From aafd0d88ee3a009b3f4f576a8e6e114d4810e489 Mon Sep 17 00:00:00 2001 From: Ulrich Weber Date: Thu, 8 Nov 2012 11:15:44 +0100 Subject: [PATCH 1/4] xfrm: remove redundant replay_esn check x->replay_esn is already checked in if clause, so remove check and ident properly Signed-off-by: Ulrich Weber Signed-off-by: Steffen Klassert --- net/xfrm/xfrm_replay.c | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/net/xfrm/xfrm_replay.c b/net/xfrm/xfrm_replay.c index 3efb07d3eb27..765f6fe951eb 100644 --- a/net/xfrm/xfrm_replay.c +++ b/net/xfrm/xfrm_replay.c @@ -521,13 +521,12 @@ int xfrm_init_replay(struct xfrm_state *x) replay_esn->bmp_len * sizeof(__u32) * 8) return -EINVAL; - if ((x->props.flags & XFRM_STATE_ESN) && replay_esn->replay_window == 0) - return -EINVAL; - - if ((x->props.flags & XFRM_STATE_ESN) && x->replay_esn) - x->repl = &xfrm_replay_esn; - else - x->repl = &xfrm_replay_bmp; + if (x->props.flags & XFRM_STATE_ESN) { + if (replay_esn->replay_window == 0) + return -EINVAL; + x->repl = &xfrm_replay_esn; + } else + x->repl = &xfrm_replay_bmp; } else x->repl = &xfrm_replay_legacy; From f7c83bcbfaf5c848018680a499aa6b50b32f3085 Mon Sep 17 00:00:00 2001 From: Shan Wei Date: Tue, 13 Nov 2012 20:36:00 +0800 Subject: [PATCH 2/4] net: xfrm: use __this_cpu_read per-cpu helper MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit this_cpu_ptr/this_cpu_read is faster than per_cpu_ptr(p, smp_processor_id()) and can reduce memory accesses. The latter helper needs to find the offset for current cpu, and needs more assembler instructions which objdump shows in following. this_cpu_ptr relocates and address. this_cpu_read() relocates the address and performs the fetch. this_cpu_read() saves you more instructions since it can do the relocation and the fetch in one instruction. per_cpu_ptr(p, smp_processor_id()): 1e: 65 8b 04 25 00 00 00 00 mov %gs:0x0,%eax 26: 48 98 cltq 28: 31 f6 xor %esi,%esi 2a: 48 c7 c7 00 00 00 00 mov $0x0,%rdi 31: 48 8b 04 c5 00 00 00 00 mov 0x0(,%rax,8),%rax 39: c7 44 10 04 14 00 00 00 movl $0x14,0x4(%rax,%rdx,1) this_cpu_ptr(p) 1e: 65 48 03 14 25 00 00 00 00 add %gs:0x0,%rdx 27: 31 f6 xor %esi,%esi 29: c7 42 04 14 00 00 00 movl $0x14,0x4(%rdx) 30: 48 c7 c7 00 00 00 00 mov $0x0,%rdi Signed-off-by: Shan Wei Signed-off-by: Steffen Klassert --- net/xfrm/xfrm_ipcomp.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/net/xfrm/xfrm_ipcomp.c b/net/xfrm/xfrm_ipcomp.c index e5246fbe36c4..2906d520eea7 100644 --- a/net/xfrm/xfrm_ipcomp.c +++ b/net/xfrm/xfrm_ipcomp.c @@ -276,18 +276,16 @@ static struct crypto_comp * __percpu *ipcomp_alloc_tfms(const char *alg_name) struct crypto_comp * __percpu *tfms; int cpu; - /* This can be any valid CPU ID so we don't need locking. */ - cpu = raw_smp_processor_id(); list_for_each_entry(pos, &ipcomp_tfms_list, list) { struct crypto_comp *tfm; - tfms = pos->tfms; - tfm = *per_cpu_ptr(tfms, cpu); + /* This can be any valid CPU ID so we don't need locking. */ + tfm = __this_cpu_read(*pos->tfms); if (!strcmp(crypto_comp_name(tfm), alg_name)) { pos->users++; - return tfms; + return pos->tfms; } } From c38132865959c47d36b5db1c9289c7391895be6b Mon Sep 17 00:00:00 2001 From: Steffen Klassert Date: Thu, 15 Nov 2012 09:00:18 +0100 Subject: [PATCH 3/4] xfrm: Use a static gc threshold value for ipv6 Unlike ipv4 did, ipv6 does not handle the maximum number of cached routes dynamically. So no need to try to handle the IPsec gc threshold value dynamically. This patch sets the IPsec gc threshold value back to 1024 routes, as it is for non-IPsec routes. Signed-off-by: Steffen Klassert --- net/ipv6/xfrm6_policy.c | 14 -------------- 1 file changed, 14 deletions(-) diff --git a/net/ipv6/xfrm6_policy.c b/net/ipv6/xfrm6_policy.c index f3ed8ca59b94..6ce4a4fd3b30 100644 --- a/net/ipv6/xfrm6_policy.c +++ b/net/ipv6/xfrm6_policy.c @@ -327,21 +327,7 @@ static struct ctl_table_header *sysctl_hdr; int __init xfrm6_init(void) { int ret; - unsigned int gc_thresh; - /* - * We need a good default value for the xfrm6 gc threshold. - * In ipv4 we set it to the route hash table size * 8, which - * is half the size of the maximaum route cache for ipv4. It - * would be good to do the same thing for v6, except the table is - * constructed differently here. Here each table for a net namespace - * can have FIB_TABLE_HASHSZ entries, so lets go with the same - * computation that we used for ipv4 here. Also, lets keep the initial - * gc_thresh to a minimum of 1024, since, the ipv6 route cache defaults - * to that as a minimum as well - */ - gc_thresh = FIB6_TABLE_HASHSZ * 8; - xfrm6_dst_ops.gc_thresh = (gc_thresh < 1024) ? 1024 : gc_thresh; dst_entries_init(&xfrm6_dst_ops); ret = xfrm6_policy_init(); From 0afe21fdf6cfe0fe8a184d82a399773cc331bf40 Mon Sep 17 00:00:00 2001 From: Steffen Klassert Date: Fri, 16 Nov 2012 08:07:56 +0100 Subject: [PATCH 4/4] xfrm6: Remove commented out function call to xfrm6_input_fini xfrm6_input_fini() is not in the tree since more than 10 years, so remove the commented out function call. Signed-off-by: Steffen Klassert --- net/ipv6/xfrm6_policy.c | 1 - 1 file changed, 1 deletion(-) diff --git a/net/ipv6/xfrm6_policy.c b/net/ipv6/xfrm6_policy.c index 6ce4a4fd3b30..c9844135c9ca 100644 --- a/net/ipv6/xfrm6_policy.c +++ b/net/ipv6/xfrm6_policy.c @@ -356,7 +356,6 @@ void xfrm6_fini(void) if (sysctl_hdr) unregister_net_sysctl_table(sysctl_hdr); #endif - //xfrm6_input_fini(); xfrm6_policy_fini(); xfrm6_state_fini(); dst_entries_destroy(&xfrm6_dst_ops);