2 * Routines having to do with the 'struct sk_buff' memory handlers.
4 * Authors: Alan Cox <alan@lxorguk.ukuu.org.uk>
5 * Florian La Roche <rzsfl@rz.uni-sb.de>
8 * Alan Cox : Fixed the worst of the load
10 * Dave Platt : Interrupt stacking fix.
11 * Richard Kooijman : Timestamp fixes.
12 * Alan Cox : Changed buffer format.
13 * Alan Cox : destructor hook for AF_UNIX etc.
14 * Linus Torvalds : Better skb_clone.
15 * Alan Cox : Added skb_copy.
16 * Alan Cox : Added all the changed routines Linus
17 * only put in the headers
18 * Ray VanTassle : Fixed --skb->lock in free
19 * Alan Cox : skb_copy copy arp field
20 * Andi Kleen : slabified it.
21 * Robert Olsson : Removed skb_head_pool
24 * The __skb_ routines should be called with interrupts
25 * disabled, or you better be *real* sure that the operation is atomic
26 * with respect to whatever list is being frobbed (e.g. via lock_sock()
27 * or via disabling bottom half handlers, etc).
29 * This program is free software; you can redistribute it and/or
30 * modify it under the terms of the GNU General Public License
31 * as published by the Free Software Foundation; either version
32 * 2 of the License, or (at your option) any later version.
36 * The functions in this file will not compile correctly with gcc 2.4.x
39 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
41 #include <linux/module.h>
42 #include <linux/types.h>
43 #include <linux/kernel.h>
44 #include <linux/kmemcheck.h>
46 #include <linux/interrupt.h>
48 #include <linux/inet.h>
49 #include <linux/slab.h>
50 #include <linux/tcp.h>
51 #include <linux/udp.h>
52 #include <linux/netdevice.h>
53 #ifdef CONFIG_NET_CLS_ACT
54 #include <net/pkt_sched.h>
56 #include <linux/string.h>
57 #include <linux/skbuff.h>
58 #include <linux/splice.h>
59 #include <linux/cache.h>
60 #include <linux/rtnetlink.h>
61 #include <linux/init.h>
62 #include <linux/scatterlist.h>
63 #include <linux/errqueue.h>
64 #include <linux/prefetch.h>
65 #include <linux/if_vlan.h>
67 #include <net/protocol.h>
70 #include <net/checksum.h>
71 #include <net/ip6_checksum.h>
74 #include <asm/uaccess.h>
75 #include <trace/events/skb.h>
76 #include <linux/highmem.h>
77 #include <linux/capability.h>
78 #include <linux/user_namespace.h>
80 struct kmem_cache *skbuff_head_cache __read_mostly;
81 static struct kmem_cache *skbuff_fclone_cache __read_mostly;
84 * skb_panic - private function for out-of-line support
88 * @msg: skb_over_panic or skb_under_panic
90 * Out-of-line support for skb_put() and skb_push().
91 * Called via the wrapper skb_over_panic() or skb_under_panic().
92 * Keep out of line to prevent kernel bloat.
93 * __builtin_return_address is not used because it is not always reliable.
95 static void skb_panic(struct sk_buff *skb, unsigned int sz, void *addr,
98 pr_emerg("%s: text:%p len:%d put:%d head:%p data:%p tail:%#lx end:%#lx dev:%s\n",
99 msg, addr, skb->len, sz, skb->head, skb->data,
100 (unsigned long)skb->tail, (unsigned long)skb->end,
101 skb->dev ? skb->dev->name : "<NULL>");
105 static void skb_over_panic(struct sk_buff *skb, unsigned int sz, void *addr)
107 skb_panic(skb, sz, addr, __func__);
110 static void skb_under_panic(struct sk_buff *skb, unsigned int sz, void *addr)
112 skb_panic(skb, sz, addr, __func__);
116 * kmalloc_reserve is a wrapper around kmalloc_node_track_caller that tells
117 * the caller if emergency pfmemalloc reserves are being used. If it is and
118 * the socket is later found to be SOCK_MEMALLOC then PFMEMALLOC reserves
119 * may be used. Otherwise, the packet data may be discarded until enough
122 #define kmalloc_reserve(size, gfp, node, pfmemalloc) \
123 __kmalloc_reserve(size, gfp, node, _RET_IP_, pfmemalloc)
125 static void *__kmalloc_reserve(size_t size, gfp_t flags, int node,
126 unsigned long ip, bool *pfmemalloc)
129 bool ret_pfmemalloc = false;
132 * Try a regular allocation, when that fails and we're not entitled
133 * to the reserves, fail.
135 obj = kmalloc_node_track_caller(size,
136 flags | __GFP_NOMEMALLOC | __GFP_NOWARN,
138 if (obj || !(gfp_pfmemalloc_allowed(flags)))
141 /* Try again but now we are using pfmemalloc reserves */
142 ret_pfmemalloc = true;
143 obj = kmalloc_node_track_caller(size, flags, node);
147 *pfmemalloc = ret_pfmemalloc;
152 /* Allocate a new skbuff. We do this ourselves so we can fill in a few
153 * 'private' fields and also do memory statistics to find all the
158 struct sk_buff *__alloc_skb_head(gfp_t gfp_mask, int node)
163 skb = kmem_cache_alloc_node(skbuff_head_cache,
164 gfp_mask & ~__GFP_DMA, node);
169 * Only clear those fields we need to clear, not those that we will
170 * actually initialise below. Hence, don't put any more fields after
171 * the tail pointer in struct sk_buff!
173 memset(skb, 0, offsetof(struct sk_buff, tail));
175 skb->truesize = sizeof(struct sk_buff);
176 atomic_set(&skb->users, 1);
178 skb->mac_header = (typeof(skb->mac_header))~0U;
184 * __alloc_skb - allocate a network buffer
185 * @size: size to allocate
186 * @gfp_mask: allocation mask
187 * @flags: If SKB_ALLOC_FCLONE is set, allocate from fclone cache
188 * instead of head cache and allocate a cloned (child) skb.
189 * If SKB_ALLOC_RX is set, __GFP_MEMALLOC will be used for
190 * allocations in case the data is required for writeback
191 * @node: numa node to allocate memory on
193 * Allocate a new &sk_buff. The returned buffer has no headroom and a
194 * tail room of at least size bytes. The object has a reference count
195 * of one. The return is the buffer. On a failure the return is %NULL.
197 * Buffers may only be allocated from interrupts using a @gfp_mask of
200 struct sk_buff *__alloc_skb(unsigned int size, gfp_t gfp_mask,
203 struct kmem_cache *cache;
204 struct skb_shared_info *shinfo;
209 cache = (flags & SKB_ALLOC_FCLONE)
210 ? skbuff_fclone_cache : skbuff_head_cache;
212 if (sk_memalloc_socks() && (flags & SKB_ALLOC_RX))
213 gfp_mask |= __GFP_MEMALLOC;
216 skb = kmem_cache_alloc_node(cache, gfp_mask & ~__GFP_DMA, node);
221 /* We do our best to align skb_shared_info on a separate cache
222 * line. It usually works because kmalloc(X > SMP_CACHE_BYTES) gives
223 * aligned memory blocks, unless SLUB/SLAB debug is enabled.
224 * Both skb->head and skb_shared_info are cache line aligned.
226 size = SKB_DATA_ALIGN(size);
227 size += SKB_DATA_ALIGN(sizeof(struct skb_shared_info));
228 data = kmalloc_reserve(size, gfp_mask, node, &pfmemalloc);
231 /* kmalloc(size) might give us more room than requested.
232 * Put skb_shared_info exactly at the end of allocated zone,
233 * to allow max possible filling before reallocation.
235 size = SKB_WITH_OVERHEAD(ksize(data));
236 prefetchw(data + size);
239 * Only clear those fields we need to clear, not those that we will
240 * actually initialise below. Hence, don't put any more fields after
241 * the tail pointer in struct sk_buff!
243 memset(skb, 0, offsetof(struct sk_buff, tail));
244 /* Account for allocated memory : skb + skb->head */
245 skb->truesize = SKB_TRUESIZE(size);
246 skb->pfmemalloc = pfmemalloc;
247 atomic_set(&skb->users, 1);
250 skb_reset_tail_pointer(skb);
251 skb->end = skb->tail + size;
252 skb->mac_header = (typeof(skb->mac_header))~0U;
253 skb->transport_header = (typeof(skb->transport_header))~0U;
255 /* make sure we initialize shinfo sequentially */
256 shinfo = skb_shinfo(skb);
257 memset(shinfo, 0, offsetof(struct skb_shared_info, dataref));
258 atomic_set(&shinfo->dataref, 1);
259 kmemcheck_annotate_variable(shinfo->destructor_arg);
261 if (flags & SKB_ALLOC_FCLONE) {
262 struct sk_buff_fclones *fclones;
264 fclones = container_of(skb, struct sk_buff_fclones, skb1);
266 kmemcheck_annotate_bitfield(&fclones->skb2, flags1);
267 skb->fclone = SKB_FCLONE_ORIG;
268 atomic_set(&fclones->fclone_ref, 1);
270 fclones->skb2.fclone = SKB_FCLONE_CLONE;
271 fclones->skb2.pfmemalloc = pfmemalloc;
276 kmem_cache_free(cache, skb);
280 EXPORT_SYMBOL(__alloc_skb);
283 * build_skb - build a network buffer
284 * @data: data buffer provided by caller
285 * @frag_size: size of fragment, or 0 if head was kmalloced
287 * Allocate a new &sk_buff. Caller provides space holding head and
288 * skb_shared_info. @data must have been allocated by kmalloc() only if
289 * @frag_size is 0, otherwise data should come from the page allocator.
290 * The return is the new skb buffer.
291 * On a failure the return is %NULL, and @data is not freed.
293 * Before IO, driver allocates only data buffer where NIC put incoming frame
294 * Driver should add room at head (NET_SKB_PAD) and
295 * MUST add room at tail (SKB_DATA_ALIGN(skb_shared_info))
296 * After IO, driver calls build_skb(), to allocate sk_buff and populate it
297 * before giving packet to stack.
298 * RX rings only contains data buffers, not full skbs.
300 struct sk_buff *build_skb(void *data, unsigned int frag_size)
302 struct skb_shared_info *shinfo;
304 unsigned int size = frag_size ? : ksize(data);
306 skb = kmem_cache_alloc(skbuff_head_cache, GFP_ATOMIC);
310 size -= SKB_DATA_ALIGN(sizeof(struct skb_shared_info));
312 memset(skb, 0, offsetof(struct sk_buff, tail));
313 skb->truesize = SKB_TRUESIZE(size);
314 skb->head_frag = frag_size != 0;
315 atomic_set(&skb->users, 1);
318 skb_reset_tail_pointer(skb);
319 skb->end = skb->tail + size;
320 skb->mac_header = (typeof(skb->mac_header))~0U;
321 skb->transport_header = (typeof(skb->transport_header))~0U;
323 /* make sure we initialize shinfo sequentially */
324 shinfo = skb_shinfo(skb);
325 memset(shinfo, 0, offsetof(struct skb_shared_info, dataref));
326 atomic_set(&shinfo->dataref, 1);
327 kmemcheck_annotate_variable(shinfo->destructor_arg);
331 EXPORT_SYMBOL(build_skb);
333 struct netdev_alloc_cache {
334 struct page_frag frag;
335 /* we maintain a pagecount bias, so that we dont dirty cache line
336 * containing page->_count every time we allocate a fragment.
338 unsigned int pagecnt_bias;
340 static DEFINE_PER_CPU(struct netdev_alloc_cache, netdev_alloc_cache);
341 static DEFINE_PER_CPU(struct netdev_alloc_cache, napi_alloc_cache);
343 static struct page *__page_frag_refill(struct netdev_alloc_cache *nc,
346 const unsigned int order = NETDEV_FRAG_PAGE_MAX_ORDER;
347 struct page *page = NULL;
348 gfp_t gfp = gfp_mask;
351 gfp_mask |= __GFP_COMP | __GFP_NOWARN | __GFP_NORETRY;
352 page = alloc_pages_node(NUMA_NO_NODE, gfp_mask, order);
353 nc->frag.size = PAGE_SIZE << (page ? order : 0);
357 page = alloc_pages_node(NUMA_NO_NODE, gfp, 0);
359 nc->frag.page = page;
364 static void *__alloc_page_frag(struct netdev_alloc_cache __percpu *cache,
365 unsigned int fragsz, gfp_t gfp_mask)
367 struct netdev_alloc_cache *nc = this_cpu_ptr(cache);
368 struct page *page = nc->frag.page;
372 if (unlikely(!page)) {
374 page = __page_frag_refill(nc, gfp_mask);
378 /* if size can vary use frag.size else just use PAGE_SIZE */
379 size = NETDEV_FRAG_PAGE_MAX_ORDER ? nc->frag.size : PAGE_SIZE;
381 /* Even if we own the page, we do not use atomic_set().
382 * This would break get_page_unless_zero() users.
384 atomic_add(size - 1, &page->_count);
386 /* reset page count bias and offset to start of new frag */
387 nc->pagecnt_bias = size;
388 nc->frag.offset = size;
391 offset = nc->frag.offset - fragsz;
392 if (unlikely(offset < 0)) {
393 if (!atomic_sub_and_test(nc->pagecnt_bias, &page->_count))
396 /* if size can vary use frag.size else just use PAGE_SIZE */
397 size = NETDEV_FRAG_PAGE_MAX_ORDER ? nc->frag.size : PAGE_SIZE;
399 /* OK, page count is 0, we can safely set it */
400 atomic_set(&page->_count, size);
402 /* reset page count bias and offset to start of new frag */
403 nc->pagecnt_bias = size;
404 offset = size - fragsz;
408 nc->frag.offset = offset;
410 return page_address(page) + offset;
413 static void *__netdev_alloc_frag(unsigned int fragsz, gfp_t gfp_mask)
418 local_irq_save(flags);
419 data = __alloc_page_frag(&netdev_alloc_cache, fragsz, gfp_mask);
420 local_irq_restore(flags);
425 * netdev_alloc_frag - allocate a page fragment
426 * @fragsz: fragment size
428 * Allocates a frag from a page for receive buffer.
429 * Uses GFP_ATOMIC allocations.
431 void *netdev_alloc_frag(unsigned int fragsz)
433 return __netdev_alloc_frag(fragsz, GFP_ATOMIC | __GFP_COLD);
435 EXPORT_SYMBOL(netdev_alloc_frag);
437 static void *__napi_alloc_frag(unsigned int fragsz, gfp_t gfp_mask)
439 return __alloc_page_frag(&napi_alloc_cache, fragsz, gfp_mask);
442 void *napi_alloc_frag(unsigned int fragsz)
444 return __napi_alloc_frag(fragsz, GFP_ATOMIC | __GFP_COLD);
446 EXPORT_SYMBOL(napi_alloc_frag);
449 * __alloc_rx_skb - allocate an skbuff for rx
450 * @length: length to allocate
451 * @gfp_mask: get_free_pages mask, passed to alloc_skb
452 * @flags: If SKB_ALLOC_RX is set, __GFP_MEMALLOC will be used for
453 * allocations in case we have to fallback to __alloc_skb()
454 * If SKB_ALLOC_NAPI is set, page fragment will be allocated
455 * from napi_cache instead of netdev_cache.
457 * Allocate a new &sk_buff and assign it a usage count of one. The
458 * buffer has unspecified headroom built in. Users should allocate
459 * the headroom they think they need without accounting for the
460 * built in space. The built in space is used for optimisations.
462 * %NULL is returned if there is no free memory.
464 static struct sk_buff *__alloc_rx_skb(unsigned int length, gfp_t gfp_mask,
467 struct sk_buff *skb = NULL;
468 unsigned int fragsz = SKB_DATA_ALIGN(length) +
469 SKB_DATA_ALIGN(sizeof(struct skb_shared_info));
471 if (fragsz <= PAGE_SIZE && !(gfp_mask & (__GFP_WAIT | GFP_DMA))) {
474 if (sk_memalloc_socks())
475 gfp_mask |= __GFP_MEMALLOC;
477 data = (flags & SKB_ALLOC_NAPI) ?
478 __napi_alloc_frag(fragsz, gfp_mask) :
479 __netdev_alloc_frag(fragsz, gfp_mask);
482 skb = build_skb(data, fragsz);
484 put_page(virt_to_head_page(data));
487 skb = __alloc_skb(length, gfp_mask,
488 SKB_ALLOC_RX, NUMA_NO_NODE);
494 * __netdev_alloc_skb - allocate an skbuff for rx on a specific device
495 * @dev: network device to receive on
496 * @length: length to allocate
497 * @gfp_mask: get_free_pages mask, passed to alloc_skb
499 * Allocate a new &sk_buff and assign it a usage count of one. The
500 * buffer has NET_SKB_PAD headroom built in. Users should allocate
501 * the headroom they think they need without accounting for the
502 * built in space. The built in space is used for optimisations.
504 * %NULL is returned if there is no free memory.
506 struct sk_buff *__netdev_alloc_skb(struct net_device *dev,
507 unsigned int length, gfp_t gfp_mask)
511 length += NET_SKB_PAD;
512 skb = __alloc_rx_skb(length, gfp_mask, 0);
515 skb_reserve(skb, NET_SKB_PAD);
521 EXPORT_SYMBOL(__netdev_alloc_skb);
524 * __napi_alloc_skb - allocate skbuff for rx in a specific NAPI instance
525 * @napi: napi instance this buffer was allocated for
526 * @length: length to allocate
527 * @gfp_mask: get_free_pages mask, passed to alloc_skb and alloc_pages
529 * Allocate a new sk_buff for use in NAPI receive. This buffer will
530 * attempt to allocate the head from a special reserved region used
531 * only for NAPI Rx allocation. By doing this we can save several
532 * CPU cycles by avoiding having to disable and re-enable IRQs.
534 * %NULL is returned if there is no free memory.
536 struct sk_buff *__napi_alloc_skb(struct napi_struct *napi,
537 unsigned int length, gfp_t gfp_mask)
541 length += NET_SKB_PAD + NET_IP_ALIGN;
542 skb = __alloc_rx_skb(length, gfp_mask, SKB_ALLOC_NAPI);
545 skb_reserve(skb, NET_SKB_PAD + NET_IP_ALIGN);
546 skb->dev = napi->dev;
551 EXPORT_SYMBOL(__napi_alloc_skb);
553 void skb_add_rx_frag(struct sk_buff *skb, int i, struct page *page, int off,
554 int size, unsigned int truesize)
556 skb_fill_page_desc(skb, i, page, off, size);
558 skb->data_len += size;
559 skb->truesize += truesize;
561 EXPORT_SYMBOL(skb_add_rx_frag);
563 void skb_coalesce_rx_frag(struct sk_buff *skb, int i, int size,
564 unsigned int truesize)
566 skb_frag_t *frag = &skb_shinfo(skb)->frags[i];
568 skb_frag_size_add(frag, size);
570 skb->data_len += size;
571 skb->truesize += truesize;
573 EXPORT_SYMBOL(skb_coalesce_rx_frag);
575 static void skb_drop_list(struct sk_buff **listp)
577 kfree_skb_list(*listp);
581 static inline void skb_drop_fraglist(struct sk_buff *skb)
583 skb_drop_list(&skb_shinfo(skb)->frag_list);
586 static void skb_clone_fraglist(struct sk_buff *skb)
588 struct sk_buff *list;
590 skb_walk_frags(skb, list)
594 static void skb_free_head(struct sk_buff *skb)
597 put_page(virt_to_head_page(skb->head));
602 static void skb_release_data(struct sk_buff *skb)
604 struct skb_shared_info *shinfo = skb_shinfo(skb);
608 atomic_sub_return(skb->nohdr ? (1 << SKB_DATAREF_SHIFT) + 1 : 1,
612 for (i = 0; i < shinfo->nr_frags; i++)
613 __skb_frag_unref(&shinfo->frags[i]);
616 * If skb buf is from userspace, we need to notify the caller
617 * the lower device DMA has done;
619 if (shinfo->tx_flags & SKBTX_DEV_ZEROCOPY) {
620 struct ubuf_info *uarg;
622 uarg = shinfo->destructor_arg;
624 uarg->callback(uarg, true);
627 if (shinfo->frag_list)
628 kfree_skb_list(shinfo->frag_list);
634 * Free an skbuff by memory without cleaning the state.
636 static void kfree_skbmem(struct sk_buff *skb)
638 struct sk_buff_fclones *fclones;
640 switch (skb->fclone) {
641 case SKB_FCLONE_UNAVAILABLE:
642 kmem_cache_free(skbuff_head_cache, skb);
645 case SKB_FCLONE_ORIG:
646 fclones = container_of(skb, struct sk_buff_fclones, skb1);
648 /* We usually free the clone (TX completion) before original skb
649 * This test would have no chance to be true for the clone,
650 * while here, branch prediction will be good.
652 if (atomic_read(&fclones->fclone_ref) == 1)
656 default: /* SKB_FCLONE_CLONE */
657 fclones = container_of(skb, struct sk_buff_fclones, skb2);
660 if (!atomic_dec_and_test(&fclones->fclone_ref))
663 kmem_cache_free(skbuff_fclone_cache, fclones);
666 static void skb_release_head_state(struct sk_buff *skb)
670 secpath_put(skb->sp);
672 if (skb->destructor) {
674 skb->destructor(skb);
676 #if IS_ENABLED(CONFIG_NF_CONNTRACK)
677 nf_conntrack_put(skb->nfct);
679 #if IS_ENABLED(CONFIG_BRIDGE_NETFILTER)
680 nf_bridge_put(skb->nf_bridge);
684 /* Free everything but the sk_buff shell. */
685 static void skb_release_all(struct sk_buff *skb)
687 skb_release_head_state(skb);
688 if (likely(skb->head))
689 skb_release_data(skb);
693 * __kfree_skb - private function
696 * Free an sk_buff. Release anything attached to the buffer.
697 * Clean the state. This is an internal helper function. Users should
698 * always call kfree_skb
701 void __kfree_skb(struct sk_buff *skb)
703 skb_release_all(skb);
706 EXPORT_SYMBOL(__kfree_skb);
709 * kfree_skb - free an sk_buff
710 * @skb: buffer to free
712 * Drop a reference to the buffer and free it if the usage count has
715 void kfree_skb(struct sk_buff *skb)
719 if (likely(atomic_read(&skb->users) == 1))
721 else if (likely(!atomic_dec_and_test(&skb->users)))
723 trace_kfree_skb(skb, __builtin_return_address(0));
726 EXPORT_SYMBOL(kfree_skb);
728 void kfree_skb_list(struct sk_buff *segs)
731 struct sk_buff *next = segs->next;
737 EXPORT_SYMBOL(kfree_skb_list);
740 * skb_tx_error - report an sk_buff xmit error
741 * @skb: buffer that triggered an error
743 * Report xmit error if a device callback is tracking this skb.
744 * skb must be freed afterwards.
746 void skb_tx_error(struct sk_buff *skb)
748 if (skb_shinfo(skb)->tx_flags & SKBTX_DEV_ZEROCOPY) {
749 struct ubuf_info *uarg;
751 uarg = skb_shinfo(skb)->destructor_arg;
753 uarg->callback(uarg, false);
754 skb_shinfo(skb)->tx_flags &= ~SKBTX_DEV_ZEROCOPY;
757 EXPORT_SYMBOL(skb_tx_error);
760 * consume_skb - free an skbuff
761 * @skb: buffer to free
763 * Drop a ref to the buffer and free it if the usage count has hit zero
764 * Functions identically to kfree_skb, but kfree_skb assumes that the frame
765 * is being dropped after a failure and notes that
767 void consume_skb(struct sk_buff *skb)
771 if (likely(atomic_read(&skb->users) == 1))
773 else if (likely(!atomic_dec_and_test(&skb->users)))
775 trace_consume_skb(skb);
778 EXPORT_SYMBOL(consume_skb);
780 /* Make sure a field is enclosed inside headers_start/headers_end section */
781 #define CHECK_SKB_FIELD(field) \
782 BUILD_BUG_ON(offsetof(struct sk_buff, field) < \
783 offsetof(struct sk_buff, headers_start)); \
784 BUILD_BUG_ON(offsetof(struct sk_buff, field) > \
785 offsetof(struct sk_buff, headers_end)); \
787 static void __copy_skb_header(struct sk_buff *new, const struct sk_buff *old)
789 new->tstamp = old->tstamp;
790 /* We do not copy old->sk */
792 memcpy(new->cb, old->cb, sizeof(old->cb));
793 skb_dst_copy(new, old);
795 new->sp = secpath_get(old->sp);
797 __nf_copy(new, old, false);
799 /* Note : this field could be in headers_start/headers_end section
800 * It is not yet because we do not want to have a 16 bit hole
802 new->queue_mapping = old->queue_mapping;
804 memcpy(&new->headers_start, &old->headers_start,
805 offsetof(struct sk_buff, headers_end) -
806 offsetof(struct sk_buff, headers_start));
807 CHECK_SKB_FIELD(protocol);
808 CHECK_SKB_FIELD(csum);
809 CHECK_SKB_FIELD(hash);
810 CHECK_SKB_FIELD(priority);
811 CHECK_SKB_FIELD(skb_iif);
812 CHECK_SKB_FIELD(vlan_proto);
813 CHECK_SKB_FIELD(vlan_tci);
814 CHECK_SKB_FIELD(transport_header);
815 CHECK_SKB_FIELD(network_header);
816 CHECK_SKB_FIELD(mac_header);
817 CHECK_SKB_FIELD(inner_protocol);
818 CHECK_SKB_FIELD(inner_transport_header);
819 CHECK_SKB_FIELD(inner_network_header);
820 CHECK_SKB_FIELD(inner_mac_header);
821 CHECK_SKB_FIELD(mark);
822 #ifdef CONFIG_NETWORK_SECMARK
823 CHECK_SKB_FIELD(secmark);
825 #ifdef CONFIG_NET_RX_BUSY_POLL
826 CHECK_SKB_FIELD(napi_id);
829 CHECK_SKB_FIELD(sender_cpu);
831 #ifdef CONFIG_NET_SCHED
832 CHECK_SKB_FIELD(tc_index);
833 #ifdef CONFIG_NET_CLS_ACT
834 CHECK_SKB_FIELD(tc_verd);
841 * You should not add any new code to this function. Add it to
842 * __copy_skb_header above instead.
844 static struct sk_buff *__skb_clone(struct sk_buff *n, struct sk_buff *skb)
846 #define C(x) n->x = skb->x
848 n->next = n->prev = NULL;
850 __copy_skb_header(n, skb);
855 n->hdr_len = skb->nohdr ? skb_headroom(skb) : skb->hdr_len;
858 n->destructor = NULL;
865 atomic_set(&n->users, 1);
867 atomic_inc(&(skb_shinfo(skb)->dataref));
875 * skb_morph - morph one skb into another
876 * @dst: the skb to receive the contents
877 * @src: the skb to supply the contents
879 * This is identical to skb_clone except that the target skb is
880 * supplied by the user.
882 * The target skb is returned upon exit.
884 struct sk_buff *skb_morph(struct sk_buff *dst, struct sk_buff *src)
886 skb_release_all(dst);
887 return __skb_clone(dst, src);
889 EXPORT_SYMBOL_GPL(skb_morph);
892 * skb_copy_ubufs - copy userspace skb frags buffers to kernel
893 * @skb: the skb to modify
894 * @gfp_mask: allocation priority
896 * This must be called on SKBTX_DEV_ZEROCOPY skb.
897 * It will copy all frags into kernel and drop the reference
898 * to userspace pages.
900 * If this function is called from an interrupt gfp_mask() must be
903 * Returns 0 on success or a negative error code on failure
904 * to allocate kernel memory to copy to.
906 int skb_copy_ubufs(struct sk_buff *skb, gfp_t gfp_mask)
909 int num_frags = skb_shinfo(skb)->nr_frags;
910 struct page *page, *head = NULL;
911 struct ubuf_info *uarg = skb_shinfo(skb)->destructor_arg;
913 for (i = 0; i < num_frags; i++) {
915 skb_frag_t *f = &skb_shinfo(skb)->frags[i];
917 page = alloc_page(gfp_mask);
920 struct page *next = (struct page *)page_private(head);
926 vaddr = kmap_atomic(skb_frag_page(f));
927 memcpy(page_address(page),
928 vaddr + f->page_offset, skb_frag_size(f));
929 kunmap_atomic(vaddr);
930 set_page_private(page, (unsigned long)head);
934 /* skb frags release userspace buffers */
935 for (i = 0; i < num_frags; i++)
936 skb_frag_unref(skb, i);
938 uarg->callback(uarg, false);
940 /* skb frags point to kernel buffers */
941 for (i = num_frags - 1; i >= 0; i--) {
942 __skb_fill_page_desc(skb, i, head, 0,
943 skb_shinfo(skb)->frags[i].size);
944 head = (struct page *)page_private(head);
947 skb_shinfo(skb)->tx_flags &= ~SKBTX_DEV_ZEROCOPY;
950 EXPORT_SYMBOL_GPL(skb_copy_ubufs);
953 * skb_clone - duplicate an sk_buff
954 * @skb: buffer to clone
955 * @gfp_mask: allocation priority
957 * Duplicate an &sk_buff. The new one is not owned by a socket. Both
958 * copies share the same packet data but not structure. The new
959 * buffer has a reference count of 1. If the allocation fails the
960 * function returns %NULL otherwise the new buffer is returned.
962 * If this function is called from an interrupt gfp_mask() must be
966 struct sk_buff *skb_clone(struct sk_buff *skb, gfp_t gfp_mask)
968 struct sk_buff_fclones *fclones = container_of(skb,
969 struct sk_buff_fclones,
973 if (skb_orphan_frags(skb, gfp_mask))
976 if (skb->fclone == SKB_FCLONE_ORIG &&
977 atomic_read(&fclones->fclone_ref) == 1) {
979 atomic_set(&fclones->fclone_ref, 2);
981 if (skb_pfmemalloc(skb))
982 gfp_mask |= __GFP_MEMALLOC;
984 n = kmem_cache_alloc(skbuff_head_cache, gfp_mask);
988 kmemcheck_annotate_bitfield(n, flags1);
989 n->fclone = SKB_FCLONE_UNAVAILABLE;
992 return __skb_clone(n, skb);
994 EXPORT_SYMBOL(skb_clone);
996 static void skb_headers_offset_update(struct sk_buff *skb, int off)
998 /* Only adjust this if it actually is csum_start rather than csum */
999 if (skb->ip_summed == CHECKSUM_PARTIAL)
1000 skb->csum_start += off;
1001 /* {transport,network,mac}_header and tail are relative to skb->head */
1002 skb->transport_header += off;
1003 skb->network_header += off;
1004 if (skb_mac_header_was_set(skb))
1005 skb->mac_header += off;
1006 skb->inner_transport_header += off;
1007 skb->inner_network_header += off;
1008 skb->inner_mac_header += off;
1011 static void copy_skb_header(struct sk_buff *new, const struct sk_buff *old)
1013 __copy_skb_header(new, old);
1015 skb_shinfo(new)->gso_size = skb_shinfo(old)->gso_size;
1016 skb_shinfo(new)->gso_segs = skb_shinfo(old)->gso_segs;
1017 skb_shinfo(new)->gso_type = skb_shinfo(old)->gso_type;
1020 static inline int skb_alloc_rx_flag(const struct sk_buff *skb)
1022 if (skb_pfmemalloc(skb))
1023 return SKB_ALLOC_RX;
1028 * skb_copy - create private copy of an sk_buff
1029 * @skb: buffer to copy
1030 * @gfp_mask: allocation priority
1032 * Make a copy of both an &sk_buff and its data. This is used when the
1033 * caller wishes to modify the data and needs a private copy of the
1034 * data to alter. Returns %NULL on failure or the pointer to the buffer
1035 * on success. The returned buffer has a reference count of 1.
1037 * As by-product this function converts non-linear &sk_buff to linear
1038 * one, so that &sk_buff becomes completely private and caller is allowed
1039 * to modify all the data of returned buffer. This means that this
1040 * function is not recommended for use in circumstances when only
1041 * header is going to be modified. Use pskb_copy() instead.
1044 struct sk_buff *skb_copy(const struct sk_buff *skb, gfp_t gfp_mask)
1046 int headerlen = skb_headroom(skb);
1047 unsigned int size = skb_end_offset(skb) + skb->data_len;
1048 struct sk_buff *n = __alloc_skb(size, gfp_mask,
1049 skb_alloc_rx_flag(skb), NUMA_NO_NODE);
1054 /* Set the data pointer */
1055 skb_reserve(n, headerlen);
1056 /* Set the tail pointer and length */
1057 skb_put(n, skb->len);
1059 if (skb_copy_bits(skb, -headerlen, n->head, headerlen + skb->len))
1062 copy_skb_header(n, skb);
1065 EXPORT_SYMBOL(skb_copy);
1068 * __pskb_copy_fclone - create copy of an sk_buff with private head.
1069 * @skb: buffer to copy
1070 * @headroom: headroom of new skb
1071 * @gfp_mask: allocation priority
1072 * @fclone: if true allocate the copy of the skb from the fclone
1073 * cache instead of the head cache; it is recommended to set this
1074 * to true for the cases where the copy will likely be cloned
1076 * Make a copy of both an &sk_buff and part of its data, located
1077 * in header. Fragmented data remain shared. This is used when
1078 * the caller wishes to modify only header of &sk_buff and needs
1079 * private copy of the header to alter. Returns %NULL on failure
1080 * or the pointer to the buffer on success.
1081 * The returned buffer has a reference count of 1.
1084 struct sk_buff *__pskb_copy_fclone(struct sk_buff *skb, int headroom,
1085 gfp_t gfp_mask, bool fclone)
1087 unsigned int size = skb_headlen(skb) + headroom;
1088 int flags = skb_alloc_rx_flag(skb) | (fclone ? SKB_ALLOC_FCLONE : 0);
1089 struct sk_buff *n = __alloc_skb(size, gfp_mask, flags, NUMA_NO_NODE);
1094 /* Set the data pointer */
1095 skb_reserve(n, headroom);
1096 /* Set the tail pointer and length */
1097 skb_put(n, skb_headlen(skb));
1098 /* Copy the bytes */
1099 skb_copy_from_linear_data(skb, n->data, n->len);
1101 n->truesize += skb->data_len;
1102 n->data_len = skb->data_len;
1105 if (skb_shinfo(skb)->nr_frags) {
1108 if (skb_orphan_frags(skb, gfp_mask)) {
1113 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
1114 skb_shinfo(n)->frags[i] = skb_shinfo(skb)->frags[i];
1115 skb_frag_ref(skb, i);
1117 skb_shinfo(n)->nr_frags = i;
1120 if (skb_has_frag_list(skb)) {
1121 skb_shinfo(n)->frag_list = skb_shinfo(skb)->frag_list;
1122 skb_clone_fraglist(n);
1125 copy_skb_header(n, skb);
1129 EXPORT_SYMBOL(__pskb_copy_fclone);
1132 * pskb_expand_head - reallocate header of &sk_buff
1133 * @skb: buffer to reallocate
1134 * @nhead: room to add at head
1135 * @ntail: room to add at tail
1136 * @gfp_mask: allocation priority
1138 * Expands (or creates identical copy, if @nhead and @ntail are zero)
1139 * header of @skb. &sk_buff itself is not changed. &sk_buff MUST have
1140 * reference count of 1. Returns zero in the case of success or error,
1141 * if expansion failed. In the last case, &sk_buff is not changed.
1143 * All the pointers pointing into skb header may change and must be
1144 * reloaded after call to this function.
1147 int pskb_expand_head(struct sk_buff *skb, int nhead, int ntail,
1152 int size = nhead + skb_end_offset(skb) + ntail;
1157 if (skb_shared(skb))
1160 size = SKB_DATA_ALIGN(size);
1162 if (skb_pfmemalloc(skb))
1163 gfp_mask |= __GFP_MEMALLOC;
1164 data = kmalloc_reserve(size + SKB_DATA_ALIGN(sizeof(struct skb_shared_info)),
1165 gfp_mask, NUMA_NO_NODE, NULL);
1168 size = SKB_WITH_OVERHEAD(ksize(data));
1170 /* Copy only real data... and, alas, header. This should be
1171 * optimized for the cases when header is void.
1173 memcpy(data + nhead, skb->head, skb_tail_pointer(skb) - skb->head);
1175 memcpy((struct skb_shared_info *)(data + size),
1177 offsetof(struct skb_shared_info, frags[skb_shinfo(skb)->nr_frags]));
1180 * if shinfo is shared we must drop the old head gracefully, but if it
1181 * is not we can just drop the old head and let the existing refcount
1182 * be since all we did is relocate the values
1184 if (skb_cloned(skb)) {
1185 /* copy this zero copy skb frags */
1186 if (skb_orphan_frags(skb, gfp_mask))
1188 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++)
1189 skb_frag_ref(skb, i);
1191 if (skb_has_frag_list(skb))
1192 skb_clone_fraglist(skb);
1194 skb_release_data(skb);
1198 off = (data + nhead) - skb->head;
1203 #ifdef NET_SKBUFF_DATA_USES_OFFSET
1207 skb->end = skb->head + size;
1210 skb_headers_offset_update(skb, nhead);
1214 atomic_set(&skb_shinfo(skb)->dataref, 1);
1222 EXPORT_SYMBOL(pskb_expand_head);
1224 /* Make private copy of skb with writable head and some headroom */
1226 struct sk_buff *skb_realloc_headroom(struct sk_buff *skb, unsigned int headroom)
1228 struct sk_buff *skb2;
1229 int delta = headroom - skb_headroom(skb);
1232 skb2 = pskb_copy(skb, GFP_ATOMIC);
1234 skb2 = skb_clone(skb, GFP_ATOMIC);
1235 if (skb2 && pskb_expand_head(skb2, SKB_DATA_ALIGN(delta), 0,
1243 EXPORT_SYMBOL(skb_realloc_headroom);
1246 * skb_copy_expand - copy and expand sk_buff
1247 * @skb: buffer to copy
1248 * @newheadroom: new free bytes at head
1249 * @newtailroom: new free bytes at tail
1250 * @gfp_mask: allocation priority
1252 * Make a copy of both an &sk_buff and its data and while doing so
1253 * allocate additional space.
1255 * This is used when the caller wishes to modify the data and needs a
1256 * private copy of the data to alter as well as more space for new fields.
1257 * Returns %NULL on failure or the pointer to the buffer
1258 * on success. The returned buffer has a reference count of 1.
1260 * You must pass %GFP_ATOMIC as the allocation priority if this function
1261 * is called from an interrupt.
1263 struct sk_buff *skb_copy_expand(const struct sk_buff *skb,
1264 int newheadroom, int newtailroom,
1268 * Allocate the copy buffer
1270 struct sk_buff *n = __alloc_skb(newheadroom + skb->len + newtailroom,
1271 gfp_mask, skb_alloc_rx_flag(skb),
1273 int oldheadroom = skb_headroom(skb);
1274 int head_copy_len, head_copy_off;
1279 skb_reserve(n, newheadroom);
1281 /* Set the tail pointer and length */
1282 skb_put(n, skb->len);
1284 head_copy_len = oldheadroom;
1286 if (newheadroom <= head_copy_len)
1287 head_copy_len = newheadroom;
1289 head_copy_off = newheadroom - head_copy_len;
1291 /* Copy the linear header and data. */
1292 if (skb_copy_bits(skb, -head_copy_len, n->head + head_copy_off,
1293 skb->len + head_copy_len))
1296 copy_skb_header(n, skb);
1298 skb_headers_offset_update(n, newheadroom - oldheadroom);
1302 EXPORT_SYMBOL(skb_copy_expand);
1305 * skb_pad - zero pad the tail of an skb
1306 * @skb: buffer to pad
1307 * @pad: space to pad
1309 * Ensure that a buffer is followed by a padding area that is zero
1310 * filled. Used by network drivers which may DMA or transfer data
1311 * beyond the buffer end onto the wire.
1313 * May return error in out of memory cases. The skb is freed on error.
1316 int skb_pad(struct sk_buff *skb, int pad)
1321 /* If the skbuff is non linear tailroom is always zero.. */
1322 if (!skb_cloned(skb) && skb_tailroom(skb) >= pad) {
1323 memset(skb->data+skb->len, 0, pad);
1327 ntail = skb->data_len + pad - (skb->end - skb->tail);
1328 if (likely(skb_cloned(skb) || ntail > 0)) {
1329 err = pskb_expand_head(skb, 0, ntail, GFP_ATOMIC);
1334 /* FIXME: The use of this function with non-linear skb's really needs
1337 err = skb_linearize(skb);
1341 memset(skb->data + skb->len, 0, pad);
1348 EXPORT_SYMBOL(skb_pad);
1351 * pskb_put - add data to the tail of a potentially fragmented buffer
1352 * @skb: start of the buffer to use
1353 * @tail: tail fragment of the buffer to use
1354 * @len: amount of data to add
1356 * This function extends the used data area of the potentially
1357 * fragmented buffer. @tail must be the last fragment of @skb -- or
1358 * @skb itself. If this would exceed the total buffer size the kernel
1359 * will panic. A pointer to the first byte of the extra data is
1363 unsigned char *pskb_put(struct sk_buff *skb, struct sk_buff *tail, int len)
1366 skb->data_len += len;
1369 return skb_put(tail, len);
1371 EXPORT_SYMBOL_GPL(pskb_put);
1374 * skb_put - add data to a buffer
1375 * @skb: buffer to use
1376 * @len: amount of data to add
1378 * This function extends the used data area of the buffer. If this would
1379 * exceed the total buffer size the kernel will panic. A pointer to the
1380 * first byte of the extra data is returned.
1382 unsigned char *skb_put(struct sk_buff *skb, unsigned int len)
1384 unsigned char *tmp = skb_tail_pointer(skb);
1385 SKB_LINEAR_ASSERT(skb);
1388 if (unlikely(skb->tail > skb->end))
1389 skb_over_panic(skb, len, __builtin_return_address(0));
1392 EXPORT_SYMBOL(skb_put);
1395 * skb_push - add data to the start of a buffer
1396 * @skb: buffer to use
1397 * @len: amount of data to add
1399 * This function extends the used data area of the buffer at the buffer
1400 * start. If this would exceed the total buffer headroom the kernel will
1401 * panic. A pointer to the first byte of the extra data is returned.
1403 unsigned char *skb_push(struct sk_buff *skb, unsigned int len)
1407 if (unlikely(skb->data<skb->head))
1408 skb_under_panic(skb, len, __builtin_return_address(0));
1411 EXPORT_SYMBOL(skb_push);
1414 * skb_pull - remove data from the start of a buffer
1415 * @skb: buffer to use
1416 * @len: amount of data to remove
1418 * This function removes data from the start of a buffer, returning
1419 * the memory to the headroom. A pointer to the next data in the buffer
1420 * is returned. Once the data has been pulled future pushes will overwrite
1423 unsigned char *skb_pull(struct sk_buff *skb, unsigned int len)
1425 return skb_pull_inline(skb, len);
1427 EXPORT_SYMBOL(skb_pull);
1430 * skb_trim - remove end from a buffer
1431 * @skb: buffer to alter
1434 * Cut the length of a buffer down by removing data from the tail. If
1435 * the buffer is already under the length specified it is not modified.
1436 * The skb must be linear.
1438 void skb_trim(struct sk_buff *skb, unsigned int len)
1441 __skb_trim(skb, len);
1443 EXPORT_SYMBOL(skb_trim);
1445 /* Trims skb to length len. It can change skb pointers.
1448 int ___pskb_trim(struct sk_buff *skb, unsigned int len)
1450 struct sk_buff **fragp;
1451 struct sk_buff *frag;
1452 int offset = skb_headlen(skb);
1453 int nfrags = skb_shinfo(skb)->nr_frags;
1457 if (skb_cloned(skb) &&
1458 unlikely((err = pskb_expand_head(skb, 0, 0, GFP_ATOMIC))))
1465 for (; i < nfrags; i++) {
1466 int end = offset + skb_frag_size(&skb_shinfo(skb)->frags[i]);
1473 skb_frag_size_set(&skb_shinfo(skb)->frags[i++], len - offset);
1476 skb_shinfo(skb)->nr_frags = i;
1478 for (; i < nfrags; i++)
1479 skb_frag_unref(skb, i);
1481 if (skb_has_frag_list(skb))
1482 skb_drop_fraglist(skb);
1486 for (fragp = &skb_shinfo(skb)->frag_list; (frag = *fragp);
1487 fragp = &frag->next) {
1488 int end = offset + frag->len;
1490 if (skb_shared(frag)) {
1491 struct sk_buff *nfrag;
1493 nfrag = skb_clone(frag, GFP_ATOMIC);
1494 if (unlikely(!nfrag))
1497 nfrag->next = frag->next;
1509 unlikely((err = pskb_trim(frag, len - offset))))
1513 skb_drop_list(&frag->next);
1518 if (len > skb_headlen(skb)) {
1519 skb->data_len -= skb->len - len;
1524 skb_set_tail_pointer(skb, len);
1529 EXPORT_SYMBOL(___pskb_trim);
1532 * __pskb_pull_tail - advance tail of skb header
1533 * @skb: buffer to reallocate
1534 * @delta: number of bytes to advance tail
1536 * The function makes a sense only on a fragmented &sk_buff,
1537 * it expands header moving its tail forward and copying necessary
1538 * data from fragmented part.
1540 * &sk_buff MUST have reference count of 1.
1542 * Returns %NULL (and &sk_buff does not change) if pull failed
1543 * or value of new tail of skb in the case of success.
1545 * All the pointers pointing into skb header may change and must be
1546 * reloaded after call to this function.
1549 /* Moves tail of skb head forward, copying data from fragmented part,
1550 * when it is necessary.
1551 * 1. It may fail due to malloc failure.
1552 * 2. It may change skb pointers.
1554 * It is pretty complicated. Luckily, it is called only in exceptional cases.
1556 unsigned char *__pskb_pull_tail(struct sk_buff *skb, int delta)
1558 /* If skb has not enough free space at tail, get new one
1559 * plus 128 bytes for future expansions. If we have enough
1560 * room at tail, reallocate without expansion only if skb is cloned.
1562 int i, k, eat = (skb->tail + delta) - skb->end;
1564 if (eat > 0 || skb_cloned(skb)) {
1565 if (pskb_expand_head(skb, 0, eat > 0 ? eat + 128 : 0,
1570 if (skb_copy_bits(skb, skb_headlen(skb), skb_tail_pointer(skb), delta))
1573 /* Optimization: no fragments, no reasons to preestimate
1574 * size of pulled pages. Superb.
1576 if (!skb_has_frag_list(skb))
1579 /* Estimate size of pulled pages. */
1581 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
1582 int size = skb_frag_size(&skb_shinfo(skb)->frags[i]);
1589 /* If we need update frag list, we are in troubles.
1590 * Certainly, it possible to add an offset to skb data,
1591 * but taking into account that pulling is expected to
1592 * be very rare operation, it is worth to fight against
1593 * further bloating skb head and crucify ourselves here instead.
1594 * Pure masohism, indeed. 8)8)
1597 struct sk_buff *list = skb_shinfo(skb)->frag_list;
1598 struct sk_buff *clone = NULL;
1599 struct sk_buff *insp = NULL;
1604 if (list->len <= eat) {
1605 /* Eaten as whole. */
1610 /* Eaten partially. */
1612 if (skb_shared(list)) {
1613 /* Sucks! We need to fork list. :-( */
1614 clone = skb_clone(list, GFP_ATOMIC);
1620 /* This may be pulled without
1624 if (!pskb_pull(list, eat)) {
1632 /* Free pulled out fragments. */
1633 while ((list = skb_shinfo(skb)->frag_list) != insp) {
1634 skb_shinfo(skb)->frag_list = list->next;
1637 /* And insert new clone at head. */
1640 skb_shinfo(skb)->frag_list = clone;
1643 /* Success! Now we may commit changes to skb data. */
1648 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
1649 int size = skb_frag_size(&skb_shinfo(skb)->frags[i]);
1652 skb_frag_unref(skb, i);
1655 skb_shinfo(skb)->frags[k] = skb_shinfo(skb)->frags[i];
1657 skb_shinfo(skb)->frags[k].page_offset += eat;
1658 skb_frag_size_sub(&skb_shinfo(skb)->frags[k], eat);
1664 skb_shinfo(skb)->nr_frags = k;
1667 skb->data_len -= delta;
1669 return skb_tail_pointer(skb);
1671 EXPORT_SYMBOL(__pskb_pull_tail);
1674 * skb_copy_bits - copy bits from skb to kernel buffer
1676 * @offset: offset in source
1677 * @to: destination buffer
1678 * @len: number of bytes to copy
1680 * Copy the specified number of bytes from the source skb to the
1681 * destination buffer.
1684 * If its prototype is ever changed,
1685 * check arch/{*}/net/{*}.S files,
1686 * since it is called from BPF assembly code.
1688 int skb_copy_bits(const struct sk_buff *skb, int offset, void *to, int len)
1690 int start = skb_headlen(skb);
1691 struct sk_buff *frag_iter;
1694 if (offset > (int)skb->len - len)
1698 if ((copy = start - offset) > 0) {
1701 skb_copy_from_linear_data_offset(skb, offset, to, copy);
1702 if ((len -= copy) == 0)
1708 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
1710 skb_frag_t *f = &skb_shinfo(skb)->frags[i];
1712 WARN_ON(start > offset + len);
1714 end = start + skb_frag_size(f);
1715 if ((copy = end - offset) > 0) {
1721 vaddr = kmap_atomic(skb_frag_page(f));
1723 vaddr + f->page_offset + offset - start,
1725 kunmap_atomic(vaddr);
1727 if ((len -= copy) == 0)
1735 skb_walk_frags(skb, frag_iter) {
1738 WARN_ON(start > offset + len);
1740 end = start + frag_iter->len;
1741 if ((copy = end - offset) > 0) {
1744 if (skb_copy_bits(frag_iter, offset - start, to, copy))
1746 if ((len -= copy) == 0)
1760 EXPORT_SYMBOL(skb_copy_bits);
1763 * Callback from splice_to_pipe(), if we need to release some pages
1764 * at the end of the spd in case we error'ed out in filling the pipe.
1766 static void sock_spd_release(struct splice_pipe_desc *spd, unsigned int i)
1768 put_page(spd->pages[i]);
1771 static struct page *linear_to_page(struct page *page, unsigned int *len,
1772 unsigned int *offset,
1775 struct page_frag *pfrag = sk_page_frag(sk);
1777 if (!sk_page_frag_refill(sk, pfrag))
1780 *len = min_t(unsigned int, *len, pfrag->size - pfrag->offset);
1782 memcpy(page_address(pfrag->page) + pfrag->offset,
1783 page_address(page) + *offset, *len);
1784 *offset = pfrag->offset;
1785 pfrag->offset += *len;
1790 static bool spd_can_coalesce(const struct splice_pipe_desc *spd,
1792 unsigned int offset)
1794 return spd->nr_pages &&
1795 spd->pages[spd->nr_pages - 1] == page &&
1796 (spd->partial[spd->nr_pages - 1].offset +
1797 spd->partial[spd->nr_pages - 1].len == offset);
1801 * Fill page/offset/length into spd, if it can hold more pages.
1803 static bool spd_fill_page(struct splice_pipe_desc *spd,
1804 struct pipe_inode_info *pipe, struct page *page,
1805 unsigned int *len, unsigned int offset,
1809 if (unlikely(spd->nr_pages == MAX_SKB_FRAGS))
1813 page = linear_to_page(page, len, &offset, sk);
1817 if (spd_can_coalesce(spd, page, offset)) {
1818 spd->partial[spd->nr_pages - 1].len += *len;
1822 spd->pages[spd->nr_pages] = page;
1823 spd->partial[spd->nr_pages].len = *len;
1824 spd->partial[spd->nr_pages].offset = offset;
1830 static bool __splice_segment(struct page *page, unsigned int poff,
1831 unsigned int plen, unsigned int *off,
1833 struct splice_pipe_desc *spd, bool linear,
1835 struct pipe_inode_info *pipe)
1840 /* skip this segment if already processed */
1846 /* ignore any bits we already processed */
1852 unsigned int flen = min(*len, plen);
1854 if (spd_fill_page(spd, pipe, page, &flen, poff,
1860 } while (*len && plen);
1866 * Map linear and fragment data from the skb to spd. It reports true if the
1867 * pipe is full or if we already spliced the requested length.
1869 static bool __skb_splice_bits(struct sk_buff *skb, struct pipe_inode_info *pipe,
1870 unsigned int *offset, unsigned int *len,
1871 struct splice_pipe_desc *spd, struct sock *sk)
1875 /* map the linear part :
1876 * If skb->head_frag is set, this 'linear' part is backed by a
1877 * fragment, and if the head is not shared with any clones then
1878 * we can avoid a copy since we own the head portion of this page.
1880 if (__splice_segment(virt_to_page(skb->data),
1881 (unsigned long) skb->data & (PAGE_SIZE - 1),
1884 skb_head_is_locked(skb),
1889 * then map the fragments
1891 for (seg = 0; seg < skb_shinfo(skb)->nr_frags; seg++) {
1892 const skb_frag_t *f = &skb_shinfo(skb)->frags[seg];
1894 if (__splice_segment(skb_frag_page(f),
1895 f->page_offset, skb_frag_size(f),
1896 offset, len, spd, false, sk, pipe))
1904 * Map data from the skb to a pipe. Should handle both the linear part,
1905 * the fragments, and the frag list. It does NOT handle frag lists within
1906 * the frag list, if such a thing exists. We'd probably need to recurse to
1907 * handle that cleanly.
1909 int skb_splice_bits(struct sk_buff *skb, unsigned int offset,
1910 struct pipe_inode_info *pipe, unsigned int tlen,
1913 struct partial_page partial[MAX_SKB_FRAGS];
1914 struct page *pages[MAX_SKB_FRAGS];
1915 struct splice_pipe_desc spd = {
1918 .nr_pages_max = MAX_SKB_FRAGS,
1920 .ops = &nosteal_pipe_buf_ops,
1921 .spd_release = sock_spd_release,
1923 struct sk_buff *frag_iter;
1924 struct sock *sk = skb->sk;
1928 * __skb_splice_bits() only fails if the output has no room left,
1929 * so no point in going over the frag_list for the error case.
1931 if (__skb_splice_bits(skb, pipe, &offset, &tlen, &spd, sk))
1937 * now see if we have a frag_list to map
1939 skb_walk_frags(skb, frag_iter) {
1942 if (__skb_splice_bits(frag_iter, pipe, &offset, &tlen, &spd, sk))
1949 * Drop the socket lock, otherwise we have reverse
1950 * locking dependencies between sk_lock and i_mutex
1951 * here as compared to sendfile(). We enter here
1952 * with the socket lock held, and splice_to_pipe() will
1953 * grab the pipe inode lock. For sendfile() emulation,
1954 * we call into ->sendpage() with the i_mutex lock held
1955 * and networking will grab the socket lock.
1958 ret = splice_to_pipe(pipe, &spd);
1966 * skb_store_bits - store bits from kernel buffer to skb
1967 * @skb: destination buffer
1968 * @offset: offset in destination
1969 * @from: source buffer
1970 * @len: number of bytes to copy
1972 * Copy the specified number of bytes from the source buffer to the
1973 * destination skb. This function handles all the messy bits of
1974 * traversing fragment lists and such.
1977 int skb_store_bits(struct sk_buff *skb, int offset, const void *from, int len)
1979 int start = skb_headlen(skb);
1980 struct sk_buff *frag_iter;
1983 if (offset > (int)skb->len - len)
1986 if ((copy = start - offset) > 0) {
1989 skb_copy_to_linear_data_offset(skb, offset, from, copy);
1990 if ((len -= copy) == 0)
1996 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
1997 skb_frag_t *frag = &skb_shinfo(skb)->frags[i];
2000 WARN_ON(start > offset + len);
2002 end = start + skb_frag_size(frag);
2003 if ((copy = end - offset) > 0) {
2009 vaddr = kmap_atomic(skb_frag_page(frag));
2010 memcpy(vaddr + frag->page_offset + offset - start,
2012 kunmap_atomic(vaddr);
2014 if ((len -= copy) == 0)
2022 skb_walk_frags(skb, frag_iter) {
2025 WARN_ON(start > offset + len);
2027 end = start + frag_iter->len;
2028 if ((copy = end - offset) > 0) {
2031 if (skb_store_bits(frag_iter, offset - start,
2034 if ((len -= copy) == 0)
2047 EXPORT_SYMBOL(skb_store_bits);
2049 /* Checksum skb data. */
2050 __wsum __skb_checksum(const struct sk_buff *skb, int offset, int len,
2051 __wsum csum, const struct skb_checksum_ops *ops)
2053 int start = skb_headlen(skb);
2054 int i, copy = start - offset;
2055 struct sk_buff *frag_iter;
2058 /* Checksum header. */
2062 csum = ops->update(skb->data + offset, copy, csum);
2063 if ((len -= copy) == 0)
2069 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
2071 skb_frag_t *frag = &skb_shinfo(skb)->frags[i];
2073 WARN_ON(start > offset + len);
2075 end = start + skb_frag_size(frag);
2076 if ((copy = end - offset) > 0) {
2082 vaddr = kmap_atomic(skb_frag_page(frag));
2083 csum2 = ops->update(vaddr + frag->page_offset +
2084 offset - start, copy, 0);
2085 kunmap_atomic(vaddr);
2086 csum = ops->combine(csum, csum2, pos, copy);
2095 skb_walk_frags(skb, frag_iter) {
2098 WARN_ON(start > offset + len);
2100 end = start + frag_iter->len;
2101 if ((copy = end - offset) > 0) {
2105 csum2 = __skb_checksum(frag_iter, offset - start,
2107 csum = ops->combine(csum, csum2, pos, copy);
2108 if ((len -= copy) == 0)
2119 EXPORT_SYMBOL(__skb_checksum);
2121 __wsum skb_checksum(const struct sk_buff *skb, int offset,
2122 int len, __wsum csum)
2124 const struct skb_checksum_ops ops = {
2125 .update = csum_partial_ext,
2126 .combine = csum_block_add_ext,
2129 return __skb_checksum(skb, offset, len, csum, &ops);
2131 EXPORT_SYMBOL(skb_checksum);
2133 /* Both of above in one bottle. */
2135 __wsum skb_copy_and_csum_bits(const struct sk_buff *skb, int offset,
2136 u8 *to, int len, __wsum csum)
2138 int start = skb_headlen(skb);
2139 int i, copy = start - offset;
2140 struct sk_buff *frag_iter;
2147 csum = csum_partial_copy_nocheck(skb->data + offset, to,
2149 if ((len -= copy) == 0)
2156 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
2159 WARN_ON(start > offset + len);
2161 end = start + skb_frag_size(&skb_shinfo(skb)->frags[i]);
2162 if ((copy = end - offset) > 0) {
2165 skb_frag_t *frag = &skb_shinfo(skb)->frags[i];
2169 vaddr = kmap_atomic(skb_frag_page(frag));
2170 csum2 = csum_partial_copy_nocheck(vaddr +
2174 kunmap_atomic(vaddr);
2175 csum = csum_block_add(csum, csum2, pos);
2185 skb_walk_frags(skb, frag_iter) {
2189 WARN_ON(start > offset + len);
2191 end = start + frag_iter->len;
2192 if ((copy = end - offset) > 0) {
2195 csum2 = skb_copy_and_csum_bits(frag_iter,
2198 csum = csum_block_add(csum, csum2, pos);
2199 if ((len -= copy) == 0)
2210 EXPORT_SYMBOL(skb_copy_and_csum_bits);
2213 * skb_zerocopy_headlen - Calculate headroom needed for skb_zerocopy()
2214 * @from: source buffer
2216 * Calculates the amount of linear headroom needed in the 'to' skb passed
2217 * into skb_zerocopy().
2220 skb_zerocopy_headlen(const struct sk_buff *from)
2222 unsigned int hlen = 0;
2224 if (!from->head_frag ||
2225 skb_headlen(from) < L1_CACHE_BYTES ||
2226 skb_shinfo(from)->nr_frags >= MAX_SKB_FRAGS)
2227 hlen = skb_headlen(from);
2229 if (skb_has_frag_list(from))
2234 EXPORT_SYMBOL_GPL(skb_zerocopy_headlen);
2237 * skb_zerocopy - Zero copy skb to skb
2238 * @to: destination buffer
2239 * @from: source buffer
2240 * @len: number of bytes to copy from source buffer
2241 * @hlen: size of linear headroom in destination buffer
2243 * Copies up to `len` bytes from `from` to `to` by creating references
2244 * to the frags in the source buffer.
2246 * The `hlen` as calculated by skb_zerocopy_headlen() specifies the
2247 * headroom in the `to` buffer.
2250 * 0: everything is OK
2251 * -ENOMEM: couldn't orphan frags of @from due to lack of memory
2252 * -EFAULT: skb_copy_bits() found some problem with skb geometry
2255 skb_zerocopy(struct sk_buff *to, struct sk_buff *from, int len, int hlen)
2258 int plen = 0; /* length of skb->head fragment */
2261 unsigned int offset;
2263 BUG_ON(!from->head_frag && !hlen);
2265 /* dont bother with small payloads */
2266 if (len <= skb_tailroom(to))
2267 return skb_copy_bits(from, 0, skb_put(to, len), len);
2270 ret = skb_copy_bits(from, 0, skb_put(to, hlen), hlen);
2275 plen = min_t(int, skb_headlen(from), len);
2277 page = virt_to_head_page(from->head);
2278 offset = from->data - (unsigned char *)page_address(page);
2279 __skb_fill_page_desc(to, 0, page, offset, plen);
2286 to->truesize += len + plen;
2287 to->len += len + plen;
2288 to->data_len += len + plen;
2290 if (unlikely(skb_orphan_frags(from, GFP_ATOMIC))) {
2295 for (i = 0; i < skb_shinfo(from)->nr_frags; i++) {
2298 skb_shinfo(to)->frags[j] = skb_shinfo(from)->frags[i];
2299 skb_shinfo(to)->frags[j].size = min_t(int, skb_shinfo(to)->frags[j].size, len);
2300 len -= skb_shinfo(to)->frags[j].size;
2301 skb_frag_ref(to, j);
2304 skb_shinfo(to)->nr_frags = j;
2308 EXPORT_SYMBOL_GPL(skb_zerocopy);
2310 void skb_copy_and_csum_dev(const struct sk_buff *skb, u8 *to)
2315 if (skb->ip_summed == CHECKSUM_PARTIAL)
2316 csstart = skb_checksum_start_offset(skb);
2318 csstart = skb_headlen(skb);
2320 BUG_ON(csstart > skb_headlen(skb));
2322 skb_copy_from_linear_data(skb, to, csstart);
2325 if (csstart != skb->len)
2326 csum = skb_copy_and_csum_bits(skb, csstart, to + csstart,
2327 skb->len - csstart, 0);
2329 if (skb->ip_summed == CHECKSUM_PARTIAL) {
2330 long csstuff = csstart + skb->csum_offset;
2332 *((__sum16 *)(to + csstuff)) = csum_fold(csum);
2335 EXPORT_SYMBOL(skb_copy_and_csum_dev);
2338 * skb_dequeue - remove from the head of the queue
2339 * @list: list to dequeue from
2341 * Remove the head of the list. The list lock is taken so the function
2342 * may be used safely with other locking list functions. The head item is
2343 * returned or %NULL if the list is empty.
2346 struct sk_buff *skb_dequeue(struct sk_buff_head *list)
2348 unsigned long flags;
2349 struct sk_buff *result;
2351 spin_lock_irqsave(&list->lock, flags);
2352 result = __skb_dequeue(list);
2353 spin_unlock_irqrestore(&list->lock, flags);
2356 EXPORT_SYMBOL(skb_dequeue);
2359 * skb_dequeue_tail - remove from the tail of the queue
2360 * @list: list to dequeue from
2362 * Remove the tail of the list. The list lock is taken so the function
2363 * may be used safely with other locking list functions. The tail item is
2364 * returned or %NULL if the list is empty.
2366 struct sk_buff *skb_dequeue_tail(struct sk_buff_head *list)
2368 unsigned long flags;
2369 struct sk_buff *result;
2371 spin_lock_irqsave(&list->lock, flags);
2372 result = __skb_dequeue_tail(list);
2373 spin_unlock_irqrestore(&list->lock, flags);
2376 EXPORT_SYMBOL(skb_dequeue_tail);
2379 * skb_queue_purge - empty a list
2380 * @list: list to empty
2382 * Delete all buffers on an &sk_buff list. Each buffer is removed from
2383 * the list and one reference dropped. This function takes the list
2384 * lock and is atomic with respect to other list locking functions.
2386 void skb_queue_purge(struct sk_buff_head *list)
2388 struct sk_buff *skb;
2389 while ((skb = skb_dequeue(list)) != NULL)
2392 EXPORT_SYMBOL(skb_queue_purge);
2395 * skb_queue_head - queue a buffer at the list head
2396 * @list: list to use
2397 * @newsk: buffer to queue
2399 * Queue a buffer at the start of the list. This function takes the
2400 * list lock and can be used safely with other locking &sk_buff functions
2403 * A buffer cannot be placed on two lists at the same time.
2405 void skb_queue_head(struct sk_buff_head *list, struct sk_buff *newsk)
2407 unsigned long flags;
2409 spin_lock_irqsave(&list->lock, flags);
2410 __skb_queue_head(list, newsk);
2411 spin_unlock_irqrestore(&list->lock, flags);
2413 EXPORT_SYMBOL(skb_queue_head);
2416 * skb_queue_tail - queue a buffer at the list tail
2417 * @list: list to use
2418 * @newsk: buffer to queue
2420 * Queue a buffer at the tail of the list. This function takes the
2421 * list lock and can be used safely with other locking &sk_buff functions
2424 * A buffer cannot be placed on two lists at the same time.
2426 void skb_queue_tail(struct sk_buff_head *list, struct sk_buff *newsk)
2428 unsigned long flags;
2430 spin_lock_irqsave(&list->lock, flags);
2431 __skb_queue_tail(list, newsk);
2432 spin_unlock_irqrestore(&list->lock, flags);
2434 EXPORT_SYMBOL(skb_queue_tail);
2437 * skb_unlink - remove a buffer from a list
2438 * @skb: buffer to remove
2439 * @list: list to use
2441 * Remove a packet from a list. The list locks are taken and this
2442 * function is atomic with respect to other list locked calls
2444 * You must know what list the SKB is on.
2446 void skb_unlink(struct sk_buff *skb, struct sk_buff_head *list)
2448 unsigned long flags;
2450 spin_lock_irqsave(&list->lock, flags);
2451 __skb_unlink(skb, list);
2452 spin_unlock_irqrestore(&list->lock, flags);
2454 EXPORT_SYMBOL(skb_unlink);
2457 * skb_append - append a buffer
2458 * @old: buffer to insert after
2459 * @newsk: buffer to insert
2460 * @list: list to use
2462 * Place a packet after a given packet in a list. The list locks are taken
2463 * and this function is atomic with respect to other list locked calls.
2464 * A buffer cannot be placed on two lists at the same time.
2466 void skb_append(struct sk_buff *old, struct sk_buff *newsk, struct sk_buff_head *list)
2468 unsigned long flags;
2470 spin_lock_irqsave(&list->lock, flags);
2471 __skb_queue_after(list, old, newsk);
2472 spin_unlock_irqrestore(&list->lock, flags);
2474 EXPORT_SYMBOL(skb_append);
2477 * skb_insert - insert a buffer
2478 * @old: buffer to insert before
2479 * @newsk: buffer to insert
2480 * @list: list to use
2482 * Place a packet before a given packet in a list. The list locks are
2483 * taken and this function is atomic with respect to other list locked
2486 * A buffer cannot be placed on two lists at the same time.
2488 void skb_insert(struct sk_buff *old, struct sk_buff *newsk, struct sk_buff_head *list)
2490 unsigned long flags;
2492 spin_lock_irqsave(&list->lock, flags);
2493 __skb_insert(newsk, old->prev, old, list);
2494 spin_unlock_irqrestore(&list->lock, flags);
2496 EXPORT_SYMBOL(skb_insert);
2498 static inline void skb_split_inside_header(struct sk_buff *skb,
2499 struct sk_buff* skb1,
2500 const u32 len, const int pos)
2504 skb_copy_from_linear_data_offset(skb, len, skb_put(skb1, pos - len),
2506 /* And move data appendix as is. */
2507 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++)
2508 skb_shinfo(skb1)->frags[i] = skb_shinfo(skb)->frags[i];
2510 skb_shinfo(skb1)->nr_frags = skb_shinfo(skb)->nr_frags;
2511 skb_shinfo(skb)->nr_frags = 0;
2512 skb1->data_len = skb->data_len;
2513 skb1->len += skb1->data_len;
2516 skb_set_tail_pointer(skb, len);
2519 static inline void skb_split_no_header(struct sk_buff *skb,
2520 struct sk_buff* skb1,
2521 const u32 len, int pos)
2524 const int nfrags = skb_shinfo(skb)->nr_frags;
2526 skb_shinfo(skb)->nr_frags = 0;
2527 skb1->len = skb1->data_len = skb->len - len;
2529 skb->data_len = len - pos;
2531 for (i = 0; i < nfrags; i++) {
2532 int size = skb_frag_size(&skb_shinfo(skb)->frags[i]);
2534 if (pos + size > len) {
2535 skb_shinfo(skb1)->frags[k] = skb_shinfo(skb)->frags[i];
2539 * We have two variants in this case:
2540 * 1. Move all the frag to the second
2541 * part, if it is possible. F.e.
2542 * this approach is mandatory for TUX,
2543 * where splitting is expensive.
2544 * 2. Split is accurately. We make this.
2546 skb_frag_ref(skb, i);
2547 skb_shinfo(skb1)->frags[0].page_offset += len - pos;
2548 skb_frag_size_sub(&skb_shinfo(skb1)->frags[0], len - pos);
2549 skb_frag_size_set(&skb_shinfo(skb)->frags[i], len - pos);
2550 skb_shinfo(skb)->nr_frags++;
2554 skb_shinfo(skb)->nr_frags++;
2557 skb_shinfo(skb1)->nr_frags = k;
2561 * skb_split - Split fragmented skb to two parts at length len.
2562 * @skb: the buffer to split
2563 * @skb1: the buffer to receive the second part
2564 * @len: new length for skb
2566 void skb_split(struct sk_buff *skb, struct sk_buff *skb1, const u32 len)
2568 int pos = skb_headlen(skb);
2570 skb_shinfo(skb1)->tx_flags = skb_shinfo(skb)->tx_flags & SKBTX_SHARED_FRAG;
2571 if (len < pos) /* Split line is inside header. */
2572 skb_split_inside_header(skb, skb1, len, pos);
2573 else /* Second chunk has no header, nothing to copy. */
2574 skb_split_no_header(skb, skb1, len, pos);
2576 EXPORT_SYMBOL(skb_split);
2578 /* Shifting from/to a cloned skb is a no-go.
2580 * Caller cannot keep skb_shinfo related pointers past calling here!
2582 static int skb_prepare_for_shift(struct sk_buff *skb)
2584 return skb_cloned(skb) && pskb_expand_head(skb, 0, 0, GFP_ATOMIC);
2588 * skb_shift - Shifts paged data partially from skb to another
2589 * @tgt: buffer into which tail data gets added
2590 * @skb: buffer from which the paged data comes from
2591 * @shiftlen: shift up to this many bytes
2593 * Attempts to shift up to shiftlen worth of bytes, which may be less than
2594 * the length of the skb, from skb to tgt. Returns number bytes shifted.
2595 * It's up to caller to free skb if everything was shifted.
2597 * If @tgt runs out of frags, the whole operation is aborted.
2599 * Skb cannot include anything else but paged data while tgt is allowed
2600 * to have non-paged data as well.
2602 * TODO: full sized shift could be optimized but that would need
2603 * specialized skb free'er to handle frags without up-to-date nr_frags.
2605 int skb_shift(struct sk_buff *tgt, struct sk_buff *skb, int shiftlen)
2607 int from, to, merge, todo;
2608 struct skb_frag_struct *fragfrom, *fragto;
2610 BUG_ON(shiftlen > skb->len);
2611 BUG_ON(skb_headlen(skb)); /* Would corrupt stream */
2615 to = skb_shinfo(tgt)->nr_frags;
2616 fragfrom = &skb_shinfo(skb)->frags[from];
2618 /* Actual merge is delayed until the point when we know we can
2619 * commit all, so that we don't have to undo partial changes
2622 !skb_can_coalesce(tgt, to, skb_frag_page(fragfrom),
2623 fragfrom->page_offset)) {
2628 todo -= skb_frag_size(fragfrom);
2630 if (skb_prepare_for_shift(skb) ||
2631 skb_prepare_for_shift(tgt))
2634 /* All previous frag pointers might be stale! */
2635 fragfrom = &skb_shinfo(skb)->frags[from];
2636 fragto = &skb_shinfo(tgt)->frags[merge];
2638 skb_frag_size_add(fragto, shiftlen);
2639 skb_frag_size_sub(fragfrom, shiftlen);
2640 fragfrom->page_offset += shiftlen;
2648 /* Skip full, not-fitting skb to avoid expensive operations */
2649 if ((shiftlen == skb->len) &&
2650 (skb_shinfo(skb)->nr_frags - from) > (MAX_SKB_FRAGS - to))
2653 if (skb_prepare_for_shift(skb) || skb_prepare_for_shift(tgt))
2656 while ((todo > 0) && (from < skb_shinfo(skb)->nr_frags)) {
2657 if (to == MAX_SKB_FRAGS)
2660 fragfrom = &skb_shinfo(skb)->frags[from];
2661 fragto = &skb_shinfo(tgt)->frags[to];
2663 if (todo >= skb_frag_size(fragfrom)) {
2664 *fragto = *fragfrom;
2665 todo -= skb_frag_size(fragfrom);
2670 __skb_frag_ref(fragfrom);
2671 fragto->page = fragfrom->page;
2672 fragto->page_offset = fragfrom->page_offset;
2673 skb_frag_size_set(fragto, todo);
2675 fragfrom->page_offset += todo;
2676 skb_frag_size_sub(fragfrom, todo);
2684 /* Ready to "commit" this state change to tgt */
2685 skb_shinfo(tgt)->nr_frags = to;
2688 fragfrom = &skb_shinfo(skb)->frags[0];
2689 fragto = &skb_shinfo(tgt)->frags[merge];
2691 skb_frag_size_add(fragto, skb_frag_size(fragfrom));
2692 __skb_frag_unref(fragfrom);
2695 /* Reposition in the original skb */
2697 while (from < skb_shinfo(skb)->nr_frags)
2698 skb_shinfo(skb)->frags[to++] = skb_shinfo(skb)->frags[from++];
2699 skb_shinfo(skb)->nr_frags = to;
2701 BUG_ON(todo > 0 && !skb_shinfo(skb)->nr_frags);
2704 /* Most likely the tgt won't ever need its checksum anymore, skb on
2705 * the other hand might need it if it needs to be resent
2707 tgt->ip_summed = CHECKSUM_PARTIAL;
2708 skb->ip_summed = CHECKSUM_PARTIAL;
2710 /* Yak, is it really working this way? Some helper please? */
2711 skb->len -= shiftlen;
2712 skb->data_len -= shiftlen;
2713 skb->truesize -= shiftlen;
2714 tgt->len += shiftlen;
2715 tgt->data_len += shiftlen;
2716 tgt->truesize += shiftlen;
2722 * skb_prepare_seq_read - Prepare a sequential read of skb data
2723 * @skb: the buffer to read
2724 * @from: lower offset of data to be read
2725 * @to: upper offset of data to be read
2726 * @st: state variable
2728 * Initializes the specified state variable. Must be called before
2729 * invoking skb_seq_read() for the first time.
2731 void skb_prepare_seq_read(struct sk_buff *skb, unsigned int from,
2732 unsigned int to, struct skb_seq_state *st)
2734 st->lower_offset = from;
2735 st->upper_offset = to;
2736 st->root_skb = st->cur_skb = skb;
2737 st->frag_idx = st->stepped_offset = 0;
2738 st->frag_data = NULL;
2740 EXPORT_SYMBOL(skb_prepare_seq_read);
2743 * skb_seq_read - Sequentially read skb data
2744 * @consumed: number of bytes consumed by the caller so far
2745 * @data: destination pointer for data to be returned
2746 * @st: state variable
2748 * Reads a block of skb data at @consumed relative to the
2749 * lower offset specified to skb_prepare_seq_read(). Assigns
2750 * the head of the data block to @data and returns the length
2751 * of the block or 0 if the end of the skb data or the upper
2752 * offset has been reached.
2754 * The caller is not required to consume all of the data
2755 * returned, i.e. @consumed is typically set to the number
2756 * of bytes already consumed and the next call to
2757 * skb_seq_read() will return the remaining part of the block.
2759 * Note 1: The size of each block of data returned can be arbitrary,
2760 * this limitation is the cost for zerocopy sequential
2761 * reads of potentially non linear data.
2763 * Note 2: Fragment lists within fragments are not implemented
2764 * at the moment, state->root_skb could be replaced with
2765 * a stack for this purpose.
2767 unsigned int skb_seq_read(unsigned int consumed, const u8 **data,
2768 struct skb_seq_state *st)
2770 unsigned int block_limit, abs_offset = consumed + st->lower_offset;
2773 if (unlikely(abs_offset >= st->upper_offset)) {
2774 if (st->frag_data) {
2775 kunmap_atomic(st->frag_data);
2776 st->frag_data = NULL;
2782 block_limit = skb_headlen(st->cur_skb) + st->stepped_offset;
2784 if (abs_offset < block_limit && !st->frag_data) {
2785 *data = st->cur_skb->data + (abs_offset - st->stepped_offset);
2786 return block_limit - abs_offset;
2789 if (st->frag_idx == 0 && !st->frag_data)
2790 st->stepped_offset += skb_headlen(st->cur_skb);
2792 while (st->frag_idx < skb_shinfo(st->cur_skb)->nr_frags) {
2793 frag = &skb_shinfo(st->cur_skb)->frags[st->frag_idx];
2794 block_limit = skb_frag_size(frag) + st->stepped_offset;
2796 if (abs_offset < block_limit) {
2798 st->frag_data = kmap_atomic(skb_frag_page(frag));
2800 *data = (u8 *) st->frag_data + frag->page_offset +
2801 (abs_offset - st->stepped_offset);
2803 return block_limit - abs_offset;
2806 if (st->frag_data) {
2807 kunmap_atomic(st->frag_data);
2808 st->frag_data = NULL;
2812 st->stepped_offset += skb_frag_size(frag);
2815 if (st->frag_data) {
2816 kunmap_atomic(st->frag_data);
2817 st->frag_data = NULL;
2820 if (st->root_skb == st->cur_skb && skb_has_frag_list(st->root_skb)) {
2821 st->cur_skb = skb_shinfo(st->root_skb)->frag_list;
2824 } else if (st->cur_skb->next) {
2825 st->cur_skb = st->cur_skb->next;
2832 EXPORT_SYMBOL(skb_seq_read);
2835 * skb_abort_seq_read - Abort a sequential read of skb data
2836 * @st: state variable
2838 * Must be called if skb_seq_read() was not called until it
2841 void skb_abort_seq_read(struct skb_seq_state *st)
2844 kunmap_atomic(st->frag_data);
2846 EXPORT_SYMBOL(skb_abort_seq_read);
2848 #define TS_SKB_CB(state) ((struct skb_seq_state *) &((state)->cb))
2850 static unsigned int skb_ts_get_next_block(unsigned int offset, const u8 **text,
2851 struct ts_config *conf,
2852 struct ts_state *state)
2854 return skb_seq_read(offset, text, TS_SKB_CB(state));
2857 static void skb_ts_finish(struct ts_config *conf, struct ts_state *state)
2859 skb_abort_seq_read(TS_SKB_CB(state));
2863 * skb_find_text - Find a text pattern in skb data
2864 * @skb: the buffer to look in
2865 * @from: search offset
2867 * @config: textsearch configuration
2868 * @state: uninitialized textsearch state variable
2870 * Finds a pattern in the skb data according to the specified
2871 * textsearch configuration. Use textsearch_next() to retrieve
2872 * subsequent occurrences of the pattern. Returns the offset
2873 * to the first occurrence or UINT_MAX if no match was found.
2875 unsigned int skb_find_text(struct sk_buff *skb, unsigned int from,
2876 unsigned int to, struct ts_config *config,
2877 struct ts_state *state)
2881 config->get_next_block = skb_ts_get_next_block;
2882 config->finish = skb_ts_finish;
2884 skb_prepare_seq_read(skb, from, to, TS_SKB_CB(state));
2886 ret = textsearch_find(config, state);
2887 return (ret <= to - from ? ret : UINT_MAX);
2889 EXPORT_SYMBOL(skb_find_text);
2892 * skb_append_datato_frags - append the user data to a skb
2893 * @sk: sock structure
2894 * @skb: skb structure to be appended with user data.
2895 * @getfrag: call back function to be used for getting the user data
2896 * @from: pointer to user message iov
2897 * @length: length of the iov message
2899 * Description: This procedure append the user data in the fragment part
2900 * of the skb if any page alloc fails user this procedure returns -ENOMEM
2902 int skb_append_datato_frags(struct sock *sk, struct sk_buff *skb,
2903 int (*getfrag)(void *from, char *to, int offset,
2904 int len, int odd, struct sk_buff *skb),
2905 void *from, int length)
2907 int frg_cnt = skb_shinfo(skb)->nr_frags;
2911 struct page_frag *pfrag = ¤t->task_frag;
2914 /* Return error if we don't have space for new frag */
2915 if (frg_cnt >= MAX_SKB_FRAGS)
2918 if (!sk_page_frag_refill(sk, pfrag))
2921 /* copy the user data to page */
2922 copy = min_t(int, length, pfrag->size - pfrag->offset);
2924 ret = getfrag(from, page_address(pfrag->page) + pfrag->offset,
2925 offset, copy, 0, skb);
2929 /* copy was successful so update the size parameters */
2930 skb_fill_page_desc(skb, frg_cnt, pfrag->page, pfrag->offset,
2933 pfrag->offset += copy;
2934 get_page(pfrag->page);
2936 skb->truesize += copy;
2937 atomic_add(copy, &sk->sk_wmem_alloc);
2939 skb->data_len += copy;
2943 } while (length > 0);
2947 EXPORT_SYMBOL(skb_append_datato_frags);
2950 * skb_pull_rcsum - pull skb and update receive checksum
2951 * @skb: buffer to update
2952 * @len: length of data pulled
2954 * This function performs an skb_pull on the packet and updates
2955 * the CHECKSUM_COMPLETE checksum. It should be used on
2956 * receive path processing instead of skb_pull unless you know
2957 * that the checksum difference is zero (e.g., a valid IP header)
2958 * or you are setting ip_summed to CHECKSUM_NONE.
2960 unsigned char *skb_pull_rcsum(struct sk_buff *skb, unsigned int len)
2962 BUG_ON(len > skb->len);
2964 BUG_ON(skb->len < skb->data_len);
2965 skb_postpull_rcsum(skb, skb->data, len);
2966 return skb->data += len;
2968 EXPORT_SYMBOL_GPL(skb_pull_rcsum);
2971 * skb_segment - Perform protocol segmentation on skb.
2972 * @head_skb: buffer to segment
2973 * @features: features for the output path (see dev->features)
2975 * This function performs segmentation on the given skb. It returns
2976 * a pointer to the first in a list of new skbs for the segments.
2977 * In case of error it returns ERR_PTR(err).
2979 struct sk_buff *skb_segment(struct sk_buff *head_skb,
2980 netdev_features_t features)
2982 struct sk_buff *segs = NULL;
2983 struct sk_buff *tail = NULL;
2984 struct sk_buff *list_skb = skb_shinfo(head_skb)->frag_list;
2985 skb_frag_t *frag = skb_shinfo(head_skb)->frags;
2986 unsigned int mss = skb_shinfo(head_skb)->gso_size;
2987 unsigned int doffset = head_skb->data - skb_mac_header(head_skb);
2988 struct sk_buff *frag_skb = head_skb;
2989 unsigned int offset = doffset;
2990 unsigned int tnl_hlen = skb_tnl_header_len(head_skb);
2991 unsigned int headroom;
2995 int sg = !!(features & NETIF_F_SG);
2996 int nfrags = skb_shinfo(head_skb)->nr_frags;
3002 __skb_push(head_skb, doffset);
3003 proto = skb_network_protocol(head_skb, &dummy);
3004 if (unlikely(!proto))
3005 return ERR_PTR(-EINVAL);
3007 csum = !head_skb->encap_hdr_csum &&
3008 !!can_checksum_protocol(features, proto);
3010 headroom = skb_headroom(head_skb);
3011 pos = skb_headlen(head_skb);
3014 struct sk_buff *nskb;
3015 skb_frag_t *nskb_frag;
3019 len = head_skb->len - offset;
3023 hsize = skb_headlen(head_skb) - offset;
3026 if (hsize > len || !sg)
3029 if (!hsize && i >= nfrags && skb_headlen(list_skb) &&
3030 (skb_headlen(list_skb) == len || sg)) {
3031 BUG_ON(skb_headlen(list_skb) > len);
3034 nfrags = skb_shinfo(list_skb)->nr_frags;
3035 frag = skb_shinfo(list_skb)->frags;
3036 frag_skb = list_skb;
3037 pos += skb_headlen(list_skb);
3039 while (pos < offset + len) {
3040 BUG_ON(i >= nfrags);
3042 size = skb_frag_size(frag);
3043 if (pos + size > offset + len)
3051 nskb = skb_clone(list_skb, GFP_ATOMIC);
3052 list_skb = list_skb->next;
3054 if (unlikely(!nskb))
3057 if (unlikely(pskb_trim(nskb, len))) {
3062 hsize = skb_end_offset(nskb);
3063 if (skb_cow_head(nskb, doffset + headroom)) {
3068 nskb->truesize += skb_end_offset(nskb) - hsize;
3069 skb_release_head_state(nskb);
3070 __skb_push(nskb, doffset);
3072 nskb = __alloc_skb(hsize + doffset + headroom,
3073 GFP_ATOMIC, skb_alloc_rx_flag(head_skb),
3076 if (unlikely(!nskb))
3079 skb_reserve(nskb, headroom);
3080 __skb_put(nskb, doffset);
3089 __copy_skb_header(nskb, head_skb);
3091 skb_headers_offset_update(nskb, skb_headroom(nskb) - headroom);
3092 skb_reset_mac_len(nskb);
3094 skb_copy_from_linear_data_offset(head_skb, -tnl_hlen,
3095 nskb->data - tnl_hlen,
3096 doffset + tnl_hlen);
3098 if (nskb->len == len + doffset)
3099 goto perform_csum_check;
3101 if (!sg && !nskb->remcsum_offload) {
3102 nskb->ip_summed = CHECKSUM_NONE;
3103 nskb->csum = skb_copy_and_csum_bits(head_skb, offset,
3106 SKB_GSO_CB(nskb)->csum_start =
3107 skb_headroom(nskb) + doffset;
3111 nskb_frag = skb_shinfo(nskb)->frags;
3113 skb_copy_from_linear_data_offset(head_skb, offset,
3114 skb_put(nskb, hsize), hsize);
3116 skb_shinfo(nskb)->tx_flags = skb_shinfo(head_skb)->tx_flags &
3119 while (pos < offset + len) {
3121 BUG_ON(skb_headlen(list_skb));
3124 nfrags = skb_shinfo(list_skb)->nr_frags;
3125 frag = skb_shinfo(list_skb)->frags;
3126 frag_skb = list_skb;
3130 list_skb = list_skb->next;
3133 if (unlikely(skb_shinfo(nskb)->nr_frags >=
3135 net_warn_ratelimited(
3136 "skb_segment: too many frags: %u %u\n",
3141 if (unlikely(skb_orphan_frags(frag_skb, GFP_ATOMIC)))
3145 __skb_frag_ref(nskb_frag);
3146 size = skb_frag_size(nskb_frag);
3149 nskb_frag->page_offset += offset - pos;
3150 skb_frag_size_sub(nskb_frag, offset - pos);
3153 skb_shinfo(nskb)->nr_frags++;
3155 if (pos + size <= offset + len) {
3160 skb_frag_size_sub(nskb_frag, pos + size - (offset + len));
3168 nskb->data_len = len - hsize;
3169 nskb->len += nskb->data_len;
3170 nskb->truesize += nskb->data_len;
3173 if (!csum && !nskb->remcsum_offload) {
3174 nskb->csum = skb_checksum(nskb, doffset,
3175 nskb->len - doffset, 0);
3176 nskb->ip_summed = CHECKSUM_NONE;
3177 SKB_GSO_CB(nskb)->csum_start =
3178 skb_headroom(nskb) + doffset;
3180 } while ((offset += len) < head_skb->len);
3182 /* Some callers want to get the end of the list.
3183 * Put it in segs->prev to avoid walking the list.
3184 * (see validate_xmit_skb_list() for example)
3188 /* Following permits correct backpressure, for protocols
3189 * using skb_set_owner_w().
3190 * Idea is to tranfert ownership from head_skb to last segment.
3192 if (head_skb->destructor == sock_wfree) {
3193 swap(tail->truesize, head_skb->truesize);
3194 swap(tail->destructor, head_skb->destructor);
3195 swap(tail->sk, head_skb->sk);
3200 kfree_skb_list(segs);
3201 return ERR_PTR(err);
3203 EXPORT_SYMBOL_GPL(skb_segment);
3205 int skb_gro_receive(struct sk_buff **head, struct sk_buff *skb)
3207 struct skb_shared_info *pinfo, *skbinfo = skb_shinfo(skb);
3208 unsigned int offset = skb_gro_offset(skb);
3209 unsigned int headlen = skb_headlen(skb);
3210 struct sk_buff *nskb, *lp, *p = *head;
3211 unsigned int len = skb_gro_len(skb);
3212 unsigned int delta_truesize;
3213 unsigned int headroom;
3215 if (unlikely(p->len + len >= 65536))
3218 lp = NAPI_GRO_CB(p)->last;
3219 pinfo = skb_shinfo(lp);
3221 if (headlen <= offset) {
3224 int i = skbinfo->nr_frags;
3225 int nr_frags = pinfo->nr_frags + i;
3227 if (nr_frags > MAX_SKB_FRAGS)
3231 pinfo->nr_frags = nr_frags;
3232 skbinfo->nr_frags = 0;
3234 frag = pinfo->frags + nr_frags;
3235 frag2 = skbinfo->frags + i;
3240 frag->page_offset += offset;
3241 skb_frag_size_sub(frag, offset);
3243 /* all fragments truesize : remove (head size + sk_buff) */
3244 delta_truesize = skb->truesize -
3245 SKB_TRUESIZE(skb_end_offset(skb));
3247 skb->truesize -= skb->data_len;
3248 skb->len -= skb->data_len;
3251 NAPI_GRO_CB(skb)->free = NAPI_GRO_FREE;
3253 } else if (skb->head_frag) {
3254 int nr_frags = pinfo->nr_frags;
3255 skb_frag_t *frag = pinfo->frags + nr_frags;
3256 struct page *page = virt_to_head_page(skb->head);
3257 unsigned int first_size = headlen - offset;
3258 unsigned int first_offset;
3260 if (nr_frags + 1 + skbinfo->nr_frags > MAX_SKB_FRAGS)
3263 first_offset = skb->data -
3264 (unsigned char *)page_address(page) +
3267 pinfo->nr_frags = nr_frags + 1 + skbinfo->nr_frags;
3269 frag->page.p = page;
3270 frag->page_offset = first_offset;
3271 skb_frag_size_set(frag, first_size);
3273 memcpy(frag + 1, skbinfo->frags, sizeof(*frag) * skbinfo->nr_frags);
3274 /* We dont need to clear skbinfo->nr_frags here */
3276 delta_truesize = skb->truesize - SKB_DATA_ALIGN(sizeof(struct sk_buff));
3277 NAPI_GRO_CB(skb)->free = NAPI_GRO_FREE_STOLEN_HEAD;
3280 /* switch back to head shinfo */
3281 pinfo = skb_shinfo(p);
3283 if (pinfo->frag_list)
3285 if (skb_gro_len(p) != pinfo->gso_size)
3288 headroom = skb_headroom(p);
3289 nskb = alloc_skb(headroom + skb_gro_offset(p), GFP_ATOMIC);
3290 if (unlikely(!nskb))
3293 __copy_skb_header(nskb, p);
3294 nskb->mac_len = p->mac_len;
3296 skb_reserve(nskb, headroom);
3297 __skb_put(nskb, skb_gro_offset(p));
3299 skb_set_mac_header(nskb, skb_mac_header(p) - p->data);
3300 skb_set_network_header(nskb, skb_network_offset(p));
3301 skb_set_transport_header(nskb, skb_transport_offset(p));
3303 __skb_pull(p, skb_gro_offset(p));
3304 memcpy(skb_mac_header(nskb), skb_mac_header(p),
3305 p->data - skb_mac_header(p));
3307 skb_shinfo(nskb)->frag_list = p;
3308 skb_shinfo(nskb)->gso_size = pinfo->gso_size;
3309 pinfo->gso_size = 0;
3310 __skb_header_release(p);
3311 NAPI_GRO_CB(nskb)->last = p;
3313 nskb->data_len += p->len;
3314 nskb->truesize += p->truesize;
3315 nskb->len += p->len;
3318 nskb->next = p->next;
3324 delta_truesize = skb->truesize;
3325 if (offset > headlen) {
3326 unsigned int eat = offset - headlen;
3328 skbinfo->frags[0].page_offset += eat;
3329 skb_frag_size_sub(&skbinfo->frags[0], eat);
3330 skb->data_len -= eat;
3335 __skb_pull(skb, offset);
3337 if (NAPI_GRO_CB(p)->last == p)
3338 skb_shinfo(p)->frag_list = skb;
3340 NAPI_GRO_CB(p)->last->next = skb;
3341 NAPI_GRO_CB(p)->last = skb;
3342 __skb_header_release(skb);
3346 NAPI_GRO_CB(p)->count++;
3348 p->truesize += delta_truesize;
3351 lp->data_len += len;
3352 lp->truesize += delta_truesize;
3355 NAPI_GRO_CB(skb)->same_flow = 1;
3359 void __init skb_init(void)
3361 skbuff_head_cache = kmem_cache_create("skbuff_head_cache",
3362 sizeof(struct sk_buff),
3364 SLAB_HWCACHE_ALIGN|SLAB_PANIC,
3366 skbuff_fclone_cache = kmem_cache_create("skbuff_fclone_cache",
3367 sizeof(struct sk_buff_fclones),
3369 SLAB_HWCACHE_ALIGN|SLAB_PANIC,
3374 * skb_to_sgvec - Fill a scatter-gather list from a socket buffer
3375 * @skb: Socket buffer containing the buffers to be mapped
3376 * @sg: The scatter-gather list to map into
3377 * @offset: The offset into the buffer's contents to start mapping
3378 * @len: Length of buffer space to be mapped
3380 * Fill the specified scatter-gather list with mappings/pointers into a
3381 * region of the buffer space attached to a socket buffer.
3384 __skb_to_sgvec(struct sk_buff *skb, struct scatterlist *sg, int offset, int len)
3386 int start = skb_headlen(skb);
3387 int i, copy = start - offset;
3388 struct sk_buff *frag_iter;
3394 sg_set_buf(sg, skb->data + offset, copy);
3396 if ((len -= copy) == 0)
3401 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
3404 WARN_ON(start > offset + len);
3406 end = start + skb_frag_size(&skb_shinfo(skb)->frags[i]);
3407 if ((copy = end - offset) > 0) {
3408 skb_frag_t *frag = &skb_shinfo(skb)->frags[i];
3412 sg_set_page(&sg[elt], skb_frag_page(frag), copy,
3413 frag->page_offset+offset-start);
3422 skb_walk_frags(skb, frag_iter) {
3425 WARN_ON(start > offset + len);
3427 end = start + frag_iter->len;
3428 if ((copy = end - offset) > 0) {
3431 elt += __skb_to_sgvec(frag_iter, sg+elt, offset - start,
3433 if ((len -= copy) == 0)
3443 /* As compared with skb_to_sgvec, skb_to_sgvec_nomark only map skb to given
3444 * sglist without mark the sg which contain last skb data as the end.
3445 * So the caller can mannipulate sg list as will when padding new data after
3446 * the first call without calling sg_unmark_end to expend sg list.
3448 * Scenario to use skb_to_sgvec_nomark:
3450 * 2. skb_to_sgvec_nomark(payload1)
3451 * 3. skb_to_sgvec_nomark(payload2)
3453 * This is equivalent to:
3455 * 2. skb_to_sgvec(payload1)
3457 * 4. skb_to_sgvec(payload2)
3459 * When mapping mutilple payload conditionally, skb_to_sgvec_nomark
3460 * is more preferable.
3462 int skb_to_sgvec_nomark(struct sk_buff *skb, struct scatterlist *sg,
3463 int offset, int len)
3465 return __skb_to_sgvec(skb, sg, offset, len);
3467 EXPORT_SYMBOL_GPL(skb_to_sgvec_nomark);
3469 int skb_to_sgvec(struct sk_buff *skb, struct scatterlist *sg, int offset, int len)
3471 int nsg = __skb_to_sgvec(skb, sg, offset, len);
3473 sg_mark_end(&sg[nsg - 1]);
3477 EXPORT_SYMBOL_GPL(skb_to_sgvec);
3480 * skb_cow_data - Check that a socket buffer's data buffers are writable
3481 * @skb: The socket buffer to check.
3482 * @tailbits: Amount of trailing space to be added
3483 * @trailer: Returned pointer to the skb where the @tailbits space begins
3485 * Make sure that the data buffers attached to a socket buffer are
3486 * writable. If they are not, private copies are made of the data buffers
3487 * and the socket buffer is set to use these instead.
3489 * If @tailbits is given, make sure that there is space to write @tailbits
3490 * bytes of data beyond current end of socket buffer. @trailer will be
3491 * set to point to the skb in which this space begins.
3493 * The number of scatterlist elements required to completely map the
3494 * COW'd and extended socket buffer will be returned.
3496 int skb_cow_data(struct sk_buff *skb, int tailbits, struct sk_buff **trailer)
3500 struct sk_buff *skb1, **skb_p;
3502 /* If skb is cloned or its head is paged, reallocate
3503 * head pulling out all the pages (pages are considered not writable
3504 * at the moment even if they are anonymous).
3506 if ((skb_cloned(skb) || skb_shinfo(skb)->nr_frags) &&
3507 __pskb_pull_tail(skb, skb_pagelen(skb)-skb_headlen(skb)) == NULL)
3510 /* Easy case. Most of packets will go this way. */
3511 if (!skb_has_frag_list(skb)) {
3512 /* A little of trouble, not enough of space for trailer.
3513 * This should not happen, when stack is tuned to generate
3514 * good frames. OK, on miss we reallocate and reserve even more
3515 * space, 128 bytes is fair. */
3517 if (skb_tailroom(skb) < tailbits &&
3518 pskb_expand_head(skb, 0, tailbits-skb_tailroom(skb)+128, GFP_ATOMIC))
3526 /* Misery. We are in troubles, going to mincer fragments... */
3529 skb_p = &skb_shinfo(skb)->frag_list;
3532 while ((skb1 = *skb_p) != NULL) {
3535 /* The fragment is partially pulled by someone,
3536 * this can happen on input. Copy it and everything
3539 if (skb_shared(skb1))
3542 /* If the skb is the last, worry about trailer. */
3544 if (skb1->next == NULL && tailbits) {
3545 if (skb_shinfo(skb1)->nr_frags ||
3546 skb_has_frag_list(skb1) ||
3547 skb_tailroom(skb1) < tailbits)
3548 ntail = tailbits + 128;
3554 skb_shinfo(skb1)->nr_frags ||
3555 skb_has_frag_list(skb1)) {
3556 struct sk_buff *skb2;
3558 /* Fuck, we are miserable poor guys... */
3560 skb2 = skb_copy(skb1, GFP_ATOMIC);
3562 skb2 = skb_copy_expand(skb1,
3566 if (unlikely(skb2 == NULL))
3570 skb_set_owner_w(skb2, skb1->sk);
3572 /* Looking around. Are we still alive?
3573 * OK, link new skb, drop old one */
3575 skb2->next = skb1->next;
3582 skb_p = &skb1->next;
3587 EXPORT_SYMBOL_GPL(skb_cow_data);
3589 static void sock_rmem_free(struct sk_buff *skb)
3591 struct sock *sk = skb->sk;
3593 atomic_sub(skb->truesize, &sk->sk_rmem_alloc);
3597 * Note: We dont mem charge error packets (no sk_forward_alloc changes)
3599 int sock_queue_err_skb(struct sock *sk, struct sk_buff *skb)
3601 if (atomic_read(&sk->sk_rmem_alloc) + skb->truesize >=
3602 (unsigned int)sk->sk_rcvbuf)
3607 skb->destructor = sock_rmem_free;
3608 atomic_add(skb->truesize, &sk->sk_rmem_alloc);
3610 /* before exiting rcu section, make sure dst is refcounted */
3613 skb_queue_tail(&sk->sk_error_queue, skb);
3614 if (!sock_flag(sk, SOCK_DEAD))
3615 sk->sk_data_ready(sk);
3618 EXPORT_SYMBOL(sock_queue_err_skb);
3620 struct sk_buff *sock_dequeue_err_skb(struct sock *sk)
3622 struct sk_buff_head *q = &sk->sk_error_queue;
3623 struct sk_buff *skb, *skb_next;
3624 unsigned long flags;
3627 spin_lock_irqsave(&q->lock, flags);
3628 skb = __skb_dequeue(q);
3629 if (skb && (skb_next = skb_peek(q)))
3630 err = SKB_EXT_ERR(skb_next)->ee.ee_errno;
3631 spin_unlock_irqrestore(&q->lock, flags);
3635 sk->sk_error_report(sk);
3639 EXPORT_SYMBOL(sock_dequeue_err_skb);
3642 * skb_clone_sk - create clone of skb, and take reference to socket
3643 * @skb: the skb to clone
3645 * This function creates a clone of a buffer that holds a reference on
3646 * sk_refcnt. Buffers created via this function are meant to be
3647 * returned using sock_queue_err_skb, or free via kfree_skb.
3649 * When passing buffers allocated with this function to sock_queue_err_skb
3650 * it is necessary to wrap the call with sock_hold/sock_put in order to
3651 * prevent the socket from being released prior to being enqueued on
3652 * the sk_error_queue.
3654 struct sk_buff *skb_clone_sk(struct sk_buff *skb)
3656 struct sock *sk = skb->sk;
3657 struct sk_buff *clone;
3659 if (!sk || !atomic_inc_not_zero(&sk->sk_refcnt))
3662 clone = skb_clone(skb, GFP_ATOMIC);
3669 clone->destructor = sock_efree;
3673 EXPORT_SYMBOL(skb_clone_sk);
3675 static void __skb_complete_tx_timestamp(struct sk_buff *skb,
3679 struct sock_exterr_skb *serr;
3682 serr = SKB_EXT_ERR(skb);
3683 memset(serr, 0, sizeof(*serr));
3684 serr->ee.ee_errno = ENOMSG;
3685 serr->ee.ee_origin = SO_EE_ORIGIN_TIMESTAMPING;
3686 serr->ee.ee_info = tstype;
3687 if (sk->sk_tsflags & SOF_TIMESTAMPING_OPT_ID) {
3688 serr->ee.ee_data = skb_shinfo(skb)->tskey;
3689 if (sk->sk_protocol == IPPROTO_TCP)
3690 serr->ee.ee_data -= sk->sk_tskey;
3693 err = sock_queue_err_skb(sk, skb);
3699 static bool skb_may_tx_timestamp(struct sock *sk, bool tsonly)
3703 if (likely(sysctl_tstamp_allow_data || tsonly))
3706 read_lock_bh(&sk->sk_callback_lock);
3707 ret = sk->sk_socket && sk->sk_socket->file &&
3708 file_ns_capable(sk->sk_socket->file, &init_user_ns, CAP_NET_RAW);
3709 read_unlock_bh(&sk->sk_callback_lock);
3713 void skb_complete_tx_timestamp(struct sk_buff *skb,
3714 struct skb_shared_hwtstamps *hwtstamps)
3716 struct sock *sk = skb->sk;
3718 if (!skb_may_tx_timestamp(sk, false))
3721 /* take a reference to prevent skb_orphan() from freeing the socket */
3724 *skb_hwtstamps(skb) = *hwtstamps;
3725 __skb_complete_tx_timestamp(skb, sk, SCM_TSTAMP_SND);
3729 EXPORT_SYMBOL_GPL(skb_complete_tx_timestamp);
3731 void __skb_tstamp_tx(struct sk_buff *orig_skb,
3732 struct skb_shared_hwtstamps *hwtstamps,
3733 struct sock *sk, int tstype)
3735 struct sk_buff *skb;
3736 bool tsonly = sk->sk_tsflags & SOF_TIMESTAMPING_OPT_TSONLY;
3738 if (!sk || !skb_may_tx_timestamp(sk, tsonly))
3742 skb = alloc_skb(0, GFP_ATOMIC);
3744 skb = skb_clone(orig_skb, GFP_ATOMIC);
3749 skb_shinfo(skb)->tx_flags = skb_shinfo(orig_skb)->tx_flags;
3750 skb_shinfo(skb)->tskey = skb_shinfo(orig_skb)->tskey;
3754 *skb_hwtstamps(skb) = *hwtstamps;
3756 skb->tstamp = ktime_get_real();
3758 __skb_complete_tx_timestamp(skb, sk, tstype);
3760 EXPORT_SYMBOL_GPL(__skb_tstamp_tx);
3762 void skb_tstamp_tx(struct sk_buff *orig_skb,
3763 struct skb_shared_hwtstamps *hwtstamps)
3765 return __skb_tstamp_tx(orig_skb, hwtstamps, orig_skb->sk,
3768 EXPORT_SYMBOL_GPL(skb_tstamp_tx);
3770 void skb_complete_wifi_ack(struct sk_buff *skb, bool acked)
3772 struct sock *sk = skb->sk;
3773 struct sock_exterr_skb *serr;
3776 skb->wifi_acked_valid = 1;
3777 skb->wifi_acked = acked;
3779 serr = SKB_EXT_ERR(skb);
3780 memset(serr, 0, sizeof(*serr));
3781 serr->ee.ee_errno = ENOMSG;
3782 serr->ee.ee_origin = SO_EE_ORIGIN_TXSTATUS;
3784 /* take a reference to prevent skb_orphan() from freeing the socket */
3787 err = sock_queue_err_skb(sk, skb);
3793 EXPORT_SYMBOL_GPL(skb_complete_wifi_ack);
3797 * skb_partial_csum_set - set up and verify partial csum values for packet
3798 * @skb: the skb to set
3799 * @start: the number of bytes after skb->data to start checksumming.
3800 * @off: the offset from start to place the checksum.
3802 * For untrusted partially-checksummed packets, we need to make sure the values
3803 * for skb->csum_start and skb->csum_offset are valid so we don't oops.
3805 * This function checks and sets those values and skb->ip_summed: if this
3806 * returns false you should drop the packet.
3808 bool skb_partial_csum_set(struct sk_buff *skb, u16 start, u16 off)
3810 if (unlikely(start > skb_headlen(skb)) ||
3811 unlikely((int)start + off > skb_headlen(skb) - 2)) {
3812 net_warn_ratelimited("bad partial csum: csum=%u/%u len=%u\n",
3813 start, off, skb_headlen(skb));
3816 skb->ip_summed = CHECKSUM_PARTIAL;
3817 skb->csum_start = skb_headroom(skb) + start;
3818 skb->csum_offset = off;
3819 skb_set_transport_header(skb, start);
3822 EXPORT_SYMBOL_GPL(skb_partial_csum_set);
3824 static int skb_maybe_pull_tail(struct sk_buff *skb, unsigned int len,
3827 if (skb_headlen(skb) >= len)
3830 /* If we need to pullup then pullup to the max, so we
3831 * won't need to do it again.
3836 if (__pskb_pull_tail(skb, max - skb_headlen(skb)) == NULL)
3839 if (skb_headlen(skb) < len)
3845 #define MAX_TCP_HDR_LEN (15 * 4)
3847 static __sum16 *skb_checksum_setup_ip(struct sk_buff *skb,
3848 typeof(IPPROTO_IP) proto,
3855 err = skb_maybe_pull_tail(skb, off + sizeof(struct tcphdr),
3856 off + MAX_TCP_HDR_LEN);
3857 if (!err && !skb_partial_csum_set(skb, off,
3858 offsetof(struct tcphdr,
3861 return err ? ERR_PTR(err) : &tcp_hdr(skb)->check;
3864 err = skb_maybe_pull_tail(skb, off + sizeof(struct udphdr),
3865 off + sizeof(struct udphdr));
3866 if (!err && !skb_partial_csum_set(skb, off,
3867 offsetof(struct udphdr,
3870 return err ? ERR_PTR(err) : &udp_hdr(skb)->check;
3873 return ERR_PTR(-EPROTO);
3876 /* This value should be large enough to cover a tagged ethernet header plus
3877 * maximally sized IP and TCP or UDP headers.
3879 #define MAX_IP_HDR_LEN 128
3881 static int skb_checksum_setup_ipv4(struct sk_buff *skb, bool recalculate)
3890 err = skb_maybe_pull_tail(skb,
3891 sizeof(struct iphdr),
3896 if (ip_hdr(skb)->frag_off & htons(IP_OFFSET | IP_MF))
3899 off = ip_hdrlen(skb);
3906 csum = skb_checksum_setup_ip(skb, ip_hdr(skb)->protocol, off);
3908 return PTR_ERR(csum);
3911 *csum = ~csum_tcpudp_magic(ip_hdr(skb)->saddr,
3914 ip_hdr(skb)->protocol, 0);
3921 /* This value should be large enough to cover a tagged ethernet header plus
3922 * an IPv6 header, all options, and a maximal TCP or UDP header.
3924 #define MAX_IPV6_HDR_LEN 256
3926 #define OPT_HDR(type, skb, off) \
3927 (type *)(skb_network_header(skb) + (off))
3929 static int skb_checksum_setup_ipv6(struct sk_buff *skb, bool recalculate)
3942 off = sizeof(struct ipv6hdr);
3944 err = skb_maybe_pull_tail(skb, off, MAX_IPV6_HDR_LEN);
3948 nexthdr = ipv6_hdr(skb)->nexthdr;
3950 len = sizeof(struct ipv6hdr) + ntohs(ipv6_hdr(skb)->payload_len);
3951 while (off <= len && !done) {
3953 case IPPROTO_DSTOPTS:
3954 case IPPROTO_HOPOPTS:
3955 case IPPROTO_ROUTING: {
3956 struct ipv6_opt_hdr *hp;
3958 err = skb_maybe_pull_tail(skb,
3960 sizeof(struct ipv6_opt_hdr),
3965 hp = OPT_HDR(struct ipv6_opt_hdr, skb, off);
3966 nexthdr = hp->nexthdr;
3967 off += ipv6_optlen(hp);
3971 struct ip_auth_hdr *hp;
3973 err = skb_maybe_pull_tail(skb,
3975 sizeof(struct ip_auth_hdr),
3980 hp = OPT_HDR(struct ip_auth_hdr, skb, off);
3981 nexthdr = hp->nexthdr;
3982 off += ipv6_authlen(hp);
3985 case IPPROTO_FRAGMENT: {
3986 struct frag_hdr *hp;
3988 err = skb_maybe_pull_tail(skb,
3990 sizeof(struct frag_hdr),
3995 hp = OPT_HDR(struct frag_hdr, skb, off);
3997 if (hp->frag_off & htons(IP6_OFFSET | IP6_MF))
4000 nexthdr = hp->nexthdr;
4001 off += sizeof(struct frag_hdr);
4012 if (!done || fragment)
4015 csum = skb_checksum_setup_ip(skb, nexthdr, off);
4017 return PTR_ERR(csum);
4020 *csum = ~csum_ipv6_magic(&ipv6_hdr(skb)->saddr,
4021 &ipv6_hdr(skb)->daddr,
4022 skb->len - off, nexthdr, 0);
4030 * skb_checksum_setup - set up partial checksum offset
4031 * @skb: the skb to set up
4032 * @recalculate: if true the pseudo-header checksum will be recalculated
4034 int skb_checksum_setup(struct sk_buff *skb, bool recalculate)
4038 switch (skb->protocol) {
4039 case htons(ETH_P_IP):
4040 err = skb_checksum_setup_ipv4(skb, recalculate);
4043 case htons(ETH_P_IPV6):
4044 err = skb_checksum_setup_ipv6(skb, recalculate);
4054 EXPORT_SYMBOL(skb_checksum_setup);
4056 void __skb_warn_lro_forwarding(const struct sk_buff *skb)
4058 net_warn_ratelimited("%s: received packets cannot be forwarded while LRO is enabled\n",
4061 EXPORT_SYMBOL(__skb_warn_lro_forwarding);
4063 void kfree_skb_partial(struct sk_buff *skb, bool head_stolen)
4066 skb_release_head_state(skb);
4067 kmem_cache_free(skbuff_head_cache, skb);
4072 EXPORT_SYMBOL(kfree_skb_partial);
4075 * skb_try_coalesce - try to merge skb to prior one
4077 * @from: buffer to add
4078 * @fragstolen: pointer to boolean
4079 * @delta_truesize: how much more was allocated than was requested
4081 bool skb_try_coalesce(struct sk_buff *to, struct sk_buff *from,
4082 bool *fragstolen, int *delta_truesize)
4084 int i, delta, len = from->len;
4086 *fragstolen = false;
4091 if (len <= skb_tailroom(to)) {
4093 BUG_ON(skb_copy_bits(from, 0, skb_put(to, len), len));
4094 *delta_truesize = 0;
4098 if (skb_has_frag_list(to) || skb_has_frag_list(from))
4101 if (skb_headlen(from) != 0) {
4103 unsigned int offset;
4105 if (skb_shinfo(to)->nr_frags +
4106 skb_shinfo(from)->nr_frags >= MAX_SKB_FRAGS)
4109 if (skb_head_is_locked(from))
4112 delta = from->truesize - SKB_DATA_ALIGN(sizeof(struct sk_buff));
4114 page = virt_to_head_page(from->head);
4115 offset = from->data - (unsigned char *)page_address(page);
4117 skb_fill_page_desc(to, skb_shinfo(to)->nr_frags,
4118 page, offset, skb_headlen(from));
4121 if (skb_shinfo(to)->nr_frags +
4122 skb_shinfo(from)->nr_frags > MAX_SKB_FRAGS)
4125 delta = from->truesize - SKB_TRUESIZE(skb_end_offset(from));
4128 WARN_ON_ONCE(delta < len);
4130 memcpy(skb_shinfo(to)->frags + skb_shinfo(to)->nr_frags,
4131 skb_shinfo(from)->frags,
4132 skb_shinfo(from)->nr_frags * sizeof(skb_frag_t));
4133 skb_shinfo(to)->nr_frags += skb_shinfo(from)->nr_frags;
4135 if (!skb_cloned(from))
4136 skb_shinfo(from)->nr_frags = 0;
4138 /* if the skb is not cloned this does nothing
4139 * since we set nr_frags to 0.
4141 for (i = 0; i < skb_shinfo(from)->nr_frags; i++)
4142 skb_frag_ref(from, i);
4144 to->truesize += delta;
4146 to->data_len += len;
4148 *delta_truesize = delta;
4151 EXPORT_SYMBOL(skb_try_coalesce);
4154 * skb_scrub_packet - scrub an skb
4156 * @skb: buffer to clean
4157 * @xnet: packet is crossing netns
4159 * skb_scrub_packet can be used after encapsulating or decapsulting a packet
4160 * into/from a tunnel. Some information have to be cleared during these
4162 * skb_scrub_packet can also be used to clean a skb before injecting it in
4163 * another namespace (@xnet == true). We have to clear all information in the
4164 * skb that could impact namespace isolation.
4166 void skb_scrub_packet(struct sk_buff *skb, bool xnet)
4170 skb->tstamp.tv64 = 0;
4171 skb->pkt_type = PACKET_HOST;
4176 skb_sender_cpu_clear(skb);
4177 skb_init_secmark(skb);
4180 nf_reset_trace(skb);
4182 EXPORT_SYMBOL_GPL(skb_scrub_packet);
4185 * skb_gso_transport_seglen - Return length of individual segments of a gso packet
4189 * skb_gso_transport_seglen is used to determine the real size of the
4190 * individual segments, including Layer4 headers (TCP/UDP).
4192 * The MAC/L2 or network (IP, IPv6) headers are not accounted for.
4194 unsigned int skb_gso_transport_seglen(const struct sk_buff *skb)
4196 const struct skb_shared_info *shinfo = skb_shinfo(skb);
4197 unsigned int thlen = 0;
4199 if (skb->encapsulation) {
4200 thlen = skb_inner_transport_header(skb) -
4201 skb_transport_header(skb);
4203 if (likely(shinfo->gso_type & (SKB_GSO_TCPV4 | SKB_GSO_TCPV6)))
4204 thlen += inner_tcp_hdrlen(skb);
4205 } else if (likely(shinfo->gso_type & (SKB_GSO_TCPV4 | SKB_GSO_TCPV6))) {
4206 thlen = tcp_hdrlen(skb);
4208 /* UFO sets gso_size to the size of the fragmentation
4209 * payload, i.e. the size of the L4 (UDP) header is already
4212 return thlen + shinfo->gso_size;
4214 EXPORT_SYMBOL_GPL(skb_gso_transport_seglen);
4216 static struct sk_buff *skb_reorder_vlan_header(struct sk_buff *skb)
4218 if (skb_cow(skb, skb_headroom(skb)) < 0) {
4223 memmove(skb->data - ETH_HLEN, skb->data - VLAN_ETH_HLEN, 2 * ETH_ALEN);
4224 skb->mac_header += VLAN_HLEN;
4228 struct sk_buff *skb_vlan_untag(struct sk_buff *skb)
4230 struct vlan_hdr *vhdr;
4233 if (unlikely(skb_vlan_tag_present(skb))) {
4234 /* vlan_tci is already set-up so leave this for another time */
4238 skb = skb_share_check(skb, GFP_ATOMIC);
4242 if (unlikely(!pskb_may_pull(skb, VLAN_HLEN)))
4245 vhdr = (struct vlan_hdr *)skb->data;
4246 vlan_tci = ntohs(vhdr->h_vlan_TCI);
4247 __vlan_hwaccel_put_tag(skb, skb->protocol, vlan_tci);
4249 skb_pull_rcsum(skb, VLAN_HLEN);
4250 vlan_set_encap_proto(skb, vhdr);
4252 skb = skb_reorder_vlan_header(skb);
4256 skb_reset_network_header(skb);
4257 skb_reset_transport_header(skb);
4258 skb_reset_mac_len(skb);
4266 EXPORT_SYMBOL(skb_vlan_untag);
4268 int skb_ensure_writable(struct sk_buff *skb, int write_len)
4270 if (!pskb_may_pull(skb, write_len))
4273 if (!skb_cloned(skb) || skb_clone_writable(skb, write_len))
4276 return pskb_expand_head(skb, 0, 0, GFP_ATOMIC);
4278 EXPORT_SYMBOL(skb_ensure_writable);
4280 /* remove VLAN header from packet and update csum accordingly. */
4281 static int __skb_vlan_pop(struct sk_buff *skb, u16 *vlan_tci)
4283 struct vlan_hdr *vhdr;
4284 unsigned int offset = skb->data - skb_mac_header(skb);
4287 __skb_push(skb, offset);
4288 err = skb_ensure_writable(skb, VLAN_ETH_HLEN);
4292 skb_postpull_rcsum(skb, skb->data + (2 * ETH_ALEN), VLAN_HLEN);
4294 vhdr = (struct vlan_hdr *)(skb->data + ETH_HLEN);
4295 *vlan_tci = ntohs(vhdr->h_vlan_TCI);
4297 memmove(skb->data + VLAN_HLEN, skb->data, 2 * ETH_ALEN);
4298 __skb_pull(skb, VLAN_HLEN);
4300 vlan_set_encap_proto(skb, vhdr);
4301 skb->mac_header += VLAN_HLEN;
4303 if (skb_network_offset(skb) < ETH_HLEN)
4304 skb_set_network_header(skb, ETH_HLEN);
4306 skb_reset_mac_len(skb);
4308 __skb_pull(skb, offset);
4313 int skb_vlan_pop(struct sk_buff *skb)
4319 if (likely(skb_vlan_tag_present(skb))) {
4322 if (unlikely((skb->protocol != htons(ETH_P_8021Q) &&
4323 skb->protocol != htons(ETH_P_8021AD)) ||
4324 skb->len < VLAN_ETH_HLEN))
4327 err = __skb_vlan_pop(skb, &vlan_tci);
4331 /* move next vlan tag to hw accel tag */
4332 if (likely((skb->protocol != htons(ETH_P_8021Q) &&
4333 skb->protocol != htons(ETH_P_8021AD)) ||
4334 skb->len < VLAN_ETH_HLEN))
4337 vlan_proto = skb->protocol;
4338 err = __skb_vlan_pop(skb, &vlan_tci);
4342 __vlan_hwaccel_put_tag(skb, vlan_proto, vlan_tci);
4345 EXPORT_SYMBOL(skb_vlan_pop);
4347 int skb_vlan_push(struct sk_buff *skb, __be16 vlan_proto, u16 vlan_tci)
4349 if (skb_vlan_tag_present(skb)) {
4350 unsigned int offset = skb->data - skb_mac_header(skb);
4353 /* __vlan_insert_tag expect skb->data pointing to mac header.
4354 * So change skb->data before calling it and change back to
4355 * original position later
4357 __skb_push(skb, offset);
4358 err = __vlan_insert_tag(skb, skb->vlan_proto,
4359 skb_vlan_tag_get(skb));
4362 skb->protocol = skb->vlan_proto;
4363 skb->mac_len += VLAN_HLEN;
4364 __skb_pull(skb, offset);
4366 if (skb->ip_summed == CHECKSUM_COMPLETE)
4367 skb->csum = csum_add(skb->csum, csum_partial(skb->data
4368 + (2 * ETH_ALEN), VLAN_HLEN, 0));
4370 __vlan_hwaccel_put_tag(skb, vlan_proto, vlan_tci);
4373 EXPORT_SYMBOL(skb_vlan_push);
4376 * alloc_skb_with_frags - allocate skb with page frags
4378 * @header_len: size of linear part
4379 * @data_len: needed length in frags
4380 * @max_page_order: max page order desired.
4381 * @errcode: pointer to error code if any
4382 * @gfp_mask: allocation mask
4384 * This can be used to allocate a paged skb, given a maximal order for frags.
4386 struct sk_buff *alloc_skb_with_frags(unsigned long header_len,
4387 unsigned long data_len,
4392 int npages = (data_len + (PAGE_SIZE - 1)) >> PAGE_SHIFT;
4393 unsigned long chunk;
4394 struct sk_buff *skb;
4399 *errcode = -EMSGSIZE;
4400 /* Note this test could be relaxed, if we succeed to allocate
4401 * high order pages...
4403 if (npages > MAX_SKB_FRAGS)
4406 gfp_head = gfp_mask;
4407 if (gfp_head & __GFP_WAIT)
4408 gfp_head |= __GFP_REPEAT;
4410 *errcode = -ENOBUFS;
4411 skb = alloc_skb(header_len, gfp_head);
4415 skb->truesize += npages << PAGE_SHIFT;
4417 for (i = 0; npages > 0; i++) {
4418 int order = max_page_order;
4421 if (npages >= 1 << order) {
4422 page = alloc_pages(gfp_mask |
4429 /* Do not retry other high order allocations */
4435 page = alloc_page(gfp_mask);
4439 chunk = min_t(unsigned long, data_len,
4440 PAGE_SIZE << order);
4441 skb_fill_page_desc(skb, i, page, 0, chunk);
4443 npages -= 1 << order;
4451 EXPORT_SYMBOL(alloc_skb_with_frags);
projects / cascardo / linux.git / blob