releases/4.9.124/netfilter-ipv6-nf_defrag-reduce-struct-net-memory-waste.patch - pub/scm/linux/kernel/git/stable/stable-queue - Git at Google

 From foo@baz Wed Aug 22 09:42:09 CEST 2018
 From: Eric Dumazet <edumazet@google.com>
 Date: Wed, 13 Jun 2018 10:11:56 -0700
 Subject: netfilter: ipv6: nf_defrag: reduce struct net memory waste

 From: Eric Dumazet <edumazet@google.com>

 [ Upstream commit 9ce7bc036ae4cfe3393232c86e9e1fea2153c237 ]

 It is a waste of memory to use a full "struct netns_sysctl_ipv6"
 while only one pointer is really used, considering netns_sysctl_ipv6
 keeps growing.

 Also, since "struct netns_frags" has cache line alignment,
 it is better to move the frags_hdr pointer outside, otherwise
 we spend a full cache line for this pointer.

 This saves 192 bytes of memory per netns.

 Fixes: c038a767cd69 ("ipv6: add a new namespace for nf_conntrack_reasm")
 Signed-off-by: Eric Dumazet <edumazet@google.com>
 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 ---
  include/net/net_namespace.h             |    1 +
  include/net/netns/ipv6.h                |    1 -
  net/ipv6/netfilter/nf_conntrack_reasm.c |    6 +++---
  3 files changed, 4 insertions(+), 4 deletions(-)

 --- a/include/net/net_namespace.h
 +++ b/include/net/net_namespace.h
 @@ -116,6 +116,7 @@ struct net {
  #endif
  #if IS_ENABLED(CONFIG_NF_DEFRAG_IPV6)
  	struct netns_nf_frag	nf_frag;
 +	struct ctl_table_header *nf_frag_frags_hdr;
  #endif
  	struct sock		*nfnl;
  	struct sock		*nfnl_stash;
 --- a/include/net/netns/ipv6.h
 +++ b/include/net/netns/ipv6.h
 @@ -89,7 +89,6 @@ struct netns_ipv6 {

  #if IS_ENABLED(CONFIG_NF_DEFRAG_IPV6)
  struct netns_nf_frag {
 -	struct netns_sysctl_ipv6 sysctl;
  	struct netns_frags	frags;
  };
  #endif
 --- a/net/ipv6/netfilter/nf_conntrack_reasm.c
 +++ b/net/ipv6/netfilter/nf_conntrack_reasm.c
 @@ -117,7 +117,7 @@ static int nf_ct_frag6_sysctl_register(s
  	if (hdr == NULL)
  		goto err_reg;

 -	net->nf_frag.sysctl.frags_hdr = hdr;
 +	net->nf_frag_frags_hdr = hdr;
  	return 0;

  err_reg:
 @@ -131,8 +131,8 @@ static void __net_exit nf_ct_frags6_sysc
  {
  	struct ctl_table *table;

 -	table = net->nf_frag.sysctl.frags_hdr->ctl_table_arg;
 -	unregister_net_sysctl_table(net->nf_frag.sysctl.frags_hdr);
 +	table = net->nf_frag_frags_hdr->ctl_table_arg;
 +	unregister_net_sysctl_table(net->nf_frag_frags_hdr);
  	if (!net_eq(net, &init_net))
  		kfree(table);
  }
	From foo@baz Wed Aug 22 09:42:09 CEST 2018
	From: Eric Dumazet <edumazet@google.com>
	Date: Wed, 13 Jun 2018 10:11:56 -0700
	Subject: netfilter: ipv6: nf_defrag: reduce struct net memory waste

	From: Eric Dumazet <edumazet@google.com>

	[ Upstream commit 9ce7bc036ae4cfe3393232c86e9e1fea2153c237 ]

	It is a waste of memory to use a full "struct netns_sysctl_ipv6"
	while only one pointer is really used, considering netns_sysctl_ipv6
	keeps growing.

	Also, since "struct netns_frags" has cache line alignment,
	it is better to move the frags_hdr pointer outside, otherwise
	we spend a full cache line for this pointer.

	This saves 192 bytes of memory per netns.

	Fixes: c038a767cd69 ("ipv6: add a new namespace for nf_conntrack_reasm")
	Signed-off-by: Eric Dumazet <edumazet@google.com>
	Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
	Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	---
	include/net/net_namespace.h \| 1 +
	include/net/netns/ipv6.h \| 1 -
	net/ipv6/netfilter/nf_conntrack_reasm.c \| 6 +++---
	3 files changed, 4 insertions(+), 4 deletions(-)

	--- a/include/net/net_namespace.h
	+++ b/include/net/net_namespace.h
	@@ -116,6 +116,7 @@ struct net {
	#endif
	#if IS_ENABLED(CONFIG_NF_DEFRAG_IPV6)
	struct netns_nf_frag nf_frag;
	+ struct ctl_table_header *nf_frag_frags_hdr;
	#endif
	struct sock *nfnl;
	struct sock *nfnl_stash;
	--- a/include/net/netns/ipv6.h
	+++ b/include/net/netns/ipv6.h
	@@ -89,7 +89,6 @@ struct netns_ipv6 {

	#if IS_ENABLED(CONFIG_NF_DEFRAG_IPV6)
	struct netns_nf_frag {
	- struct netns_sysctl_ipv6 sysctl;
	struct netns_frags frags;
	};
	#endif
	--- a/net/ipv6/netfilter/nf_conntrack_reasm.c
	+++ b/net/ipv6/netfilter/nf_conntrack_reasm.c
	@@ -117,7 +117,7 @@ static int nf_ct_frag6_sysctl_register(s
	if (hdr == NULL)
	goto err_reg;

	- net->nf_frag.sysctl.frags_hdr = hdr;
	+ net->nf_frag_frags_hdr = hdr;
	return 0;

	err_reg:
	@@ -131,8 +131,8 @@ static void __net_exit nf_ct_frags6_sysc
	{
	struct ctl_table *table;

	- table = net->nf_frag.sysctl.frags_hdr->ctl_table_arg;
	- unregister_net_sysctl_table(net->nf_frag.sysctl.frags_hdr);
	+ table = net->nf_frag_frags_hdr->ctl_table_arg;
	+ unregister_net_sysctl_table(net->nf_frag_frags_hdr);
	if (!net_eq(net, &init_net))
	kfree(table);
	}