Commit | Line | Data |
---|---|---|
2874c5fd | 1 | // SPDX-License-Identifier: GPL-2.0-or-later |
1da177e4 LT |
2 | /* |
3 | * Routines having to do with the 'struct sk_buff' memory handlers. | |
4 | * | |
113aa838 | 5 | * Authors: Alan Cox <alan@lxorguk.ukuu.org.uk> |
1da177e4 LT |
6 | * Florian La Roche <rzsfl@rz.uni-sb.de> |
7 | * | |
1da177e4 LT |
8 | * Fixes: |
9 | * Alan Cox : Fixed the worst of the load | |
10 | * balancer bugs. | |
11 | * Dave Platt : Interrupt stacking fix. | |
12 | * Richard Kooijman : Timestamp fixes. | |
13 | * Alan Cox : Changed buffer format. | |
14 | * Alan Cox : destructor hook for AF_UNIX etc. | |
15 | * Linus Torvalds : Better skb_clone. | |
16 | * Alan Cox : Added skb_copy. | |
17 | * Alan Cox : Added all the changed routines Linus | |
18 | * only put in the headers | |
19 | * Ray VanTassle : Fixed --skb->lock in free | |
20 | * Alan Cox : skb_copy copy arp field | |
21 | * Andi Kleen : slabified it. | |
22 | * Robert Olsson : Removed skb_head_pool | |
23 | * | |
24 | * NOTE: | |
25 | * The __skb_ routines should be called with interrupts | |
26 | * disabled, or you better be *real* sure that the operation is atomic | |
27 | * with respect to whatever list is being frobbed (e.g. via lock_sock() | |
28 | * or via disabling bottom half handlers, etc). | |
1da177e4 LT |
29 | */ |
30 | ||
31 | /* | |
32 | * The functions in this file will not compile correctly with gcc 2.4.x | |
33 | */ | |
34 | ||
e005d193 JP |
35 | #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt |
36 | ||
1da177e4 LT |
37 | #include <linux/module.h> |
38 | #include <linux/types.h> | |
39 | #include <linux/kernel.h> | |
1da177e4 LT |
40 | #include <linux/mm.h> |
41 | #include <linux/interrupt.h> | |
42 | #include <linux/in.h> | |
43 | #include <linux/inet.h> | |
44 | #include <linux/slab.h> | |
de960aa9 FW |
45 | #include <linux/tcp.h> |
46 | #include <linux/udp.h> | |
90017acc | 47 | #include <linux/sctp.h> |
1da177e4 LT |
48 | #include <linux/netdevice.h> |
49 | #ifdef CONFIG_NET_CLS_ACT | |
50 | #include <net/pkt_sched.h> | |
51 | #endif | |
52 | #include <linux/string.h> | |
53 | #include <linux/skbuff.h> | |
9c55e01c | 54 | #include <linux/splice.h> |
1da177e4 LT |
55 | #include <linux/cache.h> |
56 | #include <linux/rtnetlink.h> | |
57 | #include <linux/init.h> | |
716ea3a7 | 58 | #include <linux/scatterlist.h> |
ac45f602 | 59 | #include <linux/errqueue.h> |
268bb0ce | 60 | #include <linux/prefetch.h> |
071c0fc6 | 61 | #include <linux/bitfield.h> |
0d5501c1 | 62 | #include <linux/if_vlan.h> |
2a2ea508 | 63 | #include <linux/mpls.h> |
183f47fc | 64 | #include <linux/kcov.h> |
6d0d4199 | 65 | #include <linux/iov_iter.h> |
1da177e4 LT |
66 | |
67 | #include <net/protocol.h> | |
68 | #include <net/dst.h> | |
69 | #include <net/sock.h> | |
70 | #include <net/checksum.h> | |
d457a0e3 | 71 | #include <net/gso.h> |
ed1f50c3 | 72 | #include <net/ip6_checksum.h> |
1da177e4 | 73 | #include <net/xfrm.h> |
8822e270 | 74 | #include <net/mpls.h> |
3ee17bc7 | 75 | #include <net/mptcp.h> |
78476d31 | 76 | #include <net/mctp.h> |
75eaf63e | 77 | #include <net/page_pool/helpers.h> |
071c0fc6 | 78 | #include <net/dropreason.h> |
1da177e4 | 79 | |
7c0f6ba6 | 80 | #include <linux/uaccess.h> |
ad8d75ff | 81 | #include <trace/events/skb.h> |
51c56b00 | 82 | #include <linux/highmem.h> |
b245be1f WB |
83 | #include <linux/capability.h> |
84 | #include <linux/user_namespace.h> | |
2544af03 | 85 | #include <linux/indirect_call_wrapper.h> |
2195e2a0 | 86 | #include <linux/textsearch.h> |
a1f8e7f7 | 87 | |
39564c3f | 88 | #include "dev.h" |
7f678def | 89 | #include "sock_destructor.h" |
7b7ed885 | 90 | |
025a785f | 91 | struct kmem_cache *skbuff_cache __ro_after_init; |
08009a76 | 92 | static struct kmem_cache *skbuff_fclone_cache __ro_after_init; |
df5042f4 FW |
93 | #ifdef CONFIG_SKB_EXTENSIONS |
94 | static struct kmem_cache *skbuff_ext_cache __ro_after_init; | |
95 | #endif | |
bf9f1baa | 96 | |
bf9f1baa | 97 | |
bf9f1baa ED |
98 | static struct kmem_cache *skb_small_head_cache __ro_after_init; |
99 | ||
100 | #define SKB_SMALL_HEAD_SIZE SKB_HEAD_ALIGN(MAX_TCP_HEADER) | |
101 | ||
102 | /* We want SKB_SMALL_HEAD_CACHE_SIZE to not be a power of two. | |
103 | * This should ensure that SKB_SMALL_HEAD_HEADROOM is a unique | |
104 | * size, and we can differentiate heads from skb_small_head_cache | |
105 | * vs system slabs by looking at their size (skb_end_offset()). | |
106 | */ | |
107 | #define SKB_SMALL_HEAD_CACHE_SIZE \ | |
108 | (is_power_of_2(SKB_SMALL_HEAD_SIZE) ? \ | |
109 | (SKB_SMALL_HEAD_SIZE + L1_CACHE_BYTES) : \ | |
110 | SKB_SMALL_HEAD_SIZE) | |
111 | ||
112 | #define SKB_SMALL_HEAD_HEADROOM \ | |
113 | SKB_WITH_OVERHEAD(SKB_SMALL_HEAD_CACHE_SIZE) | |
bf9f1baa | 114 | |
5f74f82e HWR |
115 | int sysctl_max_skb_frags __read_mostly = MAX_SKB_FRAGS; |
116 | EXPORT_SYMBOL(sysctl_max_skb_frags); | |
1da177e4 | 117 | |
9cb252c4 MD |
118 | #undef FN |
119 | #define FN(reason) [SKB_DROP_REASON_##reason] = #reason, | |
071c0fc6 | 120 | static const char * const drop_reasons[] = { |
0e84afe8 | 121 | [SKB_CONSUMED] = "CONSUMED", |
9cb252c4 MD |
122 | DEFINE_DROP_REASON(FN, FN) |
123 | }; | |
071c0fc6 JB |
124 | |
125 | static const struct drop_reason_list drop_reasons_core = { | |
126 | .reasons = drop_reasons, | |
127 | .n_reasons = ARRAY_SIZE(drop_reasons), | |
128 | }; | |
129 | ||
130 | const struct drop_reason_list __rcu * | |
131 | drop_reasons_by_subsys[SKB_DROP_REASON_SUBSYS_NUM] = { | |
132 | [SKB_DROP_REASON_SUBSYS_CORE] = RCU_INITIALIZER(&drop_reasons_core), | |
133 | }; | |
134 | EXPORT_SYMBOL(drop_reasons_by_subsys); | |
135 | ||
136 | /** | |
137 | * drop_reasons_register_subsys - register another drop reason subsystem | |
138 | * @subsys: the subsystem to register, must not be the core | |
139 | * @list: the list of drop reasons within the subsystem, must point to | |
140 | * a statically initialized list | |
141 | */ | |
142 | void drop_reasons_register_subsys(enum skb_drop_reason_subsys subsys, | |
143 | const struct drop_reason_list *list) | |
144 | { | |
145 | if (WARN(subsys <= SKB_DROP_REASON_SUBSYS_CORE || | |
146 | subsys >= ARRAY_SIZE(drop_reasons_by_subsys), | |
147 | "invalid subsystem %d\n", subsys)) | |
148 | return; | |
149 | ||
150 | /* must point to statically allocated memory, so INIT is OK */ | |
151 | RCU_INIT_POINTER(drop_reasons_by_subsys[subsys], list); | |
152 | } | |
153 | EXPORT_SYMBOL_GPL(drop_reasons_register_subsys); | |
154 | ||
155 | /** | |
156 | * drop_reasons_unregister_subsys - unregister a drop reason subsystem | |
157 | * @subsys: the subsystem to remove, must not be the core | |
158 | * | |
159 | * Note: This will synchronize_rcu() to ensure no users when it returns. | |
160 | */ | |
161 | void drop_reasons_unregister_subsys(enum skb_drop_reason_subsys subsys) | |
162 | { | |
163 | if (WARN(subsys <= SKB_DROP_REASON_SUBSYS_CORE || | |
164 | subsys >= ARRAY_SIZE(drop_reasons_by_subsys), | |
165 | "invalid subsystem %d\n", subsys)) | |
166 | return; | |
167 | ||
168 | RCU_INIT_POINTER(drop_reasons_by_subsys[subsys], NULL); | |
169 | ||
170 | synchronize_rcu(); | |
171 | } | |
172 | EXPORT_SYMBOL_GPL(drop_reasons_unregister_subsys); | |
ec43908d | 173 | |
1da177e4 | 174 | /** |
f05de73b JS |
175 | * skb_panic - private function for out-of-line support |
176 | * @skb: buffer | |
177 | * @sz: size | |
178 | * @addr: address | |
99d5851e | 179 | * @msg: skb_over_panic or skb_under_panic |
1da177e4 | 180 | * |
f05de73b JS |
181 | * Out-of-line support for skb_put() and skb_push(). |
182 | * Called via the wrapper skb_over_panic() or skb_under_panic(). | |
183 | * Keep out of line to prevent kernel bloat. | |
184 | * __builtin_return_address is not used because it is not always reliable. | |
1da177e4 | 185 | */ |
f05de73b | 186 | static void skb_panic(struct sk_buff *skb, unsigned int sz, void *addr, |
99d5851e | 187 | const char msg[]) |
1da177e4 | 188 | { |
41a46913 | 189 | pr_emerg("%s: text:%px len:%d put:%d head:%px data:%px tail:%#lx end:%#lx dev:%s\n", |
99d5851e | 190 | msg, addr, skb->len, sz, skb->head, skb->data, |
e005d193 JP |
191 | (unsigned long)skb->tail, (unsigned long)skb->end, |
192 | skb->dev ? skb->dev->name : "<NULL>"); | |
1da177e4 LT |
193 | BUG(); |
194 | } | |
195 | ||
f05de73b | 196 | static void skb_over_panic(struct sk_buff *skb, unsigned int sz, void *addr) |
1da177e4 | 197 | { |
f05de73b | 198 | skb_panic(skb, sz, addr, __func__); |
1da177e4 LT |
199 | } |
200 | ||
f05de73b JS |
201 | static void skb_under_panic(struct sk_buff *skb, unsigned int sz, void *addr) |
202 | { | |
203 | skb_panic(skb, sz, addr, __func__); | |
204 | } | |
c93bdd0e | 205 | |
50fad4b5 | 206 | #define NAPI_SKB_CACHE_SIZE 64 |
f450d539 AL |
207 | #define NAPI_SKB_CACHE_BULK 16 |
208 | #define NAPI_SKB_CACHE_HALF (NAPI_SKB_CACHE_SIZE / 2) | |
50fad4b5 | 209 | |
dbae2b06 PA |
210 | #if PAGE_SIZE == SZ_4K |
211 | ||
212 | #define NAPI_HAS_SMALL_PAGE_FRAG 1 | |
213 | #define NAPI_SMALL_PAGE_PFMEMALLOC(nc) ((nc).pfmemalloc) | |
214 | ||
215 | /* specialized page frag allocator using a single order 0 page | |
216 | * and slicing it into 1K sized fragment. Constrained to systems | |
217 | * with a very limited amount of 1K fragments fitting a single | |
218 | * page - to avoid excessive truesize underestimation | |
219 | */ | |
220 | ||
221 | struct page_frag_1k { | |
222 | void *va; | |
223 | u16 offset; | |
224 | bool pfmemalloc; | |
225 | }; | |
226 | ||
227 | static void *page_frag_alloc_1k(struct page_frag_1k *nc, gfp_t gfp) | |
228 | { | |
229 | struct page *page; | |
230 | int offset; | |
231 | ||
232 | offset = nc->offset - SZ_1K; | |
233 | if (likely(offset >= 0)) | |
234 | goto use_frag; | |
235 | ||
236 | page = alloc_pages_node(NUMA_NO_NODE, gfp, 0); | |
237 | if (!page) | |
238 | return NULL; | |
239 | ||
240 | nc->va = page_address(page); | |
241 | nc->pfmemalloc = page_is_pfmemalloc(page); | |
242 | offset = PAGE_SIZE - SZ_1K; | |
243 | page_ref_add(page, offset / SZ_1K); | |
244 | ||
245 | use_frag: | |
246 | nc->offset = offset; | |
247 | return nc->va + offset; | |
248 | } | |
249 | #else | |
250 | ||
251 | /* the small page is actually unused in this build; add dummy helpers | |
252 | * to please the compiler and avoid later preprocessor's conditionals | |
253 | */ | |
254 | #define NAPI_HAS_SMALL_PAGE_FRAG 0 | |
255 | #define NAPI_SMALL_PAGE_PFMEMALLOC(nc) false | |
256 | ||
257 | struct page_frag_1k { | |
258 | }; | |
259 | ||
260 | static void *page_frag_alloc_1k(struct page_frag_1k *nc, gfp_t gfp_mask) | |
261 | { | |
262 | return NULL; | |
263 | } | |
264 | ||
265 | #endif | |
266 | ||
50fad4b5 AL |
267 | struct napi_alloc_cache { |
268 | struct page_frag_cache page; | |
dbae2b06 | 269 | struct page_frag_1k page_small; |
50fad4b5 AL |
270 | unsigned int skb_count; |
271 | void *skb_cache[NAPI_SKB_CACHE_SIZE]; | |
272 | }; | |
273 | ||
274 | static DEFINE_PER_CPU(struct page_frag_cache, netdev_alloc_cache); | |
275 | static DEFINE_PER_CPU(struct napi_alloc_cache, napi_alloc_cache); | |
276 | ||
dbae2b06 PA |
277 | /* Double check that napi_get_frags() allocates skbs with |
278 | * skb->head being backed by slab, not a page fragment. | |
279 | * This is to make sure bug fixed in 3226b158e67c | |
280 | * ("net: avoid 32 x truesize under-estimation for tiny skbs") | |
281 | * does not accidentally come back. | |
282 | */ | |
283 | void napi_get_frags_check(struct napi_struct *napi) | |
284 | { | |
285 | struct sk_buff *skb; | |
286 | ||
287 | local_bh_disable(); | |
288 | skb = napi_get_frags(napi); | |
289 | WARN_ON_ONCE(!NAPI_HAS_SMALL_PAGE_FRAG && skb && skb->head_frag); | |
290 | napi_free_frags(napi); | |
291 | local_bh_enable(); | |
292 | } | |
293 | ||
32e3573f | 294 | void *__napi_alloc_frag_align(unsigned int fragsz, unsigned int align_mask) |
50fad4b5 AL |
295 | { |
296 | struct napi_alloc_cache *nc = this_cpu_ptr(&napi_alloc_cache); | |
297 | ||
50fad4b5 AL |
298 | fragsz = SKB_DATA_ALIGN(fragsz); |
299 | ||
32e3573f | 300 | return page_frag_alloc_align(&nc->page, fragsz, GFP_ATOMIC, align_mask); |
50fad4b5 AL |
301 | } |
302 | EXPORT_SYMBOL(__napi_alloc_frag_align); | |
303 | ||
304 | void *__netdev_alloc_frag_align(unsigned int fragsz, unsigned int align_mask) | |
305 | { | |
50fad4b5 AL |
306 | void *data; |
307 | ||
308 | fragsz = SKB_DATA_ALIGN(fragsz); | |
afa79d08 | 309 | if (in_hardirq() || irqs_disabled()) { |
32e3573f YD |
310 | struct page_frag_cache *nc = this_cpu_ptr(&netdev_alloc_cache); |
311 | ||
50fad4b5 AL |
312 | data = page_frag_alloc_align(nc, fragsz, GFP_ATOMIC, align_mask); |
313 | } else { | |
32e3573f YD |
314 | struct napi_alloc_cache *nc; |
315 | ||
50fad4b5 | 316 | local_bh_disable(); |
32e3573f YD |
317 | nc = this_cpu_ptr(&napi_alloc_cache); |
318 | data = page_frag_alloc_align(&nc->page, fragsz, GFP_ATOMIC, align_mask); | |
50fad4b5 AL |
319 | local_bh_enable(); |
320 | } | |
321 | return data; | |
322 | } | |
323 | EXPORT_SYMBOL(__netdev_alloc_frag_align); | |
324 | ||
f450d539 AL |
325 | static struct sk_buff *napi_skb_cache_get(void) |
326 | { | |
327 | struct napi_alloc_cache *nc = this_cpu_ptr(&napi_alloc_cache); | |
328 | struct sk_buff *skb; | |
329 | ||
49ae83fc | 330 | if (unlikely(!nc->skb_count)) { |
025a785f | 331 | nc->skb_count = kmem_cache_alloc_bulk(skbuff_cache, |
f450d539 AL |
332 | GFP_ATOMIC, |
333 | NAPI_SKB_CACHE_BULK, | |
334 | nc->skb_cache); | |
49ae83fc SPL |
335 | if (unlikely(!nc->skb_count)) |
336 | return NULL; | |
337 | } | |
f450d539 AL |
338 | |
339 | skb = nc->skb_cache[--nc->skb_count]; | |
025a785f | 340 | kasan_unpoison_object_data(skbuff_cache, skb); |
f450d539 AL |
341 | |
342 | return skb; | |
343 | } | |
344 | ||
ce098da1 KC |
345 | static inline void __finalize_skb_around(struct sk_buff *skb, void *data, |
346 | unsigned int size) | |
ba0509b6 JDB |
347 | { |
348 | struct skb_shared_info *shinfo; | |
ba0509b6 JDB |
349 | |
350 | size -= SKB_DATA_ALIGN(sizeof(struct skb_shared_info)); | |
351 | ||
352 | /* Assumes caller memset cleared SKB */ | |
353 | skb->truesize = SKB_TRUESIZE(size); | |
354 | refcount_set(&skb->users, 1); | |
355 | skb->head = data; | |
356 | skb->data = data; | |
357 | skb_reset_tail_pointer(skb); | |
763087da | 358 | skb_set_end_offset(skb, size); |
ba0509b6 JDB |
359 | skb->mac_header = (typeof(skb->mac_header))~0U; |
360 | skb->transport_header = (typeof(skb->transport_header))~0U; | |
68822bdf | 361 | skb->alloc_cpu = raw_smp_processor_id(); |
ba0509b6 JDB |
362 | /* make sure we initialize shinfo sequentially */ |
363 | shinfo = skb_shinfo(skb); | |
364 | memset(shinfo, 0, offsetof(struct skb_shared_info, dataref)); | |
365 | atomic_set(&shinfo->dataref, 1); | |
366 | ||
6370cc3b | 367 | skb_set_kcov_handle(skb, kcov_common_handle()); |
ba0509b6 JDB |
368 | } |
369 | ||
ce098da1 KC |
370 | static inline void *__slab_build_skb(struct sk_buff *skb, void *data, |
371 | unsigned int *size) | |
372 | { | |
373 | void *resized; | |
374 | ||
375 | /* Must find the allocation size (and grow it to match). */ | |
376 | *size = ksize(data); | |
377 | /* krealloc() will immediately return "data" when | |
378 | * "ksize(data)" is requested: it is the existing upper | |
379 | * bounds. As a result, GFP_ATOMIC will be ignored. Note | |
380 | * that this "new" pointer needs to be passed back to the | |
381 | * caller for use so the __alloc_size hinting will be | |
382 | * tracked correctly. | |
383 | */ | |
384 | resized = krealloc(data, *size, GFP_ATOMIC); | |
385 | WARN_ON_ONCE(resized != data); | |
386 | return resized; | |
387 | } | |
388 | ||
389 | /* build_skb() variant which can operate on slab buffers. | |
390 | * Note that this should be used sparingly as slab buffers | |
391 | * cannot be combined efficiently by GRO! | |
392 | */ | |
393 | struct sk_buff *slab_build_skb(void *data) | |
394 | { | |
395 | struct sk_buff *skb; | |
396 | unsigned int size; | |
397 | ||
025a785f | 398 | skb = kmem_cache_alloc(skbuff_cache, GFP_ATOMIC); |
ce098da1 KC |
399 | if (unlikely(!skb)) |
400 | return NULL; | |
401 | ||
402 | memset(skb, 0, offsetof(struct sk_buff, tail)); | |
403 | data = __slab_build_skb(skb, data, &size); | |
404 | __finalize_skb_around(skb, data, size); | |
405 | ||
406 | return skb; | |
407 | } | |
408 | EXPORT_SYMBOL(slab_build_skb); | |
409 | ||
410 | /* Caller must provide SKB that is memset cleared */ | |
411 | static void __build_skb_around(struct sk_buff *skb, void *data, | |
412 | unsigned int frag_size) | |
413 | { | |
414 | unsigned int size = frag_size; | |
415 | ||
416 | /* frag_size == 0 is considered deprecated now. Callers | |
417 | * using slab buffer should use slab_build_skb() instead. | |
418 | */ | |
419 | if (WARN_ONCE(size == 0, "Use slab_build_skb() instead")) | |
420 | data = __slab_build_skb(skb, data, &size); | |
421 | ||
422 | __finalize_skb_around(skb, data, size); | |
423 | } | |
424 | ||
b2b5ce9d | 425 | /** |
2ea2f62c | 426 | * __build_skb - build a network buffer |
b2b5ce9d | 427 | * @data: data buffer provided by caller |
ce098da1 | 428 | * @frag_size: size of data (must not be 0) |
b2b5ce9d ED |
429 | * |
430 | * Allocate a new &sk_buff. Caller provides space holding head and | |
ce098da1 KC |
431 | * skb_shared_info. @data must have been allocated from the page |
432 | * allocator or vmalloc(). (A @frag_size of 0 to indicate a kmalloc() | |
433 | * allocation is deprecated, and callers should use slab_build_skb() | |
434 | * instead.) | |
b2b5ce9d ED |
435 | * The return is the new skb buffer. |
436 | * On a failure the return is %NULL, and @data is not freed. | |
437 | * Notes : | |
438 | * Before IO, driver allocates only data buffer where NIC put incoming frame | |
439 | * Driver should add room at head (NET_SKB_PAD) and | |
440 | * MUST add room at tail (SKB_DATA_ALIGN(skb_shared_info)) | |
441 | * After IO, driver calls build_skb(), to allocate sk_buff and populate it | |
442 | * before giving packet to stack. | |
443 | * RX rings only contains data buffers, not full skbs. | |
444 | */ | |
2ea2f62c | 445 | struct sk_buff *__build_skb(void *data, unsigned int frag_size) |
b2b5ce9d | 446 | { |
b2b5ce9d | 447 | struct sk_buff *skb; |
b2b5ce9d | 448 | |
025a785f | 449 | skb = kmem_cache_alloc(skbuff_cache, GFP_ATOMIC); |
ba0509b6 | 450 | if (unlikely(!skb)) |
b2b5ce9d ED |
451 | return NULL; |
452 | ||
b2b5ce9d | 453 | memset(skb, 0, offsetof(struct sk_buff, tail)); |
483126b3 | 454 | __build_skb_around(skb, data, frag_size); |
b2b5ce9d | 455 | |
483126b3 | 456 | return skb; |
b2b5ce9d | 457 | } |
2ea2f62c ED |
458 | |
459 | /* build_skb() is wrapper over __build_skb(), that specifically | |
460 | * takes care of skb->head and skb->pfmemalloc | |
2ea2f62c ED |
461 | */ |
462 | struct sk_buff *build_skb(void *data, unsigned int frag_size) | |
463 | { | |
464 | struct sk_buff *skb = __build_skb(data, frag_size); | |
465 | ||
3c640126 | 466 | if (likely(skb && frag_size)) { |
2ea2f62c | 467 | skb->head_frag = 1; |
566b6701 | 468 | skb_propagate_pfmemalloc(virt_to_head_page(data), skb); |
2ea2f62c ED |
469 | } |
470 | return skb; | |
471 | } | |
b2b5ce9d ED |
472 | EXPORT_SYMBOL(build_skb); |
473 | ||
ba0509b6 JDB |
474 | /** |
475 | * build_skb_around - build a network buffer around provided skb | |
476 | * @skb: sk_buff provide by caller, must be memset cleared | |
477 | * @data: data buffer provided by caller | |
12c1604a | 478 | * @frag_size: size of data |
ba0509b6 JDB |
479 | */ |
480 | struct sk_buff *build_skb_around(struct sk_buff *skb, | |
481 | void *data, unsigned int frag_size) | |
482 | { | |
483 | if (unlikely(!skb)) | |
484 | return NULL; | |
485 | ||
483126b3 | 486 | __build_skb_around(skb, data, frag_size); |
ba0509b6 | 487 | |
483126b3 | 488 | if (frag_size) { |
ba0509b6 | 489 | skb->head_frag = 1; |
566b6701 | 490 | skb_propagate_pfmemalloc(virt_to_head_page(data), skb); |
ba0509b6 JDB |
491 | } |
492 | return skb; | |
493 | } | |
494 | EXPORT_SYMBOL(build_skb_around); | |
495 | ||
f450d539 AL |
496 | /** |
497 | * __napi_build_skb - build a network buffer | |
498 | * @data: data buffer provided by caller | |
12c1604a | 499 | * @frag_size: size of data |
f450d539 AL |
500 | * |
501 | * Version of __build_skb() that uses NAPI percpu caches to obtain | |
502 | * skbuff_head instead of inplace allocation. | |
503 | * | |
504 | * Returns a new &sk_buff on success, %NULL on allocation failure. | |
505 | */ | |
506 | static struct sk_buff *__napi_build_skb(void *data, unsigned int frag_size) | |
507 | { | |
508 | struct sk_buff *skb; | |
509 | ||
510 | skb = napi_skb_cache_get(); | |
511 | if (unlikely(!skb)) | |
512 | return NULL; | |
513 | ||
514 | memset(skb, 0, offsetof(struct sk_buff, tail)); | |
515 | __build_skb_around(skb, data, frag_size); | |
516 | ||
517 | return skb; | |
518 | } | |
519 | ||
520 | /** | |
521 | * napi_build_skb - build a network buffer | |
522 | * @data: data buffer provided by caller | |
12c1604a | 523 | * @frag_size: size of data |
f450d539 AL |
524 | * |
525 | * Version of __napi_build_skb() that takes care of skb->head_frag | |
526 | * and skb->pfmemalloc when the data is a page or page fragment. | |
527 | * | |
528 | * Returns a new &sk_buff on success, %NULL on allocation failure. | |
529 | */ | |
530 | struct sk_buff *napi_build_skb(void *data, unsigned int frag_size) | |
531 | { | |
532 | struct sk_buff *skb = __napi_build_skb(data, frag_size); | |
533 | ||
534 | if (likely(skb) && frag_size) { | |
535 | skb->head_frag = 1; | |
536 | skb_propagate_pfmemalloc(virt_to_head_page(data), skb); | |
537 | } | |
538 | ||
539 | return skb; | |
540 | } | |
541 | EXPORT_SYMBOL(napi_build_skb); | |
542 | ||
5381b23d AL |
543 | /* |
544 | * kmalloc_reserve is a wrapper around kmalloc_node_track_caller that tells | |
545 | * the caller if emergency pfmemalloc reserves are being used. If it is and | |
546 | * the socket is later found to be SOCK_MEMALLOC then PFMEMALLOC reserves | |
547 | * may be used. Otherwise, the packet data may be discarded until enough | |
548 | * memory is free | |
549 | */ | |
5c0e820c | 550 | static void *kmalloc_reserve(unsigned int *size, gfp_t flags, int node, |
ef28095f | 551 | bool *pfmemalloc) |
5381b23d | 552 | { |
5381b23d | 553 | bool ret_pfmemalloc = false; |
915d975b | 554 | size_t obj_size; |
5c0e820c | 555 | void *obj; |
5381b23d | 556 | |
5c0e820c | 557 | obj_size = SKB_HEAD_ALIGN(*size); |
bf9f1baa ED |
558 | if (obj_size <= SKB_SMALL_HEAD_CACHE_SIZE && |
559 | !(flags & KMALLOC_NOT_NORMAL_BITS)) { | |
bf9f1baa ED |
560 | obj = kmem_cache_alloc_node(skb_small_head_cache, |
561 | flags | __GFP_NOMEMALLOC | __GFP_NOWARN, | |
562 | node); | |
880ce5f2 ED |
563 | *size = SKB_SMALL_HEAD_CACHE_SIZE; |
564 | if (obj || !(gfp_pfmemalloc_allowed(flags))) | |
bf9f1baa | 565 | goto out; |
880ce5f2 ED |
566 | /* Try again but now we are using pfmemalloc reserves */ |
567 | ret_pfmemalloc = true; | |
568 | obj = kmem_cache_alloc_node(skb_small_head_cache, flags, node); | |
569 | goto out; | |
bf9f1baa | 570 | } |
915d975b ED |
571 | |
572 | obj_size = kmalloc_size_roundup(obj_size); | |
573 | /* The following cast might truncate high-order bits of obj_size, this | |
574 | * is harmless because kmalloc(obj_size >= 2^32) will fail anyway. | |
575 | */ | |
576 | *size = (unsigned int)obj_size; | |
577 | ||
5381b23d AL |
578 | /* |
579 | * Try a regular allocation, when that fails and we're not entitled | |
580 | * to the reserves, fail. | |
581 | */ | |
5c0e820c | 582 | obj = kmalloc_node_track_caller(obj_size, |
5381b23d AL |
583 | flags | __GFP_NOMEMALLOC | __GFP_NOWARN, |
584 | node); | |
585 | if (obj || !(gfp_pfmemalloc_allowed(flags))) | |
586 | goto out; | |
587 | ||
588 | /* Try again but now we are using pfmemalloc reserves */ | |
589 | ret_pfmemalloc = true; | |
5c0e820c | 590 | obj = kmalloc_node_track_caller(obj_size, flags, node); |
5381b23d AL |
591 | |
592 | out: | |
593 | if (pfmemalloc) | |
594 | *pfmemalloc = ret_pfmemalloc; | |
595 | ||
596 | return obj; | |
597 | } | |
598 | ||
599 | /* Allocate a new skbuff. We do this ourselves so we can fill in a few | |
600 | * 'private' fields and also do memory statistics to find all the | |
601 | * [BEEP] leaks. | |
602 | * | |
603 | */ | |
604 | ||
605 | /** | |
606 | * __alloc_skb - allocate a network buffer | |
607 | * @size: size to allocate | |
608 | * @gfp_mask: allocation mask | |
609 | * @flags: If SKB_ALLOC_FCLONE is set, allocate from fclone cache | |
610 | * instead of head cache and allocate a cloned (child) skb. | |
611 | * If SKB_ALLOC_RX is set, __GFP_MEMALLOC will be used for | |
612 | * allocations in case the data is required for writeback | |
613 | * @node: numa node to allocate memory on | |
614 | * | |
615 | * Allocate a new &sk_buff. The returned buffer has no headroom and a | |
616 | * tail room of at least size bytes. The object has a reference count | |
617 | * of one. The return is the buffer. On a failure the return is %NULL. | |
618 | * | |
619 | * Buffers may only be allocated from interrupts using a @gfp_mask of | |
620 | * %GFP_ATOMIC. | |
621 | */ | |
622 | struct sk_buff *__alloc_skb(unsigned int size, gfp_t gfp_mask, | |
623 | int flags, int node) | |
624 | { | |
625 | struct kmem_cache *cache; | |
5381b23d | 626 | struct sk_buff *skb; |
5381b23d | 627 | bool pfmemalloc; |
a5df6333 | 628 | u8 *data; |
5381b23d AL |
629 | |
630 | cache = (flags & SKB_ALLOC_FCLONE) | |
025a785f | 631 | ? skbuff_fclone_cache : skbuff_cache; |
5381b23d AL |
632 | |
633 | if (sk_memalloc_socks() && (flags & SKB_ALLOC_RX)) | |
634 | gfp_mask |= __GFP_MEMALLOC; | |
635 | ||
636 | /* Get the HEAD */ | |
d13612b5 AL |
637 | if ((flags & (SKB_ALLOC_FCLONE | SKB_ALLOC_NAPI)) == SKB_ALLOC_NAPI && |
638 | likely(node == NUMA_NO_NODE || node == numa_mem_id())) | |
639 | skb = napi_skb_cache_get(); | |
640 | else | |
641 | skb = kmem_cache_alloc_node(cache, gfp_mask & ~GFP_DMA, node); | |
df1ae022 AL |
642 | if (unlikely(!skb)) |
643 | return NULL; | |
5381b23d AL |
644 | prefetchw(skb); |
645 | ||
646 | /* We do our best to align skb_shared_info on a separate cache | |
647 | * line. It usually works because kmalloc(X > SMP_CACHE_BYTES) gives | |
648 | * aligned memory blocks, unless SLUB/SLAB debug is enabled. | |
649 | * Both skb->head and skb_shared_info are cache line aligned. | |
650 | */ | |
5c0e820c | 651 | data = kmalloc_reserve(&size, gfp_mask, node, &pfmemalloc); |
df1ae022 | 652 | if (unlikely(!data)) |
5381b23d | 653 | goto nodata; |
12d6c1d3 | 654 | /* kmalloc_size_roundup() might give us more room than requested. |
5381b23d AL |
655 | * Put skb_shared_info exactly at the end of allocated zone, |
656 | * to allow max possible filling before reallocation. | |
657 | */ | |
65998d2b | 658 | prefetchw(data + SKB_WITH_OVERHEAD(size)); |
5381b23d AL |
659 | |
660 | /* | |
661 | * Only clear those fields we need to clear, not those that we will | |
662 | * actually initialise below. Hence, don't put any more fields after | |
663 | * the tail pointer in struct sk_buff! | |
664 | */ | |
665 | memset(skb, 0, offsetof(struct sk_buff, tail)); | |
65998d2b | 666 | __build_skb_around(skb, data, size); |
5381b23d | 667 | skb->pfmemalloc = pfmemalloc; |
5381b23d AL |
668 | |
669 | if (flags & SKB_ALLOC_FCLONE) { | |
670 | struct sk_buff_fclones *fclones; | |
671 | ||
672 | fclones = container_of(skb, struct sk_buff_fclones, skb1); | |
673 | ||
674 | skb->fclone = SKB_FCLONE_ORIG; | |
675 | refcount_set(&fclones->fclone_ref, 1); | |
5381b23d AL |
676 | } |
677 | ||
5381b23d | 678 | return skb; |
df1ae022 | 679 | |
5381b23d AL |
680 | nodata: |
681 | kmem_cache_free(cache, skb); | |
df1ae022 | 682 | return NULL; |
5381b23d AL |
683 | } |
684 | EXPORT_SYMBOL(__alloc_skb); | |
685 | ||
fd11a83d AD |
686 | /** |
687 | * __netdev_alloc_skb - allocate an skbuff for rx on a specific device | |
688 | * @dev: network device to receive on | |
d7499160 | 689 | * @len: length to allocate |
fd11a83d AD |
690 | * @gfp_mask: get_free_pages mask, passed to alloc_skb |
691 | * | |
692 | * Allocate a new &sk_buff and assign it a usage count of one. The | |
693 | * buffer has NET_SKB_PAD headroom built in. Users should allocate | |
694 | * the headroom they think they need without accounting for the | |
695 | * built in space. The built in space is used for optimisations. | |
696 | * | |
697 | * %NULL is returned if there is no free memory. | |
698 | */ | |
9451980a AD |
699 | struct sk_buff *__netdev_alloc_skb(struct net_device *dev, unsigned int len, |
700 | gfp_t gfp_mask) | |
fd11a83d | 701 | { |
b63ae8ca | 702 | struct page_frag_cache *nc; |
fd11a83d | 703 | struct sk_buff *skb; |
9451980a AD |
704 | bool pfmemalloc; |
705 | void *data; | |
706 | ||
707 | len += NET_SKB_PAD; | |
fd11a83d | 708 | |
66c55602 AL |
709 | /* If requested length is either too small or too big, |
710 | * we use kmalloc() for skb->head allocation. | |
711 | */ | |
712 | if (len <= SKB_WITH_OVERHEAD(1024) || | |
713 | len > SKB_WITH_OVERHEAD(PAGE_SIZE) || | |
d0164adc | 714 | (gfp_mask & (__GFP_DIRECT_RECLAIM | GFP_DMA))) { |
a080e7bd AD |
715 | skb = __alloc_skb(len, gfp_mask, SKB_ALLOC_RX, NUMA_NO_NODE); |
716 | if (!skb) | |
717 | goto skb_fail; | |
718 | goto skb_success; | |
719 | } | |
fd11a83d | 720 | |
115f1a5c | 721 | len = SKB_HEAD_ALIGN(len); |
9451980a AD |
722 | |
723 | if (sk_memalloc_socks()) | |
724 | gfp_mask |= __GFP_MEMALLOC; | |
725 | ||
afa79d08 | 726 | if (in_hardirq() || irqs_disabled()) { |
92dcabd7 SAS |
727 | nc = this_cpu_ptr(&netdev_alloc_cache); |
728 | data = page_frag_alloc(nc, len, gfp_mask); | |
729 | pfmemalloc = nc->pfmemalloc; | |
730 | } else { | |
731 | local_bh_disable(); | |
732 | nc = this_cpu_ptr(&napi_alloc_cache.page); | |
733 | data = page_frag_alloc(nc, len, gfp_mask); | |
734 | pfmemalloc = nc->pfmemalloc; | |
735 | local_bh_enable(); | |
736 | } | |
9451980a AD |
737 | |
738 | if (unlikely(!data)) | |
739 | return NULL; | |
740 | ||
741 | skb = __build_skb(data, len); | |
742 | if (unlikely(!skb)) { | |
181edb2b | 743 | skb_free_frag(data); |
9451980a | 744 | return NULL; |
7b2e497a | 745 | } |
fd11a83d | 746 | |
9451980a AD |
747 | if (pfmemalloc) |
748 | skb->pfmemalloc = 1; | |
749 | skb->head_frag = 1; | |
750 | ||
a080e7bd | 751 | skb_success: |
9451980a AD |
752 | skb_reserve(skb, NET_SKB_PAD); |
753 | skb->dev = dev; | |
754 | ||
a080e7bd | 755 | skb_fail: |
8af27456 CH |
756 | return skb; |
757 | } | |
b4ac530f | 758 | EXPORT_SYMBOL(__netdev_alloc_skb); |
1da177e4 | 759 | |
fd11a83d AD |
760 | /** |
761 | * __napi_alloc_skb - allocate skbuff for rx in a specific NAPI instance | |
762 | * @napi: napi instance this buffer was allocated for | |
d7499160 | 763 | * @len: length to allocate |
fd11a83d AD |
764 | * @gfp_mask: get_free_pages mask, passed to alloc_skb and alloc_pages |
765 | * | |
766 | * Allocate a new sk_buff for use in NAPI receive. This buffer will | |
767 | * attempt to allocate the head from a special reserved region used | |
768 | * only for NAPI Rx allocation. By doing this we can save several | |
769 | * CPU cycles by avoiding having to disable and re-enable IRQs. | |
770 | * | |
771 | * %NULL is returned if there is no free memory. | |
772 | */ | |
9451980a AD |
773 | struct sk_buff *__napi_alloc_skb(struct napi_struct *napi, unsigned int len, |
774 | gfp_t gfp_mask) | |
fd11a83d | 775 | { |
3226b158 | 776 | struct napi_alloc_cache *nc; |
fd11a83d | 777 | struct sk_buff *skb; |
dbae2b06 | 778 | bool pfmemalloc; |
9451980a AD |
779 | void *data; |
780 | ||
ee2640df | 781 | DEBUG_NET_WARN_ON_ONCE(!in_softirq()); |
9451980a | 782 | len += NET_SKB_PAD + NET_IP_ALIGN; |
fd11a83d | 783 | |
3226b158 ED |
784 | /* If requested length is either too small or too big, |
785 | * we use kmalloc() for skb->head allocation. | |
dbae2b06 PA |
786 | * When the small frag allocator is available, prefer it over kmalloc |
787 | * for small fragments | |
3226b158 | 788 | */ |
dbae2b06 | 789 | if ((!NAPI_HAS_SMALL_PAGE_FRAG && len <= SKB_WITH_OVERHEAD(1024)) || |
3226b158 | 790 | len > SKB_WITH_OVERHEAD(PAGE_SIZE) || |
d0164adc | 791 | (gfp_mask & (__GFP_DIRECT_RECLAIM | GFP_DMA))) { |
cfb8ec65 AL |
792 | skb = __alloc_skb(len, gfp_mask, SKB_ALLOC_RX | SKB_ALLOC_NAPI, |
793 | NUMA_NO_NODE); | |
a080e7bd AD |
794 | if (!skb) |
795 | goto skb_fail; | |
796 | goto skb_success; | |
797 | } | |
9451980a | 798 | |
3226b158 | 799 | nc = this_cpu_ptr(&napi_alloc_cache); |
9451980a AD |
800 | |
801 | if (sk_memalloc_socks()) | |
802 | gfp_mask |= __GFP_MEMALLOC; | |
fd11a83d | 803 | |
dbae2b06 PA |
804 | if (NAPI_HAS_SMALL_PAGE_FRAG && len <= SKB_WITH_OVERHEAD(1024)) { |
805 | /* we are artificially inflating the allocation size, but | |
806 | * that is not as bad as it may look like, as: | |
807 | * - 'len' less than GRO_MAX_HEAD makes little sense | |
808 | * - On most systems, larger 'len' values lead to fragment | |
809 | * size above 512 bytes | |
810 | * - kmalloc would use the kmalloc-1k slab for such values | |
811 | * - Builds with smaller GRO_MAX_HEAD will very likely do | |
812 | * little networking, as that implies no WiFi and no | |
813 | * tunnels support, and 32 bits arches. | |
814 | */ | |
815 | len = SZ_1K; | |
816 | ||
817 | data = page_frag_alloc_1k(&nc->page_small, gfp_mask); | |
818 | pfmemalloc = NAPI_SMALL_PAGE_PFMEMALLOC(nc->page_small); | |
819 | } else { | |
115f1a5c | 820 | len = SKB_HEAD_ALIGN(len); |
dbae2b06 PA |
821 | |
822 | data = page_frag_alloc(&nc->page, len, gfp_mask); | |
823 | pfmemalloc = nc->page.pfmemalloc; | |
824 | } | |
825 | ||
9451980a AD |
826 | if (unlikely(!data)) |
827 | return NULL; | |
828 | ||
cfb8ec65 | 829 | skb = __napi_build_skb(data, len); |
9451980a | 830 | if (unlikely(!skb)) { |
181edb2b | 831 | skb_free_frag(data); |
9451980a | 832 | return NULL; |
fd11a83d AD |
833 | } |
834 | ||
dbae2b06 | 835 | if (pfmemalloc) |
9451980a AD |
836 | skb->pfmemalloc = 1; |
837 | skb->head_frag = 1; | |
838 | ||
a080e7bd | 839 | skb_success: |
9451980a AD |
840 | skb_reserve(skb, NET_SKB_PAD + NET_IP_ALIGN); |
841 | skb->dev = napi->dev; | |
842 | ||
a080e7bd | 843 | skb_fail: |
fd11a83d AD |
844 | return skb; |
845 | } | |
846 | EXPORT_SYMBOL(__napi_alloc_skb); | |
847 | ||
654bed16 | 848 | void skb_add_rx_frag(struct sk_buff *skb, int i, struct page *page, int off, |
50269e19 | 849 | int size, unsigned int truesize) |
654bed16 | 850 | { |
c123e0d3 ED |
851 | DEBUG_NET_WARN_ON_ONCE(size > truesize); |
852 | ||
654bed16 PZ |
853 | skb_fill_page_desc(skb, i, page, off, size); |
854 | skb->len += size; | |
855 | skb->data_len += size; | |
50269e19 | 856 | skb->truesize += truesize; |
654bed16 PZ |
857 | } |
858 | EXPORT_SYMBOL(skb_add_rx_frag); | |
859 | ||
f8e617e1 JW |
860 | void skb_coalesce_rx_frag(struct sk_buff *skb, int i, int size, |
861 | unsigned int truesize) | |
862 | { | |
863 | skb_frag_t *frag = &skb_shinfo(skb)->frags[i]; | |
864 | ||
c123e0d3 ED |
865 | DEBUG_NET_WARN_ON_ONCE(size > truesize); |
866 | ||
f8e617e1 JW |
867 | skb_frag_size_add(frag, size); |
868 | skb->len += size; | |
869 | skb->data_len += size; | |
870 | skb->truesize += truesize; | |
871 | } | |
872 | EXPORT_SYMBOL(skb_coalesce_rx_frag); | |
873 | ||
27b437c8 | 874 | static void skb_drop_list(struct sk_buff **listp) |
1da177e4 | 875 | { |
bd8a7036 | 876 | kfree_skb_list(*listp); |
27b437c8 | 877 | *listp = NULL; |
1da177e4 LT |
878 | } |
879 | ||
27b437c8 HX |
880 | static inline void skb_drop_fraglist(struct sk_buff *skb) |
881 | { | |
882 | skb_drop_list(&skb_shinfo(skb)->frag_list); | |
883 | } | |
884 | ||
1da177e4 LT |
885 | static void skb_clone_fraglist(struct sk_buff *skb) |
886 | { | |
887 | struct sk_buff *list; | |
888 | ||
fbb398a8 | 889 | skb_walk_frags(skb, list) |
1da177e4 LT |
890 | skb_get(list); |
891 | } | |
892 | ||
8cfa2dee LC |
893 | static bool is_pp_page(struct page *page) |
894 | { | |
895 | return (page->pp_magic & ~0x3UL) == PP_SIGNATURE; | |
896 | } | |
897 | ||
75eaf63e AL |
898 | #if IS_ENABLED(CONFIG_PAGE_POOL) |
899 | bool napi_pp_put_page(struct page *page, bool napi_safe) | |
900 | { | |
5b899c33 | 901 | bool allow_direct = false; |
75eaf63e | 902 | struct page_pool *pp; |
75eaf63e AL |
903 | |
904 | page = compound_head(page); | |
905 | ||
906 | /* page->pp_magic is OR'ed with PP_SIGNATURE after the allocation | |
907 | * in order to preserve any existing bits, such as bit 0 for the | |
908 | * head page of compound page and bit 1 for pfmemalloc page, so | |
909 | * mask those bits for freeing side when doing below checking, | |
910 | * and page_is_pfmemalloc() is checked in __page_pool_put_page() | |
911 | * to avoid recycling the pfmemalloc page. | |
912 | */ | |
8cfa2dee | 913 | if (unlikely(!is_pp_page(page))) |
75eaf63e AL |
914 | return false; |
915 | ||
916 | pp = page->pp; | |
917 | ||
918 | /* Allow direct recycle if we have reasons to believe that we are | |
919 | * in the same context as the consumer would run, so there's | |
920 | * no possible race. | |
4a36d018 AL |
921 | * __page_pool_put_page() makes sure we're not in hardirq context |
922 | * and interrupts are enabled prior to accessing the cache. | |
75eaf63e | 923 | */ |
4a36d018 | 924 | if (napi_safe || in_softirq()) { |
5b899c33 AL |
925 | const struct napi_struct *napi = READ_ONCE(pp->p.napi); |
926 | ||
927 | allow_direct = napi && | |
928 | READ_ONCE(napi->list_owner) == smp_processor_id(); | |
929 | } | |
75eaf63e AL |
930 | |
931 | /* Driver set this to memory recycling info. Reset it on recycle. | |
932 | * This will *not* work for NIC using a split-page memory model. | |
933 | * The page will be returned to the pool here regardless of the | |
934 | * 'flipped' fragment being in use or not. | |
935 | */ | |
936 | page_pool_put_full_page(pp, page, allow_direct); | |
937 | ||
938 | return true; | |
939 | } | |
940 | EXPORT_SYMBOL(napi_pp_put_page); | |
941 | #endif | |
942 | ||
b07a2d97 | 943 | static bool skb_pp_recycle(struct sk_buff *skb, void *data, bool napi_safe) |
4727bab4 YL |
944 | { |
945 | if (!IS_ENABLED(CONFIG_PAGE_POOL) || !skb->pp_recycle) | |
946 | return false; | |
75eaf63e | 947 | return napi_pp_put_page(virt_to_page(data), napi_safe); |
4727bab4 YL |
948 | } |
949 | ||
bf9f1baa ED |
950 | static void skb_kfree_head(void *head, unsigned int end_offset) |
951 | { | |
bf9f1baa ED |
952 | if (end_offset == SKB_SMALL_HEAD_HEADROOM) |
953 | kmem_cache_free(skb_small_head_cache, head); | |
954 | else | |
bf9f1baa ED |
955 | kfree(head); |
956 | } | |
957 | ||
b07a2d97 | 958 | static void skb_free_head(struct sk_buff *skb, bool napi_safe) |
d3836f21 | 959 | { |
181edb2b AD |
960 | unsigned char *head = skb->head; |
961 | ||
6a5bcd84 | 962 | if (skb->head_frag) { |
b07a2d97 | 963 | if (skb_pp_recycle(skb, head, napi_safe)) |
6a5bcd84 | 964 | return; |
181edb2b | 965 | skb_free_frag(head); |
6a5bcd84 | 966 | } else { |
bf9f1baa | 967 | skb_kfree_head(head, skb_end_offset(skb)); |
6a5bcd84 | 968 | } |
d3836f21 ED |
969 | } |
970 | ||
b07a2d97 JK |
971 | static void skb_release_data(struct sk_buff *skb, enum skb_drop_reason reason, |
972 | bool napi_safe) | |
1da177e4 | 973 | { |
ff04a771 ED |
974 | struct skb_shared_info *shinfo = skb_shinfo(skb); |
975 | int i; | |
1da177e4 | 976 | |
ff04a771 ED |
977 | if (skb->cloned && |
978 | atomic_sub_return(skb->nohdr ? (1 << SKB_DATAREF_SHIFT) + 1 : 1, | |
979 | &shinfo->dataref)) | |
2cc3aeb5 | 980 | goto exit; |
a6686f2f | 981 | |
753f1ca4 PB |
982 | if (skb_zcopy(skb)) { |
983 | bool skip_unref = shinfo->flags & SKBFL_MANAGED_FRAG_REFS; | |
984 | ||
985 | skb_zcopy_clear(skb, true); | |
986 | if (skip_unref) | |
987 | goto free_head; | |
988 | } | |
70c43167 | 989 | |
ff04a771 | 990 | for (i = 0; i < shinfo->nr_frags; i++) |
8c48eea3 | 991 | napi_frag_unref(&shinfo->frags[i], skb->pp_recycle, napi_safe); |
a6686f2f | 992 | |
753f1ca4 | 993 | free_head: |
ff04a771 | 994 | if (shinfo->frag_list) |
511a3eda | 995 | kfree_skb_list_reason(shinfo->frag_list, reason); |
ff04a771 | 996 | |
b07a2d97 | 997 | skb_free_head(skb, napi_safe); |
2cc3aeb5 IA |
998 | exit: |
999 | /* When we clone an SKB we copy the reycling bit. The pp_recycle | |
1000 | * bit is only set on the head though, so in order to avoid races | |
1001 | * while trying to recycle fragments on __skb_frag_unref() we need | |
1002 | * to make one SKB responsible for triggering the recycle path. | |
1003 | * So disable the recycling bit if an SKB is cloned and we have | |
58e61e41 | 1004 | * additional references to the fragmented part of the SKB. |
2cc3aeb5 IA |
1005 | * Eventually the last SKB will have the recycling bit set and it's |
1006 | * dataref set to 0, which will trigger the recycling | |
1007 | */ | |
1008 | skb->pp_recycle = 0; | |
1da177e4 LT |
1009 | } |
1010 | ||
1011 | /* | |
1012 | * Free an skbuff by memory without cleaning the state. | |
1013 | */ | |
2d4baff8 | 1014 | static void kfree_skbmem(struct sk_buff *skb) |
1da177e4 | 1015 | { |
d0bf4a9e | 1016 | struct sk_buff_fclones *fclones; |
d179cd12 | 1017 | |
d179cd12 DM |
1018 | switch (skb->fclone) { |
1019 | case SKB_FCLONE_UNAVAILABLE: | |
025a785f | 1020 | kmem_cache_free(skbuff_cache, skb); |
6ffe75eb | 1021 | return; |
d179cd12 DM |
1022 | |
1023 | case SKB_FCLONE_ORIG: | |
d0bf4a9e | 1024 | fclones = container_of(skb, struct sk_buff_fclones, skb1); |
d179cd12 | 1025 | |
6ffe75eb ED |
1026 | /* We usually free the clone (TX completion) before original skb |
1027 | * This test would have no chance to be true for the clone, | |
1028 | * while here, branch prediction will be good. | |
d179cd12 | 1029 | */ |
2638595a | 1030 | if (refcount_read(&fclones->fclone_ref) == 1) |
6ffe75eb ED |
1031 | goto fastpath; |
1032 | break; | |
e7820e39 | 1033 | |
6ffe75eb ED |
1034 | default: /* SKB_FCLONE_CLONE */ |
1035 | fclones = container_of(skb, struct sk_buff_fclones, skb2); | |
d179cd12 | 1036 | break; |
3ff50b79 | 1037 | } |
2638595a | 1038 | if (!refcount_dec_and_test(&fclones->fclone_ref)) |
6ffe75eb ED |
1039 | return; |
1040 | fastpath: | |
1041 | kmem_cache_free(skbuff_fclone_cache, fclones); | |
1da177e4 LT |
1042 | } |
1043 | ||
0a463c78 | 1044 | void skb_release_head_state(struct sk_buff *skb) |
1da177e4 | 1045 | { |
adf30907 | 1046 | skb_dst_drop(skb); |
9c2b3328 | 1047 | if (skb->destructor) { |
7890e2f0 | 1048 | DEBUG_NET_WARN_ON_ONCE(in_hardirq()); |
1da177e4 LT |
1049 | skb->destructor(skb); |
1050 | } | |
a3bf7ae9 | 1051 | #if IS_ENABLED(CONFIG_NF_CONNTRACK) |
cb9c6836 | 1052 | nf_conntrack_put(skb_nfct(skb)); |
1da177e4 | 1053 | #endif |
df5042f4 | 1054 | skb_ext_put(skb); |
04a4bb55 LB |
1055 | } |
1056 | ||
1057 | /* Free everything but the sk_buff shell. */ | |
b07a2d97 JK |
1058 | static void skb_release_all(struct sk_buff *skb, enum skb_drop_reason reason, |
1059 | bool napi_safe) | |
04a4bb55 LB |
1060 | { |
1061 | skb_release_head_state(skb); | |
a28b1b90 | 1062 | if (likely(skb->head)) |
b07a2d97 | 1063 | skb_release_data(skb, reason, napi_safe); |
2d4baff8 HX |
1064 | } |
1065 | ||
1066 | /** | |
1067 | * __kfree_skb - private function | |
1068 | * @skb: buffer | |
1069 | * | |
1070 | * Free an sk_buff. Release anything attached to the buffer. | |
1071 | * Clean the state. This is an internal helper function. Users should | |
1072 | * always call kfree_skb | |
1073 | */ | |
1da177e4 | 1074 | |
2d4baff8 HX |
1075 | void __kfree_skb(struct sk_buff *skb) |
1076 | { | |
b07a2d97 | 1077 | skb_release_all(skb, SKB_DROP_REASON_NOT_SPECIFIED, false); |
1da177e4 LT |
1078 | kfree_skbmem(skb); |
1079 | } | |
b4ac530f | 1080 | EXPORT_SYMBOL(__kfree_skb); |
1da177e4 | 1081 | |
a4650da2 JDB |
1082 | static __always_inline |
1083 | bool __kfree_skb_reason(struct sk_buff *skb, enum skb_drop_reason reason) | |
1084 | { | |
1085 | if (unlikely(!skb_unref(skb))) | |
1086 | return false; | |
1087 | ||
071c0fc6 JB |
1088 | DEBUG_NET_WARN_ON_ONCE(reason == SKB_NOT_DROPPED_YET || |
1089 | u32_get_bits(reason, | |
1090 | SKB_DROP_REASON_SUBSYS_MASK) >= | |
1091 | SKB_DROP_REASON_SUBSYS_NUM); | |
a4650da2 JDB |
1092 | |
1093 | if (reason == SKB_CONSUMED) | |
dd1b5278 | 1094 | trace_consume_skb(skb, __builtin_return_address(0)); |
a4650da2 JDB |
1095 | else |
1096 | trace_kfree_skb(skb, __builtin_return_address(0), reason); | |
1097 | return true; | |
1098 | } | |
1099 | ||