projects / linux-2.6-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
page_pool: add a lockdep check for recycling in hardirq
[linux-2.6-block.git] / net / core / skbuff.c
CommitLineData
2874c5fd 1// SPDX-License-Identifier: GPL-2.0-or-later
1da177e4
LT		 2/*
3 * Routines having to do with the 'struct sk_buff' memory handlers.
4 *
113aa838 5 * Authors: Alan Cox <alan@lxorguk.ukuu.org.uk>
1da177e4
LT		 6 * Florian La Roche <rzsfl@rz.uni-sb.de>
7 *
1da177e4
LT		 8 * Fixes:
9 * Alan Cox : Fixed the worst of the load
10 * balancer bugs.
11 * Dave Platt : Interrupt stacking fix.
12 * Richard Kooijman : Timestamp fixes.
13 * Alan Cox : Changed buffer format.
14 * Alan Cox : destructor hook for AF_UNIX etc.
15 * Linus Torvalds : Better skb_clone.
16 * Alan Cox : Added skb_copy.
17 * Alan Cox : Added all the changed routines Linus
18 * only put in the headers
19 * Ray VanTassle : Fixed --skb->lock in free
20 * Alan Cox : skb_copy copy arp field
21 * Andi Kleen : slabified it.
22 * Robert Olsson : Removed skb_head_pool
23 *
24 * NOTE:
25 * The __skb_ routines should be called with interrupts
26 * disabled, or you better be *real* sure that the operation is atomic
27 * with respect to whatever list is being frobbed (e.g. via lock_sock()
28 * or via disabling bottom half handlers, etc).
1da177e4
LT		 29 */
30
31/*
32 * The functions in this file will not compile correctly with gcc 2.4.x
33 */
34
e005d193
JP		 35#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
36
1da177e4
LT		 37#include <linux/module.h>
38#include <linux/types.h>
39#include <linux/kernel.h>
1da177e4
LT		 40#include <linux/mm.h>
41#include <linux/interrupt.h>
42#include <linux/in.h>
43#include <linux/inet.h>
44#include <linux/slab.h>
de960aa9
FW		 45#include <linux/tcp.h>
46#include <linux/udp.h>
90017acc 47#include <linux/sctp.h>
1da177e4
LT		 48#include <linux/netdevice.h>
49#ifdef CONFIG_NET_CLS_ACT
50#include <net/pkt_sched.h>
51#endif
52#include <linux/string.h>
53#include <linux/skbuff.h>
9c55e01c 54#include <linux/splice.h>
1da177e4
LT		 55#include <linux/cache.h>
56#include <linux/rtnetlink.h>
57#include <linux/init.h>
716ea3a7 58#include <linux/scatterlist.h>
ac45f602 59#include <linux/errqueue.h>
268bb0ce 60#include <linux/prefetch.h>
071c0fc6 61#include <linux/bitfield.h>
0d5501c1 62#include <linux/if_vlan.h>
2a2ea508 63#include <linux/mpls.h>
183f47fc 64#include <linux/kcov.h>
1da177e4
LT		 65
66#include <net/protocol.h>
67#include <net/dst.h>
68#include <net/sock.h>
69#include <net/checksum.h>
d457a0e3 70#include <net/gso.h>
ed1f50c3 71#include <net/ip6_checksum.h>
1da177e4 72#include <net/xfrm.h>
8822e270 73#include <net/mpls.h>
3ee17bc7 74#include <net/mptcp.h>
78476d31 75#include <net/mctp.h>
75eaf63e 76#include <net/page_pool/helpers.h>
071c0fc6 77#include <net/dropreason.h>
1da177e4 78
7c0f6ba6 79#include <linux/uaccess.h>
ad8d75ff 80#include <trace/events/skb.h>
51c56b00 81#include <linux/highmem.h>
b245be1f
WB		 82#include <linux/capability.h>
83#include <linux/user_namespace.h>
2544af03 84#include <linux/indirect_call_wrapper.h>
2195e2a0 85#include <linux/textsearch.h>
a1f8e7f7 86
39564c3f 87#include "dev.h"
7f678def 88#include "sock_destructor.h"
7b7ed885 89
025a785f 90struct kmem_cache *skbuff_cache __ro_after_init;
08009a76 91static struct kmem_cache *skbuff_fclone_cache __ro_after_init;
df5042f4
FW		 92#ifdef CONFIG_SKB_EXTENSIONS
93static struct kmem_cache *skbuff_ext_cache __ro_after_init;
94#endif
bf9f1baa 95
bf9f1baa 96
bf9f1baa
ED		 97static struct kmem_cache *skb_small_head_cache __ro_after_init;
98
99#define SKB_SMALL_HEAD_SIZE SKB_HEAD_ALIGN(MAX_TCP_HEADER)
100
101/* We want SKB_SMALL_HEAD_CACHE_SIZE to not be a power of two.
102 * This should ensure that SKB_SMALL_HEAD_HEADROOM is a unique
103 * size, and we can differentiate heads from skb_small_head_cache
104 * vs system slabs by looking at their size (skb_end_offset()).
105 */
106#define SKB_SMALL_HEAD_CACHE_SIZE \
107 (is_power_of_2(SKB_SMALL_HEAD_SIZE) ? \
108 (SKB_SMALL_HEAD_SIZE + L1_CACHE_BYTES) : \
109 SKB_SMALL_HEAD_SIZE)
110
111#define SKB_SMALL_HEAD_HEADROOM \
112 SKB_WITH_OVERHEAD(SKB_SMALL_HEAD_CACHE_SIZE)
bf9f1baa 113
5f74f82e
HWR		 114int sysctl_max_skb_frags __read_mostly = MAX_SKB_FRAGS;
115EXPORT_SYMBOL(sysctl_max_skb_frags);
1da177e4 116
9cb252c4
MD		 117#undef FN
118#define FN(reason) [SKB_DROP_REASON_##reason] = #reason,
071c0fc6 119static const char * const drop_reasons[] = {
0e84afe8 120 [SKB_CONSUMED] = "CONSUMED",
9cb252c4
MD		 121 DEFINE_DROP_REASON(FN, FN)
122};
071c0fc6
JB		 123
124static const struct drop_reason_list drop_reasons_core = {
125 .reasons = drop_reasons,
126 .n_reasons = ARRAY_SIZE(drop_reasons),
127};
128
129const struct drop_reason_list __rcu *
130drop_reasons_by_subsys[SKB_DROP_REASON_SUBSYS_NUM] = {
131 [SKB_DROP_REASON_SUBSYS_CORE] = RCU_INITIALIZER(&drop_reasons_core),
132};
133EXPORT_SYMBOL(drop_reasons_by_subsys);
134
135/**
136 * drop_reasons_register_subsys - register another drop reason subsystem
137 * @subsys: the subsystem to register, must not be the core
138 * @list: the list of drop reasons within the subsystem, must point to
139 * a statically initialized list
140 */
141void drop_reasons_register_subsys(enum skb_drop_reason_subsys subsys,
142 const struct drop_reason_list *list)
143{
144 if (WARN(subsys <= SKB_DROP_REASON_SUBSYS_CORE ||
145 subsys >= ARRAY_SIZE(drop_reasons_by_subsys),
146 "invalid subsystem %d\n", subsys))
147 return;
148
149 /* must point to statically allocated memory, so INIT is OK */
150 RCU_INIT_POINTER(drop_reasons_by_subsys[subsys], list);
151}
152EXPORT_SYMBOL_GPL(drop_reasons_register_subsys);
153
154/**
155 * drop_reasons_unregister_subsys - unregister a drop reason subsystem
156 * @subsys: the subsystem to remove, must not be the core
157 *
158 * Note: This will synchronize_rcu() to ensure no users when it returns.
159 */
160void drop_reasons_unregister_subsys(enum skb_drop_reason_subsys subsys)
161{
162 if (WARN(subsys <= SKB_DROP_REASON_SUBSYS_CORE ||
163 subsys >= ARRAY_SIZE(drop_reasons_by_subsys),
164 "invalid subsystem %d\n", subsys))
165 return;
166
167 RCU_INIT_POINTER(drop_reasons_by_subsys[subsys], NULL);
168
169 synchronize_rcu();
170}
171EXPORT_SYMBOL_GPL(drop_reasons_unregister_subsys);
ec43908d 172
1da177e4 173/**
f05de73b
JS		 174 * skb_panic - private function for out-of-line support
175 * @skb: buffer
176 * @sz: size
177 * @addr: address
99d5851e 178 * @msg: skb_over_panic or skb_under_panic
1da177e4 179 *
f05de73b
JS		 180 * Out-of-line support for skb_put() and skb_push().
181 * Called via the wrapper skb_over_panic() or skb_under_panic().
182 * Keep out of line to prevent kernel bloat.
183 * __builtin_return_address is not used because it is not always reliable.
1da177e4 184 */
f05de73b 185static void skb_panic(struct sk_buff *skb, unsigned int sz, void *addr,
99d5851e 186 const char msg[])
1da177e4 187{
41a46913 188 pr_emerg("%s: text:%px len:%d put:%d head:%px data:%px tail:%#lx end:%#lx dev:%s\n",
99d5851e 189 msg, addr, skb->len, sz, skb->head, skb->data,
e005d193
JP		 190 (unsigned long)skb->tail, (unsigned long)skb->end,
191 skb->dev ? skb->dev->name : "<NULL>");
1da177e4
LT		 192 BUG();
193}
194
f05de73b 195static void skb_over_panic(struct sk_buff *skb, unsigned int sz, void *addr)
1da177e4 196{
f05de73b 197 skb_panic(skb, sz, addr, __func__);
1da177e4
LT		 198}
199
f05de73b
JS		 200static void skb_under_panic(struct sk_buff *skb, unsigned int sz, void *addr)
201{
202 skb_panic(skb, sz, addr, __func__);
203}
c93bdd0e 204
50fad4b5 205#define NAPI_SKB_CACHE_SIZE 64
f450d539
AL		 206#define NAPI_SKB_CACHE_BULK 16
207#define NAPI_SKB_CACHE_HALF (NAPI_SKB_CACHE_SIZE / 2)
50fad4b5 208
dbae2b06
PA		 209#if PAGE_SIZE == SZ_4K
210
211#define NAPI_HAS_SMALL_PAGE_FRAG 1
212#define NAPI_SMALL_PAGE_PFMEMALLOC(nc) ((nc).pfmemalloc)
213
214/* specialized page frag allocator using a single order 0 page
215 * and slicing it into 1K sized fragment. Constrained to systems
216 * with a very limited amount of 1K fragments fitting a single
217 * page - to avoid excessive truesize underestimation
218 */
219
220struct page_frag_1k {
221 void *va;
222 u16 offset;
223 bool pfmemalloc;
224};
225
226static void *page_frag_alloc_1k(struct page_frag_1k *nc, gfp_t gfp)
227{
228 struct page *page;
229 int offset;
230
231 offset = nc->offset - SZ_1K;
232 if (likely(offset >= 0))
233 goto use_frag;
234
235 page = alloc_pages_node(NUMA_NO_NODE, gfp, 0);
236 if (!page)
237 return NULL;
238
239 nc->va = page_address(page);
240 nc->pfmemalloc = page_is_pfmemalloc(page);
241 offset = PAGE_SIZE - SZ_1K;
242 page_ref_add(page, offset / SZ_1K);
243
244use_frag:
245 nc->offset = offset;
246 return nc->va + offset;
247}
248#else
249
250/* the small page is actually unused in this build; add dummy helpers
251 * to please the compiler and avoid later preprocessor's conditionals
252 */
253#define NAPI_HAS_SMALL_PAGE_FRAG 0
254#define NAPI_SMALL_PAGE_PFMEMALLOC(nc) false
255
256struct page_frag_1k {
257};
258
259static void *page_frag_alloc_1k(struct page_frag_1k *nc, gfp_t gfp_mask)
260{
261 return NULL;
262}
263
264#endif
265
50fad4b5
AL		 266struct napi_alloc_cache {
267 struct page_frag_cache page;
dbae2b06 268 struct page_frag_1k page_small;
50fad4b5
AL		 269 unsigned int skb_count;
270 void *skb_cache[NAPI_SKB_CACHE_SIZE];
271};
272
273static DEFINE_PER_CPU(struct page_frag_cache, netdev_alloc_cache);
274static DEFINE_PER_CPU(struct napi_alloc_cache, napi_alloc_cache);
275
dbae2b06
PA		 276/* Double check that napi_get_frags() allocates skbs with
277 * skb->head being backed by slab, not a page fragment.
278 * This is to make sure bug fixed in 3226b158e67c
279 * ("net: avoid 32 x truesize under-estimation for tiny skbs")
280 * does not accidentally come back.
281 */
282void napi_get_frags_check(struct napi_struct *napi)
283{
284 struct sk_buff *skb;
285
286 local_bh_disable();
287 skb = napi_get_frags(napi);
288 WARN_ON_ONCE(!NAPI_HAS_SMALL_PAGE_FRAG && skb && skb->head_frag);
289 napi_free_frags(napi);
290 local_bh_enable();
291}
292
32e3573f 293void *__napi_alloc_frag_align(unsigned int fragsz, unsigned int align_mask)
50fad4b5
AL		 294{
295 struct napi_alloc_cache *nc = this_cpu_ptr(&napi_alloc_cache);
296
50fad4b5
AL		 297 fragsz = SKB_DATA_ALIGN(fragsz);
298
32e3573f 299 return page_frag_alloc_align(&nc->page, fragsz, GFP_ATOMIC, align_mask);
50fad4b5
AL		 300}
301EXPORT_SYMBOL(__napi_alloc_frag_align);
302
303void *__netdev_alloc_frag_align(unsigned int fragsz, unsigned int align_mask)
304{
50fad4b5
AL		 305 void *data;
306
307 fragsz = SKB_DATA_ALIGN(fragsz);
afa79d08 308 if (in_hardirq() || irqs_disabled()) {
32e3573f
YD		 309 struct page_frag_cache *nc = this_cpu_ptr(&netdev_alloc_cache);
310
50fad4b5
AL		 311 data = page_frag_alloc_align(nc, fragsz, GFP_ATOMIC, align_mask);
312 } else {
32e3573f
YD		 313 struct napi_alloc_cache *nc;
314
50fad4b5 315 local_bh_disable();
32e3573f
YD		 316 nc = this_cpu_ptr(&napi_alloc_cache);
317 data = page_frag_alloc_align(&nc->page, fragsz, GFP_ATOMIC, align_mask);
50fad4b5
AL		 318 local_bh_enable();
319 }
320 return data;
321}
322EXPORT_SYMBOL(__netdev_alloc_frag_align);
323
f450d539
AL		 324static struct sk_buff *napi_skb_cache_get(void)
325{
326 struct napi_alloc_cache *nc = this_cpu_ptr(&napi_alloc_cache);
327 struct sk_buff *skb;
328
49ae83fc 329 if (unlikely(!nc->skb_count)) {
025a785f 330 nc->skb_count = kmem_cache_alloc_bulk(skbuff_cache,
f450d539
AL		 331 GFP_ATOMIC,
332 NAPI_SKB_CACHE_BULK,
333 nc->skb_cache);
49ae83fc
SPL		 334 if (unlikely(!nc->skb_count))
335 return NULL;
336 }
f450d539
AL		 337
338 skb = nc->skb_cache[--nc->skb_count];
025a785f 339 kasan_unpoison_object_data(skbuff_cache, skb);
f450d539
AL		 340
341 return skb;
342}
343
ce098da1
KC		 344static inline void __finalize_skb_around(struct sk_buff *skb, void *data,
345 unsigned int size)
ba0509b6
JDB		 346{
347 struct skb_shared_info *shinfo;
ba0509b6
JDB		 348
349 size -= SKB_DATA_ALIGN(sizeof(struct skb_shared_info));
350
351 /* Assumes caller memset cleared SKB */
352 skb->truesize = SKB_TRUESIZE(size);
353 refcount_set(&skb->users, 1);
354 skb->head = data;
355 skb->data = data;
356 skb_reset_tail_pointer(skb);
763087da 357 skb_set_end_offset(skb, size);
ba0509b6
JDB		 358 skb->mac_header = (typeof(skb->mac_header))~0U;
359 skb->transport_header = (typeof(skb->transport_header))~0U;
68822bdf 360 skb->alloc_cpu = raw_smp_processor_id();
ba0509b6
JDB		 361 /* make sure we initialize shinfo sequentially */
362 shinfo = skb_shinfo(skb);
363 memset(shinfo, 0, offsetof(struct skb_shared_info, dataref));
364 atomic_set(&shinfo->dataref, 1);
365
6370cc3b 366 skb_set_kcov_handle(skb, kcov_common_handle());
ba0509b6
JDB		 367}
368
ce098da1
KC		 369static inline void *__slab_build_skb(struct sk_buff *skb, void *data,
370 unsigned int *size)
371{
372 void *resized;
373
374 /* Must find the allocation size (and grow it to match). */
375 *size = ksize(data);
376 /* krealloc() will immediately return "data" when
377 * "ksize(data)" is requested: it is the existing upper
378 * bounds. As a result, GFP_ATOMIC will be ignored. Note
379 * that this "new" pointer needs to be passed back to the
380 * caller for use so the __alloc_size hinting will be
381 * tracked correctly.
382 */
383 resized = krealloc(data, *size, GFP_ATOMIC);
384 WARN_ON_ONCE(resized != data);
385 return resized;
386}
387
388/* build_skb() variant which can operate on slab buffers.
389 * Note that this should be used sparingly as slab buffers
390 * cannot be combined efficiently by GRO!
391 */
392struct sk_buff *slab_build_skb(void *data)
393{
394 struct sk_buff *skb;
395 unsigned int size;
396
025a785f 397 skb = kmem_cache_alloc(skbuff_cache, GFP_ATOMIC);
ce098da1
KC		 398 if (unlikely(!skb))
399 return NULL;
400
401 memset(skb, 0, offsetof(struct sk_buff, tail));
402 data = __slab_build_skb(skb, data, &size);
403 __finalize_skb_around(skb, data, size);
404
405 return skb;
406}
407EXPORT_SYMBOL(slab_build_skb);
408
409/* Caller must provide SKB that is memset cleared */
410static void __build_skb_around(struct sk_buff *skb, void *data,
411 unsigned int frag_size)
412{
413 unsigned int size = frag_size;
414
415 /* frag_size == 0 is considered deprecated now. Callers
416 * using slab buffer should use slab_build_skb() instead.
417 */
418 if (WARN_ONCE(size == 0, "Use slab_build_skb() instead"))
419 data = __slab_build_skb(skb, data, &size);
420
421 __finalize_skb_around(skb, data, size);
422}
423
b2b5ce9d 424/**
2ea2f62c 425 * __build_skb - build a network buffer
b2b5ce9d 426 * @data: data buffer provided by caller
ce098da1 427 * @frag_size: size of data (must not be 0)
b2b5ce9d
ED		 428 *
429 * Allocate a new &sk_buff. Caller provides space holding head and
ce098da1
KC		 430 * skb_shared_info. @data must have been allocated from the page
431 * allocator or vmalloc(). (A @frag_size of 0 to indicate a kmalloc()
432 * allocation is deprecated, and callers should use slab_build_skb()
433 * instead.)
b2b5ce9d
ED		 434 * The return is the new skb buffer.
435 * On a failure the return is %NULL, and @data is not freed.
436 * Notes :
437 * Before IO, driver allocates only data buffer where NIC put incoming frame
438 * Driver should add room at head (NET_SKB_PAD) and
439 * MUST add room at tail (SKB_DATA_ALIGN(skb_shared_info))
440 * After IO, driver calls build_skb(), to allocate sk_buff and populate it
441 * before giving packet to stack.
442 * RX rings only contains data buffers, not full skbs.
443 */
2ea2f62c 444struct sk_buff *__build_skb(void *data, unsigned int frag_size)
b2b5ce9d 445{
b2b5ce9d 446 struct sk_buff *skb;
b2b5ce9d 447
025a785f 448 skb = kmem_cache_alloc(skbuff_cache, GFP_ATOMIC);
ba0509b6 449 if (unlikely(!skb))
b2b5ce9d
ED		 450 return NULL;
451
b2b5ce9d 452 memset(skb, 0, offsetof(struct sk_buff, tail));
483126b3 453 __build_skb_around(skb, data, frag_size);
b2b5ce9d 454
483126b3 455 return skb;
b2b5ce9d 456}
2ea2f62c
ED		 457
458/* build_skb() is wrapper over __build_skb(), that specifically
459 * takes care of skb->head and skb->pfmemalloc
2ea2f62c
ED		 460 */
461struct sk_buff *build_skb(void *data, unsigned int frag_size)
462{
463 struct sk_buff *skb = __build_skb(data, frag_size);
464
3c640126 465 if (likely(skb && frag_size)) {
2ea2f62c 466 skb->head_frag = 1;
566b6701 467 skb_propagate_pfmemalloc(virt_to_head_page(data), skb);
2ea2f62c
ED		 468 }
469 return skb;
470}
b2b5ce9d
ED		 471EXPORT_SYMBOL(build_skb);
472
ba0509b6
JDB		 473/**
474 * build_skb_around - build a network buffer around provided skb
475 * @skb: sk_buff provide by caller, must be memset cleared
476 * @data: data buffer provided by caller
12c1604a 477 * @frag_size: size of data
ba0509b6
JDB		 478 */
479struct sk_buff *build_skb_around(struct sk_buff *skb,
480 void *data, unsigned int frag_size)
481{
482 if (unlikely(!skb))
483 return NULL;
484
483126b3 485 __build_skb_around(skb, data, frag_size);
ba0509b6 486
483126b3 487 if (frag_size) {
ba0509b6 488 skb->head_frag = 1;
566b6701 489 skb_propagate_pfmemalloc(virt_to_head_page(data), skb);
ba0509b6
JDB		 490 }
491 return skb;
492}
493EXPORT_SYMBOL(build_skb_around);
494
f450d539
AL		 495/**
496 * __napi_build_skb - build a network buffer
497 * @data: data buffer provided by caller
12c1604a 498 * @frag_size: size of data
f450d539
AL		 499 *
500 * Version of __build_skb() that uses NAPI percpu caches to obtain
501 * skbuff_head instead of inplace allocation.
502 *
503 * Returns a new &sk_buff on success, %NULL on allocation failure.
504 */
505static struct sk_buff *__napi_build_skb(void *data, unsigned int frag_size)
506{
507 struct sk_buff *skb;
508
509 skb = napi_skb_cache_get();
510 if (unlikely(!skb))
511 return NULL;
512
513 memset(skb, 0, offsetof(struct sk_buff, tail));
514 __build_skb_around(skb, data, frag_size);
515
516 return skb;
517}
518
519/**
520 * napi_build_skb - build a network buffer
521 * @data: data buffer provided by caller
12c1604a 522 * @frag_size: size of data
f450d539
AL		 523 *
524 * Version of __napi_build_skb() that takes care of skb->head_frag
525 * and skb->pfmemalloc when the data is a page or page fragment.
526 *
527 * Returns a new &sk_buff on success, %NULL on allocation failure.
528 */
529struct sk_buff *napi_build_skb(void *data, unsigned int frag_size)
530{
531 struct sk_buff *skb = __napi_build_skb(data, frag_size);
532
533 if (likely(skb) && frag_size) {
534 skb->head_frag = 1;
535 skb_propagate_pfmemalloc(virt_to_head_page(data), skb);
536 }
537
538 return skb;
539}
540EXPORT_SYMBOL(napi_build_skb);
541
5381b23d
AL		 542/*
543 * kmalloc_reserve is a wrapper around kmalloc_node_track_caller that tells
544 * the caller if emergency pfmemalloc reserves are being used. If it is and
545 * the socket is later found to be SOCK_MEMALLOC then PFMEMALLOC reserves
546 * may be used. Otherwise, the packet data may be discarded until enough
547 * memory is free
548 */
5c0e820c 549static void *kmalloc_reserve(unsigned int *size, gfp_t flags, int node,
ef28095f 550 bool *pfmemalloc)
5381b23d 551{
5381b23d 552 bool ret_pfmemalloc = false;
5c0e820c
ED		 553 unsigned int obj_size;
554 void *obj;
5381b23d 555
5c0e820c 556 obj_size = SKB_HEAD_ALIGN(*size);
bf9f1baa
ED		 557 if (obj_size <= SKB_SMALL_HEAD_CACHE_SIZE &&
558 !(flags & KMALLOC_NOT_NORMAL_BITS)) {
bf9f1baa
ED		 559 obj = kmem_cache_alloc_node(skb_small_head_cache,
560 flags | __GFP_NOMEMALLOC | __GFP_NOWARN,
561 node);
880ce5f2
ED		 562 *size = SKB_SMALL_HEAD_CACHE_SIZE;
563 if (obj || !(gfp_pfmemalloc_allowed(flags)))
bf9f1baa 564 goto out;
880ce5f2
ED		 565 /* Try again but now we are using pfmemalloc reserves */
566 ret_pfmemalloc = true;
567 obj = kmem_cache_alloc_node(skb_small_head_cache, flags, node);
568 goto out;
bf9f1baa 569 }
5c0e820c 570 *size = obj_size = kmalloc_size_roundup(obj_size);
5381b23d
AL		 571 /*
572 * Try a regular allocation, when that fails and we're not entitled
573 * to the reserves, fail.
574 */
5c0e820c 575 obj = kmalloc_node_track_caller(obj_size,
5381b23d
AL		 576 flags | __GFP_NOMEMALLOC | __GFP_NOWARN,
577 node);
578 if (obj || !(gfp_pfmemalloc_allowed(flags)))
579 goto out;
580
581 /* Try again but now we are using pfmemalloc reserves */
582 ret_pfmemalloc = true;
5c0e820c 583 obj = kmalloc_node_track_caller(obj_size, flags, node);
5381b23d
AL		 584
585out:
586 if (pfmemalloc)
587 *pfmemalloc = ret_pfmemalloc;
588
589 return obj;
590}
591
592/* Allocate a new skbuff. We do this ourselves so we can fill in a few
593 * 'private' fields and also do memory statistics to find all the
594 * [BEEP] leaks.
595 *
596 */
597
598/**
599 * __alloc_skb - allocate a network buffer
600 * @size: size to allocate
601 * @gfp_mask: allocation mask
602 * @flags: If SKB_ALLOC_FCLONE is set, allocate from fclone cache
603 * instead of head cache and allocate a cloned (child) skb.
604 * If SKB_ALLOC_RX is set, __GFP_MEMALLOC will be used for
605 * allocations in case the data is required for writeback
606 * @node: numa node to allocate memory on
607 *
608 * Allocate a new &sk_buff. The returned buffer has no headroom and a
609 * tail room of at least size bytes. The object has a reference count
610 * of one. The return is the buffer. On a failure the return is %NULL.
611 *
612 * Buffers may only be allocated from interrupts using a @gfp_mask of
613 * %GFP_ATOMIC.
614 */
615struct sk_buff *__alloc_skb(unsigned int size, gfp_t gfp_mask,
616 int flags, int node)
617{
618 struct kmem_cache *cache;
5381b23d 619 struct sk_buff *skb;
5381b23d 620 bool pfmemalloc;
a5df6333 621 u8 *data;
5381b23d
AL		 622
623 cache = (flags & SKB_ALLOC_FCLONE)
025a785f 624 ? skbuff_fclone_cache : skbuff_cache;
5381b23d
AL		 625
626 if (sk_memalloc_socks() && (flags & SKB_ALLOC_RX))
627 gfp_mask |= __GFP_MEMALLOC;
628
629 /* Get the HEAD */
d13612b5
AL		 630 if ((flags & (SKB_ALLOC_FCLONE | SKB_ALLOC_NAPI)) == SKB_ALLOC_NAPI &&
631 likely(node == NUMA_NO_NODE || node == numa_mem_id()))
632 skb = napi_skb_cache_get();
633 else
634 skb = kmem_cache_alloc_node(cache, gfp_mask & ~GFP_DMA, node);
df1ae022
AL		 635 if (unlikely(!skb))
636 return NULL;
5381b23d
AL		 637 prefetchw(skb);
638
639 /* We do our best to align skb_shared_info on a separate cache
640 * line. It usually works because kmalloc(X > SMP_CACHE_BYTES) gives
641 * aligned memory blocks, unless SLUB/SLAB debug is enabled.
642 * Both skb->head and skb_shared_info are cache line aligned.
643 */
5c0e820c 644 data = kmalloc_reserve(&size, gfp_mask, node, &pfmemalloc);
df1ae022 645 if (unlikely(!data))
5381b23d 646 goto nodata;
12d6c1d3 647 /* kmalloc_size_roundup() might give us more room than requested.
5381b23d
AL		 648 * Put skb_shared_info exactly at the end of allocated zone,
649 * to allow max possible filling before reallocation.
650 */
65998d2b 651 prefetchw(data + SKB_WITH_OVERHEAD(size));
5381b23d
AL		 652
653 /*
654 * Only clear those fields we need to clear, not those that we will
655 * actually initialise below. Hence, don't put any more fields after
656 * the tail pointer in struct sk_buff!
657 */
658 memset(skb, 0, offsetof(struct sk_buff, tail));
65998d2b 659 __build_skb_around(skb, data, size);
5381b23d 660 skb->pfmemalloc = pfmemalloc;
5381b23d
AL		 661
662 if (flags & SKB_ALLOC_FCLONE) {
663 struct sk_buff_fclones *fclones;
664
665 fclones = container_of(skb, struct sk_buff_fclones, skb1);
666
667 skb->fclone = SKB_FCLONE_ORIG;
668 refcount_set(&fclones->fclone_ref, 1);
5381b23d
AL		 669 }
670
5381b23d 671 return skb;
df1ae022 672
5381b23d
AL		 673nodata:
674 kmem_cache_free(cache, skb);
df1ae022 675 return NULL;
5381b23d
AL		 676}
677EXPORT_SYMBOL(__alloc_skb);
678
fd11a83d
AD		 679/**
680 * __netdev_alloc_skb - allocate an skbuff for rx on a specific device
681 * @dev: network device to receive on
d7499160 682 * @len: length to allocate
fd11a83d
AD		 683 * @gfp_mask: get_free_pages mask, passed to alloc_skb
684 *
685 * Allocate a new &sk_buff and assign it a usage count of one. The
686 * buffer has NET_SKB_PAD headroom built in. Users should allocate
687 * the headroom they think they need without accounting for the
688 * built in space. The built in space is used for optimisations.
689 *
690 * %NULL is returned if there is no free memory.
691 */
9451980a
AD		 692struct sk_buff *__netdev_alloc_skb(struct net_device *dev, unsigned int len,
693 gfp_t gfp_mask)
fd11a83d 694{
b63ae8ca 695 struct page_frag_cache *nc;
fd11a83d 696 struct sk_buff *skb;
9451980a
AD		 697 bool pfmemalloc;
698 void *data;
699
700 len += NET_SKB_PAD;
fd11a83d 701
66c55602
AL		 702 /* If requested length is either too small or too big,
703 * we use kmalloc() for skb->head allocation.
704 */
705 if (len <= SKB_WITH_OVERHEAD(1024) ||
706 len > SKB_WITH_OVERHEAD(PAGE_SIZE) ||
d0164adc 707 (gfp_mask & (__GFP_DIRECT_RECLAIM | GFP_DMA))) {
a080e7bd
AD		 708 skb = __alloc_skb(len, gfp_mask, SKB_ALLOC_RX, NUMA_NO_NODE);
709 if (!skb)
710 goto skb_fail;
711 goto skb_success;
712 }
fd11a83d 713
115f1a5c 714 len = SKB_HEAD_ALIGN(len);
9451980a
AD		 715
716 if (sk_memalloc_socks())
717 gfp_mask |= __GFP_MEMALLOC;
718
afa79d08 719 if (in_hardirq() || irqs_disabled()) {
92dcabd7
SAS		 720 nc = this_cpu_ptr(&netdev_alloc_cache);
721 data = page_frag_alloc(nc, len, gfp_mask);
722 pfmemalloc = nc->pfmemalloc;
723 } else {
724 local_bh_disable();
725 nc = this_cpu_ptr(&napi_alloc_cache.page);
726 data = page_frag_alloc(nc, len, gfp_mask);
727 pfmemalloc = nc->pfmemalloc;
728 local_bh_enable();
729 }
9451980a
AD		 730
731 if (unlikely(!data))
732 return NULL;
733
734 skb = __build_skb(data, len);
735 if (unlikely(!skb)) {
181edb2b 736 skb_free_frag(data);
9451980a 737 return NULL;
7b2e497a 738 }
fd11a83d 739
9451980a
AD		 740 if (pfmemalloc)
741 skb->pfmemalloc = 1;
742 skb->head_frag = 1;
743
a080e7bd 744skb_success:
9451980a
AD		 745 skb_reserve(skb, NET_SKB_PAD);
746 skb->dev = dev;
747
a080e7bd 748skb_fail:
8af27456
CH		 749 return skb;
750}
b4ac530f 751EXPORT_SYMBOL(__netdev_alloc_skb);
1da177e4 752
fd11a83d
AD		 753/**
754 * __napi_alloc_skb - allocate skbuff for rx in a specific NAPI instance
755 * @napi: napi instance this buffer was allocated for
d7499160 756 * @len: length to allocate
fd11a83d
AD		 757 * @gfp_mask: get_free_pages mask, passed to alloc_skb and alloc_pages
758 *
759 * Allocate a new sk_buff for use in NAPI receive. This buffer will
760 * attempt to allocate the head from a special reserved region used
761 * only for NAPI Rx allocation. By doing this we can save several
762 * CPU cycles by avoiding having to disable and re-enable IRQs.
763 *
764 * %NULL is returned if there is no free memory.
765 */
9451980a
AD		 766struct sk_buff *__napi_alloc_skb(struct napi_struct *napi, unsigned int len,
767 gfp_t gfp_mask)
fd11a83d 768{
3226b158 769 struct napi_alloc_cache *nc;
fd11a83d 770 struct sk_buff *skb;
dbae2b06 771 bool pfmemalloc;
9451980a
AD		 772 void *data;
773
ee2640df 774 DEBUG_NET_WARN_ON_ONCE(!in_softirq());
9451980a 775 len += NET_SKB_PAD + NET_IP_ALIGN;
fd11a83d 776
3226b158
ED		 777 /* If requested length is either too small or too big,
778 * we use kmalloc() for skb->head allocation.
dbae2b06
PA		 779 * When the small frag allocator is available, prefer it over kmalloc
780 * for small fragments
3226b158 781 */
dbae2b06 782 if ((!NAPI_HAS_SMALL_PAGE_FRAG && len <= SKB_WITH_OVERHEAD(1024)) ||
3226b158 783 len > SKB_WITH_OVERHEAD(PAGE_SIZE) ||
d0164adc 784 (gfp_mask & (__GFP_DIRECT_RECLAIM | GFP_DMA))) {
cfb8ec65
AL		 785 skb = __alloc_skb(len, gfp_mask, SKB_ALLOC_RX | SKB_ALLOC_NAPI,
786 NUMA_NO_NODE);
a080e7bd
AD		 787 if (!skb)
788 goto skb_fail;
789 goto skb_success;
790 }
9451980a 791
3226b158 792 nc = this_cpu_ptr(&napi_alloc_cache);
9451980a
AD		 793
794 if (sk_memalloc_socks())
795 gfp_mask |= __GFP_MEMALLOC;
fd11a83d 796
dbae2b06
PA		 797 if (NAPI_HAS_SMALL_PAGE_FRAG && len <= SKB_WITH_OVERHEAD(1024)) {
798 /* we are artificially inflating the allocation size, but
799 * that is not as bad as it may look like, as:
800 * - 'len' less than GRO_MAX_HEAD makes little sense
801 * - On most systems, larger 'len' values lead to fragment
802 * size above 512 bytes
803 * - kmalloc would use the kmalloc-1k slab for such values
804 * - Builds with smaller GRO_MAX_HEAD will very likely do
805 * little networking, as that implies no WiFi and no
806 * tunnels support, and 32 bits arches.
807 */
808 len = SZ_1K;
809
810 data = page_frag_alloc_1k(&nc->page_small, gfp_mask);
811 pfmemalloc = NAPI_SMALL_PAGE_PFMEMALLOC(nc->page_small);
812 } else {
115f1a5c 813 len = SKB_HEAD_ALIGN(len);
dbae2b06
PA		 814
815 data = page_frag_alloc(&nc->page, len, gfp_mask);
816 pfmemalloc = nc->page.pfmemalloc;
817 }
818
9451980a
AD		 819 if (unlikely(!data))
820 return NULL;
821
cfb8ec65 822 skb = __napi_build_skb(data, len);
9451980a 823 if (unlikely(!skb)) {
181edb2b 824 skb_free_frag(data);
9451980a 825 return NULL;
fd11a83d
AD		 826 }
827
dbae2b06 828 if (pfmemalloc)
9451980a
AD		 829 skb->pfmemalloc = 1;
830 skb->head_frag = 1;
831
a080e7bd 832skb_success:
9451980a
AD		 833 skb_reserve(skb, NET_SKB_PAD + NET_IP_ALIGN);
834 skb->dev = napi->dev;
835
a080e7bd 836skb_fail:
fd11a83d
AD		 837 return skb;
838}
839EXPORT_SYMBOL(__napi_alloc_skb);
840
654bed16 841void skb_add_rx_frag(struct sk_buff *skb, int i, struct page *page, int off,
50269e19 842 int size, unsigned int truesize)
654bed16
PZ		 843{
844 skb_fill_page_desc(skb, i, page, off, size);
845 skb->len += size;
846 skb->data_len += size;
50269e19 847 skb->truesize += truesize;
654bed16
PZ		 848}
849EXPORT_SYMBOL(skb_add_rx_frag);
850
f8e617e1
JW		 851void skb_coalesce_rx_frag(struct sk_buff *skb, int i, int size,
852 unsigned int truesize)
853{
854 skb_frag_t *frag = &skb_shinfo(skb)->frags[i];
855
856 skb_frag_size_add(frag, size);
857 skb->len += size;
858 skb->data_len += size;
859 skb->truesize += truesize;
860}
861EXPORT_SYMBOL(skb_coalesce_rx_frag);
862
27b437c8 863static void skb_drop_list(struct sk_buff **listp)
1da177e4 864{
bd8a7036 865 kfree_skb_list(*listp);
27b437c8 866 *listp = NULL;
1da177e4
LT		 867}
868
27b437c8
HX		 869static inline void skb_drop_fraglist(struct sk_buff *skb)
870{
871 skb_drop_list(&skb_shinfo(skb)->frag_list);
872}
873
1da177e4
LT		 874static void skb_clone_fraglist(struct sk_buff *skb)
875{
876 struct sk_buff *list;
877
fbb398a8 878 skb_walk_frags(skb, list)
1da177e4
LT		 879 skb_get(list);
880}
881
75eaf63e
AL		 882#if IS_ENABLED(CONFIG_PAGE_POOL)
883bool napi_pp_put_page(struct page *page, bool napi_safe)
884{
5b899c33 885 bool allow_direct = false;
75eaf63e 886 struct page_pool *pp;
75eaf63e
AL		 887
888 page = compound_head(page);
889
890 /* page->pp_magic is OR'ed with PP_SIGNATURE after the allocation
891 * in order to preserve any existing bits, such as bit 0 for the
892 * head page of compound page and bit 1 for pfmemalloc page, so
893 * mask those bits for freeing side when doing below checking,
894 * and page_is_pfmemalloc() is checked in __page_pool_put_page()
895 * to avoid recycling the pfmemalloc page.
896 */
897 if (unlikely((page->pp_magic & ~0x3UL) != PP_SIGNATURE))
898 return false;
899
900 pp = page->pp;
901
902 /* Allow direct recycle if we have reasons to believe that we are
903 * in the same context as the consumer would run, so there's
904 * no possible race.
905 */
5b899c33
AL		 906 if (napi_safe) {
907 const struct napi_struct *napi = READ_ONCE(pp->p.napi);
908
909 allow_direct = napi &&
910 READ_ONCE(napi->list_owner) == smp_processor_id();
911 }
75eaf63e
AL		 912
913 /* Driver set this to memory recycling info. Reset it on recycle.
914 * This will *not* work for NIC using a split-page memory model.
915 * The page will be returned to the pool here regardless of the
916 * 'flipped' fragment being in use or not.
917 */
918 page_pool_put_full_page(pp, page, allow_direct);
919
920 return true;
921}
922EXPORT_SYMBOL(napi_pp_put_page);
923#endif
924
b07a2d97 925static bool skb_pp_recycle(struct sk_buff *skb, void *data, bool napi_safe)
4727bab4
YL		 926{
927 if (!IS_ENABLED(CONFIG_PAGE_POOL) || !skb->pp_recycle)
928 return false;
75eaf63e 929 return napi_pp_put_page(virt_to_page(data), napi_safe);
4727bab4
YL		 930}
931
bf9f1baa
ED		 932static void skb_kfree_head(void *head, unsigned int end_offset)
933{
bf9f1baa
ED		 934 if (end_offset == SKB_SMALL_HEAD_HEADROOM)
935 kmem_cache_free(skb_small_head_cache, head);
936 else
bf9f1baa
ED		 937 kfree(head);
938}
939
b07a2d97 940static void skb_free_head(struct sk_buff *skb, bool napi_safe)
d3836f21 941{
181edb2b
AD		 942 unsigned char *head = skb->head;
943
6a5bcd84 944 if (skb->head_frag) {
b07a2d97 945 if (skb_pp_recycle(skb, head, napi_safe))
6a5bcd84 946 return;
181edb2b 947 skb_free_frag(head);
6a5bcd84 948 } else {
bf9f1baa 949 skb_kfree_head(head, skb_end_offset(skb));
6a5bcd84 950 }
d3836f21
ED		 951}
952
b07a2d97
JK		 953static void skb_release_data(struct sk_buff *skb, enum skb_drop_reason reason,
954 bool napi_safe)
1da177e4 955{
ff04a771
ED		 956 struct skb_shared_info *shinfo = skb_shinfo(skb);
957 int i;
1da177e4 958
ff04a771
ED		 959 if (skb->cloned &&
960 atomic_sub_return(skb->nohdr ? (1 << SKB_DATAREF_SHIFT) + 1 : 1,
961 &shinfo->dataref))
2cc3aeb5 962 goto exit;
a6686f2f 963
753f1ca4
PB		 964 if (skb_zcopy(skb)) {
965 bool skip_unref = shinfo->flags & SKBFL_MANAGED_FRAG_REFS;
966
967 skb_zcopy_clear(skb, true);
968 if (skip_unref)
969 goto free_head;
970 }
70c43167 971
ff04a771 972 for (i = 0; i < shinfo->nr_frags; i++)
8c48eea3 973 napi_frag_unref(&shinfo->frags[i], skb->pp_recycle, napi_safe);
a6686f2f 974
753f1ca4 975free_head:
ff04a771 976 if (shinfo->frag_list)
511a3eda 977 kfree_skb_list_reason(shinfo->frag_list, reason);
ff04a771 978
b07a2d97 979 skb_free_head(skb, napi_safe);
2cc3aeb5
IA		 980exit:
981 /* When we clone an SKB we copy the reycling bit. The pp_recycle
982 * bit is only set on the head though, so in order to avoid races
983 * while trying to recycle fragments on __skb_frag_unref() we need
984 * to make one SKB responsible for triggering the recycle path.
985 * So disable the recycling bit if an SKB is cloned and we have
58e61e41 986 * additional references to the fragmented part of the SKB.
2cc3aeb5
IA		 987 * Eventually the last SKB will have the recycling bit set and it's
988 * dataref set to 0, which will trigger the recycling
989 */
990 skb->pp_recycle = 0;
1da177e4
LT		 991}
992
993/*
994 * Free an skbuff by memory without cleaning the state.
995 */
2d4baff8 996static void kfree_skbmem(struct sk_buff *skb)
1da177e4 997{
d0bf4a9e 998 struct sk_buff_fclones *fclones;
d179cd12 999
d179cd12
DM		 1000 switch (skb->fclone) {
1001 case SKB_FCLONE_UNAVAILABLE:
025a785f 1002 kmem_cache_free(skbuff_cache, skb);
6ffe75eb 1003 return;
d179cd12
DM		 1004
1005 case SKB_FCLONE_ORIG:
d0bf4a9e 1006 fclones = container_of(skb, struct sk_buff_fclones, skb1);
d179cd12 1007
6ffe75eb
ED		 1008 /* We usually free the clone (TX completion) before original skb
1009 * This test would have no chance to be true for the clone,
1010 * while here, branch prediction will be good.
d179cd12 1011 */
2638595a 1012 if (refcount_read(&fclones->fclone_ref) == 1)
6ffe75eb
ED		 1013 goto fastpath;
1014 break;
e7820e39 1015
6ffe75eb
ED		 1016 default: /* SKB_FCLONE_CLONE */
1017 fclones = container_of(skb, struct sk_buff_fclones, skb2);
d179cd12 1018 break;
3ff50b79 1019 }
2638595a 1020 if (!refcount_dec_and_test(&fclones->fclone_ref))
6ffe75eb
ED		 1021 return;
1022fastpath:
1023 kmem_cache_free(skbuff_fclone_cache, fclones);
1da177e4
LT		 1024}
1025
0a463c78 1026void skb_release_head_state(struct sk_buff *skb)
1da177e4 1027{
adf30907 1028 skb_dst_drop(skb);
9c2b3328 1029 if (skb->destructor) {
7890e2f0 1030 DEBUG_NET_WARN_ON_ONCE(in_hardirq());
1da177e4
LT		 1031 skb->destructor(skb);
1032 }
a3bf7ae9 1033#if IS_ENABLED(CONFIG_NF_CONNTRACK)
cb9c6836 1034 nf_conntrack_put(skb_nfct(skb));
1da177e4 1035#endif
df5042f4 1036 skb_ext_put(skb);
04a4bb55
LB		 1037}
1038
1039/* Free everything but the sk_buff shell. */
b07a2d97
JK		 1040static void skb_release_all(struct sk_buff *skb, enum skb_drop_reason reason,
1041 bool napi_safe)
04a4bb55
LB		 1042{
1043 skb_release_head_state(skb);
a28b1b90 1044 if (likely(skb->head))
b07a2d97 1045 skb_release_data(skb, reason, napi_safe);
2d4baff8
HX		 1046}
1047
1048/**
1049 * __kfree_skb - private function
1050 * @skb: buffer
1051 *
1052 * Free an sk_buff. Release anything attached to the buffer.
1053 * Clean the state. This is an internal helper function. Users should
1054 * always call kfree_skb
1055 */
1da177e4 1056
2d4baff8
HX		 1057void __kfree_skb(struct sk_buff *skb)
1058{
b07a2d97 1059 skb_release_all(skb, SKB_DROP_REASON_NOT_SPECIFIED, false);
1da177e4
LT		 1060 kfree_skbmem(skb);
1061}
b4ac530f 1062EXPORT_SYMBOL(__kfree_skb);
1da177e4 1063
a4650da2
JDB		 1064static __always_inline
1065bool __kfree_skb_reason(struct sk_buff *skb, enum skb_drop_reason reason)
1066{
1067 if (unlikely(!skb_unref(skb)))
1068 return false;
1069
071c0fc6
JB		 1070 DEBUG_NET_WARN_ON_ONCE(reason == SKB_NOT_DROPPED_YET ||
1071 u32_get_bits(reason,
1072 SKB_DROP_REASON_SUBSYS_MASK) >=
1073 SKB_DROP_REASON_SUBSYS_NUM);
a4650da2
JDB		 1074
1075 if (reason == SKB_CONSUMED)
dd1b5278 1076 trace_consume_skb(skb, __builtin_return_address(0));
a4650da2
JDB		 1077 else
1078 trace_kfree_skb(skb, __builtin_return_address(0), reason);
1079 return true;
1080}
1081