1 // SPDX-License-Identifier: GPL-2.0-only
2 /* Copyright (c) 2011-2014 PLUMgrid, http://plumgrid.com
3 * Copyright (c) 2016 Facebook
4 */
5 #include <linux/bpf.h>
6 #include <linux/btf.h>
7 #include <linux/jhash.h>
8 #include <linux/filter.h>
9 #include <linux/rculist_nulls.h>
10 #include <linux/random.h>
11 #include <uapi/linux/btf.h>
12 #include "percpu_freelist.h"
13 #include "bpf_lru_list.h"
14 #include "map_in_map.h"
15
16 #define HTAB_CREATE_FLAG_MASK \
17 (BPF_F_NO_PREALLOC | BPF_F_NO_COMMON_LRU | BPF_F_NUMA_NODE | \
18 BPF_F_ACCESS_MASK | BPF_F_ZERO_SEED)
19
20 struct bucket {
21 struct hlist_nulls_head head;
22 raw_spinlock_t lock;
23 };
24
25 struct bpf_htab {
26 struct bpf_map map;
27 struct bucket *buckets;
28 void *elems;
29 union {
30 struct pcpu_freelist freelist;
31 struct bpf_lru lru;
32 };
33 struct htab_elem *__percpu *extra_elems;
34 atomic_t count; /* number of elements in this hashtable */
35 u32 n_buckets; /* number of hash buckets */
36 u32 elem_size; /* size of each element in bytes */
37 u32 hashrnd;
38 };
39
40 /* each htab element is struct htab_elem + key + value */
41 struct htab_elem {
42 union {
43 struct hlist_nulls_node hash_node;
44 struct {
45 void *padding;
46 union {
47 struct bpf_htab *htab;
48 struct pcpu_freelist_node fnode;
49 };
50 };
51 };
52 union {
53 struct rcu_head rcu;
54 struct bpf_lru_node lru_node;
55 };
56 u32 hash;
57 char key[0] __aligned(8);
58 };
59
60 static bool htab_lru_map_delete_node(void *arg, struct bpf_lru_node *node);
61
htab_is_lru(const struct bpf_htab * htab)62 static bool htab_is_lru(const struct bpf_htab *htab)
63 {
64 return htab->map.map_type == BPF_MAP_TYPE_LRU_HASH ||
65 htab->map.map_type == BPF_MAP_TYPE_LRU_PERCPU_HASH;
66 }
67
htab_is_percpu(const struct bpf_htab * htab)68 static bool htab_is_percpu(const struct bpf_htab *htab)
69 {
70 return htab->map.map_type == BPF_MAP_TYPE_PERCPU_HASH ||
71 htab->map.map_type == BPF_MAP_TYPE_LRU_PERCPU_HASH;
72 }
73
htab_is_prealloc(const struct bpf_htab * htab)74 static bool htab_is_prealloc(const struct bpf_htab *htab)
75 {
76 return !(htab->map.map_flags & BPF_F_NO_PREALLOC);
77 }
78
htab_elem_set_ptr(struct htab_elem * l,u32 key_size,void __percpu * pptr)79 static inline void htab_elem_set_ptr(struct htab_elem *l, u32 key_size,
80 void __percpu *pptr)
81 {
82 *(void __percpu **)(l->key + key_size) = pptr;
83 }
84
htab_elem_get_ptr(struct htab_elem * l,u32 key_size)85 static inline void __percpu *htab_elem_get_ptr(struct htab_elem *l, u32 key_size)
86 {
87 return *(void __percpu **)(l->key + key_size);
88 }
89
fd_htab_map_get_ptr(const struct bpf_map * map,struct htab_elem * l)90 static void *fd_htab_map_get_ptr(const struct bpf_map *map, struct htab_elem *l)
91 {
92 return *(void **)(l->key + roundup(map->key_size, 8));
93 }
94
get_htab_elem(struct bpf_htab * htab,int i)95 static struct htab_elem *get_htab_elem(struct bpf_htab *htab, int i)
96 {
97 return (struct htab_elem *) (htab->elems + i * htab->elem_size);
98 }
99
htab_free_elems(struct bpf_htab * htab)100 static void htab_free_elems(struct bpf_htab *htab)
101 {
102 int i;
103
104 if (!htab_is_percpu(htab))
105 goto free_elems;
106
107 for (i = 0; i < htab->map.max_entries; i++) {
108 void __percpu *pptr;
109
110 pptr = htab_elem_get_ptr(get_htab_elem(htab, i),
111 htab->map.key_size);
112 free_percpu(pptr);
113 cond_resched();
114 }
115 free_elems:
116 bpf_map_area_free(htab->elems);
117 }
118
prealloc_lru_pop(struct bpf_htab * htab,void * key,u32 hash)119 static struct htab_elem *prealloc_lru_pop(struct bpf_htab *htab, void *key,
120 u32 hash)
121 {
122 struct bpf_lru_node *node = bpf_lru_pop_free(&htab->lru, hash);
123 struct htab_elem *l;
124
125 if (node) {
126 l = container_of(node, struct htab_elem, lru_node);
127 memcpy(l->key, key, htab->map.key_size);
128 return l;
129 }
130
131 return NULL;
132 }
133
prealloc_init(struct bpf_htab * htab)134 static int prealloc_init(struct bpf_htab *htab)
135 {
136 u32 num_entries = htab->map.max_entries;
137 int err = -ENOMEM, i;
138
139 if (!htab_is_percpu(htab) && !htab_is_lru(htab))
140 num_entries += num_possible_cpus();
141
142 htab->elems = bpf_map_area_alloc(htab->elem_size * num_entries,
143 htab->map.numa_node);
144 if (!htab->elems)
145 return -ENOMEM;
146
147 if (!htab_is_percpu(htab))
148 goto skip_percpu_elems;
149
150 for (i = 0; i < num_entries; i++) {
151 u32 size = round_up(htab->map.value_size, 8);
152 void __percpu *pptr;
153
154 pptr = __alloc_percpu_gfp(size, 8, GFP_USER | __GFP_NOWARN);
155 if (!pptr)
156 goto free_elems;
157 htab_elem_set_ptr(get_htab_elem(htab, i), htab->map.key_size,
158 pptr);
159 cond_resched();
160 }
161
162 skip_percpu_elems:
163 if (htab_is_lru(htab))
164 err = bpf_lru_init(&htab->lru,
165 htab->map.map_flags & BPF_F_NO_COMMON_LRU,
166 offsetof(struct htab_elem, hash) -
167 offsetof(struct htab_elem, lru_node),
168 htab_lru_map_delete_node,
169 htab);
170 else
171 err = pcpu_freelist_init(&htab->freelist);
172
173 if (err)
174 goto free_elems;
175
176 if (htab_is_lru(htab))
177 bpf_lru_populate(&htab->lru, htab->elems,
178 offsetof(struct htab_elem, lru_node),
179 htab->elem_size, num_entries);
180 else
181 pcpu_freelist_populate(&htab->freelist,
182 htab->elems + offsetof(struct htab_elem, fnode),
183 htab->elem_size, num_entries);
184
185 return 0;
186
187 free_elems:
188 htab_free_elems(htab);
189 return err;
190 }
191
prealloc_destroy(struct bpf_htab * htab)192 static void prealloc_destroy(struct bpf_htab *htab)
193 {
194 htab_free_elems(htab);
195
196 if (htab_is_lru(htab))
197 bpf_lru_destroy(&htab->lru);
198 else
199 pcpu_freelist_destroy(&htab->freelist);
200 }
201
alloc_extra_elems(struct bpf_htab * htab)202 static int alloc_extra_elems(struct bpf_htab *htab)
203 {
204 struct htab_elem *__percpu *pptr, *l_new;
205 struct pcpu_freelist_node *l;
206 int cpu;
207
208 pptr = __alloc_percpu_gfp(sizeof(struct htab_elem *), 8,
209 GFP_USER | __GFP_NOWARN);
210 if (!pptr)
211 return -ENOMEM;
212
213 for_each_possible_cpu(cpu) {
214 l = pcpu_freelist_pop(&htab->freelist);
215 /* pop will succeed, since prealloc_init()
216 * preallocated extra num_possible_cpus elements
217 */
218 l_new = container_of(l, struct htab_elem, fnode);
219 *per_cpu_ptr(pptr, cpu) = l_new;
220 }
221 htab->extra_elems = pptr;
222 return 0;
223 }
224
225 /* Called from syscall */
htab_map_alloc_check(union bpf_attr * attr)226 static int htab_map_alloc_check(union bpf_attr *attr)
227 {
228 bool percpu = (attr->map_type == BPF_MAP_TYPE_PERCPU_HASH ||
229 attr->map_type == BPF_MAP_TYPE_LRU_PERCPU_HASH);
230 bool lru = (attr->map_type == BPF_MAP_TYPE_LRU_HASH ||
231 attr->map_type == BPF_MAP_TYPE_LRU_PERCPU_HASH);
232 /* percpu_lru means each cpu has its own LRU list.
233 * it is different from BPF_MAP_TYPE_PERCPU_HASH where
234 * the map's value itself is percpu. percpu_lru has
235 * nothing to do with the map's value.
236 */
237 bool percpu_lru = (attr->map_flags & BPF_F_NO_COMMON_LRU);
238 bool prealloc = !(attr->map_flags & BPF_F_NO_PREALLOC);
239 bool zero_seed = (attr->map_flags & BPF_F_ZERO_SEED);
240 int numa_node = bpf_map_attr_numa_node(attr);
241
242 BUILD_BUG_ON(offsetof(struct htab_elem, htab) !=
243 offsetof(struct htab_elem, hash_node.pprev));
244 BUILD_BUG_ON(offsetof(struct htab_elem, fnode.next) !=
245 offsetof(struct htab_elem, hash_node.pprev));
246
247 if (lru && !capable(CAP_SYS_ADMIN))
248 /* LRU implementation is much complicated than other
249 * maps. Hence, limit to CAP_SYS_ADMIN for now.
250 */
251 return -EPERM;
252
253 if (zero_seed && !capable(CAP_SYS_ADMIN))
254 /* Guard against local DoS, and discourage production use. */
255 return -EPERM;
256
257 if (attr->map_flags & ~HTAB_CREATE_FLAG_MASK ||
258 !bpf_map_flags_access_ok(attr->map_flags))
259 return -EINVAL;
260
261 if (!lru && percpu_lru)
262 return -EINVAL;
263
264 if (lru && !prealloc)
265 return -ENOTSUPP;
266
267 if (numa_node != NUMA_NO_NODE && (percpu || percpu_lru))
268 return -EINVAL;
269
270 /* check sanity of attributes.
271 * value_size == 0 may be allowed in the future to use map as a set
272 */
273 if (attr->max_entries == 0 || attr->key_size == 0 ||
274 attr->value_size == 0)
275 return -EINVAL;
276
277 if (attr->key_size > MAX_BPF_STACK)
278 /* eBPF programs initialize keys on stack, so they cannot be
279 * larger than max stack size
280 */
281 return -E2BIG;
282
283 if (attr->value_size >= KMALLOC_MAX_SIZE -
284 MAX_BPF_STACK - sizeof(struct htab_elem))
285 /* if value_size is bigger, the user space won't be able to
286 * access the elements via bpf syscall. This check also makes
287 * sure that the elem_size doesn't overflow and it's
288 * kmalloc-able later in htab_map_update_elem()
289 */
290 return -E2BIG;
291
292 return 0;
293 }
294
htab_map_alloc(union bpf_attr * attr)295 static struct bpf_map *htab_map_alloc(union bpf_attr *attr)
296 {
297 bool percpu = (attr->map_type == BPF_MAP_TYPE_PERCPU_HASH ||
298 attr->map_type == BPF_MAP_TYPE_LRU_PERCPU_HASH);
299 bool lru = (attr->map_type == BPF_MAP_TYPE_LRU_HASH ||
300 attr->map_type == BPF_MAP_TYPE_LRU_PERCPU_HASH);
301 /* percpu_lru means each cpu has its own LRU list.
302 * it is different from BPF_MAP_TYPE_PERCPU_HASH where
303 * the map's value itself is percpu. percpu_lru has
304 * nothing to do with the map's value.
305 */
306 bool percpu_lru = (attr->map_flags & BPF_F_NO_COMMON_LRU);
307 bool prealloc = !(attr->map_flags & BPF_F_NO_PREALLOC);
308 struct bpf_htab *htab;
309 int err, i;
310 u64 cost;
311
312 htab = kzalloc(sizeof(*htab), GFP_USER);
313 if (!htab)
314 return ERR_PTR(-ENOMEM);
315
316 bpf_map_init_from_attr(&htab->map, attr);
317
318 if (percpu_lru) {
319 /* ensure each CPU's lru list has >=1 elements.
320 * since we are at it, make each lru list has the same
321 * number of elements.
322 */
323 htab->map.max_entries = roundup(attr->max_entries,
324 num_possible_cpus());
325 if (htab->map.max_entries < attr->max_entries)
326 htab->map.max_entries = rounddown(attr->max_entries,
327 num_possible_cpus());
328 }
329
330 /* hash table size must be power of 2; roundup_pow_of_two() can overflow
331 * into UB on 32-bit arches, so check that first
332 */
333 err = -E2BIG;
334 if (htab->map.max_entries > 1UL << 31)
335 goto free_htab;
336
337 htab->n_buckets = roundup_pow_of_two(htab->map.max_entries);
338
339 htab->elem_size = sizeof(struct htab_elem) +
340 round_up(htab->map.key_size, 8);
341 if (percpu)
342 htab->elem_size += sizeof(void *);
343 else
344 htab->elem_size += round_up(htab->map.value_size, 8);
345
346 /* check for u32 overflow */
347 if (htab->n_buckets > U32_MAX / sizeof(struct bucket))
348 goto free_htab;
349
350 cost = (u64) htab->n_buckets * sizeof(struct bucket) +
351 (u64) htab->elem_size * htab->map.max_entries;
352
353 if (percpu)
354 cost += (u64) round_up(htab->map.value_size, 8) *
355 num_possible_cpus() * htab->map.max_entries;
356 else
357 cost += (u64) htab->elem_size * num_possible_cpus();
358
359 /* if map size is larger than memlock limit, reject it */
360 err = bpf_map_charge_init(&htab->map.memory, cost);
361 if (err)
362 goto free_htab;
363
364 err = -ENOMEM;
365 htab->buckets = bpf_map_area_alloc(htab->n_buckets *
366 sizeof(struct bucket),
367 htab->map.numa_node);
368 if (!htab->buckets)
369 goto free_charge;
370
371 if (htab->map.map_flags & BPF_F_ZERO_SEED)
372 htab->hashrnd = 0;
373 else
374 htab->hashrnd = get_random_int();
375
376 for (i = 0; i < htab->n_buckets; i++) {
377 INIT_HLIST_NULLS_HEAD(&htab->buckets[i].head, i);
378 raw_spin_lock_init(&htab->buckets[i].lock);
379 }
380
381 if (prealloc) {
382 err = prealloc_init(htab);
383 if (err)
384 goto free_buckets;
385
386 if (!percpu && !lru) {
387 /* lru itself can remove the least used element, so
388 * there is no need for an extra elem during map_update.
389 */
390 err = alloc_extra_elems(htab);
391 if (err)
392 goto free_prealloc;
393 }
394 }
395
396 return &htab->map;
397
398 free_prealloc:
399 prealloc_destroy(htab);
400 free_buckets:
401 bpf_map_area_free(htab->buckets);
402 free_charge:
403 bpf_map_charge_finish(&htab->map.memory);
404 free_htab:
405 kfree(htab);
406 return ERR_PTR(err);
407 }
408
htab_map_hash(const void * key,u32 key_len,u32 hashrnd)409 static inline u32 htab_map_hash(const void *key, u32 key_len, u32 hashrnd)
410 {
411 return jhash(key, key_len, hashrnd);
412 }
413
__select_bucket(struct bpf_htab * htab,u32 hash)414 static inline struct bucket *__select_bucket(struct bpf_htab *htab, u32 hash)
415 {
416 return &htab->buckets[hash & (htab->n_buckets - 1)];
417 }
418
select_bucket(struct bpf_htab * htab,u32 hash)419 static inline struct hlist_nulls_head *select_bucket(struct bpf_htab *htab, u32 hash)
420 {
421 return &__select_bucket(htab, hash)->head;
422 }
423
424 /* this lookup function can only be called with bucket lock taken */
lookup_elem_raw(struct hlist_nulls_head * head,u32 hash,void * key,u32 key_size)425 static struct htab_elem *lookup_elem_raw(struct hlist_nulls_head *head, u32 hash,
426 void *key, u32 key_size)
427 {
428 struct hlist_nulls_node *n;
429 struct htab_elem *l;
430
431 hlist_nulls_for_each_entry_rcu(l, n, head, hash_node)
432 if (l->hash == hash && !memcmp(&l->key, key, key_size))
433 return l;
434
435 return NULL;
436 }
437
438 /* can be called without bucket lock. it will repeat the loop in
439 * the unlikely event when elements moved from one bucket into another
440 * while link list is being walked
441 */
lookup_nulls_elem_raw(struct hlist_nulls_head * head,u32 hash,void * key,u32 key_size,u32 n_buckets)442 static struct htab_elem *lookup_nulls_elem_raw(struct hlist_nulls_head *head,
443 u32 hash, void *key,
444 u32 key_size, u32 n_buckets)
445 {
446 struct hlist_nulls_node *n;
447 struct htab_elem *l;
448
449 again:
450 hlist_nulls_for_each_entry_rcu(l, n, head, hash_node)
451 if (l->hash == hash && !memcmp(&l->key, key, key_size))
452 return l;
453
454 if (unlikely(get_nulls_value(n) != (hash & (n_buckets - 1))))
455 goto again;
456
457 return NULL;
458 }
459
460 /* Called from syscall or from eBPF program directly, so
461 * arguments have to match bpf_map_lookup_elem() exactly.
462 * The return value is adjusted by BPF instructions
463 * in htab_map_gen_lookup().
464 */
__htab_map_lookup_elem(struct bpf_map * map,void * key)465 static void *__htab_map_lookup_elem(struct bpf_map *map, void *key)
466 {
467 struct bpf_htab *htab = container_of(map, struct bpf_htab, map);
468 struct hlist_nulls_head *head;
469 struct htab_elem *l;
470 u32 hash, key_size;
471
472 /* Must be called with rcu_read_lock. */
473 WARN_ON_ONCE(!rcu_read_lock_held());
474
475 key_size = map->key_size;
476
477 hash = htab_map_hash(key, key_size, htab->hashrnd);
478
479 head = select_bucket(htab, hash);
480
481 l = lookup_nulls_elem_raw(head, hash, key, key_size, htab->n_buckets);
482
483 return l;
484 }
485
htab_map_lookup_elem(struct bpf_map * map,void * key)486 static void *htab_map_lookup_elem(struct bpf_map *map, void *key)
487 {
488 struct htab_elem *l = __htab_map_lookup_elem(map, key);
489
490 if (l)
491 return l->key + round_up(map->key_size, 8);
492
493 return NULL;
494 }
495
496 /* inline bpf_map_lookup_elem() call.
497 * Instead of:
498 * bpf_prog
499 * bpf_map_lookup_elem
500 * map->ops->map_lookup_elem
501 * htab_map_lookup_elem
502 * __htab_map_lookup_elem
503 * do:
504 * bpf_prog
505 * __htab_map_lookup_elem
506 */
htab_map_gen_lookup(struct bpf_map * map,struct bpf_insn * insn_buf)507 static u32 htab_map_gen_lookup(struct bpf_map *map, struct bpf_insn *insn_buf)
508 {
509 struct bpf_insn *insn = insn_buf;
510 const int ret = BPF_REG_0;
511
512 BUILD_BUG_ON(!__same_type(&__htab_map_lookup_elem,
513 (void *(*)(struct bpf_map *map, void *key))NULL));
514 *insn++ = BPF_EMIT_CALL(BPF_CAST_CALL(__htab_map_lookup_elem));
515 *insn++ = BPF_JMP_IMM(BPF_JEQ, ret, 0, 1);
516 *insn++ = BPF_ALU64_IMM(BPF_ADD, ret,
517 offsetof(struct htab_elem, key) +
518 round_up(map->key_size, 8));
519 return insn - insn_buf;
520 }
521
__htab_lru_map_lookup_elem(struct bpf_map * map,void * key,const bool mark)522 static __always_inline void *__htab_lru_map_lookup_elem(struct bpf_map *map,
523 void *key, const bool mark)
524 {
525 struct htab_elem *l = __htab_map_lookup_elem(map, key);
526
527 if (l) {
528 if (mark)
529 bpf_lru_node_set_ref(&l->lru_node);
530 return l->key + round_up(map->key_size, 8);
531 }
532
533 return NULL;
534 }
535
htab_lru_map_lookup_elem(struct bpf_map * map,void * key)536 static void *htab_lru_map_lookup_elem(struct bpf_map *map, void *key)
537 {
538 return __htab_lru_map_lookup_elem(map, key, true);
539 }
540
htab_lru_map_lookup_elem_sys(struct bpf_map * map,void * key)541 static void *htab_lru_map_lookup_elem_sys(struct bpf_map *map, void *key)
542 {
543 return __htab_lru_map_lookup_elem(map, key, false);
544 }
545
htab_lru_map_gen_lookup(struct bpf_map * map,struct bpf_insn * insn_buf)546 static u32 htab_lru_map_gen_lookup(struct bpf_map *map,
547 struct bpf_insn *insn_buf)
548 {
549 struct bpf_insn *insn = insn_buf;
550 const int ret = BPF_REG_0;
551 const int ref_reg = BPF_REG_1;
552
553 BUILD_BUG_ON(!__same_type(&__htab_map_lookup_elem,
554 (void *(*)(struct bpf_map *map, void *key))NULL));
555 *insn++ = BPF_EMIT_CALL(BPF_CAST_CALL(__htab_map_lookup_elem));
556 *insn++ = BPF_JMP_IMM(BPF_JEQ, ret, 0, 4);
557 *insn++ = BPF_LDX_MEM(BPF_B, ref_reg, ret,
558 offsetof(struct htab_elem, lru_node) +
559 offsetof(struct bpf_lru_node, ref));
560 *insn++ = BPF_JMP_IMM(BPF_JNE, ref_reg, 0, 1);
561 *insn++ = BPF_ST_MEM(BPF_B, ret,
562 offsetof(struct htab_elem, lru_node) +
563 offsetof(struct bpf_lru_node, ref),
564 1);
565 *insn++ = BPF_ALU64_IMM(BPF_ADD, ret,
566 offsetof(struct htab_elem, key) +
567 round_up(map->key_size, 8));
568 return insn - insn_buf;
569 }
570
571 /* It is called from the bpf_lru_list when the LRU needs to delete
572 * older elements from the htab.
573 */
htab_lru_map_delete_node(void * arg,struct bpf_lru_node * node)574 static bool htab_lru_map_delete_node(void *arg, struct bpf_lru_node *node)
575 {
576 struct bpf_htab *htab = (struct bpf_htab *)arg;
577 struct htab_elem *l = NULL, *tgt_l;
578 struct hlist_nulls_head *head;
579 struct hlist_nulls_node *n;
580 unsigned long flags;
581 struct bucket *b;
582
583 tgt_l = container_of(node, struct htab_elem, lru_node);
584 b = __select_bucket(htab, tgt_l->hash);
585 head = &b->head;
586
587 raw_spin_lock_irqsave(&b->lock, flags);
588
589 hlist_nulls_for_each_entry_rcu(l, n, head, hash_node)
590 if (l == tgt_l) {
591 hlist_nulls_del_rcu(&l->hash_node);
592 break;
593 }
594
595 raw_spin_unlock_irqrestore(&b->lock, flags);
596
597 return l == tgt_l;
598 }
599
600 /* Called from syscall */
htab_map_get_next_key(struct bpf_map * map,void * key,void * next_key)601 static int htab_map_get_next_key(struct bpf_map *map, void *key, void *next_key)
602 {
603 struct bpf_htab *htab = container_of(map, struct bpf_htab, map);
604 struct hlist_nulls_head *head;
605 struct htab_elem *l, *next_l;
606 u32 hash, key_size;
607 int i = 0;
608
609 WARN_ON_ONCE(!rcu_read_lock_held());
610
611 key_size = map->key_size;
612
613 if (!key)
614 goto find_first_elem;
615
616 hash = htab_map_hash(key, key_size, htab->hashrnd);
617
618 head = select_bucket(htab, hash);
619
620 /* lookup the key */
621 l = lookup_nulls_elem_raw(head, hash, key, key_size, htab->n_buckets);
622
623 if (!l)
624 goto find_first_elem;
625
626 /* key was found, get next key in the same bucket */
627 next_l = hlist_nulls_entry_safe(rcu_dereference_raw(hlist_nulls_next_rcu(&l->hash_node)),
628 struct htab_elem, hash_node);
629
630 if (next_l) {
631 /* if next elem in this hash list is non-zero, just return it */
632 memcpy(next_key, next_l->key, key_size);
633 return 0;
634 }
635
636 /* no more elements in this hash list, go to the next bucket */
637 i = hash & (htab->n_buckets - 1);
638 i++;
639
640 find_first_elem:
641 /* iterate over buckets */
642 for (; i < htab->n_buckets; i++) {
643 head = select_bucket(htab, i);
644
645 /* pick first element in the bucket */
646 next_l = hlist_nulls_entry_safe(rcu_dereference_raw(hlist_nulls_first_rcu(head)),
647 struct htab_elem, hash_node);
648 if (next_l) {
649 /* if it's not empty, just return it */
650 memcpy(next_key, next_l->key, key_size);
651 return 0;
652 }
653 }
654
655 /* iterated over all buckets and all elements */
656 return -ENOENT;
657 }
658
htab_elem_free(struct bpf_htab * htab,struct htab_elem * l)659 static void htab_elem_free(struct bpf_htab *htab, struct htab_elem *l)
660 {
661 if (htab->map.map_type == BPF_MAP_TYPE_PERCPU_HASH)
662 free_percpu(htab_elem_get_ptr(l, htab->map.key_size));
663 kfree(l);
664 }
665
htab_elem_free_rcu(struct rcu_head * head)666 static void htab_elem_free_rcu(struct rcu_head *head)
667 {
668 struct htab_elem *l = container_of(head, struct htab_elem, rcu);
669 struct bpf_htab *htab = l->htab;
670
671 htab_elem_free(htab, l);
672 }
673
htab_put_fd_value(struct bpf_htab * htab,struct htab_elem * l)674 static void htab_put_fd_value(struct bpf_htab *htab, struct htab_elem *l)
675 {
676 struct bpf_map *map = &htab->map;
677 void *ptr;
678
679 if (map->ops->map_fd_put_ptr) {
680 ptr = fd_htab_map_get_ptr(map, l);
681 map->ops->map_fd_put_ptr(ptr);
682 }
683 }
684
free_htab_elem(struct bpf_htab * htab,struct htab_elem * l)685 static void free_htab_elem(struct bpf_htab *htab, struct htab_elem *l)
686 {
687 htab_put_fd_value(htab, l);
688
689 if (htab_is_prealloc(htab)) {
690 __pcpu_freelist_push(&htab->freelist, &l->fnode);
691 } else {
692 atomic_dec(&htab->count);
693 l->htab = htab;
694 call_rcu(&l->rcu, htab_elem_free_rcu);
695 }
696 }
697
pcpu_copy_value(struct bpf_htab * htab,void __percpu * pptr,void * value,bool onallcpus)698 static void pcpu_copy_value(struct bpf_htab *htab, void __percpu *pptr,
699 void *value, bool onallcpus)
700 {
701 if (!onallcpus) {
702 /* copy true value_size bytes */
703 memcpy(this_cpu_ptr(pptr), value, htab->map.value_size);
704 } else {
705 u32 size = round_up(htab->map.value_size, 8);
706 int off = 0, cpu;
707
708 for_each_possible_cpu(cpu) {
709 bpf_long_memcpy(per_cpu_ptr(pptr, cpu),
710 value + off, size);
711 off += size;
712 }
713 }
714 }
715
pcpu_init_value(struct bpf_htab * htab,void __percpu * pptr,void * value,bool onallcpus)716 static void pcpu_init_value(struct bpf_htab *htab, void __percpu *pptr,
717 void *value, bool onallcpus)
718 {
719 /* When using prealloc and not setting the initial value on all cpus,
720 * zero-fill element values for other cpus (just as what happens when
721 * not using prealloc). Otherwise, bpf program has no way to ensure
722 * known initial values for cpus other than current one
723 * (onallcpus=false always when coming from bpf prog).
724 */
725 if (htab_is_prealloc(htab) && !onallcpus) {
726 u32 size = round_up(htab->map.value_size, 8);
727 int current_cpu = raw_smp_processor_id();
728 int cpu;
729
730 for_each_possible_cpu(cpu) {
731 if (cpu == current_cpu)
732 bpf_long_memcpy(per_cpu_ptr(pptr, cpu), value,
733 size);
734 else
735 memset(per_cpu_ptr(pptr, cpu), 0, size);
736 }
737 } else {
738 pcpu_copy_value(htab, pptr, value, onallcpus);
739 }
740 }
741
fd_htab_map_needs_adjust(const struct bpf_htab * htab)742 static bool fd_htab_map_needs_adjust(const struct bpf_htab *htab)
743 {
744 return htab->map.map_type == BPF_MAP_TYPE_HASH_OF_MAPS &&
745 BITS_PER_LONG == 64;
746 }
747
alloc_htab_elem(struct bpf_htab * htab,void * key,void * value,u32 key_size,u32 hash,bool percpu,bool onallcpus,struct htab_elem * old_elem)748 static struct htab_elem *alloc_htab_elem(struct bpf_htab *htab, void *key,
749 void *value, u32 key_size, u32 hash,
750 bool percpu, bool onallcpus,
751 struct htab_elem *old_elem)
752 {
753 u32 size = htab->map.value_size;
754 bool prealloc = htab_is_prealloc(htab);
755 struct htab_elem *l_new, **pl_new;
756 void __percpu *pptr;
757
758 if (prealloc) {
759 if (old_elem) {
760 /* if we're updating the existing element,
761 * use per-cpu extra elems to avoid freelist_pop/push
762 */
763 pl_new = this_cpu_ptr(htab->extra_elems);
764 l_new = *pl_new;
765 htab_put_fd_value(htab, old_elem);
766 *pl_new = old_elem;
767 } else {
768 struct pcpu_freelist_node *l;
769
770 l = __pcpu_freelist_pop(&htab->freelist);
771 if (!l)
772 return ERR_PTR(-E2BIG);
773 l_new = container_of(l, struct htab_elem, fnode);
774 }
775 } else {
776 if (atomic_inc_return(&htab->count) > htab->map.max_entries)
777 if (!old_elem) {
778 /* when map is full and update() is replacing
779 * old element, it's ok to allocate, since
780 * old element will be freed immediately.
781 * Otherwise return an error
782 */
783 l_new = ERR_PTR(-E2BIG);
784 goto dec_count;
785 }
786 l_new = kmalloc_node(htab->elem_size, GFP_ATOMIC | __GFP_NOWARN,
787 htab->map.numa_node);
788 if (!l_new) {
789 l_new = ERR_PTR(-ENOMEM);
790 goto dec_count;
791 }
792 check_and_init_map_lock(&htab->map,
793 l_new->key + round_up(key_size, 8));
794 }
795
796 memcpy(l_new->key, key, key_size);
797 if (percpu) {
798 size = round_up(size, 8);
799 if (prealloc) {
800 pptr = htab_elem_get_ptr(l_new, key_size);
801 } else {
802 /* alloc_percpu zero-fills */
803 pptr = __alloc_percpu_gfp(size, 8,
804 GFP_ATOMIC | __GFP_NOWARN);
805 if (!pptr) {
806 kfree(l_new);
807 l_new = ERR_PTR(-ENOMEM);
808 goto dec_count;
809 }
810 }
811
812 pcpu_init_value(htab, pptr, value, onallcpus);
813
814 if (!prealloc)
815 htab_elem_set_ptr(l_new, key_size, pptr);
816 } else if (fd_htab_map_needs_adjust(htab)) {
817 size = round_up(size, 8);
818 memcpy(l_new->key + round_up(key_size, 8), value, size);
819 } else {
820 copy_map_value(&htab->map,
821 l_new->key + round_up(key_size, 8),
822 value);
823 }
824
825 l_new->hash = hash;
826 return l_new;
827 dec_count:
828 atomic_dec(&htab->count);
829 return l_new;
830 }
831
check_flags(struct bpf_htab * htab,struct htab_elem * l_old,u64 map_flags)832 static int check_flags(struct bpf_htab *htab, struct htab_elem *l_old,
833 u64 map_flags)
834 {
835 if (l_old && (map_flags & ~BPF_F_LOCK) == BPF_NOEXIST)
836 /* elem already exists */
837 return -EEXIST;
838
839 if (!l_old && (map_flags & ~BPF_F_LOCK) == BPF_EXIST)
840 /* elem doesn't exist, cannot update it */
841 return -ENOENT;
842
843 return 0;
844 }
845
846 /* Called from syscall or from eBPF program */
htab_map_update_elem(struct bpf_map * map,void * key,void * value,u64 map_flags)847 static int htab_map_update_elem(struct bpf_map *map, void *key, void *value,
848 u64 map_flags)
849 {
850 struct bpf_htab *htab = container_of(map, struct bpf_htab, map);
851 struct htab_elem *l_new = NULL, *l_old;
852 struct hlist_nulls_head *head;
853 unsigned long flags;
854 struct bucket *b;
855 u32 key_size, hash;
856 int ret;
857
858 if (unlikely((map_flags & ~BPF_F_LOCK) > BPF_EXIST))
859 /* unknown flags */
860 return -EINVAL;
861
862 WARN_ON_ONCE(!rcu_read_lock_held());
863
864 key_size = map->key_size;
865
866 hash = htab_map_hash(key, key_size, htab->hashrnd);
867
868 b = __select_bucket(htab, hash);
869 head = &b->head;
870
871 if (unlikely(map_flags & BPF_F_LOCK)) {
872 if (unlikely(!map_value_has_spin_lock(map)))
873 return -EINVAL;
874 /* find an element without taking the bucket lock */
875 l_old = lookup_nulls_elem_raw(head, hash, key, key_size,
876 htab->n_buckets);
877 ret = check_flags(htab, l_old, map_flags);
878 if (ret)
879 return ret;
880 if (l_old) {
881 /* grab the element lock and update value in place */
882 copy_map_value_locked(map,
883 l_old->key + round_up(key_size, 8),
884 value, false);
885 return 0;
886 }
887 /* fall through, grab the bucket lock and lookup again.
888 * 99.9% chance that the element won't be found,
889 * but second lookup under lock has to be done.
890 */
891 }
892
893 /* bpf_map_update_elem() can be called in_irq() */
894 raw_spin_lock_irqsave(&b->lock, flags);
895
896 l_old = lookup_elem_raw(head, hash, key, key_size);
897
898 ret = check_flags(htab, l_old, map_flags);
899 if (ret)
900 goto err;
901
902 if (unlikely(l_old && (map_flags & BPF_F_LOCK))) {
903 /* first lookup without the bucket lock didn't find the element,
904 * but second lookup with the bucket lock found it.
905 * This case is highly unlikely, but has to be dealt with:
906 * grab the element lock in addition to the bucket lock
907 * and update element in place
908 */
909 copy_map_value_locked(map,
910 l_old->key + round_up(key_size, 8),
911 value, false);
912 ret = 0;
913 goto err;
914 }
915
916 l_new = alloc_htab_elem(htab, key, value, key_size, hash, false, false,
917 l_old);
918 if (IS_ERR(l_new)) {
919 /* all pre-allocated elements are in use or memory exhausted */
920 ret = PTR_ERR(l_new);
921 goto err;
922 }
923
924 /* add new element to the head of the list, so that
925 * concurrent search will find it before old elem
926 */
927 hlist_nulls_add_head_rcu(&l_new->hash_node, head);
928 if (l_old) {
929 hlist_nulls_del_rcu(&l_old->hash_node);
930 if (!htab_is_prealloc(htab))
931 free_htab_elem(htab, l_old);
932 }
933 ret = 0;
934 err:
935 raw_spin_unlock_irqrestore(&b->lock, flags);
936 return ret;
937 }
938
htab_lru_map_update_elem(struct bpf_map * map,void * key,void * value,u64 map_flags)939 static int htab_lru_map_update_elem(struct bpf_map *map, void *key, void *value,
940 u64 map_flags)
941 {
942 struct bpf_htab *htab = container_of(map, struct bpf_htab, map);
943 struct htab_elem *l_new, *l_old = NULL;
944 struct hlist_nulls_head *head;
945 unsigned long flags;
946 struct bucket *b;
947 u32 key_size, hash;
948 int ret;
949
950 if (unlikely(map_flags > BPF_EXIST))
951 /* unknown flags */
952 return -EINVAL;
953
954 WARN_ON_ONCE(!rcu_read_lock_held());
955
956 key_size = map->key_size;
957
958 hash = htab_map_hash(key, key_size, htab->hashrnd);
959
960 b = __select_bucket(htab, hash);
961 head = &b->head;
962
963 /* For LRU, we need to alloc before taking bucket's
964 * spinlock because getting free nodes from LRU may need
965 * to remove older elements from htab and this removal
966 * operation will need a bucket lock.
967 */
968 l_new = prealloc_lru_pop(htab, key, hash);
969 if (!l_new)
970 return -ENOMEM;
971 memcpy(l_new->key + round_up(map->key_size, 8), value, map->value_size);
972
973 /* bpf_map_update_elem() can be called in_irq() */
974 raw_spin_lock_irqsave(&b->lock, flags);
975
976 l_old = lookup_elem_raw(head, hash, key, key_size);
977
978 ret = check_flags(htab, l_old, map_flags);
979 if (ret)
980 goto err;
981
982 /* add new element to the head of the list, so that
983 * concurrent search will find it before old elem
984 */
985 hlist_nulls_add_head_rcu(&l_new->hash_node, head);
986 if (l_old) {
987 bpf_lru_node_set_ref(&l_new->lru_node);
988 hlist_nulls_del_rcu(&l_old->hash_node);
989 }
990 ret = 0;
991
992 err:
993 raw_spin_unlock_irqrestore(&b->lock, flags);
994
995 if (ret)
996 bpf_lru_push_free(&htab->lru, &l_new->lru_node);
997 else if (l_old)
998 bpf_lru_push_free(&htab->lru, &l_old->lru_node);
999
1000 return ret;
1001 }
1002
__htab_percpu_map_update_elem(struct bpf_map * map,void * key,void * value,u64 map_flags,bool onallcpus)1003 static int __htab_percpu_map_update_elem(struct bpf_map *map, void *key,
1004 void *value, u64 map_flags,
1005 bool onallcpus)
1006 {
1007 struct bpf_htab *htab = container_of(map, struct bpf_htab, map);
1008 struct htab_elem *l_new = NULL, *l_old;
1009 struct hlist_nulls_head *head;
1010 unsigned long flags;
1011 struct bucket *b;
1012 u32 key_size, hash;
1013 int ret;
1014
1015 if (unlikely(map_flags > BPF_EXIST))
1016 /* unknown flags */
1017 return -EINVAL;
1018
1019 WARN_ON_ONCE(!rcu_read_lock_held());
1020
1021 key_size = map->key_size;
1022
1023 hash = htab_map_hash(key, key_size, htab->hashrnd);
1024
1025 b = __select_bucket(htab, hash);
1026 head = &b->head;
1027
1028 /* bpf_map_update_elem() can be called in_irq() */
1029 raw_spin_lock_irqsave(&b->lock, flags);
1030
1031 l_old = lookup_elem_raw(head, hash, key, key_size);
1032
1033 ret = check_flags(htab, l_old, map_flags);
1034 if (ret)
1035 goto err;
1036
1037 if (l_old) {
1038 /* per-cpu hash map can update value in-place */
1039 pcpu_copy_value(htab, htab_elem_get_ptr(l_old, key_size),
1040 value, onallcpus);
1041 } else {
1042 l_new = alloc_htab_elem(htab, key, value, key_size,
1043 hash, true, onallcpus, NULL);
1044 if (IS_ERR(l_new)) {
1045 ret = PTR_ERR(l_new);
1046 goto err;
1047 }
1048 hlist_nulls_add_head_rcu(&l_new->hash_node, head);
1049 }
1050 ret = 0;
1051 err:
1052 raw_spin_unlock_irqrestore(&b->lock, flags);
1053 return ret;
1054 }
1055
__htab_lru_percpu_map_update_elem(struct bpf_map * map,void * key,void * value,u64 map_flags,bool onallcpus)1056 static int __htab_lru_percpu_map_update_elem(struct bpf_map *map, void *key,
1057 void *value, u64 map_flags,
1058 bool onallcpus)
1059 {
1060 struct bpf_htab *htab = container_of(map, struct bpf_htab, map);
1061 struct htab_elem *l_new = NULL, *l_old;
1062 struct hlist_nulls_head *head;
1063 unsigned long flags;
1064 struct bucket *b;
1065 u32 key_size, hash;
1066 int ret;
1067
1068 if (unlikely(map_flags > BPF_EXIST))
1069 /* unknown flags */
1070 return -EINVAL;
1071
1072 WARN_ON_ONCE(!rcu_read_lock_held());
1073
1074 key_size = map->key_size;
1075
1076 hash = htab_map_hash(key, key_size, htab->hashrnd);
1077
1078 b = __select_bucket(htab, hash);
1079 head = &b->head;
1080
1081 /* For LRU, we need to alloc before taking bucket's
1082 * spinlock because LRU's elem alloc may need
1083 * to remove older elem from htab and this removal
1084 * operation will need a bucket lock.
1085 */
1086 if (map_flags != BPF_EXIST) {
1087 l_new = prealloc_lru_pop(htab, key, hash);
1088 if (!l_new)
1089 return -ENOMEM;
1090 }
1091
1092 /* bpf_map_update_elem() can be called in_irq() */
1093 raw_spin_lock_irqsave(&b->lock, flags);
1094
1095 l_old = lookup_elem_raw(head, hash, key, key_size);
1096
1097 ret = check_flags(htab, l_old, map_flags);
1098 if (ret)
1099 goto err;
1100
1101 if (l_old) {
1102 bpf_lru_node_set_ref(&l_old->lru_node);
1103
1104 /* per-cpu hash map can update value in-place */
1105 pcpu_copy_value(htab, htab_elem_get_ptr(l_old, key_size),
1106 value, onallcpus);
1107 } else {
1108 pcpu_init_value(htab, htab_elem_get_ptr(l_new, key_size),
1109 value, onallcpus);
1110 hlist_nulls_add_head_rcu(&l_new->hash_node, head);
1111 l_new = NULL;
1112 }
1113 ret = 0;
1114 err:
1115 raw_spin_unlock_irqrestore(&b->lock, flags);
1116 if (l_new)
1117 bpf_lru_push_free(&htab->lru, &l_new->lru_node);
1118 return ret;
1119 }
1120
htab_percpu_map_update_elem(struct bpf_map * map,void * key,void * value,u64 map_flags)1121 static int htab_percpu_map_update_elem(struct bpf_map *map, void *key,
1122 void *value, u64 map_flags)
1123 {
1124 return __htab_percpu_map_update_elem(map, key, value, map_flags, false);
1125 }
1126
htab_lru_percpu_map_update_elem(struct bpf_map * map,void * key,void * value,u64 map_flags)1127 static int htab_lru_percpu_map_update_elem(struct bpf_map *map, void *key,
1128 void *value, u64 map_flags)
1129 {
1130 return __htab_lru_percpu_map_update_elem(map, key, value, map_flags,
1131 false);
1132 }
1133
1134 /* Called from syscall or from eBPF program */
htab_map_delete_elem(struct bpf_map * map,void * key)1135 static int htab_map_delete_elem(struct bpf_map *map, void *key)
1136 {
1137 struct bpf_htab *htab = container_of(map, struct bpf_htab, map);
1138 struct hlist_nulls_head *head;
1139 struct bucket *b;
1140 struct htab_elem *l;
1141 unsigned long flags;
1142 u32 hash, key_size;
1143 int ret = -ENOENT;
1144
1145 WARN_ON_ONCE(!rcu_read_lock_held());
1146
1147 key_size = map->key_size;
1148
1149 hash = htab_map_hash(key, key_size, htab->hashrnd);
1150 b = __select_bucket(htab, hash);
1151 head = &b->head;
1152
1153 raw_spin_lock_irqsave(&b->lock, flags);
1154
1155 l = lookup_elem_raw(head, hash, key, key_size);
1156
1157 if (l) {
1158 hlist_nulls_del_rcu(&l->hash_node);
1159 free_htab_elem(htab, l);
1160 ret = 0;
1161 }
1162
1163 raw_spin_unlock_irqrestore(&b->lock, flags);
1164 return ret;
1165 }
1166
htab_lru_map_delete_elem(struct bpf_map * map,void * key)1167 static int htab_lru_map_delete_elem(struct bpf_map *map, void *key)
1168 {
1169 struct bpf_htab *htab = container_of(map, struct bpf_htab, map);
1170 struct hlist_nulls_head *head;
1171 struct bucket *b;
1172 struct htab_elem *l;
1173 unsigned long flags;
1174 u32 hash, key_size;
1175 int ret = -ENOENT;
1176
1177 WARN_ON_ONCE(!rcu_read_lock_held());
1178
1179 key_size = map->key_size;
1180
1181 hash = htab_map_hash(key, key_size, htab->hashrnd);
1182 b = __select_bucket(htab, hash);
1183 head = &b->head;
1184
1185 raw_spin_lock_irqsave(&b->lock, flags);
1186
1187 l = lookup_elem_raw(head, hash, key, key_size);
1188
1189 if (l) {
1190 hlist_nulls_del_rcu(&l->hash_node);
1191 ret = 0;
1192 }
1193
1194 raw_spin_unlock_irqrestore(&b->lock, flags);
1195 if (l)
1196 bpf_lru_push_free(&htab->lru, &l->lru_node);
1197 return ret;
1198 }
1199
delete_all_elements(struct bpf_htab * htab)1200 static void delete_all_elements(struct bpf_htab *htab)
1201 {
1202 int i;
1203
1204 for (i = 0; i < htab->n_buckets; i++) {
1205 struct hlist_nulls_head *head = select_bucket(htab, i);
1206 struct hlist_nulls_node *n;
1207 struct htab_elem *l;
1208
1209 hlist_nulls_for_each_entry_safe(l, n, head, hash_node) {
1210 hlist_nulls_del_rcu(&l->hash_node);
1211 htab_elem_free(htab, l);
1212 }
1213 }
1214 }
1215
1216 /* Called when map->refcnt goes to zero, either from workqueue or from syscall */
htab_map_free(struct bpf_map * map)1217 static void htab_map_free(struct bpf_map *map)
1218 {
1219 struct bpf_htab *htab = container_of(map, struct bpf_htab, map);
1220
1221 /* at this point bpf_prog->aux->refcnt == 0 and this map->refcnt == 0,
1222 * so the programs (can be more than one that used this map) were
1223 * disconnected from events. Wait for outstanding critical sections in
1224 * these programs to complete
1225 */
1226 synchronize_rcu();
1227
1228 /* some of free_htab_elem() callbacks for elements of this map may
1229 * not have executed. Wait for them.
1230 */
1231 rcu_barrier();
1232 if (!htab_is_prealloc(htab))
1233 delete_all_elements(htab);
1234 else
1235 prealloc_destroy(htab);
1236
1237 free_percpu(htab->extra_elems);
1238 bpf_map_area_free(htab->buckets);
1239 kfree(htab);
1240 }
1241
htab_map_seq_show_elem(struct bpf_map * map,void * key,struct seq_file * m)1242 static void htab_map_seq_show_elem(struct bpf_map *map, void *key,
1243 struct seq_file *m)
1244 {
1245 void *value;
1246
1247 rcu_read_lock();
1248
1249 value = htab_map_lookup_elem(map, key);
1250 if (!value) {
1251 rcu_read_unlock();
1252 return;
1253 }
1254
1255 btf_type_seq_show(map->btf, map->btf_key_type_id, key, m);
1256 seq_puts(m, ": ");
1257 btf_type_seq_show(map->btf, map->btf_value_type_id, value, m);
1258 seq_puts(m, "\n");
1259
1260 rcu_read_unlock();
1261 }
1262
1263 const struct bpf_map_ops htab_map_ops = {
1264 .map_alloc_check = htab_map_alloc_check,
1265 .map_alloc = htab_map_alloc,
1266 .map_free = htab_map_free,
1267 .map_get_next_key = htab_map_get_next_key,
1268 .map_lookup_elem = htab_map_lookup_elem,
1269 .map_update_elem = htab_map_update_elem,
1270 .map_delete_elem = htab_map_delete_elem,
1271 .map_gen_lookup = htab_map_gen_lookup,
1272 .map_seq_show_elem = htab_map_seq_show_elem,
1273 };
1274
1275 const struct bpf_map_ops htab_lru_map_ops = {
1276 .map_alloc_check = htab_map_alloc_check,
1277 .map_alloc = htab_map_alloc,
1278 .map_free = htab_map_free,
1279 .map_get_next_key = htab_map_get_next_key,
1280 .map_lookup_elem = htab_lru_map_lookup_elem,
1281 .map_lookup_elem_sys_only = htab_lru_map_lookup_elem_sys,
1282 .map_update_elem = htab_lru_map_update_elem,
1283 .map_delete_elem = htab_lru_map_delete_elem,
1284 .map_gen_lookup = htab_lru_map_gen_lookup,
1285 .map_seq_show_elem = htab_map_seq_show_elem,
1286 };
1287
1288 /* Called from eBPF program */
htab_percpu_map_lookup_elem(struct bpf_map * map,void * key)1289 static void *htab_percpu_map_lookup_elem(struct bpf_map *map, void *key)
1290 {
1291 struct htab_elem *l = __htab_map_lookup_elem(map, key);
1292
1293 if (l)
1294 return this_cpu_ptr(htab_elem_get_ptr(l, map->key_size));
1295 else
1296 return NULL;
1297 }
1298
htab_lru_percpu_map_lookup_elem(struct bpf_map * map,void * key)1299 static void *htab_lru_percpu_map_lookup_elem(struct bpf_map *map, void *key)
1300 {
1301 struct htab_elem *l = __htab_map_lookup_elem(map, key);
1302
1303 if (l) {
1304 bpf_lru_node_set_ref(&l->lru_node);
1305 return this_cpu_ptr(htab_elem_get_ptr(l, map->key_size));
1306 }
1307
1308 return NULL;
1309 }
1310
bpf_percpu_hash_copy(struct bpf_map * map,void * key,void * value)1311 int bpf_percpu_hash_copy(struct bpf_map *map, void *key, void *value)
1312 {
1313 struct htab_elem *l;
1314 void __percpu *pptr;
1315 int ret = -ENOENT;
1316 int cpu, off = 0;
1317 u32 size;
1318
1319 /* per_cpu areas are zero-filled and bpf programs can only
1320 * access 'value_size' of them, so copying rounded areas
1321 * will not leak any kernel data
1322 */
1323 size = round_up(map->value_size, 8);
1324 rcu_read_lock();
1325 l = __htab_map_lookup_elem(map, key);
1326 if (!l)
1327 goto out;
1328 /* We do not mark LRU map element here in order to not mess up
1329 * eviction heuristics when user space does a map walk.
1330 */
1331 pptr = htab_elem_get_ptr(l, map->key_size);
1332 for_each_possible_cpu(cpu) {
1333 bpf_long_memcpy(value + off,
1334 per_cpu_ptr(pptr, cpu), size);
1335 off += size;
1336 }
1337 ret = 0;
1338 out:
1339 rcu_read_unlock();
1340 return ret;
1341 }
1342
bpf_percpu_hash_update(struct bpf_map * map,void * key,void * value,u64 map_flags)1343 int bpf_percpu_hash_update(struct bpf_map *map, void *key, void *value,
1344 u64 map_flags)
1345 {
1346 struct bpf_htab *htab = container_of(map, struct bpf_htab, map);
1347 int ret;
1348
1349 rcu_read_lock();
1350 if (htab_is_lru(htab))
1351 ret = __htab_lru_percpu_map_update_elem(map, key, value,
1352 map_flags, true);
1353 else
1354 ret = __htab_percpu_map_update_elem(map, key, value, map_flags,
1355 true);
1356 rcu_read_unlock();
1357
1358 return ret;
1359 }
1360
htab_percpu_map_seq_show_elem(struct bpf_map * map,void * key,struct seq_file * m)1361 static void htab_percpu_map_seq_show_elem(struct bpf_map *map, void *key,
1362 struct seq_file *m)
1363 {
1364 struct htab_elem *l;
1365 void __percpu *pptr;
1366 int cpu;
1367
1368 rcu_read_lock();
1369
1370 l = __htab_map_lookup_elem(map, key);
1371 if (!l) {
1372 rcu_read_unlock();
1373 return;
1374 }
1375
1376 btf_type_seq_show(map->btf, map->btf_key_type_id, key, m);
1377 seq_puts(m, ": {\n");
1378 pptr = htab_elem_get_ptr(l, map->key_size);
1379 for_each_possible_cpu(cpu) {
1380 seq_printf(m, "\tcpu%d: ", cpu);
1381 btf_type_seq_show(map->btf, map->btf_value_type_id,
1382 per_cpu_ptr(pptr, cpu), m);
1383 seq_puts(m, "\n");
1384 }
1385 seq_puts(m, "}\n");
1386
1387 rcu_read_unlock();
1388 }
1389
1390 const struct bpf_map_ops htab_percpu_map_ops = {
1391 .map_alloc_check = htab_map_alloc_check,
1392 .map_alloc = htab_map_alloc,
1393 .map_free = htab_map_free,
1394 .map_get_next_key = htab_map_get_next_key,
1395 .map_lookup_elem = htab_percpu_map_lookup_elem,
1396 .map_update_elem = htab_percpu_map_update_elem,
1397 .map_delete_elem = htab_map_delete_elem,
1398 .map_seq_show_elem = htab_percpu_map_seq_show_elem,
1399 };
1400
1401 const struct bpf_map_ops htab_lru_percpu_map_ops = {
1402 .map_alloc_check = htab_map_alloc_check,
1403 .map_alloc = htab_map_alloc,
1404 .map_free = htab_map_free,
1405 .map_get_next_key = htab_map_get_next_key,
1406 .map_lookup_elem = htab_lru_percpu_map_lookup_elem,
1407 .map_update_elem = htab_lru_percpu_map_update_elem,
1408 .map_delete_elem = htab_lru_map_delete_elem,
1409 .map_seq_show_elem = htab_percpu_map_seq_show_elem,
1410 };
1411
fd_htab_map_alloc_check(union bpf_attr * attr)1412 static int fd_htab_map_alloc_check(union bpf_attr *attr)
1413 {
1414 if (attr->value_size != sizeof(u32))
1415 return -EINVAL;
1416 return htab_map_alloc_check(attr);
1417 }
1418
fd_htab_map_free(struct bpf_map * map)1419 static void fd_htab_map_free(struct bpf_map *map)
1420 {
1421 struct bpf_htab *htab = container_of(map, struct bpf_htab, map);
1422 struct hlist_nulls_node *n;
1423 struct hlist_nulls_head *head;
1424 struct htab_elem *l;
1425 int i;
1426
1427 for (i = 0; i < htab->n_buckets; i++) {
1428 head = select_bucket(htab, i);
1429
1430 hlist_nulls_for_each_entry_safe(l, n, head, hash_node) {
1431 void *ptr = fd_htab_map_get_ptr(map, l);
1432
1433 map->ops->map_fd_put_ptr(ptr);
1434 }
1435 }
1436
1437 htab_map_free(map);
1438 }
1439
1440 /* only called from syscall */
bpf_fd_htab_map_lookup_elem(struct bpf_map * map,void * key,u32 * value)1441 int bpf_fd_htab_map_lookup_elem(struct bpf_map *map, void *key, u32 *value)
1442 {
1443 void **ptr;
1444 int ret = 0;
1445
1446 if (!map->ops->map_fd_sys_lookup_elem)
1447 return -ENOTSUPP;
1448
1449 rcu_read_lock();
1450 ptr = htab_map_lookup_elem(map, key);
1451 if (ptr)
1452 *value = map->ops->map_fd_sys_lookup_elem(READ_ONCE(*ptr));
1453 else
1454 ret = -ENOENT;
1455 rcu_read_unlock();
1456
1457 return ret;
1458 }
1459
1460 /* only called from syscall */
bpf_fd_htab_map_update_elem(struct bpf_map * map,struct file * map_file,void * key,void * value,u64 map_flags)1461 int bpf_fd_htab_map_update_elem(struct bpf_map *map, struct file *map_file,
1462 void *key, void *value, u64 map_flags)
1463 {
1464 void *ptr;
1465 int ret;
1466 u32 ufd = *(u32 *)value;
1467
1468 ptr = map->ops->map_fd_get_ptr(map, map_file, ufd);
1469 if (IS_ERR(ptr))
1470 return PTR_ERR(ptr);
1471
1472 ret = htab_map_update_elem(map, key, &ptr, map_flags);
1473 if (ret)
1474 map->ops->map_fd_put_ptr(ptr);
1475
1476 return ret;
1477 }
1478
htab_of_map_alloc(union bpf_attr * attr)1479 static struct bpf_map *htab_of_map_alloc(union bpf_attr *attr)
1480 {
1481 struct bpf_map *map, *inner_map_meta;
1482
1483 inner_map_meta = bpf_map_meta_alloc(attr->inner_map_fd);
1484 if (IS_ERR(inner_map_meta))
1485 return inner_map_meta;
1486
1487 map = htab_map_alloc(attr);
1488 if (IS_ERR(map)) {
1489 bpf_map_meta_free(inner_map_meta);
1490 return map;
1491 }
1492
1493 map->inner_map_meta = inner_map_meta;
1494
1495 return map;
1496 }
1497
htab_of_map_lookup_elem(struct bpf_map * map,void * key)1498 static void *htab_of_map_lookup_elem(struct bpf_map *map, void *key)
1499 {
1500 struct bpf_map **inner_map = htab_map_lookup_elem(map, key);
1501
1502 if (!inner_map)
1503 return NULL;
1504
1505 return READ_ONCE(*inner_map);
1506 }
1507
htab_of_map_gen_lookup(struct bpf_map * map,struct bpf_insn * insn_buf)1508 static u32 htab_of_map_gen_lookup(struct bpf_map *map,
1509 struct bpf_insn *insn_buf)
1510 {
1511 struct bpf_insn *insn = insn_buf;
1512 const int ret = BPF_REG_0;
1513
1514 BUILD_BUG_ON(!__same_type(&__htab_map_lookup_elem,
1515 (void *(*)(struct bpf_map *map, void *key))NULL));
1516 *insn++ = BPF_EMIT_CALL(BPF_CAST_CALL(__htab_map_lookup_elem));
1517 *insn++ = BPF_JMP_IMM(BPF_JEQ, ret, 0, 2);
1518 *insn++ = BPF_ALU64_IMM(BPF_ADD, ret,
1519 offsetof(struct htab_elem, key) +
1520 round_up(map->key_size, 8));
1521 *insn++ = BPF_LDX_MEM(BPF_DW, ret, ret, 0);
1522
1523 return insn - insn_buf;
1524 }
1525
htab_of_map_free(struct bpf_map * map)1526 static void htab_of_map_free(struct bpf_map *map)
1527 {
1528 bpf_map_meta_free(map->inner_map_meta);
1529 fd_htab_map_free(map);
1530 }
1531
1532 const struct bpf_map_ops htab_of_maps_map_ops = {
1533 .map_alloc_check = fd_htab_map_alloc_check,
1534 .map_alloc = htab_of_map_alloc,
1535 .map_free = htab_of_map_free,
1536 .map_get_next_key = htab_map_get_next_key,
1537 .map_lookup_elem = htab_of_map_lookup_elem,
1538 .map_delete_elem = htab_map_delete_elem,
1539 .map_fd_get_ptr = bpf_map_fd_get_ptr,
1540 .map_fd_put_ptr = bpf_map_fd_put_ptr,
1541 .map_fd_sys_lookup_elem = bpf_map_fd_sys_lookup_elem,
1542 .map_gen_lookup = htab_of_map_gen_lookup,
1543 .map_check_btf = map_check_no_btf,
1544 };
1545