1 // SPDX-License-Identifier: GPL-2.0-only
2 /* Copyright (c) 2019 Facebook */
3 #include <linux/hash.h>
5 #include <linux/filter.h>
6 #include <linux/ftrace.h>
7 #include <linux/rbtree_latch.h>
8 #include <linux/perf_event.h>
10 #include <linux/rcupdate_trace.h>
11 #include <linux/rcupdate_wait.h>
12 #include <linux/static_call.h>
13 #include <linux/bpf_verifier.h>
14 #include <linux/bpf_lsm.h>
15 #include <linux/delay.h>
17 /* dummy _ops. The verifier will operate on target program's ops. */
18 const struct bpf_verifier_ops bpf_extension_verifier_ops = {
20 const struct bpf_prog_ops bpf_extension_prog_ops = {
23 /* btf_vmlinux has ~22k attachable functions. 1k htab is enough. */
24 #define TRAMPOLINE_HASH_BITS 10
25 #define TRAMPOLINE_TABLE_SIZE (1 << TRAMPOLINE_HASH_BITS)
27 static struct hlist_head trampoline_table[TRAMPOLINE_TABLE_SIZE];
29 /* serializes access to trampoline_table */
30 static DEFINE_MUTEX(trampoline_mutex);
32 #ifdef CONFIG_DYNAMIC_FTRACE_WITH_DIRECT_CALLS
33 static int bpf_trampoline_update(struct bpf_trampoline *tr, bool lock_direct_mutex);
35 static int bpf_tramp_ftrace_ops_func(struct ftrace_ops *ops, enum ftrace_ops_cmd cmd)
37 struct bpf_trampoline *tr = ops->private;
40 if (cmd == FTRACE_OPS_CMD_ENABLE_SHARE_IPMODIFY_SELF) {
41 /* This is called inside register_ftrace_direct_multi(), so
42 * tr->mutex is already locked.
44 lockdep_assert_held_once(&tr->mutex);
46 /* Instead of updating the trampoline here, we propagate
47 * -EAGAIN to register_ftrace_direct(). Then we can
48 * retry register_ftrace_direct() after updating the
51 if ((tr->flags & BPF_TRAMP_F_CALL_ORIG) &&
52 !(tr->flags & BPF_TRAMP_F_ORIG_STACK)) {
53 if (WARN_ON_ONCE(tr->flags & BPF_TRAMP_F_SHARE_IPMODIFY))
56 tr->flags |= BPF_TRAMP_F_SHARE_IPMODIFY;
63 /* The normal locking order is
64 * tr->mutex => direct_mutex (ftrace.c) => ftrace_lock (ftrace.c)
66 * The following two commands are called from
68 * prepare_direct_functions_for_ipmodify
69 * cleanup_direct_functions_after_ipmodify
71 * In both cases, direct_mutex is already locked. Use
72 * mutex_trylock(&tr->mutex) to avoid deadlock in race condition
73 * (something else is making changes to this same trampoline).
75 if (!mutex_trylock(&tr->mutex)) {
76 /* sleep 1 ms to make sure whatever holding tr->mutex makes
84 case FTRACE_OPS_CMD_ENABLE_SHARE_IPMODIFY_PEER:
85 tr->flags |= BPF_TRAMP_F_SHARE_IPMODIFY;
87 if ((tr->flags & BPF_TRAMP_F_CALL_ORIG) &&
88 !(tr->flags & BPF_TRAMP_F_ORIG_STACK))
89 ret = bpf_trampoline_update(tr, false /* lock_direct_mutex */);
91 case FTRACE_OPS_CMD_DISABLE_SHARE_IPMODIFY_PEER:
92 tr->flags &= ~BPF_TRAMP_F_SHARE_IPMODIFY;
94 if (tr->flags & BPF_TRAMP_F_ORIG_STACK)
95 ret = bpf_trampoline_update(tr, false /* lock_direct_mutex */);
102 mutex_unlock(&tr->mutex);
107 bool bpf_prog_has_trampoline(const struct bpf_prog *prog)
109 enum bpf_attach_type eatype = prog->expected_attach_type;
110 enum bpf_prog_type ptype = prog->type;
112 return (ptype == BPF_PROG_TYPE_TRACING &&
113 (eatype == BPF_TRACE_FENTRY || eatype == BPF_TRACE_FEXIT ||
114 eatype == BPF_MODIFY_RETURN)) ||
115 (ptype == BPF_PROG_TYPE_LSM && eatype == BPF_LSM_MAC);
118 void bpf_image_ksym_add(void *data, struct bpf_ksym *ksym)
120 ksym->start = (unsigned long) data;
121 ksym->end = ksym->start + PAGE_SIZE;
123 perf_event_ksymbol(PERF_RECORD_KSYMBOL_TYPE_BPF, ksym->start,
124 PAGE_SIZE, false, ksym->name);
127 void bpf_image_ksym_del(struct bpf_ksym *ksym)
130 perf_event_ksymbol(PERF_RECORD_KSYMBOL_TYPE_BPF, ksym->start,
131 PAGE_SIZE, true, ksym->name);
134 static struct bpf_trampoline *bpf_trampoline_lookup(u64 key)
136 struct bpf_trampoline *tr;
137 struct hlist_head *head;
140 mutex_lock(&trampoline_mutex);
141 head = &trampoline_table[hash_64(key, TRAMPOLINE_HASH_BITS)];
142 hlist_for_each_entry(tr, head, hlist) {
143 if (tr->key == key) {
144 refcount_inc(&tr->refcnt);
148 tr = kzalloc(sizeof(*tr), GFP_KERNEL);
151 #ifdef CONFIG_DYNAMIC_FTRACE_WITH_DIRECT_CALLS
152 tr->fops = kzalloc(sizeof(struct ftrace_ops), GFP_KERNEL);
158 tr->fops->private = tr;
159 tr->fops->ops_func = bpf_tramp_ftrace_ops_func;
163 INIT_HLIST_NODE(&tr->hlist);
164 hlist_add_head(&tr->hlist, head);
165 refcount_set(&tr->refcnt, 1);
166 mutex_init(&tr->mutex);
167 for (i = 0; i < BPF_TRAMP_MAX; i++)
168 INIT_HLIST_HEAD(&tr->progs_hlist[i]);
170 mutex_unlock(&trampoline_mutex);
174 static int unregister_fentry(struct bpf_trampoline *tr, void *old_addr)
176 void *ip = tr->func.addr;
179 if (tr->func.ftrace_managed)
180 ret = unregister_ftrace_direct(tr->fops, (long)old_addr, false);
182 ret = bpf_arch_text_poke(ip, BPF_MOD_CALL, old_addr, NULL);
187 static int modify_fentry(struct bpf_trampoline *tr, void *old_addr, void *new_addr,
188 bool lock_direct_mutex)
190 void *ip = tr->func.addr;
193 if (tr->func.ftrace_managed) {
194 if (lock_direct_mutex)
195 ret = modify_ftrace_direct(tr->fops, (long)new_addr);
197 ret = modify_ftrace_direct_nolock(tr->fops, (long)new_addr);
199 ret = bpf_arch_text_poke(ip, BPF_MOD_CALL, old_addr, new_addr);
204 /* first time registering */
205 static int register_fentry(struct bpf_trampoline *tr, void *new_addr)
207 void *ip = tr->func.addr;
211 faddr = ftrace_location((unsigned long)ip);
215 tr->func.ftrace_managed = true;
218 if (tr->func.ftrace_managed) {
219 ftrace_set_filter_ip(tr->fops, (unsigned long)ip, 0, 1);
220 ret = register_ftrace_direct(tr->fops, (long)new_addr);
222 ret = bpf_arch_text_poke(ip, BPF_MOD_CALL, NULL, new_addr);
228 static struct bpf_tramp_links *
229 bpf_trampoline_get_progs(const struct bpf_trampoline *tr, int *total, bool *ip_arg)
231 struct bpf_tramp_link *link;
232 struct bpf_tramp_links *tlinks;
233 struct bpf_tramp_link **links;
237 tlinks = kcalloc(BPF_TRAMP_MAX, sizeof(*tlinks), GFP_KERNEL);
239 return ERR_PTR(-ENOMEM);
241 for (kind = 0; kind < BPF_TRAMP_MAX; kind++) {
242 tlinks[kind].nr_links = tr->progs_cnt[kind];
243 *total += tr->progs_cnt[kind];
244 links = tlinks[kind].links;
246 hlist_for_each_entry(link, &tr->progs_hlist[kind], tramp_hlist) {
247 *ip_arg |= link->link.prog->call_get_func_ip;
254 static void __bpf_tramp_image_put_deferred(struct work_struct *work)
256 struct bpf_tramp_image *im;
258 im = container_of(work, struct bpf_tramp_image, work);
259 bpf_image_ksym_del(&im->ksym);
260 bpf_jit_free_exec(im->image);
261 bpf_jit_uncharge_modmem(PAGE_SIZE);
262 percpu_ref_exit(&im->pcref);
266 /* callback, fexit step 3 or fentry step 2 */
267 static void __bpf_tramp_image_put_rcu(struct rcu_head *rcu)
269 struct bpf_tramp_image *im;
271 im = container_of(rcu, struct bpf_tramp_image, rcu);
272 INIT_WORK(&im->work, __bpf_tramp_image_put_deferred);
273 schedule_work(&im->work);
276 /* callback, fexit step 2. Called after percpu_ref_kill confirms. */
277 static void __bpf_tramp_image_release(struct percpu_ref *pcref)
279 struct bpf_tramp_image *im;
281 im = container_of(pcref, struct bpf_tramp_image, pcref);
282 call_rcu_tasks(&im->rcu, __bpf_tramp_image_put_rcu);
285 /* callback, fexit or fentry step 1 */
286 static void __bpf_tramp_image_put_rcu_tasks(struct rcu_head *rcu)
288 struct bpf_tramp_image *im;
290 im = container_of(rcu, struct bpf_tramp_image, rcu);
291 if (im->ip_after_call)
292 /* the case of fmod_ret/fexit trampoline and CONFIG_PREEMPTION=y */
293 percpu_ref_kill(&im->pcref);
295 /* the case of fentry trampoline */
296 call_rcu_tasks(&im->rcu, __bpf_tramp_image_put_rcu);
299 static void bpf_tramp_image_put(struct bpf_tramp_image *im)
301 /* The trampoline image that calls original function is using:
302 * rcu_read_lock_trace to protect sleepable bpf progs
303 * rcu_read_lock to protect normal bpf progs
304 * percpu_ref to protect trampoline itself
305 * rcu tasks to protect trampoline asm not covered by percpu_ref
306 * (which are few asm insns before __bpf_tramp_enter and
307 * after __bpf_tramp_exit)
309 * The trampoline is unreachable before bpf_tramp_image_put().
311 * First, patch the trampoline to avoid calling into fexit progs.
312 * The progs will be freed even if the original function is still
313 * executing or sleeping.
314 * In case of CONFIG_PREEMPT=y use call_rcu_tasks() to wait on
315 * first few asm instructions to execute and call into
316 * __bpf_tramp_enter->percpu_ref_get.
317 * Then use percpu_ref_kill to wait for the trampoline and the original
318 * function to finish.
319 * Then use call_rcu_tasks() to make sure few asm insns in
320 * the trampoline epilogue are done as well.
322 * In !PREEMPT case the task that got interrupted in the first asm
323 * insns won't go through an RCU quiescent state which the
324 * percpu_ref_kill will be waiting for. Hence the first
325 * call_rcu_tasks() is not necessary.
327 if (im->ip_after_call) {
328 int err = bpf_arch_text_poke(im->ip_after_call, BPF_MOD_JUMP,
329 NULL, im->ip_epilogue);
331 if (IS_ENABLED(CONFIG_PREEMPTION))
332 call_rcu_tasks(&im->rcu, __bpf_tramp_image_put_rcu_tasks);
334 percpu_ref_kill(&im->pcref);
338 /* The trampoline without fexit and fmod_ret progs doesn't call original
339 * function and doesn't use percpu_ref.
340 * Use call_rcu_tasks_trace() to wait for sleepable progs to finish.
341 * Then use call_rcu_tasks() to wait for the rest of trampoline asm
344 call_rcu_tasks_trace(&im->rcu, __bpf_tramp_image_put_rcu_tasks);
347 static struct bpf_tramp_image *bpf_tramp_image_alloc(u64 key, u32 idx)
349 struct bpf_tramp_image *im;
350 struct bpf_ksym *ksym;
354 im = kzalloc(sizeof(*im), GFP_KERNEL);
358 err = bpf_jit_charge_modmem(PAGE_SIZE);
363 im->image = image = bpf_jit_alloc_exec(PAGE_SIZE);
366 set_vm_flush_reset_perms(image);
368 err = percpu_ref_init(&im->pcref, __bpf_tramp_image_release, 0, GFP_KERNEL);
373 INIT_LIST_HEAD_RCU(&ksym->lnode);
374 snprintf(ksym->name, KSYM_NAME_LEN, "bpf_trampoline_%llu_%u", key, idx);
375 bpf_image_ksym_add(image, ksym);
379 bpf_jit_free_exec(im->image);
381 bpf_jit_uncharge_modmem(PAGE_SIZE);
388 static int bpf_trampoline_update(struct bpf_trampoline *tr, bool lock_direct_mutex)
390 struct bpf_tramp_image *im;
391 struct bpf_tramp_links *tlinks;
392 u32 orig_flags = tr->flags;
396 tlinks = bpf_trampoline_get_progs(tr, &total, &ip_arg);
398 return PTR_ERR(tlinks);
401 err = unregister_fentry(tr, tr->cur_image->image);
402 bpf_tramp_image_put(tr->cur_image);
403 tr->cur_image = NULL;
408 im = bpf_tramp_image_alloc(tr->key, tr->selector);
414 /* clear all bits except SHARE_IPMODIFY */
415 tr->flags &= BPF_TRAMP_F_SHARE_IPMODIFY;
417 if (tlinks[BPF_TRAMP_FEXIT].nr_links ||
418 tlinks[BPF_TRAMP_MODIFY_RETURN].nr_links) {
419 /* NOTE: BPF_TRAMP_F_RESTORE_REGS and BPF_TRAMP_F_SKIP_FRAME
420 * should not be set together.
422 tr->flags |= BPF_TRAMP_F_CALL_ORIG | BPF_TRAMP_F_SKIP_FRAME;
424 tr->flags |= BPF_TRAMP_F_RESTORE_REGS;
428 tr->flags |= BPF_TRAMP_F_IP_ARG;
430 #ifdef CONFIG_DYNAMIC_FTRACE_WITH_DIRECT_CALLS
432 if ((tr->flags & BPF_TRAMP_F_SHARE_IPMODIFY) &&
433 (tr->flags & BPF_TRAMP_F_CALL_ORIG))
434 tr->flags |= BPF_TRAMP_F_ORIG_STACK;
437 err = arch_prepare_bpf_trampoline(im, im->image, im->image + PAGE_SIZE,
438 &tr->func.model, tr->flags, tlinks,
443 set_memory_rox((long)im->image, 1);
445 WARN_ON(tr->cur_image && tr->selector == 0);
446 WARN_ON(!tr->cur_image && tr->selector);
448 /* progs already running at this address */
449 err = modify_fentry(tr, tr->cur_image->image, im->image, lock_direct_mutex);
451 /* first time registering */
452 err = register_fentry(tr, im->image);
454 #ifdef CONFIG_DYNAMIC_FTRACE_WITH_DIRECT_CALLS
455 if (err == -EAGAIN) {
456 /* -EAGAIN from bpf_tramp_ftrace_ops_func. Now
457 * BPF_TRAMP_F_SHARE_IPMODIFY is set, we can generate the
458 * trampoline again, and retry register.
460 /* reset fops->func and fops->trampoline for re-register */
461 tr->fops->func = NULL;
462 tr->fops->trampoline = 0;
464 /* reset im->image memory attr for arch_prepare_bpf_trampoline */
465 set_memory_nx((long)im->image, 1);
466 set_memory_rw((long)im->image, 1);
474 bpf_tramp_image_put(tr->cur_image);
478 /* If any error happens, restore previous flags */
480 tr->flags = orig_flags;
485 static enum bpf_tramp_prog_type bpf_attach_type_to_tramp(struct bpf_prog *prog)
487 switch (prog->expected_attach_type) {
488 case BPF_TRACE_FENTRY:
489 return BPF_TRAMP_FENTRY;
490 case BPF_MODIFY_RETURN:
491 return BPF_TRAMP_MODIFY_RETURN;
492 case BPF_TRACE_FEXIT:
493 return BPF_TRAMP_FEXIT;
495 if (!prog->aux->attach_func_proto->type)
496 /* The function returns void, we cannot modify its
499 return BPF_TRAMP_FEXIT;
501 return BPF_TRAMP_MODIFY_RETURN;
503 return BPF_TRAMP_REPLACE;
507 static int __bpf_trampoline_link_prog(struct bpf_tramp_link *link, struct bpf_trampoline *tr)
509 enum bpf_tramp_prog_type kind;
510 struct bpf_tramp_link *link_exiting;
514 kind = bpf_attach_type_to_tramp(link->link.prog);
515 if (tr->extension_prog)
516 /* cannot attach fentry/fexit if extension prog is attached.
517 * cannot overwrite extension prog either.
521 for (i = 0; i < BPF_TRAMP_MAX; i++)
522 cnt += tr->progs_cnt[i];
524 if (kind == BPF_TRAMP_REPLACE) {
525 /* Cannot attach extension if fentry/fexit are in use. */
528 tr->extension_prog = link->link.prog;
529 return bpf_arch_text_poke(tr->func.addr, BPF_MOD_JUMP, NULL,
530 link->link.prog->bpf_func);
532 if (cnt >= BPF_MAX_TRAMP_LINKS)
534 if (!hlist_unhashed(&link->tramp_hlist))
535 /* prog already linked */
537 hlist_for_each_entry(link_exiting, &tr->progs_hlist[kind], tramp_hlist) {
538 if (link_exiting->link.prog != link->link.prog)
540 /* prog already linked */
544 hlist_add_head(&link->tramp_hlist, &tr->progs_hlist[kind]);
545 tr->progs_cnt[kind]++;
546 err = bpf_trampoline_update(tr, true /* lock_direct_mutex */);
548 hlist_del_init(&link->tramp_hlist);
549 tr->progs_cnt[kind]--;
554 int bpf_trampoline_link_prog(struct bpf_tramp_link *link, struct bpf_trampoline *tr)
558 mutex_lock(&tr->mutex);
559 err = __bpf_trampoline_link_prog(link, tr);
560 mutex_unlock(&tr->mutex);
564 static int __bpf_trampoline_unlink_prog(struct bpf_tramp_link *link, struct bpf_trampoline *tr)
566 enum bpf_tramp_prog_type kind;
569 kind = bpf_attach_type_to_tramp(link->link.prog);
570 if (kind == BPF_TRAMP_REPLACE) {
571 WARN_ON_ONCE(!tr->extension_prog);
572 err = bpf_arch_text_poke(tr->func.addr, BPF_MOD_JUMP,
573 tr->extension_prog->bpf_func, NULL);
574 tr->extension_prog = NULL;
577 hlist_del_init(&link->tramp_hlist);
578 tr->progs_cnt[kind]--;
579 return bpf_trampoline_update(tr, true /* lock_direct_mutex */);
582 /* bpf_trampoline_unlink_prog() should never fail. */
583 int bpf_trampoline_unlink_prog(struct bpf_tramp_link *link, struct bpf_trampoline *tr)
587 mutex_lock(&tr->mutex);
588 err = __bpf_trampoline_unlink_prog(link, tr);
589 mutex_unlock(&tr->mutex);
593 #if defined(CONFIG_CGROUP_BPF) && defined(CONFIG_BPF_LSM)
594 static void bpf_shim_tramp_link_release(struct bpf_link *link)
596 struct bpf_shim_tramp_link *shim_link =
597 container_of(link, struct bpf_shim_tramp_link, link.link);
599 /* paired with 'shim_link->trampoline = tr' in bpf_trampoline_link_cgroup_shim */
600 if (!shim_link->trampoline)
603 WARN_ON_ONCE(bpf_trampoline_unlink_prog(&shim_link->link, shim_link->trampoline));
604 bpf_trampoline_put(shim_link->trampoline);
607 static void bpf_shim_tramp_link_dealloc(struct bpf_link *link)
609 struct bpf_shim_tramp_link *shim_link =
610 container_of(link, struct bpf_shim_tramp_link, link.link);
615 static const struct bpf_link_ops bpf_shim_tramp_link_lops = {
616 .release = bpf_shim_tramp_link_release,
617 .dealloc = bpf_shim_tramp_link_dealloc,
620 static struct bpf_shim_tramp_link *cgroup_shim_alloc(const struct bpf_prog *prog,
624 struct bpf_shim_tramp_link *shim_link = NULL;
627 shim_link = kzalloc(sizeof(*shim_link), GFP_USER);
631 p = bpf_prog_alloc(1, 0);
638 p->bpf_func = bpf_func;
640 p->aux->cgroup_atype = cgroup_atype;
641 p->aux->attach_func_proto = prog->aux->attach_func_proto;
642 p->aux->attach_btf_id = prog->aux->attach_btf_id;
643 p->aux->attach_btf = prog->aux->attach_btf;
644 btf_get(p->aux->attach_btf);
645 p->type = BPF_PROG_TYPE_LSM;
646 p->expected_attach_type = BPF_LSM_MAC;
648 bpf_link_init(&shim_link->link.link, BPF_LINK_TYPE_UNSPEC,
649 &bpf_shim_tramp_link_lops, p);
650 bpf_cgroup_atype_get(p->aux->attach_btf_id, cgroup_atype);
655 static struct bpf_shim_tramp_link *cgroup_shim_find(struct bpf_trampoline *tr,
658 struct bpf_tramp_link *link;
661 for (kind = 0; kind < BPF_TRAMP_MAX; kind++) {
662 hlist_for_each_entry(link, &tr->progs_hlist[kind], tramp_hlist) {
663 struct bpf_prog *p = link->link.prog;
665 if (p->bpf_func == bpf_func)
666 return container_of(link, struct bpf_shim_tramp_link, link);
673 int bpf_trampoline_link_cgroup_shim(struct bpf_prog *prog,
676 struct bpf_shim_tramp_link *shim_link = NULL;
677 struct bpf_attach_target_info tgt_info = {};
678 struct bpf_trampoline *tr;
683 err = bpf_check_attach_target(NULL, prog, NULL,
684 prog->aux->attach_btf_id,
689 key = bpf_trampoline_compute_key(NULL, prog->aux->attach_btf,
690 prog->aux->attach_btf_id);
692 bpf_lsm_find_cgroup_shim(prog, &bpf_func);
693 tr = bpf_trampoline_get(key, &tgt_info);
697 mutex_lock(&tr->mutex);
699 shim_link = cgroup_shim_find(tr, bpf_func);
701 /* Reusing existing shim attached by the other program. */
702 bpf_link_inc(&shim_link->link.link);
704 mutex_unlock(&tr->mutex);
705 bpf_trampoline_put(tr); /* bpf_trampoline_get above */
709 /* Allocate and install new shim. */
711 shim_link = cgroup_shim_alloc(prog, bpf_func, cgroup_atype);
717 err = __bpf_trampoline_link_prog(&shim_link->link, tr);
721 shim_link->trampoline = tr;
722 /* note, we're still holding tr refcnt from above */
724 mutex_unlock(&tr->mutex);
728 mutex_unlock(&tr->mutex);
731 bpf_link_put(&shim_link->link.link);
733 /* have to release tr while _not_ holding its mutex */
734 bpf_trampoline_put(tr); /* bpf_trampoline_get above */
739 void bpf_trampoline_unlink_cgroup_shim(struct bpf_prog *prog)
741 struct bpf_shim_tramp_link *shim_link = NULL;
742 struct bpf_trampoline *tr;
746 key = bpf_trampoline_compute_key(NULL, prog->aux->attach_btf,
747 prog->aux->attach_btf_id);
749 bpf_lsm_find_cgroup_shim(prog, &bpf_func);
750 tr = bpf_trampoline_lookup(key);
751 if (WARN_ON_ONCE(!tr))
754 mutex_lock(&tr->mutex);
755 shim_link = cgroup_shim_find(tr, bpf_func);
756 mutex_unlock(&tr->mutex);
759 bpf_link_put(&shim_link->link.link);
761 bpf_trampoline_put(tr); /* bpf_trampoline_lookup above */
765 struct bpf_trampoline *bpf_trampoline_get(u64 key,
766 struct bpf_attach_target_info *tgt_info)
768 struct bpf_trampoline *tr;
770 tr = bpf_trampoline_lookup(key);
774 mutex_lock(&tr->mutex);
778 memcpy(&tr->func.model, &tgt_info->fmodel, sizeof(tgt_info->fmodel));
779 tr->func.addr = (void *)tgt_info->tgt_addr;
781 mutex_unlock(&tr->mutex);
785 void bpf_trampoline_put(struct bpf_trampoline *tr)
791 mutex_lock(&trampoline_mutex);
792 if (!refcount_dec_and_test(&tr->refcnt))
794 WARN_ON_ONCE(mutex_is_locked(&tr->mutex));
796 for (i = 0; i < BPF_TRAMP_MAX; i++)
797 if (WARN_ON_ONCE(!hlist_empty(&tr->progs_hlist[i])))
800 /* This code will be executed even when the last bpf_tramp_image
801 * is alive. All progs are detached from the trampoline and the
802 * trampoline image is patched with jmp into epilogue to skip
803 * fexit progs. The fentry-only trampoline will be freed via
804 * multiple rcu callbacks.
806 hlist_del(&tr->hlist);
808 ftrace_free_filter(tr->fops);
813 mutex_unlock(&trampoline_mutex);
816 #define NO_START_TIME 1
817 static __always_inline u64 notrace bpf_prog_start_time(void)
819 u64 start = NO_START_TIME;
821 if (static_branch_unlikely(&bpf_stats_enabled_key)) {
822 start = sched_clock();
823 if (unlikely(!start))
824 start = NO_START_TIME;
829 /* The logic is similar to bpf_prog_run(), but with an explicit
830 * rcu_read_lock() and migrate_disable() which are required
831 * for the trampoline. The macro is split into
832 * call __bpf_prog_enter
833 * call prog->bpf_func
834 * call __bpf_prog_exit
836 * __bpf_prog_enter returns:
837 * 0 - skip execution of the bpf prog
838 * 1 - execute bpf prog
839 * [2..MAX_U64] - execute bpf prog and record execution time.
840 * This is start time.
842 static u64 notrace __bpf_prog_enter_recur(struct bpf_prog *prog, struct bpf_tramp_run_ctx *run_ctx)
848 run_ctx->saved_run_ctx = bpf_set_run_ctx(&run_ctx->run_ctx);
850 if (unlikely(this_cpu_inc_return(*(prog->active)) != 1)) {
851 bpf_prog_inc_misses_counter(prog);
854 return bpf_prog_start_time();
857 static void notrace update_prog_stats(struct bpf_prog *prog,
860 struct bpf_prog_stats *stats;
862 if (static_branch_unlikely(&bpf_stats_enabled_key) &&
863 /* static_key could be enabled in __bpf_prog_enter*
864 * and disabled in __bpf_prog_exit*.
866 * Hence check that 'start' is valid.
868 start > NO_START_TIME) {
871 stats = this_cpu_ptr(prog->stats);
872 flags = u64_stats_update_begin_irqsave(&stats->syncp);
873 u64_stats_inc(&stats->cnt);
874 u64_stats_add(&stats->nsecs, sched_clock() - start);
875 u64_stats_update_end_irqrestore(&stats->syncp, flags);
879 static void notrace __bpf_prog_exit_recur(struct bpf_prog *prog, u64 start,
880 struct bpf_tramp_run_ctx *run_ctx)
883 bpf_reset_run_ctx(run_ctx->saved_run_ctx);
885 update_prog_stats(prog, start);
886 this_cpu_dec(*(prog->active));
891 static u64 notrace __bpf_prog_enter_lsm_cgroup(struct bpf_prog *prog,
892 struct bpf_tramp_run_ctx *run_ctx)
895 /* Runtime stats are exported via actual BPF_LSM_CGROUP
896 * programs, not the shims.
901 run_ctx->saved_run_ctx = bpf_set_run_ctx(&run_ctx->run_ctx);
903 return NO_START_TIME;
906 static void notrace __bpf_prog_exit_lsm_cgroup(struct bpf_prog *prog, u64 start,
907 struct bpf_tramp_run_ctx *run_ctx)
910 bpf_reset_run_ctx(run_ctx->saved_run_ctx);
916 u64 notrace __bpf_prog_enter_sleepable_recur(struct bpf_prog *prog,
917 struct bpf_tramp_run_ctx *run_ctx)
919 rcu_read_lock_trace();
923 if (unlikely(this_cpu_inc_return(*(prog->active)) != 1)) {
924 bpf_prog_inc_misses_counter(prog);
928 run_ctx->saved_run_ctx = bpf_set_run_ctx(&run_ctx->run_ctx);
930 return bpf_prog_start_time();
933 void notrace __bpf_prog_exit_sleepable_recur(struct bpf_prog *prog, u64 start,
934 struct bpf_tramp_run_ctx *run_ctx)
936 bpf_reset_run_ctx(run_ctx->saved_run_ctx);
938 update_prog_stats(prog, start);
939 this_cpu_dec(*(prog->active));
941 rcu_read_unlock_trace();
944 static u64 notrace __bpf_prog_enter_sleepable(struct bpf_prog *prog,
945 struct bpf_tramp_run_ctx *run_ctx)
947 rcu_read_lock_trace();
951 run_ctx->saved_run_ctx = bpf_set_run_ctx(&run_ctx->run_ctx);
953 return bpf_prog_start_time();
956 static void notrace __bpf_prog_exit_sleepable(struct bpf_prog *prog, u64 start,
957 struct bpf_tramp_run_ctx *run_ctx)
959 bpf_reset_run_ctx(run_ctx->saved_run_ctx);
961 update_prog_stats(prog, start);
963 rcu_read_unlock_trace();
966 static u64 notrace __bpf_prog_enter(struct bpf_prog *prog,
967 struct bpf_tramp_run_ctx *run_ctx)
973 run_ctx->saved_run_ctx = bpf_set_run_ctx(&run_ctx->run_ctx);
975 return bpf_prog_start_time();
978 static void notrace __bpf_prog_exit(struct bpf_prog *prog, u64 start,
979 struct bpf_tramp_run_ctx *run_ctx)
982 bpf_reset_run_ctx(run_ctx->saved_run_ctx);
984 update_prog_stats(prog, start);
989 void notrace __bpf_tramp_enter(struct bpf_tramp_image *tr)
991 percpu_ref_get(&tr->pcref);
994 void notrace __bpf_tramp_exit(struct bpf_tramp_image *tr)
996 percpu_ref_put(&tr->pcref);
999 bpf_trampoline_enter_t bpf_trampoline_enter(const struct bpf_prog *prog)
1001 bool sleepable = prog->aux->sleepable;
1003 if (bpf_prog_check_recur(prog))
1004 return sleepable ? __bpf_prog_enter_sleepable_recur :
1005 __bpf_prog_enter_recur;
1007 if (resolve_prog_type(prog) == BPF_PROG_TYPE_LSM &&
1008 prog->expected_attach_type == BPF_LSM_CGROUP)
1009 return __bpf_prog_enter_lsm_cgroup;
1011 return sleepable ? __bpf_prog_enter_sleepable : __bpf_prog_enter;
1014 bpf_trampoline_exit_t bpf_trampoline_exit(const struct bpf_prog *prog)
1016 bool sleepable = prog->aux->sleepable;
1018 if (bpf_prog_check_recur(prog))
1019 return sleepable ? __bpf_prog_exit_sleepable_recur :
1020 __bpf_prog_exit_recur;
1022 if (resolve_prog_type(prog) == BPF_PROG_TYPE_LSM &&
1023 prog->expected_attach_type == BPF_LSM_CGROUP)
1024 return __bpf_prog_exit_lsm_cgroup;
1026 return sleepable ? __bpf_prog_exit_sleepable : __bpf_prog_exit;
1030 arch_prepare_bpf_trampoline(struct bpf_tramp_image *tr, void *image, void *image_end,
1031 const struct btf_func_model *m, u32 flags,
1032 struct bpf_tramp_links *tlinks,
1038 static int __init init_trampolines(void)
1042 for (i = 0; i < TRAMPOLINE_TABLE_SIZE; i++)
1043 INIT_HLIST_HEAD(&trampoline_table[i]);
1046 late_initcall(init_trampolines);
projects / platform / kernel / linux-starfive.git / blob