Commit | Line | Data |
---|---|---|
2874c5fd | 1 | // SPDX-License-Identifier: GPL-2.0-or-later |
1da177e4 LT |
2 | /* |
3 | * Routines having to do with the 'struct sk_buff' memory handlers. | |
4 | * | |
113aa838 | 5 | * Authors: Alan Cox <alan@lxorguk.ukuu.org.uk> |
1da177e4 LT |
6 | * Florian La Roche <rzsfl@rz.uni-sb.de> |
7 | * | |
1da177e4 LT |
8 | * Fixes: |
9 | * Alan Cox : Fixed the worst of the load | |
10 | * balancer bugs. | |
11 | * Dave Platt : Interrupt stacking fix. | |
12 | * Richard Kooijman : Timestamp fixes. | |
13 | * Alan Cox : Changed buffer format. | |
14 | * Alan Cox : destructor hook for AF_UNIX etc. | |
15 | * Linus Torvalds : Better skb_clone. | |
16 | * Alan Cox : Added skb_copy. | |
17 | * Alan Cox : Added all the changed routines Linus | |
18 | * only put in the headers | |
19 | * Ray VanTassle : Fixed --skb->lock in free | |
20 | * Alan Cox : skb_copy copy arp field | |
21 | * Andi Kleen : slabified it. | |
22 | * Robert Olsson : Removed skb_head_pool | |
23 | * | |
24 | * NOTE: | |
25 | * The __skb_ routines should be called with interrupts | |
26 | * disabled, or you better be *real* sure that the operation is atomic | |
27 | * with respect to whatever list is being frobbed (e.g. via lock_sock() | |
28 | * or via disabling bottom half handlers, etc). | |
1da177e4 LT |
29 | */ |
30 | ||
31 | /* | |
32 | * The functions in this file will not compile correctly with gcc 2.4.x | |
33 | */ | |
34 | ||
e005d193 JP |
35 | #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt |
36 | ||
1da177e4 LT |
37 | #include <linux/module.h> |
38 | #include <linux/types.h> | |
39 | #include <linux/kernel.h> | |
1da177e4 LT |
40 | #include <linux/mm.h> |
41 | #include <linux/interrupt.h> | |
42 | #include <linux/in.h> | |
43 | #include <linux/inet.h> | |
44 | #include <linux/slab.h> | |
de960aa9 FW |
45 | #include <linux/tcp.h> |
46 | #include <linux/udp.h> | |
90017acc | 47 | #include <linux/sctp.h> |
1da177e4 LT |
48 | #include <linux/netdevice.h> |
49 | #ifdef CONFIG_NET_CLS_ACT | |
50 | #include <net/pkt_sched.h> | |
51 | #endif | |
52 | #include <linux/string.h> | |
53 | #include <linux/skbuff.h> | |
9c55e01c | 54 | #include <linux/splice.h> |
1da177e4 LT |
55 | #include <linux/cache.h> |
56 | #include <linux/rtnetlink.h> | |
57 | #include <linux/init.h> | |
716ea3a7 | 58 | #include <linux/scatterlist.h> |
ac45f602 | 59 | #include <linux/errqueue.h> |
268bb0ce | 60 | #include <linux/prefetch.h> |
0d5501c1 | 61 | #include <linux/if_vlan.h> |
2a2ea508 | 62 | #include <linux/mpls.h> |
1da177e4 LT |
63 | |
64 | #include <net/protocol.h> | |
65 | #include <net/dst.h> | |
66 | #include <net/sock.h> | |
67 | #include <net/checksum.h> | |
ed1f50c3 | 68 | #include <net/ip6_checksum.h> |
1da177e4 | 69 | #include <net/xfrm.h> |
8822e270 | 70 | #include <net/mpls.h> |
3ee17bc7 | 71 | #include <net/mptcp.h> |
1da177e4 | 72 | |
7c0f6ba6 | 73 | #include <linux/uaccess.h> |
ad8d75ff | 74 | #include <trace/events/skb.h> |
51c56b00 | 75 | #include <linux/highmem.h> |
b245be1f WB |
76 | #include <linux/capability.h> |
77 | #include <linux/user_namespace.h> | |
2544af03 | 78 | #include <linux/indirect_call_wrapper.h> |
a1f8e7f7 | 79 | |
7b7ed885 BVA |
80 | #include "datagram.h" |
81 | ||
08009a76 AD |
82 | struct kmem_cache *skbuff_head_cache __ro_after_init; |
83 | static struct kmem_cache *skbuff_fclone_cache __ro_after_init; | |
df5042f4 FW |
84 | #ifdef CONFIG_SKB_EXTENSIONS |
85 | static struct kmem_cache *skbuff_ext_cache __ro_after_init; | |
86 | #endif | |
5f74f82e HWR |
87 | int sysctl_max_skb_frags __read_mostly = MAX_SKB_FRAGS; |
88 | EXPORT_SYMBOL(sysctl_max_skb_frags); | |
1da177e4 | 89 | |
1da177e4 | 90 | /** |
f05de73b JS |
91 | * skb_panic - private function for out-of-line support |
92 | * @skb: buffer | |
93 | * @sz: size | |
94 | * @addr: address | |
99d5851e | 95 | * @msg: skb_over_panic or skb_under_panic |
1da177e4 | 96 | * |
f05de73b JS |
97 | * Out-of-line support for skb_put() and skb_push(). |
98 | * Called via the wrapper skb_over_panic() or skb_under_panic(). | |
99 | * Keep out of line to prevent kernel bloat. | |
100 | * __builtin_return_address is not used because it is not always reliable. | |
1da177e4 | 101 | */ |
f05de73b | 102 | static void skb_panic(struct sk_buff *skb, unsigned int sz, void *addr, |
99d5851e | 103 | const char msg[]) |
1da177e4 | 104 | { |
41a46913 | 105 | pr_emerg("%s: text:%px len:%d put:%d head:%px data:%px tail:%#lx end:%#lx dev:%s\n", |
99d5851e | 106 | msg, addr, skb->len, sz, skb->head, skb->data, |
e005d193 JP |
107 | (unsigned long)skb->tail, (unsigned long)skb->end, |
108 | skb->dev ? skb->dev->name : "<NULL>"); | |
1da177e4 LT |
109 | BUG(); |
110 | } | |
111 | ||
f05de73b | 112 | static void skb_over_panic(struct sk_buff *skb, unsigned int sz, void *addr) |
1da177e4 | 113 | { |
f05de73b | 114 | skb_panic(skb, sz, addr, __func__); |
1da177e4 LT |
115 | } |
116 | ||
f05de73b JS |
117 | static void skb_under_panic(struct sk_buff *skb, unsigned int sz, void *addr) |
118 | { | |
119 | skb_panic(skb, sz, addr, __func__); | |
120 | } | |
c93bdd0e MG |
121 | |
122 | /* | |
123 | * kmalloc_reserve is a wrapper around kmalloc_node_track_caller that tells | |
124 | * the caller if emergency pfmemalloc reserves are being used. If it is and | |
125 | * the socket is later found to be SOCK_MEMALLOC then PFMEMALLOC reserves | |
126 | * may be used. Otherwise, the packet data may be discarded until enough | |
127 | * memory is free | |
128 | */ | |
129 | #define kmalloc_reserve(size, gfp, node, pfmemalloc) \ | |
130 | __kmalloc_reserve(size, gfp, node, _RET_IP_, pfmemalloc) | |
61c5e88a | 131 | |
132 | static void *__kmalloc_reserve(size_t size, gfp_t flags, int node, | |
133 | unsigned long ip, bool *pfmemalloc) | |
c93bdd0e MG |
134 | { |
135 | void *obj; | |
136 | bool ret_pfmemalloc = false; | |
137 | ||
138 | /* | |
139 | * Try a regular allocation, when that fails and we're not entitled | |
140 | * to the reserves, fail. | |
141 | */ | |
142 | obj = kmalloc_node_track_caller(size, | |
143 | flags | __GFP_NOMEMALLOC | __GFP_NOWARN, | |
144 | node); | |
145 | if (obj || !(gfp_pfmemalloc_allowed(flags))) | |
146 | goto out; | |
147 | ||
148 | /* Try again but now we are using pfmemalloc reserves */ | |
149 | ret_pfmemalloc = true; | |
150 | obj = kmalloc_node_track_caller(size, flags, node); | |
151 | ||
152 | out: | |
153 | if (pfmemalloc) | |
154 | *pfmemalloc = ret_pfmemalloc; | |
155 | ||
156 | return obj; | |
157 | } | |
158 | ||
1da177e4 LT |
159 | /* Allocate a new skbuff. We do this ourselves so we can fill in a few |
160 | * 'private' fields and also do memory statistics to find all the | |
161 | * [BEEP] leaks. | |
162 | * | |
163 | */ | |
164 | ||
165 | /** | |
d179cd12 | 166 | * __alloc_skb - allocate a network buffer |
1da177e4 LT |
167 | * @size: size to allocate |
168 | * @gfp_mask: allocation mask | |
c93bdd0e MG |
169 | * @flags: If SKB_ALLOC_FCLONE is set, allocate from fclone cache |
170 | * instead of head cache and allocate a cloned (child) skb. | |
171 | * If SKB_ALLOC_RX is set, __GFP_MEMALLOC will be used for | |
172 | * allocations in case the data is required for writeback | |
b30973f8 | 173 | * @node: numa node to allocate memory on |
1da177e4 LT |
174 | * |
175 | * Allocate a new &sk_buff. The returned buffer has no headroom and a | |
94b6042c BH |
176 | * tail room of at least size bytes. The object has a reference count |
177 | * of one. The return is the buffer. On a failure the return is %NULL. | |
1da177e4 LT |
178 | * |
179 | * Buffers may only be allocated from interrupts using a @gfp_mask of | |
180 | * %GFP_ATOMIC. | |
181 | */ | |
dd0fc66f | 182 | struct sk_buff *__alloc_skb(unsigned int size, gfp_t gfp_mask, |
c93bdd0e | 183 | int flags, int node) |
1da177e4 | 184 | { |
e18b890b | 185 | struct kmem_cache *cache; |
4947d3ef | 186 | struct skb_shared_info *shinfo; |
1da177e4 LT |
187 | struct sk_buff *skb; |
188 | u8 *data; | |
c93bdd0e | 189 | bool pfmemalloc; |
1da177e4 | 190 | |
c93bdd0e MG |
191 | cache = (flags & SKB_ALLOC_FCLONE) |
192 | ? skbuff_fclone_cache : skbuff_head_cache; | |
193 | ||
194 | if (sk_memalloc_socks() && (flags & SKB_ALLOC_RX)) | |
195 | gfp_mask |= __GFP_MEMALLOC; | |
8798b3fb | 196 | |
1da177e4 | 197 | /* Get the HEAD */ |
b30973f8 | 198 | skb = kmem_cache_alloc_node(cache, gfp_mask & ~__GFP_DMA, node); |
1da177e4 LT |
199 | if (!skb) |
200 | goto out; | |
ec7d2f2c | 201 | prefetchw(skb); |
1da177e4 | 202 | |
87fb4b7b ED |
203 | /* We do our best to align skb_shared_info on a separate cache |
204 | * line. It usually works because kmalloc(X > SMP_CACHE_BYTES) gives | |
205 | * aligned memory blocks, unless SLUB/SLAB debug is enabled. | |
206 | * Both skb->head and skb_shared_info are cache line aligned. | |
207 | */ | |
bc417e30 | 208 | size = SKB_DATA_ALIGN(size); |
87fb4b7b | 209 | size += SKB_DATA_ALIGN(sizeof(struct skb_shared_info)); |
c93bdd0e | 210 | data = kmalloc_reserve(size, gfp_mask, node, &pfmemalloc); |
1da177e4 LT |
211 | if (!data) |
212 | goto nodata; | |
87fb4b7b ED |
213 | /* kmalloc(size) might give us more room than requested. |
214 | * Put skb_shared_info exactly at the end of allocated zone, | |
215 | * to allow max possible filling before reallocation. | |
216 | */ | |
217 | size = SKB_WITH_OVERHEAD(ksize(data)); | |
ec7d2f2c | 218 | prefetchw(data + size); |
1da177e4 | 219 | |
ca0605a7 | 220 | /* |
c8005785 JB |
221 | * Only clear those fields we need to clear, not those that we will |
222 | * actually initialise below. Hence, don't put any more fields after | |
223 | * the tail pointer in struct sk_buff! | |
ca0605a7 ACM |
224 | */ |
225 | memset(skb, 0, offsetof(struct sk_buff, tail)); | |
87fb4b7b ED |
226 | /* Account for allocated memory : skb + skb->head */ |
227 | skb->truesize = SKB_TRUESIZE(size); | |
c93bdd0e | 228 | skb->pfmemalloc = pfmemalloc; |
63354797 | 229 | refcount_set(&skb->users, 1); |
1da177e4 LT |
230 | skb->head = data; |
231 | skb->data = data; | |
27a884dc | 232 | skb_reset_tail_pointer(skb); |
4305b541 | 233 | skb->end = skb->tail + size; |
35d04610 CW |
234 | skb->mac_header = (typeof(skb->mac_header))~0U; |
235 | skb->transport_header = (typeof(skb->transport_header))~0U; | |
19633e12 | 236 | |
4947d3ef BL |
237 | /* make sure we initialize shinfo sequentially */ |
238 | shinfo = skb_shinfo(skb); | |
ec7d2f2c | 239 | memset(shinfo, 0, offsetof(struct skb_shared_info, dataref)); |
4947d3ef | 240 | atomic_set(&shinfo->dataref, 1); |
4947d3ef | 241 | |
c93bdd0e | 242 | if (flags & SKB_ALLOC_FCLONE) { |
d0bf4a9e | 243 | struct sk_buff_fclones *fclones; |
1da177e4 | 244 | |
d0bf4a9e ED |
245 | fclones = container_of(skb, struct sk_buff_fclones, skb1); |
246 | ||
d179cd12 | 247 | skb->fclone = SKB_FCLONE_ORIG; |
2638595a | 248 | refcount_set(&fclones->fclone_ref, 1); |
d179cd12 | 249 | |
6ffe75eb | 250 | fclones->skb2.fclone = SKB_FCLONE_CLONE; |
d179cd12 | 251 | } |
6370cc3b AN |
252 | |
253 | skb_set_kcov_handle(skb, kcov_common_handle()); | |
254 | ||
1da177e4 LT |
255 | out: |
256 | return skb; | |
257 | nodata: | |
8798b3fb | 258 | kmem_cache_free(cache, skb); |
1da177e4 LT |
259 | skb = NULL; |
260 | goto out; | |
1da177e4 | 261 | } |
b4ac530f | 262 | EXPORT_SYMBOL(__alloc_skb); |
1da177e4 | 263 | |
ba0509b6 JDB |
264 | /* Caller must provide SKB that is memset cleared */ |
265 | static struct sk_buff *__build_skb_around(struct sk_buff *skb, | |
266 | void *data, unsigned int frag_size) | |
267 | { | |
268 | struct skb_shared_info *shinfo; | |
269 | unsigned int size = frag_size ? : ksize(data); | |
270 | ||
271 | size -= SKB_DATA_ALIGN(sizeof(struct skb_shared_info)); | |
272 | ||
273 | /* Assumes caller memset cleared SKB */ | |
274 | skb->truesize = SKB_TRUESIZE(size); | |
275 | refcount_set(&skb->users, 1); | |
276 | skb->head = data; | |
277 | skb->data = data; | |
278 | skb_reset_tail_pointer(skb); | |
279 | skb->end = skb->tail + size; | |
280 | skb->mac_header = (typeof(skb->mac_header))~0U; | |
281 | skb->transport_header = (typeof(skb->transport_header))~0U; | |
282 | ||
283 | /* make sure we initialize shinfo sequentially */ | |
284 | shinfo = skb_shinfo(skb); | |
285 | memset(shinfo, 0, offsetof(struct skb_shared_info, dataref)); | |
286 | atomic_set(&shinfo->dataref, 1); | |
287 | ||
6370cc3b AN |
288 | skb_set_kcov_handle(skb, kcov_common_handle()); |
289 | ||
ba0509b6 JDB |
290 | return skb; |
291 | } | |
292 | ||
b2b5ce9d | 293 | /** |
2ea2f62c | 294 | * __build_skb - build a network buffer |
b2b5ce9d | 295 | * @data: data buffer provided by caller |
2ea2f62c | 296 | * @frag_size: size of data, or 0 if head was kmalloced |
b2b5ce9d ED |
297 | * |
298 | * Allocate a new &sk_buff. Caller provides space holding head and | |
deceb4c0 | 299 | * skb_shared_info. @data must have been allocated by kmalloc() only if |
2ea2f62c ED |
300 | * @frag_size is 0, otherwise data should come from the page allocator |
301 | * or vmalloc() | |
b2b5ce9d ED |
302 | * The return is the new skb buffer. |
303 | * On a failure the return is %NULL, and @data is not freed. | |
304 | * Notes : | |
305 | * Before IO, driver allocates only data buffer where NIC put incoming frame | |
306 | * Driver should add room at head (NET_SKB_PAD) and | |
307 | * MUST add room at tail (SKB_DATA_ALIGN(skb_shared_info)) | |
308 | * After IO, driver calls build_skb(), to allocate sk_buff and populate it | |
309 | * before giving packet to stack. | |
310 | * RX rings only contains data buffers, not full skbs. | |
311 | */ | |
2ea2f62c | 312 | struct sk_buff *__build_skb(void *data, unsigned int frag_size) |
b2b5ce9d | 313 | { |
b2b5ce9d | 314 | struct sk_buff *skb; |
b2b5ce9d ED |
315 | |
316 | skb = kmem_cache_alloc(skbuff_head_cache, GFP_ATOMIC); | |
ba0509b6 | 317 | if (unlikely(!skb)) |
b2b5ce9d ED |
318 | return NULL; |
319 | ||
b2b5ce9d | 320 | memset(skb, 0, offsetof(struct sk_buff, tail)); |
b2b5ce9d | 321 | |
ba0509b6 | 322 | return __build_skb_around(skb, data, frag_size); |
b2b5ce9d | 323 | } |
2ea2f62c ED |
324 | |
325 | /* build_skb() is wrapper over __build_skb(), that specifically | |
326 | * takes care of skb->head and skb->pfmemalloc | |
327 | * This means that if @frag_size is not zero, then @data must be backed | |
328 | * by a page fragment, not kmalloc() or vmalloc() | |
329 | */ | |
330 | struct sk_buff *build_skb(void *data, unsigned int frag_size) | |
331 | { | |
332 | struct sk_buff *skb = __build_skb(data, frag_size); | |
333 | ||
334 | if (skb && frag_size) { | |
335 | skb->head_frag = 1; | |
2f064f34 | 336 | if (page_is_pfmemalloc(virt_to_head_page(data))) |
2ea2f62c ED |
337 | skb->pfmemalloc = 1; |
338 | } | |
339 | return skb; | |
340 | } | |
b2b5ce9d ED |
341 | EXPORT_SYMBOL(build_skb); |
342 | ||
ba0509b6 JDB |
343 | /** |
344 | * build_skb_around - build a network buffer around provided skb | |
345 | * @skb: sk_buff provide by caller, must be memset cleared | |
346 | * @data: data buffer provided by caller | |
347 | * @frag_size: size of data, or 0 if head was kmalloced | |
348 | */ | |
349 | struct sk_buff *build_skb_around(struct sk_buff *skb, | |
350 | void *data, unsigned int frag_size) | |
351 | { | |
352 | if (unlikely(!skb)) | |
353 | return NULL; | |
354 | ||
355 | skb = __build_skb_around(skb, data, frag_size); | |
356 | ||
357 | if (skb && frag_size) { | |
358 | skb->head_frag = 1; | |
359 | if (page_is_pfmemalloc(virt_to_head_page(data))) | |
360 | skb->pfmemalloc = 1; | |
361 | } | |
362 | return skb; | |
363 | } | |
364 | EXPORT_SYMBOL(build_skb_around); | |
365 | ||
795bb1c0 JDB |
366 | #define NAPI_SKB_CACHE_SIZE 64 |
367 | ||
368 | struct napi_alloc_cache { | |
369 | struct page_frag_cache page; | |
e0d7924a | 370 | unsigned int skb_count; |
795bb1c0 JDB |
371 | void *skb_cache[NAPI_SKB_CACHE_SIZE]; |
372 | }; | |
373 | ||
b63ae8ca | 374 | static DEFINE_PER_CPU(struct page_frag_cache, netdev_alloc_cache); |
795bb1c0 | 375 | static DEFINE_PER_CPU(struct napi_alloc_cache, napi_alloc_cache); |
ffde7328 | 376 | |
7ba7aeab | 377 | static void *__napi_alloc_frag(unsigned int fragsz, gfp_t gfp_mask) |
ffde7328 | 378 | { |
7ba7aeab | 379 | struct napi_alloc_cache *nc = this_cpu_ptr(&napi_alloc_cache); |
ffde7328 | 380 | |
7ba7aeab SAS |
381 | return page_frag_alloc(&nc->page, fragsz, gfp_mask); |
382 | } | |
383 | ||
384 | void *napi_alloc_frag(unsigned int fragsz) | |
385 | { | |
386 | fragsz = SKB_DATA_ALIGN(fragsz); | |
387 | ||
388 | return __napi_alloc_frag(fragsz, GFP_ATOMIC); | |
6f532612 | 389 | } |
7ba7aeab | 390 | EXPORT_SYMBOL(napi_alloc_frag); |
c93bdd0e MG |
391 | |
392 | /** | |
393 | * netdev_alloc_frag - allocate a page fragment | |
394 | * @fragsz: fragment size | |
395 | * | |
396 | * Allocates a frag from a page for receive buffer. | |
397 | * Uses GFP_ATOMIC allocations. | |
398 | */ | |
399 | void *netdev_alloc_frag(unsigned int fragsz) | |
400 | { | |
7ba7aeab SAS |
401 | struct page_frag_cache *nc; |
402 | void *data; | |
ffde7328 | 403 | |
3bed3cc4 | 404 | fragsz = SKB_DATA_ALIGN(fragsz); |
7ba7aeab SAS |
405 | if (in_irq() || irqs_disabled()) { |
406 | nc = this_cpu_ptr(&netdev_alloc_cache); | |
407 | data = page_frag_alloc(nc, fragsz, GFP_ATOMIC); | |
408 | } else { | |
409 | local_bh_disable(); | |
410 | data = __napi_alloc_frag(fragsz, GFP_ATOMIC); | |
411 | local_bh_enable(); | |
412 | } | |
413 | return data; | |
ffde7328 | 414 | } |
7ba7aeab | 415 | EXPORT_SYMBOL(netdev_alloc_frag); |
ffde7328 | 416 | |
fd11a83d AD |
417 | /** |
418 | * __netdev_alloc_skb - allocate an skbuff for rx on a specific device | |
419 | * @dev: network device to receive on | |
d7499160 | 420 | * @len: length to allocate |
fd11a83d AD |
421 | * @gfp_mask: get_free_pages mask, passed to alloc_skb |
422 | * | |
423 | * Allocate a new &sk_buff and assign it a usage count of one. The | |
424 | * buffer has NET_SKB_PAD headroom built in. Users should allocate | |
425 | * the headroom they think they need without accounting for the | |
426 | * built in space. The built in space is used for optimisations. | |
427 | * | |
428 | * %NULL is returned if there is no free memory. | |
429 | */ | |
9451980a AD |
430 | struct sk_buff *__netdev_alloc_skb(struct net_device *dev, unsigned int len, |
431 | gfp_t gfp_mask) | |
fd11a83d | 432 | { |
b63ae8ca | 433 | struct page_frag_cache *nc; |
fd11a83d | 434 | struct sk_buff *skb; |
9451980a AD |
435 | bool pfmemalloc; |
436 | void *data; | |
437 | ||
438 | len += NET_SKB_PAD; | |
fd11a83d | 439 | |
9451980a | 440 | if ((len > SKB_WITH_OVERHEAD(PAGE_SIZE)) || |
d0164adc | 441 | (gfp_mask & (__GFP_DIRECT_RECLAIM | GFP_DMA))) { |
a080e7bd AD |
442 | skb = __alloc_skb(len, gfp_mask, SKB_ALLOC_RX, NUMA_NO_NODE); |
443 | if (!skb) | |
444 | goto skb_fail; | |
445 | goto skb_success; | |
446 | } | |
fd11a83d | 447 | |
9451980a AD |
448 | len += SKB_DATA_ALIGN(sizeof(struct skb_shared_info)); |
449 | len = SKB_DATA_ALIGN(len); | |
450 | ||
451 | if (sk_memalloc_socks()) | |
452 | gfp_mask |= __GFP_MEMALLOC; | |
453 | ||
92dcabd7 SAS |
454 | if (in_irq() || irqs_disabled()) { |
455 | nc = this_cpu_ptr(&netdev_alloc_cache); | |
456 | data = page_frag_alloc(nc, len, gfp_mask); | |
457 | pfmemalloc = nc->pfmemalloc; | |
458 | } else { | |
459 | local_bh_disable(); | |
460 | nc = this_cpu_ptr(&napi_alloc_cache.page); | |
461 | data = page_frag_alloc(nc, len, gfp_mask); | |
462 | pfmemalloc = nc->pfmemalloc; | |
463 | local_bh_enable(); | |
464 | } | |
9451980a AD |
465 | |
466 | if (unlikely(!data)) | |
467 | return NULL; | |
468 | ||
469 | skb = __build_skb(data, len); | |
470 | if (unlikely(!skb)) { | |
181edb2b | 471 | skb_free_frag(data); |
9451980a | 472 | return NULL; |
7b2e497a | 473 | } |
fd11a83d | 474 | |
9451980a AD |
475 | if (pfmemalloc) |
476 | skb->pfmemalloc = 1; | |
477 | skb->head_frag = 1; | |
478 | ||
a080e7bd | 479 | skb_success: |
9451980a AD |
480 | skb_reserve(skb, NET_SKB_PAD); |
481 | skb->dev = dev; | |
482 | ||
a080e7bd | 483 | skb_fail: |
8af27456 CH |
484 | return skb; |
485 | } | |
b4ac530f | 486 | EXPORT_SYMBOL(__netdev_alloc_skb); |
1da177e4 | 487 | |
fd11a83d AD |
488 | /** |
489 | * __napi_alloc_skb - allocate skbuff for rx in a specific NAPI instance | |
490 | * @napi: napi instance this buffer was allocated for | |
d7499160 | 491 | * @len: length to allocate |
fd11a83d AD |
492 | * @gfp_mask: get_free_pages mask, passed to alloc_skb and alloc_pages |
493 | * | |
494 | * Allocate a new sk_buff for use in NAPI receive. This buffer will | |
495 | * attempt to allocate the head from a special reserved region used | |
496 | * only for NAPI Rx allocation. By doing this we can save several | |
497 | * CPU cycles by avoiding having to disable and re-enable IRQs. | |
498 | * | |
499 | * %NULL is returned if there is no free memory. | |
500 | */ | |
9451980a AD |
501 | struct sk_buff *__napi_alloc_skb(struct napi_struct *napi, unsigned int len, |
502 | gfp_t gfp_mask) | |
fd11a83d | 503 | { |
3226b158 | 504 | struct napi_alloc_cache *nc; |
fd11a83d | 505 | struct sk_buff *skb; |
9451980a AD |
506 | void *data; |
507 | ||
508 | len += NET_SKB_PAD + NET_IP_ALIGN; | |
fd11a83d | 509 | |
3226b158 ED |
510 | /* If requested length is either too small or too big, |
511 | * we use kmalloc() for skb->head allocation. | |
512 | */ | |
513 | if (len <= SKB_WITH_OVERHEAD(1024) || | |
514 | len > SKB_WITH_OVERHEAD(PAGE_SIZE) || | |
d0164adc | 515 | (gfp_mask & (__GFP_DIRECT_RECLAIM | GFP_DMA))) { |
a080e7bd AD |
516 | skb = __alloc_skb(len, gfp_mask, SKB_ALLOC_RX, NUMA_NO_NODE); |
517 | if (!skb) | |
518 | goto skb_fail; | |
519 | goto skb_success; | |
520 | } | |
9451980a | 521 | |
3226b158 | 522 | nc = this_cpu_ptr(&napi_alloc_cache); |
9451980a AD |
523 | len += SKB_DATA_ALIGN(sizeof(struct skb_shared_info)); |
524 | len = SKB_DATA_ALIGN(len); | |
525 | ||
526 | if (sk_memalloc_socks()) | |
527 | gfp_mask |= __GFP_MEMALLOC; | |
fd11a83d | 528 | |
8c2dd3e4 | 529 | data = page_frag_alloc(&nc->page, len, gfp_mask); |
9451980a AD |
530 | if (unlikely(!data)) |
531 | return NULL; | |
532 | ||
533 | skb = __build_skb(data, len); | |
534 | if (unlikely(!skb)) { | |
181edb2b | 535 | skb_free_frag(data); |
9451980a | 536 | return NULL; |
fd11a83d AD |
537 | } |
538 | ||
795bb1c0 | 539 | if (nc->page.pfmemalloc) |
9451980a AD |
540 | skb->pfmemalloc = 1; |
541 | skb->head_frag = 1; | |
542 | ||
a080e7bd | 543 | skb_success: |
9451980a AD |
544 | skb_reserve(skb, NET_SKB_PAD + NET_IP_ALIGN); |
545 | skb->dev = napi->dev; | |
546 | ||
a080e7bd | 547 | skb_fail: |
fd11a83d AD |
548 | return skb; |
549 | } | |
550 | EXPORT_SYMBOL(__napi_alloc_skb); | |
551 | ||
654bed16 | 552 | void skb_add_rx_frag(struct sk_buff *skb, int i, struct page *page, int off, |
50269e19 | 553 | int size, unsigned int truesize) |
654bed16 PZ |
554 | { |
555 | skb_fill_page_desc(skb, i, page, off, size); | |
556 | skb->len += size; | |
557 | skb->data_len += size; | |
50269e19 | 558 | skb->truesize += truesize; |
654bed16 PZ |
559 | } |
560 | EXPORT_SYMBOL(skb_add_rx_frag); | |
561 | ||
f8e617e1 JW |
562 | void skb_coalesce_rx_frag(struct sk_buff *skb, int i, int size, |
563 | unsigned int truesize) | |
564 | { | |
565 | skb_frag_t *frag = &skb_shinfo(skb)->frags[i]; | |
566 | ||
567 | skb_frag_size_add(frag, size); | |
568 | skb->len += size; | |
569 | skb->data_len += size; | |
570 | skb->truesize += truesize; | |
571 | } | |
572 | EXPORT_SYMBOL(skb_coalesce_rx_frag); | |
573 | ||
27b437c8 | 574 | static void skb_drop_list(struct sk_buff **listp) |
1da177e4 | 575 | { |
bd8a7036 | 576 | kfree_skb_list(*listp); |
27b437c8 | 577 | *listp = NULL; |
1da177e4 LT |
578 | } |
579 | ||
27b437c8 HX |
580 | static inline void skb_drop_fraglist(struct sk_buff *skb) |
581 | { | |
582 | skb_drop_list(&skb_shinfo(skb)->frag_list); | |
583 | } | |
584 | ||
1da177e4 LT |
585 | static void skb_clone_fraglist(struct sk_buff *skb) |
586 | { | |
587 | struct sk_buff *list; | |
588 | ||
fbb398a8 | 589 | skb_walk_frags(skb, list) |
1da177e4 LT |
590 | skb_get(list); |
591 | } | |
592 | ||
d3836f21 ED |
593 | static void skb_free_head(struct sk_buff *skb) |
594 | { | |
181edb2b AD |
595 | unsigned char *head = skb->head; |
596 | ||
d3836f21 | 597 | if (skb->head_frag) |
181edb2b | 598 | skb_free_frag(head); |
d3836f21 | 599 | else |
181edb2b | 600 | kfree(head); |
d3836f21 ED |
601 | } |
602 | ||
5bba1712 | 603 | static void skb_release_data(struct sk_buff *skb) |
1da177e4 | 604 | { |
ff04a771 ED |
605 | struct skb_shared_info *shinfo = skb_shinfo(skb); |
606 | int i; | |
1da177e4 | 607 | |
ff04a771 ED |
608 | if (skb->cloned && |
609 | atomic_sub_return(skb->nohdr ? (1 << SKB_DATAREF_SHIFT) + 1 : 1, | |
610 | &shinfo->dataref)) | |
611 | return; | |
a6686f2f | 612 | |
ff04a771 ED |
613 | for (i = 0; i < shinfo->nr_frags; i++) |
614 | __skb_frag_unref(&shinfo->frags[i]); | |
a6686f2f | 615 | |
ff04a771 ED |
616 | if (shinfo->frag_list) |
617 | kfree_skb_list(shinfo->frag_list); | |
618 | ||
1f8b977a | 619 | skb_zcopy_clear(skb, true); |
ff04a771 | 620 | skb_free_head(skb); |
1da177e4 LT |
621 | } |
622 | ||
623 | /* | |
624 | * Free an skbuff by memory without cleaning the state. | |
625 | */ | |
2d4baff8 | 626 | static void kfree_skbmem(struct sk_buff *skb) |
1da177e4 | 627 | { |
d0bf4a9e | 628 | struct sk_buff_fclones *fclones; |
d179cd12 | 629 | |
d179cd12 DM |
630 | switch (skb->fclone) { |
631 | case SKB_FCLONE_UNAVAILABLE: | |
632 | kmem_cache_free(skbuff_head_cache, skb); | |
6ffe75eb | 633 | return; |
d179cd12 DM |
634 | |
635 | case SKB_FCLONE_ORIG: | |
d0bf4a9e | 636 | fclones = container_of(skb, struct sk_buff_fclones, skb1); |
d179cd12 | 637 | |
6ffe75eb ED |
638 | /* We usually free the clone (TX completion) before original skb |
639 | * This test would have no chance to be true for the clone, | |
640 | * while here, branch prediction will be good. | |
d179cd12 | 641 | */ |
2638595a | 642 | if (refcount_read(&fclones->fclone_ref) == 1) |
6ffe75eb ED |
643 | goto fastpath; |
644 | break; | |
e7820e39 | 645 | |
6ffe75eb ED |
646 | default: /* SKB_FCLONE_CLONE */ |
647 | fclones = container_of(skb, struct sk_buff_fclones, skb2); | |
d179cd12 | 648 | break; |
3ff50b79 | 649 | } |
2638595a | 650 | if (!refcount_dec_and_test(&fclones->fclone_ref)) |
6ffe75eb ED |
651 | return; |
652 | fastpath: | |
653 | kmem_cache_free(skbuff_fclone_cache, fclones); | |
1da177e4 LT |
654 | } |
655 | ||
0a463c78 | 656 | void skb_release_head_state(struct sk_buff *skb) |
1da177e4 | 657 | { |
adf30907 | 658 | skb_dst_drop(skb); |
9c2b3328 SH |
659 | if (skb->destructor) { |
660 | WARN_ON(in_irq()); | |
1da177e4 LT |
661 | skb->destructor(skb); |
662 | } | |
a3bf7ae9 | 663 | #if IS_ENABLED(CONFIG_NF_CONNTRACK) |
cb9c6836 | 664 | nf_conntrack_put(skb_nfct(skb)); |
1da177e4 | 665 | #endif |
df5042f4 | 666 | skb_ext_put(skb); |
04a4bb55 LB |
667 | } |
668 | ||
669 | /* Free everything but the sk_buff shell. */ | |
670 | static void skb_release_all(struct sk_buff *skb) | |
671 | { | |
672 | skb_release_head_state(skb); | |
a28b1b90 FW |
673 | if (likely(skb->head)) |
674 | skb_release_data(skb); | |
2d4baff8 HX |
675 | } |
676 | ||
677 | /** | |
678 | * __kfree_skb - private function | |
679 | * @skb: buffer | |
680 | * | |
681 | * Free an sk_buff. Release anything attached to the buffer. | |
682 | * Clean the state. This is an internal helper function. Users should | |
683 | * always call kfree_skb | |
684 | */ | |
1da177e4 | 685 | |
2d4baff8 HX |
686 | void __kfree_skb(struct sk_buff *skb) |
687 | { | |
688 | skb_release_all(skb); | |
1da177e4 LT |
689 | kfree_skbmem(skb); |
690 | } | |
b4ac530f | 691 | EXPORT_SYMBOL(__kfree_skb); |
1da177e4 | 692 | |