| Message ID | 20210618135200.14420-1-fw@strlen.de (mailing list archive) |
|---|---|
| Headers | show |
| Series | xfrm: remove xfrm replay indirections | expand |
On Fri, Jun 18, 2021 at 03:51:55PM +0200, Florian Westphal wrote: > This is v2 of an older patchset that got stuck in backlog hell. Changes: > > - drop bogus "get rid of duplicated notification code" patch. As noted > by Sabrina it does change behavior. > - fix a compiler warning in patch 2. > > ipsec.c selftest passes. > > The xfrm replay logic is implemented via indirect calls. > > xfrm_state struct holds a pointer to a > 'struct xfrm_replay', which is one of several replay protection > backends. > > XFRM then invokes the backend via state->repl->callback(). > Due to retpoline all indirect calls have become a lot more > expensive. Fortunately, there are no 'replay modules', all are available > for direct calls. > > This series removes the 'struct xfrm_replay' and adds replay > functions that can be called instead of the redirection. > > Example: > - err = x->repl->overflow(x, skb); > + err = xfrm_replay_overflow(x, skb); > > Instead of a pointer to a struct with function pointers, xfrm_state > now holds an enum that tells the replay core what kind of replay > test is to be done. > > Florian Westphal (5): > xfrm: replay: avoid xfrm replay notify indirection > xfrm: replay: remove advance indirection > xfrm: replay: remove recheck indirection > xfrm: replay: avoid replay indirection > xfrm: replay: remove last replay indirection All applied, thanks a lot Florian!