Commit | Line | Data |
---|---|---|
2874c5fd | 1 | // SPDX-License-Identifier: GPL-2.0-or-later |
1da177e4 LT |
2 | /* |
3 | * Routines having to do with the 'struct sk_buff' memory handlers. | |
4 | * | |
113aa838 | 5 | * Authors: Alan Cox <alan@lxorguk.ukuu.org.uk> |
1da177e4 LT |
6 | * Florian La Roche <rzsfl@rz.uni-sb.de> |
7 | * | |
1da177e4 LT |
8 | * Fixes: |
9 | * Alan Cox : Fixed the worst of the load | |
10 | * balancer bugs. | |
11 | * Dave Platt : Interrupt stacking fix. | |
12 | * Richard Kooijman : Timestamp fixes. | |
13 | * Alan Cox : Changed buffer format. | |
14 | * Alan Cox : destructor hook for AF_UNIX etc. | |
15 | * Linus Torvalds : Better skb_clone. | |
16 | * Alan Cox : Added skb_copy. | |
17 | * Alan Cox : Added all the changed routines Linus | |
18 | * only put in the headers | |
19 | * Ray VanTassle : Fixed --skb->lock in free | |
20 | * Alan Cox : skb_copy copy arp field | |
21 | * Andi Kleen : slabified it. | |
22 | * Robert Olsson : Removed skb_head_pool | |
23 | * | |
24 | * NOTE: | |
25 | * The __skb_ routines should be called with interrupts | |
26 | * disabled, or you better be *real* sure that the operation is atomic | |
27 | * with respect to whatever list is being frobbed (e.g. via lock_sock() | |
28 | * or via disabling bottom half handlers, etc). | |
1da177e4 LT |
29 | */ |
30 | ||
31 | /* | |
32 | * The functions in this file will not compile correctly with gcc 2.4.x | |
33 | */ | |
34 | ||
e005d193 JP |
35 | #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt |
36 | ||
1da177e4 LT |
37 | #include <linux/module.h> |
38 | #include <linux/types.h> | |
39 | #include <linux/kernel.h> | |
1da177e4 LT |
40 | #include <linux/mm.h> |
41 | #include <linux/interrupt.h> | |
42 | #include <linux/in.h> | |
43 | #include <linux/inet.h> | |
44 | #include <linux/slab.h> | |
de960aa9 FW |
45 | #include <linux/tcp.h> |
46 | #include <linux/udp.h> | |
90017acc | 47 | #include <linux/sctp.h> |
1da177e4 LT |
48 | #include <linux/netdevice.h> |
49 | #ifdef CONFIG_NET_CLS_ACT | |
50 | #include <net/pkt_sched.h> | |
51 | #endif | |
52 | #include <linux/string.h> | |
53 | #include <linux/skbuff.h> | |
9c55e01c | 54 | #include <linux/splice.h> |
1da177e4 LT |
55 | #include <linux/cache.h> |
56 | #include <linux/rtnetlink.h> | |
57 | #include <linux/init.h> | |
716ea3a7 | 58 | #include <linux/scatterlist.h> |
ac45f602 | 59 | #include <linux/errqueue.h> |
268bb0ce | 60 | #include <linux/prefetch.h> |
071c0fc6 | 61 | #include <linux/bitfield.h> |
0d5501c1 | 62 | #include <linux/if_vlan.h> |
2a2ea508 | 63 | #include <linux/mpls.h> |
183f47fc | 64 | #include <linux/kcov.h> |
1da177e4 LT |
65 | |
66 | #include <net/protocol.h> | |
67 | #include <net/dst.h> | |
68 | #include <net/sock.h> | |
69 | #include <net/checksum.h> | |
ed1f50c3 | 70 | #include <net/ip6_checksum.h> |
1da177e4 | 71 | #include <net/xfrm.h> |
8822e270 | 72 | #include <net/mpls.h> |
3ee17bc7 | 73 | #include <net/mptcp.h> |
78476d31 | 74 | #include <net/mctp.h> |
6a5bcd84 | 75 | #include <net/page_pool.h> |
071c0fc6 | 76 | #include <net/dropreason.h> |
1da177e4 | 77 | |
7c0f6ba6 | 78 | #include <linux/uaccess.h> |
ad8d75ff | 79 | #include <trace/events/skb.h> |
51c56b00 | 80 | #include <linux/highmem.h> |
b245be1f WB |
81 | #include <linux/capability.h> |
82 | #include <linux/user_namespace.h> | |
2544af03 | 83 | #include <linux/indirect_call_wrapper.h> |
2195e2a0 | 84 | #include <linux/textsearch.h> |
a1f8e7f7 | 85 | |
39564c3f | 86 | #include "dev.h" |
7f678def | 87 | #include "sock_destructor.h" |
7b7ed885 | 88 | |
025a785f | 89 | struct kmem_cache *skbuff_cache __ro_after_init; |
08009a76 | 90 | static struct kmem_cache *skbuff_fclone_cache __ro_after_init; |
df5042f4 FW |
91 | #ifdef CONFIG_SKB_EXTENSIONS |
92 | static struct kmem_cache *skbuff_ext_cache __ro_after_init; | |
93 | #endif | |
bf9f1baa ED |
94 | |
95 | /* skb_small_head_cache and related code is only supported | |
96 | * for CONFIG_SLAB and CONFIG_SLUB. | |
97 | * As soon as SLOB is removed from the kernel, we can clean up this. | |
98 | */ | |
99 | #if !defined(CONFIG_SLOB) | |
100 | # define HAVE_SKB_SMALL_HEAD_CACHE 1 | |
101 | #endif | |
102 | ||
103 | #ifdef HAVE_SKB_SMALL_HEAD_CACHE | |
104 | static struct kmem_cache *skb_small_head_cache __ro_after_init; | |
105 | ||
106 | #define SKB_SMALL_HEAD_SIZE SKB_HEAD_ALIGN(MAX_TCP_HEADER) | |
107 | ||
108 | /* We want SKB_SMALL_HEAD_CACHE_SIZE to not be a power of two. | |
109 | * This should ensure that SKB_SMALL_HEAD_HEADROOM is a unique | |
110 | * size, and we can differentiate heads from skb_small_head_cache | |
111 | * vs system slabs by looking at their size (skb_end_offset()). | |
112 | */ | |
113 | #define SKB_SMALL_HEAD_CACHE_SIZE \ | |
114 | (is_power_of_2(SKB_SMALL_HEAD_SIZE) ? \ | |
115 | (SKB_SMALL_HEAD_SIZE + L1_CACHE_BYTES) : \ | |
116 | SKB_SMALL_HEAD_SIZE) | |
117 | ||
118 | #define SKB_SMALL_HEAD_HEADROOM \ | |
119 | SKB_WITH_OVERHEAD(SKB_SMALL_HEAD_CACHE_SIZE) | |
120 | #endif /* HAVE_SKB_SMALL_HEAD_CACHE */ | |
121 | ||
5f74f82e HWR |
122 | int sysctl_max_skb_frags __read_mostly = MAX_SKB_FRAGS; |
123 | EXPORT_SYMBOL(sysctl_max_skb_frags); | |
1da177e4 | 124 | |
9cb252c4 MD |
125 | #undef FN |
126 | #define FN(reason) [SKB_DROP_REASON_##reason] = #reason, | |
071c0fc6 | 127 | static const char * const drop_reasons[] = { |
0e84afe8 | 128 | [SKB_CONSUMED] = "CONSUMED", |
9cb252c4 MD |
129 | DEFINE_DROP_REASON(FN, FN) |
130 | }; | |
071c0fc6 JB |
131 | |
132 | static const struct drop_reason_list drop_reasons_core = { | |
133 | .reasons = drop_reasons, | |
134 | .n_reasons = ARRAY_SIZE(drop_reasons), | |
135 | }; | |
136 | ||
137 | const struct drop_reason_list __rcu * | |
138 | drop_reasons_by_subsys[SKB_DROP_REASON_SUBSYS_NUM] = { | |
139 | [SKB_DROP_REASON_SUBSYS_CORE] = RCU_INITIALIZER(&drop_reasons_core), | |
140 | }; | |
141 | EXPORT_SYMBOL(drop_reasons_by_subsys); | |
142 | ||
143 | /** | |
144 | * drop_reasons_register_subsys - register another drop reason subsystem | |
145 | * @subsys: the subsystem to register, must not be the core | |
146 | * @list: the list of drop reasons within the subsystem, must point to | |
147 | * a statically initialized list | |
148 | */ | |
149 | void drop_reasons_register_subsys(enum skb_drop_reason_subsys subsys, | |
150 | const struct drop_reason_list *list) | |
151 | { | |
152 | if (WARN(subsys <= SKB_DROP_REASON_SUBSYS_CORE || | |
153 | subsys >= ARRAY_SIZE(drop_reasons_by_subsys), | |
154 | "invalid subsystem %d\n", subsys)) | |
155 | return; | |
156 | ||
157 | /* must point to statically allocated memory, so INIT is OK */ | |
158 | RCU_INIT_POINTER(drop_reasons_by_subsys[subsys], list); | |
159 | } | |
160 | EXPORT_SYMBOL_GPL(drop_reasons_register_subsys); | |
161 | ||
162 | /** | |
163 | * drop_reasons_unregister_subsys - unregister a drop reason subsystem | |
164 | * @subsys: the subsystem to remove, must not be the core | |
165 | * | |
166 | * Note: This will synchronize_rcu() to ensure no users when it returns. | |
167 | */ | |
168 | void drop_reasons_unregister_subsys(enum skb_drop_reason_subsys subsys) | |
169 | { | |
170 | if (WARN(subsys <= SKB_DROP_REASON_SUBSYS_CORE || | |
171 | subsys >= ARRAY_SIZE(drop_reasons_by_subsys), | |
172 | "invalid subsystem %d\n", subsys)) | |
173 | return; | |
174 | ||
175 | RCU_INIT_POINTER(drop_reasons_by_subsys[subsys], NULL); | |
176 | ||
177 | synchronize_rcu(); | |
178 | } | |
179 | EXPORT_SYMBOL_GPL(drop_reasons_unregister_subsys); | |
ec43908d | 180 | |
1da177e4 | 181 | /** |
f05de73b JS |
182 | * skb_panic - private function for out-of-line support |
183 | * @skb: buffer | |
184 | * @sz: size | |
185 | * @addr: address | |
99d5851e | 186 | * @msg: skb_over_panic or skb_under_panic |
1da177e4 | 187 | * |
f05de73b JS |
188 | * Out-of-line support for skb_put() and skb_push(). |
189 | * Called via the wrapper skb_over_panic() or skb_under_panic(). | |
190 | * Keep out of line to prevent kernel bloat. | |
191 | * __builtin_return_address is not used because it is not always reliable. | |
1da177e4 | 192 | */ |
f05de73b | 193 | static void skb_panic(struct sk_buff *skb, unsigned int sz, void *addr, |
99d5851e | 194 | const char msg[]) |
1da177e4 | 195 | { |
41a46913 | 196 | pr_emerg("%s: text:%px len:%d put:%d head:%px data:%px tail:%#lx end:%#lx dev:%s\n", |
99d5851e | 197 | msg, addr, skb->len, sz, skb->head, skb->data, |
e005d193 JP |
198 | (unsigned long)skb->tail, (unsigned long)skb->end, |
199 | skb->dev ? skb->dev->name : "<NULL>"); | |
1da177e4 LT |
200 | BUG(); |
201 | } | |
202 | ||
f05de73b | 203 | static void skb_over_panic(struct sk_buff *skb, unsigned int sz, void *addr) |
1da177e4 | 204 | { |
f05de73b | 205 | skb_panic(skb, sz, addr, __func__); |
1da177e4 LT |
206 | } |
207 | ||
f05de73b JS |
208 | static void skb_under_panic(struct sk_buff *skb, unsigned int sz, void *addr) |
209 | { | |
210 | skb_panic(skb, sz, addr, __func__); | |
211 | } | |
c93bdd0e | 212 | |
50fad4b5 | 213 | #define NAPI_SKB_CACHE_SIZE 64 |
f450d539 AL |
214 | #define NAPI_SKB_CACHE_BULK 16 |
215 | #define NAPI_SKB_CACHE_HALF (NAPI_SKB_CACHE_SIZE / 2) | |
50fad4b5 | 216 | |
dbae2b06 PA |
217 | #if PAGE_SIZE == SZ_4K |
218 | ||
219 | #define NAPI_HAS_SMALL_PAGE_FRAG 1 | |
220 | #define NAPI_SMALL_PAGE_PFMEMALLOC(nc) ((nc).pfmemalloc) | |
221 | ||
222 | /* specialized page frag allocator using a single order 0 page | |
223 | * and slicing it into 1K sized fragment. Constrained to systems | |
224 | * with a very limited amount of 1K fragments fitting a single | |
225 | * page - to avoid excessive truesize underestimation | |
226 | */ | |
227 | ||
228 | struct page_frag_1k { | |
229 | void *va; | |
230 | u16 offset; | |
231 | bool pfmemalloc; | |
232 | }; | |
233 | ||
234 | static void *page_frag_alloc_1k(struct page_frag_1k *nc, gfp_t gfp) | |
235 | { | |
236 | struct page *page; | |
237 | int offset; | |
238 | ||
239 | offset = nc->offset - SZ_1K; | |
240 | if (likely(offset >= 0)) | |
241 | goto use_frag; | |
242 | ||
243 | page = alloc_pages_node(NUMA_NO_NODE, gfp, 0); | |
244 | if (!page) | |
245 | return NULL; | |
246 | ||
247 | nc->va = page_address(page); | |
248 | nc->pfmemalloc = page_is_pfmemalloc(page); | |
249 | offset = PAGE_SIZE - SZ_1K; | |
250 | page_ref_add(page, offset / SZ_1K); | |
251 | ||
252 | use_frag: | |
253 | nc->offset = offset; | |
254 | return nc->va + offset; | |
255 | } | |
256 | #else | |
257 | ||
258 | /* the small page is actually unused in this build; add dummy helpers | |
259 | * to please the compiler and avoid later preprocessor's conditionals | |
260 | */ | |
261 | #define NAPI_HAS_SMALL_PAGE_FRAG 0 | |
262 | #define NAPI_SMALL_PAGE_PFMEMALLOC(nc) false | |
263 | ||
264 | struct page_frag_1k { | |
265 | }; | |
266 | ||
267 | static void *page_frag_alloc_1k(struct page_frag_1k *nc, gfp_t gfp_mask) | |
268 | { | |
269 | return NULL; | |
270 | } | |
271 | ||
272 | #endif | |
273 | ||
50fad4b5 AL |
274 | struct napi_alloc_cache { |
275 | struct page_frag_cache page; | |
dbae2b06 | 276 | struct page_frag_1k page_small; |
50fad4b5 AL |
277 | unsigned int skb_count; |
278 | void *skb_cache[NAPI_SKB_CACHE_SIZE]; | |
279 | }; | |
280 | ||
281 | static DEFINE_PER_CPU(struct page_frag_cache, netdev_alloc_cache); | |
282 | static DEFINE_PER_CPU(struct napi_alloc_cache, napi_alloc_cache); | |
283 | ||
dbae2b06 PA |
284 | /* Double check that napi_get_frags() allocates skbs with |
285 | * skb->head being backed by slab, not a page fragment. | |
286 | * This is to make sure bug fixed in 3226b158e67c | |
287 | * ("net: avoid 32 x truesize under-estimation for tiny skbs") | |
288 | * does not accidentally come back. | |
289 | */ | |
290 | void napi_get_frags_check(struct napi_struct *napi) | |
291 | { | |
292 | struct sk_buff *skb; | |
293 | ||
294 | local_bh_disable(); | |
295 | skb = napi_get_frags(napi); | |
296 | WARN_ON_ONCE(!NAPI_HAS_SMALL_PAGE_FRAG && skb && skb->head_frag); | |
297 | napi_free_frags(napi); | |
298 | local_bh_enable(); | |
299 | } | |
300 | ||
32e3573f | 301 | void *__napi_alloc_frag_align(unsigned int fragsz, unsigned int align_mask) |
50fad4b5 AL |
302 | { |
303 | struct napi_alloc_cache *nc = this_cpu_ptr(&napi_alloc_cache); | |
304 | ||
50fad4b5 AL |
305 | fragsz = SKB_DATA_ALIGN(fragsz); |
306 | ||
32e3573f | 307 | return page_frag_alloc_align(&nc->page, fragsz, GFP_ATOMIC, align_mask); |
50fad4b5 AL |
308 | } |
309 | EXPORT_SYMBOL(__napi_alloc_frag_align); | |
310 | ||
311 | void *__netdev_alloc_frag_align(unsigned int fragsz, unsigned int align_mask) | |
312 | { | |
50fad4b5 AL |
313 | void *data; |
314 | ||
315 | fragsz = SKB_DATA_ALIGN(fragsz); | |
afa79d08 | 316 | if (in_hardirq() || irqs_disabled()) { |
32e3573f YD |
317 | struct page_frag_cache *nc = this_cpu_ptr(&netdev_alloc_cache); |
318 | ||
50fad4b5 AL |
319 | data = page_frag_alloc_align(nc, fragsz, GFP_ATOMIC, align_mask); |
320 | } else { | |
32e3573f YD |
321 | struct napi_alloc_cache *nc; |
322 | ||
50fad4b5 | 323 | local_bh_disable(); |
32e3573f YD |
324 | nc = this_cpu_ptr(&napi_alloc_cache); |
325 | data = page_frag_alloc_align(&nc->page, fragsz, GFP_ATOMIC, align_mask); | |
50fad4b5 AL |
326 | local_bh_enable(); |
327 | } | |
328 | return data; | |
329 | } | |
330 | EXPORT_SYMBOL(__netdev_alloc_frag_align); | |
331 | ||
f450d539 AL |
332 | static struct sk_buff *napi_skb_cache_get(void) |
333 | { | |
334 | struct napi_alloc_cache *nc = this_cpu_ptr(&napi_alloc_cache); | |
335 | struct sk_buff *skb; | |
336 | ||
49ae83fc | 337 | if (unlikely(!nc->skb_count)) { |
025a785f | 338 | nc->skb_count = kmem_cache_alloc_bulk(skbuff_cache, |
f450d539 AL |
339 | GFP_ATOMIC, |
340 | NAPI_SKB_CACHE_BULK, | |
341 | nc->skb_cache); | |
49ae83fc SPL |
342 | if (unlikely(!nc->skb_count)) |
343 | return NULL; | |
344 | } | |
f450d539 AL |
345 | |
346 | skb = nc->skb_cache[--nc->skb_count]; | |
025a785f | 347 | kasan_unpoison_object_data(skbuff_cache, skb); |
f450d539 AL |
348 | |
349 | return skb; | |
350 | } | |
351 | ||
ce098da1 KC |
352 | static inline void __finalize_skb_around(struct sk_buff *skb, void *data, |
353 | unsigned int size) | |
ba0509b6 JDB |
354 | { |
355 | struct skb_shared_info *shinfo; | |
ba0509b6 JDB |
356 | |
357 | size -= SKB_DATA_ALIGN(sizeof(struct skb_shared_info)); | |
358 | ||
359 | /* Assumes caller memset cleared SKB */ | |
360 | skb->truesize = SKB_TRUESIZE(size); | |
361 | refcount_set(&skb->users, 1); | |
362 | skb->head = data; | |
363 | skb->data = data; | |
364 | skb_reset_tail_pointer(skb); | |
763087da | 365 | skb_set_end_offset(skb, size); |
ba0509b6 JDB |
366 | skb->mac_header = (typeof(skb->mac_header))~0U; |
367 | skb->transport_header = (typeof(skb->transport_header))~0U; | |
68822bdf | 368 | skb->alloc_cpu = raw_smp_processor_id(); |
ba0509b6 JDB |
369 | /* make sure we initialize shinfo sequentially */ |
370 | shinfo = skb_shinfo(skb); | |
371 | memset(shinfo, 0, offsetof(struct skb_shared_info, dataref)); | |
372 | atomic_set(&shinfo->dataref, 1); | |
373 | ||
6370cc3b | 374 | skb_set_kcov_handle(skb, kcov_common_handle()); |
ba0509b6 JDB |
375 | } |
376 | ||
ce098da1 KC |
377 | static inline void *__slab_build_skb(struct sk_buff *skb, void *data, |
378 | unsigned int *size) | |
379 | { | |
380 | void *resized; | |
381 | ||
382 | /* Must find the allocation size (and grow it to match). */ | |
383 | *size = ksize(data); | |
384 | /* krealloc() will immediately return "data" when | |
385 | * "ksize(data)" is requested: it is the existing upper | |
386 | * bounds. As a result, GFP_ATOMIC will be ignored. Note | |
387 | * that this "new" pointer needs to be passed back to the | |
388 | * caller for use so the __alloc_size hinting will be | |
389 | * tracked correctly. | |
390 | */ | |
391 | resized = krealloc(data, *size, GFP_ATOMIC); | |
392 | WARN_ON_ONCE(resized != data); | |
393 | return resized; | |
394 | } | |
395 | ||
396 | /* build_skb() variant which can operate on slab buffers. | |
397 | * Note that this should be used sparingly as slab buffers | |
398 | * cannot be combined efficiently by GRO! | |
399 | */ | |
400 | struct sk_buff *slab_build_skb(void *data) | |
401 | { | |
402 | struct sk_buff *skb; | |
403 | unsigned int size; | |
404 | ||
025a785f | 405 | skb = kmem_cache_alloc(skbuff_cache, GFP_ATOMIC); |
ce098da1 KC |
406 | if (unlikely(!skb)) |
407 | return NULL; | |
408 | ||
409 | memset(skb, 0, offsetof(struct sk_buff, tail)); | |
410 | data = __slab_build_skb(skb, data, &size); | |
411 | __finalize_skb_around(skb, data, size); | |
412 | ||
413 | return skb; | |
414 | } | |
415 | EXPORT_SYMBOL(slab_build_skb); | |
416 | ||
417 | /* Caller must provide SKB that is memset cleared */ | |
418 | static void __build_skb_around(struct sk_buff *skb, void *data, | |
419 | unsigned int frag_size) | |
420 | { | |
421 | unsigned int size = frag_size; | |
422 | ||
423 | /* frag_size == 0 is considered deprecated now. Callers | |
424 | * using slab buffer should use slab_build_skb() instead. | |
425 | */ | |
426 | if (WARN_ONCE(size == 0, "Use slab_build_skb() instead")) | |
427 | data = __slab_build_skb(skb, data, &size); | |
428 | ||
429 | __finalize_skb_around(skb, data, size); | |
430 | } | |
431 | ||
b2b5ce9d | 432 | /** |
2ea2f62c | 433 | * __build_skb - build a network buffer |
b2b5ce9d | 434 | * @data: data buffer provided by caller |
ce098da1 | 435 | * @frag_size: size of data (must not be 0) |
b2b5ce9d ED |
436 | * |
437 | * Allocate a new &sk_buff. Caller provides space holding head and | |
ce098da1 KC |
438 | * skb_shared_info. @data must have been allocated from the page |
439 | * allocator or vmalloc(). (A @frag_size of 0 to indicate a kmalloc() | |
440 | * allocation is deprecated, and callers should use slab_build_skb() | |
441 | * instead.) | |
b2b5ce9d ED |
442 | * The return is the new skb buffer. |
443 | * On a failure the return is %NULL, and @data is not freed. | |
444 | * Notes : | |
445 | * Before IO, driver allocates only data buffer where NIC put incoming frame | |
446 | * Driver should add room at head (NET_SKB_PAD) and | |
447 | * MUST add room at tail (SKB_DATA_ALIGN(skb_shared_info)) | |
448 | * After IO, driver calls build_skb(), to allocate sk_buff and populate it | |
449 | * before giving packet to stack. | |
450 | * RX rings only contains data buffers, not full skbs. | |
451 | */ | |
2ea2f62c | 452 | struct sk_buff *__build_skb(void *data, unsigned int frag_size) |
b2b5ce9d | 453 | { |
b2b5ce9d | 454 | struct sk_buff *skb; |
b2b5ce9d | 455 | |
025a785f | 456 | skb = kmem_cache_alloc(skbuff_cache, GFP_ATOMIC); |
ba0509b6 | 457 | if (unlikely(!skb)) |
b2b5ce9d ED |
458 | return NULL; |
459 | ||
b2b5ce9d | 460 | memset(skb, 0, offsetof(struct sk_buff, tail)); |
483126b3 | 461 | __build_skb_around(skb, data, frag_size); |
b2b5ce9d | 462 | |
483126b3 | 463 | return skb; |
b2b5ce9d | 464 | } |
2ea2f62c ED |
465 | |
466 | /* build_skb() is wrapper over __build_skb(), that specifically | |
467 | * takes care of skb->head and skb->pfmemalloc | |
2ea2f62c ED |
468 | */ |
469 | struct sk_buff *build_skb(void *data, unsigned int frag_size) | |
470 | { | |
471 | struct sk_buff *skb = __build_skb(data, frag_size); | |
472 | ||
3c640126 | 473 | if (likely(skb && frag_size)) { |
2ea2f62c | 474 | skb->head_frag = 1; |
566b6701 | 475 | skb_propagate_pfmemalloc(virt_to_head_page(data), skb); |
2ea2f62c ED |
476 | } |
477 | return skb; | |
478 | } | |
b2b5ce9d ED |
479 | EXPORT_SYMBOL(build_skb); |
480 | ||
ba0509b6 JDB |
481 | /** |
482 | * build_skb_around - build a network buffer around provided skb | |
483 | * @skb: sk_buff provide by caller, must be memset cleared | |
484 | * @data: data buffer provided by caller | |
12c1604a | 485 | * @frag_size: size of data |
ba0509b6 JDB |
486 | */ |
487 | struct sk_buff *build_skb_around(struct sk_buff *skb, | |
488 | void *data, unsigned int frag_size) | |
489 | { | |
490 | if (unlikely(!skb)) | |
491 | return NULL; | |
492 | ||
483126b3 | 493 | __build_skb_around(skb, data, frag_size); |
ba0509b6 | 494 | |
483126b3 | 495 | if (frag_size) { |
ba0509b6 | 496 | skb->head_frag = 1; |
566b6701 | 497 | skb_propagate_pfmemalloc(virt_to_head_page(data), skb); |
ba0509b6 JDB |
498 | } |
499 | return skb; | |
500 | } | |
501 | EXPORT_SYMBOL(build_skb_around); | |
502 | ||
f450d539 AL |
503 | /** |
504 | * __napi_build_skb - build a network buffer | |
505 | * @data: data buffer provided by caller | |
12c1604a | 506 | * @frag_size: size of data |
f450d539 AL |
507 | * |
508 | * Version of __build_skb() that uses NAPI percpu caches to obtain | |
509 | * skbuff_head instead of inplace allocation. | |
510 | * | |
511 | * Returns a new &sk_buff on success, %NULL on allocation failure. | |
512 | */ | |
513 | static struct sk_buff *__napi_build_skb(void *data, unsigned int frag_size) | |
514 | { | |
515 | struct sk_buff *skb; | |
516 | ||
517 | skb = napi_skb_cache_get(); | |
518 | if (unlikely(!skb)) | |
519 | return NULL; | |
520 | ||
521 | memset(skb, 0, offsetof(struct sk_buff, tail)); | |
522 | __build_skb_around(skb, data, frag_size); | |
523 | ||
524 | return skb; | |
525 | } | |
526 | ||
527 | /** | |
528 | * napi_build_skb - build a network buffer | |
529 | * @data: data buffer provided by caller | |
12c1604a | 530 | * @frag_size: size of data |
f450d539 AL |
531 | * |
532 | * Version of __napi_build_skb() that takes care of skb->head_frag | |
533 | * and skb->pfmemalloc when the data is a page or page fragment. | |
534 | * | |
535 | * Returns a new &sk_buff on success, %NULL on allocation failure. | |
536 | */ | |
537 | struct sk_buff *napi_build_skb(void *data, unsigned int frag_size) | |
538 | { | |
539 | struct sk_buff *skb = __napi_build_skb(data, frag_size); | |
540 | ||
541 | if (likely(skb) && frag_size) { | |
542 | skb->head_frag = 1; | |
543 | skb_propagate_pfmemalloc(virt_to_head_page(data), skb); | |
544 | } | |
545 | ||
546 | return skb; | |
547 | } | |
548 | EXPORT_SYMBOL(napi_build_skb); | |
549 | ||
5381b23d AL |
550 | /* |
551 | * kmalloc_reserve is a wrapper around kmalloc_node_track_caller that tells | |
552 | * the caller if emergency pfmemalloc reserves are being used. If it is and | |
553 | * the socket is later found to be SOCK_MEMALLOC then PFMEMALLOC reserves | |
554 | * may be used. Otherwise, the packet data may be discarded until enough | |
555 | * memory is free | |
556 | */ | |
5c0e820c | 557 | static void *kmalloc_reserve(unsigned int *size, gfp_t flags, int node, |
ef28095f | 558 | bool *pfmemalloc) |
5381b23d | 559 | { |
5381b23d | 560 | bool ret_pfmemalloc = false; |
5c0e820c ED |
561 | unsigned int obj_size; |
562 | void *obj; | |
5381b23d | 563 | |
5c0e820c | 564 | obj_size = SKB_HEAD_ALIGN(*size); |
bf9f1baa ED |
565 | #ifdef HAVE_SKB_SMALL_HEAD_CACHE |
566 | if (obj_size <= SKB_SMALL_HEAD_CACHE_SIZE && | |
567 | !(flags & KMALLOC_NOT_NORMAL_BITS)) { | |
bf9f1baa ED |
568 | obj = kmem_cache_alloc_node(skb_small_head_cache, |
569 | flags | __GFP_NOMEMALLOC | __GFP_NOWARN, | |
570 | node); | |
880ce5f2 ED |
571 | *size = SKB_SMALL_HEAD_CACHE_SIZE; |
572 | if (obj || !(gfp_pfmemalloc_allowed(flags))) | |
bf9f1baa | 573 | goto out; |
880ce5f2 ED |
574 | /* Try again but now we are using pfmemalloc reserves */ |
575 | ret_pfmemalloc = true; | |
576 | obj = kmem_cache_alloc_node(skb_small_head_cache, flags, node); | |
577 | goto out; | |
bf9f1baa ED |
578 | } |
579 | #endif | |
5c0e820c | 580 | *size = obj_size = kmalloc_size_roundup(obj_size); |
5381b23d AL |
581 | /* |
582 | * Try a regular allocation, when that fails and we're not entitled | |
583 | * to the reserves, fail. | |
584 | */ | |
5c0e820c | 585 | obj = kmalloc_node_track_caller(obj_size, |
5381b23d AL |
586 | flags | __GFP_NOMEMALLOC | __GFP_NOWARN, |
587 | node); | |
588 | if (obj || !(gfp_pfmemalloc_allowed(flags))) | |
589 | goto out; | |
590 | ||
591 | /* Try again but now we are using pfmemalloc reserves */ | |
592 | ret_pfmemalloc = true; | |
5c0e820c | 593 | obj = kmalloc_node_track_caller(obj_size, flags, node); |
5381b23d AL |
594 | |
595 | out: | |
596 | if (pfmemalloc) | |
597 | *pfmemalloc = ret_pfmemalloc; | |
598 | ||
599 | return obj; | |
600 | } | |
601 | ||
602 | /* Allocate a new skbuff. We do this ourselves so we can fill in a few | |
603 | * 'private' fields and also do memory statistics to find all the | |
604 | * [BEEP] leaks. | |
605 | * | |
606 | */ | |
607 | ||
608 | /** | |
609 | * __alloc_skb - allocate a network buffer | |
610 | * @size: size to allocate | |
611 | * @gfp_mask: allocation mask | |
612 | * @flags: If SKB_ALLOC_FCLONE is set, allocate from fclone cache | |
613 | * instead of head cache and allocate a cloned (child) skb. | |
614 | * If SKB_ALLOC_RX is set, __GFP_MEMALLOC will be used for | |
615 | * allocations in case the data is required for writeback | |
616 | * @node: numa node to allocate memory on | |
617 | * | |
618 | * Allocate a new &sk_buff. The returned buffer has no headroom and a | |
619 | * tail room of at least size bytes. The object has a reference count | |
620 | * of one. The return is the buffer. On a failure the return is %NULL. | |
621 | * | |
622 | * Buffers may only be allocated from interrupts using a @gfp_mask of | |
623 | * %GFP_ATOMIC. | |
624 | */ | |
625 | struct sk_buff *__alloc_skb(unsigned int size, gfp_t gfp_mask, | |
626 | int flags, int node) | |
627 | { | |
628 | struct kmem_cache *cache; | |
5381b23d | 629 | struct sk_buff *skb; |
5381b23d | 630 | bool pfmemalloc; |
a5df6333 | 631 | u8 *data; |
5381b23d AL |
632 | |
633 | cache = (flags & SKB_ALLOC_FCLONE) | |
025a785f | 634 | ? skbuff_fclone_cache : skbuff_cache; |
5381b23d AL |
635 | |
636 | if (sk_memalloc_socks() && (flags & SKB_ALLOC_RX)) | |
637 | gfp_mask |= __GFP_MEMALLOC; | |
638 | ||
639 | /* Get the HEAD */ | |
d13612b5 AL |
640 | if ((flags & (SKB_ALLOC_FCLONE | SKB_ALLOC_NAPI)) == SKB_ALLOC_NAPI && |
641 | likely(node == NUMA_NO_NODE || node == numa_mem_id())) | |
642 | skb = napi_skb_cache_get(); | |
643 | else | |
644 | skb = kmem_cache_alloc_node(cache, gfp_mask & ~GFP_DMA, node); | |
df1ae022 AL |
645 | if (unlikely(!skb)) |
646 | return NULL; | |
5381b23d AL |
647 | prefetchw(skb); |
648 | ||
649 | /* We do our best to align skb_shared_info on a separate cache | |
650 | * line. It usually works because kmalloc(X > SMP_CACHE_BYTES) gives | |
651 | * aligned memory blocks, unless SLUB/SLAB debug is enabled. | |
652 | * Both skb->head and skb_shared_info are cache line aligned. | |
653 | */ | |
5c0e820c | 654 | data = kmalloc_reserve(&size, gfp_mask, node, &pfmemalloc); |
df1ae022 | 655 | if (unlikely(!data)) |
5381b23d | 656 | goto nodata; |
12d6c1d3 | 657 | /* kmalloc_size_roundup() might give us more room than requested. |
5381b23d AL |
658 | * Put skb_shared_info exactly at the end of allocated zone, |
659 | * to allow max possible filling before reallocation. | |
660 | */ | |
65998d2b | 661 | prefetchw(data + SKB_WITH_OVERHEAD(size)); |
5381b23d AL |
662 | |
663 | /* | |
664 | * Only clear those fields we need to clear, not those that we will | |
665 | * actually initialise below. Hence, don't put any more fields after | |
666 | * the tail pointer in struct sk_buff! | |
667 | */ | |
668 | memset(skb, 0, offsetof(struct sk_buff, tail)); | |
65998d2b | 669 | __build_skb_around(skb, data, size); |
5381b23d | 670 | skb->pfmemalloc = pfmemalloc; |
5381b23d AL |
671 | |
672 | if (flags & SKB_ALLOC_FCLONE) { | |
673 | struct sk_buff_fclones *fclones; | |
674 | ||
675 | fclones = container_of(skb, struct sk_buff_fclones, skb1); | |
676 | ||
677 | skb->fclone = SKB_FCLONE_ORIG; | |
678 | refcount_set(&fclones->fclone_ref, 1); | |
5381b23d AL |
679 | } |
680 | ||
5381b23d | 681 | return skb; |
df1ae022 | 682 | |
5381b23d AL |
683 | nodata: |
684 | kmem_cache_free(cache, skb); | |
df1ae022 | 685 | return NULL; |
5381b23d AL |
686 | } |
687 | EXPORT_SYMBOL(__alloc_skb); | |
688 | ||
fd11a83d AD |
689 | /** |
690 | * __netdev_alloc_skb - allocate an skbuff for rx on a specific device | |
691 | * @dev: network device to receive on | |
d7499160 | 692 | * @len: length to allocate |
fd11a83d AD |
693 | * @gfp_mask: get_free_pages mask, passed to alloc_skb |
694 | * | |
695 | * Allocate a new &sk_buff and assign it a usage count of one. The | |
696 | * buffer has NET_SKB_PAD headroom built in. Users should allocate | |
697 | * the headroom they think they need without accounting for the | |
698 | * built in space. The built in space is used for optimisations. | |
699 | * | |
700 | * %NULL is returned if there is no free memory. | |
701 | */ | |
9451980a AD |
702 | struct sk_buff *__netdev_alloc_skb(struct net_device *dev, unsigned int len, |
703 | gfp_t gfp_mask) | |
fd11a83d | 704 | { |
b63ae8ca | 705 | struct page_frag_cache *nc; |
fd11a83d | 706 | struct sk_buff *skb; |
9451980a AD |
707 | bool pfmemalloc; |
708 | void *data; | |
709 | ||
710 | len += NET_SKB_PAD; | |
fd11a83d | 711 | |
66c55602 AL |
712 | /* If requested length is either too small or too big, |
713 | * we use kmalloc() for skb->head allocation. | |
714 | */ | |
715 | if (len <= SKB_WITH_OVERHEAD(1024) || | |
716 | len > SKB_WITH_OVERHEAD(PAGE_SIZE) || | |
d0164adc | 717 | (gfp_mask & (__GFP_DIRECT_RECLAIM | GFP_DMA))) { |
a080e7bd AD |
718 | skb = __alloc_skb(len, gfp_mask, SKB_ALLOC_RX, NUMA_NO_NODE); |
719 | if (!skb) | |
720 | goto skb_fail; | |
721 | goto skb_success; | |
722 | } | |
fd11a83d | 723 | |
115f1a5c | 724 | len = SKB_HEAD_ALIGN(len); |
9451980a AD |
725 | |
726 | if (sk_memalloc_socks()) | |
727 | gfp_mask |= __GFP_MEMALLOC; | |
728 | ||
afa79d08 | 729 | if (in_hardirq() || irqs_disabled()) { |
92dcabd7 SAS |
730 | nc = this_cpu_ptr(&netdev_alloc_cache); |
731 | data = page_frag_alloc(nc, len, gfp_mask); | |
732 | pfmemalloc = nc->pfmemalloc; | |
733 | } else { | |
734 | local_bh_disable(); | |
735 | nc = this_cpu_ptr(&napi_alloc_cache.page); | |
736 | data = page_frag_alloc(nc, len, gfp_mask); | |
737 | pfmemalloc = nc->pfmemalloc; | |
738 | local_bh_enable(); | |
739 | } | |
9451980a AD |
740 | |
741 | if (unlikely(!data)) | |
742 | return NULL; | |
743 | ||
744 | skb = __build_skb(data, len); | |
745 | if (unlikely(!skb)) { | |
181edb2b | 746 | skb_free_frag(data); |
9451980a | 747 | return NULL; |
7b2e497a | 748 | } |
fd11a83d | 749 | |
9451980a AD |
750 | if (pfmemalloc) |
751 | skb->pfmemalloc = 1; | |
752 | skb->head_frag = 1; | |
753 | ||
a080e7bd | 754 | skb_success: |
9451980a AD |
755 | skb_reserve(skb, NET_SKB_PAD); |
756 | skb->dev = dev; | |
757 | ||
a080e7bd | 758 | skb_fail: |
8af27456 CH |
759 | return skb; |
760 | } | |
b4ac530f | 761 | EXPORT_SYMBOL(__netdev_alloc_skb); |
1da177e4 | 762 | |
fd11a83d AD |
763 | /** |
764 | * __napi_alloc_skb - allocate skbuff for rx in a specific NAPI instance | |
765 | * @napi: napi instance this buffer was allocated for | |
d7499160 | 766 | * @len: length to allocate |
fd11a83d AD |
767 | * @gfp_mask: get_free_pages mask, passed to alloc_skb and alloc_pages |
768 | * | |
769 | * Allocate a new sk_buff for use in NAPI receive. This buffer will | |
770 | * attempt to allocate the head from a special reserved region used | |
771 | * only for NAPI Rx allocation. By doing this we can save several | |
772 | * CPU cycles by avoiding having to disable and re-enable IRQs. | |
773 | * | |
774 | * %NULL is returned if there is no free memory. | |
775 | */ | |
9451980a AD |
776 | struct sk_buff *__napi_alloc_skb(struct napi_struct *napi, unsigned int len, |
777 | gfp_t gfp_mask) | |
fd11a83d | 778 | { |
3226b158 | 779 | struct napi_alloc_cache *nc; |
fd11a83d | 780 | struct sk_buff *skb; |
dbae2b06 | 781 | bool pfmemalloc; |
9451980a AD |
782 | void *data; |
783 | ||
ee2640df | 784 | DEBUG_NET_WARN_ON_ONCE(!in_softirq()); |
9451980a | 785 | len += NET_SKB_PAD + NET_IP_ALIGN; |
fd11a83d | 786 | |
3226b158 ED |
787 | /* If requested length is either too small or too big, |
788 | * we use kmalloc() for skb->head allocation. | |
dbae2b06 PA |
789 | * When the small frag allocator is available, prefer it over kmalloc |
790 | * for small fragments | |
3226b158 | 791 | */ |
dbae2b06 | 792 | if ((!NAPI_HAS_SMALL_PAGE_FRAG && len <= SKB_WITH_OVERHEAD(1024)) || |
3226b158 | 793 | len > SKB_WITH_OVERHEAD(PAGE_SIZE) || |
d0164adc | 794 | (gfp_mask & (__GFP_DIRECT_RECLAIM | GFP_DMA))) { |
cfb8ec65 AL |
795 | skb = __alloc_skb(len, gfp_mask, SKB_ALLOC_RX | SKB_ALLOC_NAPI, |
796 | NUMA_NO_NODE); | |
a080e7bd AD |
797 | if (!skb) |
798 | goto skb_fail; | |
799 | goto skb_success; | |
800 | } | |
9451980a | 801 | |
3226b158 | 802 | nc = this_cpu_ptr(&napi_alloc_cache); |
9451980a AD |
803 | |
804 | if (sk_memalloc_socks()) | |
805 | gfp_mask |= __GFP_MEMALLOC; | |
fd11a83d | 806 | |
dbae2b06 PA |
807 | if (NAPI_HAS_SMALL_PAGE_FRAG && len <= SKB_WITH_OVERHEAD(1024)) { |
808 | /* we are artificially inflating the allocation size, but | |
809 | * that is not as bad as it may look like, as: | |
810 | * - 'len' less than GRO_MAX_HEAD makes little sense | |
811 | * - On most systems, larger 'len' values lead to fragment | |
812 | * size above 512 bytes | |
813 | * - kmalloc would use the kmalloc-1k slab for such values | |
814 | * - Builds with smaller GRO_MAX_HEAD will very likely do | |
815 | * little networking, as that implies no WiFi and no | |
816 | * tunnels support, and 32 bits arches. | |
817 | */ | |
818 | len = SZ_1K; | |
819 | ||
820 | data = page_frag_alloc_1k(&nc->page_small, gfp_mask); | |
821 | pfmemalloc = NAPI_SMALL_PAGE_PFMEMALLOC(nc->page_small); | |
822 | } else { | |
115f1a5c | 823 | len = SKB_HEAD_ALIGN(len); |
dbae2b06 PA |
824 | |
825 | data = page_frag_alloc(&nc->page, len, gfp_mask); | |
826 | pfmemalloc = nc->page.pfmemalloc; | |
827 | } | |
828 | ||
9451980a AD |
829 | if (unlikely(!data)) |
830 | return NULL; | |
831 | ||
cfb8ec65 | 832 | skb = __napi_build_skb(data, len); |
9451980a | 833 | if (unlikely(!skb)) { |
181edb2b | 834 | skb_free_frag(data); |
9451980a | 835 | return NULL; |
fd11a83d AD |
836 | } |
837 | ||
dbae2b06 | 838 | if (pfmemalloc) |
9451980a AD |
839 | skb->pfmemalloc = 1; |
840 | skb->head_frag = 1; | |
841 | ||
a080e7bd | 842 | skb_success: |
9451980a AD |
843 | skb_reserve(skb, NET_SKB_PAD + NET_IP_ALIGN); |
844 | skb->dev = napi->dev; | |
845 | ||
a080e7bd | 846 | skb_fail: |
fd11a83d AD |
847 | return skb; |
848 | } | |
849 | EXPORT_SYMBOL(__napi_alloc_skb); | |
850 | ||
654bed16 | 851 | void skb_add_rx_frag(struct sk_buff *skb, int i, struct page *page, int off, |
50269e19 | 852 | int size, unsigned int truesize) |
654bed16 PZ |
853 | { |
854 | skb_fill_page_desc(skb, i, page, off, size); | |
855 | skb->len += size; | |
856 | skb->data_len += size; | |
50269e19 | 857 | skb->truesize += truesize; |
654bed16 PZ |
858 | } |
859 | EXPORT_SYMBOL(skb_add_rx_frag); | |
860 | ||
f8e617e1 JW |
861 | void skb_coalesce_rx_frag(struct sk_buff *skb, int i, int size, |
862 | unsigned int truesize) | |
863 | { | |
864 | skb_frag_t *frag = &skb_shinfo(skb)->frags[i]; | |
865 | ||
866 | skb_frag_size_add(frag, size); | |
867 | skb->len += size; | |
868 | skb->data_len += size; | |
869 | skb->truesize += truesize; | |
870 | } | |
871 | EXPORT_SYMBOL(skb_coalesce_rx_frag); | |
872 | ||
27b437c8 | 873 | static void skb_drop_list(struct sk_buff **listp) |
1da177e4 | 874 | { |
bd8a7036 | 875 | kfree_skb_list(*listp); |
27b437c8 | 876 | *listp = NULL; |
1da177e4 LT |
877 | } |
878 | ||
27b437c8 HX |
879 | static inline void skb_drop_fraglist(struct sk_buff *skb) |
880 | { | |
881 | skb_drop_list(&skb_shinfo(skb)->frag_list); | |
882 | } | |
883 | ||
1da177e4 LT |
884 | static void skb_clone_fraglist(struct sk_buff *skb) |
885 | { | |
886 | struct sk_buff *list; | |
887 | ||
fbb398a8 | 888 | skb_walk_frags(skb, list) |
1da177e4 LT |
889 | skb_get(list); |
890 | } | |
891 | ||
b07a2d97 | 892 | static bool skb_pp_recycle(struct sk_buff *skb, void *data, bool napi_safe) |
4727bab4 YL |
893 | { |
894 | if (!IS_ENABLED(CONFIG_PAGE_POOL) || !skb->pp_recycle) | |
895 | return false; | |
8c48eea3 | 896 | return page_pool_return_skb_page(virt_to_page(data), napi_safe); |
4727bab4 YL |
897 | } |
898 | ||
bf9f1baa ED |
899 | static void skb_kfree_head(void *head, unsigned int end_offset) |
900 | { | |
901 | #ifdef HAVE_SKB_SMALL_HEAD_CACHE | |
902 | if (end_offset == SKB_SMALL_HEAD_HEADROOM) | |
903 | kmem_cache_free(skb_small_head_cache, head); | |
904 | else | |
905 | #endif | |
906 | kfree(head); | |
907 | } | |
908 | ||
b07a2d97 | 909 | static void skb_free_head(struct sk_buff *skb, bool napi_safe) |
d3836f21 | 910 | { |
181edb2b AD |
911 | unsigned char *head = skb->head; |
912 | ||
6a5bcd84 | 913 | if (skb->head_frag) { |
b07a2d97 | 914 | if (skb_pp_recycle(skb, head, napi_safe)) |
6a5bcd84 | 915 | return; |
181edb2b | 916 | skb_free_frag(head); |
6a5bcd84 | 917 | } else { |
bf9f1baa | 918 | skb_kfree_head(head, skb_end_offset(skb)); |
6a5bcd84 | 919 | } |
d3836f21 ED |
920 | } |
921 | ||
b07a2d97 JK |
922 | static void skb_release_data(struct sk_buff *skb, enum skb_drop_reason reason, |
923 | bool napi_safe) | |
1da177e4 | 924 | { |
ff04a771 ED |
925 | struct skb_shared_info *shinfo = skb_shinfo(skb); |
926 | int i; | |
1da177e4 | 927 | |
ff04a771 ED |
928 | if (skb->cloned && |
929 | atomic_sub_return(skb->nohdr ? (1 << SKB_DATAREF_SHIFT) + 1 : 1, | |
930 | &shinfo->dataref)) | |
2cc3aeb5 | 931 | goto exit; |
a6686f2f | 932 | |
753f1ca4 PB |
933 | if (skb_zcopy(skb)) { |
934 | bool skip_unref = shinfo->flags & SKBFL_MANAGED_FRAG_REFS; | |
935 | ||
936 | skb_zcopy_clear(skb, true); | |
937 | if (skip_unref) | |
938 | goto free_head; | |
939 | } | |
70c43167 | 940 | |
ff04a771 | 941 | for (i = 0; i < shinfo->nr_frags; i++) |
8c48eea3 | 942 | napi_frag_unref(&shinfo->frags[i], skb->pp_recycle, napi_safe); |
a6686f2f | 943 | |
753f1ca4 | 944 | free_head: |
ff04a771 | 945 | if (shinfo->frag_list) |
511a3eda | 946 | kfree_skb_list_reason(shinfo->frag_list, reason); |
ff04a771 | 947 | |
b07a2d97 | 948 | skb_free_head(skb, napi_safe); |
2cc3aeb5 IA |
949 | exit: |
950 | /* When we clone an SKB we copy the reycling bit. The pp_recycle | |
951 | * bit is only set on the head though, so in order to avoid races | |
952 | * while trying to recycle fragments on __skb_frag_unref() we need | |
953 | * to make one SKB responsible for triggering the recycle path. | |
954 | * So disable the recycling bit if an SKB is cloned and we have | |
58e61e41 | 955 | * additional references to the fragmented part of the SKB. |
2cc3aeb5 IA |
956 | * Eventually the last SKB will have the recycling bit set and it's |
957 | * dataref set to 0, which will trigger the recycling | |
958 | */ | |
959 | skb->pp_recycle = 0; | |
1da177e4 LT |
960 | } |
961 | ||
962 | /* | |
963 | * Free an skbuff by memory without cleaning the state. | |
964 | */ | |
2d4baff8 | 965 | static void kfree_skbmem(struct sk_buff *skb) |
1da177e4 | 966 | { |
d0bf4a9e | 967 | struct sk_buff_fclones *fclones; |
d179cd12 | 968 | |
d179cd12 DM |
969 | switch (skb->fclone) { |
970 | case SKB_FCLONE_UNAVAILABLE: | |
025a785f | 971 | kmem_cache_free(skbuff_cache, skb); |
6ffe75eb | 972 | return; |
d179cd12 DM |
973 | |
974 | case SKB_FCLONE_ORIG: | |
d0bf4a9e | 975 | fclones = container_of(skb, struct sk_buff_fclones, skb1); |
d179cd12 | 976 | |
6ffe75eb ED |
977 | /* We usually free the clone (TX completion) before original skb |
978 | * This test would have no chance to be true for the clone, | |
979 | * while here, branch prediction will be good. | |
d179cd12 | 980 | */ |
2638595a | 981 | if (refcount_read(&fclones->fclone_ref) == 1) |
6ffe75eb ED |
982 | goto fastpath; |
983 | break; | |
e7820e39 | 984 | |
6ffe75eb ED |
985 | default: /* SKB_FCLONE_CLONE */ |
986 | fclones = container_of(skb, struct sk_buff_fclones, skb2); | |
d179cd12 | 987 | break; |
3ff50b79 | 988 | } |
2638595a | 989 | if (!refcount_dec_and_test(&fclones->fclone_ref)) |
6ffe75eb ED |
990 | return; |
991 | fastpath: | |
992 | kmem_cache_free(skbuff_fclone_cache, fclones); | |
1da177e4 LT |
993 | } |
994 | ||
0a463c78 | 995 | void skb_release_head_state(struct sk_buff *skb) |
1da177e4 | 996 | { |
adf30907 | 997 | skb_dst_drop(skb); |
9c2b3328 | 998 | if (skb->destructor) { |
7890e2f0 | 999 | DEBUG_NET_WARN_ON_ONCE(in_hardirq()); |
1da177e4 LT |
1000 | skb->destructor(skb); |
1001 | } | |
a3bf7ae9 | 1002 | #if IS_ENABLED(CONFIG_NF_CONNTRACK) |
cb9c6836 | 1003 | nf_conntrack_put(skb_nfct(skb)); |
1da177e4 | 1004 | #endif |
df5042f4 | 1005 | skb_ext_put(skb); |
04a4bb55 LB |
1006 | } |
1007 | ||
1008 | /* Free everything but the sk_buff shell. */ | |
b07a2d97 JK |
1009 | static void skb_release_all(struct sk_buff *skb, enum skb_drop_reason reason, |
1010 | bool napi_safe) | |
04a4bb55 LB |
1011 | { |
1012 | skb_release_head_state(skb); | |
a28b1b90 | 1013 | if (likely(skb->head)) |
b07a2d97 | 1014 | skb_release_data(skb, reason, napi_safe); |
2d4baff8 HX |
1015 | } |
1016 | ||
1017 | /** | |
1018 | * __kfree_skb - private function | |
1019 | * @skb: buffer | |
1020 | * | |
1021 | * Free an sk_buff. Release anything attached to the buffer. | |
1022 | * Clean the state. This is an internal helper function. Users should | |
1023 | * always call kfree_skb | |
1024 | */ | |
1da177e4 | 1025 | |
2d4baff8 HX |
1026 | void __kfree_skb(struct sk_buff *skb) |
1027 | { | |
b07a2d97 | 1028 | skb_release_all(skb, SKB_DROP_REASON_NOT_SPECIFIED, false); |
1da177e4 LT |
1029 | kfree_skbmem(skb); |
1030 | } | |
b4ac530f | 1031 | EXPORT_SYMBOL(__kfree_skb); |
1da177e4 | 1032 | |
a4650da2 JDB |
1033 | static __always_inline |
1034 | bool __kfree_skb_reason(struct sk_buff *skb, enum skb_drop_reason reason) | |
1035 | { | |
1036 | if (unlikely(!skb_unref(skb))) | |
1037 | return false; | |
1038 | ||
071c0fc6 JB |
1039 | DEBUG_NET_WARN_ON_ONCE(reason == SKB_NOT_DROPPED_YET || |
1040 | u32_get_bits(reason, | |
1041 | SKB_DROP_REASON_SUBSYS_MASK) >= | |
1042 | SKB_DROP_REASON_SUBSYS_NUM); | |
a4650da2 JDB |
1043 | |
1044 | if (reason == SKB_CONSUMED) | |
dd1b5278 | 1045 | trace_consume_skb(skb, __builtin_return_address(0)); |
a4650da2 JDB |
1046 | else |
1047 | trace_kfree_skb(skb, __builtin_return_address(0), reason); | |
1048 | return true; | |
1049 | } | |
1050 | ||