diff options
| author | Florian Westphal <fw@strlen.de> | 2018-12-18 11:15:26 -0500 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2018-12-19 14:21:38 -0500 |
| commit | a84e3f533324e40e4a99f50dee2188bf140d8098 (patch) | |
| tree | 87609cfff448eacf1b18ae19f9f841d416abee2c | |
| parent | a053c866496d0c3647727f6a282a1db3afea3ed7 (diff) | |
xfrm: prefer secpath_set over secpath_dup
secpath_set is a wrapper for secpath_dup that will not perform
an allocation if the secpath attached to the skb has a reference count
of one, i.e., it doesn't need to be COW'ed.
Also, secpath_dup doesn't attach the secpath to the skb, it leaves
this to the caller.
Use secpath_set in places that immediately assign the return value to
skb.
This allows to remove skb->sp without touching these spots again.
secpath_dup can eventually be removed in followup patch.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
| -rw-r--r-- | drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 9 | ||||
| -rw-r--r-- | drivers/net/ethernet/intel/ixgbevf/ipsec.c | 9 | ||||
| -rw-r--r-- | drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_rxtx.c | 10 | ||||
| -rw-r--r-- | net/xfrm/Kconfig | 1 | ||||
| -rw-r--r-- | net/xfrm/xfrm_output.c | 7 |
5 files changed, 19 insertions, 17 deletions
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c index 8befc7a50f8c..ff85ce5791a3 100644 --- a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c +++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | |||
| @@ -1161,6 +1161,7 @@ void ixgbe_ipsec_rx(struct ixgbe_ring *rx_ring, | |||
| 1161 | struct xfrm_state *xs = NULL; | 1161 | struct xfrm_state *xs = NULL; |
| 1162 | struct ipv6hdr *ip6 = NULL; | 1162 | struct ipv6hdr *ip6 = NULL; |
| 1163 | struct iphdr *ip4 = NULL; | 1163 | struct iphdr *ip4 = NULL; |
| 1164 | struct sec_path *sp; | ||
| 1164 | void *daddr; | 1165 | void *daddr; |
| 1165 | __be32 spi; | 1166 | __be32 spi; |
| 1166 | u8 *c_hdr; | 1167 | u8 *c_hdr; |
| @@ -1200,12 +1201,12 @@ void ixgbe_ipsec_rx(struct ixgbe_ring *rx_ring, | |||
| 1200 | if (unlikely(!xs)) | 1201 | if (unlikely(!xs)) |
| 1201 | return; | 1202 | return; |
| 1202 | 1203 | ||
| 1203 | skb->sp = secpath_dup(skb->sp); | 1204 | sp = secpath_set(skb); |
| 1204 | if (unlikely(!skb->sp)) | 1205 | if (unlikely(!sp)) |
| 1205 | return; | 1206 | return; |
| 1206 | 1207 | ||
| 1207 | skb->sp->xvec[skb->sp->len++] = xs; | 1208 | sp->xvec[sp->len++] = xs; |
| 1208 | skb->sp->olen++; | 1209 | sp->olen++; |
| 1209 | xo = xfrm_offload(skb); | 1210 | xo = xfrm_offload(skb); |
| 1210 | xo->flags = CRYPTO_DONE; | 1211 | xo->flags = CRYPTO_DONE; |
| 1211 | xo->status = CRYPTO_SUCCESS; | 1212 | xo->status = CRYPTO_SUCCESS; |
diff --git a/drivers/net/ethernet/intel/ixgbevf/ipsec.c b/drivers/net/ethernet/intel/ixgbevf/ipsec.c index 07644e6bf498..5170dd9d8705 100644 --- a/drivers/net/ethernet/intel/ixgbevf/ipsec.c +++ b/drivers/net/ethernet/intel/ixgbevf/ipsec.c | |||
| @@ -548,6 +548,7 @@ void ixgbevf_ipsec_rx(struct ixgbevf_ring *rx_ring, | |||
| 548 | struct xfrm_state *xs = NULL; | 548 | struct xfrm_state *xs = NULL; |
| 549 | struct ipv6hdr *ip6 = NULL; | 549 | struct ipv6hdr *ip6 = NULL; |
| 550 | struct iphdr *ip4 = NULL; | 550 | struct iphdr *ip4 = NULL; |
| 551 | struct sec_path *sp; | ||
| 551 | void *daddr; | 552 | void *daddr; |
| 552 | __be32 spi; | 553 | __be32 spi; |
| 553 | u8 *c_hdr; | 554 | u8 *c_hdr; |
| @@ -587,12 +588,12 @@ void ixgbevf_ipsec_rx(struct ixgbevf_ring *rx_ring, | |||
| 587 | if (unlikely(!xs)) | 588 | if (unlikely(!xs)) |
| 588 | return; | 589 | return; |
| 589 | 590 | ||
| 590 | skb->sp = secpath_dup(skb->sp); | 591 | sp = secpath_set(skb); |
| 591 | if (unlikely(!skb->sp)) | 592 | if (unlikely(!sp)) |
| 592 | return; | 593 | return; |
| 593 | 594 | ||
| 594 | skb->sp->xvec[skb->sp->len++] = xs; | 595 | sp->xvec[sp->len++] = xs; |
| 595 | skb->sp->olen++; | 596 | sp->olen++; |
| 596 | xo = xfrm_offload(skb); | 597 | xo = xfrm_offload(skb); |
| 597 | xo->flags = CRYPTO_DONE; | 598 | xo->flags = CRYPTO_DONE; |
| 598 | xo->status = CRYPTO_SUCCESS; | 599 | xo->status = CRYPTO_SUCCESS; |
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_rxtx.c b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_rxtx.c index f6717c287ff4..53608afd39b6 100644 --- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_rxtx.c +++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_rxtx.c | |||
| @@ -307,10 +307,11 @@ mlx5e_ipsec_build_sp(struct net_device *netdev, struct sk_buff *skb, | |||
| 307 | struct mlx5e_priv *priv = netdev_priv(netdev); | 307 | struct mlx5e_priv *priv = netdev_priv(netdev); |
| 308 | struct xfrm_offload *xo; | 308 | struct xfrm_offload *xo; |
| 309 | struct xfrm_state *xs; | 309 | struct xfrm_state *xs; |
| 310 | struct sec_path *sp; | ||
| 310 | u32 sa_handle; | 311 | u32 sa_handle; |
| 311 | 312 | ||
| 312 | skb->sp = secpath_dup(skb->sp); | 313 | sp = secpath_set(skb); |
| 313 | if (unlikely(!skb->sp)) { | 314 | if (unlikely(!sp)) { |
| 314 | atomic64_inc(&priv->ipsec->sw_stats.ipsec_rx_drop_sp_alloc); | 315 | atomic64_inc(&priv->ipsec->sw_stats.ipsec_rx_drop_sp_alloc); |
| 315 | return NULL; | 316 | return NULL; |
| 316 | } | 317 | } |
| @@ -322,8 +323,9 @@ mlx5e_ipsec_build_sp(struct net_device *netdev, struct sk_buff *skb, | |||
| 322 | return NULL; | 323 | return NULL; |
| 323 | } | 324 | } |
| 324 | 325 | ||
| 325 | skb->sp->xvec[skb->sp->len++] = xs; | 326 | sp = skb_sec_path(skb); |
| 326 | skb->sp->olen++; | 327 | sp->xvec[sp->len++] = xs; |
| 328 | sp->olen++; | ||
| 327 | 329 | ||
| 328 | xo = xfrm_offload(skb); | 330 | xo = xfrm_offload(skb); |
| 329 | xo->flags = CRYPTO_DONE; | 331 | xo->flags = CRYPTO_DONE; |
diff --git a/net/xfrm/Kconfig b/net/xfrm/Kconfig index 140270a13d54..5d43aaa17027 100644 --- a/net/xfrm/Kconfig +++ b/net/xfrm/Kconfig | |||
| @@ -5,6 +5,7 @@ config XFRM | |||
| 5 | bool | 5 | bool |
| 6 | depends on NET | 6 | depends on NET |
| 7 | select GRO_CELLS | 7 | select GRO_CELLS |
| 8 | select SKB_EXTENSIONS | ||
| 8 | 9 | ||
| 9 | config XFRM_OFFLOAD | 10 | config XFRM_OFFLOAD |
| 10 | bool | 11 | bool |
diff --git a/net/xfrm/xfrm_output.c b/net/xfrm/xfrm_output.c index 4ae87c5ce2e3..757c4d11983b 100644 --- a/net/xfrm/xfrm_output.c +++ b/net/xfrm/xfrm_output.c | |||
| @@ -218,19 +218,16 @@ int xfrm_output(struct sock *sk, struct sk_buff *skb) | |||
| 218 | if (xfrm_dev_offload_ok(skb, x)) { | 218 | if (xfrm_dev_offload_ok(skb, x)) { |
| 219 | struct sec_path *sp; | 219 | struct sec_path *sp; |
| 220 | 220 | ||
| 221 | sp = secpath_dup(skb->sp); | 221 | sp = secpath_set(skb); |
| 222 | if (!sp) { | 222 | if (!sp) { |
| 223 | XFRM_INC_STATS(net, LINUX_MIB_XFRMOUTERROR); | 223 | XFRM_INC_STATS(net, LINUX_MIB_XFRMOUTERROR); |
| 224 | kfree_skb(skb); | 224 | kfree_skb(skb); |
| 225 | return -ENOMEM; | 225 | return -ENOMEM; |
| 226 | } | 226 | } |
| 227 | if (skb->sp) | ||
| 228 | secpath_put(skb->sp); | ||
| 229 | skb->sp = sp; | ||
| 230 | skb->encapsulation = 1; | 227 | skb->encapsulation = 1; |
| 231 | 228 | ||
| 232 | sp->olen++; | 229 | sp->olen++; |
| 233 | sp->xvec[skb->sp->len++] = x; | 230 | sp->xvec[sp->len++] = x; |
| 234 | xfrm_state_hold(x); | 231 | xfrm_state_hold(x); |
| 235 | 232 | ||
| 236 | if (skb_is_gso(skb)) { | 233 | if (skb_is_gso(skb)) { |