[mirror_ubuntu-zesty-kernel.git] / net / core / skbuff.c

/*
 *	Routines having to do with the 'struct sk_buff' memory handlers.
 *
 *	Authors:	Alan Cox <alan@lxorguk.ukuu.org.uk>
 *			Florian La Roche <rzsfl@rz.uni-sb.de>
 *
 *	Fixes:
 *		Alan Cox	:	Fixed the worst of the load
 *					balancer bugs.
 *		Dave Platt	:	Interrupt stacking fix.
 *	Richard Kooijman	:	Timestamp fixes.
 *		Alan Cox	:	Changed buffer format.
 *		Alan Cox	:	destructor hook for AF_UNIX etc.
 *		Linus Torvalds	:	Better skb_clone.
 *		Alan Cox	:	Added skb_copy.
 *		Alan Cox	:	Added all the changed routines Linus
 *					only put in the headers
 *		Ray VanTassle	:	Fixed --skb->lock in free
 *		Alan Cox	:	skb_copy copy arp field
 *		Andi Kleen	:	slabified it.
 *		Robert Olsson	:	Removed skb_head_pool
 *
 *	NOTE:
 *		The __skb_ routines should be called with interrupts
 *	disabled, or you better be *real* sure that the operation is atomic
 *	with respect to whatever list is being frobbed (e.g. via lock_sock()
 *	or via disabling bottom half handlers, etc).
 *
 *	This program is free software; you can redistribute it and/or
 *	modify it under the terms of the GNU General Public License
 *	as published by the Free Software Foundation; either version
 *	2 of the License, or (at your option) any later version.
 */

/*
 *	The functions in this file will not compile correctly with gcc 2.4.x
 */

#include <linux/module.h>
#include <linux/types.h>
#include <linux/kernel.h>
#include <linux/kmemcheck.h>
#include <linux/mm.h>
#include <linux/interrupt.h>
#include <linux/in.h>
#include <linux/inet.h>
#include <linux/slab.h>
#include <linux/netdevice.h>
#ifdef CONFIG_NET_CLS_ACT
#include <net/pkt_sched.h>
#endif
#include <linux/string.h>
#include <linux/skbuff.h>
#include <linux/splice.h>
#include <linux/cache.h>
#include <linux/rtnetlink.h>
#include <linux/init.h>
#include <linux/scatterlist.h>
#include <linux/errqueue.h>

#include <net/protocol.h>
#include <net/dst.h>
#include <net/sock.h>
#include <net/checksum.h>
#include <net/xfrm.h>

#include <asm/uaccess.h>
#include <asm/system.h>
#include <trace/events/skb.h>

#include "kmap_skb.h"

static struct kmem_cache *skbuff_head_cache __read_mostly;
static struct kmem_cache *skbuff_fclone_cache __read_mostly;

static void sock_pipe_buf_release(struct pipe_inode_info *pipe,
				  struct pipe_buffer *buf)
{
	put_page(buf->page);
}

static void sock_pipe_buf_get(struct pipe_inode_info *pipe,
				struct pipe_buffer *buf)
{
	get_page(buf->page);
}

static int sock_pipe_buf_steal(struct pipe_inode_info *pipe,
			       struct pipe_buffer *buf)
{
	return 1;
}


/* Pipe buffer operations for a socket. */
static const struct pipe_buf_operations sock_pipe_buf_ops = {
	.can_merge = 0,
	.map = generic_pipe_buf_map,
	.unmap = generic_pipe_buf_unmap,
	.confirm = generic_pipe_buf_confirm,
	.release = sock_pipe_buf_release,
	.steal = sock_pipe_buf_steal,
	.get = sock_pipe_buf_get,
};

/*
 *	Keep out-of-line to prevent kernel bloat.
 *	__builtin_return_address is not used because it is not always
 *	reliable.
 */

/**
 *	skb_over_panic	- 	private function
 *	@skb: buffer
 *	@sz: size
 *	@here: address
 *
 *	Out of line support code for skb_put(). Not user callable.
 */
static void skb_over_panic(struct sk_buff *skb, int sz, void *here)
{
	printk(KERN_EMERG "skb_over_panic: text:%p len:%d put:%d head:%p "
			  "data:%p tail:%#lx end:%#lx dev:%s\n",
	       here, skb->len, sz, skb->head, skb->data,
	       (unsigned long)skb->tail, (unsigned long)skb->end,
	       skb->dev ? skb->dev->name : "<NULL>");
	BUG();
}

/**
 *	skb_under_panic	- 	private function
 *	@skb: buffer
 *	@sz: size
 *	@here: address
 *
 *	Out of line support code for skb_push(). Not user callable.
 */

static void skb_under_panic(struct sk_buff *skb, int sz, void *here)
{
	printk(KERN_EMERG "skb_under_panic: text:%p len:%d put:%d head:%p "
			  "data:%p tail:%#lx end:%#lx dev:%s\n",
	       here, skb->len, sz, skb->head, skb->data,
	       (unsigned long)skb->tail, (unsigned long)skb->end,
	       skb->dev ? skb->dev->name : "<NULL>");
	BUG();
}

/* 	Allocate a new skbuff. We do this ourselves so we can fill in a few
 *	'private' fields and also do memory statistics to find all the
 *	[BEEP] leaks.
 *
 */

/**
 *	__alloc_skb	-	allocate a network buffer
 *	@size: size to allocate
 *	@gfp_mask: allocation mask
 *	@fclone: allocate from fclone cache instead of head cache
 *		and allocate a cloned (child) skb
 *	@node: numa node to allocate memory on
 *
 *	Allocate a new &sk_buff. The returned buffer has no headroom and a
 *	tail room of size bytes. The object has a reference count of one.
 *	The return is the buffer. On a failure the return is %NULL.
 *
 *	Buffers may only be allocated from interrupts using a @gfp_mask of
 *	%GFP_ATOMIC.
 */
struct sk_buff *__alloc_skb(unsigned int size, gfp_t gfp_mask,
			    int fclone, int node)
{
	struct kmem_cache *cache;
	struct skb_shared_info *shinfo;
	struct sk_buff *skb;
	u8 *data;

	cache = fclone ? skbuff_fclone_cache : skbuff_head_cache;

	/* Get the HEAD */
	skb = kmem_cache_alloc_node(cache, gfp_mask & ~__GFP_DMA, node);
	if (!skb)
		goto out;
	prefetchw(skb);

	size = SKB_DATA_ALIGN(size);
	data = kmalloc_node_track_caller(size + sizeof(struct skb_shared_info),
			gfp_mask, node);
	if (!data)
		goto nodata;
	prefetchw(data + size);

	/*
	 * Only clear those fields we need to clear, not those that we will
	 * actually initialise below. Hence, don't put any more fields after
	 * the tail pointer in struct sk_buff!
	 */
	memset(skb, 0, offsetof(struct sk_buff, tail));
	skb->truesize = size + sizeof(struct sk_buff);
	atomic_set(&skb->users, 1);
	skb->head = data;
	skb->data = data;
	skb_reset_tail_pointer(skb);
	skb->end = skb->tail + size;
#ifdef NET_SKBUFF_DATA_USES_OFFSET
	skb->mac_header = ~0U;
#endif

	/* make sure we initialize shinfo sequentially */
	shinfo = skb_shinfo(skb);
	memset(shinfo, 0, offsetof(struct skb_shared_info, dataref));
	atomic_set(&shinfo->dataref, 1);
	kmemcheck_annotate_variable(shinfo->destructor_arg);

	if (fclone) {
		struct sk_buff *child = skb + 1;
		atomic_t *fclone_ref = (atomic_t *) (child + 1);

		kmemcheck_annotate_bitfield(child, flags1);
		kmemcheck_annotate_bitfield(child, flags2);
		skb->fclone = SKB_FCLONE_ORIG;
		atomic_set(fclone_ref, 1);

		child->fclone = SKB_FCLONE_UNAVAILABLE;
	}
out:
	return skb;
nodata:
	kmem_cache_free(cache, skb);
	skb = NULL;
	goto out;
}
EXPORT_SYMBOL(__alloc_skb);

/**
 *	__netdev_alloc_skb - allocate an skbuff for rx on a specific device
 *	@dev: network device to receive on
 *	@length: length to allocate
 *	@gfp_mask: get_free_pages mask, passed to alloc_skb
 *
 *	Allocate a new &sk_buff and assign it a usage count of one. The
 *	buffer has unspecified headroom built in. Users should allocate
 *	the headroom they think they need without accounting for the
 *	built in space. The built in space is used for optimisations.
 *
 *	%NULL is returned if there is no free memory.
 */
struct sk_buff *__netdev_alloc_skb(struct net_device *dev,
		unsigned int length, gfp_t gfp_mask)
{
	struct sk_buff *skb;

	skb = __alloc_skb(length + NET_SKB_PAD, gfp_mask, 0, NUMA_NO_NODE);
	if (likely(skb)) {
		skb_reserve(skb, NET_SKB_PAD);
		skb->dev = dev;
	}
	return skb;
}
EXPORT_SYMBOL(__netdev_alloc_skb);

void skb_add_rx_frag(struct sk_buff *skb, int i, struct page *page, int off,
		int size)
{
	skb_fill_page_desc(skb, i, page, off, size);
	skb->len += size;
	skb->data_len += size;
	skb->truesize += size;
}
EXPORT_SYMBOL(skb_add_rx_frag);

/**
 *	dev_alloc_skb - allocate an skbuff for receiving
 *	@length: length to allocate
 *
 *	Allocate a new &sk_buff and assign it a usage count of one. The
 *	buffer has unspecified headroom built in. Users should allocate
 *	the headroom they think they need without accounting for the
 *	built in space. The built in space is used for optimisations.
 *
 *	%NULL is returned if there is no free memory. Although this function
 *	allocates memory it can be called from an interrupt.
 */
struct sk_buff *dev_alloc_skb(unsigned int length)
{
	/*
	 * There is more code here than it seems:
	 * __dev_alloc_skb is an inline
	 */
	return __dev_alloc_skb(length, GFP_ATOMIC);
}
EXPORT_SYMBOL(dev_alloc_skb);

static void skb_drop_list(struct sk_buff **listp)
{
	struct sk_buff *list = *listp;

	*listp = NULL;

	do {
		struct sk_buff *this = list;
		list = list->next;
		kfree_skb(this);
	} while (list);
}

static inline void skb_drop_fraglist(struct sk_buff *skb)
{
	skb_drop_list(&skb_shinfo(skb)->frag_list);
}

static void skb_clone_fraglist(struct sk_buff *skb)
{
	struct sk_buff *list;

	skb_walk_frags(skb, list)
		skb_get(list);
}

static void skb_release_data(struct sk_buff *skb)
{
	if (!skb->cloned ||
	    !atomic_sub_return(skb->nohdr ? (1 << SKB_DATAREF_SHIFT) + 1 : 1,
			       &skb_shinfo(skb)->dataref)) {
		if (skb_shinfo(skb)->nr_frags) {
			int i;
			for (i = 0; i < skb_shinfo(skb)->nr_frags; i++)
				put_page(skb_shinfo(skb)->frags[i].page);
		}

		if (skb_has_frag_list(skb))
			skb_drop_fraglist(skb);

		kfree(skb->head);
	}
}

/*
 *	Free an skbuff by memory without cleaning the state.
 */
static void kfree_skbmem(struct sk_buff *skb)
{
	struct sk_buff *other;
	atomic_t *fclone_ref;

	switch (skb->fclone) {
	case SKB_FCLONE_UNAVAILABLE:
		kmem_cache_free(skbuff_head_cache, skb);
		break;

	case SKB_FCLONE_ORIG:
		fclone_ref = (atomic_t *) (skb + 2);
		if (atomic_dec_and_test(fclone_ref))
			kmem_cache_free(skbuff_fclone_cache, skb);
		break;

	case SKB_FCLONE_CLONE:
		fclone_ref = (atomic_t *) (skb + 1);
		other = skb - 1;

		/* The clone portion is available for
		 * fast-cloning again.
		 */
		skb->fclone = SKB_FCLONE_UNAVAILABLE;

		if (atomic_dec_and_test(fclone_ref))
			kmem_cache_free(skbuff_fclone_cache, other);
		break;
	}
}

static void skb_release_head_state(struct sk_buff *skb)
{
	skb_dst_drop(skb);
#ifdef CONFIG_XFRM
	secpath_put(skb->sp);
#endif
	if (skb->destructor) {
		WARN_ON(in_irq());
		skb->destructor(skb);
	}
#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
	nf_conntrack_put(skb->nfct);
#endif
#ifdef NET_SKBUFF_NF_DEFRAG_NEEDED
	nf_conntrack_put_reasm(skb->nfct_reasm);
#endif
#ifdef CONFIG_BRIDGE_NETFILTER
	nf_bridge_put(skb->nf_bridge);
#endif
/* XXX: IS this still necessary? - JHS */
#ifdef CONFIG_NET_SCHED
	skb->tc_index = 0;
#ifdef CONFIG_NET_CLS_ACT
	skb->tc_verd = 0;
#endif
#endif
}

/* Free everything but the sk_buff shell. */
static void skb_release_all(struct sk_buff *skb)
{
	skb_release_head_state(skb);
	skb_release_data(skb);
}

/**
 *	__kfree_skb - private function
 *	@skb: buffer
 *
 *	Free an sk_buff. Release anything attached to the buffer.
 *	Clean the state. This is an internal helper function. Users should
 *	always call kfree_skb
 */

void __kfree_skb(struct sk_buff *skb)
{
	skb_release_all(skb);
	kfree_skbmem(skb);
}
EXPORT_SYMBOL(__kfree_skb);
Commit	Line	Data
1da177e4 LT	1	/*
	2	* Routines having to do with the 'struct sk_buff' memory handlers.
	3	*
113aa838	4	* Authors: Alan Cox <alan@lxorguk.ukuu.org.uk>
1da177e4 LT	5	* Florian La Roche <rzsfl@rz.uni-sb.de>
1da177e4 LT	6	*
1da177e4 LT	7	* Fixes:
	8	* Alan Cox : Fixed the worst of the load
	9	* balancer bugs.
	10	* Dave Platt : Interrupt stacking fix.
	11	* Richard Kooijman : Timestamp fixes.
	12	* Alan Cox : Changed buffer format.
	13	* Alan Cox : destructor hook for AF_UNIX etc.
	14	* Linus Torvalds : Better skb_clone.
	15	* Alan Cox : Added skb_copy.
	16	* Alan Cox : Added all the changed routines Linus
	17	* only put in the headers
	18	* Ray VanTassle : Fixed --skb->lock in free
	19	* Alan Cox : skb_copy copy arp field
	20	* Andi Kleen : slabified it.
	21	* Robert Olsson : Removed skb_head_pool
	22	*
	23	* NOTE:
	24	* The __skb_ routines should be called with interrupts
	25	* disabled, or you better be real sure that the operation is atomic
	26	* with respect to whatever list is being frobbed (e.g. via lock_sock()
	27	* or via disabling bottom half handlers, etc).
	28	*
	29	* This program is free software; you can redistribute it and/or
	30	* modify it under the terms of the GNU General Public License
	31	* as published by the Free Software Foundation; either version
	32	* 2 of the License, or (at your option) any later version.
	33	*/
	34
	35	/*
	36	* The functions in this file will not compile correctly with gcc 2.4.x
	37	*/
	38
1da177e4 LT	39	#include <linux/module.h>
	40	#include <linux/types.h>
	41	#include <linux/kernel.h>
fe55f6d5	42	#include <linux/kmemcheck.h>
1da177e4 LT	43	#include <linux/mm.h>
	44	#include <linux/interrupt.h>
	45	#include <linux/in.h>
	46	#include <linux/inet.h>
	47	#include <linux/slab.h>
	48	#include <linux/netdevice.h>
	49	#ifdef CONFIG_NET_CLS_ACT
	50	#include <net/pkt_sched.h>
	51	#endif
	52	#include <linux/string.h>
	53	#include <linux/skbuff.h>
9c55e01c	54	#include <linux/splice.h>
1da177e4 LT	55	#include <linux/cache.h>
	56	#include <linux/rtnetlink.h>
	57	#include <linux/init.h>
716ea3a7	58	#include <linux/scatterlist.h>
ac45f602	59	#include <linux/errqueue.h>
1da177e4 LT	60
	61	#include <net/protocol.h>
	62	#include <net/dst.h>
	63	#include <net/sock.h>
	64	#include <net/checksum.h>
	65	#include <net/xfrm.h>
	66
	67	#include <asm/uaccess.h>
	68	#include <asm/system.h>
ad8d75ff	69	#include <trace/events/skb.h>
1da177e4	70
a1f8e7f7 AV	71	#include "kmap_skb.h"
a1f8e7f7 AV	72
e18b890b CL	73	static struct kmem_cache *skbuff_head_cache __read_mostly;
e18b890b CL	74	static struct kmem_cache *skbuff_fclone_cache __read_mostly;
1da177e4	75
9c55e01c JA	76	static void sock_pipe_buf_release(struct pipe_inode_info *pipe,
	77	struct pipe_buffer *buf)
	78	{
8b9d3728	79	put_page(buf->page);
9c55e01c JA	80	}
	81
	82	static void sock_pipe_buf_get(struct pipe_inode_info *pipe,
	83	struct pipe_buffer *buf)
	84	{
8b9d3728	85	get_page(buf->page);
9c55e01c JA	86	}
	87
	88	static int sock_pipe_buf_steal(struct pipe_inode_info *pipe,
	89	struct pipe_buffer *buf)
	90	{
	91	return 1;
	92	}
	93
	94
	95	/* Pipe buffer operations for a socket. */
28dfef8f	96	static const struct pipe_buf_operations sock_pipe_buf_ops = {
9c55e01c JA	97	.can_merge = 0,
	98	.map = generic_pipe_buf_map,
	99	.unmap = generic_pipe_buf_unmap,
	100	.confirm = generic_pipe_buf_confirm,
	101	.release = sock_pipe_buf_release,
	102	.steal = sock_pipe_buf_steal,
	103	.get = sock_pipe_buf_get,
	104	};
	105
1da177e4 LT	106	/*
	107	* Keep out-of-line to prevent kernel bloat.
	108	* __builtin_return_address is not used because it is not always
	109	* reliable.
	110	*/
	111
	112	/**
	113	* skb_over_panic - private function
	114	* @skb: buffer
	115	* @sz: size
	116	* @here: address
	117	*
	118	* Out of line support code for skb_put(). Not user callable.
	119	*/
ccb7c773	120	static void skb_over_panic(struct sk_buff skb, int sz, void here)
1da177e4	121	{
26095455	122	printk(KERN_EMERG "skb_over_panic: text:%p len:%d put:%d head:%p "
4305b541	123	"data:%p tail:%#lx end:%#lx dev:%s\n",
27a884dc	124	here, skb->len, sz, skb->head, skb->data,
4305b541	125	(unsigned long)skb->tail, (unsigned long)skb->end,
26095455	126	skb->dev ? skb->dev->name : "<NULL>");
1da177e4 LT	127	BUG();
	128	}
	129
	130	/**
	131	* skb_under_panic - private function
	132	* @skb: buffer
	133	* @sz: size
	134	* @here: address
	135	*
	136	* Out of line support code for skb_push(). Not user callable.
	137	*/
	138
ccb7c773	139	static void skb_under_panic(struct sk_buff skb, int sz, void here)
1da177e4	140	{
26095455	141	printk(KERN_EMERG "skb_under_panic: text:%p len:%d put:%d head:%p "
4305b541	142	"data:%p tail:%#lx end:%#lx dev:%s\n",
27a884dc	143	here, skb->len, sz, skb->head, skb->data,
4305b541	144	(unsigned long)skb->tail, (unsigned long)skb->end,
26095455	145	skb->dev ? skb->dev->name : "<NULL>");
1da177e4 LT	146	BUG();
	147	}
	148
	149	/* Allocate a new skbuff. We do this ourselves so we can fill in a few
	150	* 'private' fields and also do memory statistics to find all the
	151	* [BEEP] leaks.
	152	*
	153	*/
	154
	155	/**
d179cd12	156	* __alloc_skb - allocate a network buffer
1da177e4 LT	157	* @size: size to allocate
1da177e4 LT	158	* @gfp_mask: allocation mask
c83c2486 RD	159	* @fclone: allocate from fclone cache instead of head cache
c83c2486 RD	160	* and allocate a cloned (child) skb
b30973f8	161	* @node: numa node to allocate memory on
1da177e4 LT	162	*
	163	* Allocate a new &sk_buff. The returned buffer has no headroom and a
	164	* tail room of size bytes. The object has a reference count of one.
	165	* The return is the buffer. On a failure the return is %NULL.
	166	*
	167	* Buffers may only be allocated from interrupts using a @gfp_mask of
	168	* %GFP_ATOMIC.
	169	*/
dd0fc66f	170	struct sk_buff *__alloc_skb(unsigned int size, gfp_t gfp_mask,
b30973f8	171	int fclone, int node)
1da177e4	172	{
e18b890b	173	struct kmem_cache *cache;
4947d3ef	174	struct skb_shared_info *shinfo;
1da177e4 LT	175	struct sk_buff *skb;
	176	u8 *data;
	177
8798b3fb HX	178	cache = fclone ? skbuff_fclone_cache : skbuff_head_cache;
8798b3fb HX	179
1da177e4	180	/* Get the HEAD */
b30973f8	181	skb = kmem_cache_alloc_node(cache, gfp_mask & ~__GFP_DMA, node);
1da177e4 LT	182	if (!skb)
1da177e4 LT	183	goto out;
ec7d2f2c	184	prefetchw(skb);
1da177e4	185
1da177e4	186	size = SKB_DATA_ALIGN(size);
b30973f8 CH	187	data = kmalloc_node_track_caller(size + sizeof(struct skb_shared_info),
b30973f8 CH	188	gfp_mask, node);
1da177e4 LT	189	if (!data)
1da177e4 LT	190	goto nodata;
ec7d2f2c	191	prefetchw(data + size);
1da177e4	192
ca0605a7	193	/*
c8005785 JB	194	* Only clear those fields we need to clear, not those that we will
	195	* actually initialise below. Hence, don't put any more fields after
	196	* the tail pointer in struct sk_buff!
ca0605a7 ACM	197	*/
ca0605a7 ACM	198	memset(skb, 0, offsetof(struct sk_buff, tail));
1da177e4 LT	199	skb->truesize = size + sizeof(struct sk_buff);
	200	atomic_set(&skb->users, 1);
	201	skb->head = data;
	202	skb->data = data;
27a884dc	203	skb_reset_tail_pointer(skb);
4305b541	204	skb->end = skb->tail + size;
19633e12 SH	205	#ifdef NET_SKBUFF_DATA_USES_OFFSET
	206	skb->mac_header = ~0U;
	207	#endif
	208
4947d3ef BL	209	/* make sure we initialize shinfo sequentially */
4947d3ef BL	210	shinfo = skb_shinfo(skb);
ec7d2f2c	211	memset(shinfo, 0, offsetof(struct skb_shared_info, dataref));
4947d3ef	212	atomic_set(&shinfo->dataref, 1);
c2aa3665	213	kmemcheck_annotate_variable(shinfo->destructor_arg);
4947d3ef	214
d179cd12 DM	215	if (fclone) {
	216	struct sk_buff *child = skb + 1;
	217	atomic_t fclone_ref = (atomic_t ) (child + 1);
1da177e4	218
fe55f6d5 VN	219	kmemcheck_annotate_bitfield(child, flags1);
fe55f6d5 VN	220	kmemcheck_annotate_bitfield(child, flags2);
d179cd12 DM	221	skb->fclone = SKB_FCLONE_ORIG;
	222	atomic_set(fclone_ref, 1);
	223
	224	child->fclone = SKB_FCLONE_UNAVAILABLE;
	225	}
1da177e4 LT	226	out:
	227	return skb;
	228	nodata:
8798b3fb	229	kmem_cache_free(cache, skb);
1da177e4 LT	230	skb = NULL;
1da177e4 LT	231	goto out;
1da177e4	232	}
b4ac530f	233	EXPORT_SYMBOL(__alloc_skb);
1da177e4	234
8af27456 CH	235	/**
	236	* __netdev_alloc_skb - allocate an skbuff for rx on a specific device
	237	* @dev: network device to receive on
	238	* @length: length to allocate
	239	* @gfp_mask: get_free_pages mask, passed to alloc_skb
	240	*
	241	* Allocate a new &sk_buff and assign it a usage count of one. The
	242	* buffer has unspecified headroom built in. Users should allocate
	243	* the headroom they think they need without accounting for the
	244	* built in space. The built in space is used for optimisations.
	245	*
	246	* %NULL is returned if there is no free memory.
	247	*/
	248	struct sk_buff __netdev_alloc_skb(struct net_device dev,
	249	unsigned int length, gfp_t gfp_mask)
	250	{
	251	struct sk_buff *skb;
	252
564824b0	253	skb = __alloc_skb(length + NET_SKB_PAD, gfp_mask, 0, NUMA_NO_NODE);
7b2e497a	254	if (likely(skb)) {
8af27456	255	skb_reserve(skb, NET_SKB_PAD);
7b2e497a CH	256	skb->dev = dev;
7b2e497a CH	257	}
8af27456 CH	258	return skb;
8af27456 CH	259	}
b4ac530f	260	EXPORT_SYMBOL(__netdev_alloc_skb);
1da177e4	261
654bed16 PZ	262	void skb_add_rx_frag(struct sk_buff skb, int i, struct page page, int off,
	263	int size)
	264	{
	265	skb_fill_page_desc(skb, i, page, off, size);
	266	skb->len += size;
	267	skb->data_len += size;
	268	skb->truesize += size;
	269	}
	270	EXPORT_SYMBOL(skb_add_rx_frag);
	271
f58518e6 IJ	272	/**
	273	* dev_alloc_skb - allocate an skbuff for receiving
	274	* @length: length to allocate
	275	*
	276	* Allocate a new &sk_buff and assign it a usage count of one. The
	277	* buffer has unspecified headroom built in. Users should allocate
	278	* the headroom they think they need without accounting for the
	279	* built in space. The built in space is used for optimisations.
	280	*
	281	* %NULL is returned if there is no free memory. Although this function
	282	* allocates memory it can be called from an interrupt.
	283	*/
	284	struct sk_buff *dev_alloc_skb(unsigned int length)
	285	{
1483b874 DV	286	/*
1483b874 DV	287	* There is more code here than it seems:
a0f55e0e	288	* __dev_alloc_skb is an inline
1483b874	289	*/
f58518e6 IJ	290	return __dev_alloc_skb(length, GFP_ATOMIC);
	291	}
	292	EXPORT_SYMBOL(dev_alloc_skb);
	293
27b437c8	294	static void skb_drop_list(struct sk_buff **listp)
1da177e4	295	{
27b437c8	296	struct sk_buff list = listp;
1da177e4	297
27b437c8	298	*listp = NULL;
1da177e4 LT	299
	300	do {
	301	struct sk_buff *this = list;
	302	list = list->next;
	303	kfree_skb(this);
	304	} while (list);
	305	}
	306
27b437c8 HX	307	static inline void skb_drop_fraglist(struct sk_buff *skb)
	308	{
	309	skb_drop_list(&skb_shinfo(skb)->frag_list);
	310	}
	311
1da177e4 LT	312	static void skb_clone_fraglist(struct sk_buff *skb)
	313	{
	314	struct sk_buff *list;
	315
fbb398a8	316	skb_walk_frags(skb, list)
1da177e4 LT	317	skb_get(list);
	318	}
	319
5bba1712	320	static void skb_release_data(struct sk_buff *skb)
1da177e4 LT	321	{
	322	if (!skb->cloned \|\|
	323	!atomic_sub_return(skb->nohdr ? (1 << SKB_DATAREF_SHIFT) + 1 : 1,
	324	&skb_shinfo(skb)->dataref)) {
	325	if (skb_shinfo(skb)->nr_frags) {
	326	int i;
	327	for (i = 0; i < skb_shinfo(skb)->nr_frags; i++)
	328	put_page(skb_shinfo(skb)->frags[i].page);
	329	}
	330
21dc3301	331	if (skb_has_frag_list(skb))
1da177e4 LT	332	skb_drop_fraglist(skb);
	333
	334	kfree(skb->head);
	335	}
	336	}
	337
	338	/*
	339	* Free an skbuff by memory without cleaning the state.
	340	*/
2d4baff8	341	static void kfree_skbmem(struct sk_buff *skb)
1da177e4	342	{
d179cd12 DM	343	struct sk_buff *other;
	344	atomic_t *fclone_ref;
	345
d179cd12 DM	346	switch (skb->fclone) {
	347	case SKB_FCLONE_UNAVAILABLE:
	348	kmem_cache_free(skbuff_head_cache, skb);
	349	break;
	350
	351	case SKB_FCLONE_ORIG:
	352	fclone_ref = (atomic_t *) (skb + 2);
	353	if (atomic_dec_and_test(fclone_ref))
	354	kmem_cache_free(skbuff_fclone_cache, skb);
	355	break;
	356
	357	case SKB_FCLONE_CLONE:
	358	fclone_ref = (atomic_t *) (skb + 1);
	359	other = skb - 1;
	360
	361	/* The clone portion is available for
	362	* fast-cloning again.
	363	*/
	364	skb->fclone = SKB_FCLONE_UNAVAILABLE;
	365
	366	if (atomic_dec_and_test(fclone_ref))
	367	kmem_cache_free(skbuff_fclone_cache, other);
	368	break;
3ff50b79	369	}
1da177e4 LT	370	}
1da177e4 LT	371
04a4bb55	372	static void skb_release_head_state(struct sk_buff *skb)
1da177e4	373	{
adf30907	374	skb_dst_drop(skb);
1da177e4 LT	375	#ifdef CONFIG_XFRM
	376	secpath_put(skb->sp);
	377	#endif
9c2b3328 SH	378	if (skb->destructor) {
9c2b3328 SH	379	WARN_ON(in_irq());
1da177e4 LT	380	skb->destructor(skb);
1da177e4 LT	381	}
9fb9cbb1	382	#if defined(CONFIG_NF_CONNTRACK) \|\| defined(CONFIG_NF_CONNTRACK_MODULE)
5f79e0f9	383	nf_conntrack_put(skb->nfct);
2fc72c7b KK	384	#endif
2fc72c7b KK	385	#ifdef NET_SKBUFF_NF_DEFRAG_NEEDED
9fb9cbb1 YK	386	nf_conntrack_put_reasm(skb->nfct_reasm);
9fb9cbb1 YK	387	#endif
1da177e4 LT	388	#ifdef CONFIG_BRIDGE_NETFILTER
	389	nf_bridge_put(skb->nf_bridge);
	390	#endif
1da177e4 LT	391	/* XXX: IS this still necessary? - JHS */
	392	#ifdef CONFIG_NET_SCHED
	393	skb->tc_index = 0;
	394	#ifdef CONFIG_NET_CLS_ACT
	395	skb->tc_verd = 0;
1da177e4 LT	396	#endif
1da177e4 LT	397	#endif
04a4bb55 LB	398	}
	399
	400	/* Free everything but the sk_buff shell. */
	401	static void skb_release_all(struct sk_buff *skb)
	402	{
	403	skb_release_head_state(skb);
2d4baff8 HX	404	skb_release_data(skb);
	405	}
	406
	407	/**
	408	* __kfree_skb - private function
	409	* @skb: buffer
	410	*
	411	* Free an sk_buff. Release anything attached to the buffer.
	412	* Clean the state. This is an internal helper function. Users should
	413	* always call kfree_skb
	414	*/
1da177e4	415
2d4baff8 HX	416	void __kfree_skb(struct sk_buff *skb)
	417	{
	418	skb_release_all(skb);
1da177e4 LT	419	kfree_skbmem(skb);
1da177e4 LT	420	}
b4ac530f	421	EXPORT_SYMBOL(__kfree_skb);
1da177e4	422