1 /*
2 * Performance events ring-buffer code:
3 *
4 * Copyright (C) 2008 Thomas Gleixner <tglx@linutronix.de>
5 * Copyright (C) 2008-2011 Red Hat, Inc., Ingo Molnar
6 * Copyright (C) 2008-2011 Red Hat, Inc., Peter Zijlstra
7 * Copyright © 2009 Paul Mackerras, IBM Corp. <paulus@au1.ibm.com>
8 *
9 * For licensing details see kernel-base/COPYING
10 */
11
12 #include <linux/perf_event.h>
13 #include <linux/vmalloc.h>
14 #include <linux/slab.h>
15 #include <linux/circ_buf.h>
16 #include <linux/poll.h>
17 #include <linux/nospec.h>
18
19 #include "internal.h"
20
perf_output_wakeup(struct perf_output_handle * handle)21 static void perf_output_wakeup(struct perf_output_handle *handle)
22 {
23 atomic_set(&handle->rb->poll, POLLIN);
24
25 handle->event->pending_wakeup = 1;
26 irq_work_queue(&handle->event->pending);
27 }
28
29 /*
30 * We need to ensure a later event_id doesn't publish a head when a former
31 * event isn't done writing. However since we need to deal with NMIs we
32 * cannot fully serialize things.
33 *
34 * We only publish the head (and generate a wakeup) when the outer-most
35 * event completes.
36 */
perf_output_get_handle(struct perf_output_handle * handle)37 static void perf_output_get_handle(struct perf_output_handle *handle)
38 {
39 struct ring_buffer *rb = handle->rb;
40
41 preempt_disable();
42 local_inc(&rb->nest);
43 handle->wakeup = local_read(&rb->wakeup);
44 }
45
perf_output_put_handle(struct perf_output_handle * handle)46 static void perf_output_put_handle(struct perf_output_handle *handle)
47 {
48 struct ring_buffer *rb = handle->rb;
49 unsigned long head;
50
51 again:
52 /*
53 * In order to avoid publishing a head value that goes backwards,
54 * we must ensure the load of @rb->head happens after we've
55 * incremented @rb->nest.
56 *
57 * Otherwise we can observe a @rb->head value before one published
58 * by an IRQ/NMI happening between the load and the increment.
59 */
60 barrier();
61 head = local_read(&rb->head);
62
63 /*
64 * IRQ/NMI can happen here and advance @rb->head, causing our
65 * load above to be stale.
66 */
67
68 /*
69 * If this isn't the outermost nesting, we don't have to update
70 * @rb->user_page->data_head.
71 */
72 if (local_read(&rb->nest) > 1) {
73 local_dec(&rb->nest);
74 goto out;
75 }
76
77 /*
78 * Since the mmap() consumer (userspace) can run on a different CPU:
79 *
80 * kernel user
81 *
82 * if (LOAD ->data_tail) { LOAD ->data_head
83 * (A) smp_rmb() (C)
84 * STORE $data LOAD $data
85 * smp_wmb() (B) smp_mb() (D)
86 * STORE ->data_head STORE ->data_tail
87 * }
88 *
89 * Where A pairs with D, and B pairs with C.
90 *
91 * In our case (A) is a control dependency that separates the load of
92 * the ->data_tail and the stores of $data. In case ->data_tail
93 * indicates there is no room in the buffer to store $data we do not.
94 *
95 * D needs to be a full barrier since it separates the data READ
96 * from the tail WRITE.
97 *
98 * For B a WMB is sufficient since it separates two WRITEs, and for C
99 * an RMB is sufficient since it separates two READs.
100 *
101 * See perf_output_begin().
102 */
103 smp_wmb(); /* B, matches C */
104 WRITE_ONCE(rb->user_page->data_head, head);
105
106 /*
107 * We must publish the head before decrementing the nest count,
108 * otherwise an IRQ/NMI can publish a more recent head value and our
109 * write will (temporarily) publish a stale value.
110 */
111 barrier();
112 local_set(&rb->nest, 0);
113
114 /*
115 * Ensure we decrement @rb->nest before we validate the @rb->head.
116 * Otherwise we cannot be sure we caught the 'last' nested update.
117 */
118 barrier();
119 if (unlikely(head != local_read(&rb->head))) {
120 local_inc(&rb->nest);
121 goto again;
122 }
123
124 if (handle->wakeup != local_read(&rb->wakeup))
125 perf_output_wakeup(handle);
126
127 out:
128 preempt_enable();
129 }
130
131 static bool __always_inline
ring_buffer_has_space(unsigned long head,unsigned long tail,unsigned long data_size,unsigned int size,bool backward)132 ring_buffer_has_space(unsigned long head, unsigned long tail,
133 unsigned long data_size, unsigned int size,
134 bool backward)
135 {
136 if (!backward)
137 return CIRC_SPACE(head, tail, data_size) >= size;
138 else
139 return CIRC_SPACE(tail, head, data_size) >= size;
140 }
141
142 static int __always_inline
__perf_output_begin(struct perf_output_handle * handle,struct perf_event * event,unsigned int size,bool backward)143 __perf_output_begin(struct perf_output_handle *handle,
144 struct perf_event *event, unsigned int size,
145 bool backward)
146 {
147 struct ring_buffer *rb;
148 unsigned long tail, offset, head;
149 int have_lost, page_shift;
150 struct {
151 struct perf_event_header header;
152 u64 id;
153 u64 lost;
154 } lost_event;
155
156 rcu_read_lock();
157 /*
158 * For inherited events we send all the output towards the parent.
159 */
160 if (event->parent)
161 event = event->parent;
162
163 rb = rcu_dereference(event->rb);
164 if (unlikely(!rb))
165 goto out;
166
167 if (unlikely(rb->paused)) {
168 if (rb->nr_pages)
169 local_inc(&rb->lost);
170 goto out;
171 }
172
173 handle->rb = rb;
174 handle->event = event;
175
176 have_lost = local_read(&rb->lost);
177 if (unlikely(have_lost)) {
178 size += sizeof(lost_event);
179 if (event->attr.sample_id_all)
180 size += event->id_header_size;
181 }
182
183 perf_output_get_handle(handle);
184
185 do {
186 tail = READ_ONCE(rb->user_page->data_tail);
187 offset = head = local_read(&rb->head);
188 if (!rb->overwrite) {
189 if (unlikely(!ring_buffer_has_space(head, tail,
190 perf_data_size(rb),
191 size, backward)))
192 goto fail;
193 }
194
195 /*
196 * The above forms a control dependency barrier separating the
197 * @tail load above from the data stores below. Since the @tail
198 * load is required to compute the branch to fail below.
199 *
200 * A, matches D; the full memory barrier userspace SHOULD issue
201 * after reading the data and before storing the new tail
202 * position.
203 *
204 * See perf_output_put_handle().
205 */
206
207 if (!backward)
208 head += size;
209 else
210 head -= size;
211 } while (local_cmpxchg(&rb->head, offset, head) != offset);
212
213 if (backward) {
214 offset = head;
215 head = (u64)(-head);
216 }
217
218 /*
219 * We rely on the implied barrier() by local_cmpxchg() to ensure
220 * none of the data stores below can be lifted up by the compiler.
221 */
222
223 if (unlikely(head - local_read(&rb->wakeup) > rb->watermark))
224 local_add(rb->watermark, &rb->wakeup);
225
226 page_shift = PAGE_SHIFT + page_order(rb);
227
228 handle->page = (offset >> page_shift) & (rb->nr_pages - 1);
229 offset &= (1UL << page_shift) - 1;
230 handle->addr = rb->data_pages[handle->page] + offset;
231 handle->size = (1UL << page_shift) - offset;
232
233 if (unlikely(have_lost)) {
234 struct perf_sample_data sample_data;
235
236 lost_event.header.size = sizeof(lost_event);
237 lost_event.header.type = PERF_RECORD_LOST;
238 lost_event.header.misc = 0;
239 lost_event.id = event->id;
240 lost_event.lost = local_xchg(&rb->lost, 0);
241
242 perf_event_header__init_id(&lost_event.header,
243 &sample_data, event);
244 perf_output_put(handle, lost_event);
245 perf_event__output_id_sample(event, handle, &sample_data);
246 }
247
248 return 0;
249
250 fail:
251 local_inc(&rb->lost);
252 perf_output_put_handle(handle);
253 out:
254 rcu_read_unlock();
255
256 return -ENOSPC;
257 }
258
perf_output_begin_forward(struct perf_output_handle * handle,struct perf_event * event,unsigned int size)259 int perf_output_begin_forward(struct perf_output_handle *handle,
260 struct perf_event *event, unsigned int size)
261 {
262 return __perf_output_begin(handle, event, size, false);
263 }
264
perf_output_begin_backward(struct perf_output_handle * handle,struct perf_event * event,unsigned int size)265 int perf_output_begin_backward(struct perf_output_handle *handle,
266 struct perf_event *event, unsigned int size)
267 {
268 return __perf_output_begin(handle, event, size, true);
269 }
270
perf_output_begin(struct perf_output_handle * handle,struct perf_event * event,unsigned int size)271 int perf_output_begin(struct perf_output_handle *handle,
272 struct perf_event *event, unsigned int size)
273 {
274
275 return __perf_output_begin(handle, event, size,
276 unlikely(is_write_backward(event)));
277 }
278
perf_output_copy(struct perf_output_handle * handle,const void * buf,unsigned int len)279 unsigned int perf_output_copy(struct perf_output_handle *handle,
280 const void *buf, unsigned int len)
281 {
282 return __output_copy(handle, buf, len);
283 }
284
perf_output_skip(struct perf_output_handle * handle,unsigned int len)285 unsigned int perf_output_skip(struct perf_output_handle *handle,
286 unsigned int len)
287 {
288 return __output_skip(handle, NULL, len);
289 }
290
perf_output_end(struct perf_output_handle * handle)291 void perf_output_end(struct perf_output_handle *handle)
292 {
293 perf_output_put_handle(handle);
294 rcu_read_unlock();
295 }
296
297 static void
ring_buffer_init(struct ring_buffer * rb,long watermark,int flags)298 ring_buffer_init(struct ring_buffer *rb, long watermark, int flags)
299 {
300 long max_size = perf_data_size(rb);
301
302 if (watermark)
303 rb->watermark = min(max_size, watermark);
304
305 if (!rb->watermark)
306 rb->watermark = max_size / 2;
307
308 if (flags & RING_BUFFER_WRITABLE)
309 rb->overwrite = 0;
310 else
311 rb->overwrite = 1;
312
313 atomic_set(&rb->refcount, 1);
314
315 INIT_LIST_HEAD(&rb->event_list);
316 spin_lock_init(&rb->event_lock);
317
318 /*
319 * perf_output_begin() only checks rb->paused, therefore
320 * rb->paused must be true if we have no pages for output.
321 */
322 if (!rb->nr_pages)
323 rb->paused = 1;
324 }
325
perf_aux_output_flag(struct perf_output_handle * handle,u64 flags)326 void perf_aux_output_flag(struct perf_output_handle *handle, u64 flags)
327 {
328 /*
329 * OVERWRITE is determined by perf_aux_output_end() and can't
330 * be passed in directly.
331 */
332 if (WARN_ON_ONCE(flags & PERF_AUX_FLAG_OVERWRITE))
333 return;
334
335 handle->aux_flags |= flags;
336 }
337 EXPORT_SYMBOL_GPL(perf_aux_output_flag);
338
339 /*
340 * This is called before hardware starts writing to the AUX area to
341 * obtain an output handle and make sure there's room in the buffer.
342 * When the capture completes, call perf_aux_output_end() to commit
343 * the recorded data to the buffer.
344 *
345 * The ordering is similar to that of perf_output_{begin,end}, with
346 * the exception of (B), which should be taken care of by the pmu
347 * driver, since ordering rules will differ depending on hardware.
348 *
349 * Call this from pmu::start(); see the comment in perf_aux_output_end()
350 * about its use in pmu callbacks. Both can also be called from the PMI
351 * handler if needed.
352 */
perf_aux_output_begin(struct perf_output_handle * handle,struct perf_event * event)353 void *perf_aux_output_begin(struct perf_output_handle *handle,
354 struct perf_event *event)
355 {
356 struct perf_event *output_event = event;
357 unsigned long aux_head, aux_tail;
358 struct ring_buffer *rb;
359
360 if (output_event->parent)
361 output_event = output_event->parent;
362
363 /*
364 * Since this will typically be open across pmu::add/pmu::del, we
365 * grab ring_buffer's refcount instead of holding rcu read lock
366 * to make sure it doesn't disappear under us.
367 */
368 rb = ring_buffer_get(output_event);
369 if (!rb)
370 return NULL;
371
372 if (!rb_has_aux(rb))
373 goto err;
374
375 /*
376 * If aux_mmap_count is zero, the aux buffer is in perf_mmap_close(),
377 * about to get freed, so we leave immediately.
378 *
379 * Checking rb::aux_mmap_count and rb::refcount has to be done in
380 * the same order, see perf_mmap_close. Otherwise we end up freeing
381 * aux pages in this path, which is a bug, because in_atomic().
382 */
383 if (!atomic_read(&rb->aux_mmap_count))
384 goto err;
385
386 if (!atomic_inc_not_zero(&rb->aux_refcount))
387 goto err;
388
389 /*
390 * Nesting is not supported for AUX area, make sure nested
391 * writers are caught early
392 */
393 if (WARN_ON_ONCE(local_xchg(&rb->aux_nest, 1)))
394 goto err_put;
395
396 aux_head = rb->aux_head;
397
398 handle->rb = rb;
399 handle->event = event;
400 handle->head = aux_head;
401 handle->size = 0;
402 handle->aux_flags = 0;
403
404 /*
405 * In overwrite mode, AUX data stores do not depend on aux_tail,
406 * therefore (A) control dependency barrier does not exist. The
407 * (B) <-> (C) ordering is still observed by the pmu driver.
408 */
409 if (!rb->aux_overwrite) {
410 aux_tail = ACCESS_ONCE(rb->user_page->aux_tail);
411 handle->wakeup = rb->aux_wakeup + rb->aux_watermark;
412 if (aux_head - aux_tail < perf_aux_size(rb))
413 handle->size = CIRC_SPACE(aux_head, aux_tail, perf_aux_size(rb));
414
415 /*
416 * handle->size computation depends on aux_tail load; this forms a
417 * control dependency barrier separating aux_tail load from aux data
418 * store that will be enabled on successful return
419 */
420 if (!handle->size) { /* A, matches D */
421 event->pending_disable = 1;
422 perf_output_wakeup(handle);
423 local_set(&rb->aux_nest, 0);
424 goto err_put;
425 }
426 }
427
428 return handle->rb->aux_priv;
429
430 err_put:
431 /* can't be last */
432 rb_free_aux(rb);
433
434 err:
435 ring_buffer_put(rb);
436 handle->event = NULL;
437
438 return NULL;
439 }
440
rb_need_aux_wakeup(struct ring_buffer * rb)441 static bool __always_inline rb_need_aux_wakeup(struct ring_buffer *rb)
442 {
443 if (rb->aux_overwrite)
444 return false;
445
446 if (rb->aux_head - rb->aux_wakeup >= rb->aux_watermark) {
447 rb->aux_wakeup = rounddown(rb->aux_head, rb->aux_watermark);
448 return true;
449 }
450
451 return false;
452 }
453
454 /*
455 * Commit the data written by hardware into the ring buffer by adjusting
456 * aux_head and posting a PERF_RECORD_AUX into the perf buffer. It is the
457 * pmu driver's responsibility to observe ordering rules of the hardware,
458 * so that all the data is externally visible before this is called.
459 *
460 * Note: this has to be called from pmu::stop() callback, as the assumption
461 * of the AUX buffer management code is that after pmu::stop(), the AUX
462 * transaction must be stopped and therefore drop the AUX reference count.
463 */
perf_aux_output_end(struct perf_output_handle * handle,unsigned long size)464 void perf_aux_output_end(struct perf_output_handle *handle, unsigned long size)
465 {
466 bool wakeup = !!(handle->aux_flags & PERF_AUX_FLAG_TRUNCATED);
467 struct ring_buffer *rb = handle->rb;
468 unsigned long aux_head;
469
470 /* in overwrite mode, driver provides aux_head via handle */
471 if (rb->aux_overwrite) {
472 handle->aux_flags |= PERF_AUX_FLAG_OVERWRITE;
473
474 aux_head = handle->head;
475 rb->aux_head = aux_head;
476 } else {
477 handle->aux_flags &= ~PERF_AUX_FLAG_OVERWRITE;
478
479 aux_head = rb->aux_head;
480 rb->aux_head += size;
481 }
482
483 if (size || handle->aux_flags) {
484 /*
485 * Only send RECORD_AUX if we have something useful to communicate
486 */
487
488 perf_event_aux_event(handle->event, aux_head, size,
489 handle->aux_flags);
490 }
491
492 WRITE_ONCE(rb->user_page->aux_head, rb->aux_head);
493 if (rb_need_aux_wakeup(rb))
494 wakeup = true;
495
496 if (wakeup) {
497 if (handle->aux_flags & PERF_AUX_FLAG_TRUNCATED)
498 handle->event->pending_disable = 1;
499 perf_output_wakeup(handle);
500 }
501
502 handle->event = NULL;
503
504 local_set(&rb->aux_nest, 0);
505 /* can't be last */
506 rb_free_aux(rb);
507 ring_buffer_put(rb);
508 }
509
510 /*
511 * Skip over a given number of bytes in the AUX buffer, due to, for example,
512 * hardware's alignment constraints.
513 */
perf_aux_output_skip(struct perf_output_handle * handle,unsigned long size)514 int perf_aux_output_skip(struct perf_output_handle *handle, unsigned long size)
515 {
516 struct ring_buffer *rb = handle->rb;
517
518 if (size > handle->size)
519 return -ENOSPC;
520
521 rb->aux_head += size;
522
523 WRITE_ONCE(rb->user_page->aux_head, rb->aux_head);
524 if (rb_need_aux_wakeup(rb)) {
525 perf_output_wakeup(handle);
526 handle->wakeup = rb->aux_wakeup + rb->aux_watermark;
527 }
528
529 handle->head = rb->aux_head;
530 handle->size -= size;
531
532 return 0;
533 }
534
perf_get_aux(struct perf_output_handle * handle)535 void *perf_get_aux(struct perf_output_handle *handle)
536 {
537 /* this is only valid between perf_aux_output_begin and *_end */
538 if (!handle->event)
539 return NULL;
540
541 return handle->rb->aux_priv;
542 }
543
544 #define PERF_AUX_GFP (GFP_KERNEL | __GFP_ZERO | __GFP_NOWARN | __GFP_NORETRY)
545
rb_alloc_aux_page(int node,int order)546 static struct page *rb_alloc_aux_page(int node, int order)
547 {
548 struct page *page;
549
550 if (order > MAX_ORDER)
551 order = MAX_ORDER;
552
553 do {
554 page = alloc_pages_node(node, PERF_AUX_GFP, order);
555 } while (!page && order--);
556
557 if (page && order) {
558 /*
559 * Communicate the allocation size to the driver:
560 * if we managed to secure a high-order allocation,
561 * set its first page's private to this order;
562 * !PagePrivate(page) means it's just a normal page.
563 */
564 split_page(page, order);
565 SetPagePrivate(page);
566 set_page_private(page, order);
567 }
568
569 return page;
570 }
571
rb_free_aux_page(struct ring_buffer * rb,int idx)572 static void rb_free_aux_page(struct ring_buffer *rb, int idx)
573 {
574 struct page *page = virt_to_page(rb->aux_pages[idx]);
575
576 ClearPagePrivate(page);
577 page->mapping = NULL;
578 __free_page(page);
579 }
580
__rb_free_aux(struct ring_buffer * rb)581 static void __rb_free_aux(struct ring_buffer *rb)
582 {
583 int pg;
584
585 /*
586 * Should never happen, the last reference should be dropped from
587 * perf_mmap_close() path, which first stops aux transactions (which
588 * in turn are the atomic holders of aux_refcount) and then does the
589 * last rb_free_aux().
590 */
591 WARN_ON_ONCE(in_atomic());
592
593 if (rb->aux_priv) {
594 rb->free_aux(rb->aux_priv);
595 rb->free_aux = NULL;
596 rb->aux_priv = NULL;
597 }
598
599 if (rb->aux_nr_pages) {
600 for (pg = 0; pg < rb->aux_nr_pages; pg++)
601 rb_free_aux_page(rb, pg);
602
603 kfree(rb->aux_pages);
604 rb->aux_nr_pages = 0;
605 }
606 }
607
rb_alloc_aux(struct ring_buffer * rb,struct perf_event * event,pgoff_t pgoff,int nr_pages,long watermark,int flags)608 int rb_alloc_aux(struct ring_buffer *rb, struct perf_event *event,
609 pgoff_t pgoff, int nr_pages, long watermark, int flags)
610 {
611 bool overwrite = !(flags & RING_BUFFER_WRITABLE);
612 int node = (event->cpu == -1) ? -1 : cpu_to_node(event->cpu);
613 int ret = -ENOMEM, max_order = 0;
614
615 if (!has_aux(event))
616 return -EOPNOTSUPP;
617
618 if (event->pmu->capabilities & PERF_PMU_CAP_AUX_NO_SG) {
619 /*
620 * We need to start with the max_order that fits in nr_pages,
621 * not the other way around, hence ilog2() and not get_order.
622 */
623 max_order = ilog2(nr_pages);
624
625 /*
626 * PMU requests more than one contiguous chunks of memory
627 * for SW double buffering
628 */
629 if ((event->pmu->capabilities & PERF_PMU_CAP_AUX_SW_DOUBLEBUF) &&
630 !overwrite) {
631 if (!max_order)
632 return -EINVAL;
633
634 max_order--;
635 }
636 }
637
638 rb->aux_pages = kzalloc_node(nr_pages * sizeof(void *), GFP_KERNEL, node);
639 if (!rb->aux_pages)
640 return -ENOMEM;
641
642 rb->free_aux = event->pmu->free_aux;
643 for (rb->aux_nr_pages = 0; rb->aux_nr_pages < nr_pages;) {
644 struct page *page;
645 int last, order;
646
647 order = min(max_order, ilog2(nr_pages - rb->aux_nr_pages));
648 page = rb_alloc_aux_page(node, order);
649 if (!page)
650 goto out;
651
652 for (last = rb->aux_nr_pages + (1 << page_private(page));
653 last > rb->aux_nr_pages; rb->aux_nr_pages++)
654 rb->aux_pages[rb->aux_nr_pages] = page_address(page++);
655 }
656
657 /*
658 * In overwrite mode, PMUs that don't support SG may not handle more
659 * than one contiguous allocation, since they rely on PMI to do double
660 * buffering. In this case, the entire buffer has to be one contiguous
661 * chunk.
662 */
663 if ((event->pmu->capabilities & PERF_PMU_CAP_AUX_NO_SG) &&
664 overwrite) {
665 struct page *page = virt_to_page(rb->aux_pages[0]);
666
667 if (page_private(page) != max_order)
668 goto out;
669 }
670
671 rb->aux_priv = event->pmu->setup_aux(event->cpu, rb->aux_pages, nr_pages,
672 overwrite);
673 if (!rb->aux_priv)
674 goto out;
675
676 ret = 0;
677
678 /*
679 * aux_pages (and pmu driver's private data, aux_priv) will be
680 * referenced in both producer's and consumer's contexts, thus
681 * we keep a refcount here to make sure either of the two can
682 * reference them safely.
683 */
684 atomic_set(&rb->aux_refcount, 1);
685
686 rb->aux_overwrite = overwrite;
687 rb->aux_watermark = watermark;
688
689 if (!rb->aux_watermark && !rb->aux_overwrite)
690 rb->aux_watermark = nr_pages << (PAGE_SHIFT - 1);
691
692 out:
693 if (!ret)
694 rb->aux_pgoff = pgoff;
695 else
696 __rb_free_aux(rb);
697
698 return ret;
699 }
700
rb_free_aux(struct ring_buffer * rb)701 void rb_free_aux(struct ring_buffer *rb)
702 {
703 if (atomic_dec_and_test(&rb->aux_refcount))
704 __rb_free_aux(rb);
705 }
706
707 #ifndef CONFIG_PERF_USE_VMALLOC
708
709 /*
710 * Back perf_mmap() with regular GFP_KERNEL-0 pages.
711 */
712
713 static struct page *
__perf_mmap_to_page(struct ring_buffer * rb,unsigned long pgoff)714 __perf_mmap_to_page(struct ring_buffer *rb, unsigned long pgoff)
715 {
716 if (pgoff > rb->nr_pages)
717 return NULL;
718
719 if (pgoff == 0)
720 return virt_to_page(rb->user_page);
721
722 return virt_to_page(rb->data_pages[pgoff - 1]);
723 }
724
perf_mmap_alloc_page(int cpu)725 static void *perf_mmap_alloc_page(int cpu)
726 {
727 struct page *page;
728 int node;
729
730 node = (cpu == -1) ? cpu : cpu_to_node(cpu);
731 page = alloc_pages_node(node, GFP_KERNEL | __GFP_ZERO, 0);
732 if (!page)
733 return NULL;
734
735 return page_address(page);
736 }
737
rb_alloc(int nr_pages,long watermark,int cpu,int flags)738 struct ring_buffer *rb_alloc(int nr_pages, long watermark, int cpu, int flags)
739 {
740 struct ring_buffer *rb;
741 unsigned long size;
742 int i;
743
744 size = sizeof(struct ring_buffer);
745 size += nr_pages * sizeof(void *);
746
747 if (order_base_2(size) >= PAGE_SHIFT+MAX_ORDER)
748 goto fail;
749
750 rb = kzalloc(size, GFP_KERNEL);
751 if (!rb)
752 goto fail;
753
754 rb->user_page = perf_mmap_alloc_page(cpu);
755 if (!rb->user_page)
756 goto fail_user_page;
757
758 for (i = 0; i < nr_pages; i++) {
759 rb->data_pages[i] = perf_mmap_alloc_page(cpu);
760 if (!rb->data_pages[i])
761 goto fail_data_pages;
762 }
763
764 rb->nr_pages = nr_pages;
765
766 ring_buffer_init(rb, watermark, flags);
767
768 return rb;
769
770 fail_data_pages:
771 for (i--; i >= 0; i--)
772 free_page((unsigned long)rb->data_pages[i]);
773
774 free_page((unsigned long)rb->user_page);
775
776 fail_user_page:
777 kfree(rb);
778
779 fail:
780 return NULL;
781 }
782
perf_mmap_free_page(unsigned long addr)783 static void perf_mmap_free_page(unsigned long addr)
784 {
785 struct page *page = virt_to_page((void *)addr);
786
787 page->mapping = NULL;
788 __free_page(page);
789 }
790
rb_free(struct ring_buffer * rb)791 void rb_free(struct ring_buffer *rb)
792 {
793 int i;
794
795 perf_mmap_free_page((unsigned long)rb->user_page);
796 for (i = 0; i < rb->nr_pages; i++)
797 perf_mmap_free_page((unsigned long)rb->data_pages[i]);
798 kfree(rb);
799 }
800
801 #else
data_page_nr(struct ring_buffer * rb)802 static int data_page_nr(struct ring_buffer *rb)
803 {
804 return rb->nr_pages << page_order(rb);
805 }
806
807 static struct page *
__perf_mmap_to_page(struct ring_buffer * rb,unsigned long pgoff)808 __perf_mmap_to_page(struct ring_buffer *rb, unsigned long pgoff)
809 {
810 /* The '>' counts in the user page. */
811 if (pgoff > data_page_nr(rb))
812 return NULL;
813
814 return vmalloc_to_page((void *)rb->user_page + pgoff * PAGE_SIZE);
815 }
816
perf_mmap_unmark_page(void * addr)817 static void perf_mmap_unmark_page(void *addr)
818 {
819 struct page *page = vmalloc_to_page(addr);
820
821 page->mapping = NULL;
822 }
823
rb_free_work(struct work_struct * work)824 static void rb_free_work(struct work_struct *work)
825 {
826 struct ring_buffer *rb;
827 void *base;
828 int i, nr;
829
830 rb = container_of(work, struct ring_buffer, work);
831 nr = data_page_nr(rb);
832
833 base = rb->user_page;
834 /* The '<=' counts in the user page. */
835 for (i = 0; i <= nr; i++)
836 perf_mmap_unmark_page(base + (i * PAGE_SIZE));
837
838 vfree(base);
839 kfree(rb);
840 }
841
rb_free(struct ring_buffer * rb)842 void rb_free(struct ring_buffer *rb)
843 {
844 schedule_work(&rb->work);
845 }
846
rb_alloc(int nr_pages,long watermark,int cpu,int flags)847 struct ring_buffer *rb_alloc(int nr_pages, long watermark, int cpu, int flags)
848 {
849 struct ring_buffer *rb;
850 unsigned long size;
851 void *all_buf;
852
853 size = sizeof(struct ring_buffer);
854 size += sizeof(void *);
855
856 rb = kzalloc(size, GFP_KERNEL);
857 if (!rb)
858 goto fail;
859
860 INIT_WORK(&rb->work, rb_free_work);
861
862 all_buf = vmalloc_user((nr_pages + 1) * PAGE_SIZE);
863 if (!all_buf)
864 goto fail_all_buf;
865
866 rb->user_page = all_buf;
867 rb->data_pages[0] = all_buf + PAGE_SIZE;
868 if (nr_pages) {
869 rb->nr_pages = 1;
870 rb->page_order = ilog2(nr_pages);
871 }
872
873 ring_buffer_init(rb, watermark, flags);
874
875 return rb;
876
877 fail_all_buf:
878 kfree(rb);
879
880 fail:
881 return NULL;
882 }
883
884 #endif
885
886 struct page *
perf_mmap_to_page(struct ring_buffer * rb,unsigned long pgoff)887 perf_mmap_to_page(struct ring_buffer *rb, unsigned long pgoff)
888 {
889 if (rb->aux_nr_pages) {
890 /* above AUX space */
891 if (pgoff > rb->aux_pgoff + rb->aux_nr_pages)
892 return NULL;
893
894 /* AUX space */
895 if (pgoff >= rb->aux_pgoff) {
896 int aux_pgoff = array_index_nospec(pgoff - rb->aux_pgoff, rb->aux_nr_pages);
897 return virt_to_page(rb->aux_pages[aux_pgoff]);
898 }
899 }
900
901 return __perf_mmap_to_page(rb, pgoff);
902 }
903