[net-next-2.6.git] / net / core / skbuff.c

/*
 *	Routines having to do with the 'struct sk_buff' memory handlers.
 *
 *	Authors:	Alan Cox <alan@lxorguk.ukuu.org.uk>
 *			Florian La Roche <rzsfl@rz.uni-sb.de>
 *
 *	Fixes:
 *		Alan Cox	:	Fixed the worst of the load
 *					balancer bugs.
 *		Dave Platt	:	Interrupt stacking fix.
 *	Richard Kooijman	:	Timestamp fixes.
 *		Alan Cox	:	Changed buffer format.
 *		Alan Cox	:	destructor hook for AF_UNIX etc.
 *		Linus Torvalds	:	Better skb_clone.
 *		Alan Cox	:	Added skb_copy.
 *		Alan Cox	:	Added all the changed routines Linus
 *					only put in the headers
 *		Ray VanTassle	:	Fixed --skb->lock in free
 *		Alan Cox	:	skb_copy copy arp field
 *		Andi Kleen	:	slabified it.
 *		Robert Olsson	:	Removed skb_head_pool
 *
 *	NOTE:
 *		The __skb_ routines should be called with interrupts
 *	disabled, or you better be *real* sure that the operation is atomic
 *	with respect to whatever list is being frobbed (e.g. via lock_sock()
 *	or via disabling bottom half handlers, etc).
 *
 *	This program is free software; you can redistribute it and/or
 *	modify it under the terms of the GNU General Public License
 *	as published by the Free Software Foundation; either version
 *	2 of the License, or (at your option) any later version.
 */

/*
 *	The functions in this file will not compile correctly with gcc 2.4.x
 */

#include <linux/module.h>
#include <linux/types.h>
#include <linux/kernel.h>
#include <linux/kmemcheck.h>
#include <linux/mm.h>
#include <linux/interrupt.h>
#include <linux/in.h>
#include <linux/inet.h>
#include <linux/slab.h>
#include <linux/netdevice.h>
#ifdef CONFIG_NET_CLS_ACT
#include <net/pkt_sched.h>
#endif
#include <linux/string.h>
#include <linux/skbuff.h>
#include <linux/splice.h>
#include <linux/cache.h>
#include <linux/rtnetlink.h>
#include <linux/init.h>
#include <linux/scatterlist.h>
#include <linux/errqueue.h>

#include <net/protocol.h>
#include <net/dst.h>
#include <net/sock.h>
#include <net/checksum.h>
#include <net/xfrm.h>

#include <asm/uaccess.h>
#include <asm/system.h>
#include <trace/events/skb.h>

#include "kmap_skb.h"

static struct kmem_cache *skbuff_head_cache __read_mostly;
static struct kmem_cache *skbuff_fclone_cache __read_mostly;

static void sock_pipe_buf_release(struct pipe_inode_info *pipe,
				  struct pipe_buffer *buf)
{
	put_page(buf->page);
}

static void sock_pipe_buf_get(struct pipe_inode_info *pipe,
				struct pipe_buffer *buf)
{
	get_page(buf->page);
}

static int sock_pipe_buf_steal(struct pipe_inode_info *pipe,
			       struct pipe_buffer *buf)
{
	return 1;
}


/* Pipe buffer operations for a socket. */
static const struct pipe_buf_operations sock_pipe_buf_ops = {
	.can_merge = 0,
	.map = generic_pipe_buf_map,
	.unmap = generic_pipe_buf_unmap,
	.confirm = generic_pipe_buf_confirm,
	.release = sock_pipe_buf_release,
	.steal = sock_pipe_buf_steal,
	.get = sock_pipe_buf_get,
};

/*
 *	Keep out-of-line to prevent kernel bloat.
 *	__builtin_return_address is not used because it is not always
 *	reliable.
 */

/**
 *	skb_over_panic	- 	private function
 *	@skb: buffer
 *	@sz: size
 *	@here: address
 *
 *	Out of line support code for skb_put(). Not user callable.
 */
static void skb_over_panic(struct sk_buff *skb, int sz, void *here)
{
	printk(KERN_EMERG "skb_over_panic: text:%p len:%d put:%d head:%p "
			  "data:%p tail:%#lx end:%#lx dev:%s\n",
	       here, skb->len, sz, skb->head, skb->data,
	       (unsigned long)skb->tail, (unsigned long)skb->end,
	       skb->dev ? skb->dev->name : "<NULL>");
	BUG();
}

/**
 *	skb_under_panic	- 	private function
 *	@skb: buffer
 *	@sz: size
 *	@here: address
 *
 *	Out of line support code for skb_push(). Not user callable.
 */

static void skb_under_panic(struct sk_buff *skb, int sz, void *here)
{
	printk(KERN_EMERG "skb_under_panic: text:%p len:%d put:%d head:%p "
			  "data:%p tail:%#lx end:%#lx dev:%s\n",
	       here, skb->len, sz, skb->head, skb->data,
	       (unsigned long)skb->tail, (unsigned long)skb->end,
	       skb->dev ? skb->dev->name : "<NULL>");
	BUG();
}

/* 	Allocate a new skbuff. We do this ourselves so we can fill in a few
 *	'private' fields and also do memory statistics to find all the
 *	[BEEP] leaks.
 *
 */

/**
 *	__alloc_skb	-	allocate a network buffer
 *	@size: size to allocate
 *	@gfp_mask: allocation mask
 *	@fclone: allocate from fclone cache instead of head cache
 *		and allocate a cloned (child) skb
 *	@node: numa node to allocate memory on
 *
 *	Allocate a new &sk_buff. The returned buffer has no headroom and a
 *	tail room of size bytes. The object has a reference count of one.
 *	The return is the buffer. On a failure the return is %NULL.
 *
 *	Buffers may only be allocated from interrupts using a @gfp_mask of
 *	%GFP_ATOMIC.
 */
struct sk_buff *__alloc_skb(unsigned int size, gfp_t gfp_mask,
			    int fclone, int node)
{
	struct kmem_cache *cache;
	struct skb_shared_info *shinfo;
	struct sk_buff *skb;
	u8 *data;

	cache = fclone ? skbuff_fclone_cache : skbuff_head_cache;

	/* Get the HEAD */
	skb = kmem_cache_alloc_node(cache, gfp_mask & ~__GFP_DMA, node);
	if (!skb)
		goto out;
	prefetchw(skb);

	size = SKB_DATA_ALIGN(size);
	data = kmalloc_node_track_caller(size + sizeof(struct skb_shared_info),
			gfp_mask, node);
	if (!data)
		goto nodata;
	prefetchw(data + size);

	/*
	 * Only clear those fields we need to clear, not those that we will
	 * actually initialise below. Hence, don't put any more fields after
	 * the tail pointer in struct sk_buff!
	 */
	memset(skb, 0, offsetof(struct sk_buff, tail));
	skb->truesize = size + sizeof(struct sk_buff);
	atomic_set(&skb->users, 1);
	skb->head = data;
	skb->data = data;
	skb_reset_tail_pointer(skb);
	skb->end = skb->tail + size;
#ifdef NET_SKBUFF_DATA_USES_OFFSET
	skb->mac_header = ~0U;
#endif

	/* make sure we initialize shinfo sequentially */
	shinfo = skb_shinfo(skb);
	memset(shinfo, 0, offsetof(struct skb_shared_info, dataref));
	atomic_set(&shinfo->dataref, 1);

	if (fclone) {
		struct sk_buff *child = skb + 1;
		atomic_t *fclone_ref = (atomic_t *) (child + 1);

		kmemcheck_annotate_bitfield(child, flags1);
		kmemcheck_annotate_bitfield(child, flags2);
		skb->fclone = SKB_FCLONE_ORIG;
		atomic_set(fclone_ref, 1);

		child->fclone = SKB_FCLONE_UNAVAILABLE;
	}
out:
	return skb;
nodata:
	kmem_cache_free(cache, skb);
	skb = NULL;
	goto out;
}
EXPORT_SYMBOL(__alloc_skb);

/**
 *	__netdev_alloc_skb - allocate an skbuff for rx on a specific device
 *	@dev: network device to receive on
 *	@length: length to allocate
 *	@gfp_mask: get_free_pages mask, passed to alloc_skb
 *
 *	Allocate a new &sk_buff and assign it a usage count of one. The
 *	buffer has unspecified headroom built in. Users should allocate
 *	the headroom they think they need without accounting for the
 *	built in space. The built in space is used for optimisations.
 *
 *	%NULL is returned if there is no free memory.
 */
struct sk_buff *__netdev_alloc_skb(struct net_device *dev,
		unsigned int length, gfp_t gfp_mask)
{
	struct sk_buff *skb;

	skb = __alloc_skb(length + NET_SKB_PAD, gfp_mask, 0, NUMA_NO_NODE);
	if (likely(skb)) {
		skb_reserve(skb, NET_SKB_PAD);
		skb->dev = dev;
	}
	return skb;
}
EXPORT_SYMBOL(__netdev_alloc_skb);

void skb_add_rx_frag(struct sk_buff *skb, int i, struct page *page, int off,
		int size)
{
	skb_fill_page_desc(skb, i, page, off, size);
	skb->len += size;
	skb->data_len += size;
	skb->truesize += size;
}
EXPORT_SYMBOL(skb_add_rx_frag);

/**
 *	dev_alloc_skb - allocate an skbuff for receiving
 *	@length: length to allocate
 *
 *	Allocate a new &sk_buff and assign it a usage count of one. The
 *	buffer has unspecified headroom built in. Users should allocate
 *	the headroom they think they need without accounting for the
 *	built in space. The built in space is used for optimisations.
 *
 *	%NULL is returned if there is no free memory. Although this function
 *	allocates memory it can be called from an interrupt.
 */
struct sk_buff *dev_alloc_skb(unsigned int length)
{
	/*
	 * There is more code here than it seems:
	 * __dev_alloc_skb is an inline
	 */
	return __dev_alloc_skb(length, GFP_ATOMIC);
}
EXPORT_SYMBOL(dev_alloc_skb);

static void skb_drop_list(struct sk_buff **listp)
{
	struct sk_buff *list = *listp;

	*listp = NULL;

	do {
		struct sk_buff *this = list;
		list = list->next;
		kfree_skb(this);
	} while (list);
}

static inline void skb_drop_fraglist(struct sk_buff *skb)
{
	skb_drop_list(&skb_shinfo(skb)->frag_list);
}

static void skb_clone_fraglist(struct sk_buff *skb)
{
	struct sk_buff *list;

	skb_walk_frags(skb, list)
		skb_get(list);
}

static void skb_release_data(struct sk_buff *skb)
{
	if (!skb->cloned ||
	    !atomic_sub_return(skb->nohdr ? (1 << SKB_DATAREF_SHIFT) + 1 : 1,
			       &skb_shinfo(skb)->dataref)) {
		if (skb_shinfo(skb)->nr_frags) {
			int i;
			for (i = 0; i < skb_shinfo(skb)->nr_frags; i++)
				put_page(skb_shinfo(skb)->frags[i].page);
		}

		if (skb_has_frag_list(skb))
			skb_drop_fraglist(skb);

		kfree(skb->head);
	}
}

/*
 *	Free an skbuff by memory without cleaning the state.
 */
static void kfree_skbmem(struct sk_buff *skb)
{
	struct sk_buff *other;
	atomic_t *fclone_ref;

	switch (skb->fclone) {
	case SKB_FCLONE_UNAVAILABLE:
		kmem_cache_free(skbuff_head_cache, skb);
		break;

	case SKB_FCLONE_ORIG:
		fclone_ref = (atomic_t *) (skb + 2);
		if (atomic_dec_and_test(fclone_ref))
			kmem_cache_free(skbuff_fclone_cache, skb);
		break;

	case SKB_FCLONE_CLONE:
		fclone_ref = (atomic_t *) (skb + 1);
		other = skb - 1;

		/* The clone portion is available for
		 * fast-cloning again.
		 */
		skb->fclone = SKB_FCLONE_UNAVAILABLE;

		if (atomic_dec_and_test(fclone_ref))
			kmem_cache_free(skbuff_fclone_cache, other);
		break;
	}
}

static void skb_release_head_state(struct sk_buff *skb)
{
	skb_dst_drop(skb);
#ifdef CONFIG_XFRM
	secpath_put(skb->sp);
#endif
	if (skb->destructor) {
		WARN_ON(in_irq());
		skb->destructor(skb);
	}
#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
	nf_conntrack_put(skb->nfct);
	nf_conntrack_put_reasm(skb->nfct_reasm);
#endif
#ifdef CONFIG_BRIDGE_NETFILTER
	nf_bridge_put(skb->nf_bridge);
#endif
/* XXX: IS this still necessary? - JHS */
#ifdef CONFIG_NET_SCHED
	skb->tc_index = 0;
#ifdef CONFIG_NET_CLS_ACT
	skb->tc_verd = 0;
#endif
#endif
}

/* Free everything but the sk_buff shell. */
static void skb_release_all(struct sk_buff *skb)
{
	skb_release_head_state(skb);
	skb_release_data(skb);
}

/**
 *	__kfree_skb - private function
 *	@skb: buffer
 *
 *	Free an sk_buff. Release anything attached to the buffer.
 *	Clean the state. This is an internal helper function. Users should
 *	always call kfree_skb
 */

void __kfree_skb(struct sk_buff *skb)
{
	skb_release_all(skb);
	kfree_skbmem(skb);
}
EXPORT_SYMBOL(__kfree_skb);
Commit	Line	Data
1da177e4 LT	1	/*
	2	* Routines having to do with the 'struct sk_buff' memory handlers.
	3	*
113aa838	4	* Authors: Alan Cox <alan@lxorguk.ukuu.org.uk>
1da177e4 LT	5	* Florian La Roche <rzsfl@rz.uni-sb.de>
1da177e4 LT	6	*
1da177e4 LT	7	* Fixes:
	8	* Alan Cox : Fixed the worst of the load
	9	* balancer bugs.
	10	* Dave Platt : Interrupt stacking fix.
	11	* Richard Kooijman : Timestamp fixes.
	12	* Alan Cox : Changed buffer format.
	13	* Alan Cox : destructor hook for AF_UNIX etc.
	14	* Linus Torvalds : Better skb_clone.
	15	* Alan Cox : Added skb_copy.
	16	* Alan Cox : Added all the changed routines Linus
	17	* only put in the headers
	18	* Ray VanTassle : Fixed --skb->lock in free
	19	* Alan Cox : skb_copy copy arp field
	20	* Andi Kleen : slabified it.
	21	* Robert Olsson : Removed skb_head_pool
	22	*
	23	* NOTE:
	24	* The __skb_ routines should be called with interrupts
	25	* disabled, or you better be real sure that the operation is atomic
	26	* with respect to whatever list is being frobbed (e.g. via lock_sock()
	27	* or via disabling bottom half handlers, etc).
	28	*
	29	* This program is free software; you can redistribute it and/or
	30	* modify it under the terms of the GNU General Public License
	31	* as published by the Free Software Foundation; either version
	32	* 2 of the License, or (at your option) any later version.
	33	*/
	34
	35	/*
	36	* The functions in this file will not compile correctly with gcc 2.4.x
	37	*/
	38
1da177e4 LT	39	#include <linux/module.h>
	40	#include <linux/types.h>
	41	#include <linux/kernel.h>
fe55f6d5	42	#include <linux/kmemcheck.h>
1da177e4 LT	43	#include <linux/mm.h>
	44	#include <linux/interrupt.h>
	45	#include <linux/in.h>
	46	#include <linux/inet.h>
	47	#include <linux/slab.h>
	48	#include <linux/netdevice.h>
	49	#ifdef CONFIG_NET_CLS_ACT
	50	#include <net/pkt_sched.h>
	51	#endif
	52	#include <linux/string.h>
	53	#include <linux/skbuff.h>
9c55e01c	54	#include <linux/splice.h>
1da177e4 LT	55	#include <linux/cache.h>
	56	#include <linux/rtnetlink.h>
	57	#include <linux/init.h>
716ea3a7	58	#include <linux/scatterlist.h>
ac45f602	59	#include <linux/errqueue.h>
1da177e4 LT	60
	61	#include <net/protocol.h>
	62	#include <net/dst.h>
	63	#include <net/sock.h>
	64	#include <net/checksum.h>
	65	#include <net/xfrm.h>
	66
	67	#include <asm/uaccess.h>
	68	#include <asm/system.h>
ad8d75ff	69	#include <trace/events/skb.h>
1da177e4	70
a1f8e7f7 AV	71	#include "kmap_skb.h"
a1f8e7f7 AV	72
e18b890b CL	73	static struct kmem_cache *skbuff_head_cache __read_mostly;
e18b890b CL	74	static struct kmem_cache *skbuff_fclone_cache __read_mostly;
1da177e4	75
9c55e01c JA	76	static void sock_pipe_buf_release(struct pipe_inode_info *pipe,
	77	struct pipe_buffer *buf)
	78	{
8b9d3728	79	put_page(buf->page);
9c55e01c JA	80	}
	81
	82	static void sock_pipe_buf_get(struct pipe_inode_info *pipe,
	83	struct pipe_buffer *buf)
	84	{
8b9d3728	85	get_page(buf->page);
9c55e01c JA	86	}
	87
	88	static int sock_pipe_buf_steal(struct pipe_inode_info *pipe,
	89	struct pipe_buffer *buf)
	90	{
	91	return 1;
	92	}
	93
	94
	95	/* Pipe buffer operations for a socket. */
28dfef8f	96	static const struct pipe_buf_operations sock_pipe_buf_ops = {
9c55e01c JA	97	.can_merge = 0,
	98	.map = generic_pipe_buf_map,
	99	.unmap = generic_pipe_buf_unmap,
	100	.confirm = generic_pipe_buf_confirm,
	101	.release = sock_pipe_buf_release,
	102	.steal = sock_pipe_buf_steal,
	103	.get = sock_pipe_buf_get,
	104	};
	105
1da177e4 LT	106	/*
	107	* Keep out-of-line to prevent kernel bloat.
	108	* __builtin_return_address is not used because it is not always
	109	* reliable.
	110	*/
	111
	112	/**
	113	* skb_over_panic - private function
	114	* @skb: buffer
	115	* @sz: size
	116	* @here: address
	117	*
	118	* Out of line support code for skb_put(). Not user callable.
	119	*/
ccb7c773	120	static void skb_over_panic(struct sk_buff skb, int sz, void here)
1da177e4	121	{
26095455	122	printk(KERN_EMERG "skb_over_panic: text:%p len:%d put:%d head:%p "
4305b541	123	"data:%p tail:%#lx end:%#lx dev:%s\n",
27a884dc	124	here, skb->len, sz, skb->head, skb->data,
4305b541	125	(unsigned long)skb->tail, (unsigned long)skb->end,
26095455	126	skb->dev ? skb->dev->name : "<NULL>");
1da177e4 LT	127	BUG();
	128	}
	129
	130	/**
	131	* skb_under_panic - private function
	132	* @skb: buffer
	133	* @sz: size
	134	* @here: address
	135	*
	136	* Out of line support code for skb_push(). Not user callable.
	137	*/
	138
ccb7c773	139	static void skb_under_panic(struct sk_buff skb, int sz, void here)
1da177e4	140	{
26095455	141	printk(KERN_EMERG "skb_under_panic: text:%p len:%d put:%d head:%p "
4305b541	142	"data:%p tail:%#lx end:%#lx dev:%s\n",
27a884dc	143	here, skb->len, sz, skb->head, skb->data,
4305b541	144	(unsigned long)skb->tail, (unsigned long)skb->end,
26095455	145	skb->dev ? skb->dev->name : "<NULL>");
1da177e4 LT	146	BUG();
	147	}
	148
	149	/* Allocate a new skbuff. We do this ourselves so we can fill in a few
	150	* 'private' fields and also do memory statistics to find all the
	151	* [BEEP] leaks.
	152	*
	153	*/
	154
	155	/**
d179cd12	156	* __alloc_skb - allocate a network buffer
1da177e4 LT	157	* @size: size to allocate
1da177e4 LT	158	* @gfp_mask: allocation mask
c83c2486 RD	159	* @fclone: allocate from fclone cache instead of head cache
c83c2486 RD	160	* and allocate a cloned (child) skb
b30973f8	161	* @node: numa node to allocate memory on
1da177e4 LT	162	*
	163	* Allocate a new &sk_buff. The returned buffer has no headroom and a
	164	* tail room of size bytes. The object has a reference count of one.
	165	* The return is the buffer. On a failure the return is %NULL.
	166	*
	167	* Buffers may only be allocated from interrupts using a @gfp_mask of
	168	* %GFP_ATOMIC.
	169	*/
dd0fc66f	170	struct sk_buff *__alloc_skb(unsigned int size, gfp_t gfp_mask,
b30973f8	171	int fclone, int node)
1da177e4	172	{
e18b890b	173	struct kmem_cache *cache;
4947d3ef	174	struct skb_shared_info *shinfo;
1da177e4 LT	175	struct sk_buff *skb;
	176	u8 *data;
	177
8798b3fb HX	178	cache = fclone ? skbuff_fclone_cache : skbuff_head_cache;
8798b3fb HX	179
1da177e4	180	/* Get the HEAD */
b30973f8	181	skb = kmem_cache_alloc_node(cache, gfp_mask & ~__GFP_DMA, node);
1da177e4 LT	182	if (!skb)
1da177e4 LT	183	goto out;
ec7d2f2c	184	prefetchw(skb);
1da177e4	185
1da177e4	186	size = SKB_DATA_ALIGN(size);
b30973f8 CH	187	data = kmalloc_node_track_caller(size + sizeof(struct skb_shared_info),
b30973f8 CH	188	gfp_mask, node);
1da177e4 LT	189	if (!data)
1da177e4 LT	190	goto nodata;
ec7d2f2c	191	prefetchw(data + size);
1da177e4	192
ca0605a7	193	/*
c8005785 JB	194	* Only clear those fields we need to clear, not those that we will
	195	* actually initialise below. Hence, don't put any more fields after
	196	* the tail pointer in struct sk_buff!
ca0605a7 ACM	197	*/
ca0605a7 ACM	198	memset(skb, 0, offsetof(struct sk_buff, tail));
1da177e4 LT	199	skb->truesize = size + sizeof(struct sk_buff);
	200	atomic_set(&skb->users, 1);
	201	skb->head = data;
	202	skb->data = data;
27a884dc	203	skb_reset_tail_pointer(skb);
4305b541	204	skb->end = skb->tail + size;
19633e12 SH	205	#ifdef NET_SKBUFF_DATA_USES_OFFSET
	206	skb->mac_header = ~0U;
	207	#endif
	208
4947d3ef BL	209	/* make sure we initialize shinfo sequentially */
4947d3ef BL	210	shinfo = skb_shinfo(skb);
ec7d2f2c	211	memset(shinfo, 0, offsetof(struct skb_shared_info, dataref));
4947d3ef	212	atomic_set(&shinfo->dataref, 1);
4947d3ef	213
d179cd12 DM	214	if (fclone) {
	215	struct sk_buff *child = skb + 1;
	216	atomic_t fclone_ref = (atomic_t ) (child + 1);
1da177e4	217
fe55f6d5 VN	218	kmemcheck_annotate_bitfield(child, flags1);
fe55f6d5 VN	219	kmemcheck_annotate_bitfield(child, flags2);
d179cd12 DM	220	skb->fclone = SKB_FCLONE_ORIG;
	221	atomic_set(fclone_ref, 1);
	222
	223	child->fclone = SKB_FCLONE_UNAVAILABLE;
	224	}
1da177e4 LT	225	out:
	226	return skb;
	227	nodata:
8798b3fb	228	kmem_cache_free(cache, skb);
1da177e4 LT	229	skb = NULL;
1da177e4 LT	230	goto out;
1da177e4	231	}
b4ac530f	232	EXPORT_SYMBOL(__alloc_skb);
1da177e4	233
8af27456 CH	234	/**
	235	* __netdev_alloc_skb - allocate an skbuff for rx on a specific device
	236	* @dev: network device to receive on
	237	* @length: length to allocate
	238	* @gfp_mask: get_free_pages mask, passed to alloc_skb
	239	*
	240	* Allocate a new &sk_buff and assign it a usage count of one. The
	241	* buffer has unspecified headroom built in. Users should allocate
	242	* the headroom they think they need without accounting for the
	243	* built in space. The built in space is used for optimisations.
	244	*
	245	* %NULL is returned if there is no free memory.
	246	*/
	247	struct sk_buff __netdev_alloc_skb(struct net_device dev,
	248	unsigned int length, gfp_t gfp_mask)
	249	{
	250	struct sk_buff *skb;
	251
564824b0	252	skb = __alloc_skb(length + NET_SKB_PAD, gfp_mask, 0, NUMA_NO_NODE);
7b2e497a	253	if (likely(skb)) {
8af27456	254	skb_reserve(skb, NET_SKB_PAD);
7b2e497a CH	255	skb->dev = dev;
7b2e497a CH	256	}
8af27456 CH	257	return skb;
8af27456 CH	258	}
b4ac530f	259	EXPORT_SYMBOL(__netdev_alloc_skb);
1da177e4	260
654bed16 PZ	261	void skb_add_rx_frag(struct sk_buff skb, int i, struct page page, int off,
	262	int size)
	263	{
	264	skb_fill_page_desc(skb, i, page, off, size);
	265	skb->len += size;
	266	skb->data_len += size;
	267	skb->truesize += size;
	268	}
	269	EXPORT_SYMBOL(skb_add_rx_frag);
	270
f58518e6 IJ	271	/**
	272	* dev_alloc_skb - allocate an skbuff for receiving
	273	* @length: length to allocate
	274	*
	275	* Allocate a new &sk_buff and assign it a usage count of one. The
	276	* buffer has unspecified headroom built in. Users should allocate
	277	* the headroom they think they need without accounting for the
	278	* built in space. The built in space is used for optimisations.
	279	*
	280	* %NULL is returned if there is no free memory. Although this function
	281	* allocates memory it can be called from an interrupt.
	282	*/
	283	struct sk_buff *dev_alloc_skb(unsigned int length)
	284	{
1483b874 DV	285	/*
1483b874 DV	286	* There is more code here than it seems:
a0f55e0e	287	* __dev_alloc_skb is an inline
1483b874	288	*/
f58518e6 IJ	289	return __dev_alloc_skb(length, GFP_ATOMIC);
	290	}
	291	EXPORT_SYMBOL(dev_alloc_skb);
	292
27b437c8	293	static void skb_drop_list(struct sk_buff **listp)
1da177e4	294	{
27b437c8	295	struct sk_buff list = listp;
1da177e4	296
27b437c8	297	*listp = NULL;
1da177e4 LT	298
	299	do {
	300	struct sk_buff *this = list;
	301	list = list->next;
	302	kfree_skb(this);
	303	} while (list);
	304	}
	305
27b437c8 HX	306	static inline void skb_drop_fraglist(struct sk_buff *skb)
	307	{
	308	skb_drop_list(&skb_shinfo(skb)->frag_list);
	309	}
	310
1da177e4 LT	311	static void skb_clone_fraglist(struct sk_buff *skb)
	312	{
	313	struct sk_buff *list;
	314
fbb398a8	315	skb_walk_frags(skb, list)
1da177e4 LT	316	skb_get(list);
	317	}
	318
5bba1712	319	static void skb_release_data(struct sk_buff *skb)
1da177e4 LT	320	{
	321	if (!skb->cloned \|\|
	322	!atomic_sub_return(skb->nohdr ? (1 << SKB_DATAREF_SHIFT) + 1 : 1,
	323	&skb_shinfo(skb)->dataref)) {
	324	if (skb_shinfo(skb)->nr_frags) {
	325	int i;
	326	for (i = 0; i < skb_shinfo(skb)->nr_frags; i++)
	327	put_page(skb_shinfo(skb)->frags[i].page);
	328	}
	329
21dc3301	330	if (skb_has_frag_list(skb))
1da177e4 LT	331	skb_drop_fraglist(skb);
	332
	333	kfree(skb->head);
	334	}
	335	}
	336
	337	/*
	338	* Free an skbuff by memory without cleaning the state.
	339	*/
2d4baff8	340	static void kfree_skbmem(struct sk_buff *skb)
1da177e4	341	{
d179cd12 DM	342	struct sk_buff *other;
	343	atomic_t *fclone_ref;
	344
d179cd12 DM	345	switch (skb->fclone) {
	346	case SKB_FCLONE_UNAVAILABLE:
	347	kmem_cache_free(skbuff_head_cache, skb);
	348	break;
	349
	350	case SKB_FCLONE_ORIG:
	351	fclone_ref = (atomic_t *) (skb + 2);
	352	if (atomic_dec_and_test(fclone_ref))
	353	kmem_cache_free(skbuff_fclone_cache, skb);
	354	break;
	355
	356	case SKB_FCLONE_CLONE:
	357	fclone_ref = (atomic_t *) (skb + 1);
	358	other = skb - 1;
	359
	360	/* The clone portion is available for
	361	* fast-cloning again.
	362	*/
	363	skb->fclone = SKB_FCLONE_UNAVAILABLE;
	364
	365	if (atomic_dec_and_test(fclone_ref))
	366	kmem_cache_free(skbuff_fclone_cache, other);
	367	break;
3ff50b79	368	}
1da177e4 LT	369	}
1da177e4 LT	370
04a4bb55	371	static void skb_release_head_state(struct sk_buff *skb)
1da177e4	372	{
adf30907	373	skb_dst_drop(skb);
1da177e4 LT	374	#ifdef CONFIG_XFRM
	375	secpath_put(skb->sp);
	376	#endif
9c2b3328 SH	377	if (skb->destructor) {
9c2b3328 SH	378	WARN_ON(in_irq());
1da177e4 LT	379	skb->destructor(skb);
1da177e4 LT	380	}
9fb9cbb1	381	#if defined(CONFIG_NF_CONNTRACK) \|\| defined(CONFIG_NF_CONNTRACK_MODULE)
5f79e0f9	382	nf_conntrack_put(skb->nfct);
9fb9cbb1 YK	383	nf_conntrack_put_reasm(skb->nfct_reasm);
9fb9cbb1 YK	384	#endif
1da177e4 LT	385	#ifdef CONFIG_BRIDGE_NETFILTER
	386	nf_bridge_put(skb->nf_bridge);
	387	#endif
1da177e4 LT	388	/* XXX: IS this still necessary? - JHS */
	389	#ifdef CONFIG_NET_SCHED
	390	skb->tc_index = 0;
	391	#ifdef CONFIG_NET_CLS_ACT
	392	skb->tc_verd = 0;
1da177e4 LT	393	#endif
1da177e4 LT	394	#endif
04a4bb55 LB	395	}
	396
	397	/* Free everything but the sk_buff shell. */
	398	static void skb_release_all(struct sk_buff *skb)
	399	{
	400	skb_release_head_state(skb);
2d4baff8 HX	401	skb_release_data(skb);
	402	}
	403
	404	/**
	405	* __kfree_skb - private function
	406	* @skb: buffer
	407	*
	408	* Free an sk_buff. Release anything attached to the buffer.
	409	* Clean the state. This is an internal helper function. Users should
	410	* always call kfree_skb
	411	*/
1da177e4	412
2d4baff8 HX	413	void __kfree_skb(struct sk_buff *skb)
	414	{
	415	skb_release_all(skb);
1da177e4 LT	416	kfree_skbmem(skb);
1da177e4 LT	417	}
b4ac530f	418	EXPORT_SYMBOL(__kfree_skb);
1da177e4	419