1
2
3
4#include <linux/bpf.h>
5#include <linux/bpf_verifier.h>
6#include <linux/btf.h>
7#include <linux/filter.h>
8#include <linux/slab.h>
9#include <linux/numa.h>
10#include <linux/seq_file.h>
11#include <linux/refcount.h>
12#include <linux/mutex.h>
13
14enum bpf_struct_ops_state {
15 BPF_STRUCT_OPS_STATE_INIT,
16 BPF_STRUCT_OPS_STATE_INUSE,
17 BPF_STRUCT_OPS_STATE_TOBEFREE,
18};
19
20#define BPF_STRUCT_OPS_COMMON_VALUE \
21 refcount_t refcnt; \
22 enum bpf_struct_ops_state state
23
24struct bpf_struct_ops_value {
25 BPF_STRUCT_OPS_COMMON_VALUE;
26 char data[] ____cacheline_aligned_in_smp;
27};
28
29struct bpf_struct_ops_map {
30 struct bpf_map map;
31 struct rcu_head rcu;
32 const struct bpf_struct_ops *st_ops;
33
34 struct mutex lock;
35
36
37
38
39 struct bpf_prog **progs;
40
41
42
43
44
45 void *image;
46
47
48
49
50
51
52 struct bpf_struct_ops_value *uvalue;
53
54
55
56
57 struct bpf_struct_ops_value kvalue;
58};
59
60#define VALUE_PREFIX "bpf_struct_ops_"
61#define VALUE_PREFIX_LEN (sizeof(VALUE_PREFIX) - 1)
62
63
64
65
66
67
68#define BPF_STRUCT_OPS_TYPE(_name) \
69extern struct bpf_struct_ops bpf_##_name; \
70 \
71struct bpf_struct_ops_##_name { \
72 BPF_STRUCT_OPS_COMMON_VALUE; \
73 struct _name data ____cacheline_aligned_in_smp; \
74};
75#include "bpf_struct_ops_types.h"
76#undef BPF_STRUCT_OPS_TYPE
77
78enum {
79#define BPF_STRUCT_OPS_TYPE(_name) BPF_STRUCT_OPS_TYPE_##_name,
80#include "bpf_struct_ops_types.h"
81#undef BPF_STRUCT_OPS_TYPE
82 __NR_BPF_STRUCT_OPS_TYPE,
83};
84
85static struct bpf_struct_ops * const bpf_struct_ops[] = {
86#define BPF_STRUCT_OPS_TYPE(_name) \
87 [BPF_STRUCT_OPS_TYPE_##_name] = &bpf_##_name,
88#include "bpf_struct_ops_types.h"
89#undef BPF_STRUCT_OPS_TYPE
90};
91
92const struct bpf_verifier_ops bpf_struct_ops_verifier_ops = {
93};
94
95const struct bpf_prog_ops bpf_struct_ops_prog_ops = {
96};
97
98static const struct btf_type *module_type;
99
100void bpf_struct_ops_init(struct btf *btf, struct bpf_verifier_log *log)
101{
102 s32 type_id, value_id, module_id;
103 const struct btf_member *member;
104 struct bpf_struct_ops *st_ops;
105 const struct btf_type *t;
106 char value_name[128];
107 const char *mname;
108 u32 i, j;
109
110
111#define BPF_STRUCT_OPS_TYPE(_name) BTF_TYPE_EMIT(struct bpf_struct_ops_##_name);
112#include "bpf_struct_ops_types.h"
113#undef BPF_STRUCT_OPS_TYPE
114
115 module_id = btf_find_by_name_kind(btf, "module", BTF_KIND_STRUCT);
116 if (module_id < 0) {
117 pr_warn("Cannot find struct module in btf_vmlinux\n");
118 return;
119 }
120 module_type = btf_type_by_id(btf, module_id);
121
122 for (i = 0; i < ARRAY_SIZE(bpf_struct_ops); i++) {
123 st_ops = bpf_struct_ops[i];
124
125 if (strlen(st_ops->name) + VALUE_PREFIX_LEN >=
126 sizeof(value_name)) {
127 pr_warn("struct_ops name %s is too long\n",
128 st_ops->name);
129 continue;
130 }
131 sprintf(value_name, "%s%s", VALUE_PREFIX, st_ops->name);
132
133 value_id = btf_find_by_name_kind(btf, value_name,
134 BTF_KIND_STRUCT);
135 if (value_id < 0) {
136 pr_warn("Cannot find struct %s in btf_vmlinux\n",
137 value_name);
138 continue;
139 }
140
141 type_id = btf_find_by_name_kind(btf, st_ops->name,
142 BTF_KIND_STRUCT);
143 if (type_id < 0) {
144 pr_warn("Cannot find struct %s in btf_vmlinux\n",
145 st_ops->name);
146 continue;
147 }
148 t = btf_type_by_id(btf, type_id);
149 if (btf_type_vlen(t) > BPF_STRUCT_OPS_MAX_NR_MEMBERS) {
150 pr_warn("Cannot support #%u members in struct %s\n",
151 btf_type_vlen(t), st_ops->name);
152 continue;
153 }
154
155 for_each_member(j, t, member) {
156 const struct btf_type *func_proto;
157
158 mname = btf_name_by_offset(btf, member->name_off);
159 if (!*mname) {
160 pr_warn("anon member in struct %s is not supported\n",
161 st_ops->name);
162 break;
163 }
164
165 if (btf_member_bitfield_size(t, member)) {
166 pr_warn("bit field member %s in struct %s is not supported\n",
167 mname, st_ops->name);
168 break;
169 }
170
171 func_proto = btf_type_resolve_func_ptr(btf,
172 member->type,
173 NULL);
174 if (func_proto &&
175 btf_distill_func_proto(log, btf,
176 func_proto, mname,
177 &st_ops->func_models[j])) {
178 pr_warn("Error in parsing func ptr %s in struct %s\n",
179 mname, st_ops->name);
180 break;
181 }
182 }
183
184 if (j == btf_type_vlen(t)) {
185 if (st_ops->init(btf)) {
186 pr_warn("Error in init bpf_struct_ops %s\n",
187 st_ops->name);
188 } else {
189 st_ops->type_id = type_id;
190 st_ops->type = t;
191 st_ops->value_id = value_id;
192 st_ops->value_type = btf_type_by_id(btf,
193 value_id);
194 }
195 }
196 }
197}
198
199extern struct btf *btf_vmlinux;
200
201static const struct bpf_struct_ops *
202bpf_struct_ops_find_value(u32 value_id)
203{
204 unsigned int i;
205
206 if (!value_id || !btf_vmlinux)
207 return NULL;
208
209 for (i = 0; i < ARRAY_SIZE(bpf_struct_ops); i++) {
210 if (bpf_struct_ops[i]->value_id == value_id)
211 return bpf_struct_ops[i];
212 }
213
214 return NULL;
215}
216
217const struct bpf_struct_ops *bpf_struct_ops_find(u32 type_id)
218{
219 unsigned int i;
220
221 if (!type_id || !btf_vmlinux)
222 return NULL;
223
224 for (i = 0; i < ARRAY_SIZE(bpf_struct_ops); i++) {
225 if (bpf_struct_ops[i]->type_id == type_id)
226 return bpf_struct_ops[i];
227 }
228
229 return NULL;
230}
231
232static int bpf_struct_ops_map_get_next_key(struct bpf_map *map, void *key,
233 void *next_key)
234{
235 if (key && *(u32 *)key == 0)
236 return -ENOENT;
237
238 *(u32 *)next_key = 0;
239 return 0;
240}
241
242int bpf_struct_ops_map_sys_lookup_elem(struct bpf_map *map, void *key,
243 void *value)
244{
245 struct bpf_struct_ops_map *st_map = (struct bpf_struct_ops_map *)map;
246 struct bpf_struct_ops_value *uvalue, *kvalue;
247 enum bpf_struct_ops_state state;
248
249 if (unlikely(*(u32 *)key != 0))
250 return -ENOENT;
251
252 kvalue = &st_map->kvalue;
253
254 state = smp_load_acquire(&kvalue->state);
255 if (state == BPF_STRUCT_OPS_STATE_INIT) {
256 memset(value, 0, map->value_size);
257 return 0;
258 }
259
260
261
262
263 uvalue = (struct bpf_struct_ops_value *)value;
264 memcpy(uvalue, st_map->uvalue, map->value_size);
265 uvalue->state = state;
266 refcount_set(&uvalue->refcnt, refcount_read(&kvalue->refcnt));
267
268 return 0;
269}
270
271static void *bpf_struct_ops_map_lookup_elem(struct bpf_map *map, void *key)
272{
273 return ERR_PTR(-EINVAL);
274}
275
276static void bpf_struct_ops_map_put_progs(struct bpf_struct_ops_map *st_map)
277{
278 const struct btf_type *t = st_map->st_ops->type;
279 u32 i;
280
281 for (i = 0; i < btf_type_vlen(t); i++) {
282 if (st_map->progs[i]) {
283 bpf_prog_put(st_map->progs[i]);
284 st_map->progs[i] = NULL;
285 }
286 }
287}
288
289static int check_zero_holes(const struct btf_type *t, void *data)
290{
291 const struct btf_member *member;
292 u32 i, moff, msize, prev_mend = 0;
293 const struct btf_type *mtype;
294
295 for_each_member(i, t, member) {
296 moff = btf_member_bit_offset(t, member) / 8;
297 if (moff > prev_mend &&
298 memchr_inv(data + prev_mend, 0, moff - prev_mend))
299 return -EINVAL;
300
301 mtype = btf_type_by_id(btf_vmlinux, member->type);
302 mtype = btf_resolve_size(btf_vmlinux, mtype, &msize);
303 if (IS_ERR(mtype))
304 return PTR_ERR(mtype);
305 prev_mend = moff + msize;
306 }
307
308 if (t->size > prev_mend &&
309 memchr_inv(data + prev_mend, 0, t->size - prev_mend))
310 return -EINVAL;
311
312 return 0;
313}
314
315static int bpf_struct_ops_map_update_elem(struct bpf_map *map, void *key,
316 void *value, u64 flags)
317{
318 struct bpf_struct_ops_map *st_map = (struct bpf_struct_ops_map *)map;
319 const struct bpf_struct_ops *st_ops = st_map->st_ops;
320 struct bpf_struct_ops_value *uvalue, *kvalue;
321 const struct btf_member *member;
322 const struct btf_type *t = st_ops->type;
323 struct bpf_tramp_progs *tprogs = NULL;
324 void *udata, *kdata;
325 int prog_fd, err = 0;
326 void *image;
327 u32 i;
328
329 if (flags)
330 return -EINVAL;
331
332 if (*(u32 *)key != 0)
333 return -E2BIG;
334
335 err = check_zero_holes(st_ops->value_type, value);
336 if (err)
337 return err;
338
339 uvalue = (struct bpf_struct_ops_value *)value;
340 err = check_zero_holes(t, uvalue->data);
341 if (err)
342 return err;
343
344 if (uvalue->state || refcount_read(&uvalue->refcnt))
345 return -EINVAL;
346
347 tprogs = kcalloc(BPF_TRAMP_MAX, sizeof(*tprogs), GFP_KERNEL);
348 if (!tprogs)
349 return -ENOMEM;
350
351 uvalue = (struct bpf_struct_ops_value *)st_map->uvalue;
352 kvalue = (struct bpf_struct_ops_value *)&st_map->kvalue;
353
354 mutex_lock(&st_map->lock);
355
356 if (kvalue->state != BPF_STRUCT_OPS_STATE_INIT) {
357 err = -EBUSY;
358 goto unlock;
359 }
360
361 memcpy(uvalue, value, map->value_size);
362
363 udata = &uvalue->data;
364 kdata = &kvalue->data;
365 image = st_map->image;
366
367 for_each_member(i, t, member) {
368 const struct btf_type *mtype, *ptype;
369 struct bpf_prog *prog;
370 u32 moff;
371 u32 flags;
372
373 moff = btf_member_bit_offset(t, member) / 8;
374 ptype = btf_type_resolve_ptr(btf_vmlinux, member->type, NULL);
375 if (ptype == module_type) {
376 if (*(void **)(udata + moff))
377 goto reset_unlock;
378 *(void **)(kdata + moff) = BPF_MODULE_OWNER;
379 continue;
380 }
381
382 err = st_ops->init_member(t, member, kdata, udata);
383 if (err < 0)
384 goto reset_unlock;
385
386
387 if (err > 0)
388 continue;
389
390
391
392
393
394
395
396 if (!ptype || !btf_type_is_func_proto(ptype)) {
397 u32 msize;
398
399 mtype = btf_type_by_id(btf_vmlinux, member->type);
400 mtype = btf_resolve_size(btf_vmlinux, mtype, &msize);
401 if (IS_ERR(mtype)) {
402 err = PTR_ERR(mtype);
403 goto reset_unlock;
404 }
405
406 if (memchr_inv(udata + moff, 0, msize)) {
407 err = -EINVAL;
408 goto reset_unlock;
409 }
410
411 continue;
412 }
413
414 prog_fd = (int)(*(unsigned long *)(udata + moff));
415
416 if (!prog_fd)
417 continue;
418
419 prog = bpf_prog_get(prog_fd);
420 if (IS_ERR(prog)) {
421 err = PTR_ERR(prog);
422 goto reset_unlock;
423 }
424 st_map->progs[i] = prog;
425
426 if (prog->type != BPF_PROG_TYPE_STRUCT_OPS ||
427 prog->aux->attach_btf_id != st_ops->type_id ||
428 prog->expected_attach_type != i) {
429 err = -EINVAL;
430 goto reset_unlock;
431 }
432
433 tprogs[BPF_TRAMP_FENTRY].progs[0] = prog;
434 tprogs[BPF_TRAMP_FENTRY].nr_progs = 1;
435 flags = st_ops->func_models[i].ret_size > 0 ?
436 BPF_TRAMP_F_RET_FENTRY_RET : 0;
437 err = arch_prepare_bpf_trampoline(NULL, image,
438 st_map->image + PAGE_SIZE,
439 &st_ops->func_models[i],
440 flags, tprogs, NULL);
441 if (err < 0)
442 goto reset_unlock;
443
444 *(void **)(kdata + moff) = image;
445 image += err;
446
447
448 *(unsigned long *)(udata + moff) = prog->aux->id;
449 }
450
451 refcount_set(&kvalue->refcnt, 1);
452 bpf_map_inc(map);
453
454 set_memory_ro((long)st_map->image, 1);
455 set_memory_x((long)st_map->image, 1);
456 err = st_ops->reg(kdata);
457 if (likely(!err)) {
458
459
460
461
462 smp_store_release(&kvalue->state, BPF_STRUCT_OPS_STATE_INUSE);
463 goto unlock;
464 }
465
466
467
468
469
470
471
472 set_memory_nx((long)st_map->image, 1);
473 set_memory_rw((long)st_map->image, 1);
474 bpf_map_put(map);
475
476reset_unlock:
477 bpf_struct_ops_map_put_progs(st_map);
478 memset(uvalue, 0, map->value_size);
479 memset(kvalue, 0, map->value_size);
480unlock:
481 kfree(tprogs);
482 mutex_unlock(&st_map->lock);
483 return err;
484}
485
486static int bpf_struct_ops_map_delete_elem(struct bpf_map *map, void *key)
487{
488 enum bpf_struct_ops_state prev_state;
489 struct bpf_struct_ops_map *st_map;
490
491 st_map = (struct bpf_struct_ops_map *)map;
492 prev_state = cmpxchg(&st_map->kvalue.state,
493 BPF_STRUCT_OPS_STATE_INUSE,
494 BPF_STRUCT_OPS_STATE_TOBEFREE);
495 switch (prev_state) {
496 case BPF_STRUCT_OPS_STATE_INUSE:
497 st_map->st_ops->unreg(&st_map->kvalue.data);
498 if (refcount_dec_and_test(&st_map->kvalue.refcnt))
499 bpf_map_put(map);
500 return 0;
501 case BPF_STRUCT_OPS_STATE_TOBEFREE:
502 return -EINPROGRESS;
503 case BPF_STRUCT_OPS_STATE_INIT:
504 return -ENOENT;
505 default:
506 WARN_ON_ONCE(1);
507
508 return -ENOENT;
509 }
510}
511
512static void bpf_struct_ops_map_seq_show_elem(struct bpf_map *map, void *key,
513 struct seq_file *m)
514{
515 void *value;
516 int err;
517
518 value = kmalloc(map->value_size, GFP_USER | __GFP_NOWARN);
519 if (!value)
520 return;
521
522 err = bpf_struct_ops_map_sys_lookup_elem(map, key, value);
523 if (!err) {
524 btf_type_seq_show(btf_vmlinux, map->btf_vmlinux_value_type_id,
525 value, m);
526 seq_puts(m, "\n");
527 }
528
529 kfree(value);
530}
531
532static void bpf_struct_ops_map_free(struct bpf_map *map)
533{
534 struct bpf_struct_ops_map *st_map = (struct bpf_struct_ops_map *)map;
535
536 if (st_map->progs)
537 bpf_struct_ops_map_put_progs(st_map);
538 bpf_map_area_free(st_map->progs);
539 bpf_jit_free_exec(st_map->image);
540 bpf_map_area_free(st_map->uvalue);
541 bpf_map_area_free(st_map);
542}
543
544static int bpf_struct_ops_map_alloc_check(union bpf_attr *attr)
545{
546 if (attr->key_size != sizeof(unsigned int) || attr->max_entries != 1 ||
547 attr->map_flags || !attr->btf_vmlinux_value_type_id)
548 return -EINVAL;
549 return 0;
550}
551
552static struct bpf_map *bpf_struct_ops_map_alloc(union bpf_attr *attr)
553{
554 const struct bpf_struct_ops *st_ops;
555 size_t st_map_size;
556 struct bpf_struct_ops_map *st_map;
557 const struct btf_type *t, *vt;
558 struct bpf_map *map;
559
560 if (!bpf_capable())
561 return ERR_PTR(-EPERM);
562
563 st_ops = bpf_struct_ops_find_value(attr->btf_vmlinux_value_type_id);
564 if (!st_ops)
565 return ERR_PTR(-ENOTSUPP);
566
567 vt = st_ops->value_type;
568 if (attr->value_size != vt->size)
569 return ERR_PTR(-EINVAL);
570
571 t = st_ops->type;
572
573 st_map_size = sizeof(*st_map) +
574
575
576
577 (vt->size - sizeof(struct bpf_struct_ops_value));
578
579 st_map = bpf_map_area_alloc(st_map_size, NUMA_NO_NODE);
580 if (!st_map)
581 return ERR_PTR(-ENOMEM);
582
583 st_map->st_ops = st_ops;
584 map = &st_map->map;
585
586 st_map->uvalue = bpf_map_area_alloc(vt->size, NUMA_NO_NODE);
587 st_map->progs =
588 bpf_map_area_alloc(btf_type_vlen(t) * sizeof(struct bpf_prog *),
589 NUMA_NO_NODE);
590 st_map->image = bpf_jit_alloc_exec(PAGE_SIZE);
591 if (!st_map->uvalue || !st_map->progs || !st_map->image) {
592 bpf_struct_ops_map_free(map);
593 return ERR_PTR(-ENOMEM);
594 }
595
596 mutex_init(&st_map->lock);
597 set_vm_flush_reset_perms(st_map->image);
598 bpf_map_init_from_attr(map, attr);
599
600 return map;
601}
602
603static int bpf_struct_ops_map_btf_id;
604const struct bpf_map_ops bpf_struct_ops_map_ops = {
605 .map_alloc_check = bpf_struct_ops_map_alloc_check,
606 .map_alloc = bpf_struct_ops_map_alloc,
607 .map_free = bpf_struct_ops_map_free,
608 .map_get_next_key = bpf_struct_ops_map_get_next_key,
609 .map_lookup_elem = bpf_struct_ops_map_lookup_elem,
610 .map_delete_elem = bpf_struct_ops_map_delete_elem,
611 .map_update_elem = bpf_struct_ops_map_update_elem,
612 .map_seq_show_elem = bpf_struct_ops_map_seq_show_elem,
613 .map_btf_name = "bpf_struct_ops_map",
614 .map_btf_id = &bpf_struct_ops_map_btf_id,
615};
616
617
618
619
620bool bpf_struct_ops_get(const void *kdata)
621{
622 struct bpf_struct_ops_value *kvalue;
623
624 kvalue = container_of(kdata, struct bpf_struct_ops_value, data);
625
626 return refcount_inc_not_zero(&kvalue->refcnt);
627}
628
629static void bpf_struct_ops_put_rcu(struct rcu_head *head)
630{
631 struct bpf_struct_ops_map *st_map;
632
633 st_map = container_of(head, struct bpf_struct_ops_map, rcu);
634 bpf_map_put(&st_map->map);
635}
636
637void bpf_struct_ops_put(const void *kdata)
638{
639 struct bpf_struct_ops_value *kvalue;
640
641 kvalue = container_of(kdata, struct bpf_struct_ops_value, data);
642 if (refcount_dec_and_test(&kvalue->refcnt)) {
643 struct bpf_struct_ops_map *st_map;
644
645 st_map = container_of(kvalue, struct bpf_struct_ops_map,
646 kvalue);
647
648
649
650
651
652
653
654
655
656
657
658 call_rcu(&st_map->rcu, bpf_struct_ops_put_rcu);
659 }
660}
661
