1 /* Copyright (c) 2011-2014 PLUMgrid, http://plumgrid.com
2 * Copyright (c) 2016,2017 Facebook
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of version 2 of the GNU General Public
6 * License as published by the Free Software Foundation.
8 * This program is distributed in the hope that it will be useful, but
9 * WITHOUT ANY WARRANTY; without even the implied warranty of
10 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
11 * General Public License for more details.
13 #include <linux/bpf.h>
14 #include <linux/err.h>
15 #include <linux/slab.h>
17 #include <linux/filter.h>
18 #include <linux/perf_event.h>
20 #include "map_in_map.h"
22 static void bpf_array_free_percpu(struct bpf_array *array)
26 for (i = 0; i < array->map.max_entries; i++)
27 free_percpu(array->pptrs[i]);
30 static int bpf_array_alloc_percpu(struct bpf_array *array)
35 for (i = 0; i < array->map.max_entries; i++) {
36 ptr = __alloc_percpu_gfp(array->elem_size, 8,
37 GFP_USER | __GFP_NOWARN);
39 bpf_array_free_percpu(array);
42 array->pptrs[i] = ptr;
48 /* Called from syscall */
49 static struct bpf_map *array_map_alloc(union bpf_attr *attr)
51 bool percpu = attr->map_type == BPF_MAP_TYPE_PERCPU_ARRAY;
52 struct bpf_array *array;
56 /* check sanity of attributes */
57 if (attr->max_entries == 0 || attr->key_size != 4 ||
58 attr->value_size == 0 || attr->map_flags)
59 return ERR_PTR(-EINVAL);
61 if (attr->value_size > KMALLOC_MAX_SIZE)
62 /* if value_size is bigger, the user space won't be able to
63 * access the elements.
65 return ERR_PTR(-E2BIG);
67 elem_size = round_up(attr->value_size, 8);
69 array_size = sizeof(*array);
71 array_size += (u64) attr->max_entries * sizeof(void *);
73 array_size += (u64) attr->max_entries * elem_size;
75 /* make sure there is no u32 overflow later in round_up() */
76 if (array_size >= U32_MAX - PAGE_SIZE)
77 return ERR_PTR(-ENOMEM);
79 /* allocate all map elements and zero-initialize them */
80 array = bpf_map_area_alloc(array_size);
82 return ERR_PTR(-ENOMEM);
84 /* copy mandatory map attributes */
85 array->map.map_type = attr->map_type;
86 array->map.key_size = attr->key_size;
87 array->map.value_size = attr->value_size;
88 array->map.max_entries = attr->max_entries;
89 array->elem_size = elem_size;
94 array_size += (u64) attr->max_entries * elem_size * num_possible_cpus();
96 if (array_size >= U32_MAX - PAGE_SIZE ||
97 elem_size > PCPU_MIN_UNIT_SIZE || bpf_array_alloc_percpu(array)) {
98 bpf_map_area_free(array);
99 return ERR_PTR(-ENOMEM);
102 array->map.pages = round_up(array_size, PAGE_SIZE) >> PAGE_SHIFT;
107 /* Called from syscall or from eBPF program */
108 static void *array_map_lookup_elem(struct bpf_map *map, void *key)
110 struct bpf_array *array = container_of(map, struct bpf_array, map);
111 u32 index = *(u32 *)key;
113 if (unlikely(index >= array->map.max_entries))
116 return array->value + array->elem_size * index;
119 /* emit BPF instructions equivalent to C code of array_map_lookup_elem() */
120 static u32 array_map_gen_lookup(struct bpf_map *map, struct bpf_insn *insn_buf)
122 struct bpf_insn *insn = insn_buf;
123 u32 elem_size = round_up(map->value_size, 8);
124 const int ret = BPF_REG_0;
125 const int map_ptr = BPF_REG_1;
126 const int index = BPF_REG_2;
128 *insn++ = BPF_ALU64_IMM(BPF_ADD, map_ptr, offsetof(struct bpf_array, value));
129 *insn++ = BPF_LDX_MEM(BPF_W, ret, index, 0);
130 *insn++ = BPF_JMP_IMM(BPF_JGE, ret, map->max_entries, 3);
132 if (is_power_of_2(elem_size)) {
133 *insn++ = BPF_ALU64_IMM(BPF_LSH, ret, ilog2(elem_size));
135 *insn++ = BPF_ALU64_IMM(BPF_MUL, ret, elem_size);
137 *insn++ = BPF_ALU64_REG(BPF_ADD, ret, map_ptr);
138 *insn++ = BPF_JMP_IMM(BPF_JA, 0, 0, 1);
139 *insn++ = BPF_MOV64_IMM(ret, 0);
140 return insn - insn_buf;
143 /* Called from eBPF program */
144 static void *percpu_array_map_lookup_elem(struct bpf_map *map, void *key)
146 struct bpf_array *array = container_of(map, struct bpf_array, map);
147 u32 index = *(u32 *)key;
149 if (unlikely(index >= array->map.max_entries))
152 return this_cpu_ptr(array->pptrs[index]);
155 int bpf_percpu_array_copy(struct bpf_map *map, void *key, void *value)
157 struct bpf_array *array = container_of(map, struct bpf_array, map);
158 u32 index = *(u32 *)key;
163 if (unlikely(index >= array->map.max_entries))
166 /* per_cpu areas are zero-filled and bpf programs can only
167 * access 'value_size' of them, so copying rounded areas
168 * will not leak any kernel data
170 size = round_up(map->value_size, 8);
172 pptr = array->pptrs[index];
173 for_each_possible_cpu(cpu) {
174 bpf_long_memcpy(value + off, per_cpu_ptr(pptr, cpu), size);
181 /* Called from syscall */
182 static int array_map_get_next_key(struct bpf_map *map, void *key, void *next_key)
184 struct bpf_array *array = container_of(map, struct bpf_array, map);
185 u32 index = key ? *(u32 *)key : U32_MAX;
186 u32 *next = (u32 *)next_key;
188 if (index >= array->map.max_entries) {
193 if (index == array->map.max_entries - 1)
200 /* Called from syscall or from eBPF program */
201 static int array_map_update_elem(struct bpf_map *map, void *key, void *value,
204 struct bpf_array *array = container_of(map, struct bpf_array, map);
205 u32 index = *(u32 *)key;
207 if (unlikely(map_flags > BPF_EXIST))
211 if (unlikely(index >= array->map.max_entries))
212 /* all elements were pre-allocated, cannot insert a new one */
215 if (unlikely(map_flags == BPF_NOEXIST))
216 /* all elements already exist */
219 if (array->map.map_type == BPF_MAP_TYPE_PERCPU_ARRAY)
220 memcpy(this_cpu_ptr(array->pptrs[index]),
221 value, map->value_size);
223 memcpy(array->value + array->elem_size * index,
224 value, map->value_size);
228 int bpf_percpu_array_update(struct bpf_map *map, void *key, void *value,
231 struct bpf_array *array = container_of(map, struct bpf_array, map);
232 u32 index = *(u32 *)key;
237 if (unlikely(map_flags > BPF_EXIST))
241 if (unlikely(index >= array->map.max_entries))
242 /* all elements were pre-allocated, cannot insert a new one */
245 if (unlikely(map_flags == BPF_NOEXIST))
246 /* all elements already exist */
249 /* the user space will provide round_up(value_size, 8) bytes that
250 * will be copied into per-cpu area. bpf programs can only access
251 * value_size of it. During lookup the same extra bytes will be
252 * returned or zeros which were zero-filled by percpu_alloc,
253 * so no kernel data leaks possible
255 size = round_up(map->value_size, 8);
257 pptr = array->pptrs[index];
258 for_each_possible_cpu(cpu) {
259 bpf_long_memcpy(per_cpu_ptr(pptr, cpu), value + off, size);
266 /* Called from syscall or from eBPF program */
267 static int array_map_delete_elem(struct bpf_map *map, void *key)
272 /* Called when map->refcnt goes to zero, either from workqueue or from syscall */
273 static void array_map_free(struct bpf_map *map)
275 struct bpf_array *array = container_of(map, struct bpf_array, map);
277 /* at this point bpf_prog->aux->refcnt == 0 and this map->refcnt == 0,
278 * so the programs (can be more than one that used this map) were
279 * disconnected from events. Wait for outstanding programs to complete
284 if (array->map.map_type == BPF_MAP_TYPE_PERCPU_ARRAY)
285 bpf_array_free_percpu(array);
287 bpf_map_area_free(array);
290 const struct bpf_map_ops array_map_ops = {
291 .map_alloc = array_map_alloc,
292 .map_free = array_map_free,
293 .map_get_next_key = array_map_get_next_key,
294 .map_lookup_elem = array_map_lookup_elem,
295 .map_update_elem = array_map_update_elem,
296 .map_delete_elem = array_map_delete_elem,
297 .map_gen_lookup = array_map_gen_lookup,
300 const struct bpf_map_ops percpu_array_map_ops = {
301 .map_alloc = array_map_alloc,
302 .map_free = array_map_free,
303 .map_get_next_key = array_map_get_next_key,
304 .map_lookup_elem = percpu_array_map_lookup_elem,
305 .map_update_elem = array_map_update_elem,
306 .map_delete_elem = array_map_delete_elem,
309 static struct bpf_map *fd_array_map_alloc(union bpf_attr *attr)
311 /* only file descriptors can be stored in this type of map */
312 if (attr->value_size != sizeof(u32))
313 return ERR_PTR(-EINVAL);
314 return array_map_alloc(attr);
317 static void fd_array_map_free(struct bpf_map *map)
319 struct bpf_array *array = container_of(map, struct bpf_array, map);
324 /* make sure it's empty */
325 for (i = 0; i < array->map.max_entries; i++)
326 BUG_ON(array->ptrs[i] != NULL);
328 bpf_map_area_free(array);
331 static void *fd_array_map_lookup_elem(struct bpf_map *map, void *key)
336 /* only called from syscall */
337 int bpf_fd_array_map_update_elem(struct bpf_map *map, struct file *map_file,
338 void *key, void *value, u64 map_flags)
340 struct bpf_array *array = container_of(map, struct bpf_array, map);
341 void *new_ptr, *old_ptr;
342 u32 index = *(u32 *)key, ufd;
344 if (map_flags != BPF_ANY)
347 if (index >= array->map.max_entries)
351 new_ptr = map->ops->map_fd_get_ptr(map, map_file, ufd);
353 return PTR_ERR(new_ptr);
355 old_ptr = xchg(array->ptrs + index, new_ptr);
357 map->ops->map_fd_put_ptr(old_ptr);
362 static int fd_array_map_delete_elem(struct bpf_map *map, void *key)
364 struct bpf_array *array = container_of(map, struct bpf_array, map);
366 u32 index = *(u32 *)key;
368 if (index >= array->map.max_entries)
371 old_ptr = xchg(array->ptrs + index, NULL);
373 map->ops->map_fd_put_ptr(old_ptr);
380 static void *prog_fd_array_get_ptr(struct bpf_map *map,
381 struct file *map_file, int fd)
383 struct bpf_array *array = container_of(map, struct bpf_array, map);
384 struct bpf_prog *prog = bpf_prog_get(fd);
389 if (!bpf_prog_array_compatible(array, prog)) {
391 return ERR_PTR(-EINVAL);
397 static void prog_fd_array_put_ptr(void *ptr)
402 /* decrement refcnt of all bpf_progs that are stored in this map */
403 void bpf_fd_array_map_clear(struct bpf_map *map)
405 struct bpf_array *array = container_of(map, struct bpf_array, map);
408 for (i = 0; i < array->map.max_entries; i++)
409 fd_array_map_delete_elem(map, &i);
412 const struct bpf_map_ops prog_array_map_ops = {
413 .map_alloc = fd_array_map_alloc,
414 .map_free = fd_array_map_free,
415 .map_get_next_key = array_map_get_next_key,
416 .map_lookup_elem = fd_array_map_lookup_elem,
417 .map_delete_elem = fd_array_map_delete_elem,
418 .map_fd_get_ptr = prog_fd_array_get_ptr,
419 .map_fd_put_ptr = prog_fd_array_put_ptr,
422 static struct bpf_event_entry *bpf_event_entry_gen(struct file *perf_file,
423 struct file *map_file)
425 struct bpf_event_entry *ee;
427 ee = kzalloc(sizeof(*ee), GFP_ATOMIC);
429 ee->event = perf_file->private_data;
430 ee->perf_file = perf_file;
431 ee->map_file = map_file;
437 static void __bpf_event_entry_free(struct rcu_head *rcu)
439 struct bpf_event_entry *ee;
441 ee = container_of(rcu, struct bpf_event_entry, rcu);
446 static void bpf_event_entry_free_rcu(struct bpf_event_entry *ee)
448 call_rcu(&ee->rcu, __bpf_event_entry_free);
451 static void *perf_event_fd_array_get_ptr(struct bpf_map *map,
452 struct file *map_file, int fd)
454 const struct perf_event_attr *attr;
455 struct bpf_event_entry *ee;
456 struct perf_event *event;
457 struct file *perf_file;
459 perf_file = perf_event_get(fd);
460 if (IS_ERR(perf_file))
463 event = perf_file->private_data;
464 ee = ERR_PTR(-EINVAL);
466 attr = perf_event_attrs(event);
467 if (IS_ERR(attr) || attr->inherit)
470 switch (attr->type) {
471 case PERF_TYPE_SOFTWARE:
472 if (attr->config != PERF_COUNT_SW_BPF_OUTPUT)
476 case PERF_TYPE_HARDWARE:
477 ee = bpf_event_entry_gen(perf_file, map_file);
480 ee = ERR_PTR(-ENOMEM);
491 static void perf_event_fd_array_put_ptr(void *ptr)
493 bpf_event_entry_free_rcu(ptr);
496 static void perf_event_fd_array_release(struct bpf_map *map,
497 struct file *map_file)
499 struct bpf_array *array = container_of(map, struct bpf_array, map);
500 struct bpf_event_entry *ee;
504 for (i = 0; i < array->map.max_entries; i++) {
505 ee = READ_ONCE(array->ptrs[i]);
506 if (ee && ee->map_file == map_file)
507 fd_array_map_delete_elem(map, &i);
512 const struct bpf_map_ops perf_event_array_map_ops = {
513 .map_alloc = fd_array_map_alloc,
514 .map_free = fd_array_map_free,
515 .map_get_next_key = array_map_get_next_key,
516 .map_lookup_elem = fd_array_map_lookup_elem,
517 .map_delete_elem = fd_array_map_delete_elem,
518 .map_fd_get_ptr = perf_event_fd_array_get_ptr,
519 .map_fd_put_ptr = perf_event_fd_array_put_ptr,
520 .map_release = perf_event_fd_array_release,
523 #ifdef CONFIG_CGROUPS
524 static void *cgroup_fd_array_get_ptr(struct bpf_map *map,
525 struct file *map_file /* not used */,
528 return cgroup_get_from_fd(fd);
531 static void cgroup_fd_array_put_ptr(void *ptr)
533 /* cgroup_put free cgrp after a rcu grace period */
537 static void cgroup_fd_array_free(struct bpf_map *map)
539 bpf_fd_array_map_clear(map);
540 fd_array_map_free(map);
543 const struct bpf_map_ops cgroup_array_map_ops = {
544 .map_alloc = fd_array_map_alloc,
545 .map_free = cgroup_fd_array_free,
546 .map_get_next_key = array_map_get_next_key,
547 .map_lookup_elem = fd_array_map_lookup_elem,
548 .map_delete_elem = fd_array_map_delete_elem,
549 .map_fd_get_ptr = cgroup_fd_array_get_ptr,
550 .map_fd_put_ptr = cgroup_fd_array_put_ptr,
554 static struct bpf_map *array_of_map_alloc(union bpf_attr *attr)
556 struct bpf_map *map, *inner_map_meta;
558 inner_map_meta = bpf_map_meta_alloc(attr->inner_map_fd);
559 if (IS_ERR(inner_map_meta))
560 return inner_map_meta;
562 map = fd_array_map_alloc(attr);
564 bpf_map_meta_free(inner_map_meta);
568 map->inner_map_meta = inner_map_meta;
573 static void array_of_map_free(struct bpf_map *map)
575 /* map->inner_map_meta is only accessed by syscall which
576 * is protected by fdget/fdput.
578 bpf_map_meta_free(map->inner_map_meta);
579 bpf_fd_array_map_clear(map);
580 fd_array_map_free(map);
583 static void *array_of_map_lookup_elem(struct bpf_map *map, void *key)
585 struct bpf_map **inner_map = array_map_lookup_elem(map, key);
590 return READ_ONCE(*inner_map);
593 const struct bpf_map_ops array_of_maps_map_ops = {
594 .map_alloc = array_of_map_alloc,
595 .map_free = array_of_map_free,
596 .map_get_next_key = array_map_get_next_key,
597 .map_lookup_elem = array_of_map_lookup_elem,
598 .map_delete_elem = fd_array_map_delete_elem,
599 .map_fd_get_ptr = bpf_map_fd_get_ptr,
600 .map_fd_put_ptr = bpf_map_fd_put_ptr,
projects / karo-tx-linux.git / blob