LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Weekly Edition

Return to the Kernel page

Recent Features

LWN.net Weekly Edition for October 3, 2013

Integrity and embedded devices

NUMA scheduling progress

LWN.net Weekly Edition for September 26, 2013

A perf ABI fix

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

alloc_skb_from_cache()

[Posted January 4, 2005 by corbet]

The post-2.6.10 mainline kernel contains a set of patches designed to help with the merging of the Xen virtual architecture. One of them is an enhancement to the networking API which could have uses beyond Xen.

The "socket buffer" (SKB) is the core kernel data structure used to represent packets as they pass through the system. The SKB API has been described for 2.4 in LDD2; this interface has changed little since then. SKB structures are allocated in various ways by the networking layer; the Xen patches add a new way: 

    struct sk_buff *alloc_skb_from_cache(kmem_cache_t *cache,
                                         unsigned int size, int gfp_mask);

This function will allocate an SKB of the given size from the slab cache provided. It assumes that the cache will provide a chunk of memory of sufficient size for the buffer - and various bits of overhead imposed by the SKB structure itself.

The new allocation function might speed things slightly for network drivers which allocate large numbers of buffers of the same size - though the existing allocation interfaces are already pretty fast. Xen has an interesting use for this capability, however: fast networking between virtual machines. By using the slab cache, Xen can ensure that every packet is allocated a one-page buffer. When that packet is sent to another virtual machine, the associated page can be unmapped from the source system and mapped into the address space of the destination. It is, in other words, a fairly straightforward zero-copy networking scheme. As a side benefit, the Xen monitor benefits from the knowledge that the pages in question have been used for network packets - since the contents of the packet could be read by third parties while it is in transit, there is no real point in worrying about zeroing out the data afterward.

(Log in to post comments)

alloc_skb_from_cache()

Posted Jan 9, 2005 14:23 UTC (Sun) by jcm (subscriber, #18262) [Link]

...assuming the original packet came from a public real, physcial bit of wet string ethernet.

Jon.

alloc_skb_from_cache()

Posted Jan 10, 2005 14:32 UTC (Mon) by ami.ganguli (guest, #9613) [Link]

It's more a question of the assumptions that users of a given API make about security.

In the general memory allocation case, users of the APIs assume that information in freed memory is gone forever and won't be readable by another user later on.

Users that send data over a network don't (or shouldn't) assume that the data is private. If they require privacy, they know they must take additional steps to ensure it.

Copyright © 2005, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds