[PATCH net-next] net: #ifdefify sk_classid member of struct sock

[PATCH net-next] net: #ifdefify sk_classid member of struct sock

[Mathias Krause]

The sk_classid member is only required when CONFIG_CGROUP_NET_CLASSID is
enabled. #ifdefify it to reduce the size of struct sock on 32 bit
systems, at least.

Signed-off-by: Mathias Krause <minipli@googlemail.com>
---
 include/net/sock.h       |    2 ++
 net/netfilter/nft_meta.c |    2 ++
 2 files changed, 4 insertions(+)

diff --git a/include/net/sock.h b/include/net/sock.h
index 05a8c1aea251..4353ef70bf48 100644
--- a/include/net/sock.h
+++ b/include/net/sock.h
@@ -429,7 +429,9 @@ struct sock {
 	void			*sk_security;
 #endif
 	__u32			sk_mark;
+#ifdef CONFIG_CGROUP_NET_CLASSID
 	u32			sk_classid;
+#endif
 	struct cg_proto		*sk_cgrp;
 	void			(*sk_state_change)(struct sock *sk);
 	void			(*sk_data_ready)(struct sock *sk);
diff --git a/net/netfilter/nft_meta.c b/net/netfilter/nft_meta.c
index 52561e1c31e2..005b374d1967 100644
--- a/net/netfilter/nft_meta.c
+++ b/net/netfilter/nft_meta.c
@@ -166,11 +166,13 @@ void nft_meta_get_eval(const struct nft_expr *expr,
 			goto err;
 		*dest = out->group;
 		break;
+#ifdef CONFIG_CGROUP_NET_CLASSID
 	case NFT_META_CGROUP:
 		if (skb->sk == NULL || !sk_fullsock(skb->sk))
 			goto err;
 		*dest = skb->sk->sk_classid;
 		break;
+#endif
 	default:
 		WARN_ON(1);
 		goto err;
-- 
1.7.10.4

Re: [PATCH net-next] net: #ifdefify sk_classid member of struct sock

[David Miller]

From: Mathias Krause <minipli@googlemail.com>
Date: Sun, 19 Jul 2015 20:17:41 +0200

> The sk_classid member is only required when CONFIG_CGROUP_NET_CLASSID is
> enabled. #ifdefify it to reduce the size of struct sock on 32 bit
> systems, at least.
> 
> Signed-off-by: Mathias Krause <minipli@googlemail.com>

Are you sure NFT_META_CGROUP cannot enter nft_meta_get_eval()?  If so it'll
WARN_ON().

I really don't like changes like this.

Re: [PATCH net-next] net: #ifdefify sk_classid member of struct sock

[Mathias Krause]

On 19 July 2015 at 20:42, David Miller <davem@davemloft.net> wrote:
> From: Mathias Krause <minipli@googlemail.com>
> Date: Sun, 19 Jul 2015 20:17:41 +0200
>
>> The sk_classid member is only required when CONFIG_CGROUP_NET_CLASSID is
>> enabled. #ifdefify it to reduce the size of struct sock on 32 bit
>> systems, at least.
>>
>> Signed-off-by: Mathias Krause <minipli@googlemail.com>
>
> Are you sure NFT_META_CGROUP cannot enter nft_meta_get_eval()?  If so it'll
> WARN_ON().

I just tried to bring the code in line as it already is for
NFT_META_RTCLASSID and NFT_META_SECMARK. But, obviously, I messed it
up by missing the nft_meta_get_init() function. Sorry for that!

The init function gets called prior to the eval function (see
nft_expr_init() and nf_tables_newrule()). If it returns an error, the
latter won't be called. So the fix is, to add the #ifdef to
nft_meta_get_init() as well.

Another direct caller of  nft_meta_get_eval() is
nft_meta_bridge_get_eval(). However, it also complies to the init /
eval rule by calling nft_meta_get_init() in its init function, so will
error out in the case, too.

I'll send a v2 soon.

Thanks for the review!

> I really don't like changes like this.

Sorry. I should have taken more attention.


Thanks,
Mathias