[Bridge] Re: [PATCH/RFC] Reduce call chain length in netfilter

Patrick McHardy kaber at trash.net
Thu Jan 27 09:50:50 PST 2005

David S. Miller wrote:

>While reviewing I thought it may be an issue that the new macros
>potentially change skb.  It really isn't an issue because NF_HOOK()
>calls pass ownership of the SKB over from the caller.
>Although technically, someone could go:
>	skb_get(skb);
>	err = NF_HOOK(... skb ...);
>	... do stuff with skb ...
>	kfree_skb(skb);
>but that would cause other problems and I audited the entire tree
>and nobody attempts anything like this currently.  'skb' always
>dies at the NF_HOOK() call site.
Yes, it has always been illegal to use the skb after NF_HOOK.

>Another huge downside to this change I was worried about
>was from a code generation point of view.  Since we now take the
>address of "skb", gcc cannot generate tail-calls for the common
>case of:
>	return NF_HOOK(...);
>when netfilter is enabled.  Ho hum...
 From what I can see it doesn't generate tail-calls currently:

 34c:   45 31 c0                xor    %r8d,%r8d
 34f:   4c 89 e2                mov    %r12,%rdx
 352:   be 01 00 00 00          mov    $0x1,%esi
 357:   bf 02 00 00 00          mov    $0x2,%edi
 35c:   c7 04 24 00 00 00 80    movl   $0x80000000,(%rsp)
 363:   e8 00 00 00 00          callq  368 <ip_local_deliver+0x248>
                        364: R_X86_64_PC32      
 368:   48 83 c4 10             add    $0x10,%rsp
 36c:   5b                      pop    %rbx
 36d:   5d                      pop    %rbp
 36e:   41 5c                   pop    %r12
 370:   c3                      retq

According to something I found on the internet, gcc only optimizes
tail-calls if some conditions are met, in this case most importantly
the space required for the arguments to the function called at the tail
must not exceed the space required for the arguments of the function
itself. nf_hook_slow takes 6 arguments, probably more than any caller.


More information about the Bridge mailing list