1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * Copyright (C) 2008-2014 Mathieu Desnoyers
4 */
5 #include <linux/module.h>
6 #include <linux/mutex.h>
7 #include <linux/types.h>
8 #include <linux/jhash.h>
9 #include <linux/list.h>
10 #include <linux/rcupdate.h>
11 #include <linux/tracepoint.h>
12 #include <linux/err.h>
13 #include <linux/slab.h>
14 #include <linux/sched/signal.h>
15 #include <linux/sched/task.h>
16 #include <linux/static_key.h>
17 #include <trace/hooks/vendor_hooks.h>
18
19 enum tp_func_state {
20 TP_FUNC_0,
21 TP_FUNC_1,
22 TP_FUNC_2,
23 TP_FUNC_N,
24 };
25
26 extern tracepoint_ptr_t __start___tracepoints_ptrs[];
27 extern tracepoint_ptr_t __stop___tracepoints_ptrs[];
28
29 DEFINE_SRCU(tracepoint_srcu);
30 EXPORT_SYMBOL_GPL(tracepoint_srcu);
31
32 enum tp_transition_sync {
33 TP_TRANSITION_SYNC_1_0_1,
34 TP_TRANSITION_SYNC_N_2_1,
35
36 _NR_TP_TRANSITION_SYNC,
37 };
38
39 struct tp_transition_snapshot {
40 unsigned long rcu;
41 unsigned long srcu;
42 bool ongoing;
43 };
44
45 /* Protected by tracepoints_mutex */
46 static struct tp_transition_snapshot tp_transition_snapshot[_NR_TP_TRANSITION_SYNC];
47
tp_rcu_get_state(enum tp_transition_sync sync)48 static void tp_rcu_get_state(enum tp_transition_sync sync)
49 {
50 struct tp_transition_snapshot *snapshot = &tp_transition_snapshot[sync];
51
52 /* Keep the latest get_state snapshot. */
53 snapshot->rcu = get_state_synchronize_rcu();
54 snapshot->srcu = start_poll_synchronize_srcu(&tracepoint_srcu);
55 snapshot->ongoing = true;
56 }
57
tp_rcu_cond_sync(enum tp_transition_sync sync)58 static void tp_rcu_cond_sync(enum tp_transition_sync sync)
59 {
60 struct tp_transition_snapshot *snapshot = &tp_transition_snapshot[sync];
61
62 if (!snapshot->ongoing)
63 return;
64 cond_synchronize_rcu(snapshot->rcu);
65 if (!poll_state_synchronize_srcu(&tracepoint_srcu, snapshot->srcu))
66 synchronize_srcu(&tracepoint_srcu);
67 snapshot->ongoing = false;
68 }
69
70 /* Set to 1 to enable tracepoint debug output */
71 static const int tracepoint_debug;
72
73 #ifdef CONFIG_MODULES
74 /*
75 * Tracepoint module list mutex protects the local module list.
76 */
77 static DEFINE_MUTEX(tracepoint_module_list_mutex);
78
79 /* Local list of struct tp_module */
80 static LIST_HEAD(tracepoint_module_list);
81 #endif /* CONFIG_MODULES */
82
83 /*
84 * tracepoints_mutex protects the builtin and module tracepoints.
85 * tracepoints_mutex nests inside tracepoint_module_list_mutex.
86 */
87 static DEFINE_MUTEX(tracepoints_mutex);
88
89 static struct rcu_head *early_probes;
90 static bool ok_to_free_tracepoints;
91
92 /*
93 * Note about RCU :
94 * It is used to delay the free of multiple probes array until a quiescent
95 * state is reached.
96 */
97 struct tp_probes {
98 struct rcu_head rcu;
99 struct tracepoint_func probes[];
100 };
101
102 /* Called in removal of a func but failed to allocate a new tp_funcs */
tp_stub_func(void)103 static void tp_stub_func(void)
104 {
105 return;
106 }
107
allocate_probes(int count)108 static inline void *allocate_probes(int count)
109 {
110 struct tp_probes *p = kmalloc(struct_size(p, probes, count),
111 GFP_KERNEL);
112 return p == NULL ? NULL : p->probes;
113 }
114
srcu_free_old_probes(struct rcu_head * head)115 static void srcu_free_old_probes(struct rcu_head *head)
116 {
117 kfree(container_of(head, struct tp_probes, rcu));
118 }
119
rcu_free_old_probes(struct rcu_head * head)120 static void rcu_free_old_probes(struct rcu_head *head)
121 {
122 call_srcu(&tracepoint_srcu, head, srcu_free_old_probes);
123 }
124
release_early_probes(void)125 static __init int release_early_probes(void)
126 {
127 struct rcu_head *tmp;
128
129 ok_to_free_tracepoints = true;
130
131 while (early_probes) {
132 tmp = early_probes;
133 early_probes = tmp->next;
134 call_rcu(tmp, rcu_free_old_probes);
135 }
136
137 return 0;
138 }
139
140 /* SRCU is initialized at core_initcall */
141 postcore_initcall(release_early_probes);
142
release_probes(struct tracepoint_func * old)143 static inline void release_probes(struct tracepoint_func *old)
144 {
145 if (old) {
146 struct tp_probes *tp_probes = container_of(old,
147 struct tp_probes, probes[0]);
148
149 /*
150 * We can't free probes if SRCU is not initialized yet.
151 * Postpone the freeing till after SRCU is initialized.
152 */
153 if (unlikely(!ok_to_free_tracepoints)) {
154 tp_probes->rcu.next = early_probes;
155 early_probes = &tp_probes->rcu;
156 return;
157 }
158
159 /*
160 * Tracepoint probes are protected by both sched RCU and SRCU,
161 * by calling the SRCU callback in the sched RCU callback we
162 * cover both cases. So let us chain the SRCU and sched RCU
163 * callbacks to wait for both grace periods.
164 */
165 call_rcu(&tp_probes->rcu, rcu_free_old_probes);
166 }
167 }
168
debug_print_probes(struct tracepoint_func * funcs)169 static void debug_print_probes(struct tracepoint_func *funcs)
170 {
171 int i;
172
173 if (!tracepoint_debug || !funcs)
174 return;
175
176 for (i = 0; funcs[i].func; i++)
177 printk(KERN_DEBUG "Probe %d : %p\n", i, funcs[i].func);
178 }
179
180 static struct tracepoint_func *
func_add(struct tracepoint_func ** funcs,struct tracepoint_func * tp_func,int prio)181 func_add(struct tracepoint_func **funcs, struct tracepoint_func *tp_func,
182 int prio)
183 {
184 struct tracepoint_func *old, *new;
185 int iter_probes; /* Iterate over old probe array. */
186 int nr_probes = 0; /* Counter for probes */
187 int pos = -1; /* Insertion position into new array */
188
189 if (WARN_ON(!tp_func->func))
190 return ERR_PTR(-EINVAL);
191
192 debug_print_probes(*funcs);
193 old = *funcs;
194 if (old) {
195 /* (N -> N+1), (N != 0, 1) probes */
196 for (iter_probes = 0; old[iter_probes].func; iter_probes++) {
197 if (old[iter_probes].func == tp_stub_func)
198 continue; /* Skip stub functions. */
199 if (old[iter_probes].func == tp_func->func &&
200 old[iter_probes].data == tp_func->data)
201 return ERR_PTR(-EEXIST);
202 nr_probes++;
203 }
204 }
205 /* + 2 : one for new probe, one for NULL func */
206 new = allocate_probes(nr_probes + 2);
207 if (new == NULL)
208 return ERR_PTR(-ENOMEM);
209 if (old) {
210 nr_probes = 0;
211 for (iter_probes = 0; old[iter_probes].func; iter_probes++) {
212 if (old[iter_probes].func == tp_stub_func)
213 continue;
214 /* Insert before probes of lower priority */
215 if (pos < 0 && old[iter_probes].prio < prio)
216 pos = nr_probes++;
217 new[nr_probes++] = old[iter_probes];
218 }
219 if (pos < 0)
220 pos = nr_probes++;
221 /* nr_probes now points to the end of the new array */
222 } else {
223 pos = 0;
224 nr_probes = 1; /* must point at end of array */
225 }
226 new[pos] = *tp_func;
227 new[nr_probes].func = NULL;
228 *funcs = new;
229 debug_print_probes(*funcs);
230 return old;
231 }
232
func_remove(struct tracepoint_func ** funcs,struct tracepoint_func * tp_func)233 static void *func_remove(struct tracepoint_func **funcs,
234 struct tracepoint_func *tp_func)
235 {
236 int nr_probes = 0, nr_del = 0, i;
237 struct tracepoint_func *old, *new;
238
239 old = *funcs;
240
241 if (!old)
242 return ERR_PTR(-ENOENT);
243
244 debug_print_probes(*funcs);
245 /* (N -> M), (N > 1, M >= 0) probes */
246 if (tp_func->func) {
247 for (nr_probes = 0; old[nr_probes].func; nr_probes++) {
248 if ((old[nr_probes].func == tp_func->func &&
249 old[nr_probes].data == tp_func->data) ||
250 old[nr_probes].func == tp_stub_func)
251 nr_del++;
252 }
253 }
254
255 /*
256 * If probe is NULL, then nr_probes = nr_del = 0, and then the
257 * entire entry will be removed.
258 */
259 if (nr_probes - nr_del == 0) {
260 /* N -> 0, (N > 1) */
261 *funcs = NULL;
262 debug_print_probes(*funcs);
263 return old;
264 } else {
265 int j = 0;
266 /* N -> M, (N > 1, M > 0) */
267 /* + 1 for NULL */
268 new = allocate_probes(nr_probes - nr_del + 1);
269 if (new) {
270 for (i = 0; old[i].func; i++) {
271 if ((old[i].func != tp_func->func ||
272 old[i].data != tp_func->data) &&
273 old[i].func != tp_stub_func)
274 new[j++] = old[i];
275 }
276 new[nr_probes - nr_del].func = NULL;
277 *funcs = new;
278 } else {
279 /*
280 * Failed to allocate, replace the old function
281 * with calls to tp_stub_func.
282 */
283 for (i = 0; old[i].func; i++) {
284 if (old[i].func == tp_func->func &&
285 old[i].data == tp_func->data)
286 WRITE_ONCE(old[i].func, tp_stub_func);
287 }
288 *funcs = old;
289 }
290 }
291 debug_print_probes(*funcs);
292 return old;
293 }
294
295 /*
296 * Count the number of functions (enum tp_func_state) in a tp_funcs array.
297 */
nr_func_state(const struct tracepoint_func * tp_funcs)298 static enum tp_func_state nr_func_state(const struct tracepoint_func *tp_funcs)
299 {
300 if (!tp_funcs)
301 return TP_FUNC_0;
302 if (!tp_funcs[1].func)
303 return TP_FUNC_1;
304 if (!tp_funcs[2].func)
305 return TP_FUNC_2;
306 return TP_FUNC_N; /* 3 or more */
307 }
308
tracepoint_update_call(struct tracepoint * tp,struct tracepoint_func * tp_funcs)309 static void tracepoint_update_call(struct tracepoint *tp, struct tracepoint_func *tp_funcs)
310 {
311 void *func = tp->iterator;
312
313 /* Synthetic events do not have static call sites */
314 if (!tp->static_call_key)
315 return;
316 if (nr_func_state(tp_funcs) == TP_FUNC_1)
317 func = tp_funcs[0].func;
318 __static_call_update(tp->static_call_key, tp->static_call_tramp, func);
319 }
320
321 /*
322 * Add the probe function to a tracepoint.
323 */
tracepoint_add_func(struct tracepoint * tp,struct tracepoint_func * func,int prio,bool warn)324 static int tracepoint_add_func(struct tracepoint *tp,
325 struct tracepoint_func *func, int prio,
326 bool warn)
327 {
328 struct tracepoint_func *old, *tp_funcs;
329 int ret;
330
331 if (tp->regfunc && !static_key_enabled(&tp->key)) {
332 ret = tp->regfunc();
333 if (ret < 0)
334 return ret;
335 }
336
337 tp_funcs = rcu_dereference_protected(tp->funcs,
338 lockdep_is_held(&tracepoints_mutex));
339 old = func_add(&tp_funcs, func, prio);
340 if (IS_ERR(old)) {
341 WARN_ON_ONCE(warn && PTR_ERR(old) != -ENOMEM);
342 return PTR_ERR(old);
343 }
344
345 /*
346 * rcu_assign_pointer has as smp_store_release() which makes sure
347 * that the new probe callbacks array is consistent before setting
348 * a pointer to it. This array is referenced by __DO_TRACE from
349 * include/linux/tracepoint.h using rcu_dereference_sched().
350 */
351 switch (nr_func_state(tp_funcs)) {
352 case TP_FUNC_1: /* 0->1 */
353 /*
354 * Make sure new static func never uses old data after a
355 * 1->0->1 transition sequence.
356 */
357 tp_rcu_cond_sync(TP_TRANSITION_SYNC_1_0_1);
358 /* Set static call to first function */
359 tracepoint_update_call(tp, tp_funcs);
360 /* Both iterator and static call handle NULL tp->funcs */
361 rcu_assign_pointer(tp->funcs, tp_funcs);
362 static_key_enable(&tp->key);
363 break;
364 case TP_FUNC_2: /* 1->2 */
365 /* Set iterator static call */
366 tracepoint_update_call(tp, tp_funcs);
367 /*
368 * Iterator callback installed before updating tp->funcs.
369 * Requires ordering between RCU assign/dereference and
370 * static call update/call.
371 */
372 fallthrough;
373 case TP_FUNC_N: /* N->N+1 (N>1) */
374 rcu_assign_pointer(tp->funcs, tp_funcs);
375 /*
376 * Make sure static func never uses incorrect data after a
377 * N->...->2->1 (N>1) transition sequence.
378 */
379 if (tp_funcs[0].data != old[0].data)
380 tp_rcu_get_state(TP_TRANSITION_SYNC_N_2_1);
381 break;
382 default:
383 WARN_ON_ONCE(1);
384 break;
385 }
386
387 release_probes(old);
388 return 0;
389 }
390
391 /*
392 * Remove a probe function from a tracepoint.
393 * Note: only waiting an RCU period after setting elem->call to the empty
394 * function insures that the original callback is not used anymore. This insured
395 * by preempt_disable around the call site.
396 */
tracepoint_remove_func(struct tracepoint * tp,struct tracepoint_func * func)397 static int tracepoint_remove_func(struct tracepoint *tp,
398 struct tracepoint_func *func)
399 {
400 struct tracepoint_func *old, *tp_funcs;
401
402 tp_funcs = rcu_dereference_protected(tp->funcs,
403 lockdep_is_held(&tracepoints_mutex));
404 old = func_remove(&tp_funcs, func);
405 if (WARN_ON_ONCE(IS_ERR(old)))
406 return PTR_ERR(old);
407
408 if (tp_funcs == old)
409 /* Failed allocating new tp_funcs, replaced func with stub */
410 return 0;
411
412 switch (nr_func_state(tp_funcs)) {
413 case TP_FUNC_0: /* 1->0 */
414 /* Removed last function */
415 if (tp->unregfunc && static_key_enabled(&tp->key))
416 tp->unregfunc();
417
418 static_key_disable(&tp->key);
419 /* Set iterator static call */
420 tracepoint_update_call(tp, tp_funcs);
421 /* Both iterator and static call handle NULL tp->funcs */
422 rcu_assign_pointer(tp->funcs, NULL);
423 /*
424 * Make sure new static func never uses old data after a
425 * 1->0->1 transition sequence.
426 */
427 tp_rcu_get_state(TP_TRANSITION_SYNC_1_0_1);
428 break;
429 case TP_FUNC_1: /* 2->1 */
430 rcu_assign_pointer(tp->funcs, tp_funcs);
431 /*
432 * Make sure static func never uses incorrect data after a
433 * N->...->2->1 (N>2) transition sequence. If the first
434 * element's data has changed, then force the synchronization
435 * to prevent current readers that have loaded the old data
436 * from calling the new function.
437 */
438 if (tp_funcs[0].data != old[0].data)
439 tp_rcu_get_state(TP_TRANSITION_SYNC_N_2_1);
440 tp_rcu_cond_sync(TP_TRANSITION_SYNC_N_2_1);
441 /* Set static call to first function */
442 tracepoint_update_call(tp, tp_funcs);
443 break;
444 case TP_FUNC_2: /* N->N-1 (N>2) */
445 fallthrough;
446 case TP_FUNC_N:
447 rcu_assign_pointer(tp->funcs, tp_funcs);
448 /*
449 * Make sure static func never uses incorrect data after a
450 * N->...->2->1 (N>2) transition sequence.
451 */
452 if (tp_funcs[0].data != old[0].data)
453 tp_rcu_get_state(TP_TRANSITION_SYNC_N_2_1);
454 break;
455 default:
456 WARN_ON_ONCE(1);
457 break;
458 }
459 release_probes(old);
460 return 0;
461 }
462
463 /**
464 * tracepoint_probe_register_prio_may_exist - Connect a probe to a tracepoint with priority
465 * @tp: tracepoint
466 * @probe: probe handler
467 * @data: tracepoint data
468 * @prio: priority of this function over other registered functions
469 *
470 * Same as tracepoint_probe_register_prio() except that it will not warn
471 * if the tracepoint is already registered.
472 */
tracepoint_probe_register_prio_may_exist(struct tracepoint * tp,void * probe,void * data,int prio)473 int tracepoint_probe_register_prio_may_exist(struct tracepoint *tp, void *probe,
474 void *data, int prio)
475 {
476 struct tracepoint_func tp_func;
477 int ret;
478
479 mutex_lock(&tracepoints_mutex);
480 tp_func.func = probe;
481 tp_func.data = data;
482 tp_func.prio = prio;
483 ret = tracepoint_add_func(tp, &tp_func, prio, false);
484 mutex_unlock(&tracepoints_mutex);
485 return ret;
486 }
487 EXPORT_SYMBOL_GPL(tracepoint_probe_register_prio_may_exist);
488
489 /**
490 * tracepoint_probe_register_prio - Connect a probe to a tracepoint with priority
491 * @tp: tracepoint
492 * @probe: probe handler
493 * @data: tracepoint data
494 * @prio: priority of this function over other registered functions
495 *
496 * Returns 0 if ok, error value on error.
497 * Note: if @tp is within a module, the caller is responsible for
498 * unregistering the probe before the module is gone. This can be
499 * performed either with a tracepoint module going notifier, or from
500 * within module exit functions.
501 */
tracepoint_probe_register_prio(struct tracepoint * tp,void * probe,void * data,int prio)502 int tracepoint_probe_register_prio(struct tracepoint *tp, void *probe,
503 void *data, int prio)
504 {
505 struct tracepoint_func tp_func;
506 int ret;
507
508 mutex_lock(&tracepoints_mutex);
509 tp_func.func = probe;
510 tp_func.data = data;
511 tp_func.prio = prio;
512 ret = tracepoint_add_func(tp, &tp_func, prio, true);
513 mutex_unlock(&tracepoints_mutex);
514 return ret;
515 }
516 EXPORT_SYMBOL_GPL(tracepoint_probe_register_prio);
517
518 /**
519 * tracepoint_probe_register - Connect a probe to a tracepoint
520 * @tp: tracepoint
521 * @probe: probe handler
522 * @data: tracepoint data
523 *
524 * Returns 0 if ok, error value on error.
525 * Note: if @tp is within a module, the caller is responsible for
526 * unregistering the probe before the module is gone. This can be
527 * performed either with a tracepoint module going notifier, or from
528 * within module exit functions.
529 */
tracepoint_probe_register(struct tracepoint * tp,void * probe,void * data)530 int tracepoint_probe_register(struct tracepoint *tp, void *probe, void *data)
531 {
532 return tracepoint_probe_register_prio(tp, probe, data, TRACEPOINT_DEFAULT_PRIO);
533 }
534 EXPORT_SYMBOL_GPL(tracepoint_probe_register);
535
536 /**
537 * tracepoint_probe_unregister - Disconnect a probe from a tracepoint
538 * @tp: tracepoint
539 * @probe: probe function pointer
540 * @data: tracepoint data
541 *
542 * Returns 0 if ok, error value on error.
543 */
tracepoint_probe_unregister(struct tracepoint * tp,void * probe,void * data)544 int tracepoint_probe_unregister(struct tracepoint *tp, void *probe, void *data)
545 {
546 struct tracepoint_func tp_func;
547 int ret;
548
549 mutex_lock(&tracepoints_mutex);
550 tp_func.func = probe;
551 tp_func.data = data;
552 ret = tracepoint_remove_func(tp, &tp_func);
553 mutex_unlock(&tracepoints_mutex);
554 return ret;
555 }
556 EXPORT_SYMBOL_GPL(tracepoint_probe_unregister);
557
for_each_tracepoint_range(tracepoint_ptr_t * begin,tracepoint_ptr_t * end,void (* fct)(struct tracepoint * tp,void * priv),void * priv)558 static void for_each_tracepoint_range(
559 tracepoint_ptr_t *begin, tracepoint_ptr_t *end,
560 void (*fct)(struct tracepoint *tp, void *priv),
561 void *priv)
562 {
563 tracepoint_ptr_t *iter;
564
565 if (!begin)
566 return;
567 for (iter = begin; iter < end; iter++)
568 fct(tracepoint_ptr_deref(iter), priv);
569 }
570
571 #ifdef CONFIG_MODULES
trace_module_has_bad_taint(struct module * mod)572 bool trace_module_has_bad_taint(struct module *mod)
573 {
574 return mod->taints & ~((1 << TAINT_OOT_MODULE) | (1 << TAINT_CRAP) |
575 (1 << TAINT_UNSIGNED_MODULE) | (1 << TAINT_TEST) |
576 (1 << TAINT_LIVEPATCH));
577 }
578
579 static BLOCKING_NOTIFIER_HEAD(tracepoint_notify_list);
580
581 /**
582 * register_tracepoint_module_notifier - register tracepoint coming/going notifier
583 * @nb: notifier block
584 *
585 * Notifiers registered with this function are called on module
586 * coming/going with the tracepoint_module_list_mutex held.
587 * The notifier block callback should expect a "struct tp_module" data
588 * pointer.
589 */
register_tracepoint_module_notifier(struct notifier_block * nb)590 int register_tracepoint_module_notifier(struct notifier_block *nb)
591 {
592 struct tp_module *tp_mod;
593 int ret;
594
595 mutex_lock(&tracepoint_module_list_mutex);
596 ret = blocking_notifier_chain_register(&tracepoint_notify_list, nb);
597 if (ret)
598 goto end;
599 list_for_each_entry(tp_mod, &tracepoint_module_list, list)
600 (void) nb->notifier_call(nb, MODULE_STATE_COMING, tp_mod);
601 end:
602 mutex_unlock(&tracepoint_module_list_mutex);
603 return ret;
604 }
605 EXPORT_SYMBOL_GPL(register_tracepoint_module_notifier);
606
607 /**
608 * unregister_tracepoint_module_notifier - unregister tracepoint coming/going notifier
609 * @nb: notifier block
610 *
611 * The notifier block callback should expect a "struct tp_module" data
612 * pointer.
613 */
unregister_tracepoint_module_notifier(struct notifier_block * nb)614 int unregister_tracepoint_module_notifier(struct notifier_block *nb)
615 {
616 struct tp_module *tp_mod;
617 int ret;
618
619 mutex_lock(&tracepoint_module_list_mutex);
620 ret = blocking_notifier_chain_unregister(&tracepoint_notify_list, nb);
621 if (ret)
622 goto end;
623 list_for_each_entry(tp_mod, &tracepoint_module_list, list)
624 (void) nb->notifier_call(nb, MODULE_STATE_GOING, tp_mod);
625 end:
626 mutex_unlock(&tracepoint_module_list_mutex);
627 return ret;
628
629 }
630 EXPORT_SYMBOL_GPL(unregister_tracepoint_module_notifier);
631
632 /*
633 * Ensure the tracer unregistered the module's probes before the module
634 * teardown is performed. Prevents leaks of probe and data pointers.
635 */
tp_module_going_check_quiescent(struct tracepoint * tp,void * priv)636 static void tp_module_going_check_quiescent(struct tracepoint *tp, void *priv)
637 {
638 WARN_ON_ONCE(tp->funcs);
639 }
640
tracepoint_module_coming(struct module * mod)641 static int tracepoint_module_coming(struct module *mod)
642 {
643 struct tp_module *tp_mod;
644
645 if (!mod->num_tracepoints)
646 return 0;
647
648 /*
649 * We skip modules that taint the kernel, especially those with different
650 * module headers (for forced load), to make sure we don't cause a crash.
651 * Staging, out-of-tree, unsigned GPL, and test modules are fine.
652 */
653 if (trace_module_has_bad_taint(mod))
654 return 0;
655
656 tp_mod = kmalloc(sizeof(struct tp_module), GFP_KERNEL);
657 if (!tp_mod)
658 return -ENOMEM;
659 tp_mod->mod = mod;
660
661 mutex_lock(&tracepoint_module_list_mutex);
662 list_add_tail(&tp_mod->list, &tracepoint_module_list);
663 blocking_notifier_call_chain(&tracepoint_notify_list,
664 MODULE_STATE_COMING, tp_mod);
665 mutex_unlock(&tracepoint_module_list_mutex);
666 return 0;
667 }
668
tracepoint_module_going(struct module * mod)669 static void tracepoint_module_going(struct module *mod)
670 {
671 struct tp_module *tp_mod;
672
673 if (!mod->num_tracepoints)
674 return;
675
676 mutex_lock(&tracepoint_module_list_mutex);
677 list_for_each_entry(tp_mod, &tracepoint_module_list, list) {
678 if (tp_mod->mod == mod) {
679 blocking_notifier_call_chain(&tracepoint_notify_list,
680 MODULE_STATE_GOING, tp_mod);
681 list_del(&tp_mod->list);
682 kfree(tp_mod);
683 /*
684 * Called the going notifier before checking for
685 * quiescence.
686 */
687 for_each_tracepoint_range(mod->tracepoints_ptrs,
688 mod->tracepoints_ptrs + mod->num_tracepoints,
689 tp_module_going_check_quiescent, NULL);
690 break;
691 }
692 }
693 /*
694 * In the case of modules that were tainted at "coming", we'll simply
695 * walk through the list without finding it. We cannot use the "tainted"
696 * flag on "going", in case a module taints the kernel only after being
697 * loaded.
698 */
699 mutex_unlock(&tracepoint_module_list_mutex);
700 }
701
tracepoint_module_notify(struct notifier_block * self,unsigned long val,void * data)702 static int tracepoint_module_notify(struct notifier_block *self,
703 unsigned long val, void *data)
704 {
705 struct module *mod = data;
706 int ret = 0;
707
708 switch (val) {
709 case MODULE_STATE_COMING:
710 ret = tracepoint_module_coming(mod);
711 break;
712 case MODULE_STATE_LIVE:
713 break;
714 case MODULE_STATE_GOING:
715 tracepoint_module_going(mod);
716 break;
717 case MODULE_STATE_UNFORMED:
718 break;
719 }
720 return notifier_from_errno(ret);
721 }
722
723 static struct notifier_block tracepoint_module_nb = {
724 .notifier_call = tracepoint_module_notify,
725 .priority = 0,
726 };
727
init_tracepoints(void)728 static __init int init_tracepoints(void)
729 {
730 int ret;
731
732 ret = register_module_notifier(&tracepoint_module_nb);
733 if (ret)
734 pr_warn("Failed to register tracepoint module enter notifier\n");
735
736 return ret;
737 }
738 __initcall(init_tracepoints);
739
740 /**
741 * for_each_tracepoint_in_module - iteration on all tracepoints in a module
742 * @mod: module
743 * @fct: callback
744 * @priv: private data
745 */
for_each_tracepoint_in_module(struct module * mod,void (* fct)(struct tracepoint * tp,struct module * mod,void * priv),void * priv)746 void for_each_tracepoint_in_module(struct module *mod,
747 void (*fct)(struct tracepoint *tp,
748 struct module *mod, void *priv),
749 void *priv)
750 {
751 tracepoint_ptr_t *begin, *end, *iter;
752
753 lockdep_assert_held(&tracepoint_module_list_mutex);
754
755 if (!mod)
756 return;
757
758 begin = mod->tracepoints_ptrs;
759 end = mod->tracepoints_ptrs + mod->num_tracepoints;
760
761 for (iter = begin; iter < end; iter++)
762 fct(tracepoint_ptr_deref(iter), mod, priv);
763 }
764
765 /**
766 * for_each_module_tracepoint - iteration on all tracepoints in all modules
767 * @fct: callback
768 * @priv: private data
769 */
for_each_module_tracepoint(void (* fct)(struct tracepoint * tp,struct module * mod,void * priv),void * priv)770 void for_each_module_tracepoint(void (*fct)(struct tracepoint *tp,
771 struct module *mod, void *priv),
772 void *priv)
773 {
774 struct tp_module *tp_mod;
775
776 mutex_lock(&tracepoint_module_list_mutex);
777 list_for_each_entry(tp_mod, &tracepoint_module_list, list)
778 for_each_tracepoint_in_module(tp_mod->mod, fct, priv);
779 mutex_unlock(&tracepoint_module_list_mutex);
780 }
781 #endif /* CONFIG_MODULES */
782
783 /**
784 * for_each_kernel_tracepoint - iteration on all kernel tracepoints
785 * @fct: callback
786 * @priv: private data
787 */
for_each_kernel_tracepoint(void (* fct)(struct tracepoint * tp,void * priv),void * priv)788 void for_each_kernel_tracepoint(void (*fct)(struct tracepoint *tp, void *priv),
789 void *priv)
790 {
791 for_each_tracepoint_range(__start___tracepoints_ptrs,
792 __stop___tracepoints_ptrs, fct, priv);
793 }
794 EXPORT_SYMBOL_GPL(for_each_kernel_tracepoint);
795
796 #ifdef CONFIG_HAVE_SYSCALL_TRACEPOINTS
797
798 /* NB: reg/unreg are called while guarded with the tracepoints_mutex */
799 static int sys_tracepoint_refcount;
800
syscall_regfunc(void)801 int syscall_regfunc(void)
802 {
803 struct task_struct *p, *t;
804
805 if (!sys_tracepoint_refcount) {
806 read_lock(&tasklist_lock);
807 for_each_process_thread(p, t) {
808 set_task_syscall_work(t, SYSCALL_TRACEPOINT);
809 }
810 read_unlock(&tasklist_lock);
811 }
812 sys_tracepoint_refcount++;
813
814 return 0;
815 }
816
syscall_unregfunc(void)817 void syscall_unregfunc(void)
818 {
819 struct task_struct *p, *t;
820
821 sys_tracepoint_refcount--;
822 if (!sys_tracepoint_refcount) {
823 read_lock(&tasklist_lock);
824 for_each_process_thread(p, t) {
825 clear_task_syscall_work(t, SYSCALL_TRACEPOINT);
826 }
827 read_unlock(&tasklist_lock);
828 }
829 }
830 #endif
831
832 #ifdef CONFIG_ANDROID_VENDOR_HOOKS
833
rvh_zalloc_funcs(int count)834 static void *rvh_zalloc_funcs(int count)
835 {
836 return kzalloc(sizeof(struct tracepoint_func) * count, GFP_KERNEL);
837 }
838
839 #define ANDROID_RVH_NR_PROBES_MAX 2
rvh_func_add(struct tracepoint * tp,struct tracepoint_func * func)840 static int rvh_func_add(struct tracepoint *tp, struct tracepoint_func *func)
841 {
842 int i;
843
844 if (!static_key_enabled(&tp->key)) {
845 /* '+ 1' for the last NULL element */
846 tp->funcs = rvh_zalloc_funcs(ANDROID_RVH_NR_PROBES_MAX + 1);
847 if (!tp->funcs)
848 return ENOMEM;
849 }
850
851 for (i = 0; i < ANDROID_RVH_NR_PROBES_MAX; i++) {
852 if (!tp->funcs[i].func) {
853 if (!static_key_enabled(&tp->key))
854 tp->funcs[i].data = func->data;
855 WRITE_ONCE(tp->funcs[i].func, func->func);
856
857 return 0;
858 }
859 }
860
861 return -EBUSY;
862 }
863
android_rvh_add_func(struct tracepoint * tp,struct tracepoint_func * func)864 static int android_rvh_add_func(struct tracepoint *tp, struct tracepoint_func *func)
865 {
866 int ret;
867
868 if (tp->regfunc && !static_key_enabled(&tp->key)) {
869 ret = tp->regfunc();
870 if (ret < 0)
871 return ret;
872 }
873
874 ret = rvh_func_add(tp, func);
875 if (ret)
876 return ret;
877 tracepoint_update_call(tp, tp->funcs);
878 static_key_enable(&tp->key);
879
880 return 0;
881 }
882
android_rvh_probe_register(struct tracepoint * tp,void * probe,void * data)883 int android_rvh_probe_register(struct tracepoint *tp, void *probe, void *data)
884 {
885 struct tracepoint_func tp_func;
886 int ret;
887
888 /*
889 * Once the static key has been flipped, the array may be read
890 * concurrently. Although __traceiter_*() always checks .func first,
891 * it doesn't enforce read->read dependencies, and we can't strongly
892 * guarantee it will see the correct .data for the second element
893 * without adding smp_load_acquire() in the fast path. But this is a
894 * corner case which is unlikely to be needed by anybody in practice,
895 * so let's just forbid it and keep the fast path clean.
896 */
897 if (WARN_ON(static_key_enabled(&tp->key) && data))
898 return -EINVAL;
899
900 mutex_lock(&tracepoints_mutex);
901 tp_func.func = probe;
902 tp_func.data = data;
903 ret = android_rvh_add_func(tp, &tp_func);
904 mutex_unlock(&tracepoints_mutex);
905
906 return ret;
907 }
908 EXPORT_SYMBOL_GPL(android_rvh_probe_register);
909 #endif
910