1 // SPDX-License-Identifier: GPL-2.0-only
2 /* Copyright (c) 2011-2014 PLUMgrid, http://plumgrid.com
3 * Copyright (c) 2016 Facebook
7 #include <linux/jhash.h>
8 #include <linux/filter.h>
9 #include <linux/rculist_nulls.h>
10 #include <linux/rcupdate_wait.h>
11 #include <linux/random.h>
12 #include <uapi/linux/btf.h>
13 #include <linux/rcupdate_trace.h>
14 #include <linux/btf_ids.h>
15 #include "percpu_freelist.h"
16 #include "bpf_lru_list.h"
17 #include "map_in_map.h"
18 #include <linux/bpf_mem_alloc.h>
20 #define HTAB_CREATE_FLAG_MASK \
21 (BPF_F_NO_PREALLOC | BPF_F_NO_COMMON_LRU | BPF_F_NUMA_NODE | \
22 BPF_F_ACCESS_MASK | BPF_F_ZERO_SEED)
24 #define BATCH_OPS(_name) \
26 _name##_map_lookup_batch, \
27 .map_lookup_and_delete_batch = \
28 _name##_map_lookup_and_delete_batch, \
30 generic_map_update_batch, \
32 generic_map_delete_batch
35 * The bucket lock has two protection scopes:
37 * 1) Serializing concurrent operations from BPF programs on different
40 * 2) Serializing concurrent operations from BPF programs and sys_bpf()
42 * BPF programs can execute in any context including perf, kprobes and
43 * tracing. As there are almost no limits where perf, kprobes and tracing
44 * can be invoked from the lock operations need to be protected against
45 * deadlocks. Deadlocks can be caused by recursion and by an invocation in
46 * the lock held section when functions which acquire this lock are invoked
47 * from sys_bpf(). BPF recursion is prevented by incrementing the per CPU
48 * variable bpf_prog_active, which prevents BPF programs attached to perf
49 * events, kprobes and tracing to be invoked before the prior invocation
50 * from one of these contexts completed. sys_bpf() uses the same mechanism
51 * by pinning the task to the current CPU and incrementing the recursion
52 * protection across the map operation.
54 * This has subtle implications on PREEMPT_RT. PREEMPT_RT forbids certain
55 * operations like memory allocations (even with GFP_ATOMIC) from atomic
56 * contexts. This is required because even with GFP_ATOMIC the memory
57 * allocator calls into code paths which acquire locks with long held lock
58 * sections. To ensure the deterministic behaviour these locks are regular
59 * spinlocks, which are converted to 'sleepable' spinlocks on RT. The only
60 * true atomic contexts on an RT kernel are the low level hardware
61 * handling, scheduling, low level interrupt handling, NMIs etc. None of
62 * these contexts should ever do memory allocations.
64 * As regular device interrupt handlers and soft interrupts are forced into
65 * thread context, the existing code which does
66 * spin_lock*(); alloc(GFP_ATOMIC); spin_unlock*();
69 * In theory the BPF locks could be converted to regular spinlocks as well,
70 * but the bucket locks and percpu_freelist locks can be taken from
71 * arbitrary contexts (perf, kprobes, tracepoints) which are required to be
72 * atomic contexts even on RT. Before the introduction of bpf_mem_alloc,
73 * it is only safe to use raw spinlock for preallocated hash map on a RT kernel,
74 * because there is no memory allocation within the lock held sections. However
75 * after hash map was fully converted to use bpf_mem_alloc, there will be
76 * non-synchronous memory allocation for non-preallocated hash map, so it is
77 * safe to always use raw spinlock for bucket lock.
80 struct hlist_nulls_head head;
81 raw_spinlock_t raw_lock;
84 #define HASHTAB_MAP_LOCK_COUNT 8
85 #define HASHTAB_MAP_LOCK_MASK (HASHTAB_MAP_LOCK_COUNT - 1)
89 struct bpf_mem_alloc ma;
90 struct bpf_mem_alloc pcpu_ma;
91 struct bucket *buckets;
94 struct pcpu_freelist freelist;
97 struct htab_elem *__percpu *extra_elems;
98 /* number of elements in non-preallocated hashtable are kept
99 * in either pcount or count
101 struct percpu_counter pcount;
103 bool use_percpu_counter;
104 u32 n_buckets; /* number of hash buckets */
105 u32 elem_size; /* size of each element in bytes */
107 struct lock_class_key lockdep_key;
108 int __percpu *map_locked[HASHTAB_MAP_LOCK_COUNT];
111 /* each htab element is struct htab_elem + key + value */
114 struct hlist_nulls_node hash_node;
118 struct pcpu_freelist_node fnode;
119 struct htab_elem *batch_flink;
124 /* pointer to per-cpu pointer */
126 struct bpf_lru_node lru_node;
129 char key[] __aligned(8);
132 static inline bool htab_is_prealloc(const struct bpf_htab *htab)
134 return !(htab->map.map_flags & BPF_F_NO_PREALLOC);
137 static void htab_init_buckets(struct bpf_htab *htab)
141 for (i = 0; i < htab->n_buckets; i++) {
142 INIT_HLIST_NULLS_HEAD(&htab->buckets[i].head, i);
143 raw_spin_lock_init(&htab->buckets[i].raw_lock);
144 lockdep_set_class(&htab->buckets[i].raw_lock,
150 static inline int htab_lock_bucket(const struct bpf_htab *htab,
151 struct bucket *b, u32 hash,
152 unsigned long *pflags)
156 hash = hash & min_t(u32, HASHTAB_MAP_LOCK_MASK, htab->n_buckets - 1);
159 local_irq_save(flags);
160 if (unlikely(__this_cpu_inc_return(*(htab->map_locked[hash])) != 1)) {
161 __this_cpu_dec(*(htab->map_locked[hash]));
162 local_irq_restore(flags);
167 raw_spin_lock(&b->raw_lock);
173 static inline void htab_unlock_bucket(const struct bpf_htab *htab,
174 struct bucket *b, u32 hash,
177 hash = hash & min_t(u32, HASHTAB_MAP_LOCK_MASK, htab->n_buckets - 1);
178 raw_spin_unlock(&b->raw_lock);
179 __this_cpu_dec(*(htab->map_locked[hash]));
180 local_irq_restore(flags);
184 static bool htab_lru_map_delete_node(void *arg, struct bpf_lru_node *node);
186 static bool htab_is_lru(const struct bpf_htab *htab)
188 return htab->map.map_type == BPF_MAP_TYPE_LRU_HASH ||
189 htab->map.map_type == BPF_MAP_TYPE_LRU_PERCPU_HASH;
192 static bool htab_is_percpu(const struct bpf_htab *htab)
194 return htab->map.map_type == BPF_MAP_TYPE_PERCPU_HASH ||
195 htab->map.map_type == BPF_MAP_TYPE_LRU_PERCPU_HASH;
198 static inline void htab_elem_set_ptr(struct htab_elem *l, u32 key_size,
201 *(void __percpu **)(l->key + key_size) = pptr;
204 static inline void __percpu *htab_elem_get_ptr(struct htab_elem *l, u32 key_size)
206 return *(void __percpu **)(l->key + key_size);
209 static void *fd_htab_map_get_ptr(const struct bpf_map *map, struct htab_elem *l)
211 return *(void **)(l->key + roundup(map->key_size, 8));
214 static struct htab_elem *get_htab_elem(struct bpf_htab *htab, int i)
216 return (struct htab_elem *) (htab->elems + i * (u64)htab->elem_size);
219 static bool htab_has_extra_elems(struct bpf_htab *htab)
221 return !htab_is_percpu(htab) && !htab_is_lru(htab);
224 static void htab_free_prealloced_timers_and_wq(struct bpf_htab *htab)
226 u32 num_entries = htab->map.max_entries;
229 if (htab_has_extra_elems(htab))
230 num_entries += num_possible_cpus();
232 for (i = 0; i < num_entries; i++) {
233 struct htab_elem *elem;
235 elem = get_htab_elem(htab, i);
236 if (btf_record_has_field(htab->map.record, BPF_TIMER))
237 bpf_obj_free_timer(htab->map.record,
238 elem->key + round_up(htab->map.key_size, 8));
239 if (btf_record_has_field(htab->map.record, BPF_WORKQUEUE))
240 bpf_obj_free_workqueue(htab->map.record,
241 elem->key + round_up(htab->map.key_size, 8));
246 static void htab_free_prealloced_fields(struct bpf_htab *htab)
248 u32 num_entries = htab->map.max_entries;
251 if (IS_ERR_OR_NULL(htab->map.record))
253 if (htab_has_extra_elems(htab))
254 num_entries += num_possible_cpus();
255 for (i = 0; i < num_entries; i++) {
256 struct htab_elem *elem;
258 elem = get_htab_elem(htab, i);
259 if (htab_is_percpu(htab)) {
260 void __percpu *pptr = htab_elem_get_ptr(elem, htab->map.key_size);
263 for_each_possible_cpu(cpu) {
264 bpf_obj_free_fields(htab->map.record, per_cpu_ptr(pptr, cpu));
268 bpf_obj_free_fields(htab->map.record, elem->key + round_up(htab->map.key_size, 8));
275 static void htab_free_elems(struct bpf_htab *htab)
279 if (!htab_is_percpu(htab))
282 for (i = 0; i < htab->map.max_entries; i++) {
285 pptr = htab_elem_get_ptr(get_htab_elem(htab, i),
291 bpf_map_area_free(htab->elems);
294 /* The LRU list has a lock (lru_lock). Each htab bucket has a lock
295 * (bucket_lock). If both locks need to be acquired together, the lock
296 * order is always lru_lock -> bucket_lock and this only happens in
297 * bpf_lru_list.c logic. For example, certain code path of
298 * bpf_lru_pop_free(), which is called by function prealloc_lru_pop(),
299 * will acquire lru_lock first followed by acquiring bucket_lock.
301 * In hashtab.c, to avoid deadlock, lock acquisition of
302 * bucket_lock followed by lru_lock is not allowed. In such cases,
303 * bucket_lock needs to be released first before acquiring lru_lock.
305 static struct htab_elem *prealloc_lru_pop(struct bpf_htab *htab, void *key,
308 struct bpf_lru_node *node = bpf_lru_pop_free(&htab->lru, hash);
312 bpf_map_inc_elem_count(&htab->map);
313 l = container_of(node, struct htab_elem, lru_node);
314 memcpy(l->key, key, htab->map.key_size);
321 static int prealloc_init(struct bpf_htab *htab)
323 u32 num_entries = htab->map.max_entries;
324 int err = -ENOMEM, i;
326 if (htab_has_extra_elems(htab))
327 num_entries += num_possible_cpus();
329 htab->elems = bpf_map_area_alloc((u64)htab->elem_size * num_entries,
330 htab->map.numa_node);
334 if (!htab_is_percpu(htab))
335 goto skip_percpu_elems;
337 for (i = 0; i < num_entries; i++) {
338 u32 size = round_up(htab->map.value_size, 8);
341 pptr = bpf_map_alloc_percpu(&htab->map, size, 8,
342 GFP_USER | __GFP_NOWARN);
345 htab_elem_set_ptr(get_htab_elem(htab, i), htab->map.key_size,
351 if (htab_is_lru(htab))
352 err = bpf_lru_init(&htab->lru,
353 htab->map.map_flags & BPF_F_NO_COMMON_LRU,
354 offsetof(struct htab_elem, hash) -
355 offsetof(struct htab_elem, lru_node),
356 htab_lru_map_delete_node,
359 err = pcpu_freelist_init(&htab->freelist);
364 if (htab_is_lru(htab))
365 bpf_lru_populate(&htab->lru, htab->elems,
366 offsetof(struct htab_elem, lru_node),
367 htab->elem_size, num_entries);
369 pcpu_freelist_populate(&htab->freelist,
370 htab->elems + offsetof(struct htab_elem, fnode),
371 htab->elem_size, num_entries);
376 htab_free_elems(htab);
380 static void prealloc_destroy(struct bpf_htab *htab)
382 htab_free_elems(htab);
384 if (htab_is_lru(htab))
385 bpf_lru_destroy(&htab->lru);
387 pcpu_freelist_destroy(&htab->freelist);
390 static int alloc_extra_elems(struct bpf_htab *htab)
392 struct htab_elem *__percpu *pptr, *l_new;
393 struct pcpu_freelist_node *l;
396 pptr = bpf_map_alloc_percpu(&htab->map, sizeof(struct htab_elem *), 8,
397 GFP_USER | __GFP_NOWARN);
401 for_each_possible_cpu(cpu) {
402 l = pcpu_freelist_pop(&htab->freelist);
403 /* pop will succeed, since prealloc_init()
404 * preallocated extra num_possible_cpus elements
406 l_new = container_of(l, struct htab_elem, fnode);
407 *per_cpu_ptr(pptr, cpu) = l_new;
409 htab->extra_elems = pptr;
413 /* Called from syscall */
414 static int htab_map_alloc_check(union bpf_attr *attr)
416 bool percpu = (attr->map_type == BPF_MAP_TYPE_PERCPU_HASH ||
417 attr->map_type == BPF_MAP_TYPE_LRU_PERCPU_HASH);
418 bool lru = (attr->map_type == BPF_MAP_TYPE_LRU_HASH ||
419 attr->map_type == BPF_MAP_TYPE_LRU_PERCPU_HASH);
420 /* percpu_lru means each cpu has its own LRU list.
421 * it is different from BPF_MAP_TYPE_PERCPU_HASH where
422 * the map's value itself is percpu. percpu_lru has
423 * nothing to do with the map's value.
425 bool percpu_lru = (attr->map_flags & BPF_F_NO_COMMON_LRU);
426 bool prealloc = !(attr->map_flags & BPF_F_NO_PREALLOC);
427 bool zero_seed = (attr->map_flags & BPF_F_ZERO_SEED);
428 int numa_node = bpf_map_attr_numa_node(attr);
430 BUILD_BUG_ON(offsetof(struct htab_elem, fnode.next) !=
431 offsetof(struct htab_elem, hash_node.pprev));
433 if (zero_seed && !capable(CAP_SYS_ADMIN))
434 /* Guard against local DoS, and discourage production use. */
437 if (attr->map_flags & ~HTAB_CREATE_FLAG_MASK ||
438 !bpf_map_flags_access_ok(attr->map_flags))
441 if (!lru && percpu_lru)
444 if (lru && !prealloc)
447 if (numa_node != NUMA_NO_NODE && (percpu || percpu_lru))
450 /* check sanity of attributes.
451 * value_size == 0 may be allowed in the future to use map as a set
453 if (attr->max_entries == 0 || attr->key_size == 0 ||
454 attr->value_size == 0)
457 if ((u64)attr->key_size + attr->value_size >= KMALLOC_MAX_SIZE -
458 sizeof(struct htab_elem))
459 /* if key_size + value_size is bigger, the user space won't be
460 * able to access the elements via bpf syscall. This check
461 * also makes sure that the elem_size doesn't overflow and it's
462 * kmalloc-able later in htab_map_update_elem()
469 static struct bpf_map *htab_map_alloc(union bpf_attr *attr)
471 bool percpu = (attr->map_type == BPF_MAP_TYPE_PERCPU_HASH ||
472 attr->map_type == BPF_MAP_TYPE_LRU_PERCPU_HASH);
473 bool lru = (attr->map_type == BPF_MAP_TYPE_LRU_HASH ||
474 attr->map_type == BPF_MAP_TYPE_LRU_PERCPU_HASH);
475 /* percpu_lru means each cpu has its own LRU list.
476 * it is different from BPF_MAP_TYPE_PERCPU_HASH where
477 * the map's value itself is percpu. percpu_lru has
478 * nothing to do with the map's value.
480 bool percpu_lru = (attr->map_flags & BPF_F_NO_COMMON_LRU);
481 bool prealloc = !(attr->map_flags & BPF_F_NO_PREALLOC);
482 struct bpf_htab *htab;
485 htab = bpf_map_area_alloc(sizeof(*htab), NUMA_NO_NODE);
487 return ERR_PTR(-ENOMEM);
489 lockdep_register_key(&htab->lockdep_key);
491 bpf_map_init_from_attr(&htab->map, attr);
494 /* ensure each CPU's lru list has >=1 elements.
495 * since we are at it, make each lru list has the same
496 * number of elements.
498 htab->map.max_entries = roundup(attr->max_entries,
499 num_possible_cpus());
500 if (htab->map.max_entries < attr->max_entries)
501 htab->map.max_entries = rounddown(attr->max_entries,
502 num_possible_cpus());
505 /* hash table size must be power of 2; roundup_pow_of_two() can overflow
506 * into UB on 32-bit arches, so check that first
509 if (htab->map.max_entries > 1UL << 31)
512 htab->n_buckets = roundup_pow_of_two(htab->map.max_entries);
514 htab->elem_size = sizeof(struct htab_elem) +
515 round_up(htab->map.key_size, 8);
517 htab->elem_size += sizeof(void *);
519 htab->elem_size += round_up(htab->map.value_size, 8);
521 /* check for u32 overflow */
522 if (htab->n_buckets > U32_MAX / sizeof(struct bucket))
525 err = bpf_map_init_elem_count(&htab->map);
530 htab->buckets = bpf_map_area_alloc(htab->n_buckets *
531 sizeof(struct bucket),
532 htab->map.numa_node);
534 goto free_elem_count;
536 for (i = 0; i < HASHTAB_MAP_LOCK_COUNT; i++) {
537 htab->map_locked[i] = bpf_map_alloc_percpu(&htab->map,
541 if (!htab->map_locked[i])
542 goto free_map_locked;
545 if (htab->map.map_flags & BPF_F_ZERO_SEED)
548 htab->hashrnd = get_random_u32();
550 htab_init_buckets(htab);
552 /* compute_batch_value() computes batch value as num_online_cpus() * 2
553 * and __percpu_counter_compare() needs
554 * htab->max_entries - cur_number_of_elems to be more than batch * num_online_cpus()
555 * for percpu_counter to be faster than atomic_t. In practice the average bpf
556 * hash map size is 10k, which means that a system with 64 cpus will fill
557 * hashmap to 20% of 10k before percpu_counter becomes ineffective. Therefore
558 * define our own batch count as 32 then 10k hash map can be filled up to 80%:
559 * 10k - 8k > 32 _batch_ * 64 _cpus_
560 * and __percpu_counter_compare() will still be fast. At that point hash map
561 * collisions will dominate its performance anyway. Assume that hash map filled
562 * to 50+% isn't going to be O(1) and use the following formula to choose
563 * between percpu_counter and atomic_t.
565 #define PERCPU_COUNTER_BATCH 32
566 if (attr->max_entries / 2 > num_online_cpus() * PERCPU_COUNTER_BATCH)
567 htab->use_percpu_counter = true;
569 if (htab->use_percpu_counter) {
570 err = percpu_counter_init(&htab->pcount, 0, GFP_KERNEL);
572 goto free_map_locked;
576 err = prealloc_init(htab);
578 goto free_map_locked;
580 if (!percpu && !lru) {
581 /* lru itself can remove the least used element, so
582 * there is no need for an extra elem during map_update.
584 err = alloc_extra_elems(htab);
589 err = bpf_mem_alloc_init(&htab->ma, htab->elem_size, false);
591 goto free_map_locked;
593 err = bpf_mem_alloc_init(&htab->pcpu_ma,
594 round_up(htab->map.value_size, 8), true);
596 goto free_map_locked;
603 prealloc_destroy(htab);
605 if (htab->use_percpu_counter)
606 percpu_counter_destroy(&htab->pcount);
607 for (i = 0; i < HASHTAB_MAP_LOCK_COUNT; i++)
608 free_percpu(htab->map_locked[i]);
609 bpf_map_area_free(htab->buckets);
610 bpf_mem_alloc_destroy(&htab->pcpu_ma);
611 bpf_mem_alloc_destroy(&htab->ma);
613 bpf_map_free_elem_count(&htab->map);
615 lockdep_unregister_key(&htab->lockdep_key);
616 bpf_map_area_free(htab);
620 static inline u32 htab_map_hash(const void *key, u32 key_len, u32 hashrnd)
622 if (likely(key_len % 4 == 0))
623 return jhash2(key, key_len / 4, hashrnd);
624 return jhash(key, key_len, hashrnd);
627 static inline struct bucket *__select_bucket(struct bpf_htab *htab, u32 hash)
629 return &htab->buckets[hash & (htab->n_buckets - 1)];
632 static inline struct hlist_nulls_head *select_bucket(struct bpf_htab *htab, u32 hash)
634 return &__select_bucket(htab, hash)->head;
637 /* this lookup function can only be called with bucket lock taken */
638 static struct htab_elem *lookup_elem_raw(struct hlist_nulls_head *head, u32 hash,
639 void *key, u32 key_size)
641 struct hlist_nulls_node *n;
644 hlist_nulls_for_each_entry_rcu(l, n, head, hash_node)
645 if (l->hash == hash && !memcmp(&l->key, key, key_size))
651 /* can be called without bucket lock. it will repeat the loop in
652 * the unlikely event when elements moved from one bucket into another
653 * while link list is being walked
655 static struct htab_elem *lookup_nulls_elem_raw(struct hlist_nulls_head *head,
657 u32 key_size, u32 n_buckets)
659 struct hlist_nulls_node *n;
663 hlist_nulls_for_each_entry_rcu(l, n, head, hash_node)
664 if (l->hash == hash && !memcmp(&l->key, key, key_size))
667 if (unlikely(get_nulls_value(n) != (hash & (n_buckets - 1))))
673 /* Called from syscall or from eBPF program directly, so
674 * arguments have to match bpf_map_lookup_elem() exactly.
675 * The return value is adjusted by BPF instructions
676 * in htab_map_gen_lookup().
678 static void *__htab_map_lookup_elem(struct bpf_map *map, void *key)
680 struct bpf_htab *htab = container_of(map, struct bpf_htab, map);
681 struct hlist_nulls_head *head;
685 WARN_ON_ONCE(!rcu_read_lock_held() && !rcu_read_lock_trace_held() &&
686 !rcu_read_lock_bh_held());
688 key_size = map->key_size;
690 hash = htab_map_hash(key, key_size, htab->hashrnd);
692 head = select_bucket(htab, hash);
694 l = lookup_nulls_elem_raw(head, hash, key, key_size, htab->n_buckets);
699 static void *htab_map_lookup_elem(struct bpf_map *map, void *key)
701 struct htab_elem *l = __htab_map_lookup_elem(map, key);
704 return l->key + round_up(map->key_size, 8);
709 /* inline bpf_map_lookup_elem() call.
712 * bpf_map_lookup_elem
713 * map->ops->map_lookup_elem
714 * htab_map_lookup_elem
715 * __htab_map_lookup_elem
718 * __htab_map_lookup_elem
720 static int htab_map_gen_lookup(struct bpf_map *map, struct bpf_insn *insn_buf)
722 struct bpf_insn *insn = insn_buf;
723 const int ret = BPF_REG_0;
725 BUILD_BUG_ON(!__same_type(&__htab_map_lookup_elem,
726 (void *(*)(struct bpf_map *map, void *key))NULL));
727 *insn++ = BPF_EMIT_CALL(__htab_map_lookup_elem);
728 *insn++ = BPF_JMP_IMM(BPF_JEQ, ret, 0, 1);
729 *insn++ = BPF_ALU64_IMM(BPF_ADD, ret,
730 offsetof(struct htab_elem, key) +
731 round_up(map->key_size, 8));
732 return insn - insn_buf;
735 static __always_inline void *__htab_lru_map_lookup_elem(struct bpf_map *map,
736 void *key, const bool mark)
738 struct htab_elem *l = __htab_map_lookup_elem(map, key);
742 bpf_lru_node_set_ref(&l->lru_node);
743 return l->key + round_up(map->key_size, 8);
749 static void *htab_lru_map_lookup_elem(struct bpf_map *map, void *key)
751 return __htab_lru_map_lookup_elem(map, key, true);
754 static void *htab_lru_map_lookup_elem_sys(struct bpf_map *map, void *key)
756 return __htab_lru_map_lookup_elem(map, key, false);
759 static int htab_lru_map_gen_lookup(struct bpf_map *map,
760 struct bpf_insn *insn_buf)
762 struct bpf_insn *insn = insn_buf;
763 const int ret = BPF_REG_0;
764 const int ref_reg = BPF_REG_1;
766 BUILD_BUG_ON(!__same_type(&__htab_map_lookup_elem,
767 (void *(*)(struct bpf_map *map, void *key))NULL));
768 *insn++ = BPF_EMIT_CALL(__htab_map_lookup_elem);
769 *insn++ = BPF_JMP_IMM(BPF_JEQ, ret, 0, 4);
770 *insn++ = BPF_LDX_MEM(BPF_B, ref_reg, ret,
771 offsetof(struct htab_elem, lru_node) +
772 offsetof(struct bpf_lru_node, ref));
773 *insn++ = BPF_JMP_IMM(BPF_JNE, ref_reg, 0, 1);
774 *insn++ = BPF_ST_MEM(BPF_B, ret,
775 offsetof(struct htab_elem, lru_node) +
776 offsetof(struct bpf_lru_node, ref),
778 *insn++ = BPF_ALU64_IMM(BPF_ADD, ret,
779 offsetof(struct htab_elem, key) +
780 round_up(map->key_size, 8));
781 return insn - insn_buf;
784 static void check_and_free_fields(struct bpf_htab *htab,
785 struct htab_elem *elem)
787 if (htab_is_percpu(htab)) {
788 void __percpu *pptr = htab_elem_get_ptr(elem, htab->map.key_size);
791 for_each_possible_cpu(cpu)
792 bpf_obj_free_fields(htab->map.record, per_cpu_ptr(pptr, cpu));
794 void *map_value = elem->key + round_up(htab->map.key_size, 8);
796 bpf_obj_free_fields(htab->map.record, map_value);
800 /* It is called from the bpf_lru_list when the LRU needs to delete
801 * older elements from the htab.
803 static bool htab_lru_map_delete_node(void *arg, struct bpf_lru_node *node)
805 struct bpf_htab *htab = arg;
806 struct htab_elem *l = NULL, *tgt_l;
807 struct hlist_nulls_head *head;
808 struct hlist_nulls_node *n;
813 tgt_l = container_of(node, struct htab_elem, lru_node);
814 b = __select_bucket(htab, tgt_l->hash);
817 ret = htab_lock_bucket(htab, b, tgt_l->hash, &flags);
821 hlist_nulls_for_each_entry_rcu(l, n, head, hash_node)
823 hlist_nulls_del_rcu(&l->hash_node);
824 check_and_free_fields(htab, l);
825 bpf_map_dec_elem_count(&htab->map);
829 htab_unlock_bucket(htab, b, tgt_l->hash, flags);
834 /* Called from syscall */
835 static int htab_map_get_next_key(struct bpf_map *map, void *key, void *next_key)
837 struct bpf_htab *htab = container_of(map, struct bpf_htab, map);
838 struct hlist_nulls_head *head;
839 struct htab_elem *l, *next_l;
843 WARN_ON_ONCE(!rcu_read_lock_held());
845 key_size = map->key_size;
848 goto find_first_elem;
850 hash = htab_map_hash(key, key_size, htab->hashrnd);
852 head = select_bucket(htab, hash);
855 l = lookup_nulls_elem_raw(head, hash, key, key_size, htab->n_buckets);
858 goto find_first_elem;
860 /* key was found, get next key in the same bucket */
861 next_l = hlist_nulls_entry_safe(rcu_dereference_raw(hlist_nulls_next_rcu(&l->hash_node)),
862 struct htab_elem, hash_node);
865 /* if next elem in this hash list is non-zero, just return it */
866 memcpy(next_key, next_l->key, key_size);
870 /* no more elements in this hash list, go to the next bucket */
871 i = hash & (htab->n_buckets - 1);
875 /* iterate over buckets */
876 for (; i < htab->n_buckets; i++) {
877 head = select_bucket(htab, i);
879 /* pick first element in the bucket */
880 next_l = hlist_nulls_entry_safe(rcu_dereference_raw(hlist_nulls_first_rcu(head)),
881 struct htab_elem, hash_node);
883 /* if it's not empty, just return it */
884 memcpy(next_key, next_l->key, key_size);
889 /* iterated over all buckets and all elements */
893 static void htab_elem_free(struct bpf_htab *htab, struct htab_elem *l)
895 check_and_free_fields(htab, l);
896 if (htab->map.map_type == BPF_MAP_TYPE_PERCPU_HASH)
897 bpf_mem_cache_free(&htab->pcpu_ma, l->ptr_to_pptr);
898 bpf_mem_cache_free(&htab->ma, l);
901 static void htab_put_fd_value(struct bpf_htab *htab, struct htab_elem *l)
903 struct bpf_map *map = &htab->map;
906 if (map->ops->map_fd_put_ptr) {
907 ptr = fd_htab_map_get_ptr(map, l);
908 map->ops->map_fd_put_ptr(map, ptr, true);
912 static bool is_map_full(struct bpf_htab *htab)
914 if (htab->use_percpu_counter)
915 return __percpu_counter_compare(&htab->pcount, htab->map.max_entries,
916 PERCPU_COUNTER_BATCH) >= 0;
917 return atomic_read(&htab->count) >= htab->map.max_entries;
920 static void inc_elem_count(struct bpf_htab *htab)
922 bpf_map_inc_elem_count(&htab->map);
924 if (htab->use_percpu_counter)
925 percpu_counter_add_batch(&htab->pcount, 1, PERCPU_COUNTER_BATCH);
927 atomic_inc(&htab->count);
930 static void dec_elem_count(struct bpf_htab *htab)
932 bpf_map_dec_elem_count(&htab->map);
934 if (htab->use_percpu_counter)
935 percpu_counter_add_batch(&htab->pcount, -1, PERCPU_COUNTER_BATCH);
937 atomic_dec(&htab->count);
941 static void free_htab_elem(struct bpf_htab *htab, struct htab_elem *l)
943 htab_put_fd_value(htab, l);
945 if (htab_is_prealloc(htab)) {
946 bpf_map_dec_elem_count(&htab->map);
947 check_and_free_fields(htab, l);
948 __pcpu_freelist_push(&htab->freelist, &l->fnode);
950 dec_elem_count(htab);
951 htab_elem_free(htab, l);
955 static void pcpu_copy_value(struct bpf_htab *htab, void __percpu *pptr,
956 void *value, bool onallcpus)
959 /* copy true value_size bytes */
960 copy_map_value(&htab->map, this_cpu_ptr(pptr), value);
962 u32 size = round_up(htab->map.value_size, 8);
965 for_each_possible_cpu(cpu) {
966 copy_map_value_long(&htab->map, per_cpu_ptr(pptr, cpu), value + off);
972 static void pcpu_init_value(struct bpf_htab *htab, void __percpu *pptr,
973 void *value, bool onallcpus)
975 /* When not setting the initial value on all cpus, zero-fill element
976 * values for other cpus. Otherwise, bpf program has no way to ensure
977 * known initial values for cpus other than current one
978 * (onallcpus=false always when coming from bpf prog).
981 int current_cpu = raw_smp_processor_id();
984 for_each_possible_cpu(cpu) {
985 if (cpu == current_cpu)
986 copy_map_value_long(&htab->map, per_cpu_ptr(pptr, cpu), value);
987 else /* Since elem is preallocated, we cannot touch special fields */
988 zero_map_value(&htab->map, per_cpu_ptr(pptr, cpu));
991 pcpu_copy_value(htab, pptr, value, onallcpus);
995 static bool fd_htab_map_needs_adjust(const struct bpf_htab *htab)
997 return htab->map.map_type == BPF_MAP_TYPE_HASH_OF_MAPS &&
1001 static struct htab_elem *alloc_htab_elem(struct bpf_htab *htab, void *key,
1002 void *value, u32 key_size, u32 hash,
1003 bool percpu, bool onallcpus,
1004 struct htab_elem *old_elem)
1006 u32 size = htab->map.value_size;
1007 bool prealloc = htab_is_prealloc(htab);
1008 struct htab_elem *l_new, **pl_new;
1009 void __percpu *pptr;
1013 /* if we're updating the existing element,
1014 * use per-cpu extra elems to avoid freelist_pop/push
1016 pl_new = this_cpu_ptr(htab->extra_elems);
1018 htab_put_fd_value(htab, old_elem);
1021 struct pcpu_freelist_node *l;
1023 l = __pcpu_freelist_pop(&htab->freelist);
1025 return ERR_PTR(-E2BIG);
1026 l_new = container_of(l, struct htab_elem, fnode);
1027 bpf_map_inc_elem_count(&htab->map);
1030 if (is_map_full(htab))
1032 /* when map is full and update() is replacing
1033 * old element, it's ok to allocate, since
1034 * old element will be freed immediately.
1035 * Otherwise return an error
1037 return ERR_PTR(-E2BIG);
1038 inc_elem_count(htab);
1039 l_new = bpf_mem_cache_alloc(&htab->ma);
1041 l_new = ERR_PTR(-ENOMEM);
1046 memcpy(l_new->key, key, key_size);
1049 pptr = htab_elem_get_ptr(l_new, key_size);
1051 /* alloc_percpu zero-fills */
1052 pptr = bpf_mem_cache_alloc(&htab->pcpu_ma);
1054 bpf_mem_cache_free(&htab->ma, l_new);
1055 l_new = ERR_PTR(-ENOMEM);
1058 l_new->ptr_to_pptr = pptr;
1059 pptr = *(void **)pptr;
1062 pcpu_init_value(htab, pptr, value, onallcpus);
1065 htab_elem_set_ptr(l_new, key_size, pptr);
1066 } else if (fd_htab_map_needs_adjust(htab)) {
1067 size = round_up(size, 8);
1068 memcpy(l_new->key + round_up(key_size, 8), value, size);
1070 copy_map_value(&htab->map,
1071 l_new->key + round_up(key_size, 8),
1078 dec_elem_count(htab);
1082 static int check_flags(struct bpf_htab *htab, struct htab_elem *l_old,
1085 if (l_old && (map_flags & ~BPF_F_LOCK) == BPF_NOEXIST)
1086 /* elem already exists */
1089 if (!l_old && (map_flags & ~BPF_F_LOCK) == BPF_EXIST)
1090 /* elem doesn't exist, cannot update it */
1096 /* Called from syscall or from eBPF program */
1097 static long htab_map_update_elem(struct bpf_map *map, void *key, void *value,
1100 struct bpf_htab *htab = container_of(map, struct bpf_htab, map);
1101 struct htab_elem *l_new = NULL, *l_old;
1102 struct hlist_nulls_head *head;
1103 unsigned long flags;
1108 if (unlikely((map_flags & ~BPF_F_LOCK) > BPF_EXIST))
1112 WARN_ON_ONCE(!rcu_read_lock_held() && !rcu_read_lock_trace_held() &&
1113 !rcu_read_lock_bh_held());
1115 key_size = map->key_size;
1117 hash = htab_map_hash(key, key_size, htab->hashrnd);
1119 b = __select_bucket(htab, hash);
1122 if (unlikely(map_flags & BPF_F_LOCK)) {
1123 if (unlikely(!btf_record_has_field(map->record, BPF_SPIN_LOCK)))
1125 /* find an element without taking the bucket lock */
1126 l_old = lookup_nulls_elem_raw(head, hash, key, key_size,
1128 ret = check_flags(htab, l_old, map_flags);
1132 /* grab the element lock and update value in place */
1133 copy_map_value_locked(map,
1134 l_old->key + round_up(key_size, 8),
1138 /* fall through, grab the bucket lock and lookup again.
1139 * 99.9% chance that the element won't be found,
1140 * but second lookup under lock has to be done.
1144 ret = htab_lock_bucket(htab, b, hash, &flags);
1148 l_old = lookup_elem_raw(head, hash, key, key_size);
1150 ret = check_flags(htab, l_old, map_flags);
1154 if (unlikely(l_old && (map_flags & BPF_F_LOCK))) {
1155 /* first lookup without the bucket lock didn't find the element,
1156 * but second lookup with the bucket lock found it.
1157 * This case is highly unlikely, but has to be dealt with:
1158 * grab the element lock in addition to the bucket lock
1159 * and update element in place
1161 copy_map_value_locked(map,
1162 l_old->key + round_up(key_size, 8),
1168 l_new = alloc_htab_elem(htab, key, value, key_size, hash, false, false,
1170 if (IS_ERR(l_new)) {
1171 /* all pre-allocated elements are in use or memory exhausted */
1172 ret = PTR_ERR(l_new);
1176 /* add new element to the head of the list, so that
1177 * concurrent search will find it before old elem
1179 hlist_nulls_add_head_rcu(&l_new->hash_node, head);
1181 hlist_nulls_del_rcu(&l_old->hash_node);
1182 if (!htab_is_prealloc(htab))
1183 free_htab_elem(htab, l_old);
1185 check_and_free_fields(htab, l_old);
1189 htab_unlock_bucket(htab, b, hash, flags);
1193 static void htab_lru_push_free(struct bpf_htab *htab, struct htab_elem *elem)
1195 check_and_free_fields(htab, elem);
1196 bpf_map_dec_elem_count(&htab->map);
1197 bpf_lru_push_free(&htab->lru, &elem->lru_node);
1200 static long htab_lru_map_update_elem(struct bpf_map *map, void *key, void *value,
1203 struct bpf_htab *htab = container_of(map, struct bpf_htab, map);
1204 struct htab_elem *l_new, *l_old = NULL;
1205 struct hlist_nulls_head *head;
1206 unsigned long flags;
1211 if (unlikely(map_flags > BPF_EXIST))
1215 WARN_ON_ONCE(!rcu_read_lock_held() && !rcu_read_lock_trace_held() &&
1216 !rcu_read_lock_bh_held());
1218 key_size = map->key_size;
1220 hash = htab_map_hash(key, key_size, htab->hashrnd);
1222 b = __select_bucket(htab, hash);
1225 /* For LRU, we need to alloc before taking bucket's
1226 * spinlock because getting free nodes from LRU may need
1227 * to remove older elements from htab and this removal
1228 * operation will need a bucket lock.
1230 l_new = prealloc_lru_pop(htab, key, hash);
1233 copy_map_value(&htab->map,
1234 l_new->key + round_up(map->key_size, 8), value);
1236 ret = htab_lock_bucket(htab, b, hash, &flags);
1238 goto err_lock_bucket;
1240 l_old = lookup_elem_raw(head, hash, key, key_size);
1242 ret = check_flags(htab, l_old, map_flags);
1246 /* add new element to the head of the list, so that
1247 * concurrent search will find it before old elem
1249 hlist_nulls_add_head_rcu(&l_new->hash_node, head);
1251 bpf_lru_node_set_ref(&l_new->lru_node);
1252 hlist_nulls_del_rcu(&l_old->hash_node);
1257 htab_unlock_bucket(htab, b, hash, flags);
1261 htab_lru_push_free(htab, l_new);
1263 htab_lru_push_free(htab, l_old);
1268 static long __htab_percpu_map_update_elem(struct bpf_map *map, void *key,
1269 void *value, u64 map_flags,
1272 struct bpf_htab *htab = container_of(map, struct bpf_htab, map);
1273 struct htab_elem *l_new = NULL, *l_old;
1274 struct hlist_nulls_head *head;
1275 unsigned long flags;
1280 if (unlikely(map_flags > BPF_EXIST))
1284 WARN_ON_ONCE(!rcu_read_lock_held() && !rcu_read_lock_trace_held() &&
1285 !rcu_read_lock_bh_held());
1287 key_size = map->key_size;
1289 hash = htab_map_hash(key, key_size, htab->hashrnd);
1291 b = __select_bucket(htab, hash);
1294 ret = htab_lock_bucket(htab, b, hash, &flags);
1298 l_old = lookup_elem_raw(head, hash, key, key_size);
1300 ret = check_flags(htab, l_old, map_flags);
1305 /* per-cpu hash map can update value in-place */
1306 pcpu_copy_value(htab, htab_elem_get_ptr(l_old, key_size),
1309 l_new = alloc_htab_elem(htab, key, value, key_size,
1310 hash, true, onallcpus, NULL);
1311 if (IS_ERR(l_new)) {
1312 ret = PTR_ERR(l_new);
1315 hlist_nulls_add_head_rcu(&l_new->hash_node, head);
1319 htab_unlock_bucket(htab, b, hash, flags);
1323 static long __htab_lru_percpu_map_update_elem(struct bpf_map *map, void *key,
1324 void *value, u64 map_flags,
1327 struct bpf_htab *htab = container_of(map, struct bpf_htab, map);
1328 struct htab_elem *l_new = NULL, *l_old;
1329 struct hlist_nulls_head *head;
1330 unsigned long flags;
1335 if (unlikely(map_flags > BPF_EXIST))
1339 WARN_ON_ONCE(!rcu_read_lock_held() && !rcu_read_lock_trace_held() &&
1340 !rcu_read_lock_bh_held());
1342 key_size = map->key_size;
1344 hash = htab_map_hash(key, key_size, htab->hashrnd);
1346 b = __select_bucket(htab, hash);
1349 /* For LRU, we need to alloc before taking bucket's
1350 * spinlock because LRU's elem alloc may need
1351 * to remove older elem from htab and this removal
1352 * operation will need a bucket lock.
1354 if (map_flags != BPF_EXIST) {
1355 l_new = prealloc_lru_pop(htab, key, hash);
1360 ret = htab_lock_bucket(htab, b, hash, &flags);
1362 goto err_lock_bucket;
1364 l_old = lookup_elem_raw(head, hash, key, key_size);
1366 ret = check_flags(htab, l_old, map_flags);
1371 bpf_lru_node_set_ref(&l_old->lru_node);
1373 /* per-cpu hash map can update value in-place */
1374 pcpu_copy_value(htab, htab_elem_get_ptr(l_old, key_size),
1377 pcpu_init_value(htab, htab_elem_get_ptr(l_new, key_size),
1379 hlist_nulls_add_head_rcu(&l_new->hash_node, head);
1384 htab_unlock_bucket(htab, b, hash, flags);
1387 bpf_map_dec_elem_count(&htab->map);
1388 bpf_lru_push_free(&htab->lru, &l_new->lru_node);
1393 static long htab_percpu_map_update_elem(struct bpf_map *map, void *key,
1394 void *value, u64 map_flags)
1396 return __htab_percpu_map_update_elem(map, key, value, map_flags, false);
1399 static long htab_lru_percpu_map_update_elem(struct bpf_map *map, void *key,
1400 void *value, u64 map_flags)
1402 return __htab_lru_percpu_map_update_elem(map, key, value, map_flags,
1406 /* Called from syscall or from eBPF program */
1407 static long htab_map_delete_elem(struct bpf_map *map, void *key)
1409 struct bpf_htab *htab = container_of(map, struct bpf_htab, map);
1410 struct hlist_nulls_head *head;
1412 struct htab_elem *l;
1413 unsigned long flags;
1417 WARN_ON_ONCE(!rcu_read_lock_held() && !rcu_read_lock_trace_held() &&
1418 !rcu_read_lock_bh_held());
1420 key_size = map->key_size;
1422 hash = htab_map_hash(key, key_size, htab->hashrnd);
1423 b = __select_bucket(htab, hash);
1426 ret = htab_lock_bucket(htab, b, hash, &flags);
1430 l = lookup_elem_raw(head, hash, key, key_size);
1433 hlist_nulls_del_rcu(&l->hash_node);
1434 free_htab_elem(htab, l);
1439 htab_unlock_bucket(htab, b, hash, flags);
1443 static long htab_lru_map_delete_elem(struct bpf_map *map, void *key)
1445 struct bpf_htab *htab = container_of(map, struct bpf_htab, map);
1446 struct hlist_nulls_head *head;
1448 struct htab_elem *l;
1449 unsigned long flags;
1453 WARN_ON_ONCE(!rcu_read_lock_held() && !rcu_read_lock_trace_held() &&
1454 !rcu_read_lock_bh_held());
1456 key_size = map->key_size;
1458 hash = htab_map_hash(key, key_size, htab->hashrnd);
1459 b = __select_bucket(htab, hash);
1462 ret = htab_lock_bucket(htab, b, hash, &flags);
1466 l = lookup_elem_raw(head, hash, key, key_size);
1469 hlist_nulls_del_rcu(&l->hash_node);
1473 htab_unlock_bucket(htab, b, hash, flags);
1475 htab_lru_push_free(htab, l);
1479 static void delete_all_elements(struct bpf_htab *htab)
1483 /* It's called from a worker thread, so disable migration here,
1484 * since bpf_mem_cache_free() relies on that.
1487 for (i = 0; i < htab->n_buckets; i++) {
1488 struct hlist_nulls_head *head = select_bucket(htab, i);
1489 struct hlist_nulls_node *n;
1490 struct htab_elem *l;
1492 hlist_nulls_for_each_entry_safe(l, n, head, hash_node) {
1493 hlist_nulls_del_rcu(&l->hash_node);
1494 htab_elem_free(htab, l);
1501 static void htab_free_malloced_timers_and_wq(struct bpf_htab *htab)
1506 for (i = 0; i < htab->n_buckets; i++) {
1507 struct hlist_nulls_head *head = select_bucket(htab, i);
1508 struct hlist_nulls_node *n;
1509 struct htab_elem *l;
1511 hlist_nulls_for_each_entry(l, n, head, hash_node) {
1512 /* We only free timer on uref dropping to zero */
1513 if (btf_record_has_field(htab->map.record, BPF_TIMER))
1514 bpf_obj_free_timer(htab->map.record,
1515 l->key + round_up(htab->map.key_size, 8));
1516 if (btf_record_has_field(htab->map.record, BPF_WORKQUEUE))
1517 bpf_obj_free_workqueue(htab->map.record,
1518 l->key + round_up(htab->map.key_size, 8));
1525 static void htab_map_free_timers_and_wq(struct bpf_map *map)
1527 struct bpf_htab *htab = container_of(map, struct bpf_htab, map);
1529 /* We only free timer and workqueue on uref dropping to zero */
1530 if (btf_record_has_field(htab->map.record, BPF_TIMER | BPF_WORKQUEUE)) {
1531 if (!htab_is_prealloc(htab))
1532 htab_free_malloced_timers_and_wq(htab);
1534 htab_free_prealloced_timers_and_wq(htab);
1538 /* Called when map->refcnt goes to zero, either from workqueue or from syscall */
1539 static void htab_map_free(struct bpf_map *map)
1541 struct bpf_htab *htab = container_of(map, struct bpf_htab, map);
1544 /* bpf_free_used_maps() or close(map_fd) will trigger this map_free callback.
1545 * bpf_free_used_maps() is called after bpf prog is no longer executing.
1546 * There is no need to synchronize_rcu() here to protect map elements.
1549 /* htab no longer uses call_rcu() directly. bpf_mem_alloc does it
1550 * underneath and is responsible for waiting for callbacks to finish
1551 * during bpf_mem_alloc_destroy().
1553 if (!htab_is_prealloc(htab)) {
1554 delete_all_elements(htab);
1556 htab_free_prealloced_fields(htab);
1557 prealloc_destroy(htab);
1560 bpf_map_free_elem_count(map);
1561 free_percpu(htab->extra_elems);
1562 bpf_map_area_free(htab->buckets);
1563 bpf_mem_alloc_destroy(&htab->pcpu_ma);
1564 bpf_mem_alloc_destroy(&htab->ma);
1565 if (htab->use_percpu_counter)
1566 percpu_counter_destroy(&htab->pcount);
1567 for (i = 0; i < HASHTAB_MAP_LOCK_COUNT; i++)
1568 free_percpu(htab->map_locked[i]);
1569 lockdep_unregister_key(&htab->lockdep_key);
1570 bpf_map_area_free(htab);
1573 static void htab_map_seq_show_elem(struct bpf_map *map, void *key,
1580 value = htab_map_lookup_elem(map, key);
1586 btf_type_seq_show(map->btf, map->btf_key_type_id, key, m);
1588 btf_type_seq_show(map->btf, map->btf_value_type_id, value, m);
1594 static int __htab_map_lookup_and_delete_elem(struct bpf_map *map, void *key,
1595 void *value, bool is_lru_map,
1596 bool is_percpu, u64 flags)
1598 struct bpf_htab *htab = container_of(map, struct bpf_htab, map);
1599 struct hlist_nulls_head *head;
1600 unsigned long bflags;
1601 struct htab_elem *l;
1606 key_size = map->key_size;
1608 hash = htab_map_hash(key, key_size, htab->hashrnd);
1609 b = __select_bucket(htab, hash);
1612 ret = htab_lock_bucket(htab, b, hash, &bflags);
1616 l = lookup_elem_raw(head, hash, key, key_size);
1621 u32 roundup_value_size = round_up(map->value_size, 8);
1622 void __percpu *pptr;
1625 pptr = htab_elem_get_ptr(l, key_size);
1626 for_each_possible_cpu(cpu) {
1627 copy_map_value_long(&htab->map, value + off, per_cpu_ptr(pptr, cpu));
1628 check_and_init_map_value(&htab->map, value + off);
1629 off += roundup_value_size;
1632 u32 roundup_key_size = round_up(map->key_size, 8);
1634 if (flags & BPF_F_LOCK)
1635 copy_map_value_locked(map, value, l->key +
1639 copy_map_value(map, value, l->key +
1641 /* Zeroing special fields in the temp buffer */
1642 check_and_init_map_value(map, value);
1645 hlist_nulls_del_rcu(&l->hash_node);
1647 free_htab_elem(htab, l);
1650 htab_unlock_bucket(htab, b, hash, bflags);
1652 if (is_lru_map && l)
1653 htab_lru_push_free(htab, l);
1658 static int htab_map_lookup_and_delete_elem(struct bpf_map *map, void *key,
1659 void *value, u64 flags)
1661 return __htab_map_lookup_and_delete_elem(map, key, value, false, false,
1665 static int htab_percpu_map_lookup_and_delete_elem(struct bpf_map *map,
1666 void *key, void *value,
1669 return __htab_map_lookup_and_delete_elem(map, key, value, false, true,
1673 static int htab_lru_map_lookup_and_delete_elem(struct bpf_map *map, void *key,
1674 void *value, u64 flags)
1676 return __htab_map_lookup_and_delete_elem(map, key, value, true, false,
1680 static int htab_lru_percpu_map_lookup_and_delete_elem(struct bpf_map *map,
1681 void *key, void *value,
1684 return __htab_map_lookup_and_delete_elem(map, key, value, true, true,
1689 __htab_map_lookup_and_delete_batch(struct bpf_map *map,
1690 const union bpf_attr *attr,
1691 union bpf_attr __user *uattr,
1692 bool do_delete, bool is_lru_map,
1695 struct bpf_htab *htab = container_of(map, struct bpf_htab, map);
1696 u32 bucket_cnt, total, key_size, value_size, roundup_key_size;
1697 void *keys = NULL, *values = NULL, *value, *dst_key, *dst_val;
1698 void __user *uvalues = u64_to_user_ptr(attr->batch.values);
1699 void __user *ukeys = u64_to_user_ptr(attr->batch.keys);
1700 void __user *ubatch = u64_to_user_ptr(attr->batch.in_batch);
1701 u32 batch, max_count, size, bucket_size, map_id;
1702 struct htab_elem *node_to_free = NULL;
1703 u64 elem_map_flags, map_flags;
1704 struct hlist_nulls_head *head;
1705 struct hlist_nulls_node *n;
1706 unsigned long flags = 0;
1707 bool locked = false;
1708 struct htab_elem *l;
1712 elem_map_flags = attr->batch.elem_flags;
1713 if ((elem_map_flags & ~BPF_F_LOCK) ||
1714 ((elem_map_flags & BPF_F_LOCK) && !btf_record_has_field(map->record, BPF_SPIN_LOCK)))
1717 map_flags = attr->batch.flags;
1721 max_count = attr->batch.count;
1725 if (put_user(0, &uattr->batch.count))
1729 if (ubatch && copy_from_user(&batch, ubatch, sizeof(batch)))
1732 if (batch >= htab->n_buckets)
1735 key_size = htab->map.key_size;
1736 roundup_key_size = round_up(htab->map.key_size, 8);
1737 value_size = htab->map.value_size;
1738 size = round_up(value_size, 8);
1740 value_size = size * num_possible_cpus();
1742 /* while experimenting with hash tables with sizes ranging from 10 to
1743 * 1000, it was observed that a bucket can have up to 5 entries.
1748 /* We cannot do copy_from_user or copy_to_user inside
1749 * the rcu_read_lock. Allocate enough space here.
1751 keys = kvmalloc_array(key_size, bucket_size, GFP_USER | __GFP_NOWARN);
1752 values = kvmalloc_array(value_size, bucket_size, GFP_USER | __GFP_NOWARN);
1753 if (!keys || !values) {
1759 bpf_disable_instrumentation();
1764 b = &htab->buckets[batch];
1766 /* do not grab the lock unless need it (bucket_cnt > 0). */
1768 ret = htab_lock_bucket(htab, b, batch, &flags);
1771 bpf_enable_instrumentation();
1777 hlist_nulls_for_each_entry_rcu(l, n, head, hash_node)
1780 if (bucket_cnt && !locked) {
1785 if (bucket_cnt > (max_count - total)) {
1788 /* Note that since bucket_cnt > 0 here, it is implicit
1789 * that the locked was grabbed, so release it.
1791 htab_unlock_bucket(htab, b, batch, flags);
1793 bpf_enable_instrumentation();
1797 if (bucket_cnt > bucket_size) {
1798 bucket_size = bucket_cnt;
1799 /* Note that since bucket_cnt > 0 here, it is implicit
1800 * that the locked was grabbed, so release it.
1802 htab_unlock_bucket(htab, b, batch, flags);
1804 bpf_enable_instrumentation();
1810 /* Next block is only safe to run if you have grabbed the lock */
1814 hlist_nulls_for_each_entry_safe(l, n, head, hash_node) {
1815 memcpy(dst_key, l->key, key_size);
1819 void __percpu *pptr;
1821 pptr = htab_elem_get_ptr(l, map->key_size);
1822 for_each_possible_cpu(cpu) {
1823 copy_map_value_long(&htab->map, dst_val + off, per_cpu_ptr(pptr, cpu));
1824 check_and_init_map_value(&htab->map, dst_val + off);
1828 value = l->key + roundup_key_size;
1829 if (map->map_type == BPF_MAP_TYPE_HASH_OF_MAPS) {
1830 struct bpf_map **inner_map = value;
1832 /* Actual value is the id of the inner map */
1833 map_id = map->ops->map_fd_sys_lookup_elem(*inner_map);
1837 if (elem_map_flags & BPF_F_LOCK)
1838 copy_map_value_locked(map, dst_val, value,
1841 copy_map_value(map, dst_val, value);
1842 /* Zeroing special fields in the temp buffer */
1843 check_and_init_map_value(map, dst_val);
1846 hlist_nulls_del_rcu(&l->hash_node);
1848 /* bpf_lru_push_free() will acquire lru_lock, which
1849 * may cause deadlock. See comments in function
1850 * prealloc_lru_pop(). Let us do bpf_lru_push_free()
1851 * after releasing the bucket lock.
1854 l->batch_flink = node_to_free;
1857 free_htab_elem(htab, l);
1860 dst_key += key_size;
1861 dst_val += value_size;
1864 htab_unlock_bucket(htab, b, batch, flags);
1867 while (node_to_free) {
1869 node_to_free = node_to_free->batch_flink;
1870 htab_lru_push_free(htab, l);
1874 /* If we are not copying data, we can go to next bucket and avoid
1875 * unlocking the rcu.
1877 if (!bucket_cnt && (batch + 1 < htab->n_buckets)) {
1883 bpf_enable_instrumentation();
1884 if (bucket_cnt && (copy_to_user(ukeys + total * key_size, keys,
1885 key_size * bucket_cnt) ||
1886 copy_to_user(uvalues + total * value_size, values,
1887 value_size * bucket_cnt))) {
1892 total += bucket_cnt;
1894 if (batch >= htab->n_buckets) {
1904 /* copy # of entries and next batch */
1905 ubatch = u64_to_user_ptr(attr->batch.out_batch);
1906 if (copy_to_user(ubatch, &batch, sizeof(batch)) ||
1907 put_user(total, &uattr->batch.count))
1917 htab_percpu_map_lookup_batch(struct bpf_map *map, const union bpf_attr *attr,
1918 union bpf_attr __user *uattr)
1920 return __htab_map_lookup_and_delete_batch(map, attr, uattr, false,
1925 htab_percpu_map_lookup_and_delete_batch(struct bpf_map *map,
1926 const union bpf_attr *attr,
1927 union bpf_attr __user *uattr)
1929 return __htab_map_lookup_and_delete_batch(map, attr, uattr, true,
1934 htab_map_lookup_batch(struct bpf_map *map, const union bpf_attr *attr,
1935 union bpf_attr __user *uattr)
1937 return __htab_map_lookup_and_delete_batch(map, attr, uattr, false,
1942 htab_map_lookup_and_delete_batch(struct bpf_map *map,
1943 const union bpf_attr *attr,
1944 union bpf_attr __user *uattr)
1946 return __htab_map_lookup_and_delete_batch(map, attr, uattr, true,
1951 htab_lru_percpu_map_lookup_batch(struct bpf_map *map,
1952 const union bpf_attr *attr,
1953 union bpf_attr __user *uattr)
1955 return __htab_map_lookup_and_delete_batch(map, attr, uattr, false,
1960 htab_lru_percpu_map_lookup_and_delete_batch(struct bpf_map *map,
1961 const union bpf_attr *attr,
1962 union bpf_attr __user *uattr)
1964 return __htab_map_lookup_and_delete_batch(map, attr, uattr, true,
1969 htab_lru_map_lookup_batch(struct bpf_map *map, const union bpf_attr *attr,
1970 union bpf_attr __user *uattr)
1972 return __htab_map_lookup_and_delete_batch(map, attr, uattr, false,
1977 htab_lru_map_lookup_and_delete_batch(struct bpf_map *map,
1978 const union bpf_attr *attr,
1979 union bpf_attr __user *uattr)
1981 return __htab_map_lookup_and_delete_batch(map, attr, uattr, true,
1985 struct bpf_iter_seq_hash_map_info {
1986 struct bpf_map *map;
1987 struct bpf_htab *htab;
1988 void *percpu_value_buf; // non-zero means percpu hash
1993 static struct htab_elem *
1994 bpf_hash_map_seq_find_next(struct bpf_iter_seq_hash_map_info *info,
1995 struct htab_elem *prev_elem)
1997 const struct bpf_htab *htab = info->htab;
1998 u32 skip_elems = info->skip_elems;
1999 u32 bucket_id = info->bucket_id;
2000 struct hlist_nulls_head *head;
2001 struct hlist_nulls_node *n;
2002 struct htab_elem *elem;
2006 if (bucket_id >= htab->n_buckets)
2009 /* try to find next elem in the same bucket */
2011 /* no update/deletion on this bucket, prev_elem should be still valid
2012 * and we won't skip elements.
2014 n = rcu_dereference_raw(hlist_nulls_next_rcu(&prev_elem->hash_node));
2015 elem = hlist_nulls_entry_safe(n, struct htab_elem, hash_node);
2019 /* not found, unlock and go to the next bucket */
2020 b = &htab->buckets[bucket_id++];
2025 for (i = bucket_id; i < htab->n_buckets; i++) {
2026 b = &htab->buckets[i];
2031 hlist_nulls_for_each_entry_rcu(elem, n, head, hash_node) {
2032 if (count >= skip_elems) {
2033 info->bucket_id = i;
2034 info->skip_elems = count;
2044 info->bucket_id = i;
2045 info->skip_elems = 0;
2049 static void *bpf_hash_map_seq_start(struct seq_file *seq, loff_t *pos)
2051 struct bpf_iter_seq_hash_map_info *info = seq->private;
2052 struct htab_elem *elem;
2054 elem = bpf_hash_map_seq_find_next(info, NULL);
2063 static void *bpf_hash_map_seq_next(struct seq_file *seq, void *v, loff_t *pos)
2065 struct bpf_iter_seq_hash_map_info *info = seq->private;
2069 return bpf_hash_map_seq_find_next(info, v);
2072 static int __bpf_hash_map_seq_show(struct seq_file *seq, struct htab_elem *elem)
2074 struct bpf_iter_seq_hash_map_info *info = seq->private;
2075 u32 roundup_key_size, roundup_value_size;
2076 struct bpf_iter__bpf_map_elem ctx = {};
2077 struct bpf_map *map = info->map;
2078 struct bpf_iter_meta meta;
2079 int ret = 0, off = 0, cpu;
2080 struct bpf_prog *prog;
2081 void __percpu *pptr;
2084 prog = bpf_iter_get_info(&meta, elem == NULL);
2087 ctx.map = info->map;
2089 roundup_key_size = round_up(map->key_size, 8);
2090 ctx.key = elem->key;
2091 if (!info->percpu_value_buf) {
2092 ctx.value = elem->key + roundup_key_size;
2094 roundup_value_size = round_up(map->value_size, 8);
2095 pptr = htab_elem_get_ptr(elem, map->key_size);
2096 for_each_possible_cpu(cpu) {
2097 copy_map_value_long(map, info->percpu_value_buf + off,
2098 per_cpu_ptr(pptr, cpu));
2099 check_and_init_map_value(map, info->percpu_value_buf + off);
2100 off += roundup_value_size;
2102 ctx.value = info->percpu_value_buf;
2105 ret = bpf_iter_run_prog(prog, &ctx);
2111 static int bpf_hash_map_seq_show(struct seq_file *seq, void *v)
2113 return __bpf_hash_map_seq_show(seq, v);
2116 static void bpf_hash_map_seq_stop(struct seq_file *seq, void *v)
2119 (void)__bpf_hash_map_seq_show(seq, NULL);
2124 static int bpf_iter_init_hash_map(void *priv_data,
2125 struct bpf_iter_aux_info *aux)
2127 struct bpf_iter_seq_hash_map_info *seq_info = priv_data;
2128 struct bpf_map *map = aux->map;
2132 if (map->map_type == BPF_MAP_TYPE_PERCPU_HASH ||
2133 map->map_type == BPF_MAP_TYPE_LRU_PERCPU_HASH) {
2134 buf_size = round_up(map->value_size, 8) * num_possible_cpus();
2135 value_buf = kmalloc(buf_size, GFP_USER | __GFP_NOWARN);
2139 seq_info->percpu_value_buf = value_buf;
2142 bpf_map_inc_with_uref(map);
2143 seq_info->map = map;
2144 seq_info->htab = container_of(map, struct bpf_htab, map);
2148 static void bpf_iter_fini_hash_map(void *priv_data)
2150 struct bpf_iter_seq_hash_map_info *seq_info = priv_data;
2152 bpf_map_put_with_uref(seq_info->map);
2153 kfree(seq_info->percpu_value_buf);
2156 static const struct seq_operations bpf_hash_map_seq_ops = {
2157 .start = bpf_hash_map_seq_start,
2158 .next = bpf_hash_map_seq_next,
2159 .stop = bpf_hash_map_seq_stop,
2160 .show = bpf_hash_map_seq_show,
2163 static const struct bpf_iter_seq_info iter_seq_info = {
2164 .seq_ops = &bpf_hash_map_seq_ops,
2165 .init_seq_private = bpf_iter_init_hash_map,
2166 .fini_seq_private = bpf_iter_fini_hash_map,
2167 .seq_priv_size = sizeof(struct bpf_iter_seq_hash_map_info),
2170 static long bpf_for_each_hash_elem(struct bpf_map *map, bpf_callback_t callback_fn,
2171 void *callback_ctx, u64 flags)
2173 struct bpf_htab *htab = container_of(map, struct bpf_htab, map);
2174 struct hlist_nulls_head *head;
2175 struct hlist_nulls_node *n;
2176 struct htab_elem *elem;
2177 u32 roundup_key_size;
2178 int i, num_elems = 0;
2179 void __percpu *pptr;
2188 is_percpu = htab_is_percpu(htab);
2190 roundup_key_size = round_up(map->key_size, 8);
2191 /* disable migration so percpu value prepared here will be the
2192 * same as the one seen by the bpf program with bpf_map_lookup_elem().
2196 for (i = 0; i < htab->n_buckets; i++) {
2197 b = &htab->buckets[i];
2200 hlist_nulls_for_each_entry_rcu(elem, n, head, hash_node) {
2203 /* current cpu value for percpu map */
2204 pptr = htab_elem_get_ptr(elem, map->key_size);
2205 val = this_cpu_ptr(pptr);
2207 val = elem->key + roundup_key_size;
2210 ret = callback_fn((u64)(long)map, (u64)(long)key,
2211 (u64)(long)val, (u64)(long)callback_ctx, 0);
2212 /* return value: 0 - continue, 1 - stop and return */
2226 static u64 htab_map_mem_usage(const struct bpf_map *map)
2228 struct bpf_htab *htab = container_of(map, struct bpf_htab, map);
2229 u32 value_size = round_up(htab->map.value_size, 8);
2230 bool prealloc = htab_is_prealloc(htab);
2231 bool percpu = htab_is_percpu(htab);
2232 bool lru = htab_is_lru(htab);
2234 u64 usage = sizeof(struct bpf_htab);
2236 usage += sizeof(struct bucket) * htab->n_buckets;
2237 usage += sizeof(int) * num_possible_cpus() * HASHTAB_MAP_LOCK_COUNT;
2239 num_entries = map->max_entries;
2240 if (htab_has_extra_elems(htab))
2241 num_entries += num_possible_cpus();
2243 usage += htab->elem_size * num_entries;
2246 usage += value_size * num_possible_cpus() * num_entries;
2248 usage += sizeof(struct htab_elem *) * num_possible_cpus();
2250 #define LLIST_NODE_SZ sizeof(struct llist_node)
2252 num_entries = htab->use_percpu_counter ?
2253 percpu_counter_sum(&htab->pcount) :
2254 atomic_read(&htab->count);
2255 usage += (htab->elem_size + LLIST_NODE_SZ) * num_entries;
2257 usage += (LLIST_NODE_SZ + sizeof(void *)) * num_entries;
2258 usage += value_size * num_possible_cpus() * num_entries;
2264 BTF_ID_LIST_SINGLE(htab_map_btf_ids, struct, bpf_htab)
2265 const struct bpf_map_ops htab_map_ops = {
2266 .map_meta_equal = bpf_map_meta_equal,
2267 .map_alloc_check = htab_map_alloc_check,
2268 .map_alloc = htab_map_alloc,
2269 .map_free = htab_map_free,
2270 .map_get_next_key = htab_map_get_next_key,
2271 .map_release_uref = htab_map_free_timers_and_wq,
2272 .map_lookup_elem = htab_map_lookup_elem,
2273 .map_lookup_and_delete_elem = htab_map_lookup_and_delete_elem,
2274 .map_update_elem = htab_map_update_elem,
2275 .map_delete_elem = htab_map_delete_elem,
2276 .map_gen_lookup = htab_map_gen_lookup,
2277 .map_seq_show_elem = htab_map_seq_show_elem,
2278 .map_set_for_each_callback_args = map_set_for_each_callback_args,
2279 .map_for_each_callback = bpf_for_each_hash_elem,
2280 .map_mem_usage = htab_map_mem_usage,
2282 .map_btf_id = &htab_map_btf_ids[0],
2283 .iter_seq_info = &iter_seq_info,
2286 const struct bpf_map_ops htab_lru_map_ops = {
2287 .map_meta_equal = bpf_map_meta_equal,
2288 .map_alloc_check = htab_map_alloc_check,
2289 .map_alloc = htab_map_alloc,
2290 .map_free = htab_map_free,
2291 .map_get_next_key = htab_map_get_next_key,
2292 .map_release_uref = htab_map_free_timers_and_wq,
2293 .map_lookup_elem = htab_lru_map_lookup_elem,
2294 .map_lookup_and_delete_elem = htab_lru_map_lookup_and_delete_elem,
2295 .map_lookup_elem_sys_only = htab_lru_map_lookup_elem_sys,
2296 .map_update_elem = htab_lru_map_update_elem,
2297 .map_delete_elem = htab_lru_map_delete_elem,
2298 .map_gen_lookup = htab_lru_map_gen_lookup,
2299 .map_seq_show_elem = htab_map_seq_show_elem,
2300 .map_set_for_each_callback_args = map_set_for_each_callback_args,
2301 .map_for_each_callback = bpf_for_each_hash_elem,
2302 .map_mem_usage = htab_map_mem_usage,
2303 BATCH_OPS(htab_lru),
2304 .map_btf_id = &htab_map_btf_ids[0],
2305 .iter_seq_info = &iter_seq_info,
2308 /* Called from eBPF program */
2309 static void *htab_percpu_map_lookup_elem(struct bpf_map *map, void *key)
2311 struct htab_elem *l = __htab_map_lookup_elem(map, key);
2314 return this_cpu_ptr(htab_elem_get_ptr(l, map->key_size));
2319 /* inline bpf_map_lookup_elem() call for per-CPU hashmap */
2320 static int htab_percpu_map_gen_lookup(struct bpf_map *map, struct bpf_insn *insn_buf)
2322 struct bpf_insn *insn = insn_buf;
2324 if (!bpf_jit_supports_percpu_insn())
2327 BUILD_BUG_ON(!__same_type(&__htab_map_lookup_elem,
2328 (void *(*)(struct bpf_map *map, void *key))NULL));
2329 *insn++ = BPF_EMIT_CALL(__htab_map_lookup_elem);
2330 *insn++ = BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 3);
2331 *insn++ = BPF_ALU64_IMM(BPF_ADD, BPF_REG_0,
2332 offsetof(struct htab_elem, key) + map->key_size);
2333 *insn++ = BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_0, 0);
2334 *insn++ = BPF_MOV64_PERCPU_REG(BPF_REG_0, BPF_REG_0);
2336 return insn - insn_buf;
2339 static void *htab_percpu_map_lookup_percpu_elem(struct bpf_map *map, void *key, u32 cpu)
2341 struct htab_elem *l;
2343 if (cpu >= nr_cpu_ids)
2346 l = __htab_map_lookup_elem(map, key);
2348 return per_cpu_ptr(htab_elem_get_ptr(l, map->key_size), cpu);
2353 static void *htab_lru_percpu_map_lookup_elem(struct bpf_map *map, void *key)
2355 struct htab_elem *l = __htab_map_lookup_elem(map, key);
2358 bpf_lru_node_set_ref(&l->lru_node);
2359 return this_cpu_ptr(htab_elem_get_ptr(l, map->key_size));
2365 static void *htab_lru_percpu_map_lookup_percpu_elem(struct bpf_map *map, void *key, u32 cpu)
2367 struct htab_elem *l;
2369 if (cpu >= nr_cpu_ids)
2372 l = __htab_map_lookup_elem(map, key);
2374 bpf_lru_node_set_ref(&l->lru_node);
2375 return per_cpu_ptr(htab_elem_get_ptr(l, map->key_size), cpu);
2381 int bpf_percpu_hash_copy(struct bpf_map *map, void *key, void *value)
2383 struct htab_elem *l;
2384 void __percpu *pptr;
2389 /* per_cpu areas are zero-filled and bpf programs can only
2390 * access 'value_size' of them, so copying rounded areas
2391 * will not leak any kernel data
2393 size = round_up(map->value_size, 8);
2395 l = __htab_map_lookup_elem(map, key);
2398 /* We do not mark LRU map element here in order to not mess up
2399 * eviction heuristics when user space does a map walk.
2401 pptr = htab_elem_get_ptr(l, map->key_size);
2402 for_each_possible_cpu(cpu) {
2403 copy_map_value_long(map, value + off, per_cpu_ptr(pptr, cpu));
2404 check_and_init_map_value(map, value + off);
2413 int bpf_percpu_hash_update(struct bpf_map *map, void *key, void *value,
2416 struct bpf_htab *htab = container_of(map, struct bpf_htab, map);
2420 if (htab_is_lru(htab))
2421 ret = __htab_lru_percpu_map_update_elem(map, key, value,
2424 ret = __htab_percpu_map_update_elem(map, key, value, map_flags,
2431 static void htab_percpu_map_seq_show_elem(struct bpf_map *map, void *key,
2434 struct htab_elem *l;
2435 void __percpu *pptr;
2440 l = __htab_map_lookup_elem(map, key);
2446 btf_type_seq_show(map->btf, map->btf_key_type_id, key, m);
2447 seq_puts(m, ": {\n");
2448 pptr = htab_elem_get_ptr(l, map->key_size);
2449 for_each_possible_cpu(cpu) {
2450 seq_printf(m, "\tcpu%d: ", cpu);
2451 btf_type_seq_show(map->btf, map->btf_value_type_id,
2452 per_cpu_ptr(pptr, cpu), m);
2460 const struct bpf_map_ops htab_percpu_map_ops = {
2461 .map_meta_equal = bpf_map_meta_equal,
2462 .map_alloc_check = htab_map_alloc_check,
2463 .map_alloc = htab_map_alloc,
2464 .map_free = htab_map_free,
2465 .map_get_next_key = htab_map_get_next_key,
2466 .map_lookup_elem = htab_percpu_map_lookup_elem,
2467 .map_gen_lookup = htab_percpu_map_gen_lookup,
2468 .map_lookup_and_delete_elem = htab_percpu_map_lookup_and_delete_elem,
2469 .map_update_elem = htab_percpu_map_update_elem,
2470 .map_delete_elem = htab_map_delete_elem,
2471 .map_lookup_percpu_elem = htab_percpu_map_lookup_percpu_elem,
2472 .map_seq_show_elem = htab_percpu_map_seq_show_elem,
2473 .map_set_for_each_callback_args = map_set_for_each_callback_args,
2474 .map_for_each_callback = bpf_for_each_hash_elem,
2475 .map_mem_usage = htab_map_mem_usage,
2476 BATCH_OPS(htab_percpu),
2477 .map_btf_id = &htab_map_btf_ids[0],
2478 .iter_seq_info = &iter_seq_info,
2481 const struct bpf_map_ops htab_lru_percpu_map_ops = {
2482 .map_meta_equal = bpf_map_meta_equal,
2483 .map_alloc_check = htab_map_alloc_check,
2484 .map_alloc = htab_map_alloc,
2485 .map_free = htab_map_free,
2486 .map_get_next_key = htab_map_get_next_key,
2487 .map_lookup_elem = htab_lru_percpu_map_lookup_elem,
2488 .map_lookup_and_delete_elem = htab_lru_percpu_map_lookup_and_delete_elem,
2489 .map_update_elem = htab_lru_percpu_map_update_elem,
2490 .map_delete_elem = htab_lru_map_delete_elem,
2491 .map_lookup_percpu_elem = htab_lru_percpu_map_lookup_percpu_elem,
2492 .map_seq_show_elem = htab_percpu_map_seq_show_elem,
2493 .map_set_for_each_callback_args = map_set_for_each_callback_args,
2494 .map_for_each_callback = bpf_for_each_hash_elem,
2495 .map_mem_usage = htab_map_mem_usage,
2496 BATCH_OPS(htab_lru_percpu),
2497 .map_btf_id = &htab_map_btf_ids[0],
2498 .iter_seq_info = &iter_seq_info,
2501 static int fd_htab_map_alloc_check(union bpf_attr *attr)
2503 if (attr->value_size != sizeof(u32))
2505 return htab_map_alloc_check(attr);
2508 static void fd_htab_map_free(struct bpf_map *map)
2510 struct bpf_htab *htab = container_of(map, struct bpf_htab, map);
2511 struct hlist_nulls_node *n;
2512 struct hlist_nulls_head *head;
2513 struct htab_elem *l;
2516 for (i = 0; i < htab->n_buckets; i++) {
2517 head = select_bucket(htab, i);
2519 hlist_nulls_for_each_entry_safe(l, n, head, hash_node) {
2520 void *ptr = fd_htab_map_get_ptr(map, l);
2522 map->ops->map_fd_put_ptr(map, ptr, false);
2529 /* only called from syscall */
2530 int bpf_fd_htab_map_lookup_elem(struct bpf_map *map, void *key, u32 *value)
2535 if (!map->ops->map_fd_sys_lookup_elem)
2539 ptr = htab_map_lookup_elem(map, key);
2541 *value = map->ops->map_fd_sys_lookup_elem(READ_ONCE(*ptr));
2549 /* only called from syscall */
2550 int bpf_fd_htab_map_update_elem(struct bpf_map *map, struct file *map_file,
2551 void *key, void *value, u64 map_flags)
2555 u32 ufd = *(u32 *)value;
2557 ptr = map->ops->map_fd_get_ptr(map, map_file, ufd);
2559 return PTR_ERR(ptr);
2561 /* The htab bucket lock is always held during update operations in fd
2562 * htab map, and the following rcu_read_lock() is only used to avoid
2563 * the WARN_ON_ONCE in htab_map_update_elem().
2566 ret = htab_map_update_elem(map, key, &ptr, map_flags);
2569 map->ops->map_fd_put_ptr(map, ptr, false);
2574 static struct bpf_map *htab_of_map_alloc(union bpf_attr *attr)
2576 struct bpf_map *map, *inner_map_meta;
2578 inner_map_meta = bpf_map_meta_alloc(attr->inner_map_fd);
2579 if (IS_ERR(inner_map_meta))
2580 return inner_map_meta;
2582 map = htab_map_alloc(attr);
2584 bpf_map_meta_free(inner_map_meta);
2588 map->inner_map_meta = inner_map_meta;
2593 static void *htab_of_map_lookup_elem(struct bpf_map *map, void *key)
2595 struct bpf_map **inner_map = htab_map_lookup_elem(map, key);
2600 return READ_ONCE(*inner_map);
2603 static int htab_of_map_gen_lookup(struct bpf_map *map,
2604 struct bpf_insn *insn_buf)
2606 struct bpf_insn *insn = insn_buf;
2607 const int ret = BPF_REG_0;
2609 BUILD_BUG_ON(!__same_type(&__htab_map_lookup_elem,
2610 (void *(*)(struct bpf_map *map, void *key))NULL));
2611 *insn++ = BPF_EMIT_CALL(__htab_map_lookup_elem);
2612 *insn++ = BPF_JMP_IMM(BPF_JEQ, ret, 0, 2);
2613 *insn++ = BPF_ALU64_IMM(BPF_ADD, ret,
2614 offsetof(struct htab_elem, key) +
2615 round_up(map->key_size, 8));
2616 *insn++ = BPF_LDX_MEM(BPF_DW, ret, ret, 0);
2618 return insn - insn_buf;
2621 static void htab_of_map_free(struct bpf_map *map)
2623 bpf_map_meta_free(map->inner_map_meta);
2624 fd_htab_map_free(map);
2627 const struct bpf_map_ops htab_of_maps_map_ops = {
2628 .map_alloc_check = fd_htab_map_alloc_check,
2629 .map_alloc = htab_of_map_alloc,
2630 .map_free = htab_of_map_free,
2631 .map_get_next_key = htab_map_get_next_key,
2632 .map_lookup_elem = htab_of_map_lookup_elem,
2633 .map_delete_elem = htab_map_delete_elem,
2634 .map_fd_get_ptr = bpf_map_fd_get_ptr,
2635 .map_fd_put_ptr = bpf_map_fd_put_ptr,
2636 .map_fd_sys_lookup_elem = bpf_map_fd_sys_lookup_elem,
2637 .map_gen_lookup = htab_of_map_gen_lookup,
2638 .map_check_btf = map_check_no_btf,
2639 .map_mem_usage = htab_map_mem_usage,
2641 .map_btf_id = &htab_map_btf_ids[0],
projects / linux-2.6-block.git / blob