David S. Miller wrote:
>While reviewing I thought it may be an issue that the new macros
>potentially change skb. It really isn't an issue because NF_HOOK()
>calls pass ownership of the SKB over from the caller.
>
>Although technically, someone could go:
>
> skb_get(skb);
> err = NF_HOOK(... skb ...);
> ... do stuff with skb ...
> kfree_skb(skb);
>
>but that would cause other problems and I audited the entire tree
>and nobody attempts anything like this currently. 'skb' always
>dies at the NF_HOOK() call site.
>
Yes, it has always been illegal to use the skb after NF_HOOK.
>Another huge downside to this change I was worried about
>was from a code generation point of view. Since we now take the
>address of "skb", gcc cannot generate tail-calls for the common
>case of:
>
> return NF_HOOK(...);
>
>when netfilter is enabled. Ho hum...
>
From what I can see it doesn't generate tail-calls currently:
34c: 45 31 c0 xor %r8d,%r8d
34f: 4c 89 e2 mov %r12,%rdx
352: be 01 00 00 00 mov $0x1,%esi
357: bf 02 00 00 00 mov $0x2,%edi
35c: c7 04 24 00 00 00 80 movl $0x80000000,(%rsp)
363: e8 00 00 00 00 callq 368 <ip_local_deliver+0x248>
364: R_X86_64_PC32
nf_hook_slow+0xfffffffffffffffc
368: 48 83 c4 10 add $0x10,%rsp
36c: 5b pop %rbx
36d: 5d pop %rbp
36e: 41 5c pop %r12
370: c3 retq
According to something I found on the internet, gcc only optimizes
tail-calls if some conditions are met, in this case most importantly
the space required for the arguments to the function called at the tail
must not exceed the space required for the arguments of the function
itself. nf_hook_slow takes 6 arguments, probably more than any caller.
Regards
Patrick
