1 /* 2 * Routines having to do with the 'struct sk_buff' memory handlers. 3 * 4 * Authors: Alan Cox <alan@lxorguk.ukuu.org.uk> 5 * Florian La Roche <rzsfl@rz.uni-sb.de> 6 * 7 * Fixes: 8 * Alan Cox : Fixed the worst of the load 9 * balancer bugs. 10 * Dave Platt : Interrupt stacking fix. 11 * Richard Kooijman : Timestamp fixes. 12 * Alan Cox : Changed buffer format. 13 * Alan Cox : destructor hook for AF_UNIX etc. 14 * Linus Torvalds : Better skb_clone. 15 * Alan Cox : Added skb_copy. 16 * Alan Cox : Added all the changed routines Linus 17 * only put in the headers 18 * Ray VanTassle : Fixed --skb->lock in free 19 * Alan Cox : skb_copy copy arp field 20 * Andi Kleen : slabified it. 21 * Robert Olsson : Removed skb_head_pool 22 * 23 * NOTE: 24 * The __skb_ routines should be called with interrupts 25 * disabled, or you better be *real* sure that the operation is atomic 26 * with respect to whatever list is being frobbed (e.g. via lock_sock() 27 * or via disabling bottom half handlers, etc). 28 * 29 * This program is free software; you can redistribute it and/or 30 * modify it under the terms of the GNU General Public License 31 * as published by the Free Software Foundation; either version 32 * 2 of the License, or (at your option) any later version. 33 */ 34 35 /* 36 * The functions in this file will not compile correctly with gcc 2.4.x 37 */ 38 39 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 40 41 #include <linux/module.h> 42 #include <linux/types.h> 43 #include <linux/kernel.h> 44 #include <linux/kmemcheck.h> 45 #include <linux/mm.h> 46 #include <linux/interrupt.h> 47 #include <linux/in.h> 48 #include <linux/inet.h> 49 #include <linux/slab.h> 50 #include <linux/tcp.h> 51 #include <linux/udp.h> 52 #include <linux/netdevice.h> 53 #ifdef CONFIG_NET_CLS_ACT 54 #include <net/pkt_sched.h> 55 #endif 56 #include <linux/string.h> 57 #include <linux/skbuff.h> 58 #include <linux/splice.h> 59 #include <linux/cache.h> 60 #include <linux/rtnetlink.h> 61 #include <linux/init.h> 62 #include <linux/scatterlist.h> 63 #include <linux/errqueue.h> 64 #include <linux/prefetch.h> 65 #include <linux/if_vlan.h> 66 67 #include <net/protocol.h> 68 #include <net/dst.h> 69 #include <net/sock.h> 70 #include <net/checksum.h> 71 #include <net/ip6_checksum.h> 72 #include <net/xfrm.h> 73 74 #include <asm/uaccess.h> 75 #include <trace/events/skb.h> 76 #include <linux/highmem.h> 77 78 struct kmem_cache *skbuff_head_cache __read_mostly; 79 static struct kmem_cache *skbuff_fclone_cache __read_mostly; 80 81 /** 82 * skb_panic - private function for out-of-line support 83 * @skb: buffer 84 * @sz: size 85 * @addr: address 86 * @msg: skb_over_panic or skb_under_panic 87 * 88 * Out-of-line support for skb_put() and skb_push(). 89 * Called via the wrapper skb_over_panic() or skb_under_panic(). 90 * Keep out of line to prevent kernel bloat. 91 * __builtin_return_address is not used because it is not always reliable. 92 */ 93 static void skb_panic(struct sk_buff *skb, unsigned int sz, void *addr, 94 const char msg[]) 95 { 96 pr_emerg("%s: text:%p len:%d put:%d head:%p data:%p tail:%#lx end:%#lx dev:%s\n", 97 msg, addr, skb->len, sz, skb->head, skb->data, 98 (unsigned long)skb->tail, (unsigned long)skb->end, 99 skb->dev ? skb->dev->name : "<NULL>"); 100 BUG(); 101 } 102 103 static void skb_over_panic(struct sk_buff *skb, unsigned int sz, void *addr) 104 { 105 skb_panic(skb, sz, addr, __func__); 106 } 107 108 static void skb_under_panic(struct sk_buff *skb, unsigned int sz, void *addr) 109 { 110 skb_panic(skb, sz, addr, __func__); 111 } 112 113 /* 114 * kmalloc_reserve is a wrapper around kmalloc_node_track_caller that tells 115 * the caller if emergency pfmemalloc reserves are being used. If it is and 116 * the socket is later found to be SOCK_MEMALLOC then PFMEMALLOC reserves 117 * may be used. Otherwise, the packet data may be discarded until enough 118 * memory is free 119 */ 120 #define kmalloc_reserve(size, gfp, node, pfmemalloc) \ 121 __kmalloc_reserve(size, gfp, node, _RET_IP_, pfmemalloc) 122 123 static void *__kmalloc_reserve(size_t size, gfp_t flags, int node, 124 unsigned long ip, bool *pfmemalloc) 125 { 126 void *obj; 127 bool ret_pfmemalloc = false; 128 129 /* 130 * Try a regular allocation, when that fails and we're not entitled 131 * to the reserves, fail. 132 */ 133 obj = kmalloc_node_track_caller(size, 134 flags | __GFP_NOMEMALLOC | __GFP_NOWARN, 135 node); 136 if (obj || !(gfp_pfmemalloc_allowed(flags))) 137 goto out; 138 139 /* Try again but now we are using pfmemalloc reserves */ 140 ret_pfmemalloc = true; 141 obj = kmalloc_node_track_caller(size, flags, node); 142 143 out: 144 if (pfmemalloc) 145 *pfmemalloc = ret_pfmemalloc; 146 147 return obj; 148 } 149 150 /* Allocate a new skbuff. We do this ourselves so we can fill in a few 151 * 'private' fields and also do memory statistics to find all the 152 * [BEEP] leaks. 153 * 154 */ 155 156 struct sk_buff *__alloc_skb_head(gfp_t gfp_mask, int node) 157 { 158 struct sk_buff *skb; 159 160 /* Get the HEAD */ 161 skb = kmem_cache_alloc_node(skbuff_head_cache, 162 gfp_mask & ~__GFP_DMA, node); 163 if (!skb) 164 goto out; 165 166 /* 167 * Only clear those fields we need to clear, not those that we will 168 * actually initialise below. Hence, don't put any more fields after 169 * the tail pointer in struct sk_buff! 170 */ 171 memset(skb, 0, offsetof(struct sk_buff, tail)); 172 skb->head = NULL; 173 skb->truesize = sizeof(struct sk_buff); 174 atomic_set(&skb->users, 1); 175 176 skb->mac_header = (typeof(skb->mac_header))~0U; 177 out: 178 return skb; 179 } 180 181 /** 182 * __alloc_skb - allocate a network buffer 183 * @size: size to allocate 184 * @gfp_mask: allocation mask 185 * @flags: If SKB_ALLOC_FCLONE is set, allocate from fclone cache 186 * instead of head cache and allocate a cloned (child) skb. 187 * If SKB_ALLOC_RX is set, __GFP_MEMALLOC will be used for 188 * allocations in case the data is required for writeback 189 * @node: numa node to allocate memory on 190 * 191 * Allocate a new &sk_buff. The returned buffer has no headroom and a 192 * tail room of at least size bytes. The object has a reference count 193 * of one. The return is the buffer. On a failure the return is %NULL. 194 * 195 * Buffers may only be allocated from interrupts using a @gfp_mask of 196 * %GFP_ATOMIC. 197 */ 198 struct sk_buff *__alloc_skb(unsigned int size, gfp_t gfp_mask, 199 int flags, int node) 200 { 201 struct kmem_cache *cache; 202 struct skb_shared_info *shinfo; 203 struct sk_buff *skb; 204 u8 *data; 205 bool pfmemalloc; 206 207 cache = (flags & SKB_ALLOC_FCLONE) 208 ? skbuff_fclone_cache : skbuff_head_cache; 209 210 if (sk_memalloc_socks() && (flags & SKB_ALLOC_RX)) 211 gfp_mask |= __GFP_MEMALLOC; 212 213 /* Get the HEAD */ 214 skb = kmem_cache_alloc_node(cache, gfp_mask & ~__GFP_DMA, node); 215 if (!skb) 216 goto out; 217 prefetchw(skb); 218 219 /* We do our best to align skb_shared_info on a separate cache 220 * line. It usually works because kmalloc(X > SMP_CACHE_BYTES) gives 221 * aligned memory blocks, unless SLUB/SLAB debug is enabled. 222 * Both skb->head and skb_shared_info are cache line aligned. 223 */ 224 size = SKB_DATA_ALIGN(size); 225 size += SKB_DATA_ALIGN(sizeof(struct skb_shared_info)); 226 data = kmalloc_reserve(size, gfp_mask, node, &pfmemalloc); 227 if (!data) 228 goto nodata; 229 /* kmalloc(size) might give us more room than requested. 230 * Put skb_shared_info exactly at the end of allocated zone, 231 * to allow max possible filling before reallocation. 232 */ 233 size = SKB_WITH_OVERHEAD(ksize(data)); 234 prefetchw(data + size); 235 236 /* 237 * Only clear those fields we need to clear, not those that we will 238 * actually initialise below. Hence, don't put any more fields after 239 * the tail pointer in struct sk_buff! 240 */ 241 memset(skb, 0, offsetof(struct sk_buff, tail)); 242 /* Account for allocated memory : skb + skb->head */ 243 skb->truesize = SKB_TRUESIZE(size); 244 skb->pfmemalloc = pfmemalloc; 245 atomic_set(&skb->users, 1); 246 skb->head = data; 247 skb->data = data; 248 skb_reset_tail_pointer(skb); 249 skb->end = skb->tail + size; 250 skb->mac_header = (typeof(skb->mac_header))~0U; 251 skb->transport_header = (typeof(skb->transport_header))~0U; 252 253 /* make sure we initialize shinfo sequentially */ 254 shinfo = skb_shinfo(skb); 255 memset(shinfo, 0, offsetof(struct skb_shared_info, dataref)); 256 atomic_set(&shinfo->dataref, 1); 257 kmemcheck_annotate_variable(shinfo->destructor_arg); 258 259 if (flags & SKB_ALLOC_FCLONE) { 260 struct sk_buff_fclones *fclones; 261 262 fclones = container_of(skb, struct sk_buff_fclones, skb1); 263 264 kmemcheck_annotate_bitfield(&fclones->skb2, flags1); 265 skb->fclone = SKB_FCLONE_ORIG; 266 atomic_set(&fclones->fclone_ref, 1); 267 268 fclones->skb2.fclone = SKB_FCLONE_CLONE; 269 fclones->skb2.pfmemalloc = pfmemalloc; 270 } 271 out: 272 return skb; 273 nodata: 274 kmem_cache_free(cache, skb); 275 skb = NULL; 276 goto out; 277 } 278 EXPORT_SYMBOL(__alloc_skb); 279 280 /** 281 * build_skb - build a network buffer 282 * @data: data buffer provided by caller 283 * @frag_size: size of fragment, or 0 if head was kmalloced 284 * 285 * Allocate a new &sk_buff. Caller provides space holding head and 286 * skb_shared_info. @data must have been allocated by kmalloc() only if 287 * @frag_size is 0, otherwise data should come from the page allocator. 288 * The return is the new skb buffer. 289 * On a failure the return is %NULL, and @data is not freed. 290 * Notes : 291 * Before IO, driver allocates only data buffer where NIC put incoming frame 292 * Driver should add room at head (NET_SKB_PAD) and 293 * MUST add room at tail (SKB_DATA_ALIGN(skb_shared_info)) 294 * After IO, driver calls build_skb(), to allocate sk_buff and populate it 295 * before giving packet to stack. 296 * RX rings only contains data buffers, not full skbs. 297 */ 298 struct sk_buff *build_skb(void *data, unsigned int frag_size) 299 { 300 struct skb_shared_info *shinfo; 301 struct sk_buff *skb; 302 unsigned int size = frag_size ? : ksize(data); 303 304 skb = kmem_cache_alloc(skbuff_head_cache, GFP_ATOMIC); 305 if (!skb) 306 return NULL; 307 308 size -= SKB_DATA_ALIGN(sizeof(struct skb_shared_info)); 309 310 memset(skb, 0, offsetof(struct sk_buff, tail)); 311 skb->truesize = SKB_TRUESIZE(size); 312 skb->head_frag = frag_size != 0; 313 atomic_set(&skb->users, 1); 314 skb->head = data; 315 skb->data = data; 316 skb_reset_tail_pointer(skb); 317 skb->end = skb->tail + size; 318 skb->mac_header = (typeof(skb->mac_header))~0U; 319 skb->transport_header = (typeof(skb->transport_header))~0U; 320 321 /* make sure we initialize shinfo sequentially */ 322 shinfo = skb_shinfo(skb); 323 memset(shinfo, 0, offsetof(struct skb_shared_info, dataref)); 324 atomic_set(&shinfo->dataref, 1); 325 kmemcheck_annotate_variable(shinfo->destructor_arg); 326 327 return skb; 328 } 329 EXPORT_SYMBOL(build_skb); 330 331 struct netdev_alloc_cache { 332 struct page_frag frag; 333 /* we maintain a pagecount bias, so that we dont dirty cache line 334 * containing page->_count every time we allocate a fragment. 335 */ 336 unsigned int pagecnt_bias; 337 }; 338 static DEFINE_PER_CPU(struct netdev_alloc_cache, netdev_alloc_cache); 339 static DEFINE_PER_CPU(struct netdev_alloc_cache, napi_alloc_cache); 340 341 static struct page *__page_frag_refill(struct netdev_alloc_cache *nc, 342 gfp_t gfp_mask) 343 { 344 const unsigned int order = NETDEV_FRAG_PAGE_MAX_ORDER; 345 struct page *page = NULL; 346 gfp_t gfp = gfp_mask; 347 348 if (order) { 349 gfp_mask |= __GFP_COMP | __GFP_NOWARN | __GFP_NORETRY; 350 page = alloc_pages_node(NUMA_NO_NODE, gfp_mask, order); 351 nc->frag.size = PAGE_SIZE << (page ? order : 0); 352 } 353 354 if (unlikely(!page)) 355 page = alloc_pages_node(NUMA_NO_NODE, gfp, 0); 356 357 nc->frag.page = page; 358 359 return page; 360 } 361 362 static void *__alloc_page_frag(struct netdev_alloc_cache __percpu *cache, 363 unsigned int fragsz, gfp_t gfp_mask) 364 { 365 struct netdev_alloc_cache *nc = this_cpu_ptr(cache); 366 struct page *page = nc->frag.page; 367 unsigned int size; 368 int offset; 369 370 if (unlikely(!page)) { 371 refill: 372 page = __page_frag_refill(nc, gfp_mask); 373 if (!page) 374 return NULL; 375 376 /* if size can vary use frag.size else just use PAGE_SIZE */ 377 size = NETDEV_FRAG_PAGE_MAX_ORDER ? nc->frag.size : PAGE_SIZE; 378 379 /* Even if we own the page, we do not use atomic_set(). 380 * This would break get_page_unless_zero() users. 381 */ 382 atomic_add(size - 1, &page->_count); 383 384 /* reset page count bias and offset to start of new frag */ 385 nc->pagecnt_bias = size; 386 nc->frag.offset = size; 387 } 388 389 offset = nc->frag.offset - fragsz; 390 if (unlikely(offset < 0)) { 391 if (!atomic_sub_and_test(nc->pagecnt_bias, &page->_count)) 392 goto refill; 393 394 /* if size can vary use frag.size else just use PAGE_SIZE */ 395 size = NETDEV_FRAG_PAGE_MAX_ORDER ? nc->frag.size : PAGE_SIZE; 396 397 /* OK, page count is 0, we can safely set it */ 398 atomic_set(&page->_count, size); 399 400 /* reset page count bias and offset to start of new frag */ 401 nc->pagecnt_bias = size; 402 offset = size - fragsz; 403 } 404 405 nc->pagecnt_bias--; 406 nc->frag.offset = offset; 407 408 return page_address(page) + offset; 409 } 410 411 static void *__netdev_alloc_frag(unsigned int fragsz, gfp_t gfp_mask) 412 { 413 unsigned long flags; 414 void *data; 415 416 local_irq_save(flags); 417 data = __alloc_page_frag(&netdev_alloc_cache, fragsz, gfp_mask); 418 local_irq_restore(flags); 419 return data; 420 } 421 422 /** 423 * netdev_alloc_frag - allocate a page fragment 424 * @fragsz: fragment size 425 * 426 * Allocates a frag from a page for receive buffer. 427 * Uses GFP_ATOMIC allocations. 428 */ 429 void *netdev_alloc_frag(unsigned int fragsz) 430 { 431 return __netdev_alloc_frag(fragsz, GFP_ATOMIC | __GFP_COLD); 432 } 433 EXPORT_SYMBOL(netdev_alloc_frag); 434 435 static void *__napi_alloc_frag(unsigned int fragsz, gfp_t gfp_mask) 436 { 437 return __alloc_page_frag(&napi_alloc_cache, fragsz, gfp_mask); 438 } 439 440 void *napi_alloc_frag(unsigned int fragsz) 441 { 442 return __napi_alloc_frag(fragsz, GFP_ATOMIC | __GFP_COLD); 443 } 444 EXPORT_SYMBOL(napi_alloc_frag); 445 446 /** 447 * __alloc_rx_skb - allocate an skbuff for rx 448 * @length: length to allocate 449 * @gfp_mask: get_free_pages mask, passed to alloc_skb 450 * @flags: If SKB_ALLOC_RX is set, __GFP_MEMALLOC will be used for 451 * allocations in case we have to fallback to __alloc_skb() 452 * If SKB_ALLOC_NAPI is set, page fragment will be allocated 453 * from napi_cache instead of netdev_cache. 454 * 455 * Allocate a new &sk_buff and assign it a usage count of one. The 456 * buffer has unspecified headroom built in. Users should allocate 457 * the headroom they think they need without accounting for the 458 * built in space. The built in space is used for optimisations. 459 * 460 * %NULL is returned if there is no free memory. 461 */ 462 static struct sk_buff *__alloc_rx_skb(unsigned int length, gfp_t gfp_mask, 463 int flags) 464 { 465 struct sk_buff *skb = NULL; 466 unsigned int fragsz = SKB_DATA_ALIGN(length) + 467 SKB_DATA_ALIGN(sizeof(struct skb_shared_info)); 468 469 if (fragsz <= PAGE_SIZE && !(gfp_mask & (__GFP_WAIT | GFP_DMA))) { 470 void *data; 471 472 if (sk_memalloc_socks()) 473 gfp_mask |= __GFP_MEMALLOC; 474 475 data = (flags & SKB_ALLOC_NAPI) ? 476 __napi_alloc_frag(fragsz, gfp_mask) : 477 __netdev_alloc_frag(fragsz, gfp_mask); 478 479 if (likely(data)) { 480 skb = build_skb(data, fragsz); 481 if (unlikely(!skb)) 482 put_page(virt_to_head_page(data)); 483 } 484 } else { 485 skb = __alloc_skb(length, gfp_mask, 486 SKB_ALLOC_RX, NUMA_NO_NODE); 487 } 488 return skb; 489 } 490 491 /** 492 * __netdev_alloc_skb - allocate an skbuff for rx on a specific device 493 * @dev: network device to receive on 494 * @length: length to allocate 495 * @gfp_mask: get_free_pages mask, passed to alloc_skb 496 * 497 * Allocate a new &sk_buff and assign it a usage count of one. The 498 * buffer has NET_SKB_PAD headroom built in. Users should allocate 499 * the headroom they think they need without accounting for the 500 * built in space. The built in space is used for optimisations. 501 * 502 * %NULL is returned if there is no free memory. 503 */ 504 struct sk_buff *__netdev_alloc_skb(struct net_device *dev, 505 unsigned int length, gfp_t gfp_mask) 506 { 507 struct sk_buff *skb; 508 509 length += NET_SKB_PAD; 510 skb = __alloc_rx_skb(length, gfp_mask, 0); 511 512 if (likely(skb)) { 513 skb_reserve(skb, NET_SKB_PAD); 514 skb->dev = dev; 515 } 516 517 return skb; 518 } 519 EXPORT_SYMBOL(__netdev_alloc_skb); 520 521 /** 522 * __napi_alloc_skb - allocate skbuff for rx in a specific NAPI instance 523 * @napi: napi instance this buffer was allocated for 524 * @length: length to allocate 525 * @gfp_mask: get_free_pages mask, passed to alloc_skb and alloc_pages 526 * 527 * Allocate a new sk_buff for use in NAPI receive. This buffer will 528 * attempt to allocate the head from a special reserved region used 529 * only for NAPI Rx allocation. By doing this we can save several 530 * CPU cycles by avoiding having to disable and re-enable IRQs. 531 * 532 * %NULL is returned if there is no free memory. 533 */ 534 struct sk_buff *__napi_alloc_skb(struct napi_struct *napi, 535 unsigned int length, gfp_t gfp_mask) 536 { 537 struct sk_buff *skb; 538 539 length += NET_SKB_PAD + NET_IP_ALIGN; 540 skb = __alloc_rx_skb(length, gfp_mask, SKB_ALLOC_NAPI); 541 542 if (likely(skb)) { 543 skb_reserve(skb, NET_SKB_PAD + NET_IP_ALIGN); 544 skb->dev = napi->dev; 545 } 546 547 return skb; 548 } 549 EXPORT_SYMBOL(__napi_alloc_skb); 550 551 void skb_add_rx_frag(struct sk_buff *skb, int i, struct page *page, int off, 552 int size, unsigned int truesize) 553 { 554 skb_fill_page_desc(skb, i, page, off, size); 555 skb->len += size; 556 skb->data_len += size; 557 skb->truesize += truesize; 558 } 559 EXPORT_SYMBOL(skb_add_rx_frag); 560 561 void skb_coalesce_rx_frag(struct sk_buff *skb, int i, int size, 562 unsigned int truesize) 563 { 564 skb_frag_t *frag = &skb_shinfo(skb)->frags[i]; 565 566 skb_frag_size_add(frag, size); 567 skb->len += size; 568 skb->data_len += size; 569 skb->truesize += truesize; 570 } 571 EXPORT_SYMBOL(skb_coalesce_rx_frag); 572 573 static void skb_drop_list(struct sk_buff **listp) 574 { 575 kfree_skb_list(*listp); 576 *listp = NULL; 577 } 578 579 static inline void skb_drop_fraglist(struct sk_buff *skb) 580 { 581 skb_drop_list(&skb_shinfo(skb)->frag_list); 582 } 583 584 static void skb_clone_fraglist(struct sk_buff *skb) 585 { 586 struct sk_buff *list; 587 588 skb_walk_frags(skb, list) 589 skb_get(list); 590 } 591 592 static void skb_free_head(struct sk_buff *skb) 593 { 594 if (skb->head_frag) 595 put_page(virt_to_head_page(skb->head)); 596 else 597 kfree(skb->head); 598 } 599 600 static void skb_release_data(struct sk_buff *skb) 601 { 602 struct skb_shared_info *shinfo = skb_shinfo(skb); 603 int i; 604 605 if (skb->cloned && 606 atomic_sub_return(skb->nohdr ? (1 << SKB_DATAREF_SHIFT) + 1 : 1, 607 &shinfo->dataref)) 608 return; 609 610 for (i = 0; i < shinfo->nr_frags; i++) 611 __skb_frag_unref(&shinfo->frags[i]); 612 613 /* 614 * If skb buf is from userspace, we need to notify the caller 615 * the lower device DMA has done; 616 */ 617 if (shinfo->tx_flags & SKBTX_DEV_ZEROCOPY) { 618 struct ubuf_info *uarg; 619 620 uarg = shinfo->destructor_arg; 621 if (uarg->callback) 622 uarg->callback(uarg, true); 623 } 624 625 if (shinfo->frag_list) 626 kfree_skb_list(shinfo->frag_list); 627 628 skb_free_head(skb); 629 } 630 631 /* 632 * Free an skbuff by memory without cleaning the state. 633 */ 634 static void kfree_skbmem(struct sk_buff *skb) 635 { 636 struct sk_buff_fclones *fclones; 637 638 switch (skb->fclone) { 639 case SKB_FCLONE_UNAVAILABLE: 640 kmem_cache_free(skbuff_head_cache, skb); 641 return; 642 643 case SKB_FCLONE_ORIG: 644 fclones = container_of(skb, struct sk_buff_fclones, skb1); 645 646 /* We usually free the clone (TX completion) before original skb 647 * This test would have no chance to be true for the clone, 648 * while here, branch prediction will be good. 649 */ 650 if (atomic_read(&fclones->fclone_ref) == 1) 651 goto fastpath; 652 break; 653 654 default: /* SKB_FCLONE_CLONE */ 655 fclones = container_of(skb, struct sk_buff_fclones, skb2); 656 break; 657 } 658 if (!atomic_dec_and_test(&fclones->fclone_ref)) 659 return; 660 fastpath: 661 kmem_cache_free(skbuff_fclone_cache, fclones); 662 } 663 664 static void skb_release_head_state(struct sk_buff *skb) 665 { 666 skb_dst_drop(skb); 667 #ifdef CONFIG_XFRM 668 secpath_put(skb->sp); 669 #endif 670 if (skb->destructor) { 671 WARN_ON(in_irq()); 672 skb->destructor(skb); 673 } 674 #if IS_ENABLED(CONFIG_NF_CONNTRACK) 675 nf_conntrack_put(skb->nfct); 676 #endif 677 #if IS_ENABLED(CONFIG_BRIDGE_NETFILTER) 678 nf_bridge_put(skb->nf_bridge); 679 #endif 680 /* XXX: IS this still necessary? - JHS */ 681 #ifdef CONFIG_NET_SCHED 682 skb->tc_index = 0; 683 #ifdef CONFIG_NET_CLS_ACT 684 skb->tc_verd = 0; 685 #endif 686 #endif 687 } 688 689 /* Free everything but the sk_buff shell. */ 690 static void skb_release_all(struct sk_buff *skb) 691 { 692 skb_release_head_state(skb); 693 if (likely(skb->head)) 694 skb_release_data(skb); 695 } 696 697 /** 698 * __kfree_skb - private function 699 * @skb: buffer 700 * 701 * Free an sk_buff. Release anything attached to the buffer. 702 * Clean the state. This is an internal helper function. Users should 703 * always call kfree_skb 704 */ 705 706 void __kfree_skb(struct sk_buff *skb) 707 { 708 skb_release_all(skb); 709 kfree_skbmem(skb); 710 } 711 EXPORT_SYMBOL(__kfree_skb); 712 713 /** 714 * kfree_skb - free an sk_buff 715 * @skb: buffer to free 716 * 717 * Drop a reference to the buffer and free it if the usage count has 718 * hit zero. 719 */ 720 void kfree_skb(struct sk_buff *skb) 721 { 722 if (unlikely(!skb)) 723 return; 724 if (likely(atomic_read(&skb->users) == 1)) 725 smp_rmb(); 726 else if (likely(!atomic_dec_and_test(&skb->users))) 727 return; 728 trace_kfree_skb(skb, __builtin_return_address(0)); 729 __kfree_skb(skb); 730 } 731 EXPORT_SYMBOL(kfree_skb); 732 733 void kfree_skb_list(struct sk_buff *segs) 734 { 735 while (segs) { 736 struct sk_buff *next = segs->next; 737 738 kfree_skb(segs); 739 segs = next; 740 } 741 } 742 EXPORT_SYMBOL(kfree_skb_list); 743 744 /** 745 * skb_tx_error - report an sk_buff xmit error 746 * @skb: buffer that triggered an error 747 * 748 * Report xmit error if a device callback is tracking this skb. 749 * skb must be freed afterwards. 750 */ 751 void skb_tx_error(struct sk_buff *skb) 752 { 753 if (skb_shinfo(skb)->tx_flags & SKBTX_DEV_ZEROCOPY) { 754 struct ubuf_info *uarg; 755 756 uarg = skb_shinfo(skb)->destructor_arg; 757 if (uarg->callback) 758 uarg->callback(uarg, false); 759 skb_shinfo(skb)->tx_flags &= ~SKBTX_DEV_ZEROCOPY; 760 } 761 } 762 EXPORT_SYMBOL(skb_tx_error); 763 764 /** 765 * consume_skb - free an skbuff 766 * @skb: buffer to free 767 * 768 * Drop a ref to the buffer and free it if the usage count has hit zero 769 * Functions identically to kfree_skb, but kfree_skb assumes that the frame 770 * is being dropped after a failure and notes that 771 */ 772 void consume_skb(struct sk_buff *skb) 773 { 774 if (unlikely(!skb)) 775 return; 776 if (likely(atomic_read(&skb->users) == 1)) 777 smp_rmb(); 778 else if (likely(!atomic_dec_and_test(&skb->users))) 779 return; 780 trace_consume_skb(skb); 781 __kfree_skb(skb); 782 } 783 EXPORT_SYMBOL(consume_skb); 784 785 /* Make sure a field is enclosed inside headers_start/headers_end section */ 786 #define CHECK_SKB_FIELD(field) \ 787 BUILD_BUG_ON(offsetof(struct sk_buff, field) < \ 788 offsetof(struct sk_buff, headers_start)); \ 789 BUILD_BUG_ON(offsetof(struct sk_buff, field) > \ 790 offsetof(struct sk_buff, headers_end)); \ 791 792 static void __copy_skb_header(struct sk_buff *new, const struct sk_buff *old) 793 { 794 new->tstamp = old->tstamp; 795 /* We do not copy old->sk */ 796 new->dev = old->dev; 797 memcpy(new->cb, old->cb, sizeof(old->cb)); 798 skb_dst_copy(new, old); 799 #ifdef CONFIG_XFRM 800 new->sp = secpath_get(old->sp); 801 #endif 802 __nf_copy(new, old, false); 803 804 /* Note : this field could be in headers_start/headers_end section 805 * It is not yet because we do not want to have a 16 bit hole 806 */ 807 new->queue_mapping = old->queue_mapping; 808 809 memcpy(&new->headers_start, &old->headers_start, 810 offsetof(struct sk_buff, headers_end) - 811 offsetof(struct sk_buff, headers_start)); 812 CHECK_SKB_FIELD(protocol); 813 CHECK_SKB_FIELD(csum); 814 CHECK_SKB_FIELD(hash); 815 CHECK_SKB_FIELD(priority); 816 CHECK_SKB_FIELD(skb_iif); 817 CHECK_SKB_FIELD(vlan_proto); 818 CHECK_SKB_FIELD(vlan_tci); 819 CHECK_SKB_FIELD(transport_header); 820 CHECK_SKB_FIELD(network_header); 821 CHECK_SKB_FIELD(mac_header); 822 CHECK_SKB_FIELD(inner_protocol); 823 CHECK_SKB_FIELD(inner_transport_header); 824 CHECK_SKB_FIELD(inner_network_header); 825 CHECK_SKB_FIELD(inner_mac_header); 826 CHECK_SKB_FIELD(mark); 827 #ifdef CONFIG_NETWORK_SECMARK 828 CHECK_SKB_FIELD(secmark); 829 #endif 830 #ifdef CONFIG_NET_RX_BUSY_POLL 831 CHECK_SKB_FIELD(napi_id); 832 #endif 833 #ifdef CONFIG_NET_SCHED 834 CHECK_SKB_FIELD(tc_index); 835 #ifdef CONFIG_NET_CLS_ACT 836 CHECK_SKB_FIELD(tc_verd); 837 #endif 838 #endif 839 840 } 841 842 /* 843 * You should not add any new code to this function. Add it to 844 * __copy_skb_header above instead. 845 */ 846 static struct sk_buff *__skb_clone(struct sk_buff *n, struct sk_buff *skb) 847 { 848 #define C(x) n->x = skb->x 849 850 n->next = n->prev = NULL; 851 n->sk = NULL; 852 __copy_skb_header(n, skb); 853 854 C(len); 855 C(data_len); 856 C(mac_len); 857 n->hdr_len = skb->nohdr ? skb_headroom(skb) : skb->hdr_len; 858 n->cloned = 1; 859 n->nohdr = 0; 860 n->destructor = NULL; 861 C(tail); 862 C(end); 863 C(head); 864 C(head_frag); 865 C(data); 866 C(truesize); 867 atomic_set(&n->users, 1); 868 869 atomic_inc(&(skb_shinfo(skb)->dataref)); 870 skb->cloned = 1; 871 872 return n; 873 #undef C 874 } 875 876 /** 877 * skb_morph - morph one skb into another 878 * @dst: the skb to receive the contents 879 * @src: the skb to supply the contents 880 * 881 * This is identical to skb_clone except that the target skb is 882 * supplied by the user. 883 * 884 * The target skb is returned upon exit. 885 */ 886 struct sk_buff *skb_morph(struct sk_buff *dst, struct sk_buff *src) 887 { 888 skb_release_all(dst); 889 return __skb_clone(dst, src); 890 } 891 EXPORT_SYMBOL_GPL(skb_morph); 892 893 /** 894 * skb_copy_ubufs - copy userspace skb frags buffers to kernel 895 * @skb: the skb to modify 896 * @gfp_mask: allocation priority 897 * 898 * This must be called on SKBTX_DEV_ZEROCOPY skb. 899 * It will copy all frags into kernel and drop the reference 900 * to userspace pages. 901 * 902 * If this function is called from an interrupt gfp_mask() must be 903 * %GFP_ATOMIC. 904 * 905 * Returns 0 on success or a negative error code on failure 906 * to allocate kernel memory to copy to. 907 */ 908 int skb_copy_ubufs(struct sk_buff *skb, gfp_t gfp_mask) 909 { 910 int i; 911 int num_frags = skb_shinfo(skb)->nr_frags; 912 struct page *page, *head = NULL; 913 struct ubuf_info *uarg = skb_shinfo(skb)->destructor_arg; 914 915 for (i = 0; i < num_frags; i++) { 916 u8 *vaddr; 917 skb_frag_t *f = &skb_shinfo(skb)->frags[i]; 918 919 page = alloc_page(gfp_mask); 920 if (!page) { 921 while (head) { 922 struct page *next = (struct page *)page_private(head); 923 put_page(head); 924 head = next; 925 } 926 return -ENOMEM; 927 } 928 vaddr = kmap_atomic(skb_frag_page(f)); 929 memcpy(page_address(page), 930 vaddr + f->page_offset, skb_frag_size(f)); 931 kunmap_atomic(vaddr); 932 set_page_private(page, (unsigned long)head); 933 head = page; 934 } 935 936 /* skb frags release userspace buffers */ 937 for (i = 0; i < num_frags; i++) 938 skb_frag_unref(skb, i); 939 940 uarg->callback(uarg, false); 941 942 /* skb frags point to kernel buffers */ 943 for (i = num_frags - 1; i >= 0; i--) { 944 __skb_fill_page_desc(skb, i, head, 0, 945 skb_shinfo(skb)->frags[i].size); 946 head = (struct page *)page_private(head); 947 } 948 949 skb_shinfo(skb)->tx_flags &= ~SKBTX_DEV_ZEROCOPY; 950 return 0; 951 } 952 EXPORT_SYMBOL_GPL(skb_copy_ubufs); 953 954 /** 955 * skb_clone - duplicate an sk_buff 956 * @skb: buffer to clone 957 * @gfp_mask: allocation priority 958 * 959 * Duplicate an &sk_buff. The new one is not owned by a socket. Both 960 * copies share the same packet data but not structure. The new 961 * buffer has a reference count of 1. If the allocation fails the 962 * function returns %NULL otherwise the new buffer is returned. 963 * 964 * If this function is called from an interrupt gfp_mask() must be 965 * %GFP_ATOMIC. 966 */ 967 968 struct sk_buff *skb_clone(struct sk_buff *skb, gfp_t gfp_mask) 969 { 970 struct sk_buff_fclones *fclones = container_of(skb, 971 struct sk_buff_fclones, 972 skb1); 973 struct sk_buff *n; 974 975 if (skb_orphan_frags(skb, gfp_mask)) 976 return NULL; 977 978 if (skb->fclone == SKB_FCLONE_ORIG && 979 atomic_read(&fclones->fclone_ref) == 1) { 980 n = &fclones->skb2; 981 atomic_set(&fclones->fclone_ref, 2); 982 } else { 983 if (skb_pfmemalloc(skb)) 984 gfp_mask |= __GFP_MEMALLOC; 985 986 n = kmem_cache_alloc(skbuff_head_cache, gfp_mask); 987 if (!n) 988 return NULL; 989 990 kmemcheck_annotate_bitfield(n, flags1); 991 n->fclone = SKB_FCLONE_UNAVAILABLE; 992 } 993 994 return __skb_clone(n, skb); 995 } 996 EXPORT_SYMBOL(skb_clone); 997 998 static void skb_headers_offset_update(struct sk_buff *skb, int off) 999 { 1000 /* Only adjust this if it actually is csum_start rather than csum */ 1001 if (skb->ip_summed == CHECKSUM_PARTIAL) 1002 skb->csum_start += off; 1003 /* {transport,network,mac}_header and tail are relative to skb->head */ 1004 skb->transport_header += off; 1005 skb->network_header += off; 1006 if (skb_mac_header_was_set(skb)) 1007 skb->mac_header += off; 1008 skb->inner_transport_header += off; 1009 skb->inner_network_header += off; 1010 skb->inner_mac_header += off; 1011 } 1012 1013 static void copy_skb_header(struct sk_buff *new, const struct sk_buff *old) 1014 { 1015 __copy_skb_header(new, old); 1016 1017 skb_shinfo(new)->gso_size = skb_shinfo(old)->gso_size; 1018 skb_shinfo(new)->gso_segs = skb_shinfo(old)->gso_segs; 1019 skb_shinfo(new)->gso_type = skb_shinfo(old)->gso_type; 1020 } 1021 1022 static inline int skb_alloc_rx_flag(const struct sk_buff *skb) 1023 { 1024 if (skb_pfmemalloc(skb)) 1025 return SKB_ALLOC_RX; 1026 return 0; 1027 } 1028 1029 /** 1030 * skb_copy - create private copy of an sk_buff 1031 * @skb: buffer to copy 1032 * @gfp_mask: allocation priority 1033 * 1034 * Make a copy of both an &sk_buff and its data. This is used when the 1035 * caller wishes to modify the data and needs a private copy of the 1036 * data to alter. Returns %NULL on failure or the pointer to the buffer 1037 * on success. The returned buffer has a reference count of 1. 1038 * 1039 * As by-product this function converts non-linear &sk_buff to linear 1040 * one, so that &sk_buff becomes completely private and caller is allowed 1041 * to modify all the data of returned buffer. This means that this 1042 * function is not recommended for use in circumstances when only 1043 * header is going to be modified. Use pskb_copy() instead. 1044 */ 1045 1046 struct sk_buff *skb_copy(const struct sk_buff *skb, gfp_t gfp_mask) 1047 { 1048 int headerlen = skb_headroom(skb); 1049 unsigned int size = skb_end_offset(skb) + skb->data_len; 1050 struct sk_buff *n = __alloc_skb(size, gfp_mask, 1051 skb_alloc_rx_flag(skb), NUMA_NO_NODE); 1052 1053 if (!n) 1054 return NULL; 1055 1056 /* Set the data pointer */ 1057 skb_reserve(n, headerlen); 1058 /* Set the tail pointer and length */ 1059 skb_put(n, skb->len); 1060 1061 if (skb_copy_bits(skb, -headerlen, n->head, headerlen + skb->len)) 1062 BUG(); 1063 1064 copy_skb_header(n, skb); 1065 return n; 1066 } 1067 EXPORT_SYMBOL(skb_copy); 1068 1069 /** 1070 * __pskb_copy_fclone - create copy of an sk_buff with private head. 1071 * @skb: buffer to copy 1072 * @headroom: headroom of new skb 1073 * @gfp_mask: allocation priority 1074 * @fclone: if true allocate the copy of the skb from the fclone 1075 * cache instead of the head cache; it is recommended to set this 1076 * to true for the cases where the copy will likely be cloned 1077 * 1078 * Make a copy of both an &sk_buff and part of its data, located 1079 * in header. Fragmented data remain shared. This is used when 1080 * the caller wishes to modify only header of &sk_buff and needs 1081 * private copy of the header to alter. Returns %NULL on failure 1082 * or the pointer to the buffer on success. 1083 * The returned buffer has a reference count of 1. 1084 */ 1085 1086 struct sk_buff *__pskb_copy_fclone(struct sk_buff *skb, int headroom, 1087 gfp_t gfp_mask, bool fclone) 1088 { 1089 unsigned int size = skb_headlen(skb) + headroom; 1090 int flags = skb_alloc_rx_flag(skb) | (fclone ? SKB_ALLOC_FCLONE : 0); 1091 struct sk_buff *n = __alloc_skb(size, gfp_mask, flags, NUMA_NO_NODE); 1092 1093 if (!n) 1094 goto out; 1095 1096 /* Set the data pointer */ 1097 skb_reserve(n, headroom); 1098 /* Set the tail pointer and length */ 1099 skb_put(n, skb_headlen(skb)); 1100 /* Copy the bytes */ 1101 skb_copy_from_linear_data(skb, n->data, n->len); 1102 1103 n->truesize += skb->data_len; 1104 n->data_len = skb->data_len; 1105 n->len = skb->len; 1106 1107 if (skb_shinfo(skb)->nr_frags) { 1108 int i; 1109 1110 if (skb_orphan_frags(skb, gfp_mask)) { 1111 kfree_skb(n); 1112 n = NULL; 1113 goto out; 1114 } 1115 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) { 1116 skb_shinfo(n)->frags[i] = skb_shinfo(skb)->frags[i]; 1117 skb_frag_ref(skb, i); 1118 } 1119 skb_shinfo(n)->nr_frags = i; 1120 } 1121 1122 if (skb_has_frag_list(skb)) { 1123 skb_shinfo(n)->frag_list = skb_shinfo(skb)->frag_list; 1124 skb_clone_fraglist(n); 1125 } 1126 1127 copy_skb_header(n, skb); 1128 out: 1129 return n; 1130 } 1131 EXPORT_SYMBOL(__pskb_copy_fclone); 1132 1133 /** 1134 * pskb_expand_head - reallocate header of &sk_buff 1135 * @skb: buffer to reallocate 1136 * @nhead: room to add at head 1137 * @ntail: room to add at tail 1138 * @gfp_mask: allocation priority 1139 * 1140 * Expands (or creates identical copy, if @nhead and @ntail are zero) 1141 * header of @skb. &sk_buff itself is not changed. &sk_buff MUST have 1142 * reference count of 1. Returns zero in the case of success or error, 1143 * if expansion failed. In the last case, &sk_buff is not changed. 1144 * 1145 * All the pointers pointing into skb header may change and must be 1146 * reloaded after call to this function. 1147 */ 1148 1149 int pskb_expand_head(struct sk_buff *skb, int nhead, int ntail, 1150 gfp_t gfp_mask) 1151 { 1152 int i; 1153 u8 *data; 1154 int size = nhead + skb_end_offset(skb) + ntail; 1155 long off; 1156 1157 BUG_ON(nhead < 0); 1158 1159 if (skb_shared(skb)) 1160 BUG(); 1161 1162 size = SKB_DATA_ALIGN(size); 1163 1164 if (skb_pfmemalloc(skb)) 1165 gfp_mask |= __GFP_MEMALLOC; 1166 data = kmalloc_reserve(size + SKB_DATA_ALIGN(sizeof(struct skb_shared_info)), 1167 gfp_mask, NUMA_NO_NODE, NULL); 1168 if (!data) 1169 goto nodata; 1170 size = SKB_WITH_OVERHEAD(ksize(data)); 1171 1172 /* Copy only real data... and, alas, header. This should be 1173 * optimized for the cases when header is void. 1174 */ 1175 memcpy(data + nhead, skb->head, skb_tail_pointer(skb) - skb->head); 1176 1177 memcpy((struct skb_shared_info *)(data + size), 1178 skb_shinfo(skb), 1179 offsetof(struct skb_shared_info, frags[skb_shinfo(skb)->nr_frags])); 1180 1181 /* 1182 * if shinfo is shared we must drop the old head gracefully, but if it 1183 * is not we can just drop the old head and let the existing refcount 1184 * be since all we did is relocate the values 1185 */ 1186 if (skb_cloned(skb)) { 1187 /* copy this zero copy skb frags */ 1188 if (skb_orphan_frags(skb, gfp_mask)) 1189 goto nofrags; 1190 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) 1191 skb_frag_ref(skb, i); 1192 1193 if (skb_has_frag_list(skb)) 1194 skb_clone_fraglist(skb); 1195 1196 skb_release_data(skb); 1197 } else { 1198 skb_free_head(skb); 1199 } 1200 off = (data + nhead) - skb->head; 1201 1202 skb->head = data; 1203 skb->head_frag = 0; 1204 skb->data += off; 1205 #ifdef NET_SKBUFF_DATA_USES_OFFSET 1206 skb->end = size; 1207 off = nhead; 1208 #else 1209 skb->end = skb->head + size; 1210 #endif 1211 skb->tail += off; 1212 skb_headers_offset_update(skb, nhead); 1213 skb->cloned = 0; 1214 skb->hdr_len = 0; 1215 skb->nohdr = 0; 1216 atomic_set(&skb_shinfo(skb)->dataref, 1); 1217 return 0; 1218 1219 nofrags: 1220 kfree(data); 1221 nodata: 1222 return -ENOMEM; 1223 } 1224 EXPORT_SYMBOL(pskb_expand_head); 1225 1226 /* Make private copy of skb with writable head and some headroom */ 1227 1228 struct sk_buff *skb_realloc_headroom(struct sk_buff *skb, unsigned int headroom) 1229 { 1230 struct sk_buff *skb2; 1231 int delta = headroom - skb_headroom(skb); 1232 1233 if (delta <= 0) 1234 skb2 = pskb_copy(skb, GFP_ATOMIC); 1235 else { 1236 skb2 = skb_clone(skb, GFP_ATOMIC); 1237 if (skb2 && pskb_expand_head(skb2, SKB_DATA_ALIGN(delta), 0, 1238 GFP_ATOMIC)) { 1239 kfree_skb(skb2); 1240 skb2 = NULL; 1241 } 1242 } 1243 return skb2; 1244 } 1245 EXPORT_SYMBOL(skb_realloc_headroom); 1246 1247 /** 1248 * skb_copy_expand - copy and expand sk_buff 1249 * @skb: buffer to copy 1250 * @newheadroom: new free bytes at head 1251 * @newtailroom: new free bytes at tail 1252 * @gfp_mask: allocation priority 1253 * 1254 * Make a copy of both an &sk_buff and its data and while doing so 1255 * allocate additional space. 1256 * 1257 * This is used when the caller wishes to modify the data and needs a 1258 * private copy of the data to alter as well as more space for new fields. 1259 * Returns %NULL on failure or the pointer to the buffer 1260 * on success. The returned buffer has a reference count of 1. 1261 * 1262 * You must pass %GFP_ATOMIC as the allocation priority if this function 1263 * is called from an interrupt. 1264 */ 1265 struct sk_buff *skb_copy_expand(const struct sk_buff *skb, 1266 int newheadroom, int newtailroom, 1267 gfp_t gfp_mask) 1268 { 1269 /* 1270 * Allocate the copy buffer 1271 */ 1272 struct sk_buff *n = __alloc_skb(newheadroom + skb->len + newtailroom, 1273 gfp_mask, skb_alloc_rx_flag(skb), 1274 NUMA_NO_NODE); 1275 int oldheadroom = skb_headroom(skb); 1276 int head_copy_len, head_copy_off; 1277 1278 if (!n) 1279 return NULL; 1280 1281 skb_reserve(n, newheadroom); 1282 1283 /* Set the tail pointer and length */ 1284 skb_put(n, skb->len); 1285 1286 head_copy_len = oldheadroom; 1287 head_copy_off = 0; 1288 if (newheadroom <= head_copy_len) 1289 head_copy_len = newheadroom; 1290 else 1291 head_copy_off = newheadroom - head_copy_len; 1292 1293 /* Copy the linear header and data. */ 1294 if (skb_copy_bits(skb, -head_copy_len, n->head + head_copy_off, 1295 skb->len + head_copy_len)) 1296 BUG(); 1297 1298 copy_skb_header(n, skb); 1299 1300 skb_headers_offset_update(n, newheadroom - oldheadroom); 1301 1302 return n; 1303 } 1304 EXPORT_SYMBOL(skb_copy_expand); 1305 1306 /** 1307 * skb_pad - zero pad the tail of an skb 1308 * @skb: buffer to pad 1309 * @pad: space to pad 1310 * 1311 * Ensure that a buffer is followed by a padding area that is zero 1312 * filled. Used by network drivers which may DMA or transfer data 1313 * beyond the buffer end onto the wire. 1314 * 1315 * May return error in out of memory cases. The skb is freed on error. 1316 */ 1317 1318 int skb_pad(struct sk_buff *skb, int pad) 1319 { 1320 int err; 1321 int ntail; 1322 1323 /* If the skbuff is non linear tailroom is always zero.. */ 1324 if (!skb_cloned(skb) && skb_tailroom(skb) >= pad) { 1325 memset(skb->data+skb->len, 0, pad); 1326 return 0; 1327 } 1328 1329 ntail = skb->data_len + pad - (skb->end - skb->tail); 1330 if (likely(skb_cloned(skb) || ntail > 0)) { 1331 err = pskb_expand_head(skb, 0, ntail, GFP_ATOMIC); 1332 if (unlikely(err)) 1333 goto free_skb; 1334 } 1335 1336 /* FIXME: The use of this function with non-linear skb's really needs 1337 * to be audited. 1338 */ 1339 err = skb_linearize(skb); 1340 if (unlikely(err)) 1341 goto free_skb; 1342 1343 memset(skb->data + skb->len, 0, pad); 1344 return 0; 1345 1346 free_skb: 1347 kfree_skb(skb); 1348 return err; 1349 } 1350 EXPORT_SYMBOL(skb_pad); 1351 1352 /** 1353 * pskb_put - add data to the tail of a potentially fragmented buffer 1354 * @skb: start of the buffer to use 1355 * @tail: tail fragment of the buffer to use 1356 * @len: amount of data to add 1357 * 1358 * This function extends the used data area of the potentially 1359 * fragmented buffer. @tail must be the last fragment of @skb -- or 1360 * @skb itself. If this would exceed the total buffer size the kernel 1361 * will panic. A pointer to the first byte of the extra data is 1362 * returned. 1363 */ 1364 1365 unsigned char *pskb_put(struct sk_buff *skb, struct sk_buff *tail, int len) 1366 { 1367 if (tail != skb) { 1368 skb->data_len += len; 1369 skb->len += len; 1370 } 1371 return skb_put(tail, len); 1372 } 1373 EXPORT_SYMBOL_GPL(pskb_put); 1374 1375 /** 1376 * skb_put - add data to a buffer 1377 * @skb: buffer to use 1378 * @len: amount of data to add 1379 * 1380 * This function extends the used data area of the buffer. If this would 1381 * exceed the total buffer size the kernel will panic. A pointer to the 1382 * first byte of the extra data is returned. 1383 */ 1384 unsigned char *skb_put(struct sk_buff *skb, unsigned int len) 1385 { 1386 unsigned char *tmp = skb_tail_pointer(skb); 1387 SKB_LINEAR_ASSERT(skb); 1388 skb->tail += len; 1389 skb->len += len; 1390 if (unlikely(skb->tail > skb->end)) 1391 skb_over_panic(skb, len, __builtin_return_address(0)); 1392 return tmp; 1393 } 1394 EXPORT_SYMBOL(skb_put); 1395 1396 /** 1397 * skb_push - add data to the start of a buffer 1398 * @skb: buffer to use 1399 * @len: amount of data to add 1400 * 1401 * This function extends the used data area of the buffer at the buffer 1402 * start. If this would exceed the total buffer headroom the kernel will 1403 * panic. A pointer to the first byte of the extra data is returned. 1404 */ 1405 unsigned char *skb_push(struct sk_buff *skb, unsigned int len) 1406 { 1407 skb->data -= len; 1408 skb->len += len; 1409 if (unlikely(skb->data<skb->head)) 1410 skb_under_panic(skb, len, __builtin_return_address(0)); 1411 return skb->data; 1412 } 1413 EXPORT_SYMBOL(skb_push); 1414 1415 /** 1416 * skb_pull - remove data from the start of a buffer 1417 * @skb: buffer to use 1418 * @len: amount of data to remove 1419 * 1420 * This function removes data from the start of a buffer, returning 1421 * the memory to the headroom. A pointer to the next data in the buffer 1422 * is returned. Once the data has been pulled future pushes will overwrite 1423 * the old data. 1424 */ 1425 unsigned char *skb_pull(struct sk_buff *skb, unsigned int len) 1426 { 1427 return skb_pull_inline(skb, len); 1428 } 1429 EXPORT_SYMBOL(skb_pull); 1430 1431 /** 1432 * skb_trim - remove end from a buffer 1433 * @skb: buffer to alter 1434 * @len: new length 1435 * 1436 * Cut the length of a buffer down by removing data from the tail. If 1437 * the buffer is already under the length specified it is not modified. 1438 * The skb must be linear. 1439 */ 1440 void skb_trim(struct sk_buff *skb, unsigned int len) 1441 { 1442 if (skb->len > len) 1443 __skb_trim(skb, len); 1444 } 1445 EXPORT_SYMBOL(skb_trim); 1446 1447 /* Trims skb to length len. It can change skb pointers. 1448 */ 1449 1450 int ___pskb_trim(struct sk_buff *skb, unsigned int len) 1451 { 1452 struct sk_buff **fragp; 1453 struct sk_buff *frag; 1454 int offset = skb_headlen(skb); 1455 int nfrags = skb_shinfo(skb)->nr_frags; 1456 int i; 1457 int err; 1458 1459 if (skb_cloned(skb) && 1460 unlikely((err = pskb_expand_head(skb, 0, 0, GFP_ATOMIC)))) 1461 return err; 1462 1463 i = 0; 1464 if (offset >= len) 1465 goto drop_pages; 1466 1467 for (; i < nfrags; i++) { 1468 int end = offset + skb_frag_size(&skb_shinfo(skb)->frags[i]); 1469 1470 if (end < len) { 1471 offset = end; 1472 continue; 1473 } 1474 1475 skb_frag_size_set(&skb_shinfo(skb)->frags[i++], len - offset); 1476 1477 drop_pages: 1478 skb_shinfo(skb)->nr_frags = i; 1479 1480 for (; i < nfrags; i++) 1481 skb_frag_unref(skb, i); 1482 1483 if (skb_has_frag_list(skb)) 1484 skb_drop_fraglist(skb); 1485 goto done; 1486 } 1487 1488 for (fragp = &skb_shinfo(skb)->frag_list; (frag = *fragp); 1489 fragp = &frag->next) { 1490 int end = offset + frag->len; 1491 1492 if (skb_shared(frag)) { 1493 struct sk_buff *nfrag; 1494 1495 nfrag = skb_clone(frag, GFP_ATOMIC); 1496 if (unlikely(!nfrag)) 1497 return -ENOMEM; 1498 1499 nfrag->next = frag->next; 1500 consume_skb(frag); 1501 frag = nfrag; 1502 *fragp = frag; 1503 } 1504 1505 if (end < len) { 1506 offset = end; 1507 continue; 1508 } 1509 1510 if (end > len && 1511 unlikely((err = pskb_trim(frag, len - offset)))) 1512 return err; 1513 1514 if (frag->next) 1515 skb_drop_list(&frag->next); 1516 break; 1517 } 1518 1519 done: 1520 if (len > skb_headlen(skb)) { 1521 skb->data_len -= skb->len - len; 1522 skb->len = len; 1523 } else { 1524 skb->len = len; 1525 skb->data_len = 0; 1526 skb_set_tail_pointer(skb, len); 1527 } 1528 1529 return 0; 1530 } 1531 EXPORT_SYMBOL(___pskb_trim); 1532 1533 /** 1534 * __pskb_pull_tail - advance tail of skb header 1535 * @skb: buffer to reallocate 1536 * @delta: number of bytes to advance tail 1537 * 1538 * The function makes a sense only on a fragmented &sk_buff, 1539 * it expands header moving its tail forward and copying necessary 1540 * data from fragmented part. 1541 * 1542 * &sk_buff MUST have reference count of 1. 1543 * 1544 * Returns %NULL (and &sk_buff does not change) if pull failed 1545 * or value of new tail of skb in the case of success. 1546 * 1547 * All the pointers pointing into skb header may change and must be 1548 * reloaded after call to this function. 1549 */ 1550 1551 /* Moves tail of skb head forward, copying data from fragmented part, 1552 * when it is necessary. 1553 * 1. It may fail due to malloc failure. 1554 * 2. It may change skb pointers. 1555 * 1556 * It is pretty complicated. Luckily, it is called only in exceptional cases. 1557 */ 1558 unsigned char *__pskb_pull_tail(struct sk_buff *skb, int delta) 1559 { 1560 /* If skb has not enough free space at tail, get new one 1561 * plus 128 bytes for future expansions. If we have enough 1562 * room at tail, reallocate without expansion only if skb is cloned. 1563 */ 1564 int i, k, eat = (skb->tail + delta) - skb->end; 1565 1566 if (eat > 0 || skb_cloned(skb)) { 1567 if (pskb_expand_head(skb, 0, eat > 0 ? eat + 128 : 0, 1568 GFP_ATOMIC)) 1569 return NULL; 1570 } 1571 1572 if (skb_copy_bits(skb, skb_headlen(skb), skb_tail_pointer(skb), delta)) 1573 BUG(); 1574 1575 /* Optimization: no fragments, no reasons to preestimate 1576 * size of pulled pages. Superb. 1577 */ 1578 if (!skb_has_frag_list(skb)) 1579 goto pull_pages; 1580 1581 /* Estimate size of pulled pages. */ 1582 eat = delta; 1583 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) { 1584 int size = skb_frag_size(&skb_shinfo(skb)->frags[i]); 1585 1586 if (size >= eat) 1587 goto pull_pages; 1588 eat -= size; 1589 } 1590 1591 /* If we need update frag list, we are in troubles. 1592 * Certainly, it possible to add an offset to skb data, 1593 * but taking into account that pulling is expected to 1594 * be very rare operation, it is worth to fight against 1595 * further bloating skb head and crucify ourselves here instead. 1596 * Pure masohism, indeed. 8)8) 1597 */ 1598 if (eat) { 1599 struct sk_buff *list = skb_shinfo(skb)->frag_list; 1600 struct sk_buff *clone = NULL; 1601 struct sk_buff *insp = NULL; 1602 1603 do { 1604 BUG_ON(!list); 1605 1606 if (list->len <= eat) { 1607 /* Eaten as whole. */ 1608 eat -= list->len; 1609 list = list->next; 1610 insp = list; 1611 } else { 1612 /* Eaten partially. */ 1613 1614 if (skb_shared(list)) { 1615 /* Sucks! We need to fork list. :-( */ 1616 clone = skb_clone(list, GFP_ATOMIC); 1617 if (!clone) 1618 return NULL; 1619 insp = list->next; 1620 list = clone; 1621 } else { 1622 /* This may be pulled without 1623 * problems. */ 1624 insp = list; 1625 } 1626 if (!pskb_pull(list, eat)) { 1627 kfree_skb(clone); 1628 return NULL; 1629 } 1630 break; 1631 } 1632 } while (eat); 1633 1634 /* Free pulled out fragments. */ 1635 while ((list = skb_shinfo(skb)->frag_list) != insp) { 1636 skb_shinfo(skb)->frag_list = list->next; 1637 kfree_skb(list); 1638 } 1639 /* And insert new clone at head. */ 1640 if (clone) { 1641 clone->next = list; 1642 skb_shinfo(skb)->frag_list = clone; 1643 } 1644 } 1645 /* Success! Now we may commit changes to skb data. */ 1646 1647 pull_pages: 1648 eat = delta; 1649 k = 0; 1650 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) { 1651 int size = skb_frag_size(&skb_shinfo(skb)->frags[i]); 1652 1653 if (size <= eat) { 1654 skb_frag_unref(skb, i); 1655 eat -= size; 1656 } else { 1657 skb_shinfo(skb)->frags[k] = skb_shinfo(skb)->frags[i]; 1658 if (eat) { 1659 skb_shinfo(skb)->frags[k].page_offset += eat; 1660 skb_frag_size_sub(&skb_shinfo(skb)->frags[k], eat); 1661 eat = 0; 1662 } 1663 k++; 1664 } 1665 } 1666 skb_shinfo(skb)->nr_frags = k; 1667 1668 skb->tail += delta; 1669 skb->data_len -= delta; 1670 1671 return skb_tail_pointer(skb); 1672 } 1673 EXPORT_SYMBOL(__pskb_pull_tail); 1674 1675 /** 1676 * skb_copy_bits - copy bits from skb to kernel buffer 1677 * @skb: source skb 1678 * @offset: offset in source 1679 * @to: destination buffer 1680 * @len: number of bytes to copy 1681 * 1682 * Copy the specified number of bytes from the source skb to the 1683 * destination buffer. 1684 * 1685 * CAUTION ! : 1686 * If its prototype is ever changed, 1687 * check arch/{*}/net/{*}.S files, 1688 * since it is called from BPF assembly code. 1689 */ 1690 int skb_copy_bits(const struct sk_buff *skb, int offset, void *to, int len) 1691 { 1692 int start = skb_headlen(skb); 1693 struct sk_buff *frag_iter; 1694 int i, copy; 1695 1696 if (offset > (int)skb->len - len) 1697 goto fault; 1698 1699 /* Copy header. */ 1700 if ((copy = start - offset) > 0) { 1701 if (copy > len) 1702 copy = len; 1703 skb_copy_from_linear_data_offset(skb, offset, to, copy); 1704 if ((len -= copy) == 0) 1705 return 0; 1706 offset += copy; 1707 to += copy; 1708 } 1709 1710 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) { 1711 int end; 1712 skb_frag_t *f = &skb_shinfo(skb)->frags[i]; 1713 1714 WARN_ON(start > offset + len); 1715 1716 end = start + skb_frag_size(f); 1717 if ((copy = end - offset) > 0) { 1718 u8 *vaddr; 1719 1720 if (copy > len) 1721 copy = len; 1722 1723 vaddr = kmap_atomic(skb_frag_page(f)); 1724 memcpy(to, 1725 vaddr + f->page_offset + offset - start, 1726 copy); 1727 kunmap_atomic(vaddr); 1728 1729 if ((len -= copy) == 0) 1730 return 0; 1731 offset += copy; 1732 to += copy; 1733 } 1734 start = end; 1735 } 1736 1737 skb_walk_frags(skb, frag_iter) { 1738 int end; 1739 1740 WARN_ON(start > offset + len); 1741 1742 end = start + frag_iter->len; 1743 if ((copy = end - offset) > 0) { 1744 if (copy > len) 1745 copy = len; 1746 if (skb_copy_bits(frag_iter, offset - start, to, copy)) 1747 goto fault; 1748 if ((len -= copy) == 0) 1749 return 0; 1750 offset += copy; 1751 to += copy; 1752 } 1753 start = end; 1754 } 1755 1756 if (!len) 1757 return 0; 1758 1759 fault: 1760 return -EFAULT; 1761 } 1762 EXPORT_SYMBOL(skb_copy_bits); 1763 1764 /* 1765 * Callback from splice_to_pipe(), if we need to release some pages 1766 * at the end of the spd in case we error'ed out in filling the pipe. 1767 */ 1768 static void sock_spd_release(struct splice_pipe_desc *spd, unsigned int i) 1769 { 1770 put_page(spd->pages[i]); 1771 } 1772 1773 static struct page *linear_to_page(struct page *page, unsigned int *len, 1774 unsigned int *offset, 1775 struct sock *sk) 1776 { 1777 struct page_frag *pfrag = sk_page_frag(sk); 1778 1779 if (!sk_page_frag_refill(sk, pfrag)) 1780 return NULL; 1781 1782 *len = min_t(unsigned int, *len, pfrag->size - pfrag->offset); 1783 1784 memcpy(page_address(pfrag->page) + pfrag->offset, 1785 page_address(page) + *offset, *len); 1786 *offset = pfrag->offset; 1787 pfrag->offset += *len; 1788 1789 return pfrag->page; 1790 } 1791 1792 static bool spd_can_coalesce(const struct splice_pipe_desc *spd, 1793 struct page *page, 1794 unsigned int offset) 1795 { 1796 return spd->nr_pages && 1797 spd->pages[spd->nr_pages - 1] == page && 1798 (spd->partial[spd->nr_pages - 1].offset + 1799 spd->partial[spd->nr_pages - 1].len == offset); 1800 } 1801 1802 /* 1803 * Fill page/offset/length into spd, if it can hold more pages. 1804 */ 1805 static bool spd_fill_page(struct splice_pipe_desc *spd, 1806 struct pipe_inode_info *pipe, struct page *page, 1807 unsigned int *len, unsigned int offset, 1808 bool linear, 1809 struct sock *sk) 1810 { 1811 if (unlikely(spd->nr_pages == MAX_SKB_FRAGS)) 1812 return true; 1813 1814 if (linear) { 1815 page = linear_to_page(page, len, &offset, sk); 1816 if (!page) 1817 return true; 1818 } 1819 if (spd_can_coalesce(spd, page, offset)) { 1820 spd->partial[spd->nr_pages - 1].len += *len; 1821 return false; 1822 } 1823 get_page(page); 1824 spd->pages[spd->nr_pages] = page; 1825 spd->partial[spd->nr_pages].len = *len; 1826 spd->partial[spd->nr_pages].offset = offset; 1827 spd->nr_pages++; 1828 1829 return false; 1830 } 1831 1832 static bool __splice_segment(struct page *page, unsigned int poff, 1833 unsigned int plen, unsigned int *off, 1834 unsigned int *len, 1835 struct splice_pipe_desc *spd, bool linear, 1836 struct sock *sk, 1837 struct pipe_inode_info *pipe) 1838 { 1839 if (!*len) 1840 return true; 1841 1842 /* skip this segment if already processed */ 1843 if (*off >= plen) { 1844 *off -= plen; 1845 return false; 1846 } 1847 1848 /* ignore any bits we already processed */ 1849 poff += *off; 1850 plen -= *off; 1851 *off = 0; 1852 1853 do { 1854 unsigned int flen = min(*len, plen); 1855 1856 if (spd_fill_page(spd, pipe, page, &flen, poff, 1857 linear, sk)) 1858 return true; 1859 poff += flen; 1860 plen -= flen; 1861 *len -= flen; 1862 } while (*len && plen); 1863 1864 return false; 1865 } 1866 1867 /* 1868 * Map linear and fragment data from the skb to spd. It reports true if the 1869 * pipe is full or if we already spliced the requested length. 1870 */ 1871 static bool __skb_splice_bits(struct sk_buff *skb, struct pipe_inode_info *pipe, 1872 unsigned int *offset, unsigned int *len, 1873 struct splice_pipe_desc *spd, struct sock *sk) 1874 { 1875 int seg; 1876 1877 /* map the linear part : 1878 * If skb->head_frag is set, this 'linear' part is backed by a 1879 * fragment, and if the head is not shared with any clones then 1880 * we can avoid a copy since we own the head portion of this page. 1881 */ 1882 if (__splice_segment(virt_to_page(skb->data), 1883 (unsigned long) skb->data & (PAGE_SIZE - 1), 1884 skb_headlen(skb), 1885 offset, len, spd, 1886 skb_head_is_locked(skb), 1887 sk, pipe)) 1888 return true; 1889 1890 /* 1891 * then map the fragments 1892 */ 1893 for (seg = 0; seg < skb_shinfo(skb)->nr_frags; seg++) { 1894 const skb_frag_t *f = &skb_shinfo(skb)->frags[seg]; 1895 1896 if (__splice_segment(skb_frag_page(f), 1897 f->page_offset, skb_frag_size(f), 1898 offset, len, spd, false, sk, pipe)) 1899 return true; 1900 } 1901 1902 return false; 1903 } 1904 1905 /* 1906 * Map data from the skb to a pipe. Should handle both the linear part, 1907 * the fragments, and the frag list. It does NOT handle frag lists within 1908 * the frag list, if such a thing exists. We'd probably need to recurse to 1909 * handle that cleanly. 1910 */ 1911 int skb_splice_bits(struct sk_buff *skb, unsigned int offset, 1912 struct pipe_inode_info *pipe, unsigned int tlen, 1913 unsigned int flags) 1914 { 1915 struct partial_page partial[MAX_SKB_FRAGS]; 1916 struct page *pages[MAX_SKB_FRAGS]; 1917 struct splice_pipe_desc spd = { 1918 .pages = pages, 1919 .partial = partial, 1920 .nr_pages_max = MAX_SKB_FRAGS, 1921 .flags = flags, 1922 .ops = &nosteal_pipe_buf_ops, 1923 .spd_release = sock_spd_release, 1924 }; 1925 struct sk_buff *frag_iter; 1926 struct sock *sk = skb->sk; 1927 int ret = 0; 1928 1929 /* 1930 * __skb_splice_bits() only fails if the output has no room left, 1931 * so no point in going over the frag_list for the error case. 1932 */ 1933 if (__skb_splice_bits(skb, pipe, &offset, &tlen, &spd, sk)) 1934 goto done; 1935 else if (!tlen) 1936 goto done; 1937 1938 /* 1939 * now see if we have a frag_list to map 1940 */ 1941 skb_walk_frags(skb, frag_iter) { 1942 if (!tlen) 1943 break; 1944 if (__skb_splice_bits(frag_iter, pipe, &offset, &tlen, &spd, sk)) 1945 break; 1946 } 1947 1948 done: 1949 if (spd.nr_pages) { 1950 /* 1951 * Drop the socket lock, otherwise we have reverse 1952 * locking dependencies between sk_lock and i_mutex 1953 * here as compared to sendfile(). We enter here 1954 * with the socket lock held, and splice_to_pipe() will 1955 * grab the pipe inode lock. For sendfile() emulation, 1956 * we call into ->sendpage() with the i_mutex lock held 1957 * and networking will grab the socket lock. 1958 */ 1959 release_sock(sk); 1960 ret = splice_to_pipe(pipe, &spd); 1961 lock_sock(sk); 1962 } 1963 1964 return ret; 1965 } 1966 1967 /** 1968 * skb_store_bits - store bits from kernel buffer to skb 1969 * @skb: destination buffer 1970 * @offset: offset in destination 1971 * @from: source buffer 1972 * @len: number of bytes to copy 1973 * 1974 * Copy the specified number of bytes from the source buffer to the 1975 * destination skb. This function handles all the messy bits of 1976 * traversing fragment lists and such. 1977 */ 1978 1979 int skb_store_bits(struct sk_buff *skb, int offset, const void *from, int len) 1980 { 1981 int start = skb_headlen(skb); 1982 struct sk_buff *frag_iter; 1983 int i, copy; 1984 1985 if (offset > (int)skb->len - len) 1986 goto fault; 1987 1988 if ((copy = start - offset) > 0) { 1989 if (copy > len) 1990 copy = len; 1991 skb_copy_to_linear_data_offset(skb, offset, from, copy); 1992 if ((len -= copy) == 0) 1993 return 0; 1994 offset += copy; 1995 from += copy; 1996 } 1997 1998 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) { 1999 skb_frag_t *frag = &skb_shinfo(skb)->frags[i]; 2000 int end; 2001 2002 WARN_ON(start > offset + len); 2003 2004 end = start + skb_frag_size(frag); 2005 if ((copy = end - offset) > 0) { 2006 u8 *vaddr; 2007 2008 if (copy > len) 2009 copy = len; 2010 2011 vaddr = kmap_atomic(skb_frag_page(frag)); 2012 memcpy(vaddr + frag->page_offset + offset - start, 2013 from, copy); 2014 kunmap_atomic(vaddr); 2015 2016 if ((len -= copy) == 0) 2017 return 0; 2018 offset += copy; 2019 from += copy; 2020 } 2021 start = end; 2022 } 2023 2024 skb_walk_frags(skb, frag_iter) { 2025 int end; 2026 2027 WARN_ON(start > offset + len); 2028 2029 end = start + frag_iter->len; 2030 if ((copy = end - offset) > 0) { 2031 if (copy > len) 2032 copy = len; 2033 if (skb_store_bits(frag_iter, offset - start, 2034 from, copy)) 2035 goto fault; 2036 if ((len -= copy) == 0) 2037 return 0; 2038 offset += copy; 2039 from += copy; 2040 } 2041 start = end; 2042 } 2043 if (!len) 2044 return 0; 2045 2046 fault: 2047 return -EFAULT; 2048 } 2049 EXPORT_SYMBOL(skb_store_bits); 2050 2051 /* Checksum skb data. */ 2052 __wsum __skb_checksum(const struct sk_buff *skb, int offset, int len, 2053 __wsum csum, const struct skb_checksum_ops *ops) 2054 { 2055 int start = skb_headlen(skb); 2056 int i, copy = start - offset; 2057 struct sk_buff *frag_iter; 2058 int pos = 0; 2059 2060 /* Checksum header. */ 2061 if (copy > 0) { 2062 if (copy > len) 2063 copy = len; 2064 csum = ops->update(skb->data + offset, copy, csum); 2065 if ((len -= copy) == 0) 2066 return csum; 2067 offset += copy; 2068 pos = copy; 2069 } 2070 2071 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) { 2072 int end; 2073 skb_frag_t *frag = &skb_shinfo(skb)->frags[i]; 2074 2075 WARN_ON(start > offset + len); 2076 2077 end = start + skb_frag_size(frag); 2078 if ((copy = end - offset) > 0) { 2079 __wsum csum2; 2080 u8 *vaddr; 2081 2082 if (copy > len) 2083 copy = len; 2084 vaddr = kmap_atomic(skb_frag_page(frag)); 2085 csum2 = ops->update(vaddr + frag->page_offset + 2086 offset - start, copy, 0); 2087 kunmap_atomic(vaddr); 2088 csum = ops->combine(csum, csum2, pos, copy); 2089 if (!(len -= copy)) 2090 return csum; 2091 offset += copy; 2092 pos += copy; 2093 } 2094 start = end; 2095 } 2096 2097 skb_walk_frags(skb, frag_iter) { 2098 int end; 2099 2100 WARN_ON(start > offset + len); 2101 2102 end = start + frag_iter->len; 2103 if ((copy = end - offset) > 0) { 2104 __wsum csum2; 2105 if (copy > len) 2106 copy = len; 2107 csum2 = __skb_checksum(frag_iter, offset - start, 2108 copy, 0, ops); 2109 csum = ops->combine(csum, csum2, pos, copy); 2110 if ((len -= copy) == 0) 2111 return csum; 2112 offset += copy; 2113 pos += copy; 2114 } 2115 start = end; 2116 } 2117 BUG_ON(len); 2118 2119 return csum; 2120 } 2121 EXPORT_SYMBOL(__skb_checksum); 2122 2123 __wsum skb_checksum(const struct sk_buff *skb, int offset, 2124 int len, __wsum csum) 2125 { 2126 const struct skb_checksum_ops ops = { 2127 .update = csum_partial_ext, 2128 .combine = csum_block_add_ext, 2129 }; 2130 2131 return __skb_checksum(skb, offset, len, csum, &ops); 2132 } 2133 EXPORT_SYMBOL(skb_checksum); 2134 2135 /* Both of above in one bottle. */ 2136 2137 __wsum skb_copy_and_csum_bits(const struct sk_buff *skb, int offset, 2138 u8 *to, int len, __wsum csum) 2139 { 2140 int start = skb_headlen(skb); 2141 int i, copy = start - offset; 2142 struct sk_buff *frag_iter; 2143 int pos = 0; 2144 2145 /* Copy header. */ 2146 if (copy > 0) { 2147 if (copy > len) 2148 copy = len; 2149 csum = csum_partial_copy_nocheck(skb->data + offset, to, 2150 copy, csum); 2151 if ((len -= copy) == 0) 2152 return csum; 2153 offset += copy; 2154 to += copy; 2155 pos = copy; 2156 } 2157 2158 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) { 2159 int end; 2160 2161 WARN_ON(start > offset + len); 2162 2163 end = start + skb_frag_size(&skb_shinfo(skb)->frags[i]); 2164 if ((copy = end - offset) > 0) { 2165 __wsum csum2; 2166 u8 *vaddr; 2167 skb_frag_t *frag = &skb_shinfo(skb)->frags[i]; 2168 2169 if (copy > len) 2170 copy = len; 2171 vaddr = kmap_atomic(skb_frag_page(frag)); 2172 csum2 = csum_partial_copy_nocheck(vaddr + 2173 frag->page_offset + 2174 offset - start, to, 2175 copy, 0); 2176 kunmap_atomic(vaddr); 2177 csum = csum_block_add(csum, csum2, pos); 2178 if (!(len -= copy)) 2179 return csum; 2180 offset += copy; 2181 to += copy; 2182 pos += copy; 2183 } 2184 start = end; 2185 } 2186 2187 skb_walk_frags(skb, frag_iter) { 2188 __wsum csum2; 2189 int end; 2190 2191 WARN_ON(start > offset + len); 2192 2193 end = start + frag_iter->len; 2194 if ((copy = end - offset) > 0) { 2195 if (copy > len) 2196 copy = len; 2197 csum2 = skb_copy_and_csum_bits(frag_iter, 2198 offset - start, 2199 to, copy, 0); 2200 csum = csum_block_add(csum, csum2, pos); 2201 if ((len -= copy) == 0) 2202 return csum; 2203 offset += copy; 2204 to += copy; 2205 pos += copy; 2206 } 2207 start = end; 2208 } 2209 BUG_ON(len); 2210 return csum; 2211 } 2212 EXPORT_SYMBOL(skb_copy_and_csum_bits); 2213 2214 /** 2215 * skb_zerocopy_headlen - Calculate headroom needed for skb_zerocopy() 2216 * @from: source buffer 2217 * 2218 * Calculates the amount of linear headroom needed in the 'to' skb passed 2219 * into skb_zerocopy(). 2220 */ 2221 unsigned int 2222 skb_zerocopy_headlen(const struct sk_buff *from) 2223 { 2224 unsigned int hlen = 0; 2225 2226 if (!from->head_frag || 2227 skb_headlen(from) < L1_CACHE_BYTES || 2228 skb_shinfo(from)->nr_frags >= MAX_SKB_FRAGS) 2229 hlen = skb_headlen(from); 2230 2231 if (skb_has_frag_list(from)) 2232 hlen = from->len; 2233 2234 return hlen; 2235 } 2236 EXPORT_SYMBOL_GPL(skb_zerocopy_headlen); 2237 2238 /** 2239 * skb_zerocopy - Zero copy skb to skb 2240 * @to: destination buffer 2241 * @from: source buffer 2242 * @len: number of bytes to copy from source buffer 2243 * @hlen: size of linear headroom in destination buffer 2244 * 2245 * Copies up to `len` bytes from `from` to `to` by creating references 2246 * to the frags in the source buffer. 2247 * 2248 * The `hlen` as calculated by skb_zerocopy_headlen() specifies the 2249 * headroom in the `to` buffer. 2250 * 2251 * Return value: 2252 * 0: everything is OK 2253 * -ENOMEM: couldn't orphan frags of @from due to lack of memory 2254 * -EFAULT: skb_copy_bits() found some problem with skb geometry 2255 */ 2256 int 2257 skb_zerocopy(struct sk_buff *to, struct sk_buff *from, int len, int hlen) 2258 { 2259 int i, j = 0; 2260 int plen = 0; /* length of skb->head fragment */ 2261 int ret; 2262 struct page *page; 2263 unsigned int offset; 2264 2265 BUG_ON(!from->head_frag && !hlen); 2266 2267 /* dont bother with small payloads */ 2268 if (len <= skb_tailroom(to)) 2269 return skb_copy_bits(from, 0, skb_put(to, len), len); 2270 2271 if (hlen) { 2272 ret = skb_copy_bits(from, 0, skb_put(to, hlen), hlen); 2273 if (unlikely(ret)) 2274 return ret; 2275 len -= hlen; 2276 } else { 2277 plen = min_t(int, skb_headlen(from), len); 2278 if (plen) { 2279 page = virt_to_head_page(from->head); 2280 offset = from->data - (unsigned char *)page_address(page); 2281 __skb_fill_page_desc(to, 0, page, offset, plen); 2282 get_page(page); 2283 j = 1; 2284 len -= plen; 2285 } 2286 } 2287 2288 to->truesize += len + plen; 2289 to->len += len + plen; 2290 to->data_len += len + plen; 2291 2292 if (unlikely(skb_orphan_frags(from, GFP_ATOMIC))) { 2293 skb_tx_error(from); 2294 return -ENOMEM; 2295 } 2296 2297 for (i = 0; i < skb_shinfo(from)->nr_frags; i++) { 2298 if (!len) 2299 break; 2300 skb_shinfo(to)->frags[j] = skb_shinfo(from)->frags[i]; 2301 skb_shinfo(to)->frags[j].size = min_t(int, skb_shinfo(to)->frags[j].size, len); 2302 len -= skb_shinfo(to)->frags[j].size; 2303 skb_frag_ref(to, j); 2304 j++; 2305 } 2306 skb_shinfo(to)->nr_frags = j; 2307 2308 return 0; 2309 } 2310 EXPORT_SYMBOL_GPL(skb_zerocopy); 2311 2312 void skb_copy_and_csum_dev(const struct sk_buff *skb, u8 *to) 2313 { 2314 __wsum csum; 2315 long csstart; 2316 2317 if (skb->ip_summed == CHECKSUM_PARTIAL) 2318 csstart = skb_checksum_start_offset(skb); 2319 else 2320 csstart = skb_headlen(skb); 2321 2322 BUG_ON(csstart > skb_headlen(skb)); 2323 2324 skb_copy_from_linear_data(skb, to, csstart); 2325 2326 csum = 0; 2327 if (csstart != skb->len) 2328 csum = skb_copy_and_csum_bits(skb, csstart, to + csstart, 2329 skb->len - csstart, 0); 2330 2331 if (skb->ip_summed == CHECKSUM_PARTIAL) { 2332 long csstuff = csstart + skb->csum_offset; 2333 2334 *((__sum16 *)(to + csstuff)) = csum_fold(csum); 2335 } 2336 } 2337 EXPORT_SYMBOL(skb_copy_and_csum_dev); 2338 2339 /** 2340 * skb_dequeue - remove from the head of the queue 2341 * @list: list to dequeue from 2342 * 2343 * Remove the head of the list. The list lock is taken so the function 2344 * may be used safely with other locking list functions. The head item is 2345 * returned or %NULL if the list is empty. 2346 */ 2347 2348 struct sk_buff *skb_dequeue(struct sk_buff_head *list) 2349 { 2350 unsigned long flags; 2351 struct sk_buff *result; 2352 2353 spin_lock_irqsave(&list->lock, flags); 2354 result = __skb_dequeue(list); 2355 spin_unlock_irqrestore(&list->lock, flags); 2356 return result; 2357 } 2358 EXPORT_SYMBOL(skb_dequeue); 2359 2360 /** 2361 * skb_dequeue_tail - remove from the tail of the queue 2362 * @list: list to dequeue from 2363 * 2364 * Remove the tail of the list. The list lock is taken so the function 2365 * may be used safely with other locking list functions. The tail item is 2366 * returned or %NULL if the list is empty. 2367 */ 2368 struct sk_buff *skb_dequeue_tail(struct sk_buff_head *list) 2369 { 2370 unsigned long flags; 2371 struct sk_buff *result; 2372 2373 spin_lock_irqsave(&list->lock, flags); 2374 result = __skb_dequeue_tail(list); 2375 spin_unlock_irqrestore(&list->lock, flags); 2376 return result; 2377 } 2378 EXPORT_SYMBOL(skb_dequeue_tail); 2379 2380 /** 2381 * skb_queue_purge - empty a list 2382 * @list: list to empty 2383 * 2384 * Delete all buffers on an &sk_buff list. Each buffer is removed from 2385 * the list and one reference dropped. This function takes the list 2386 * lock and is atomic with respect to other list locking functions. 2387 */ 2388 void skb_queue_purge(struct sk_buff_head *list) 2389 { 2390 struct sk_buff *skb; 2391 while ((skb = skb_dequeue(list)) != NULL) 2392 kfree_skb(skb); 2393 } 2394 EXPORT_SYMBOL(skb_queue_purge); 2395 2396 /** 2397 * skb_queue_head - queue a buffer at the list head 2398 * @list: list to use 2399 * @newsk: buffer to queue 2400 * 2401 * Queue a buffer at the start of the list. This function takes the 2402 * list lock and can be used safely with other locking &sk_buff functions 2403 * safely. 2404 * 2405 * A buffer cannot be placed on two lists at the same time. 2406 */ 2407 void skb_queue_head(struct sk_buff_head *list, struct sk_buff *newsk) 2408 { 2409 unsigned long flags; 2410 2411 spin_lock_irqsave(&list->lock, flags); 2412 __skb_queue_head(list, newsk); 2413 spin_unlock_irqrestore(&list->lock, flags); 2414 } 2415 EXPORT_SYMBOL(skb_queue_head); 2416 2417 /** 2418 * skb_queue_tail - queue a buffer at the list tail 2419 * @list: list to use 2420 * @newsk: buffer to queue 2421 * 2422 * Queue a buffer at the tail of the list. This function takes the 2423 * list lock and can be used safely with other locking &sk_buff functions 2424 * safely. 2425 * 2426 * A buffer cannot be placed on two lists at the same time. 2427 */ 2428 void skb_queue_tail(struct sk_buff_head *list, struct sk_buff *newsk) 2429 { 2430 unsigned long flags; 2431 2432 spin_lock_irqsave(&list->lock, flags); 2433 __skb_queue_tail(list, newsk); 2434 spin_unlock_irqrestore(&list->lock, flags); 2435 } 2436 EXPORT_SYMBOL(skb_queue_tail); 2437 2438 /** 2439 * skb_unlink - remove a buffer from a list 2440 * @skb: buffer to remove 2441 * @list: list to use 2442 * 2443 * Remove a packet from a list. The list locks are taken and this 2444 * function is atomic with respect to other list locked calls 2445 * 2446 * You must know what list the SKB is on. 2447 */ 2448 void skb_unlink(struct sk_buff *skb, struct sk_buff_head *list) 2449 { 2450 unsigned long flags; 2451 2452 spin_lock_irqsave(&list->lock, flags); 2453 __skb_unlink(skb, list); 2454 spin_unlock_irqrestore(&list->lock, flags); 2455 } 2456 EXPORT_SYMBOL(skb_unlink); 2457 2458 /** 2459 * skb_append - append a buffer 2460 * @old: buffer to insert after 2461 * @newsk: buffer to insert 2462 * @list: list to use 2463 * 2464 * Place a packet after a given packet in a list. The list locks are taken 2465 * and this function is atomic with respect to other list locked calls. 2466 * A buffer cannot be placed on two lists at the same time. 2467 */ 2468 void skb_append(struct sk_buff *old, struct sk_buff *newsk, struct sk_buff_head *list) 2469 { 2470 unsigned long flags; 2471 2472 spin_lock_irqsave(&list->lock, flags); 2473 __skb_queue_after(list, old, newsk); 2474 spin_unlock_irqrestore(&list->lock, flags); 2475 } 2476 EXPORT_SYMBOL(skb_append); 2477 2478 /** 2479 * skb_insert - insert a buffer 2480 * @old: buffer to insert before 2481 * @newsk: buffer to insert 2482 * @list: list to use 2483 * 2484 * Place a packet before a given packet in a list. The list locks are 2485 * taken and this function is atomic with respect to other list locked 2486 * calls. 2487 * 2488 * A buffer cannot be placed on two lists at the same time. 2489 */ 2490 void skb_insert(struct sk_buff *old, struct sk_buff *newsk, struct sk_buff_head *list) 2491 { 2492 unsigned long flags; 2493 2494 spin_lock_irqsave(&list->lock, flags); 2495 __skb_insert(newsk, old->prev, old, list); 2496 spin_unlock_irqrestore(&list->lock, flags); 2497 } 2498 EXPORT_SYMBOL(skb_insert); 2499 2500 static inline void skb_split_inside_header(struct sk_buff *skb, 2501 struct sk_buff* skb1, 2502 const u32 len, const int pos) 2503 { 2504 int i; 2505 2506 skb_copy_from_linear_data_offset(skb, len, skb_put(skb1, pos - len), 2507 pos - len); 2508 /* And move data appendix as is. */ 2509 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) 2510 skb_shinfo(skb1)->frags[i] = skb_shinfo(skb)->frags[i]; 2511 2512 skb_shinfo(skb1)->nr_frags = skb_shinfo(skb)->nr_frags; 2513 skb_shinfo(skb)->nr_frags = 0; 2514 skb1->data_len = skb->data_len; 2515 skb1->len += skb1->data_len; 2516 skb->data_len = 0; 2517 skb->len = len; 2518 skb_set_tail_pointer(skb, len); 2519 } 2520 2521 static inline void skb_split_no_header(struct sk_buff *skb, 2522 struct sk_buff* skb1, 2523 const u32 len, int pos) 2524 { 2525 int i, k = 0; 2526 const int nfrags = skb_shinfo(skb)->nr_frags; 2527 2528 skb_shinfo(skb)->nr_frags = 0; 2529 skb1->len = skb1->data_len = skb->len - len; 2530 skb->len = len; 2531 skb->data_len = len - pos; 2532 2533 for (i = 0; i < nfrags; i++) { 2534 int size = skb_frag_size(&skb_shinfo(skb)->frags[i]); 2535 2536 if (pos + size > len) { 2537 skb_shinfo(skb1)->frags[k] = skb_shinfo(skb)->frags[i]; 2538 2539 if (pos < len) { 2540 /* Split frag. 2541 * We have two variants in this case: 2542 * 1. Move all the frag to the second 2543 * part, if it is possible. F.e. 2544 * this approach is mandatory for TUX, 2545 * where splitting is expensive. 2546 * 2. Split is accurately. We make this. 2547 */ 2548 skb_frag_ref(skb, i); 2549 skb_shinfo(skb1)->frags[0].page_offset += len - pos; 2550 skb_frag_size_sub(&skb_shinfo(skb1)->frags[0], len - pos); 2551 skb_frag_size_set(&skb_shinfo(skb)->frags[i], len - pos); 2552 skb_shinfo(skb)->nr_frags++; 2553 } 2554 k++; 2555 } else 2556 skb_shinfo(skb)->nr_frags++; 2557 pos += size; 2558 } 2559 skb_shinfo(skb1)->nr_frags = k; 2560 } 2561 2562 /** 2563 * skb_split - Split fragmented skb to two parts at length len. 2564 * @skb: the buffer to split 2565 * @skb1: the buffer to receive the second part 2566 * @len: new length for skb 2567 */ 2568 void skb_split(struct sk_buff *skb, struct sk_buff *skb1, const u32 len) 2569 { 2570 int pos = skb_headlen(skb); 2571 2572 skb_shinfo(skb1)->tx_flags = skb_shinfo(skb)->tx_flags & SKBTX_SHARED_FRAG; 2573 if (len < pos) /* Split line is inside header. */ 2574 skb_split_inside_header(skb, skb1, len, pos); 2575 else /* Second chunk has no header, nothing to copy. */ 2576 skb_split_no_header(skb, skb1, len, pos); 2577 } 2578 EXPORT_SYMBOL(skb_split); 2579 2580 /* Shifting from/to a cloned skb is a no-go. 2581 * 2582 * Caller cannot keep skb_shinfo related pointers past calling here! 2583 */ 2584 static int skb_prepare_for_shift(struct sk_buff *skb) 2585 { 2586 return skb_cloned(skb) && pskb_expand_head(skb, 0, 0, GFP_ATOMIC); 2587 } 2588 2589 /** 2590 * skb_shift - Shifts paged data partially from skb to another 2591 * @tgt: buffer into which tail data gets added 2592 * @skb: buffer from which the paged data comes from 2593 * @shiftlen: shift up to this many bytes 2594 * 2595 * Attempts to shift up to shiftlen worth of bytes, which may be less than 2596 * the length of the skb, from skb to tgt. Returns number bytes shifted. 2597 * It's up to caller to free skb if everything was shifted. 2598 * 2599 * If @tgt runs out of frags, the whole operation is aborted. 2600 * 2601 * Skb cannot include anything else but paged data while tgt is allowed 2602 * to have non-paged data as well. 2603 * 2604 * TODO: full sized shift could be optimized but that would need 2605 * specialized skb free'er to handle frags without up-to-date nr_frags. 2606 */ 2607 int skb_shift(struct sk_buff *tgt, struct sk_buff *skb, int shiftlen) 2608 { 2609 int from, to, merge, todo; 2610 struct skb_frag_struct *fragfrom, *fragto; 2611 2612 BUG_ON(shiftlen > skb->len); 2613 BUG_ON(skb_headlen(skb)); /* Would corrupt stream */ 2614 2615 todo = shiftlen; 2616 from = 0; 2617 to = skb_shinfo(tgt)->nr_frags; 2618 fragfrom = &skb_shinfo(skb)->frags[from]; 2619 2620 /* Actual merge is delayed until the point when we know we can 2621 * commit all, so that we don't have to undo partial changes 2622 */ 2623 if (!to || 2624 !skb_can_coalesce(tgt, to, skb_frag_page(fragfrom), 2625 fragfrom->page_offset)) { 2626 merge = -1; 2627 } else { 2628 merge = to - 1; 2629 2630 todo -= skb_frag_size(fragfrom); 2631 if (todo < 0) { 2632 if (skb_prepare_for_shift(skb) || 2633 skb_prepare_for_shift(tgt)) 2634 return 0; 2635 2636 /* All previous frag pointers might be stale! */ 2637 fragfrom = &skb_shinfo(skb)->frags[from]; 2638 fragto = &skb_shinfo(tgt)->frags[merge]; 2639 2640 skb_frag_size_add(fragto, shiftlen); 2641 skb_frag_size_sub(fragfrom, shiftlen); 2642 fragfrom->page_offset += shiftlen; 2643 2644 goto onlymerged; 2645 } 2646 2647 from++; 2648 } 2649 2650 /* Skip full, not-fitting skb to avoid expensive operations */ 2651 if ((shiftlen == skb->len) && 2652 (skb_shinfo(skb)->nr_frags - from) > (MAX_SKB_FRAGS - to)) 2653 return 0; 2654 2655 if (skb_prepare_for_shift(skb) || skb_prepare_for_shift(tgt)) 2656 return 0; 2657 2658 while ((todo > 0) && (from < skb_shinfo(skb)->nr_frags)) { 2659 if (to == MAX_SKB_FRAGS) 2660 return 0; 2661 2662 fragfrom = &skb_shinfo(skb)->frags[from]; 2663 fragto = &skb_shinfo(tgt)->frags[to]; 2664 2665 if (todo >= skb_frag_size(fragfrom)) { 2666 *fragto = *fragfrom; 2667 todo -= skb_frag_size(fragfrom); 2668 from++; 2669 to++; 2670 2671 } else { 2672 __skb_frag_ref(fragfrom); 2673 fragto->page = fragfrom->page; 2674 fragto->page_offset = fragfrom->page_offset; 2675 skb_frag_size_set(fragto, todo); 2676 2677 fragfrom->page_offset += todo; 2678 skb_frag_size_sub(fragfrom, todo); 2679 todo = 0; 2680 2681 to++; 2682 break; 2683 } 2684 } 2685 2686 /* Ready to "commit" this state change to tgt */ 2687 skb_shinfo(tgt)->nr_frags = to; 2688 2689 if (merge >= 0) { 2690 fragfrom = &skb_shinfo(skb)->frags[0]; 2691 fragto = &skb_shinfo(tgt)->frags[merge]; 2692 2693 skb_frag_size_add(fragto, skb_frag_size(fragfrom)); 2694 __skb_frag_unref(fragfrom); 2695 } 2696 2697 /* Reposition in the original skb */ 2698 to = 0; 2699 while (from < skb_shinfo(skb)->nr_frags) 2700 skb_shinfo(skb)->frags[to++] = skb_shinfo(skb)->frags[from++]; 2701 skb_shinfo(skb)->nr_frags = to; 2702 2703 BUG_ON(todo > 0 && !skb_shinfo(skb)->nr_frags); 2704 2705 onlymerged: 2706 /* Most likely the tgt won't ever need its checksum anymore, skb on 2707 * the other hand might need it if it needs to be resent 2708 */ 2709 tgt->ip_summed = CHECKSUM_PARTIAL; 2710 skb->ip_summed = CHECKSUM_PARTIAL; 2711 2712 /* Yak, is it really working this way? Some helper please? */ 2713 skb->len -= shiftlen; 2714 skb->data_len -= shiftlen; 2715 skb->truesize -= shiftlen; 2716 tgt->len += shiftlen; 2717 tgt->data_len += shiftlen; 2718 tgt->truesize += shiftlen; 2719 2720 return shiftlen; 2721 } 2722 2723 /** 2724 * skb_prepare_seq_read - Prepare a sequential read of skb data 2725 * @skb: the buffer to read 2726 * @from: lower offset of data to be read 2727 * @to: upper offset of data to be read 2728 * @st: state variable 2729 * 2730 * Initializes the specified state variable. Must be called before 2731 * invoking skb_seq_read() for the first time. 2732 */ 2733 void skb_prepare_seq_read(struct sk_buff *skb, unsigned int from, 2734 unsigned int to, struct skb_seq_state *st) 2735 { 2736 st->lower_offset = from; 2737 st->upper_offset = to; 2738 st->root_skb = st->cur_skb = skb; 2739 st->frag_idx = st->stepped_offset = 0; 2740 st->frag_data = NULL; 2741 } 2742 EXPORT_SYMBOL(skb_prepare_seq_read); 2743 2744 /** 2745 * skb_seq_read - Sequentially read skb data 2746 * @consumed: number of bytes consumed by the caller so far 2747 * @data: destination pointer for data to be returned 2748 * @st: state variable 2749 * 2750 * Reads a block of skb data at @consumed relative to the 2751 * lower offset specified to skb_prepare_seq_read(). Assigns 2752 * the head of the data block to @data and returns the length 2753 * of the block or 0 if the end of the skb data or the upper 2754 * offset has been reached. 2755 * 2756 * The caller is not required to consume all of the data 2757 * returned, i.e. @consumed is typically set to the number 2758 * of bytes already consumed and the next call to 2759 * skb_seq_read() will return the remaining part of the block. 2760 * 2761 * Note 1: The size of each block of data returned can be arbitrary, 2762 * this limitation is the cost for zerocopy sequential 2763 * reads of potentially non linear data. 2764 * 2765 * Note 2: Fragment lists within fragments are not implemented 2766 * at the moment, state->root_skb could be replaced with 2767 * a stack for this purpose. 2768 */ 2769 unsigned int skb_seq_read(unsigned int consumed, const u8 **data, 2770 struct skb_seq_state *st) 2771 { 2772 unsigned int block_limit, abs_offset = consumed + st->lower_offset; 2773 skb_frag_t *frag; 2774 2775 if (unlikely(abs_offset >= st->upper_offset)) { 2776 if (st->frag_data) { 2777 kunmap_atomic(st->frag_data); 2778 st->frag_data = NULL; 2779 } 2780 return 0; 2781 } 2782 2783 next_skb: 2784 block_limit = skb_headlen(st->cur_skb) + st->stepped_offset; 2785 2786 if (abs_offset < block_limit && !st->frag_data) { 2787 *data = st->cur_skb->data + (abs_offset - st->stepped_offset); 2788 return block_limit - abs_offset; 2789 } 2790 2791 if (st->frag_idx == 0 && !st->frag_data) 2792 st->stepped_offset += skb_headlen(st->cur_skb); 2793 2794 while (st->frag_idx < skb_shinfo(st->cur_skb)->nr_frags) { 2795 frag = &skb_shinfo(st->cur_skb)->frags[st->frag_idx]; 2796 block_limit = skb_frag_size(frag) + st->stepped_offset; 2797 2798 if (abs_offset < block_limit) { 2799 if (!st->frag_data) 2800 st->frag_data = kmap_atomic(skb_frag_page(frag)); 2801 2802 *data = (u8 *) st->frag_data + frag->page_offset + 2803 (abs_offset - st->stepped_offset); 2804 2805 return block_limit - abs_offset; 2806 } 2807 2808 if (st->frag_data) { 2809 kunmap_atomic(st->frag_data); 2810 st->frag_data = NULL; 2811 } 2812 2813 st->frag_idx++; 2814 st->stepped_offset += skb_frag_size(frag); 2815 } 2816 2817 if (st->frag_data) { 2818 kunmap_atomic(st->frag_data); 2819 st->frag_data = NULL; 2820 } 2821 2822 if (st->root_skb == st->cur_skb && skb_has_frag_list(st->root_skb)) { 2823 st->cur_skb = skb_shinfo(st->root_skb)->frag_list; 2824 st->frag_idx = 0; 2825 goto next_skb; 2826 } else if (st->cur_skb->next) { 2827 st->cur_skb = st->cur_skb->next; 2828 st->frag_idx = 0; 2829 goto next_skb; 2830 } 2831 2832 return 0; 2833 } 2834 EXPORT_SYMBOL(skb_seq_read); 2835 2836 /** 2837 * skb_abort_seq_read - Abort a sequential read of skb data 2838 * @st: state variable 2839 * 2840 * Must be called if skb_seq_read() was not called until it 2841 * returned 0. 2842 */ 2843 void skb_abort_seq_read(struct skb_seq_state *st) 2844 { 2845 if (st->frag_data) 2846 kunmap_atomic(st->frag_data); 2847 } 2848 EXPORT_SYMBOL(skb_abort_seq_read); 2849 2850 #define TS_SKB_CB(state) ((struct skb_seq_state *) &((state)->cb)) 2851 2852 static unsigned int skb_ts_get_next_block(unsigned int offset, const u8 **text, 2853 struct ts_config *conf, 2854 struct ts_state *state) 2855 { 2856 return skb_seq_read(offset, text, TS_SKB_CB(state)); 2857 } 2858 2859 static void skb_ts_finish(struct ts_config *conf, struct ts_state *state) 2860 { 2861 skb_abort_seq_read(TS_SKB_CB(state)); 2862 } 2863 2864 /** 2865 * skb_find_text - Find a text pattern in skb data 2866 * @skb: the buffer to look in 2867 * @from: search offset 2868 * @to: search limit 2869 * @config: textsearch configuration 2870 * @state: uninitialized textsearch state variable 2871 * 2872 * Finds a pattern in the skb data according to the specified 2873 * textsearch configuration. Use textsearch_next() to retrieve 2874 * subsequent occurrences of the pattern. Returns the offset 2875 * to the first occurrence or UINT_MAX if no match was found. 2876 */ 2877 unsigned int skb_find_text(struct sk_buff *skb, unsigned int from, 2878 unsigned int to, struct ts_config *config, 2879 struct ts_state *state) 2880 { 2881 unsigned int ret; 2882 2883 config->get_next_block = skb_ts_get_next_block; 2884 config->finish = skb_ts_finish; 2885 2886 skb_prepare_seq_read(skb, from, to, TS_SKB_CB(state)); 2887 2888 ret = textsearch_find(config, state); 2889 return (ret <= to - from ? ret : UINT_MAX); 2890 } 2891 EXPORT_SYMBOL(skb_find_text); 2892 2893 /** 2894 * skb_append_datato_frags - append the user data to a skb 2895 * @sk: sock structure 2896 * @skb: skb structure to be appended with user data. 2897 * @getfrag: call back function to be used for getting the user data 2898 * @from: pointer to user message iov 2899 * @length: length of the iov message 2900 * 2901 * Description: This procedure append the user data in the fragment part 2902 * of the skb if any page alloc fails user this procedure returns -ENOMEM 2903 */ 2904 int skb_append_datato_frags(struct sock *sk, struct sk_buff *skb, 2905 int (*getfrag)(void *from, char *to, int offset, 2906 int len, int odd, struct sk_buff *skb), 2907 void *from, int length) 2908 { 2909 int frg_cnt = skb_shinfo(skb)->nr_frags; 2910 int copy; 2911 int offset = 0; 2912 int ret; 2913 struct page_frag *pfrag = ¤t->task_frag; 2914 2915 do { 2916 /* Return error if we don't have space for new frag */ 2917 if (frg_cnt >= MAX_SKB_FRAGS) 2918 return -EMSGSIZE; 2919 2920 if (!sk_page_frag_refill(sk, pfrag)) 2921 return -ENOMEM; 2922 2923 /* copy the user data to page */ 2924 copy = min_t(int, length, pfrag->size - pfrag->offset); 2925 2926 ret = getfrag(from, page_address(pfrag->page) + pfrag->offset, 2927 offset, copy, 0, skb); 2928 if (ret < 0) 2929 return -EFAULT; 2930 2931 /* copy was successful so update the size parameters */ 2932 skb_fill_page_desc(skb, frg_cnt, pfrag->page, pfrag->offset, 2933 copy); 2934 frg_cnt++; 2935 pfrag->offset += copy; 2936 get_page(pfrag->page); 2937 2938 skb->truesize += copy; 2939 atomic_add(copy, &sk->sk_wmem_alloc); 2940 skb->len += copy; 2941 skb->data_len += copy; 2942 offset += copy; 2943 length -= copy; 2944 2945 } while (length > 0); 2946 2947 return 0; 2948 } 2949 EXPORT_SYMBOL(skb_append_datato_frags); 2950 2951 /** 2952 * skb_pull_rcsum - pull skb and update receive checksum 2953 * @skb: buffer to update 2954 * @len: length of data pulled 2955 * 2956 * This function performs an skb_pull on the packet and updates 2957 * the CHECKSUM_COMPLETE checksum. It should be used on 2958 * receive path processing instead of skb_pull unless you know 2959 * that the checksum difference is zero (e.g., a valid IP header) 2960 * or you are setting ip_summed to CHECKSUM_NONE. 2961 */ 2962 unsigned char *skb_pull_rcsum(struct sk_buff *skb, unsigned int len) 2963 { 2964 BUG_ON(len > skb->len); 2965 skb->len -= len; 2966 BUG_ON(skb->len < skb->data_len); 2967 skb_postpull_rcsum(skb, skb->data, len); 2968 return skb->data += len; 2969 } 2970 EXPORT_SYMBOL_GPL(skb_pull_rcsum); 2971 2972 /** 2973 * skb_segment - Perform protocol segmentation on skb. 2974 * @head_skb: buffer to segment 2975 * @features: features for the output path (see dev->features) 2976 * 2977 * This function performs segmentation on the given skb. It returns 2978 * a pointer to the first in a list of new skbs for the segments. 2979 * In case of error it returns ERR_PTR(err). 2980 */ 2981 struct sk_buff *skb_segment(struct sk_buff *head_skb, 2982 netdev_features_t features) 2983 { 2984 struct sk_buff *segs = NULL; 2985 struct sk_buff *tail = NULL; 2986 struct sk_buff *list_skb = skb_shinfo(head_skb)->frag_list; 2987 skb_frag_t *frag = skb_shinfo(head_skb)->frags; 2988 unsigned int mss = skb_shinfo(head_skb)->gso_size; 2989 unsigned int doffset = head_skb->data - skb_mac_header(head_skb); 2990 struct sk_buff *frag_skb = head_skb; 2991 unsigned int offset = doffset; 2992 unsigned int tnl_hlen = skb_tnl_header_len(head_skb); 2993 unsigned int headroom; 2994 unsigned int len; 2995 __be16 proto; 2996 bool csum; 2997 int sg = !!(features & NETIF_F_SG); 2998 int nfrags = skb_shinfo(head_skb)->nr_frags; 2999 int err = -ENOMEM; 3000 int i = 0; 3001 int pos; 3002 int dummy; 3003 3004 __skb_push(head_skb, doffset); 3005 proto = skb_network_protocol(head_skb, &dummy); 3006 if (unlikely(!proto)) 3007 return ERR_PTR(-EINVAL); 3008 3009 csum = !head_skb->encap_hdr_csum && 3010 !!can_checksum_protocol(features, proto); 3011 3012 headroom = skb_headroom(head_skb); 3013 pos = skb_headlen(head_skb); 3014 3015 do { 3016 struct sk_buff *nskb; 3017 skb_frag_t *nskb_frag; 3018 int hsize; 3019 int size; 3020 3021 len = head_skb->len - offset; 3022 if (len > mss) 3023 len = mss; 3024 3025 hsize = skb_headlen(head_skb) - offset; 3026 if (hsize < 0) 3027 hsize = 0; 3028 if (hsize > len || !sg) 3029 hsize = len; 3030 3031 if (!hsize && i >= nfrags && skb_headlen(list_skb) && 3032 (skb_headlen(list_skb) == len || sg)) { 3033 BUG_ON(skb_headlen(list_skb) > len); 3034 3035 i = 0; 3036 nfrags = skb_shinfo(list_skb)->nr_frags; 3037 frag = skb_shinfo(list_skb)->frags; 3038 frag_skb = list_skb; 3039 pos += skb_headlen(list_skb); 3040 3041 while (pos < offset + len) { 3042 BUG_ON(i >= nfrags); 3043 3044 size = skb_frag_size(frag); 3045 if (pos + size > offset + len) 3046 break; 3047 3048 i++; 3049 pos += size; 3050 frag++; 3051 } 3052 3053 nskb = skb_clone(list_skb, GFP_ATOMIC); 3054 list_skb = list_skb->next; 3055 3056 if (unlikely(!nskb)) 3057 goto err; 3058 3059 if (unlikely(pskb_trim(nskb, len))) { 3060 kfree_skb(nskb); 3061 goto err; 3062 } 3063 3064 hsize = skb_end_offset(nskb); 3065 if (skb_cow_head(nskb, doffset + headroom)) { 3066 kfree_skb(nskb); 3067 goto err; 3068 } 3069 3070 nskb->truesize += skb_end_offset(nskb) - hsize; 3071 skb_release_head_state(nskb); 3072 __skb_push(nskb, doffset); 3073 } else { 3074 nskb = __alloc_skb(hsize + doffset + headroom, 3075 GFP_ATOMIC, skb_alloc_rx_flag(head_skb), 3076 NUMA_NO_NODE); 3077 3078 if (unlikely(!nskb)) 3079 goto err; 3080 3081 skb_reserve(nskb, headroom); 3082 __skb_put(nskb, doffset); 3083 } 3084 3085 if (segs) 3086 tail->next = nskb; 3087 else 3088 segs = nskb; 3089 tail = nskb; 3090 3091 __copy_skb_header(nskb, head_skb); 3092 3093 skb_headers_offset_update(nskb, skb_headroom(nskb) - headroom); 3094 skb_reset_mac_len(nskb); 3095 3096 skb_copy_from_linear_data_offset(head_skb, -tnl_hlen, 3097 nskb->data - tnl_hlen, 3098 doffset + tnl_hlen); 3099 3100 if (nskb->len == len + doffset) 3101 goto perform_csum_check; 3102 3103 if (!sg && !nskb->remcsum_offload) { 3104 nskb->ip_summed = CHECKSUM_NONE; 3105 nskb->csum = skb_copy_and_csum_bits(head_skb, offset, 3106 skb_put(nskb, len), 3107 len, 0); 3108 SKB_GSO_CB(nskb)->csum_start = 3109 skb_headroom(nskb) + doffset; 3110 continue; 3111 } 3112 3113 nskb_frag = skb_shinfo(nskb)->frags; 3114 3115 skb_copy_from_linear_data_offset(head_skb, offset, 3116 skb_put(nskb, hsize), hsize); 3117 3118 skb_shinfo(nskb)->tx_flags = skb_shinfo(head_skb)->tx_flags & 3119 SKBTX_SHARED_FRAG; 3120 3121 while (pos < offset + len) { 3122 if (i >= nfrags) { 3123 BUG_ON(skb_headlen(list_skb)); 3124 3125 i = 0; 3126 nfrags = skb_shinfo(list_skb)->nr_frags; 3127 frag = skb_shinfo(list_skb)->frags; 3128 frag_skb = list_skb; 3129 3130 BUG_ON(!nfrags); 3131 3132 list_skb = list_skb->next; 3133 } 3134 3135 if (unlikely(skb_shinfo(nskb)->nr_frags >= 3136 MAX_SKB_FRAGS)) { 3137 net_warn_ratelimited( 3138 "skb_segment: too many frags: %u %u\n", 3139 pos, mss); 3140 goto err; 3141 } 3142 3143 if (unlikely(skb_orphan_frags(frag_skb, GFP_ATOMIC))) 3144 goto err; 3145 3146 *nskb_frag = *frag; 3147 __skb_frag_ref(nskb_frag); 3148 size = skb_frag_size(nskb_frag); 3149 3150 if (pos < offset) { 3151 nskb_frag->page_offset += offset - pos; 3152 skb_frag_size_sub(nskb_frag, offset - pos); 3153 } 3154 3155 skb_shinfo(nskb)->nr_frags++; 3156 3157 if (pos + size <= offset + len) { 3158 i++; 3159 frag++; 3160 pos += size; 3161 } else { 3162 skb_frag_size_sub(nskb_frag, pos + size - (offset + len)); 3163 goto skip_fraglist; 3164 } 3165 3166 nskb_frag++; 3167 } 3168 3169 skip_fraglist: 3170 nskb->data_len = len - hsize; 3171 nskb->len += nskb->data_len; 3172 nskb->truesize += nskb->data_len; 3173 3174 perform_csum_check: 3175 if (!csum && !nskb->remcsum_offload) { 3176 nskb->csum = skb_checksum(nskb, doffset, 3177 nskb->len - doffset, 0); 3178 nskb->ip_summed = CHECKSUM_NONE; 3179 SKB_GSO_CB(nskb)->csum_start = 3180 skb_headroom(nskb) + doffset; 3181 } 3182 } while ((offset += len) < head_skb->len); 3183 3184 /* Some callers want to get the end of the list. 3185 * Put it in segs->prev to avoid walking the list. 3186 * (see validate_xmit_skb_list() for example) 3187 */ 3188 segs->prev = tail; 3189 3190 /* Following permits correct backpressure, for protocols 3191 * using skb_set_owner_w(). 3192 * Idea is to tranfert ownership from head_skb to last segment. 3193 */ 3194 if (head_skb->destructor == sock_wfree) { 3195 swap(tail->truesize, head_skb->truesize); 3196 swap(tail->destructor, head_skb->destructor); 3197 swap(tail->sk, head_skb->sk); 3198 } 3199 return segs; 3200 3201 err: 3202 kfree_skb_list(segs); 3203 return ERR_PTR(err); 3204 } 3205 EXPORT_SYMBOL_GPL(skb_segment); 3206 3207 int skb_gro_receive(struct sk_buff **head, struct sk_buff *skb) 3208 { 3209 struct skb_shared_info *pinfo, *skbinfo = skb_shinfo(skb); 3210 unsigned int offset = skb_gro_offset(skb); 3211 unsigned int headlen = skb_headlen(skb); 3212 struct sk_buff *nskb, *lp, *p = *head; 3213 unsigned int len = skb_gro_len(skb); 3214 unsigned int delta_truesize; 3215 unsigned int headroom; 3216 3217 if (unlikely(p->len + len >= 65536)) 3218 return -E2BIG; 3219 3220 lp = NAPI_GRO_CB(p)->last; 3221 pinfo = skb_shinfo(lp); 3222 3223 if (headlen <= offset) { 3224 skb_frag_t *frag; 3225 skb_frag_t *frag2; 3226 int i = skbinfo->nr_frags; 3227 int nr_frags = pinfo->nr_frags + i; 3228 3229 if (nr_frags > MAX_SKB_FRAGS) 3230 goto merge; 3231 3232 offset -= headlen; 3233 pinfo->nr_frags = nr_frags; 3234 skbinfo->nr_frags = 0; 3235 3236 frag = pinfo->frags + nr_frags; 3237 frag2 = skbinfo->frags + i; 3238 do { 3239 *--frag = *--frag2; 3240 } while (--i); 3241 3242 frag->page_offset += offset; 3243 skb_frag_size_sub(frag, offset); 3244 3245 /* all fragments truesize : remove (head size + sk_buff) */ 3246 delta_truesize = skb->truesize - 3247 SKB_TRUESIZE(skb_end_offset(skb)); 3248 3249 skb->truesize -= skb->data_len; 3250 skb->len -= skb->data_len; 3251 skb->data_len = 0; 3252 3253 NAPI_GRO_CB(skb)->free = NAPI_GRO_FREE; 3254 goto done; 3255 } else if (skb->head_frag) { 3256 int nr_frags = pinfo->nr_frags; 3257 skb_frag_t *frag = pinfo->frags + nr_frags; 3258 struct page *page = virt_to_head_page(skb->head); 3259 unsigned int first_size = headlen - offset; 3260 unsigned int first_offset; 3261 3262 if (nr_frags + 1 + skbinfo->nr_frags > MAX_SKB_FRAGS) 3263 goto merge; 3264 3265 first_offset = skb->data - 3266 (unsigned char *)page_address(page) + 3267 offset; 3268 3269 pinfo->nr_frags = nr_frags + 1 + skbinfo->nr_frags; 3270 3271 frag->page.p = page; 3272 frag->page_offset = first_offset; 3273 skb_frag_size_set(frag, first_size); 3274 3275 memcpy(frag + 1, skbinfo->frags, sizeof(*frag) * skbinfo->nr_frags); 3276 /* We dont need to clear skbinfo->nr_frags here */ 3277 3278 delta_truesize = skb->truesize - SKB_DATA_ALIGN(sizeof(struct sk_buff)); 3279 NAPI_GRO_CB(skb)->free = NAPI_GRO_FREE_STOLEN_HEAD; 3280 goto done; 3281 } 3282 /* switch back to head shinfo */ 3283 pinfo = skb_shinfo(p); 3284 3285 if (pinfo->frag_list) 3286 goto merge; 3287 if (skb_gro_len(p) != pinfo->gso_size) 3288 return -E2BIG; 3289 3290 headroom = skb_headroom(p); 3291 nskb = alloc_skb(headroom + skb_gro_offset(p), GFP_ATOMIC); 3292 if (unlikely(!nskb)) 3293 return -ENOMEM; 3294 3295 __copy_skb_header(nskb, p); 3296 nskb->mac_len = p->mac_len; 3297 3298 skb_reserve(nskb, headroom); 3299 __skb_put(nskb, skb_gro_offset(p)); 3300 3301 skb_set_mac_header(nskb, skb_mac_header(p) - p->data); 3302 skb_set_network_header(nskb, skb_network_offset(p)); 3303 skb_set_transport_header(nskb, skb_transport_offset(p)); 3304 3305 __skb_pull(p, skb_gro_offset(p)); 3306 memcpy(skb_mac_header(nskb), skb_mac_header(p), 3307 p->data - skb_mac_header(p)); 3308 3309 skb_shinfo(nskb)->frag_list = p; 3310 skb_shinfo(nskb)->gso_size = pinfo->gso_size; 3311 pinfo->gso_size = 0; 3312 __skb_header_release(p); 3313 NAPI_GRO_CB(nskb)->last = p; 3314 3315 nskb->data_len += p->len; 3316 nskb->truesize += p->truesize; 3317 nskb->len += p->len; 3318 3319 *head = nskb; 3320 nskb->next = p->next; 3321 p->next = NULL; 3322 3323 p = nskb; 3324 3325 merge: 3326 delta_truesize = skb->truesize; 3327 if (offset > headlen) { 3328 unsigned int eat = offset - headlen; 3329 3330 skbinfo->frags[0].page_offset += eat; 3331 skb_frag_size_sub(&skbinfo->frags[0], eat); 3332 skb->data_len -= eat; 3333 skb->len -= eat; 3334 offset = headlen; 3335 } 3336 3337 __skb_pull(skb, offset); 3338 3339 if (NAPI_GRO_CB(p)->last == p) 3340 skb_shinfo(p)->frag_list = skb; 3341 else 3342 NAPI_GRO_CB(p)->last->next = skb; 3343 NAPI_GRO_CB(p)->last = skb; 3344 __skb_header_release(skb); 3345 lp = p; 3346 3347 done: 3348 NAPI_GRO_CB(p)->count++; 3349 p->data_len += len; 3350 p->truesize += delta_truesize; 3351 p->len += len; 3352 if (lp != p) { 3353 lp->data_len += len; 3354 lp->truesize += delta_truesize; 3355 lp->len += len; 3356 } 3357 NAPI_GRO_CB(skb)->same_flow = 1; 3358 return 0; 3359 } 3360 3361 void __init skb_init(void) 3362 { 3363 skbuff_head_cache = kmem_cache_create("skbuff_head_cache", 3364 sizeof(struct sk_buff), 3365 0, 3366 SLAB_HWCACHE_ALIGN|SLAB_PANIC, 3367 NULL); 3368 skbuff_fclone_cache = kmem_cache_create("skbuff_fclone_cache", 3369 sizeof(struct sk_buff_fclones), 3370 0, 3371 SLAB_HWCACHE_ALIGN|SLAB_PANIC, 3372 NULL); 3373 } 3374 3375 /** 3376 * skb_to_sgvec - Fill a scatter-gather list from a socket buffer 3377 * @skb: Socket buffer containing the buffers to be mapped 3378 * @sg: The scatter-gather list to map into 3379 * @offset: The offset into the buffer's contents to start mapping 3380 * @len: Length of buffer space to be mapped 3381 * 3382 * Fill the specified scatter-gather list with mappings/pointers into a 3383 * region of the buffer space attached to a socket buffer. 3384 */ 3385 static int 3386 __skb_to_sgvec(struct sk_buff *skb, struct scatterlist *sg, int offset, int len) 3387 { 3388 int start = skb_headlen(skb); 3389 int i, copy = start - offset; 3390 struct sk_buff *frag_iter; 3391 int elt = 0; 3392 3393 if (copy > 0) { 3394 if (copy > len) 3395 copy = len; 3396 sg_set_buf(sg, skb->data + offset, copy); 3397 elt++; 3398 if ((len -= copy) == 0) 3399 return elt; 3400 offset += copy; 3401 } 3402 3403 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) { 3404 int end; 3405 3406 WARN_ON(start > offset + len); 3407 3408 end = start + skb_frag_size(&skb_shinfo(skb)->frags[i]); 3409 if ((copy = end - offset) > 0) { 3410 skb_frag_t *frag = &skb_shinfo(skb)->frags[i]; 3411 3412 if (copy > len) 3413 copy = len; 3414 sg_set_page(&sg[elt], skb_frag_page(frag), copy, 3415 frag->page_offset+offset-start); 3416 elt++; 3417 if (!(len -= copy)) 3418 return elt; 3419 offset += copy; 3420 } 3421 start = end; 3422 } 3423 3424 skb_walk_frags(skb, frag_iter) { 3425 int end; 3426 3427 WARN_ON(start > offset + len); 3428 3429 end = start + frag_iter->len; 3430 if ((copy = end - offset) > 0) { 3431 if (copy > len) 3432 copy = len; 3433 elt += __skb_to_sgvec(frag_iter, sg+elt, offset - start, 3434 copy); 3435 if ((len -= copy) == 0) 3436 return elt; 3437 offset += copy; 3438 } 3439 start = end; 3440 } 3441 BUG_ON(len); 3442 return elt; 3443 } 3444 3445 /* As compared with skb_to_sgvec, skb_to_sgvec_nomark only map skb to given 3446 * sglist without mark the sg which contain last skb data as the end. 3447 * So the caller can mannipulate sg list as will when padding new data after 3448 * the first call without calling sg_unmark_end to expend sg list. 3449 * 3450 * Scenario to use skb_to_sgvec_nomark: 3451 * 1. sg_init_table 3452 * 2. skb_to_sgvec_nomark(payload1) 3453 * 3. skb_to_sgvec_nomark(payload2) 3454 * 3455 * This is equivalent to: 3456 * 1. sg_init_table 3457 * 2. skb_to_sgvec(payload1) 3458 * 3. sg_unmark_end 3459 * 4. skb_to_sgvec(payload2) 3460 * 3461 * When mapping mutilple payload conditionally, skb_to_sgvec_nomark 3462 * is more preferable. 3463 */ 3464 int skb_to_sgvec_nomark(struct sk_buff *skb, struct scatterlist *sg, 3465 int offset, int len) 3466 { 3467 return __skb_to_sgvec(skb, sg, offset, len); 3468 } 3469 EXPORT_SYMBOL_GPL(skb_to_sgvec_nomark); 3470 3471 int skb_to_sgvec(struct sk_buff *skb, struct scatterlist *sg, int offset, int len) 3472 { 3473 int nsg = __skb_to_sgvec(skb, sg, offset, len); 3474 3475 sg_mark_end(&sg[nsg - 1]); 3476 3477 return nsg; 3478 } 3479 EXPORT_SYMBOL_GPL(skb_to_sgvec); 3480 3481 /** 3482 * skb_cow_data - Check that a socket buffer's data buffers are writable 3483 * @skb: The socket buffer to check. 3484 * @tailbits: Amount of trailing space to be added 3485 * @trailer: Returned pointer to the skb where the @tailbits space begins 3486 * 3487 * Make sure that the data buffers attached to a socket buffer are 3488 * writable. If they are not, private copies are made of the data buffers 3489 * and the socket buffer is set to use these instead. 3490 * 3491 * If @tailbits is given, make sure that there is space to write @tailbits 3492 * bytes of data beyond current end of socket buffer. @trailer will be 3493 * set to point to the skb in which this space begins. 3494 * 3495 * The number of scatterlist elements required to completely map the 3496 * COW'd and extended socket buffer will be returned. 3497 */ 3498 int skb_cow_data(struct sk_buff *skb, int tailbits, struct sk_buff **trailer) 3499 { 3500 int copyflag; 3501 int elt; 3502 struct sk_buff *skb1, **skb_p; 3503 3504 /* If skb is cloned or its head is paged, reallocate 3505 * head pulling out all the pages (pages are considered not writable 3506 * at the moment even if they are anonymous). 3507 */ 3508 if ((skb_cloned(skb) || skb_shinfo(skb)->nr_frags) && 3509 __pskb_pull_tail(skb, skb_pagelen(skb)-skb_headlen(skb)) == NULL) 3510 return -ENOMEM; 3511 3512 /* Easy case. Most of packets will go this way. */ 3513 if (!skb_has_frag_list(skb)) { 3514 /* A little of trouble, not enough of space for trailer. 3515 * This should not happen, when stack is tuned to generate 3516 * good frames. OK, on miss we reallocate and reserve even more 3517 * space, 128 bytes is fair. */ 3518 3519 if (skb_tailroom(skb) < tailbits && 3520 pskb_expand_head(skb, 0, tailbits-skb_tailroom(skb)+128, GFP_ATOMIC)) 3521 return -ENOMEM; 3522 3523 /* Voila! */ 3524 *trailer = skb; 3525 return 1; 3526 } 3527 3528 /* Misery. We are in troubles, going to mincer fragments... */ 3529 3530 elt = 1; 3531 skb_p = &skb_shinfo(skb)->frag_list; 3532 copyflag = 0; 3533 3534 while ((skb1 = *skb_p) != NULL) { 3535 int ntail = 0; 3536 3537 /* The fragment is partially pulled by someone, 3538 * this can happen on input. Copy it and everything 3539 * after it. */ 3540 3541 if (skb_shared(skb1)) 3542 copyflag = 1; 3543 3544 /* If the skb is the last, worry about trailer. */ 3545 3546 if (skb1->next == NULL && tailbits) { 3547 if (skb_shinfo(skb1)->nr_frags || 3548 skb_has_frag_list(skb1) || 3549 skb_tailroom(skb1) < tailbits) 3550 ntail = tailbits + 128; 3551 } 3552 3553 if (copyflag || 3554 skb_cloned(skb1) || 3555 ntail || 3556 skb_shinfo(skb1)->nr_frags || 3557 skb_has_frag_list(skb1)) { 3558 struct sk_buff *skb2; 3559 3560 /* Fuck, we are miserable poor guys... */ 3561 if (ntail == 0) 3562 skb2 = skb_copy(skb1, GFP_ATOMIC); 3563 else 3564 skb2 = skb_copy_expand(skb1, 3565 skb_headroom(skb1), 3566 ntail, 3567 GFP_ATOMIC); 3568 if (unlikely(skb2 == NULL)) 3569 return -ENOMEM; 3570 3571 if (skb1->sk) 3572 skb_set_owner_w(skb2, skb1->sk); 3573 3574 /* Looking around. Are we still alive? 3575 * OK, link new skb, drop old one */ 3576 3577 skb2->next = skb1->next; 3578 *skb_p = skb2; 3579 kfree_skb(skb1); 3580 skb1 = skb2; 3581 } 3582 elt++; 3583 *trailer = skb1; 3584 skb_p = &skb1->next; 3585 } 3586 3587 return elt; 3588 } 3589 EXPORT_SYMBOL_GPL(skb_cow_data); 3590 3591 static void sock_rmem_free(struct sk_buff *skb) 3592 { 3593 struct sock *sk = skb->sk; 3594 3595 atomic_sub(skb->truesize, &sk->sk_rmem_alloc); 3596 } 3597 3598 /* 3599 * Note: We dont mem charge error packets (no sk_forward_alloc changes) 3600 */ 3601 int sock_queue_err_skb(struct sock *sk, struct sk_buff *skb) 3602 { 3603 if (atomic_read(&sk->sk_rmem_alloc) + skb->truesize >= 3604 (unsigned int)sk->sk_rcvbuf) 3605 return -ENOMEM; 3606 3607 skb_orphan(skb); 3608 skb->sk = sk; 3609 skb->destructor = sock_rmem_free; 3610 atomic_add(skb->truesize, &sk->sk_rmem_alloc); 3611 3612 /* before exiting rcu section, make sure dst is refcounted */ 3613 skb_dst_force(skb); 3614 3615 skb_queue_tail(&sk->sk_error_queue, skb); 3616 if (!sock_flag(sk, SOCK_DEAD)) 3617 sk->sk_data_ready(sk); 3618 return 0; 3619 } 3620 EXPORT_SYMBOL(sock_queue_err_skb); 3621 3622 struct sk_buff *sock_dequeue_err_skb(struct sock *sk) 3623 { 3624 struct sk_buff_head *q = &sk->sk_error_queue; 3625 struct sk_buff *skb, *skb_next; 3626 int err = 0; 3627 3628 spin_lock_bh(&q->lock); 3629 skb = __skb_dequeue(q); 3630 if (skb && (skb_next = skb_peek(q))) 3631 err = SKB_EXT_ERR(skb_next)->ee.ee_errno; 3632 spin_unlock_bh(&q->lock); 3633 3634 sk->sk_err = err; 3635 if (err) 3636 sk->sk_error_report(sk); 3637 3638 return skb; 3639 } 3640 EXPORT_SYMBOL(sock_dequeue_err_skb); 3641 3642 /** 3643 * skb_clone_sk - create clone of skb, and take reference to socket 3644 * @skb: the skb to clone 3645 * 3646 * This function creates a clone of a buffer that holds a reference on 3647 * sk_refcnt. Buffers created via this function are meant to be 3648 * returned using sock_queue_err_skb, or free via kfree_skb. 3649 * 3650 * When passing buffers allocated with this function to sock_queue_err_skb 3651 * it is necessary to wrap the call with sock_hold/sock_put in order to 3652 * prevent the socket from being released prior to being enqueued on 3653 * the sk_error_queue. 3654 */ 3655 struct sk_buff *skb_clone_sk(struct sk_buff *skb) 3656 { 3657 struct sock *sk = skb->sk; 3658 struct sk_buff *clone; 3659 3660 if (!sk || !atomic_inc_not_zero(&sk->sk_refcnt)) 3661 return NULL; 3662 3663 clone = skb_clone(skb, GFP_ATOMIC); 3664 if (!clone) { 3665 sock_put(sk); 3666 return NULL; 3667 } 3668 3669 clone->sk = sk; 3670 clone->destructor = sock_efree; 3671 3672 return clone; 3673 } 3674 EXPORT_SYMBOL(skb_clone_sk); 3675 3676 static void __skb_complete_tx_timestamp(struct sk_buff *skb, 3677 struct sock *sk, 3678 int tstype) 3679 { 3680 struct sock_exterr_skb *serr; 3681 int err; 3682 3683 serr = SKB_EXT_ERR(skb); 3684 memset(serr, 0, sizeof(*serr)); 3685 serr->ee.ee_errno = ENOMSG; 3686 serr->ee.ee_origin = SO_EE_ORIGIN_TIMESTAMPING; 3687 serr->ee.ee_info = tstype; 3688 if (sk->sk_tsflags & SOF_TIMESTAMPING_OPT_ID) { 3689 serr->ee.ee_data = skb_shinfo(skb)->tskey; 3690 if (sk->sk_protocol == IPPROTO_TCP) 3691 serr->ee.ee_data -= sk->sk_tskey; 3692 } 3693 3694 err = sock_queue_err_skb(sk, skb); 3695 3696 if (err) 3697 kfree_skb(skb); 3698 } 3699 3700 void skb_complete_tx_timestamp(struct sk_buff *skb, 3701 struct skb_shared_hwtstamps *hwtstamps) 3702 { 3703 struct sock *sk = skb->sk; 3704 3705 /* take a reference to prevent skb_orphan() from freeing the socket */ 3706 sock_hold(sk); 3707 3708 *skb_hwtstamps(skb) = *hwtstamps; 3709 __skb_complete_tx_timestamp(skb, sk, SCM_TSTAMP_SND); 3710 3711 sock_put(sk); 3712 } 3713 EXPORT_SYMBOL_GPL(skb_complete_tx_timestamp); 3714 3715 void __skb_tstamp_tx(struct sk_buff *orig_skb, 3716 struct skb_shared_hwtstamps *hwtstamps, 3717 struct sock *sk, int tstype) 3718 { 3719 struct sk_buff *skb; 3720 3721 if (!sk) 3722 return; 3723 3724 if (hwtstamps) 3725 *skb_hwtstamps(orig_skb) = *hwtstamps; 3726 else 3727 orig_skb->tstamp = ktime_get_real(); 3728 3729 skb = skb_clone(orig_skb, GFP_ATOMIC); 3730 if (!skb) 3731 return; 3732 3733 __skb_complete_tx_timestamp(skb, sk, tstype); 3734 } 3735 EXPORT_SYMBOL_GPL(__skb_tstamp_tx); 3736 3737 void skb_tstamp_tx(struct sk_buff *orig_skb, 3738 struct skb_shared_hwtstamps *hwtstamps) 3739 { 3740 return __skb_tstamp_tx(orig_skb, hwtstamps, orig_skb->sk, 3741 SCM_TSTAMP_SND); 3742 } 3743 EXPORT_SYMBOL_GPL(skb_tstamp_tx); 3744 3745 void skb_complete_wifi_ack(struct sk_buff *skb, bool acked) 3746 { 3747 struct sock *sk = skb->sk; 3748 struct sock_exterr_skb *serr; 3749 int err; 3750 3751 skb->wifi_acked_valid = 1; 3752 skb->wifi_acked = acked; 3753 3754 serr = SKB_EXT_ERR(skb); 3755 memset(serr, 0, sizeof(*serr)); 3756 serr->ee.ee_errno = ENOMSG; 3757 serr->ee.ee_origin = SO_EE_ORIGIN_TXSTATUS; 3758 3759 /* take a reference to prevent skb_orphan() from freeing the socket */ 3760 sock_hold(sk); 3761 3762 err = sock_queue_err_skb(sk, skb); 3763 if (err) 3764 kfree_skb(skb); 3765 3766 sock_put(sk); 3767 } 3768 EXPORT_SYMBOL_GPL(skb_complete_wifi_ack); 3769 3770 3771 /** 3772 * skb_partial_csum_set - set up and verify partial csum values for packet 3773 * @skb: the skb to set 3774 * @start: the number of bytes after skb->data to start checksumming. 3775 * @off: the offset from start to place the checksum. 3776 * 3777 * For untrusted partially-checksummed packets, we need to make sure the values 3778 * for skb->csum_start and skb->csum_offset are valid so we don't oops. 3779 * 3780 * This function checks and sets those values and skb->ip_summed: if this 3781 * returns false you should drop the packet. 3782 */ 3783 bool skb_partial_csum_set(struct sk_buff *skb, u16 start, u16 off) 3784 { 3785 if (unlikely(start > skb_headlen(skb)) || 3786 unlikely((int)start + off > skb_headlen(skb) - 2)) { 3787 net_warn_ratelimited("bad partial csum: csum=%u/%u len=%u\n", 3788 start, off, skb_headlen(skb)); 3789 return false; 3790 } 3791 skb->ip_summed = CHECKSUM_PARTIAL; 3792 skb->csum_start = skb_headroom(skb) + start; 3793 skb->csum_offset = off; 3794 skb_set_transport_header(skb, start); 3795 return true; 3796 } 3797 EXPORT_SYMBOL_GPL(skb_partial_csum_set); 3798 3799 static int skb_maybe_pull_tail(struct sk_buff *skb, unsigned int len, 3800 unsigned int max) 3801 { 3802 if (skb_headlen(skb) >= len) 3803 return 0; 3804 3805 /* If we need to pullup then pullup to the max, so we 3806 * won't need to do it again. 3807 */ 3808 if (max > skb->len) 3809 max = skb->len; 3810 3811 if (__pskb_pull_tail(skb, max - skb_headlen(skb)) == NULL) 3812 return -ENOMEM; 3813 3814 if (skb_headlen(skb) < len) 3815 return -EPROTO; 3816 3817 return 0; 3818 } 3819 3820 #define MAX_TCP_HDR_LEN (15 * 4) 3821 3822 static __sum16 *skb_checksum_setup_ip(struct sk_buff *skb, 3823 typeof(IPPROTO_IP) proto, 3824 unsigned int off) 3825 { 3826 switch (proto) { 3827 int err; 3828 3829 case IPPROTO_TCP: 3830 err = skb_maybe_pull_tail(skb, off + sizeof(struct tcphdr), 3831 off + MAX_TCP_HDR_LEN); 3832 if (!err && !skb_partial_csum_set(skb, off, 3833 offsetof(struct tcphdr, 3834 check))) 3835 err = -EPROTO; 3836 return err ? ERR_PTR(err) : &tcp_hdr(skb)->check; 3837 3838 case IPPROTO_UDP: 3839 err = skb_maybe_pull_tail(skb, off + sizeof(struct udphdr), 3840 off + sizeof(struct udphdr)); 3841 if (!err && !skb_partial_csum_set(skb, off, 3842 offsetof(struct udphdr, 3843 check))) 3844 err = -EPROTO; 3845 return err ? ERR_PTR(err) : &udp_hdr(skb)->check; 3846 } 3847 3848 return ERR_PTR(-EPROTO); 3849 } 3850 3851 /* This value should be large enough to cover a tagged ethernet header plus 3852 * maximally sized IP and TCP or UDP headers. 3853 */ 3854 #define MAX_IP_HDR_LEN 128 3855 3856 static int skb_checksum_setup_ipv4(struct sk_buff *skb, bool recalculate) 3857 { 3858 unsigned int off; 3859 bool fragment; 3860 __sum16 *csum; 3861 int err; 3862 3863 fragment = false; 3864 3865 err = skb_maybe_pull_tail(skb, 3866 sizeof(struct iphdr), 3867 MAX_IP_HDR_LEN); 3868 if (err < 0) 3869 goto out; 3870 3871 if (ip_hdr(skb)->frag_off & htons(IP_OFFSET | IP_MF)) 3872 fragment = true; 3873 3874 off = ip_hdrlen(skb); 3875 3876 err = -EPROTO; 3877 3878 if (fragment) 3879 goto out; 3880 3881 csum = skb_checksum_setup_ip(skb, ip_hdr(skb)->protocol, off); 3882 if (IS_ERR(csum)) 3883 return PTR_ERR(csum); 3884 3885 if (recalculate) 3886 *csum = ~csum_tcpudp_magic(ip_hdr(skb)->saddr, 3887 ip_hdr(skb)->daddr, 3888 skb->len - off, 3889 ip_hdr(skb)->protocol, 0); 3890 err = 0; 3891 3892 out: 3893 return err; 3894 } 3895 3896 /* This value should be large enough to cover a tagged ethernet header plus 3897 * an IPv6 header, all options, and a maximal TCP or UDP header. 3898 */ 3899 #define MAX_IPV6_HDR_LEN 256 3900 3901 #define OPT_HDR(type, skb, off) \ 3902 (type *)(skb_network_header(skb) + (off)) 3903 3904 static int skb_checksum_setup_ipv6(struct sk_buff *skb, bool recalculate) 3905 { 3906 int err; 3907 u8 nexthdr; 3908 unsigned int off; 3909 unsigned int len; 3910 bool fragment; 3911 bool done; 3912 __sum16 *csum; 3913 3914 fragment = false; 3915 done = false; 3916 3917 off = sizeof(struct ipv6hdr); 3918 3919 err = skb_maybe_pull_tail(skb, off, MAX_IPV6_HDR_LEN); 3920 if (err < 0) 3921 goto out; 3922 3923 nexthdr = ipv6_hdr(skb)->nexthdr; 3924 3925 len = sizeof(struct ipv6hdr) + ntohs(ipv6_hdr(skb)->payload_len); 3926 while (off <= len && !done) { 3927 switch (nexthdr) { 3928 case IPPROTO_DSTOPTS: 3929 case IPPROTO_HOPOPTS: 3930 case IPPROTO_ROUTING: { 3931 struct ipv6_opt_hdr *hp; 3932 3933 err = skb_maybe_pull_tail(skb, 3934 off + 3935 sizeof(struct ipv6_opt_hdr), 3936 MAX_IPV6_HDR_LEN); 3937 if (err < 0) 3938 goto out; 3939 3940 hp = OPT_HDR(struct ipv6_opt_hdr, skb, off); 3941 nexthdr = hp->nexthdr; 3942 off += ipv6_optlen(hp); 3943 break; 3944 } 3945 case IPPROTO_AH: { 3946 struct ip_auth_hdr *hp; 3947 3948 err = skb_maybe_pull_tail(skb, 3949 off + 3950 sizeof(struct ip_auth_hdr), 3951 MAX_IPV6_HDR_LEN); 3952 if (err < 0) 3953 goto out; 3954 3955 hp = OPT_HDR(struct ip_auth_hdr, skb, off); 3956 nexthdr = hp->nexthdr; 3957 off += ipv6_authlen(hp); 3958 break; 3959 } 3960 case IPPROTO_FRAGMENT: { 3961 struct frag_hdr *hp; 3962 3963 err = skb_maybe_pull_tail(skb, 3964 off + 3965 sizeof(struct frag_hdr), 3966 MAX_IPV6_HDR_LEN); 3967 if (err < 0) 3968 goto out; 3969 3970 hp = OPT_HDR(struct frag_hdr, skb, off); 3971 3972 if (hp->frag_off & htons(IP6_OFFSET | IP6_MF)) 3973 fragment = true; 3974 3975 nexthdr = hp->nexthdr; 3976 off += sizeof(struct frag_hdr); 3977 break; 3978 } 3979 default: 3980 done = true; 3981 break; 3982 } 3983 } 3984 3985 err = -EPROTO; 3986 3987 if (!done || fragment) 3988 goto out; 3989 3990 csum = skb_checksum_setup_ip(skb, nexthdr, off); 3991 if (IS_ERR(csum)) 3992 return PTR_ERR(csum); 3993 3994 if (recalculate) 3995 *csum = ~csum_ipv6_magic(&ipv6_hdr(skb)->saddr, 3996 &ipv6_hdr(skb)->daddr, 3997 skb->len - off, nexthdr, 0); 3998 err = 0; 3999 4000 out: 4001 return err; 4002 } 4003 4004 /** 4005 * skb_checksum_setup - set up partial checksum offset 4006 * @skb: the skb to set up 4007 * @recalculate: if true the pseudo-header checksum will be recalculated 4008 */ 4009 int skb_checksum_setup(struct sk_buff *skb, bool recalculate) 4010 { 4011 int err; 4012 4013 switch (skb->protocol) { 4014 case htons(ETH_P_IP): 4015 err = skb_checksum_setup_ipv4(skb, recalculate); 4016 break; 4017 4018 case htons(ETH_P_IPV6): 4019 err = skb_checksum_setup_ipv6(skb, recalculate); 4020 break; 4021 4022 default: 4023 err = -EPROTO; 4024 break; 4025 } 4026 4027 return err; 4028 } 4029 EXPORT_SYMBOL(skb_checksum_setup); 4030 4031 void __skb_warn_lro_forwarding(const struct sk_buff *skb) 4032 { 4033 net_warn_ratelimited("%s: received packets cannot be forwarded while LRO is enabled\n", 4034 skb->dev->name); 4035 } 4036 EXPORT_SYMBOL(__skb_warn_lro_forwarding); 4037 4038 void kfree_skb_partial(struct sk_buff *skb, bool head_stolen) 4039 { 4040 if (head_stolen) { 4041 skb_release_head_state(skb); 4042 kmem_cache_free(skbuff_head_cache, skb); 4043 } else { 4044 __kfree_skb(skb); 4045 } 4046 } 4047 EXPORT_SYMBOL(kfree_skb_partial); 4048 4049 /** 4050 * skb_try_coalesce - try to merge skb to prior one 4051 * @to: prior buffer 4052 * @from: buffer to add 4053 * @fragstolen: pointer to boolean 4054 * @delta_truesize: how much more was allocated than was requested 4055 */ 4056 bool skb_try_coalesce(struct sk_buff *to, struct sk_buff *from, 4057 bool *fragstolen, int *delta_truesize) 4058 { 4059 int i, delta, len = from->len; 4060 4061 *fragstolen = false; 4062 4063 if (skb_cloned(to)) 4064 return false; 4065 4066 if (len <= skb_tailroom(to)) { 4067 if (len) 4068 BUG_ON(skb_copy_bits(from, 0, skb_put(to, len), len)); 4069 *delta_truesize = 0; 4070 return true; 4071 } 4072 4073 if (skb_has_frag_list(to) || skb_has_frag_list(from)) 4074 return false; 4075 4076 if (skb_headlen(from) != 0) { 4077 struct page *page; 4078 unsigned int offset; 4079 4080 if (skb_shinfo(to)->nr_frags + 4081 skb_shinfo(from)->nr_frags >= MAX_SKB_FRAGS) 4082 return false; 4083 4084 if (skb_head_is_locked(from)) 4085 return false; 4086 4087 delta = from->truesize - SKB_DATA_ALIGN(sizeof(struct sk_buff)); 4088 4089 page = virt_to_head_page(from->head); 4090 offset = from->data - (unsigned char *)page_address(page); 4091 4092 skb_fill_page_desc(to, skb_shinfo(to)->nr_frags, 4093 page, offset, skb_headlen(from)); 4094 *fragstolen = true; 4095 } else { 4096 if (skb_shinfo(to)->nr_frags + 4097 skb_shinfo(from)->nr_frags > MAX_SKB_FRAGS) 4098 return false; 4099 4100 delta = from->truesize - SKB_TRUESIZE(skb_end_offset(from)); 4101 } 4102 4103 WARN_ON_ONCE(delta < len); 4104 4105 memcpy(skb_shinfo(to)->frags + skb_shinfo(to)->nr_frags, 4106 skb_shinfo(from)->frags, 4107 skb_shinfo(from)->nr_frags * sizeof(skb_frag_t)); 4108 skb_shinfo(to)->nr_frags += skb_shinfo(from)->nr_frags; 4109 4110 if (!skb_cloned(from)) 4111 skb_shinfo(from)->nr_frags = 0; 4112 4113 /* if the skb is not cloned this does nothing 4114 * since we set nr_frags to 0. 4115 */ 4116 for (i = 0; i < skb_shinfo(from)->nr_frags; i++) 4117 skb_frag_ref(from, i); 4118 4119 to->truesize += delta; 4120 to->len += len; 4121 to->data_len += len; 4122 4123 *delta_truesize = delta; 4124 return true; 4125 } 4126 EXPORT_SYMBOL(skb_try_coalesce); 4127 4128 /** 4129 * skb_scrub_packet - scrub an skb 4130 * 4131 * @skb: buffer to clean 4132 * @xnet: packet is crossing netns 4133 * 4134 * skb_scrub_packet can be used after encapsulating or decapsulting a packet 4135 * into/from a tunnel. Some information have to be cleared during these 4136 * operations. 4137 * skb_scrub_packet can also be used to clean a skb before injecting it in 4138 * another namespace (@xnet == true). We have to clear all information in the 4139 * skb that could impact namespace isolation. 4140 */ 4141 void skb_scrub_packet(struct sk_buff *skb, bool xnet) 4142 { 4143 if (xnet) 4144 skb_orphan(skb); 4145 skb->tstamp.tv64 = 0; 4146 skb->pkt_type = PACKET_HOST; 4147 skb->skb_iif = 0; 4148 skb->ignore_df = 0; 4149 skb_dst_drop(skb); 4150 skb->mark = 0; 4151 skb_init_secmark(skb); 4152 secpath_reset(skb); 4153 nf_reset(skb); 4154 nf_reset_trace(skb); 4155 } 4156 EXPORT_SYMBOL_GPL(skb_scrub_packet); 4157 4158 /** 4159 * skb_gso_transport_seglen - Return length of individual segments of a gso packet 4160 * 4161 * @skb: GSO skb 4162 * 4163 * skb_gso_transport_seglen is used to determine the real size of the 4164 * individual segments, including Layer4 headers (TCP/UDP). 4165 * 4166 * The MAC/L2 or network (IP, IPv6) headers are not accounted for. 4167 */ 4168 unsigned int skb_gso_transport_seglen(const struct sk_buff *skb) 4169 { 4170 const struct skb_shared_info *shinfo = skb_shinfo(skb); 4171 unsigned int thlen = 0; 4172 4173 if (skb->encapsulation) { 4174 thlen = skb_inner_transport_header(skb) - 4175 skb_transport_header(skb); 4176 4177 if (likely(shinfo->gso_type & (SKB_GSO_TCPV4 | SKB_GSO_TCPV6))) 4178 thlen += inner_tcp_hdrlen(skb); 4179 } else if (likely(shinfo->gso_type & (SKB_GSO_TCPV4 | SKB_GSO_TCPV6))) { 4180 thlen = tcp_hdrlen(skb); 4181 } 4182 /* UFO sets gso_size to the size of the fragmentation 4183 * payload, i.e. the size of the L4 (UDP) header is already 4184 * accounted for. 4185 */ 4186 return thlen + shinfo->gso_size; 4187 } 4188 EXPORT_SYMBOL_GPL(skb_gso_transport_seglen); 4189 4190 static struct sk_buff *skb_reorder_vlan_header(struct sk_buff *skb) 4191 { 4192 if (skb_cow(skb, skb_headroom(skb)) < 0) { 4193 kfree_skb(skb); 4194 return NULL; 4195 } 4196 4197 memmove(skb->data - ETH_HLEN, skb->data - VLAN_ETH_HLEN, 2 * ETH_ALEN); 4198 skb->mac_header += VLAN_HLEN; 4199 return skb; 4200 } 4201 4202 struct sk_buff *skb_vlan_untag(struct sk_buff *skb) 4203 { 4204 struct vlan_hdr *vhdr; 4205 u16 vlan_tci; 4206 4207 if (unlikely(vlan_tx_tag_present(skb))) { 4208 /* vlan_tci is already set-up so leave this for another time */ 4209 return skb; 4210 } 4211 4212 skb = skb_share_check(skb, GFP_ATOMIC); 4213 if (unlikely(!skb)) 4214 goto err_free; 4215 4216 if (unlikely(!pskb_may_pull(skb, VLAN_HLEN))) 4217 goto err_free; 4218 4219 vhdr = (struct vlan_hdr *)skb->data; 4220 vlan_tci = ntohs(vhdr->h_vlan_TCI); 4221 __vlan_hwaccel_put_tag(skb, skb->protocol, vlan_tci); 4222 4223 skb_pull_rcsum(skb, VLAN_HLEN); 4224 vlan_set_encap_proto(skb, vhdr); 4225 4226 skb = skb_reorder_vlan_header(skb); 4227 if (unlikely(!skb)) 4228 goto err_free; 4229 4230 skb_reset_network_header(skb); 4231 skb_reset_transport_header(skb); 4232 skb_reset_mac_len(skb); 4233 4234 return skb; 4235 4236 err_free: 4237 kfree_skb(skb); 4238 return NULL; 4239 } 4240 EXPORT_SYMBOL(skb_vlan_untag); 4241 4242 int skb_ensure_writable(struct sk_buff *skb, int write_len) 4243 { 4244 if (!pskb_may_pull(skb, write_len)) 4245 return -ENOMEM; 4246 4247 if (!skb_cloned(skb) || skb_clone_writable(skb, write_len)) 4248 return 0; 4249 4250 return pskb_expand_head(skb, 0, 0, GFP_ATOMIC); 4251 } 4252 EXPORT_SYMBOL(skb_ensure_writable); 4253 4254 /* remove VLAN header from packet and update csum accordingly. */ 4255 static int __skb_vlan_pop(struct sk_buff *skb, u16 *vlan_tci) 4256 { 4257 struct vlan_hdr *vhdr; 4258 unsigned int offset = skb->data - skb_mac_header(skb); 4259 int err; 4260 4261 __skb_push(skb, offset); 4262 err = skb_ensure_writable(skb, VLAN_ETH_HLEN); 4263 if (unlikely(err)) 4264 goto pull; 4265 4266 skb_postpull_rcsum(skb, skb->data + (2 * ETH_ALEN), VLAN_HLEN); 4267 4268 vhdr = (struct vlan_hdr *)(skb->data + ETH_HLEN); 4269 *vlan_tci = ntohs(vhdr->h_vlan_TCI); 4270 4271 memmove(skb->data + VLAN_HLEN, skb->data, 2 * ETH_ALEN); 4272 __skb_pull(skb, VLAN_HLEN); 4273 4274 vlan_set_encap_proto(skb, vhdr); 4275 skb->mac_header += VLAN_HLEN; 4276 4277 if (skb_network_offset(skb) < ETH_HLEN) 4278 skb_set_network_header(skb, ETH_HLEN); 4279 4280 skb_reset_mac_len(skb); 4281 pull: 4282 __skb_pull(skb, offset); 4283 4284 return err; 4285 } 4286 4287 int skb_vlan_pop(struct sk_buff *skb) 4288 { 4289 u16 vlan_tci; 4290 __be16 vlan_proto; 4291 int err; 4292 4293 if (likely(vlan_tx_tag_present(skb))) { 4294 skb->vlan_tci = 0; 4295 } else { 4296 if (unlikely((skb->protocol != htons(ETH_P_8021Q) && 4297 skb->protocol != htons(ETH_P_8021AD)) || 4298 skb->len < VLAN_ETH_HLEN)) 4299 return 0; 4300 4301 err = __skb_vlan_pop(skb, &vlan_tci); 4302 if (err) 4303 return err; 4304 } 4305 /* move next vlan tag to hw accel tag */ 4306 if (likely((skb->protocol != htons(ETH_P_8021Q) && 4307 skb->protocol != htons(ETH_P_8021AD)) || 4308 skb->len < VLAN_ETH_HLEN)) 4309 return 0; 4310 4311 vlan_proto = skb->protocol; 4312 err = __skb_vlan_pop(skb, &vlan_tci); 4313 if (unlikely(err)) 4314 return err; 4315 4316 __vlan_hwaccel_put_tag(skb, vlan_proto, vlan_tci); 4317 return 0; 4318 } 4319 EXPORT_SYMBOL(skb_vlan_pop); 4320 4321 int skb_vlan_push(struct sk_buff *skb, __be16 vlan_proto, u16 vlan_tci) 4322 { 4323 if (vlan_tx_tag_present(skb)) { 4324 unsigned int offset = skb->data - skb_mac_header(skb); 4325 int err; 4326 4327 /* __vlan_insert_tag expect skb->data pointing to mac header. 4328 * So change skb->data before calling it and change back to 4329 * original position later 4330 */ 4331 __skb_push(skb, offset); 4332 err = __vlan_insert_tag(skb, skb->vlan_proto, 4333 vlan_tx_tag_get(skb)); 4334 if (err) 4335 return err; 4336 skb->protocol = skb->vlan_proto; 4337 skb->mac_len += VLAN_HLEN; 4338 __skb_pull(skb, offset); 4339 4340 if (skb->ip_summed == CHECKSUM_COMPLETE) 4341 skb->csum = csum_add(skb->csum, csum_partial(skb->data 4342 + (2 * ETH_ALEN), VLAN_HLEN, 0)); 4343 } 4344 __vlan_hwaccel_put_tag(skb, vlan_proto, vlan_tci); 4345 return 0; 4346 } 4347 EXPORT_SYMBOL(skb_vlan_push); 4348 4349 /** 4350 * alloc_skb_with_frags - allocate skb with page frags 4351 * 4352 * @header_len: size of linear part 4353 * @data_len: needed length in frags 4354 * @max_page_order: max page order desired. 4355 * @errcode: pointer to error code if any 4356 * @gfp_mask: allocation mask 4357 * 4358 * This can be used to allocate a paged skb, given a maximal order for frags. 4359 */ 4360 struct sk_buff *alloc_skb_with_frags(unsigned long header_len, 4361 unsigned long data_len, 4362 int max_page_order, 4363 int *errcode, 4364 gfp_t gfp_mask) 4365 { 4366 int npages = (data_len + (PAGE_SIZE - 1)) >> PAGE_SHIFT; 4367 unsigned long chunk; 4368 struct sk_buff *skb; 4369 struct page *page; 4370 gfp_t gfp_head; 4371 int i; 4372 4373 *errcode = -EMSGSIZE; 4374 /* Note this test could be relaxed, if we succeed to allocate 4375 * high order pages... 4376 */ 4377 if (npages > MAX_SKB_FRAGS) 4378 return NULL; 4379 4380 gfp_head = gfp_mask; 4381 if (gfp_head & __GFP_WAIT) 4382 gfp_head |= __GFP_REPEAT; 4383 4384 *errcode = -ENOBUFS; 4385 skb = alloc_skb(header_len, gfp_head); 4386 if (!skb) 4387 return NULL; 4388 4389 skb->truesize += npages << PAGE_SHIFT; 4390 4391 for (i = 0; npages > 0; i++) { 4392 int order = max_page_order; 4393 4394 while (order) { 4395 if (npages >= 1 << order) { 4396 page = alloc_pages(gfp_mask | 4397 __GFP_COMP | 4398 __GFP_NOWARN | 4399 __GFP_NORETRY, 4400 order); 4401 if (page) 4402 goto fill_page; 4403 /* Do not retry other high order allocations */ 4404 order = 1; 4405 max_page_order = 0; 4406 } 4407 order--; 4408 } 4409 page = alloc_page(gfp_mask); 4410 if (!page) 4411 goto failure; 4412 fill_page: 4413 chunk = min_t(unsigned long, data_len, 4414 PAGE_SIZE << order); 4415 skb_fill_page_desc(skb, i, page, 0, chunk); 4416 data_len -= chunk; 4417 npages -= 1 << order; 4418 } 4419 return skb; 4420 4421 failure: 4422 kfree_skb(skb); 4423 return NULL; 4424 } 4425 EXPORT_SYMBOL(alloc_skb_with_frags); 4426