Florian Westphal , "David S. Miller" , Jakub Kicinski , wenxu , netfilter-devel , coreteam@netfilter.org, Networking , "linux-kernel@vger.kernel.org" Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, Sep 7, 2019 at 8:07 PM Pablo Neira Ayuso wrote: > > Hi Arnd, > > On Fri, Sep 06, 2019 at 05:12:30PM +0200, Arnd Bergmann wrote: > > The nft_offload_ctx structure is much too large to put on the > > stack: > > > > net/netfilter/nf_tables_offload.c:31:23: error: stack frame size of 1200 bytes in function 'nft_flow_rule_create' [-Werror,-Wframe-larger-than=] > > > > Use dynamic allocation here, as we do elsewhere in the same > > function. > > > > Fixes: c9626a2cbdb2 ("netfilter: nf_tables: add hardware offload support") > > Signed-off-by: Arnd Bergmann > > --- > > Since we only really care about two members of the structure, an > > alternative would be a larger rewrite, but that is probably too > > late for v5.4. > > Thanks for this patch. > > I'm attaching a patch to reduce this structure size a bit. Do you > think this alternative patch is ok until this alternative rewrite > happens? I haven't tried it yet, but it looks like that would save 8 of the 48 bytes in each for each of the 24 registers (12 bytes on m68k or i386, which only use 4 byte alignment for nft_data), so this wouldn't make too much difference. > Anyway I agree we should to get this structure away from the > stack, even after this is still large, so your patch (or a variant of > it) will be useful sooner than later I think. What I was thinking for a possible smaller fix would be to not pass the ctx into the expr->ops->offload callback but only pass the 'dep' member. Since I've never seen this code before, I have no idea if that would be an improvement in the end. Arnd