Commit | Line | Data |
---|---|---|
2874c5fd | 1 | // SPDX-License-Identifier: GPL-2.0-or-later |
1da177e4 LT |
2 | /* |
3 | * Routines having to do with the 'struct sk_buff' memory handlers. | |
4 | * | |
113aa838 | 5 | * Authors: Alan Cox <alan@lxorguk.ukuu.org.uk> |
1da177e4 LT |
6 | * Florian La Roche <rzsfl@rz.uni-sb.de> |
7 | * | |
1da177e4 LT |
8 | * Fixes: |
9 | * Alan Cox : Fixed the worst of the load | |
10 | * balancer bugs. | |
11 | * Dave Platt : Interrupt stacking fix. | |
12 | * Richard Kooijman : Timestamp fixes. | |
13 | * Alan Cox : Changed buffer format. | |
14 | * Alan Cox : destructor hook for AF_UNIX etc. | |
15 | * Linus Torvalds : Better skb_clone. | |
16 | * Alan Cox : Added skb_copy. | |
17 | * Alan Cox : Added all the changed routines Linus | |
18 | * only put in the headers | |
19 | * Ray VanTassle : Fixed --skb->lock in free | |
20 | * Alan Cox : skb_copy copy arp field | |
21 | * Andi Kleen : slabified it. | |
22 | * Robert Olsson : Removed skb_head_pool | |
23 | * | |
24 | * NOTE: | |
25 | * The __skb_ routines should be called with interrupts | |
26 | * disabled, or you better be *real* sure that the operation is atomic | |
27 | * with respect to whatever list is being frobbed (e.g. via lock_sock() | |
28 | * or via disabling bottom half handlers, etc). | |
1da177e4 LT |
29 | */ |
30 | ||
31 | /* | |
32 | * The functions in this file will not compile correctly with gcc 2.4.x | |
33 | */ | |
34 | ||
e005d193 JP |
35 | #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt |
36 | ||
1da177e4 LT |
37 | #include <linux/module.h> |
38 | #include <linux/types.h> | |
39 | #include <linux/kernel.h> | |
1da177e4 LT |
40 | #include <linux/mm.h> |
41 | #include <linux/interrupt.h> | |
42 | #include <linux/in.h> | |
43 | #include <linux/inet.h> | |
44 | #include <linux/slab.h> | |
de960aa9 FW |
45 | #include <linux/tcp.h> |
46 | #include <linux/udp.h> | |
90017acc | 47 | #include <linux/sctp.h> |
1da177e4 LT |
48 | #include <linux/netdevice.h> |
49 | #ifdef CONFIG_NET_CLS_ACT | |
50 | #include <net/pkt_sched.h> | |
51 | #endif | |
52 | #include <linux/string.h> | |
53 | #include <linux/skbuff.h> | |
9c55e01c | 54 | #include <linux/splice.h> |
1da177e4 LT |
55 | #include <linux/cache.h> |
56 | #include <linux/rtnetlink.h> | |
57 | #include <linux/init.h> | |
716ea3a7 | 58 | #include <linux/scatterlist.h> |
ac45f602 | 59 | #include <linux/errqueue.h> |
268bb0ce | 60 | #include <linux/prefetch.h> |
071c0fc6 | 61 | #include <linux/bitfield.h> |
0d5501c1 | 62 | #include <linux/if_vlan.h> |
2a2ea508 | 63 | #include <linux/mpls.h> |
183f47fc | 64 | #include <linux/kcov.h> |
1da177e4 LT |
65 | |
66 | #include <net/protocol.h> | |
67 | #include <net/dst.h> | |
68 | #include <net/sock.h> | |
69 | #include <net/checksum.h> | |
d457a0e3 | 70 | #include <net/gso.h> |
ed1f50c3 | 71 | #include <net/ip6_checksum.h> |
1da177e4 | 72 | #include <net/xfrm.h> |
8822e270 | 73 | #include <net/mpls.h> |
3ee17bc7 | 74 | #include <net/mptcp.h> |
78476d31 | 75 | #include <net/mctp.h> |
75eaf63e | 76 | #include <net/page_pool/helpers.h> |
071c0fc6 | 77 | #include <net/dropreason.h> |
1da177e4 | 78 | |
7c0f6ba6 | 79 | #include <linux/uaccess.h> |
ad8d75ff | 80 | #include <trace/events/skb.h> |
51c56b00 | 81 | #include <linux/highmem.h> |
b245be1f WB |
82 | #include <linux/capability.h> |
83 | #include <linux/user_namespace.h> | |
2544af03 | 84 | #include <linux/indirect_call_wrapper.h> |
2195e2a0 | 85 | #include <linux/textsearch.h> |
a1f8e7f7 | 86 | |
39564c3f | 87 | #include "dev.h" |
7f678def | 88 | #include "sock_destructor.h" |
7b7ed885 | 89 | |
025a785f | 90 | struct kmem_cache *skbuff_cache __ro_after_init; |
08009a76 | 91 | static struct kmem_cache *skbuff_fclone_cache __ro_after_init; |
df5042f4 FW |
92 | #ifdef CONFIG_SKB_EXTENSIONS |
93 | static struct kmem_cache *skbuff_ext_cache __ro_after_init; | |
94 | #endif | |
bf9f1baa | 95 | |
bf9f1baa | 96 | |
bf9f1baa ED |
97 | static struct kmem_cache *skb_small_head_cache __ro_after_init; |
98 | ||
99 | #define SKB_SMALL_HEAD_SIZE SKB_HEAD_ALIGN(MAX_TCP_HEADER) | |
100 | ||
101 | /* We want SKB_SMALL_HEAD_CACHE_SIZE to not be a power of two. | |
102 | * This should ensure that SKB_SMALL_HEAD_HEADROOM is a unique | |
103 | * size, and we can differentiate heads from skb_small_head_cache | |
104 | * vs system slabs by looking at their size (skb_end_offset()). | |
105 | */ | |
106 | #define SKB_SMALL_HEAD_CACHE_SIZE \ | |
107 | (is_power_of_2(SKB_SMALL_HEAD_SIZE) ? \ | |
108 | (SKB_SMALL_HEAD_SIZE + L1_CACHE_BYTES) : \ | |
109 | SKB_SMALL_HEAD_SIZE) | |
110 | ||
111 | #define SKB_SMALL_HEAD_HEADROOM \ | |
112 | SKB_WITH_OVERHEAD(SKB_SMALL_HEAD_CACHE_SIZE) | |
bf9f1baa | 113 | |
5f74f82e HWR |
114 | int sysctl_max_skb_frags __read_mostly = MAX_SKB_FRAGS; |
115 | EXPORT_SYMBOL(sysctl_max_skb_frags); | |
1da177e4 | 116 | |
9cb252c4 MD |
117 | #undef FN |
118 | #define FN(reason) [SKB_DROP_REASON_##reason] = #reason, | |
071c0fc6 | 119 | static const char * const drop_reasons[] = { |
0e84afe8 | 120 | [SKB_CONSUMED] = "CONSUMED", |
9cb252c4 MD |
121 | DEFINE_DROP_REASON(FN, FN) |
122 | }; | |
071c0fc6 JB |
123 | |
124 | static const struct drop_reason_list drop_reasons_core = { | |
125 | .reasons = drop_reasons, | |
126 | .n_reasons = ARRAY_SIZE(drop_reasons), | |
127 | }; | |
128 | ||
129 | const struct drop_reason_list __rcu * | |
130 | drop_reasons_by_subsys[SKB_DROP_REASON_SUBSYS_NUM] = { | |
131 | [SKB_DROP_REASON_SUBSYS_CORE] = RCU_INITIALIZER(&drop_reasons_core), | |
132 | }; | |
133 | EXPORT_SYMBOL(drop_reasons_by_subsys); | |
134 | ||
135 | /** | |
136 | * drop_reasons_register_subsys - register another drop reason subsystem | |
137 | * @subsys: the subsystem to register, must not be the core | |
138 | * @list: the list of drop reasons within the subsystem, must point to | |
139 | * a statically initialized list | |
140 | */ | |
141 | void drop_reasons_register_subsys(enum skb_drop_reason_subsys subsys, | |
142 | const struct drop_reason_list *list) | |
143 | { | |
144 | if (WARN(subsys <= SKB_DROP_REASON_SUBSYS_CORE || | |
145 | subsys >= ARRAY_SIZE(drop_reasons_by_subsys), | |
146 | "invalid subsystem %d\n", subsys)) | |
147 | return; | |
148 | ||
149 | /* must point to statically allocated memory, so INIT is OK */ | |
150 | RCU_INIT_POINTER(drop_reasons_by_subsys[subsys], list); | |
151 | } | |
152 | EXPORT_SYMBOL_GPL(drop_reasons_register_subsys); | |
153 | ||
154 | /** | |
155 | * drop_reasons_unregister_subsys - unregister a drop reason subsystem | |
156 | * @subsys: the subsystem to remove, must not be the core | |
157 | * | |
158 | * Note: This will synchronize_rcu() to ensure no users when it returns. | |
159 | */ | |
160 | void drop_reasons_unregister_subsys(enum skb_drop_reason_subsys subsys) | |
161 | { | |
162 | if (WARN(subsys <= SKB_DROP_REASON_SUBSYS_CORE || | |
163 | subsys >= ARRAY_SIZE(drop_reasons_by_subsys), | |
164 | "invalid subsystem %d\n", subsys)) | |
165 | return; | |
166 | ||
167 | RCU_INIT_POINTER(drop_reasons_by_subsys[subsys], NULL); | |
168 | ||
169 | synchronize_rcu(); | |
170 | } | |
171 | EXPORT_SYMBOL_GPL(drop_reasons_unregister_subsys); | |
ec43908d | 172 | |
1da177e4 | 173 | /** |
f05de73b JS |
174 | * skb_panic - private function for out-of-line support |
175 | * @skb: buffer | |
176 | * @sz: size | |
177 | * @addr: address | |
99d5851e | 178 | * @msg: skb_over_panic or skb_under_panic |
1da177e4 | 179 | * |
f05de73b JS |
180 | * Out-of-line support for skb_put() and skb_push(). |
181 | * Called via the wrapper skb_over_panic() or skb_under_panic(). | |
182 | * Keep out of line to prevent kernel bloat. | |
183 | * __builtin_return_address is not used because it is not always reliable. | |
1da177e4 | 184 | */ |
f05de73b | 185 | static void skb_panic(struct sk_buff *skb, unsigned int sz, void *addr, |
99d5851e | 186 | const char msg[]) |
1da177e4 | 187 | { |
41a46913 | 188 | pr_emerg("%s: text:%px len:%d put:%d head:%px data:%px tail:%#lx end:%#lx dev:%s\n", |
99d5851e | 189 | msg, addr, skb->len, sz, skb->head, skb->data, |
e005d193 JP |
190 | (unsigned long)skb->tail, (unsigned long)skb->end, |
191 | skb->dev ? skb->dev->name : "<NULL>"); | |
1da177e4 LT |
192 | BUG(); |
193 | } | |
194 | ||
f05de73b | 195 | static void skb_over_panic(struct sk_buff *skb, unsigned int sz, void *addr) |
1da177e4 | 196 | { |
f05de73b | 197 | skb_panic(skb, sz, addr, __func__); |
1da177e4 LT |
198 | } |
199 | ||
f05de73b JS |
200 | static void skb_under_panic(struct sk_buff *skb, unsigned int sz, void *addr) |
201 | { | |
202 | skb_panic(skb, sz, addr, __func__); | |
203 | } | |
c93bdd0e | 204 | |
50fad4b5 | 205 | #define NAPI_SKB_CACHE_SIZE 64 |
f450d539 AL |
206 | #define NAPI_SKB_CACHE_BULK 16 |
207 | #define NAPI_SKB_CACHE_HALF (NAPI_SKB_CACHE_SIZE / 2) | |
50fad4b5 | 208 | |
dbae2b06 PA |
209 | #if PAGE_SIZE == SZ_4K |
210 | ||
211 | #define NAPI_HAS_SMALL_PAGE_FRAG 1 | |
212 | #define NAPI_SMALL_PAGE_PFMEMALLOC(nc) ((nc).pfmemalloc) | |
213 | ||
214 | /* specialized page frag allocator using a single order 0 page | |
215 | * and slicing it into 1K sized fragment. Constrained to systems | |
216 | * with a very limited amount of 1K fragments fitting a single | |
217 | * page - to avoid excessive truesize underestimation | |
218 | */ | |
219 | ||
220 | struct page_frag_1k { | |
221 | void *va; | |
222 | u16 offset; | |
223 | bool pfmemalloc; | |
224 | }; | |
225 | ||
226 | static void *page_frag_alloc_1k(struct page_frag_1k *nc, gfp_t gfp) | |
227 | { | |
228 | struct page *page; | |
229 | int offset; | |
230 | ||
231 | offset = nc->offset - SZ_1K; | |
232 | if (likely(offset >= 0)) | |
233 | goto use_frag; | |
234 | ||
235 | page = alloc_pages_node(NUMA_NO_NODE, gfp, 0); | |
236 | if (!page) | |
237 | return NULL; | |
238 | ||
239 | nc->va = page_address(page); | |
240 | nc->pfmemalloc = page_is_pfmemalloc(page); | |
241 | offset = PAGE_SIZE - SZ_1K; | |
242 | page_ref_add(page, offset / SZ_1K); | |
243 | ||
244 | use_frag: | |
245 | nc->offset = offset; | |
246 | return nc->va + offset; | |
247 | } | |
248 | #else | |
249 | ||
250 | /* the small page is actually unused in this build; add dummy helpers | |
251 | * to please the compiler and avoid later preprocessor's conditionals | |
252 | */ | |
253 | #define NAPI_HAS_SMALL_PAGE_FRAG 0 | |
254 | #define NAPI_SMALL_PAGE_PFMEMALLOC(nc) false | |
255 | ||
256 | struct page_frag_1k { | |
257 | }; | |
258 | ||
259 | static void *page_frag_alloc_1k(struct page_frag_1k *nc, gfp_t gfp_mask) | |
260 | { | |
261 | return NULL; | |
262 | } | |
263 | ||
264 | #endif | |
265 | ||
50fad4b5 AL |
266 | struct napi_alloc_cache { |
267 | struct page_frag_cache page; | |
dbae2b06 | 268 | struct page_frag_1k page_small; |
50fad4b5 AL |
269 | unsigned int skb_count; |
270 | void *skb_cache[NAPI_SKB_CACHE_SIZE]; | |
271 | }; | |
272 | ||
273 | static DEFINE_PER_CPU(struct page_frag_cache, netdev_alloc_cache); | |
274 | static DEFINE_PER_CPU(struct napi_alloc_cache, napi_alloc_cache); | |
275 | ||
dbae2b06 PA |
276 | /* Double check that napi_get_frags() allocates skbs with |
277 | * skb->head being backed by slab, not a page fragment. | |
278 | * This is to make sure bug fixed in 3226b158e67c | |
279 | * ("net: avoid 32 x truesize under-estimation for tiny skbs") | |
280 | * does not accidentally come back. | |
281 | */ | |
282 | void napi_get_frags_check(struct napi_struct *napi) | |
283 | { | |
284 | struct sk_buff *skb; | |
285 | ||
286 | local_bh_disable(); | |
287 | skb = napi_get_frags(napi); | |
288 | WARN_ON_ONCE(!NAPI_HAS_SMALL_PAGE_FRAG && skb && skb->head_frag); | |
289 | napi_free_frags(napi); | |
290 | local_bh_enable(); | |
291 | } | |
292 | ||
32e3573f | 293 | void *__napi_alloc_frag_align(unsigned int fragsz, unsigned int align_mask) |
50fad4b5 AL |
294 | { |
295 | struct napi_alloc_cache *nc = this_cpu_ptr(&napi_alloc_cache); | |
296 | ||
50fad4b5 AL |
297 | fragsz = SKB_DATA_ALIGN(fragsz); |
298 | ||
32e3573f | 299 | return page_frag_alloc_align(&nc->page, fragsz, GFP_ATOMIC, align_mask); |
50fad4b5 AL |
300 | } |
301 | EXPORT_SYMBOL(__napi_alloc_frag_align); | |
302 | ||
303 | void *__netdev_alloc_frag_align(unsigned int fragsz, unsigned int align_mask) | |
304 | { | |
50fad4b5 AL |
305 | void *data; |
306 | ||
307 | fragsz = SKB_DATA_ALIGN(fragsz); | |
afa79d08 | 308 | if (in_hardirq() || irqs_disabled()) { |
32e3573f YD |
309 | struct page_frag_cache *nc = this_cpu_ptr(&netdev_alloc_cache); |
310 | ||
50fad4b5 AL |
311 | data = page_frag_alloc_align(nc, fragsz, GFP_ATOMIC, align_mask); |
312 | } else { | |
32e3573f YD |
313 | struct napi_alloc_cache *nc; |
314 | ||
50fad4b5 | 315 | local_bh_disable(); |
32e3573f YD |
316 | nc = this_cpu_ptr(&napi_alloc_cache); |
317 | data = page_frag_alloc_align(&nc->page, fragsz, GFP_ATOMIC, align_mask); | |
50fad4b5 AL |
318 | local_bh_enable(); |
319 | } | |
320 | return data; | |
321 | } | |
322 | EXPORT_SYMBOL(__netdev_alloc_frag_align); | |
323 | ||
f450d539 AL |
324 | static struct sk_buff *napi_skb_cache_get(void) |
325 | { | |
326 | struct napi_alloc_cache *nc = this_cpu_ptr(&napi_alloc_cache); | |
327 | struct sk_buff *skb; | |
328 | ||
49ae83fc | 329 | if (unlikely(!nc->skb_count)) { |
025a785f | 330 | nc->skb_count = kmem_cache_alloc_bulk(skbuff_cache, |
f450d539 AL |
331 | GFP_ATOMIC, |
332 | NAPI_SKB_CACHE_BULK, | |
333 | nc->skb_cache); | |
49ae83fc SPL |
334 | if (unlikely(!nc->skb_count)) |
335 | return NULL; | |
336 | } | |
f450d539 AL |
337 | |
338 | skb = nc->skb_cache[--nc->skb_count]; | |
025a785f | 339 | kasan_unpoison_object_data(skbuff_cache, skb); |
f450d539 AL |
340 | |
341 | return skb; | |
342 | } | |
343 | ||
ce098da1 KC |
344 | static inline void __finalize_skb_around(struct sk_buff *skb, void *data, |
345 | unsigned int size) | |
ba0509b6 JDB |
346 | { |
347 | struct skb_shared_info *shinfo; | |
ba0509b6 JDB |
348 | |
349 | size -= SKB_DATA_ALIGN(sizeof(struct skb_shared_info)); | |
350 | ||
351 | /* Assumes caller memset cleared SKB */ | |
352 | skb->truesize = SKB_TRUESIZE(size); | |
353 | refcount_set(&skb->users, 1); | |
354 | skb->head = data; | |
355 | skb->data = data; | |
356 | skb_reset_tail_pointer(skb); | |
763087da | 357 | skb_set_end_offset(skb, size); |
ba0509b6 JDB |
358 | skb->mac_header = (typeof(skb->mac_header))~0U; |
359 | skb->transport_header = (typeof(skb->transport_header))~0U; | |
68822bdf | 360 | skb->alloc_cpu = raw_smp_processor_id(); |
ba0509b6 JDB |
361 | /* make sure we initialize shinfo sequentially */ |
362 | shinfo = skb_shinfo(skb); | |
363 | memset(shinfo, 0, offsetof(struct skb_shared_info, dataref)); | |
364 | atomic_set(&shinfo->dataref, 1); | |
365 | ||
6370cc3b | 366 | skb_set_kcov_handle(skb, kcov_common_handle()); |
ba0509b6 JDB |
367 | } |
368 | ||
ce098da1 KC |
369 | static inline void *__slab_build_skb(struct sk_buff *skb, void *data, |
370 | unsigned int *size) | |
371 | { | |
372 | void *resized; | |
373 | ||
374 | /* Must find the allocation size (and grow it to match). */ | |
375 | *size = ksize(data); | |
376 | /* krealloc() will immediately return "data" when | |
377 | * "ksize(data)" is requested: it is the existing upper | |
378 | * bounds. As a result, GFP_ATOMIC will be ignored. Note | |
379 | * that this "new" pointer needs to be passed back to the | |
380 | * caller for use so the __alloc_size hinting will be | |
381 | * tracked correctly. | |
382 | */ | |
383 | resized = krealloc(data, *size, GFP_ATOMIC); | |
384 | WARN_ON_ONCE(resized != data); | |
385 | return resized; | |
386 | } | |
387 | ||
388 | /* build_skb() variant which can operate on slab buffers. | |
389 | * Note that this should be used sparingly as slab buffers | |
390 | * cannot be combined efficiently by GRO! | |
391 | */ | |
392 | struct sk_buff *slab_build_skb(void *data) | |
393 | { | |
394 | struct sk_buff *skb; | |
395 | unsigned int size; | |
396 | ||
025a785f | 397 | skb = kmem_cache_alloc(skbuff_cache, GFP_ATOMIC); |
ce098da1 KC |
398 | if (unlikely(!skb)) |
399 | return NULL; | |
400 | ||
401 | memset(skb, 0, offsetof(struct sk_buff, tail)); | |
402 | data = __slab_build_skb(skb, data, &size); | |
403 | __finalize_skb_around(skb, data, size); | |
404 | ||
405 | return skb; | |
406 | } | |
407 | EXPORT_SYMBOL(slab_build_skb); | |
408 | ||
409 | /* Caller must provide SKB that is memset cleared */ | |
410 | static void __build_skb_around(struct sk_buff *skb, void *data, | |
411 | unsigned int frag_size) | |
412 | { | |
413 | unsigned int size = frag_size; | |
414 | ||
415 | /* frag_size == 0 is considered deprecated now. Callers | |
416 | * using slab buffer should use slab_build_skb() instead. | |
417 | */ | |
418 | if (WARN_ONCE(size == 0, "Use slab_build_skb() instead")) | |
419 | data = __slab_build_skb(skb, data, &size); | |
420 | ||
421 | __finalize_skb_around(skb, data, size); | |
422 | } | |
423 | ||
b2b5ce9d | 424 | /** |
2ea2f62c | 425 | * __build_skb - build a network buffer |
b2b5ce9d | 426 | * @data: data buffer provided by caller |
ce098da1 | 427 | * @frag_size: size of data (must not be 0) |
b2b5ce9d ED |
428 | * |
429 | * Allocate a new &sk_buff. Caller provides space holding head and | |
ce098da1 KC |
430 | * skb_shared_info. @data must have been allocated from the page |
431 | * allocator or vmalloc(). (A @frag_size of 0 to indicate a kmalloc() | |
432 | * allocation is deprecated, and callers should use slab_build_skb() | |
433 | * instead.) | |
b2b5ce9d ED |
434 | * The return is the new skb buffer. |
435 | * On a failure the return is %NULL, and @data is not freed. | |
436 | * Notes : | |
437 | * Before IO, driver allocates only data buffer where NIC put incoming frame | |
438 | * Driver should add room at head (NET_SKB_PAD) and | |
439 | * MUST add room at tail (SKB_DATA_ALIGN(skb_shared_info)) | |
440 | * After IO, driver calls build_skb(), to allocate sk_buff and populate it | |
441 | * before giving packet to stack. | |
442 | * RX rings only contains data buffers, not full skbs. | |
443 | */ | |
2ea2f62c | 444 | struct sk_buff *__build_skb(void *data, unsigned int frag_size) |
b2b5ce9d | 445 | { |
b2b5ce9d | 446 | struct sk_buff *skb; |
b2b5ce9d | 447 | |
025a785f | 448 | skb = kmem_cache_alloc(skbuff_cache, GFP_ATOMIC); |
ba0509b6 | 449 | if (unlikely(!skb)) |
b2b5ce9d ED |
450 | return NULL; |
451 | ||
b2b5ce9d | 452 | memset(skb, 0, offsetof(struct sk_buff, tail)); |
483126b3 | 453 | __build_skb_around(skb, data, frag_size); |
b2b5ce9d | 454 | |
483126b3 | 455 | return skb; |
b2b5ce9d | 456 | } |
2ea2f62c ED |
457 | |
458 | /* build_skb() is wrapper over __build_skb(), that specifically | |
459 | * takes care of skb->head and skb->pfmemalloc | |
2ea2f62c ED |
460 | */ |
461 | struct sk_buff *build_skb(void *data, unsigned int frag_size) | |
462 | { | |
463 | struct sk_buff *skb = __build_skb(data, frag_size); | |
464 | ||
3c640126 | 465 | if (likely(skb && frag_size)) { |
2ea2f62c | 466 | skb->head_frag = 1; |
566b6701 | 467 | skb_propagate_pfmemalloc(virt_to_head_page(data), skb); |
2ea2f62c ED |
468 | } |
469 | return skb; | |
470 | } | |
b2b5ce9d ED |
471 | EXPORT_SYMBOL(build_skb); |
472 | ||
ba0509b6 JDB |
473 | /** |
474 | * build_skb_around - build a network buffer around provided skb | |
475 | * @skb: sk_buff provide by caller, must be memset cleared | |
476 | * @data: data buffer provided by caller | |
12c1604a | 477 | * @frag_size: size of data |
ba0509b6 JDB |
478 | */ |
479 | struct sk_buff *build_skb_around(struct sk_buff *skb, | |
480 | void *data, unsigned int frag_size) | |
481 | { | |
482 | if (unlikely(!skb)) | |
483 | return NULL; | |
484 | ||
483126b3 | 485 | __build_skb_around(skb, data, frag_size); |
ba0509b6 | 486 | |
483126b3 | 487 | if (frag_size) { |
ba0509b6 | 488 | skb->head_frag = 1; |
566b6701 | 489 | skb_propagate_pfmemalloc(virt_to_head_page(data), skb); |
ba0509b6 JDB |
490 | } |
491 | return skb; | |
492 | } | |
493 | EXPORT_SYMBOL(build_skb_around); | |
494 | ||
f450d539 AL |
495 | /** |
496 | * __napi_build_skb - build a network buffer | |
497 | * @data: data buffer provided by caller | |
12c1604a | 498 | * @frag_size: size of data |
f450d539 AL |
499 | * |
500 | * Version of __build_skb() that uses NAPI percpu caches to obtain | |
501 | * skbuff_head instead of inplace allocation. | |
502 | * | |
503 | * Returns a new &sk_buff on success, %NULL on allocation failure. | |
504 | */ | |
505 | static struct sk_buff *__napi_build_skb(void *data, unsigned int frag_size) | |
506 | { | |
507 | struct sk_buff *skb; | |
508 | ||
509 | skb = napi_skb_cache_get(); | |
510 | if (unlikely(!skb)) | |
511 | return NULL; | |
512 | ||
513 | memset(skb, 0, offsetof(struct sk_buff, tail)); | |
514 | __build_skb_around(skb, data, frag_size); | |
515 | ||
516 | return skb; | |
517 | } | |
518 | ||
519 | /** | |
520 | * napi_build_skb - build a network buffer | |
521 | * @data: data buffer provided by caller | |
12c1604a | 522 | * @frag_size: size of data |
f450d539 AL |
523 | * |
524 | * Version of __napi_build_skb() that takes care of skb->head_frag | |
525 | * and skb->pfmemalloc when the data is a page or page fragment. | |
526 | * | |
527 | * Returns a new &sk_buff on success, %NULL on allocation failure. | |
528 | */ | |
529 | struct sk_buff *napi_build_skb(void *data, unsigned int frag_size) | |
530 | { | |
531 | struct sk_buff *skb = __napi_build_skb(data, frag_size); | |
532 | ||
533 | if (likely(skb) && frag_size) { | |
534 | skb->head_frag = 1; | |
535 | skb_propagate_pfmemalloc(virt_to_head_page(data), skb); | |
536 | } | |
537 | ||
538 | return skb; | |
539 | } | |
540 | EXPORT_SYMBOL(napi_build_skb); | |
541 | ||
5381b23d AL |
542 | /* |
543 | * kmalloc_reserve is a wrapper around kmalloc_node_track_caller that tells | |
544 | * the caller if emergency pfmemalloc reserves are being used. If it is and | |
545 | * the socket is later found to be SOCK_MEMALLOC then PFMEMALLOC reserves | |
546 | * may be used. Otherwise, the packet data may be discarded until enough | |
547 | * memory is free | |
548 | */ | |
5c0e820c | 549 | static void *kmalloc_reserve(unsigned int *size, gfp_t flags, int node, |
ef28095f | 550 | bool *pfmemalloc) |
5381b23d | 551 | { |
5381b23d | 552 | bool ret_pfmemalloc = false; |
5c0e820c ED |
553 | unsigned int obj_size; |
554 | void *obj; | |
5381b23d | 555 | |
5c0e820c | 556 | obj_size = SKB_HEAD_ALIGN(*size); |
bf9f1baa ED |
557 | if (obj_size <= SKB_SMALL_HEAD_CACHE_SIZE && |
558 | !(flags & KMALLOC_NOT_NORMAL_BITS)) { | |
bf9f1baa ED |
559 | obj = kmem_cache_alloc_node(skb_small_head_cache, |
560 | flags | __GFP_NOMEMALLOC | __GFP_NOWARN, | |
561 | node); | |
880ce5f2 ED |
562 | *size = SKB_SMALL_HEAD_CACHE_SIZE; |
563 | if (obj || !(gfp_pfmemalloc_allowed(flags))) | |
bf9f1baa | 564 | goto out; |
880ce5f2 ED |
565 | /* Try again but now we are using pfmemalloc reserves */ |
566 | ret_pfmemalloc = true; | |
567 | obj = kmem_cache_alloc_node(skb_small_head_cache, flags, node); | |
568 | goto out; | |
bf9f1baa | 569 | } |
5c0e820c | 570 | *size = obj_size = kmalloc_size_roundup(obj_size); |
5381b23d AL |
571 | /* |
572 | * Try a regular allocation, when that fails and we're not entitled | |
573 | * to the reserves, fail. | |
574 | */ | |
5c0e820c | 575 | obj = kmalloc_node_track_caller(obj_size, |
5381b23d AL |
576 | flags | __GFP_NOMEMALLOC | __GFP_NOWARN, |
577 | node); | |
578 | if (obj || !(gfp_pfmemalloc_allowed(flags))) | |
579 | goto out; | |
580 | ||
581 | /* Try again but now we are using pfmemalloc reserves */ | |
582 | ret_pfmemalloc = true; | |
5c0e820c | 583 | obj = kmalloc_node_track_caller(obj_size, flags, node); |
5381b23d AL |
584 | |
585 | out: | |
586 | if (pfmemalloc) | |
587 | *pfmemalloc = ret_pfmemalloc; | |
588 | ||
589 | return obj; | |
590 | } | |
591 | ||
592 | /* Allocate a new skbuff. We do this ourselves so we can fill in a few | |
593 | * 'private' fields and also do memory statistics to find all the | |
594 | * [BEEP] leaks. | |
595 | * | |
596 | */ | |
597 | ||
598 | /** | |
599 | * __alloc_skb - allocate a network buffer | |
600 | * @size: size to allocate | |
601 | * @gfp_mask: allocation mask | |
602 | * @flags: If SKB_ALLOC_FCLONE is set, allocate from fclone cache | |
603 | * instead of head cache and allocate a cloned (child) skb. | |
604 | * If SKB_ALLOC_RX is set, __GFP_MEMALLOC will be used for | |
605 | * allocations in case the data is required for writeback | |
606 | * @node: numa node to allocate memory on | |
607 | * | |
608 | * Allocate a new &sk_buff. The returned buffer has no headroom and a | |
609 | * tail room of at least size bytes. The object has a reference count | |
610 | * of one. The return is the buffer. On a failure the return is %NULL. | |
611 | * | |
612 | * Buffers may only be allocated from interrupts using a @gfp_mask of | |
613 | * %GFP_ATOMIC. | |
614 | */ | |
615 | struct sk_buff *__alloc_skb(unsigned int size, gfp_t gfp_mask, | |
616 | int flags, int node) | |
617 | { | |
618 | struct kmem_cache *cache; | |
5381b23d | 619 | struct sk_buff *skb; |
5381b23d | 620 | bool pfmemalloc; |
a5df6333 | 621 | u8 *data; |
5381b23d AL |
622 | |
623 | cache = (flags & SKB_ALLOC_FCLONE) | |
025a785f | 624 | ? skbuff_fclone_cache : skbuff_cache; |
5381b23d AL |
625 | |
626 | if (sk_memalloc_socks() && (flags & SKB_ALLOC_RX)) | |
627 | gfp_mask |= __GFP_MEMALLOC; | |
628 | ||
629 | /* Get the HEAD */ | |
d13612b5 AL |
630 | if ((flags & (SKB_ALLOC_FCLONE | SKB_ALLOC_NAPI)) == SKB_ALLOC_NAPI && |
631 | likely(node == NUMA_NO_NODE || node == numa_mem_id())) | |
632 | skb = napi_skb_cache_get(); | |
633 | else | |
634 | skb = kmem_cache_alloc_node(cache, gfp_mask & ~GFP_DMA, node); | |
df1ae022 AL |
635 | if (unlikely(!skb)) |
636 | return NULL; | |
5381b23d AL |
637 | prefetchw(skb); |
638 | ||
639 | /* We do our best to align skb_shared_info on a separate cache | |
640 | * line. It usually works because kmalloc(X > SMP_CACHE_BYTES) gives | |
641 | * aligned memory blocks, unless SLUB/SLAB debug is enabled. | |
642 | * Both skb->head and skb_shared_info are cache line aligned. | |
643 | */ | |
5c0e820c | 644 | data = kmalloc_reserve(&size, gfp_mask, node, &pfmemalloc); |
df1ae022 | 645 | if (unlikely(!data)) |
5381b23d | 646 | goto nodata; |
12d6c1d3 | 647 | /* kmalloc_size_roundup() might give us more room than requested. |
5381b23d AL |
648 | * Put skb_shared_info exactly at the end of allocated zone, |
649 | * to allow max possible filling before reallocation. | |
650 | */ | |
65998d2b | 651 | prefetchw(data + SKB_WITH_OVERHEAD(size)); |
5381b23d AL |
652 | |
653 | /* | |
654 | * Only clear those fields we need to clear, not those that we will | |
655 | * actually initialise below. Hence, don't put any more fields after | |
656 | * the tail pointer in struct sk_buff! | |
657 | */ | |
658 | memset(skb, 0, offsetof(struct sk_buff, tail)); | |
65998d2b | 659 | __build_skb_around(skb, data, size); |
5381b23d | 660 | skb->pfmemalloc = pfmemalloc; |
5381b23d AL |
661 | |
662 | if (flags & SKB_ALLOC_FCLONE) { | |
663 | struct sk_buff_fclones *fclones; | |
664 | ||
665 | fclones = container_of(skb, struct sk_buff_fclones, skb1); | |
666 | ||
667 | skb->fclone = SKB_FCLONE_ORIG; | |
668 | refcount_set(&fclones->fclone_ref, 1); | |
5381b23d AL |
669 | } |
670 | ||
5381b23d | 671 | return skb; |
df1ae022 | 672 | |
5381b23d AL |
673 | nodata: |
674 | kmem_cache_free(cache, skb); | |
df1ae022 | 675 | return NULL; |
5381b23d AL |
676 | } |
677 | EXPORT_SYMBOL(__alloc_skb); | |
678 | ||
fd11a83d AD |
679 | /** |
680 | * __netdev_alloc_skb - allocate an skbuff for rx on a specific device | |
681 | * @dev: network device to receive on | |
d7499160 | 682 | * @len: length to allocate |
fd11a83d AD |
683 | * @gfp_mask: get_free_pages mask, passed to alloc_skb |
684 | * | |
685 | * Allocate a new &sk_buff and assign it a usage count of one. The | |
686 | * buffer has NET_SKB_PAD headroom built in. Users should allocate | |
687 | * the headroom they think they need without accounting for the | |
688 | * built in space. The built in space is used for optimisations. | |
689 | * | |
690 | * %NULL is returned if there is no free memory. | |
691 | */ | |
9451980a AD |
692 | struct sk_buff *__netdev_alloc_skb(struct net_device *dev, unsigned int len, |
693 | gfp_t gfp_mask) | |
fd11a83d | 694 | { |
b63ae8ca | 695 | struct page_frag_cache *nc; |
fd11a83d | 696 | struct sk_buff *skb; |
9451980a AD |
697 | bool pfmemalloc; |
698 | void *data; | |
699 | ||
700 | len += NET_SKB_PAD; | |
fd11a83d | 701 | |
66c55602 AL |
702 | /* If requested length is either too small or too big, |
703 | * we use kmalloc() for skb->head allocation. | |
704 | */ | |
705 | if (len <= SKB_WITH_OVERHEAD(1024) || | |
706 | len > SKB_WITH_OVERHEAD(PAGE_SIZE) || | |
d0164adc | 707 | (gfp_mask & (__GFP_DIRECT_RECLAIM | GFP_DMA))) { |
a080e7bd AD |
708 | skb = __alloc_skb(len, gfp_mask, SKB_ALLOC_RX, NUMA_NO_NODE); |
709 | if (!skb) | |
710 | goto skb_fail; | |
711 | goto skb_success; | |
712 | } | |
fd11a83d | 713 | |
115f1a5c | 714 | len = SKB_HEAD_ALIGN(len); |
9451980a AD |
715 | |
716 | if (sk_memalloc_socks()) | |
717 | gfp_mask |= __GFP_MEMALLOC; | |
718 | ||
afa79d08 | 719 | if (in_hardirq() || irqs_disabled()) { |
92dcabd7 SAS |
720 | nc = this_cpu_ptr(&netdev_alloc_cache); |
721 | data = page_frag_alloc(nc, len, gfp_mask); | |
722 | pfmemalloc = nc->pfmemalloc; | |
723 | } else { | |
724 | local_bh_disable(); | |
725 | nc = this_cpu_ptr(&napi_alloc_cache.page); | |
726 | data = page_frag_alloc(nc, len, gfp_mask); | |
727 | pfmemalloc = nc->pfmemalloc; | |
728 | local_bh_enable(); | |
729 | } | |
9451980a AD |
730 | |
731 | if (unlikely(!data)) | |
732 | return NULL; | |
733 | ||
734 | skb = __build_skb(data, len); | |
735 | if (unlikely(!skb)) { | |
181edb2b | 736 | skb_free_frag(data); |
9451980a | 737 | return NULL; |
7b2e497a | 738 | } |
fd11a83d | 739 | |
9451980a AD |
740 | if (pfmemalloc) |
741 | skb->pfmemalloc = 1; | |
742 | skb->head_frag = 1; | |
743 | ||
a080e7bd | 744 | skb_success: |
9451980a AD |
745 | skb_reserve(skb, NET_SKB_PAD); |
746 | skb->dev = dev; | |
747 | ||
a080e7bd | 748 | skb_fail: |
8af27456 CH |
749 | return skb; |
750 | } | |
b4ac530f | 751 | EXPORT_SYMBOL(__netdev_alloc_skb); |
1da177e4 | 752 | |
fd11a83d AD |
753 | /** |
754 | * __napi_alloc_skb - allocate skbuff for rx in a specific NAPI instance | |
755 | * @napi: napi instance this buffer was allocated for | |
d7499160 | 756 | * @len: length to allocate |
fd11a83d AD |
757 | * @gfp_mask: get_free_pages mask, passed to alloc_skb and alloc_pages |
758 | * | |
759 | * Allocate a new sk_buff for use in NAPI receive. This buffer will | |
760 | * attempt to allocate the head from a special reserved region used | |
761 | * only for NAPI Rx allocation. By doing this we can save several | |
762 | * CPU cycles by avoiding having to disable and re-enable IRQs. | |
763 | * | |
764 | * %NULL is returned if there is no free memory. | |
765 | */ | |
9451980a AD |
766 | struct sk_buff *__napi_alloc_skb(struct napi_struct *napi, unsigned int len, |
767 | gfp_t gfp_mask) | |
fd11a83d | 768 | { |
3226b158 | 769 | struct napi_alloc_cache *nc; |
fd11a83d | 770 | struct sk_buff *skb; |
dbae2b06 | 771 | bool pfmemalloc; |
9451980a AD |
772 | void *data; |
773 | ||
ee2640df | 774 | DEBUG_NET_WARN_ON_ONCE(!in_softirq()); |
9451980a | 775 | len += NET_SKB_PAD + NET_IP_ALIGN; |
fd11a83d | 776 | |
3226b158 ED |
777 | /* If requested length is either too small or too big, |
778 | * we use kmalloc() for skb->head allocation. | |
dbae2b06 PA |
779 | * When the small frag allocator is available, prefer it over kmalloc |
780 | * for small fragments | |
3226b158 | 781 | */ |
dbae2b06 | 782 | if ((!NAPI_HAS_SMALL_PAGE_FRAG && len <= SKB_WITH_OVERHEAD(1024)) || |
3226b158 | 783 | len > SKB_WITH_OVERHEAD(PAGE_SIZE) || |
d0164adc | 784 | (gfp_mask & (__GFP_DIRECT_RECLAIM | GFP_DMA))) { |
cfb8ec65 AL |
785 | skb = __alloc_skb(len, gfp_mask, SKB_ALLOC_RX | SKB_ALLOC_NAPI, |
786 | NUMA_NO_NODE); | |
a080e7bd AD |
787 | if (!skb) |
788 | goto skb_fail; | |
789 | goto skb_success; | |
790 | } | |
9451980a | 791 | |
3226b158 | 792 | nc = this_cpu_ptr(&napi_alloc_cache); |
9451980a AD |
793 | |
794 | if (sk_memalloc_socks()) | |
795 | gfp_mask |= __GFP_MEMALLOC; | |
fd11a83d | 796 | |
dbae2b06 PA |
797 | if (NAPI_HAS_SMALL_PAGE_FRAG && len <= SKB_WITH_OVERHEAD(1024)) { |
798 | /* we are artificially inflating the allocation size, but | |
799 | * that is not as bad as it may look like, as: | |
800 | * - 'len' less than GRO_MAX_HEAD makes little sense | |
801 | * - On most systems, larger 'len' values lead to fragment | |
802 | * size above 512 bytes | |
803 | * - kmalloc would use the kmalloc-1k slab for such values | |
804 | * - Builds with smaller GRO_MAX_HEAD will very likely do | |
805 | * little networking, as that implies no WiFi and no | |
806 | * tunnels support, and 32 bits arches. | |
807 | */ | |
808 | len = SZ_1K; | |
809 | ||
810 | data = page_frag_alloc_1k(&nc->page_small, gfp_mask); | |
811 | pfmemalloc = NAPI_SMALL_PAGE_PFMEMALLOC(nc->page_small); | |
812 | } else { | |
115f1a5c | 813 | len = SKB_HEAD_ALIGN(len); |
dbae2b06 PA |
814 | |
815 | data = page_frag_alloc(&nc->page, len, gfp_mask); | |
816 | pfmemalloc = nc->page.pfmemalloc; | |
817 | } | |
818 | ||
9451980a AD |
819 | if (unlikely(!data)) |
820 | return NULL; | |
821 | ||
cfb8ec65 | 822 | skb = __napi_build_skb(data, len); |
9451980a | 823 | if (unlikely(!skb)) { |
181edb2b | 824 | skb_free_frag(data); |
9451980a | 825 | return NULL; |
fd11a83d AD |
826 | } |
827 | ||
dbae2b06 | 828 | if (pfmemalloc) |
9451980a AD |
829 | skb->pfmemalloc = 1; |
830 | skb->head_frag = 1; | |
831 | ||
a080e7bd | 832 | skb_success: |
9451980a AD |
833 | skb_reserve(skb, NET_SKB_PAD + NET_IP_ALIGN); |
834 | skb->dev = napi->dev; | |
835 | ||
a080e7bd | 836 | skb_fail: |
fd11a83d AD |
837 | return skb; |
838 | } | |
839 | EXPORT_SYMBOL(__napi_alloc_skb); | |
840 | ||
654bed16 | 841 | void skb_add_rx_frag(struct sk_buff *skb, int i, struct page *page, int off, |
50269e19 | 842 | int size, unsigned int truesize) |
654bed16 PZ |
843 | { |
844 | skb_fill_page_desc(skb, i, page, off, size); | |
845 | skb->len += size; | |
846 | skb->data_len += size; | |
50269e19 | 847 | skb->truesize += truesize; |
654bed16 PZ |
848 | } |
849 | EXPORT_SYMBOL(skb_add_rx_frag); | |
850 | ||
f8e617e1 JW |
851 | void skb_coalesce_rx_frag(struct sk_buff *skb, int i, int size, |
852 | unsigned int truesize) | |
853 | { | |
854 | skb_frag_t *frag = &skb_shinfo(skb)->frags[i]; | |
855 | ||
856 | skb_frag_size_add(frag, size); | |
857 | skb->len += size; | |
858 | skb->data_len += size; | |
859 | skb->truesize += truesize; | |
860 | } | |
861 | EXPORT_SYMBOL(skb_coalesce_rx_frag); | |
862 | ||
27b437c8 | 863 | static void skb_drop_list(struct sk_buff **listp) |
1da177e4 | 864 | { |
bd8a7036 | 865 | kfree_skb_list(*listp); |
27b437c8 | 866 | *listp = NULL; |
1da177e4 LT |
867 | } |
868 | ||
27b437c8 HX |
869 | static inline void skb_drop_fraglist(struct sk_buff *skb) |
870 | { | |
871 | skb_drop_list(&skb_shinfo(skb)->frag_list); | |
872 | } | |
873 | ||
1da177e4 LT |
874 | static void skb_clone_fraglist(struct sk_buff *skb) |
875 | { | |
876 | struct sk_buff *list; | |
877 | ||
fbb398a8 | 878 | skb_walk_frags(skb, list) |
1da177e4 LT |
879 | skb_get(list); |
880 | } | |
881 | ||
75eaf63e AL |
882 | #if IS_ENABLED(CONFIG_PAGE_POOL) |
883 | bool napi_pp_put_page(struct page *page, bool napi_safe) | |
884 | { | |
5b899c33 | 885 | bool allow_direct = false; |
75eaf63e | 886 | struct page_pool *pp; |
75eaf63e AL |
887 | |
888 | page = compound_head(page); | |
889 | ||
890 | /* page->pp_magic is OR'ed with PP_SIGNATURE after the allocation | |
891 | * in order to preserve any existing bits, such as bit 0 for the | |
892 | * head page of compound page and bit 1 for pfmemalloc page, so | |
893 | * mask those bits for freeing side when doing below checking, | |
894 | * and page_is_pfmemalloc() is checked in __page_pool_put_page() | |
895 | * to avoid recycling the pfmemalloc page. | |
896 | */ | |
897 | if (unlikely((page->pp_magic & ~0x3UL) != PP_SIGNATURE)) | |
898 | return false; | |
899 | ||
900 | pp = page->pp; | |
901 | ||
902 | /* Allow direct recycle if we have reasons to believe that we are | |
903 | * in the same context as the consumer would run, so there's | |
904 | * no possible race. | |
905 | */ | |
5b899c33 AL |
906 | if (napi_safe) { |
907 | const struct napi_struct *napi = READ_ONCE(pp->p.napi); | |
908 | ||
909 | allow_direct = napi && | |
910 | READ_ONCE(napi->list_owner) == smp_processor_id(); | |
911 | } | |
75eaf63e AL |
912 | |
913 | /* Driver set this to memory recycling info. Reset it on recycle. | |
914 | * This will *not* work for NIC using a split-page memory model. | |
915 | * The page will be returned to the pool here regardless of the | |
916 | * 'flipped' fragment being in use or not. | |
917 | */ | |
918 | page_pool_put_full_page(pp, page, allow_direct); | |
919 | ||
920 | return true; | |
921 | } | |
922 | EXPORT_SYMBOL(napi_pp_put_page); | |
923 | #endif | |
924 | ||
b07a2d97 | 925 | static bool skb_pp_recycle(struct sk_buff *skb, void *data, bool napi_safe) |
4727bab4 YL |
926 | { |
927 | if (!IS_ENABLED(CONFIG_PAGE_POOL) || !skb->pp_recycle) | |
928 | return false; | |
75eaf63e | 929 | return napi_pp_put_page(virt_to_page(data), napi_safe); |
4727bab4 YL |
930 | } |
931 | ||
bf9f1baa ED |
932 | static void skb_kfree_head(void *head, unsigned int end_offset) |
933 | { | |
bf9f1baa ED |
934 | if (end_offset == SKB_SMALL_HEAD_HEADROOM) |
935 | kmem_cache_free(skb_small_head_cache, head); | |
936 | else | |
bf9f1baa ED |
937 | kfree(head); |
938 | } | |
939 | ||
b07a2d97 | 940 | static void skb_free_head(struct sk_buff *skb, bool napi_safe) |
d3836f21 | 941 | { |
181edb2b AD |
942 | unsigned char *head = skb->head; |
943 | ||
6a5bcd84 | 944 | if (skb->head_frag) { |
b07a2d97 | 945 | if (skb_pp_recycle(skb, head, napi_safe)) |
6a5bcd84 | 946 | return; |
181edb2b | 947 | skb_free_frag(head); |
6a5bcd84 | 948 | } else { |
bf9f1baa | 949 | skb_kfree_head(head, skb_end_offset(skb)); |
6a5bcd84 | 950 | } |
d3836f21 ED |
951 | } |
952 | ||
b07a2d97 JK |
953 | static void skb_release_data(struct sk_buff *skb, enum skb_drop_reason reason, |
954 | bool napi_safe) | |
1da177e4 | 955 | { |
ff04a771 ED |
956 | struct skb_shared_info *shinfo = skb_shinfo(skb); |
957 | int i; | |
1da177e4 | 958 | |
ff04a771 ED |
959 | if (skb->cloned && |
960 | atomic_sub_return(skb->nohdr ? (1 << SKB_DATAREF_SHIFT) + 1 : 1, | |
961 | &shinfo->dataref)) | |
2cc3aeb5 | 962 | goto exit; |
a6686f2f | 963 | |
753f1ca4 PB |
964 | if (skb_zcopy(skb)) { |
965 | bool skip_unref = shinfo->flags & SKBFL_MANAGED_FRAG_REFS; | |
966 | ||
967 | skb_zcopy_clear(skb, true); | |
968 | if (skip_unref) | |
969 | goto free_head; | |
970 | } | |
70c43167 | 971 | |
ff04a771 | 972 | for (i = 0; i < shinfo->nr_frags; i++) |
8c48eea3 | 973 | napi_frag_unref(&shinfo->frags[i], skb->pp_recycle, napi_safe); |
a6686f2f | 974 | |
753f1ca4 | 975 | free_head: |
ff04a771 | 976 | if (shinfo->frag_list) |
511a3eda | 977 | kfree_skb_list_reason(shinfo->frag_list, reason); |
ff04a771 | 978 | |
b07a2d97 | 979 | skb_free_head(skb, napi_safe); |
2cc3aeb5 IA |
980 | exit: |
981 | /* When we clone an SKB we copy the reycling bit. The pp_recycle | |
982 | * bit is only set on the head though, so in order to avoid races | |
983 | * while trying to recycle fragments on __skb_frag_unref() we need | |
984 | * to make one SKB responsible for triggering the recycle path. | |
985 | * So disable the recycling bit if an SKB is cloned and we have | |
58e61e41 | 986 | * additional references to the fragmented part of the SKB. |
2cc3aeb5 IA |
987 | * Eventually the last SKB will have the recycling bit set and it's |
988 | * dataref set to 0, which will trigger the recycling | |
989 | */ | |
990 | skb->pp_recycle = 0; | |
1da177e4 LT |
991 | } |
992 | ||
993 | /* | |
994 | * Free an skbuff by memory without cleaning the state. | |
995 | */ | |
2d4baff8 | 996 | static void kfree_skbmem(struct sk_buff *skb) |
1da177e4 | 997 | { |
d0bf4a9e | 998 | struct sk_buff_fclones *fclones; |
d179cd12 | 999 | |
d179cd12 DM |
1000 | switch (skb->fclone) { |
1001 | case SKB_FCLONE_UNAVAILABLE: | |
025a785f | 1002 | kmem_cache_free(skbuff_cache, skb); |
6ffe75eb | 1003 | return; |
d179cd12 DM |
1004 | |
1005 | case SKB_FCLONE_ORIG: | |
d0bf4a9e | 1006 | fclones = container_of(skb, struct sk_buff_fclones, skb1); |
d179cd12 | 1007 | |
6ffe75eb ED |
1008 | /* We usually free the clone (TX completion) before original skb |
1009 | * This test would have no chance to be true for the clone, | |
1010 | * while here, branch prediction will be good. | |
d179cd12 | 1011 | */ |
2638595a | 1012 | if (refcount_read(&fclones->fclone_ref) == 1) |
6ffe75eb ED |
1013 | goto fastpath; |
1014 | break; | |
e7820e39 | 1015 | |
6ffe75eb ED |
1016 | default: /* SKB_FCLONE_CLONE */ |
1017 | fclones = container_of(skb, struct sk_buff_fclones, skb2); | |
d179cd12 | 1018 | break; |
3ff50b79 | 1019 | } |
2638595a | 1020 | if (!refcount_dec_and_test(&fclones->fclone_ref)) |
6ffe75eb ED |
1021 | return; |
1022 | fastpath: | |
1023 | kmem_cache_free(skbuff_fclone_cache, fclones); | |
1da177e4 LT |
1024 | } |
1025 | ||
0a463c78 | 1026 | void skb_release_head_state(struct sk_buff *skb) |
1da177e4 | 1027 | { |
adf30907 | 1028 | skb_dst_drop(skb); |
9c2b3328 | 1029 | if (skb->destructor) { |
7890e2f0 | 1030 | DEBUG_NET_WARN_ON_ONCE(in_hardirq()); |
1da177e4 LT |
1031 | skb->destructor(skb); |
1032 | } | |
a3bf7ae9 | 1033 | #if IS_ENABLED(CONFIG_NF_CONNTRACK) |
cb9c6836 | 1034 | nf_conntrack_put(skb_nfct(skb)); |
1da177e4 | 1035 | #endif |
df5042f4 | 1036 | skb_ext_put(skb); |
04a4bb55 LB |
1037 | } |
1038 | ||
1039 | /* Free everything but the sk_buff shell. */ | |
b07a2d97 JK |
1040 | static void skb_release_all(struct sk_buff *skb, enum skb_drop_reason reason, |
1041 | bool napi_safe) | |
04a4bb55 LB |
1042 | { |
1043 | skb_release_head_state(skb); | |
a28b1b90 | 1044 | if (likely(skb->head)) |
b07a2d97 | 1045 | skb_release_data(skb, reason, napi_safe); |
2d4baff8 HX |
1046 | } |
1047 | ||
1048 | /** | |
1049 | * __kfree_skb - private function | |
1050 | * @skb: buffer | |
1051 | * | |
1052 | * Free an sk_buff. Release anything attached to the buffer. | |
1053 | * Clean the state. This is an internal helper function. Users should | |
1054 | * always call kfree_skb | |
1055 | */ | |
1da177e4 | 1056 | |
2d4baff8 HX |
1057 | void __kfree_skb(struct sk_buff *skb) |
1058 | { | |
b07a2d97 | 1059 | skb_release_all(skb, SKB_DROP_REASON_NOT_SPECIFIED, false); |
1da177e4 LT |
1060 | kfree_skbmem(skb); |
1061 | } | |
b4ac530f | 1062 | EXPORT_SYMBOL(__kfree_skb); |
1da177e4 | 1063 | |
a4650da2 JDB |
1064 | static __always_inline |
1065 | bool __kfree_skb_reason(struct sk_buff *skb, enum skb_drop_reason reason) | |
1066 | { | |
1067 | if (unlikely(!skb_unref(skb))) | |
1068 | return false; | |
1069 | ||
071c0fc6 JB |
1070 | DEBUG_NET_WARN_ON_ONCE(reason == SKB_NOT_DROPPED_YET || |
1071 | u32_get_bits(reason, | |
1072 | SKB_DROP_REASON_SUBSYS_MASK) >= | |
1073 | SKB_DROP_REASON_SUBSYS_NUM); | |
a4650da2 JDB |
1074 | |
1075 | if (reason == SKB_CONSUMED) | |
dd1b5278 | 1076 | trace_consume_skb(skb, __builtin_return_address(0)); |
a4650da2 JDB |
1077 | else |
1078 | trace_kfree_skb(skb, __builtin_return_address(0), reason); | |
1079 | return true; | |
1080 | } | |
1081 | ||