1 // SPDX-License-Identifier: GPL-2.0-only
2 /* Copyright (c) 2019 Facebook */
5 #include <linux/bpf_verifier.h>
7 #include <linux/filter.h>
8 #include <linux/slab.h>
9 #include <linux/numa.h>
10 #include <linux/seq_file.h>
11 #include <linux/refcount.h>
12 #include <linux/mutex.h>
13 #include <linux/btf_ids.h>
14 #include <linux/rcupdate_wait.h>
15 #include <linux/poll.h>
17 struct bpf_struct_ops_value {
18 struct bpf_struct_ops_common_value common;
19 char data[] ____cacheline_aligned_in_smp;
22 #define MAX_TRAMP_IMAGE_PAGES 8
24 struct bpf_struct_ops_map {
27 const struct bpf_struct_ops_desc *st_ops_desc;
28 /* protect map_update */
30 /* link has all the bpf_links that is populated
31 * to the func ptr of the kernel's struct
34 struct bpf_link **links;
37 /* image_pages is an array of pages that has all the trampolines
38 * that stores the func args before calling the bpf_prog.
40 void *image_pages[MAX_TRAMP_IMAGE_PAGES];
41 /* The owner moduler's btf. */
43 /* uvalue->data stores the kernel struct
44 * (e.g. tcp_congestion_ops) that is more useful
45 * to userspace than the kvalue. For example,
46 * the bpf_prog's id is stored instead of the kernel
47 * address of a func ptr.
49 struct bpf_struct_ops_value *uvalue;
50 /* kvalue.data stores the actual kernel's struct
51 * (e.g. tcp_congestion_ops) that will be
52 * registered to the kernel subsystem.
54 struct bpf_struct_ops_value kvalue;
57 struct bpf_struct_ops_link {
59 struct bpf_map __rcu *map;
60 wait_queue_head_t wait_hup;
63 static DEFINE_MUTEX(update_mutex);
65 #define VALUE_PREFIX "bpf_struct_ops_"
66 #define VALUE_PREFIX_LEN (sizeof(VALUE_PREFIX) - 1)
68 const struct bpf_verifier_ops bpf_struct_ops_verifier_ops = {
71 const struct bpf_prog_ops bpf_struct_ops_prog_ops = {
73 .test_run = bpf_struct_ops_test_run,
77 BTF_ID_LIST(st_ops_ids)
78 BTF_ID(struct, module)
79 BTF_ID(struct, bpf_struct_ops_common_value)
83 IDX_ST_OPS_COMMON_VALUE_ID,
86 extern struct btf *btf_vmlinux;
88 static bool is_valid_value_type(struct btf *btf, s32 value_id,
89 const struct btf_type *type,
90 const char *value_name)
92 const struct btf_type *common_value_type;
93 const struct btf_member *member;
94 const struct btf_type *vt, *mt;
96 vt = btf_type_by_id(btf, value_id);
97 if (btf_vlen(vt) != 2) {
98 pr_warn("The number of %s's members should be 2, but we get %d\n",
99 value_name, btf_vlen(vt));
102 member = btf_type_member(vt);
103 mt = btf_type_by_id(btf, member->type);
104 common_value_type = btf_type_by_id(btf_vmlinux,
105 st_ops_ids[IDX_ST_OPS_COMMON_VALUE_ID]);
106 if (mt != common_value_type) {
107 pr_warn("The first member of %s should be bpf_struct_ops_common_value\n",
112 mt = btf_type_by_id(btf, member->type);
114 pr_warn("The second member of %s should be %s\n",
115 value_name, btf_name_by_offset(btf, type->name_off));
122 static void *bpf_struct_ops_image_alloc(void)
127 err = bpf_jit_charge_modmem(PAGE_SIZE);
130 image = arch_alloc_bpf_trampoline(PAGE_SIZE);
132 bpf_jit_uncharge_modmem(PAGE_SIZE);
133 return ERR_PTR(-ENOMEM);
139 void bpf_struct_ops_image_free(void *image)
142 arch_free_bpf_trampoline(image, PAGE_SIZE);
143 bpf_jit_uncharge_modmem(PAGE_SIZE);
147 #define MAYBE_NULL_SUFFIX "__nullable"
148 #define MAX_STUB_NAME 128
150 /* Return the type info of a stub function, if it exists.
152 * The name of a stub function is made up of the name of the struct_ops and
153 * the name of the function pointer member, separated by "__". For example,
154 * if the struct_ops type is named "foo_ops" and the function pointer
155 * member is named "bar", the stub function name would be "foo_ops__bar".
157 static const struct btf_type *
158 find_stub_func_proto(const struct btf *btf, const char *st_op_name,
159 const char *member_name)
161 char stub_func_name[MAX_STUB_NAME];
162 const struct btf_type *func_type;
166 cp = snprintf(stub_func_name, MAX_STUB_NAME, "%s__%s",
167 st_op_name, member_name);
168 if (cp >= MAX_STUB_NAME) {
169 pr_warn("Stub function name too long\n");
172 btf_id = btf_find_by_name_kind(btf, stub_func_name, BTF_KIND_FUNC);
175 func_type = btf_type_by_id(btf, btf_id);
179 return btf_type_by_id(btf, func_type->type); /* FUNC_PROTO */
182 /* Prepare argument info for every nullable argument of a member of a
185 * Initialize a struct bpf_struct_ops_arg_info according to type info of
186 * the arguments of a stub function. (Check kCFI for more information about
189 * Each member in the struct_ops type has a struct bpf_struct_ops_arg_info
190 * to provide an array of struct bpf_ctx_arg_aux, which in turn provides
191 * the information that used by the verifier to check the arguments of the
192 * BPF struct_ops program assigned to the member. Here, we only care about
193 * the arguments that are marked as __nullable.
195 * The array of struct bpf_ctx_arg_aux is eventually assigned to
196 * prog->aux->ctx_arg_info of BPF struct_ops programs and passed to the
197 * verifier. (See check_struct_ops_btf_id())
199 * arg_info->info will be the list of struct bpf_ctx_arg_aux if success. If
200 * fails, it will be kept untouched.
202 static int prepare_arg_info(struct btf *btf,
203 const char *st_ops_name,
204 const char *member_name,
205 const struct btf_type *func_proto,
206 struct bpf_struct_ops_arg_info *arg_info)
208 const struct btf_type *stub_func_proto, *pointed_type;
209 const struct btf_param *stub_args, *args;
210 struct bpf_ctx_arg_aux *info, *info_buf;
211 u32 nargs, arg_no, info_cnt = 0;
215 stub_func_proto = find_stub_func_proto(btf, st_ops_name, member_name);
216 if (!stub_func_proto)
219 /* Check if the number of arguments of the stub function is the same
220 * as the number of arguments of the function pointer.
222 nargs = btf_type_vlen(func_proto);
223 if (nargs != btf_type_vlen(stub_func_proto)) {
224 pr_warn("the number of arguments of the stub function %s__%s does not match the number of arguments of the member %s of struct %s\n",
225 st_ops_name, member_name, member_name, st_ops_name);
232 args = btf_params(func_proto);
233 stub_args = btf_params(stub_func_proto);
235 info_buf = kcalloc(nargs, sizeof(*info_buf), GFP_KERNEL);
239 /* Prepare info for every nullable argument */
241 for (arg_no = 0; arg_no < nargs; arg_no++) {
242 /* Skip arguments that is not suffixed with
245 if (!btf_param_match_suffix(btf, &stub_args[arg_no],
249 /* Should be a pointer to struct */
250 pointed_type = btf_type_resolve_ptr(btf,
254 !btf_type_is_struct(pointed_type)) {
255 pr_warn("stub function %s__%s has %s tagging to an unsupported type\n",
256 st_ops_name, member_name, MAYBE_NULL_SUFFIX);
260 offset = btf_ctx_arg_offset(btf, func_proto, arg_no);
262 pr_warn("stub function %s__%s has an invalid trampoline ctx offset for arg#%u\n",
263 st_ops_name, member_name, arg_no);
267 if (args[arg_no].type != stub_args[arg_no].type) {
268 pr_warn("arg#%u type in stub function %s__%s does not match with its original func_proto\n",
269 arg_no, st_ops_name, member_name);
273 /* Fill the information of the new argument */
275 PTR_TRUSTED | PTR_TO_BTF_ID | PTR_MAYBE_NULL;
276 info->btf_id = arg_btf_id;
278 info->offset = offset;
285 arg_info->info = info_buf;
286 arg_info->cnt = info_cnt;
299 /* Clean up the arg_info in a struct bpf_struct_ops_desc. */
300 void bpf_struct_ops_desc_release(struct bpf_struct_ops_desc *st_ops_desc)
302 struct bpf_struct_ops_arg_info *arg_info;
305 arg_info = st_ops_desc->arg_info;
306 for (i = 0; i < btf_type_vlen(st_ops_desc->type); i++)
307 kfree(arg_info[i].info);
312 int bpf_struct_ops_desc_init(struct bpf_struct_ops_desc *st_ops_desc,
314 struct bpf_verifier_log *log)
316 struct bpf_struct_ops *st_ops = st_ops_desc->st_ops;
317 struct bpf_struct_ops_arg_info *arg_info;
318 const struct btf_member *member;
319 const struct btf_type *t;
320 s32 type_id, value_id;
321 char value_name[128];
325 if (strlen(st_ops->name) + VALUE_PREFIX_LEN >=
326 sizeof(value_name)) {
327 pr_warn("struct_ops name %s is too long\n",
331 sprintf(value_name, "%s%s", VALUE_PREFIX, st_ops->name);
333 if (!st_ops->cfi_stubs) {
334 pr_warn("struct_ops for %s has no cfi_stubs\n", st_ops->name);
338 type_id = btf_find_by_name_kind(btf, st_ops->name,
341 pr_warn("Cannot find struct %s in %s\n",
342 st_ops->name, btf_get_name(btf));
345 t = btf_type_by_id(btf, type_id);
346 if (btf_type_vlen(t) > BPF_STRUCT_OPS_MAX_NR_MEMBERS) {
347 pr_warn("Cannot support #%u members in struct %s\n",
348 btf_type_vlen(t), st_ops->name);
352 value_id = btf_find_by_name_kind(btf, value_name,
355 pr_warn("Cannot find struct %s in %s\n",
356 value_name, btf_get_name(btf));
359 if (!is_valid_value_type(btf, value_id, t, value_name))
362 arg_info = kcalloc(btf_type_vlen(t), sizeof(*arg_info),
367 st_ops_desc->arg_info = arg_info;
368 st_ops_desc->type = t;
369 st_ops_desc->type_id = type_id;
370 st_ops_desc->value_id = value_id;
371 st_ops_desc->value_type = btf_type_by_id(btf, value_id);
373 for_each_member(i, t, member) {
374 const struct btf_type *func_proto;
376 mname = btf_name_by_offset(btf, member->name_off);
378 pr_warn("anon member in struct %s is not supported\n",
384 if (__btf_member_bitfield_size(t, member)) {
385 pr_warn("bit field member %s in struct %s is not supported\n",
386 mname, st_ops->name);
391 func_proto = btf_type_resolve_func_ptr(btf,
397 if (btf_distill_func_proto(log, btf,
399 &st_ops->func_models[i])) {
400 pr_warn("Error in parsing func ptr %s in struct %s\n",
401 mname, st_ops->name);
406 err = prepare_arg_info(btf, st_ops->name, mname,
413 if (st_ops->init(btf)) {
414 pr_warn("Error in init bpf_struct_ops %s\n",
423 bpf_struct_ops_desc_release(st_ops_desc);
428 static int bpf_struct_ops_map_get_next_key(struct bpf_map *map, void *key,
431 if (key && *(u32 *)key == 0)
434 *(u32 *)next_key = 0;
438 int bpf_struct_ops_map_sys_lookup_elem(struct bpf_map *map, void *key,
441 struct bpf_struct_ops_map *st_map = (struct bpf_struct_ops_map *)map;
442 struct bpf_struct_ops_value *uvalue, *kvalue;
443 enum bpf_struct_ops_state state;
446 if (unlikely(*(u32 *)key != 0))
449 kvalue = &st_map->kvalue;
450 /* Pair with smp_store_release() during map_update */
451 state = smp_load_acquire(&kvalue->common.state);
452 if (state == BPF_STRUCT_OPS_STATE_INIT) {
453 memset(value, 0, map->value_size);
457 /* No lock is needed. state and refcnt do not need
458 * to be updated together under atomic context.
461 memcpy(uvalue, st_map->uvalue, map->value_size);
462 uvalue->common.state = state;
464 /* This value offers the user space a general estimate of how
465 * many sockets are still utilizing this struct_ops for TCP
466 * congestion control. The number might not be exact, but it
467 * should sufficiently meet our present goals.
469 refcnt = atomic64_read(&map->refcnt) - atomic64_read(&map->usercnt);
470 refcount_set(&uvalue->common.refcnt, max_t(s64, refcnt, 0));
475 static void *bpf_struct_ops_map_lookup_elem(struct bpf_map *map, void *key)
477 return ERR_PTR(-EINVAL);
480 static void bpf_struct_ops_map_put_progs(struct bpf_struct_ops_map *st_map)
484 for (i = 0; i < st_map->links_cnt; i++) {
485 if (st_map->links[i]) {
486 bpf_link_put(st_map->links[i]);
487 st_map->links[i] = NULL;
492 static void bpf_struct_ops_map_free_image(struct bpf_struct_ops_map *st_map)
496 for (i = 0; i < st_map->image_pages_cnt; i++)
497 bpf_struct_ops_image_free(st_map->image_pages[i]);
498 st_map->image_pages_cnt = 0;
501 static int check_zero_holes(const struct btf *btf, const struct btf_type *t, void *data)
503 const struct btf_member *member;
504 u32 i, moff, msize, prev_mend = 0;
505 const struct btf_type *mtype;
507 for_each_member(i, t, member) {
508 moff = __btf_member_bit_offset(t, member) / 8;
509 if (moff > prev_mend &&
510 memchr_inv(data + prev_mend, 0, moff - prev_mend))
513 mtype = btf_type_by_id(btf, member->type);
514 mtype = btf_resolve_size(btf, mtype, &msize);
516 return PTR_ERR(mtype);
517 prev_mend = moff + msize;
520 if (t->size > prev_mend &&
521 memchr_inv(data + prev_mend, 0, t->size - prev_mend))
527 static void bpf_struct_ops_link_release(struct bpf_link *link)
531 static void bpf_struct_ops_link_dealloc(struct bpf_link *link)
533 struct bpf_tramp_link *tlink = container_of(link, struct bpf_tramp_link, link);
538 const struct bpf_link_ops bpf_struct_ops_link_lops = {
539 .release = bpf_struct_ops_link_release,
540 .dealloc = bpf_struct_ops_link_dealloc,
543 int bpf_struct_ops_prepare_trampoline(struct bpf_tramp_links *tlinks,
544 struct bpf_tramp_link *link,
545 const struct btf_func_model *model,
547 void **_image, u32 *_image_off,
550 u32 image_off = *_image_off, flags = BPF_TRAMP_F_INDIRECT;
551 void *image = *_image;
554 tlinks[BPF_TRAMP_FENTRY].links[0] = link;
555 tlinks[BPF_TRAMP_FENTRY].nr_links = 1;
557 if (model->ret_size > 0)
558 flags |= BPF_TRAMP_F_RET_FENTRY_RET;
560 size = arch_bpf_trampoline_size(model, flags, tlinks, NULL);
562 return size ? : -EFAULT;
564 /* Allocate image buffer if necessary */
565 if (!image || size > PAGE_SIZE - image_off) {
569 image = bpf_struct_ops_image_alloc();
571 return PTR_ERR(image);
575 size = arch_prepare_bpf_trampoline(NULL, image + image_off,
576 image + image_off + size,
577 model, flags, tlinks, stub_func);
579 if (image != *_image)
580 bpf_struct_ops_image_free(image);
581 return size ? : -EFAULT;
585 *_image_off = image_off + size;
589 static long bpf_struct_ops_map_update_elem(struct bpf_map *map, void *key,
590 void *value, u64 flags)
592 struct bpf_struct_ops_map *st_map = (struct bpf_struct_ops_map *)map;
593 const struct bpf_struct_ops_desc *st_ops_desc = st_map->st_ops_desc;
594 const struct bpf_struct_ops *st_ops = st_ops_desc->st_ops;
595 struct bpf_struct_ops_value *uvalue, *kvalue;
596 const struct btf_type *module_type;
597 const struct btf_member *member;
598 const struct btf_type *t = st_ops_desc->type;
599 struct bpf_tramp_links *tlinks;
602 u32 i, trampoline_start, image_off = 0;
603 void *cur_image = NULL, *image = NULL;
608 if (*(u32 *)key != 0)
611 err = check_zero_holes(st_map->btf, st_ops_desc->value_type, value);
616 err = check_zero_holes(st_map->btf, t, uvalue->data);
620 if (uvalue->common.state || refcount_read(&uvalue->common.refcnt))
623 tlinks = kcalloc(BPF_TRAMP_MAX, sizeof(*tlinks), GFP_KERNEL);
627 uvalue = (struct bpf_struct_ops_value *)st_map->uvalue;
628 kvalue = (struct bpf_struct_ops_value *)&st_map->kvalue;
630 mutex_lock(&st_map->lock);
632 if (kvalue->common.state != BPF_STRUCT_OPS_STATE_INIT) {
637 memcpy(uvalue, value, map->value_size);
639 udata = &uvalue->data;
640 kdata = &kvalue->data;
642 module_type = btf_type_by_id(btf_vmlinux, st_ops_ids[IDX_MODULE_ID]);
643 for_each_member(i, t, member) {
644 const struct btf_type *mtype, *ptype;
645 struct bpf_prog *prog;
646 struct bpf_tramp_link *link;
649 moff = __btf_member_bit_offset(t, member) / 8;
650 ptype = btf_type_resolve_ptr(st_map->btf, member->type, NULL);
651 if (ptype == module_type) {
652 if (*(void **)(udata + moff))
654 *(void **)(kdata + moff) = BPF_MODULE_OWNER;
658 err = st_ops->init_member(t, member, kdata, udata);
662 /* The ->init_member() has handled this member */
666 /* If st_ops->init_member does not handle it,
667 * we will only handle func ptrs and zero-ed members
668 * here. Reject everything else.
671 /* All non func ptr member must be 0 */
672 if (!ptype || !btf_type_is_func_proto(ptype)) {
675 mtype = btf_type_by_id(st_map->btf, member->type);
676 mtype = btf_resolve_size(st_map->btf, mtype, &msize);
678 err = PTR_ERR(mtype);
682 if (memchr_inv(udata + moff, 0, msize)) {
690 prog_fd = (int)(*(unsigned long *)(udata + moff));
691 /* Similar check as the attr->attach_prog_fd */
695 prog = bpf_prog_get(prog_fd);
701 if (prog->type != BPF_PROG_TYPE_STRUCT_OPS ||
702 prog->aux->attach_btf_id != st_ops_desc->type_id ||
703 prog->expected_attach_type != i) {
709 link = kzalloc(sizeof(*link), GFP_USER);
715 bpf_link_init(&link->link, BPF_LINK_TYPE_STRUCT_OPS,
716 &bpf_struct_ops_link_lops, prog);
717 st_map->links[i] = &link->link;
719 trampoline_start = image_off;
720 err = bpf_struct_ops_prepare_trampoline(tlinks, link,
721 &st_ops->func_models[i],
722 *(void **)(st_ops->cfi_stubs + moff),
724 st_map->image_pages_cnt < MAX_TRAMP_IMAGE_PAGES);
728 if (cur_image != image) {
729 st_map->image_pages[st_map->image_pages_cnt++] = image;
731 trampoline_start = 0;
734 *(void **)(kdata + moff) = image + trampoline_start + cfi_get_offset();
736 /* put prog_id to udata */
737 *(unsigned long *)(udata + moff) = prog->aux->id;
740 if (st_ops->validate) {
741 err = st_ops->validate(kdata);
745 for (i = 0; i < st_map->image_pages_cnt; i++) {
746 err = arch_protect_bpf_trampoline(st_map->image_pages[i],
752 if (st_map->map.map_flags & BPF_F_LINK) {
754 /* Let bpf_link handle registration & unregistration.
756 * Pair with smp_load_acquire() during lookup_elem().
758 smp_store_release(&kvalue->common.state, BPF_STRUCT_OPS_STATE_READY);
762 err = st_ops->reg(kdata, NULL);
764 /* This refcnt increment on the map here after
765 * 'st_ops->reg()' is secure since the state of the
766 * map must be set to INIT at this moment, and thus
767 * bpf_struct_ops_map_delete_elem() can't unregister
768 * or transition it to TOBEFREE concurrently.
771 /* Pair with smp_load_acquire() during lookup_elem().
772 * It ensures the above udata updates (e.g. prog->aux->id)
773 * can be seen once BPF_STRUCT_OPS_STATE_INUSE is set.
775 smp_store_release(&kvalue->common.state, BPF_STRUCT_OPS_STATE_INUSE);
779 /* Error during st_ops->reg(). Can happen if this struct_ops needs to be
780 * verified as a whole, after all init_member() calls. Can also happen if
781 * there was a race in registering the struct_ops (under the same name) to
782 * a sub-system through different struct_ops's maps.
786 bpf_struct_ops_map_free_image(st_map);
787 bpf_struct_ops_map_put_progs(st_map);
788 memset(uvalue, 0, map->value_size);
789 memset(kvalue, 0, map->value_size);
792 mutex_unlock(&st_map->lock);
796 static long bpf_struct_ops_map_delete_elem(struct bpf_map *map, void *key)
798 enum bpf_struct_ops_state prev_state;
799 struct bpf_struct_ops_map *st_map;
801 st_map = (struct bpf_struct_ops_map *)map;
802 if (st_map->map.map_flags & BPF_F_LINK)
805 prev_state = cmpxchg(&st_map->kvalue.common.state,
806 BPF_STRUCT_OPS_STATE_INUSE,
807 BPF_STRUCT_OPS_STATE_TOBEFREE);
808 switch (prev_state) {
809 case BPF_STRUCT_OPS_STATE_INUSE:
810 st_map->st_ops_desc->st_ops->unreg(&st_map->kvalue.data, NULL);
813 case BPF_STRUCT_OPS_STATE_TOBEFREE:
815 case BPF_STRUCT_OPS_STATE_INIT:
819 /* Should never happen. Treat it as not found. */
824 static void bpf_struct_ops_map_seq_show_elem(struct bpf_map *map, void *key,
827 struct bpf_struct_ops_map *st_map = (struct bpf_struct_ops_map *)map;
831 value = kmalloc(map->value_size, GFP_USER | __GFP_NOWARN);
835 err = bpf_struct_ops_map_sys_lookup_elem(map, key, value);
837 btf_type_seq_show(st_map->btf,
838 map->btf_vmlinux_value_type_id,
846 static void __bpf_struct_ops_map_free(struct bpf_map *map)
848 struct bpf_struct_ops_map *st_map = (struct bpf_struct_ops_map *)map;
851 bpf_struct_ops_map_put_progs(st_map);
852 bpf_map_area_free(st_map->links);
853 bpf_struct_ops_map_free_image(st_map);
854 bpf_map_area_free(st_map->uvalue);
855 bpf_map_area_free(st_map);
858 static void bpf_struct_ops_map_free(struct bpf_map *map)
860 struct bpf_struct_ops_map *st_map = (struct bpf_struct_ops_map *)map;
862 /* st_ops->owner was acquired during map_alloc to implicitly holds
863 * the btf's refcnt. The acquire was only done when btf_is_module()
864 * st_map->btf cannot be NULL here.
866 if (btf_is_module(st_map->btf))
867 module_put(st_map->st_ops_desc->st_ops->owner);
869 /* The struct_ops's function may switch to another struct_ops.
871 * For example, bpf_tcp_cc_x->init() may switch to
872 * another tcp_cc_y by calling
873 * setsockopt(TCP_CONGESTION, "tcp_cc_y").
874 * During the switch, bpf_struct_ops_put(tcp_cc_x) is called
875 * and its refcount may reach 0 which then free its
876 * trampoline image while tcp_cc_x is still running.
878 * A vanilla rcu gp is to wait for all bpf-tcp-cc prog
879 * to finish. bpf-tcp-cc prog is non sleepable.
880 * A rcu_tasks gp is to wait for the last few insn
881 * in the tramopline image to finish before releasing
882 * the trampoline image.
884 synchronize_rcu_mult(call_rcu, call_rcu_tasks);
886 __bpf_struct_ops_map_free(map);
889 static int bpf_struct_ops_map_alloc_check(union bpf_attr *attr)
891 if (attr->key_size != sizeof(unsigned int) || attr->max_entries != 1 ||
892 (attr->map_flags & ~(BPF_F_LINK | BPF_F_VTYPE_BTF_OBJ_FD)) ||
893 !attr->btf_vmlinux_value_type_id)
898 static struct bpf_map *bpf_struct_ops_map_alloc(union bpf_attr *attr)
900 const struct bpf_struct_ops_desc *st_ops_desc;
902 struct bpf_struct_ops_map *st_map;
903 const struct btf_type *t, *vt;
904 struct module *mod = NULL;
909 if (attr->map_flags & BPF_F_VTYPE_BTF_OBJ_FD) {
910 /* The map holds btf for its whole life time. */
911 btf = btf_get_by_fd(attr->value_type_btf_obj_fd);
913 return ERR_CAST(btf);
914 if (!btf_is_module(btf)) {
916 return ERR_PTR(-EINVAL);
919 mod = btf_try_get_module(btf);
920 /* mod holds a refcnt to btf. We don't need an extra refcnt
925 return ERR_PTR(-EINVAL);
927 btf = bpf_get_btf_vmlinux();
929 return ERR_CAST(btf);
931 return ERR_PTR(-ENOTSUPP);
934 st_ops_desc = bpf_struct_ops_find_value(btf, attr->btf_vmlinux_value_type_id);
940 vt = st_ops_desc->value_type;
941 if (attr->value_size != vt->size) {
946 t = st_ops_desc->type;
948 st_map_size = sizeof(*st_map) +
950 * struct bpf_struct_ops_tcp_congestions_ops
952 (vt->size - sizeof(struct bpf_struct_ops_value));
954 st_map = bpf_map_area_alloc(st_map_size, NUMA_NO_NODE);
960 st_map->st_ops_desc = st_ops_desc;
963 st_map->uvalue = bpf_map_area_alloc(vt->size, NUMA_NO_NODE);
964 st_map->links_cnt = btf_type_vlen(t);
966 bpf_map_area_alloc(st_map->links_cnt * sizeof(struct bpf_links *),
968 if (!st_map->uvalue || !st_map->links) {
974 mutex_init(&st_map->lock);
975 bpf_map_init_from_attr(map, attr);
980 __bpf_struct_ops_map_free(map);
987 static u64 bpf_struct_ops_map_mem_usage(const struct bpf_map *map)
989 struct bpf_struct_ops_map *st_map = (struct bpf_struct_ops_map *)map;
990 const struct bpf_struct_ops_desc *st_ops_desc = st_map->st_ops_desc;
991 const struct btf_type *vt = st_ops_desc->value_type;
994 usage = sizeof(*st_map) +
995 vt->size - sizeof(struct bpf_struct_ops_value);
997 usage += btf_type_vlen(vt) * sizeof(struct bpf_links *);
1002 BTF_ID_LIST_SINGLE(bpf_struct_ops_map_btf_ids, struct, bpf_struct_ops_map)
1003 const struct bpf_map_ops bpf_struct_ops_map_ops = {
1004 .map_alloc_check = bpf_struct_ops_map_alloc_check,
1005 .map_alloc = bpf_struct_ops_map_alloc,
1006 .map_free = bpf_struct_ops_map_free,
1007 .map_get_next_key = bpf_struct_ops_map_get_next_key,
1008 .map_lookup_elem = bpf_struct_ops_map_lookup_elem,
1009 .map_delete_elem = bpf_struct_ops_map_delete_elem,
1010 .map_update_elem = bpf_struct_ops_map_update_elem,
1011 .map_seq_show_elem = bpf_struct_ops_map_seq_show_elem,
1012 .map_mem_usage = bpf_struct_ops_map_mem_usage,
1013 .map_btf_id = &bpf_struct_ops_map_btf_ids[0],
1016 /* "const void *" because some subsystem is
1017 * passing a const (e.g. const struct tcp_congestion_ops *)
1019 bool bpf_struct_ops_get(const void *kdata)
1021 struct bpf_struct_ops_value *kvalue;
1022 struct bpf_struct_ops_map *st_map;
1023 struct bpf_map *map;
1025 kvalue = container_of(kdata, struct bpf_struct_ops_value, data);
1026 st_map = container_of(kvalue, struct bpf_struct_ops_map, kvalue);
1028 map = __bpf_map_inc_not_zero(&st_map->map, false);
1029 return !IS_ERR(map);
1032 void bpf_struct_ops_put(const void *kdata)
1034 struct bpf_struct_ops_value *kvalue;
1035 struct bpf_struct_ops_map *st_map;
1037 kvalue = container_of(kdata, struct bpf_struct_ops_value, data);
1038 st_map = container_of(kvalue, struct bpf_struct_ops_map, kvalue);
1040 bpf_map_put(&st_map->map);
1043 int bpf_struct_ops_supported(const struct bpf_struct_ops *st_ops, u32 moff)
1045 void *func_ptr = *(void **)(st_ops->cfi_stubs + moff);
1047 return func_ptr ? 0 : -ENOTSUPP;
1050 static bool bpf_struct_ops_valid_to_reg(struct bpf_map *map)
1052 struct bpf_struct_ops_map *st_map = (struct bpf_struct_ops_map *)map;
1054 return map->map_type == BPF_MAP_TYPE_STRUCT_OPS &&
1055 map->map_flags & BPF_F_LINK &&
1056 /* Pair with smp_store_release() during map_update */
1057 smp_load_acquire(&st_map->kvalue.common.state) == BPF_STRUCT_OPS_STATE_READY;
1060 static void bpf_struct_ops_map_link_dealloc(struct bpf_link *link)
1062 struct bpf_struct_ops_link *st_link;
1063 struct bpf_struct_ops_map *st_map;
1065 st_link = container_of(link, struct bpf_struct_ops_link, link);
1066 st_map = (struct bpf_struct_ops_map *)
1067 rcu_dereference_protected(st_link->map, true);
1069 st_map->st_ops_desc->st_ops->unreg(&st_map->kvalue.data, link);
1070 bpf_map_put(&st_map->map);
1075 static void bpf_struct_ops_map_link_show_fdinfo(const struct bpf_link *link,
1076 struct seq_file *seq)
1078 struct bpf_struct_ops_link *st_link;
1079 struct bpf_map *map;
1081 st_link = container_of(link, struct bpf_struct_ops_link, link);
1083 map = rcu_dereference(st_link->map);
1085 seq_printf(seq, "map_id:\t%d\n", map->id);
1089 static int bpf_struct_ops_map_link_fill_link_info(const struct bpf_link *link,
1090 struct bpf_link_info *info)
1092 struct bpf_struct_ops_link *st_link;
1093 struct bpf_map *map;
1095 st_link = container_of(link, struct bpf_struct_ops_link, link);
1097 map = rcu_dereference(st_link->map);
1099 info->struct_ops.map_id = map->id;
1104 static int bpf_struct_ops_map_link_update(struct bpf_link *link, struct bpf_map *new_map,
1105 struct bpf_map *expected_old_map)
1107 struct bpf_struct_ops_map *st_map, *old_st_map;
1108 struct bpf_map *old_map;
1109 struct bpf_struct_ops_link *st_link;
1112 st_link = container_of(link, struct bpf_struct_ops_link, link);
1113 st_map = container_of(new_map, struct bpf_struct_ops_map, map);
1115 if (!bpf_struct_ops_valid_to_reg(new_map))
1118 if (!st_map->st_ops_desc->st_ops->update)
1121 mutex_lock(&update_mutex);
1123 old_map = rcu_dereference_protected(st_link->map, lockdep_is_held(&update_mutex));
1128 if (expected_old_map && old_map != expected_old_map) {
1133 old_st_map = container_of(old_map, struct bpf_struct_ops_map, map);
1134 /* The new and old struct_ops must be the same type. */
1135 if (st_map->st_ops_desc != old_st_map->st_ops_desc) {
1140 err = st_map->st_ops_desc->st_ops->update(st_map->kvalue.data, old_st_map->kvalue.data, link);
1144 bpf_map_inc(new_map);
1145 rcu_assign_pointer(st_link->map, new_map);
1146 bpf_map_put(old_map);
1149 mutex_unlock(&update_mutex);
1154 static int bpf_struct_ops_map_link_detach(struct bpf_link *link)
1156 struct bpf_struct_ops_link *st_link = container_of(link, struct bpf_struct_ops_link, link);
1157 struct bpf_struct_ops_map *st_map;
1158 struct bpf_map *map;
1160 mutex_lock(&update_mutex);
1162 map = rcu_dereference_protected(st_link->map, lockdep_is_held(&update_mutex));
1164 mutex_unlock(&update_mutex);
1167 st_map = container_of(map, struct bpf_struct_ops_map, map);
1169 st_map->st_ops_desc->st_ops->unreg(&st_map->kvalue.data, link);
1171 RCU_INIT_POINTER(st_link->map, NULL);
1172 /* Pair with bpf_map_get() in bpf_struct_ops_link_create() or
1173 * bpf_map_inc() in bpf_struct_ops_map_link_update().
1175 bpf_map_put(&st_map->map);
1177 mutex_unlock(&update_mutex);
1179 wake_up_interruptible_poll(&st_link->wait_hup, EPOLLHUP);
1184 static __poll_t bpf_struct_ops_map_link_poll(struct file *file,
1185 struct poll_table_struct *pts)
1187 struct bpf_struct_ops_link *st_link = file->private_data;
1189 poll_wait(file, &st_link->wait_hup, pts);
1191 return rcu_access_pointer(st_link->map) ? 0 : EPOLLHUP;
1194 static const struct bpf_link_ops bpf_struct_ops_map_lops = {
1195 .dealloc = bpf_struct_ops_map_link_dealloc,
1196 .detach = bpf_struct_ops_map_link_detach,
1197 .show_fdinfo = bpf_struct_ops_map_link_show_fdinfo,
1198 .fill_link_info = bpf_struct_ops_map_link_fill_link_info,
1199 .update_map = bpf_struct_ops_map_link_update,
1200 .poll = bpf_struct_ops_map_link_poll,
1203 int bpf_struct_ops_link_create(union bpf_attr *attr)
1205 struct bpf_struct_ops_link *link = NULL;
1206 struct bpf_link_primer link_primer;
1207 struct bpf_struct_ops_map *st_map;
1208 struct bpf_map *map;
1211 map = bpf_map_get(attr->link_create.map_fd);
1213 return PTR_ERR(map);
1215 st_map = (struct bpf_struct_ops_map *)map;
1217 if (!bpf_struct_ops_valid_to_reg(map)) {
1222 link = kzalloc(sizeof(*link), GFP_USER);
1227 bpf_link_init(&link->link, BPF_LINK_TYPE_STRUCT_OPS, &bpf_struct_ops_map_lops, NULL);
1229 err = bpf_link_prime(&link->link, &link_primer);
1233 init_waitqueue_head(&link->wait_hup);
1235 /* Hold the update_mutex such that the subsystem cannot
1236 * do link->ops->detach() before the link is fully initialized.
1238 mutex_lock(&update_mutex);
1239 err = st_map->st_ops_desc->st_ops->reg(st_map->kvalue.data, &link->link);
1241 mutex_unlock(&update_mutex);
1242 bpf_link_cleanup(&link_primer);
1246 RCU_INIT_POINTER(link->map, map);
1247 mutex_unlock(&update_mutex);
1249 return bpf_link_settle(&link_primer);
1257 void bpf_map_struct_ops_info_fill(struct bpf_map_info *info, struct bpf_map *map)
1259 struct bpf_struct_ops_map *st_map = (struct bpf_struct_ops_map *)map;
1261 info->btf_vmlinux_id = btf_obj_id(st_map->btf);
projects / linux-block.git / blob