Line data Source code
1 : // SPDX-License-Identifier: GPL-2.0-or-later
2 : /*
3 : * Linux Socket Filter - Kernel level socket filtering
4 : *
5 : * Based on the design of the Berkeley Packet Filter. The new
6 : * internal format has been designed by PLUMgrid:
7 : *
8 : * Copyright (c) 2011 - 2014 PLUMgrid, http://plumgrid.com
9 : *
10 : * Authors:
11 : *
12 : * Jay Schulist <jschlst@samba.org>
13 : * Alexei Starovoitov <ast@plumgrid.com>
14 : * Daniel Borkmann <dborkman@redhat.com>
15 : *
16 : * Andi Kleen - Fix a few bad bugs and races.
17 : * Kris Katterjohn - Added many additional checks in bpf_check_classic()
18 : */
19 :
20 : #include <uapi/linux/btf.h>
21 : #include <linux/filter.h>
22 : #include <linux/skbuff.h>
23 : #include <linux/vmalloc.h>
24 : #include <linux/random.h>
25 : #include <linux/moduleloader.h>
26 : #include <linux/bpf.h>
27 : #include <linux/btf.h>
28 : #include <linux/objtool.h>
29 : #include <linux/rbtree_latch.h>
30 : #include <linux/kallsyms.h>
31 : #include <linux/rcupdate.h>
32 : #include <linux/perf_event.h>
33 : #include <linux/extable.h>
34 : #include <linux/log2.h>
35 : #include <asm/unaligned.h>
36 :
37 : /* Registers */
38 : #define BPF_R0 regs[BPF_REG_0]
39 : #define BPF_R1 regs[BPF_REG_1]
40 : #define BPF_R2 regs[BPF_REG_2]
41 : #define BPF_R3 regs[BPF_REG_3]
42 : #define BPF_R4 regs[BPF_REG_4]
43 : #define BPF_R5 regs[BPF_REG_5]
44 : #define BPF_R6 regs[BPF_REG_6]
45 : #define BPF_R7 regs[BPF_REG_7]
46 : #define BPF_R8 regs[BPF_REG_8]
47 : #define BPF_R9 regs[BPF_REG_9]
48 : #define BPF_R10 regs[BPF_REG_10]
49 :
50 : /* Named registers */
51 : #define DST regs[insn->dst_reg]
52 : #define SRC regs[insn->src_reg]
53 : #define FP regs[BPF_REG_FP]
54 : #define AX regs[BPF_REG_AX]
55 : #define ARG1 regs[BPF_REG_ARG1]
56 : #define CTX regs[BPF_REG_CTX]
57 : #define IMM insn->imm
58 :
59 : /* No hurry in this branch
60 : *
61 : * Exported for the bpf jit load helper.
62 : */
63 0 : void *bpf_internal_load_pointer_neg_helper(const struct sk_buff *skb, int k, unsigned int size)
64 : {
65 0 : u8 *ptr = NULL;
66 :
67 0 : if (k >= SKF_NET_OFF)
68 0 : ptr = skb_network_header(skb) + k - SKF_NET_OFF;
69 0 : else if (k >= SKF_LL_OFF)
70 0 : ptr = skb_mac_header(skb) + k - SKF_LL_OFF;
71 :
72 0 : if (ptr >= skb->head && ptr + size <= skb_tail_pointer(skb))
73 0 : return ptr;
74 :
75 : return NULL;
76 : }
77 :
78 7 : struct bpf_prog *bpf_prog_alloc_no_stats(unsigned int size, gfp_t gfp_extra_flags)
79 : {
80 7 : gfp_t gfp_flags = GFP_KERNEL_ACCOUNT | __GFP_ZERO | gfp_extra_flags;
81 7 : struct bpf_prog_aux *aux;
82 7 : struct bpf_prog *fp;
83 :
84 7 : size = round_up(size, PAGE_SIZE);
85 7 : fp = __vmalloc(size, gfp_flags);
86 7 : if (fp == NULL)
87 : return NULL;
88 :
89 7 : aux = kzalloc(sizeof(*aux), GFP_KERNEL_ACCOUNT | gfp_extra_flags);
90 7 : if (aux == NULL) {
91 0 : vfree(fp);
92 0 : return NULL;
93 : }
94 7 : fp->active = alloc_percpu_gfp(int, GFP_KERNEL_ACCOUNT | gfp_extra_flags);
95 7 : if (!fp->active) {
96 0 : vfree(fp);
97 0 : kfree(aux);
98 0 : return NULL;
99 : }
100 :
101 7 : fp->pages = size / PAGE_SIZE;
102 7 : fp->aux = aux;
103 7 : fp->aux->prog = fp;
104 7 : fp->jit_requested = ebpf_jit_enabled();
105 :
106 7 : INIT_LIST_HEAD_RCU(&fp->aux->ksym.lnode);
107 7 : mutex_init(&fp->aux->used_maps_mutex);
108 7 : mutex_init(&fp->aux->dst_mutex);
109 :
110 7 : return fp;
111 : }
112 :
113 7 : struct bpf_prog *bpf_prog_alloc(unsigned int size, gfp_t gfp_extra_flags)
114 : {
115 7 : gfp_t gfp_flags = GFP_KERNEL_ACCOUNT | __GFP_ZERO | gfp_extra_flags;
116 7 : struct bpf_prog *prog;
117 7 : int cpu;
118 :
119 7 : prog = bpf_prog_alloc_no_stats(size, gfp_extra_flags);
120 7 : if (!prog)
121 : return NULL;
122 :
123 7 : prog->stats = alloc_percpu_gfp(struct bpf_prog_stats, gfp_flags);
124 7 : if (!prog->stats) {
125 0 : free_percpu(prog->active);
126 0 : kfree(prog->aux);
127 0 : vfree(prog);
128 0 : return NULL;
129 : }
130 :
131 35 : for_each_possible_cpu(cpu) {
132 28 : struct bpf_prog_stats *pstats;
133 :
134 28 : pstats = per_cpu_ptr(prog->stats, cpu);
135 35 : u64_stats_init(&pstats->syncp);
136 : }
137 : return prog;
138 : }
139 : EXPORT_SYMBOL_GPL(bpf_prog_alloc);
140 :
141 7 : int bpf_prog_alloc_jited_linfo(struct bpf_prog *prog)
142 : {
143 7 : if (!prog->aux->nr_linfo || !prog->jit_requested)
144 : return 0;
145 :
146 0 : prog->aux->jited_linfo = kcalloc(prog->aux->nr_linfo,
147 : sizeof(*prog->aux->jited_linfo),
148 : GFP_KERNEL_ACCOUNT | __GFP_NOWARN);
149 0 : if (!prog->aux->jited_linfo)
150 0 : return -ENOMEM;
151 :
152 : return 0;
153 : }
154 :
155 7 : void bpf_prog_free_jited_linfo(struct bpf_prog *prog)
156 : {
157 0 : kfree(prog->aux->jited_linfo);
158 7 : prog->aux->jited_linfo = NULL;
159 7 : }
160 :
161 0 : void bpf_prog_free_unused_jited_linfo(struct bpf_prog *prog)
162 : {
163 0 : if (prog->aux->jited_linfo && !prog->aux->jited_linfo[0])
164 0 : bpf_prog_free_jited_linfo(prog);
165 0 : }
166 :
167 : /* The jit engine is responsible to provide an array
168 : * for insn_off to the jited_off mapping (insn_to_jit_off).
169 : *
170 : * The idx to this array is the insn_off. Hence, the insn_off
171 : * here is relative to the prog itself instead of the main prog.
172 : * This array has one entry for each xlated bpf insn.
173 : *
174 : * jited_off is the byte off to the last byte of the jited insn.
175 : *
176 : * Hence, with
177 : * insn_start:
178 : * The first bpf insn off of the prog. The insn off
179 : * here is relative to the main prog.
180 : * e.g. if prog is a subprog, insn_start > 0
181 : * linfo_idx:
182 : * The prog's idx to prog->aux->linfo and jited_linfo
183 : *
184 : * jited_linfo[linfo_idx] = prog->bpf_func
185 : *
186 : * For i > linfo_idx,
187 : *
188 : * jited_linfo[i] = prog->bpf_func +
189 : * insn_to_jit_off[linfo[i].insn_off - insn_start - 1]
190 : */
191 0 : void bpf_prog_fill_jited_linfo(struct bpf_prog *prog,
192 : const u32 *insn_to_jit_off)
193 : {
194 0 : u32 linfo_idx, insn_start, insn_end, nr_linfo, i;
195 0 : const struct bpf_line_info *linfo;
196 0 : void **jited_linfo;
197 :
198 0 : if (!prog->aux->jited_linfo)
199 : /* Userspace did not provide linfo */
200 : return;
201 :
202 0 : linfo_idx = prog->aux->linfo_idx;
203 0 : linfo = &prog->aux->linfo[linfo_idx];
204 0 : insn_start = linfo[0].insn_off;
205 0 : insn_end = insn_start + prog->len;
206 :
207 0 : jited_linfo = &prog->aux->jited_linfo[linfo_idx];
208 0 : jited_linfo[0] = prog->bpf_func;
209 :
210 0 : nr_linfo = prog->aux->nr_linfo - linfo_idx;
211 :
212 0 : for (i = 1; i < nr_linfo && linfo[i].insn_off < insn_end; i++)
213 : /* The verifier ensures that linfo[i].insn_off is
214 : * strictly increasing
215 : */
216 0 : jited_linfo[i] = prog->bpf_func +
217 0 : insn_to_jit_off[linfo[i].insn_off - insn_start - 1];
218 : }
219 :
220 0 : void bpf_prog_free_linfo(struct bpf_prog *prog)
221 : {
222 0 : bpf_prog_free_jited_linfo(prog);
223 0 : kvfree(prog->aux->linfo);
224 0 : }
225 :
226 7 : struct bpf_prog *bpf_prog_realloc(struct bpf_prog *fp_old, unsigned int size,
227 : gfp_t gfp_extra_flags)
228 : {
229 7 : gfp_t gfp_flags = GFP_KERNEL_ACCOUNT | __GFP_ZERO | gfp_extra_flags;
230 7 : struct bpf_prog *fp;
231 7 : u32 pages;
232 :
233 7 : size = round_up(size, PAGE_SIZE);
234 7 : pages = size / PAGE_SIZE;
235 7 : if (pages <= fp_old->pages)
236 : return fp_old;
237 :
238 0 : fp = __vmalloc(size, gfp_flags);
239 0 : if (fp) {
240 0 : memcpy(fp, fp_old, fp_old->pages * PAGE_SIZE);
241 0 : fp->pages = pages;
242 0 : fp->aux->prog = fp;
243 :
244 : /* We keep fp->aux from fp_old around in the new
245 : * reallocated structure.
246 : */
247 0 : fp_old->aux = NULL;
248 0 : fp_old->stats = NULL;
249 0 : fp_old->active = NULL;
250 0 : __bpf_prog_free(fp_old);
251 : }
252 :
253 : return fp;
254 : }
255 :
256 0 : void __bpf_prog_free(struct bpf_prog *fp)
257 : {
258 0 : if (fp->aux) {
259 0 : mutex_destroy(&fp->aux->used_maps_mutex);
260 0 : mutex_destroy(&fp->aux->dst_mutex);
261 0 : kfree(fp->aux->poke_tab);
262 0 : kfree(fp->aux);
263 : }
264 0 : free_percpu(fp->stats);
265 0 : free_percpu(fp->active);
266 0 : vfree(fp);
267 0 : }
268 :
269 0 : int bpf_prog_calc_tag(struct bpf_prog *fp)
270 : {
271 0 : const u32 bits_offset = SHA1_BLOCK_SIZE - sizeof(__be64);
272 0 : u32 raw_size = bpf_prog_tag_scratch_size(fp);
273 0 : u32 digest[SHA1_DIGEST_WORDS];
274 0 : u32 ws[SHA1_WORKSPACE_WORDS];
275 0 : u32 i, bsize, psize, blocks;
276 0 : struct bpf_insn *dst;
277 0 : bool was_ld_map;
278 0 : u8 *raw, *todo;
279 0 : __be32 *result;
280 0 : __be64 *bits;
281 :
282 0 : raw = vmalloc(raw_size);
283 0 : if (!raw)
284 : return -ENOMEM;
285 :
286 0 : sha1_init(digest);
287 0 : memset(ws, 0, sizeof(ws));
288 :
289 : /* We need to take out the map fd for the digest calculation
290 : * since they are unstable from user space side.
291 : */
292 0 : dst = (void *)raw;
293 0 : for (i = 0, was_ld_map = false; i < fp->len; i++) {
294 0 : dst[i] = fp->insnsi[i];
295 0 : if (!was_ld_map &&
296 0 : dst[i].code == (BPF_LD | BPF_IMM | BPF_DW) &&
297 0 : (dst[i].src_reg == BPF_PSEUDO_MAP_FD ||
298 : dst[i].src_reg == BPF_PSEUDO_MAP_VALUE)) {
299 0 : was_ld_map = true;
300 0 : dst[i].imm = 0;
301 0 : } else if (was_ld_map &&
302 0 : dst[i].code == 0 &&
303 : dst[i].dst_reg == 0 &&
304 0 : dst[i].src_reg == 0 &&
305 : dst[i].off == 0) {
306 0 : was_ld_map = false;
307 0 : dst[i].imm = 0;
308 : } else {
309 : was_ld_map = false;
310 : }
311 : }
312 :
313 0 : psize = bpf_prog_insn_size(fp);
314 0 : memset(&raw[psize], 0, raw_size - psize);
315 0 : raw[psize++] = 0x80;
316 :
317 0 : bsize = round_up(psize, SHA1_BLOCK_SIZE);
318 0 : blocks = bsize / SHA1_BLOCK_SIZE;
319 0 : todo = raw;
320 0 : if (bsize - psize >= sizeof(__be64)) {
321 0 : bits = (__be64 *)(todo + bsize - sizeof(__be64));
322 : } else {
323 0 : bits = (__be64 *)(todo + bsize + bits_offset);
324 0 : blocks++;
325 : }
326 0 : *bits = cpu_to_be64((psize - 1) << 3);
327 :
328 0 : while (blocks--) {
329 0 : sha1_transform(digest, todo, ws);
330 0 : todo += SHA1_BLOCK_SIZE;
331 : }
332 :
333 0 : result = (__force __be32 *)digest;
334 0 : for (i = 0; i < SHA1_DIGEST_WORDS; i++)
335 0 : result[i] = cpu_to_be32(digest[i]);
336 0 : memcpy(fp->tag, result, sizeof(fp->tag));
337 :
338 0 : vfree(raw);
339 0 : return 0;
340 : }
341 :
342 0 : static int bpf_adj_delta_to_imm(struct bpf_insn *insn, u32 pos, s32 end_old,
343 : s32 end_new, s32 curr, const bool probe_pass)
344 : {
345 0 : const s64 imm_min = S32_MIN, imm_max = S32_MAX;
346 0 : s32 delta = end_new - end_old;
347 0 : s64 imm = insn->imm;
348 :
349 0 : if (curr < pos && curr + imm + 1 >= end_old)
350 0 : imm += delta;
351 0 : else if (curr >= end_new && curr + imm + 1 < end_new)
352 0 : imm -= delta;
353 0 : if (imm < imm_min || imm > imm_max)
354 : return -ERANGE;
355 0 : if (!probe_pass)
356 0 : insn->imm = imm;
357 : return 0;
358 : }
359 :
360 0 : static int bpf_adj_delta_to_off(struct bpf_insn *insn, u32 pos, s32 end_old,
361 : s32 end_new, s32 curr, const bool probe_pass)
362 : {
363 0 : const s32 off_min = S16_MIN, off_max = S16_MAX;
364 0 : s32 delta = end_new - end_old;
365 0 : s32 off = insn->off;
366 :
367 0 : if (curr < pos && curr + off + 1 >= end_old)
368 0 : off += delta;
369 0 : else if (curr >= end_new && curr + off + 1 < end_new)
370 0 : off -= delta;
371 0 : if (off < off_min || off > off_max)
372 : return -ERANGE;
373 0 : if (!probe_pass)
374 0 : insn->off = off;
375 : return 0;
376 : }
377 :
378 0 : static int bpf_adj_branches(struct bpf_prog *prog, u32 pos, s32 end_old,
379 : s32 end_new, const bool probe_pass)
380 : {
381 0 : u32 i, insn_cnt = prog->len + (probe_pass ? end_new - end_old : 0);
382 0 : struct bpf_insn *insn = prog->insnsi;
383 0 : int ret = 0;
384 :
385 0 : for (i = 0; i < insn_cnt; i++, insn++) {
386 0 : u8 code;
387 :
388 : /* In the probing pass we still operate on the original,
389 : * unpatched image in order to check overflows before we
390 : * do any other adjustments. Therefore skip the patchlet.
391 : */
392 0 : if (probe_pass && i == pos) {
393 0 : i = end_new;
394 0 : insn = prog->insnsi + end_old;
395 : }
396 0 : code = insn->code;
397 0 : if ((BPF_CLASS(code) != BPF_JMP &&
398 0 : BPF_CLASS(code) != BPF_JMP32) ||
399 : BPF_OP(code) == BPF_EXIT)
400 0 : continue;
401 : /* Adjust offset of jmps if we cross patch boundaries. */
402 0 : if (BPF_OP(code) == BPF_CALL) {
403 0 : if (insn->src_reg != BPF_PSEUDO_CALL)
404 0 : continue;
405 0 : ret = bpf_adj_delta_to_imm(insn, pos, end_old,
406 : end_new, i, probe_pass);
407 : } else {
408 0 : ret = bpf_adj_delta_to_off(insn, pos, end_old,
409 : end_new, i, probe_pass);
410 : }
411 0 : if (ret)
412 : break;
413 : }
414 :
415 0 : return ret;
416 : }
417 :
418 0 : static void bpf_adj_linfo(struct bpf_prog *prog, u32 off, u32 delta)
419 : {
420 0 : struct bpf_line_info *linfo;
421 0 : u32 i, nr_linfo;
422 :
423 0 : nr_linfo = prog->aux->nr_linfo;
424 0 : if (!nr_linfo || !delta)
425 : return;
426 :
427 0 : linfo = prog->aux->linfo;
428 :
429 0 : for (i = 0; i < nr_linfo; i++)
430 0 : if (off < linfo[i].insn_off)
431 : break;
432 :
433 : /* Push all off < linfo[i].insn_off by delta */
434 0 : for (; i < nr_linfo; i++)
435 0 : linfo[i].insn_off += delta;
436 : }
437 :
438 0 : struct bpf_prog *bpf_patch_insn_single(struct bpf_prog *prog, u32 off,
439 : const struct bpf_insn *patch, u32 len)
440 : {
441 0 : u32 insn_adj_cnt, insn_rest, insn_delta = len - 1;
442 0 : const u32 cnt_max = S16_MAX;
443 0 : struct bpf_prog *prog_adj;
444 0 : int err;
445 :
446 : /* Since our patchlet doesn't expand the image, we're done. */
447 0 : if (insn_delta == 0) {
448 0 : memcpy(prog->insnsi + off, patch, sizeof(*patch));
449 0 : return prog;
450 : }
451 :
452 0 : insn_adj_cnt = prog->len + insn_delta;
453 :
454 : /* Reject anything that would potentially let the insn->off
455 : * target overflow when we have excessive program expansions.
456 : * We need to probe here before we do any reallocation where
457 : * we afterwards may not fail anymore.
458 : */
459 0 : if (insn_adj_cnt > cnt_max &&
460 0 : (err = bpf_adj_branches(prog, off, off + 1, off + len, true)))
461 0 : return ERR_PTR(err);
462 :
463 : /* Several new instructions need to be inserted. Make room
464 : * for them. Likely, there's no need for a new allocation as
465 : * last page could have large enough tailroom.
466 : */
467 0 : prog_adj = bpf_prog_realloc(prog, bpf_prog_size(insn_adj_cnt),
468 : GFP_USER);
469 0 : if (!prog_adj)
470 0 : return ERR_PTR(-ENOMEM);
471 :
472 0 : prog_adj->len = insn_adj_cnt;
473 :
474 : /* Patching happens in 3 steps:
475 : *
476 : * 1) Move over tail of insnsi from next instruction onwards,
477 : * so we can patch the single target insn with one or more
478 : * new ones (patching is always from 1 to n insns, n > 0).
479 : * 2) Inject new instructions at the target location.
480 : * 3) Adjust branch offsets if necessary.
481 : */
482 0 : insn_rest = insn_adj_cnt - off - len;
483 :
484 0 : memmove(prog_adj->insnsi + off + len, prog_adj->insnsi + off + 1,
485 : sizeof(*patch) * insn_rest);
486 0 : memcpy(prog_adj->insnsi + off, patch, sizeof(*patch) * len);
487 :
488 : /* We are guaranteed to not fail at this point, otherwise
489 : * the ship has sailed to reverse to the original state. An
490 : * overflow cannot happen at this point.
491 : */
492 0 : BUG_ON(bpf_adj_branches(prog_adj, off, off + 1, off + len, false));
493 :
494 0 : bpf_adj_linfo(prog_adj, off, insn_delta);
495 :
496 0 : return prog_adj;
497 : }
498 :
499 0 : int bpf_remove_insns(struct bpf_prog *prog, u32 off, u32 cnt)
500 : {
501 : /* Branch offsets can't overflow when program is shrinking, no need
502 : * to call bpf_adj_branches(..., true) here
503 : */
504 0 : memmove(prog->insnsi + off, prog->insnsi + off + cnt,
505 0 : sizeof(struct bpf_insn) * (prog->len - off - cnt));
506 0 : prog->len -= cnt;
507 :
508 0 : return WARN_ON_ONCE(bpf_adj_branches(prog, off, off + cnt, off, false));
509 : }
510 :
511 0 : static void bpf_prog_kallsyms_del_subprogs(struct bpf_prog *fp)
512 : {
513 0 : int i;
514 :
515 0 : for (i = 0; i < fp->aux->func_cnt; i++)
516 0 : bpf_prog_kallsyms_del(fp->aux->func[i]);
517 : }
518 :
519 0 : void bpf_prog_kallsyms_del_all(struct bpf_prog *fp)
520 : {
521 0 : bpf_prog_kallsyms_del_subprogs(fp);
522 0 : bpf_prog_kallsyms_del(fp);
523 0 : }
524 :
525 : #ifdef CONFIG_BPF_JIT
526 : /* All BPF JIT sysctl knobs here. */
527 : int bpf_jit_enable __read_mostly = IS_BUILTIN(CONFIG_BPF_JIT_DEFAULT_ON);
528 : int bpf_jit_kallsyms __read_mostly = IS_BUILTIN(CONFIG_BPF_JIT_DEFAULT_ON);
529 : int bpf_jit_harden __read_mostly;
530 : long bpf_jit_limit __read_mostly;
531 :
532 : static void
533 : bpf_prog_ksym_set_addr(struct bpf_prog *prog)
534 : {
535 : const struct bpf_binary_header *hdr = bpf_jit_binary_hdr(prog);
536 : unsigned long addr = (unsigned long)hdr;
537 :
538 : WARN_ON_ONCE(!bpf_prog_ebpf_jited(prog));
539 :
540 : prog->aux->ksym.start = (unsigned long) prog->bpf_func;
541 : prog->aux->ksym.end = addr + hdr->pages * PAGE_SIZE;
542 : }
543 :
544 : static void
545 : bpf_prog_ksym_set_name(struct bpf_prog *prog)
546 : {
547 : char *sym = prog->aux->ksym.name;
548 : const char *end = sym + KSYM_NAME_LEN;
549 : const struct btf_type *type;
550 : const char *func_name;
551 :
552 : BUILD_BUG_ON(sizeof("bpf_prog_") +
553 : sizeof(prog->tag) * 2 +
554 : /* name has been null terminated.
555 : * We should need +1 for the '_' preceding
556 : * the name. However, the null character
557 : * is double counted between the name and the
558 : * sizeof("bpf_prog_") above, so we omit
559 : * the +1 here.
560 : */
561 : sizeof(prog->aux->name) > KSYM_NAME_LEN);
562 :
563 : sym += snprintf(sym, KSYM_NAME_LEN, "bpf_prog_");
564 : sym = bin2hex(sym, prog->tag, sizeof(prog->tag));
565 :
566 : /* prog->aux->name will be ignored if full btf name is available */
567 : if (prog->aux->func_info_cnt) {
568 : type = btf_type_by_id(prog->aux->btf,
569 : prog->aux->func_info[prog->aux->func_idx].type_id);
570 : func_name = btf_name_by_offset(prog->aux->btf, type->name_off);
571 : snprintf(sym, (size_t)(end - sym), "_%s", func_name);
572 : return;
573 : }
574 :
575 : if (prog->aux->name[0])
576 : snprintf(sym, (size_t)(end - sym), "_%s", prog->aux->name);
577 : else
578 : *sym = 0;
579 : }
580 :
581 : static unsigned long bpf_get_ksym_start(struct latch_tree_node *n)
582 : {
583 : return container_of(n, struct bpf_ksym, tnode)->start;
584 : }
585 :
586 : static __always_inline bool bpf_tree_less(struct latch_tree_node *a,
587 : struct latch_tree_node *b)
588 : {
589 : return bpf_get_ksym_start(a) < bpf_get_ksym_start(b);
590 : }
591 :
592 : static __always_inline int bpf_tree_comp(void *key, struct latch_tree_node *n)
593 : {
594 : unsigned long val = (unsigned long)key;
595 : const struct bpf_ksym *ksym;
596 :
597 : ksym = container_of(n, struct bpf_ksym, tnode);
598 :
599 : if (val < ksym->start)
600 : return -1;
601 : if (val >= ksym->end)
602 : return 1;
603 :
604 : return 0;
605 : }
606 :
607 : static const struct latch_tree_ops bpf_tree_ops = {
608 : .less = bpf_tree_less,
609 : .comp = bpf_tree_comp,
610 : };
611 :
612 : static DEFINE_SPINLOCK(bpf_lock);
613 : static LIST_HEAD(bpf_kallsyms);
614 : static struct latch_tree_root bpf_tree __cacheline_aligned;
615 :
616 : void bpf_ksym_add(struct bpf_ksym *ksym)
617 : {
618 : spin_lock_bh(&bpf_lock);
619 : WARN_ON_ONCE(!list_empty(&ksym->lnode));
620 : list_add_tail_rcu(&ksym->lnode, &bpf_kallsyms);
621 : latch_tree_insert(&ksym->tnode, &bpf_tree, &bpf_tree_ops);
622 : spin_unlock_bh(&bpf_lock);
623 : }
624 :
625 : static void __bpf_ksym_del(struct bpf_ksym *ksym)
626 : {
627 : if (list_empty(&ksym->lnode))
628 : return;
629 :
630 : latch_tree_erase(&ksym->tnode, &bpf_tree, &bpf_tree_ops);
631 : list_del_rcu(&ksym->lnode);
632 : }
633 :
634 : void bpf_ksym_del(struct bpf_ksym *ksym)
635 : {
636 : spin_lock_bh(&bpf_lock);
637 : __bpf_ksym_del(ksym);
638 : spin_unlock_bh(&bpf_lock);
639 : }
640 :
641 : static bool bpf_prog_kallsyms_candidate(const struct bpf_prog *fp)
642 : {
643 : return fp->jited && !bpf_prog_was_classic(fp);
644 : }
645 :
646 : static bool bpf_prog_kallsyms_verify_off(const struct bpf_prog *fp)
647 : {
648 : return list_empty(&fp->aux->ksym.lnode) ||
649 : fp->aux->ksym.lnode.prev == LIST_POISON2;
650 : }
651 :
652 : void bpf_prog_kallsyms_add(struct bpf_prog *fp)
653 : {
654 : if (!bpf_prog_kallsyms_candidate(fp) ||
655 : !bpf_capable())
656 : return;
657 :
658 : bpf_prog_ksym_set_addr(fp);
659 : bpf_prog_ksym_set_name(fp);
660 : fp->aux->ksym.prog = true;
661 :
662 : bpf_ksym_add(&fp->aux->ksym);
663 : }
664 :
665 : void bpf_prog_kallsyms_del(struct bpf_prog *fp)
666 : {
667 : if (!bpf_prog_kallsyms_candidate(fp))
668 : return;
669 :
670 : bpf_ksym_del(&fp->aux->ksym);
671 : }
672 :
673 : static struct bpf_ksym *bpf_ksym_find(unsigned long addr)
674 : {
675 : struct latch_tree_node *n;
676 :
677 : n = latch_tree_find((void *)addr, &bpf_tree, &bpf_tree_ops);
678 : return n ? container_of(n, struct bpf_ksym, tnode) : NULL;
679 : }
680 :
681 : const char *__bpf_address_lookup(unsigned long addr, unsigned long *size,
682 : unsigned long *off, char *sym)
683 : {
684 : struct bpf_ksym *ksym;
685 : char *ret = NULL;
686 :
687 : rcu_read_lock();
688 : ksym = bpf_ksym_find(addr);
689 : if (ksym) {
690 : unsigned long symbol_start = ksym->start;
691 : unsigned long symbol_end = ksym->end;
692 :
693 : strncpy(sym, ksym->name, KSYM_NAME_LEN);
694 :
695 : ret = sym;
696 : if (size)
697 : *size = symbol_end - symbol_start;
698 : if (off)
699 : *off = addr - symbol_start;
700 : }
701 : rcu_read_unlock();
702 :
703 : return ret;
704 : }
705 :
706 : bool is_bpf_text_address(unsigned long addr)
707 : {
708 : bool ret;
709 :
710 : rcu_read_lock();
711 : ret = bpf_ksym_find(addr) != NULL;
712 : rcu_read_unlock();
713 :
714 : return ret;
715 : }
716 :
717 : static struct bpf_prog *bpf_prog_ksym_find(unsigned long addr)
718 : {
719 : struct bpf_ksym *ksym = bpf_ksym_find(addr);
720 :
721 : return ksym && ksym->prog ?
722 : container_of(ksym, struct bpf_prog_aux, ksym)->prog :
723 : NULL;
724 : }
725 :
726 : const struct exception_table_entry *search_bpf_extables(unsigned long addr)
727 : {
728 : const struct exception_table_entry *e = NULL;
729 : struct bpf_prog *prog;
730 :
731 : rcu_read_lock();
732 : prog = bpf_prog_ksym_find(addr);
733 : if (!prog)
734 : goto out;
735 : if (!prog->aux->num_exentries)
736 : goto out;
737 :
738 : e = search_extable(prog->aux->extable, prog->aux->num_exentries, addr);
739 : out:
740 : rcu_read_unlock();
741 : return e;
742 : }
743 :
744 : int bpf_get_kallsym(unsigned int symnum, unsigned long *value, char *type,
745 : char *sym)
746 : {
747 : struct bpf_ksym *ksym;
748 : unsigned int it = 0;
749 : int ret = -ERANGE;
750 :
751 : if (!bpf_jit_kallsyms_enabled())
752 : return ret;
753 :
754 : rcu_read_lock();
755 : list_for_each_entry_rcu(ksym, &bpf_kallsyms, lnode) {
756 : if (it++ != symnum)
757 : continue;
758 :
759 : strncpy(sym, ksym->name, KSYM_NAME_LEN);
760 :
761 : *value = ksym->start;
762 : *type = BPF_SYM_ELF_TYPE;
763 :
764 : ret = 0;
765 : break;
766 : }
767 : rcu_read_unlock();
768 :
769 : return ret;
770 : }
771 :
772 : int bpf_jit_add_poke_descriptor(struct bpf_prog *prog,
773 : struct bpf_jit_poke_descriptor *poke)
774 : {
775 : struct bpf_jit_poke_descriptor *tab = prog->aux->poke_tab;
776 : static const u32 poke_tab_max = 1024;
777 : u32 slot = prog->aux->size_poke_tab;
778 : u32 size = slot + 1;
779 :
780 : if (size > poke_tab_max)
781 : return -ENOSPC;
782 : if (poke->tailcall_target || poke->tailcall_target_stable ||
783 : poke->tailcall_bypass || poke->adj_off || poke->bypass_addr)
784 : return -EINVAL;
785 :
786 : switch (poke->reason) {
787 : case BPF_POKE_REASON_TAIL_CALL:
788 : if (!poke->tail_call.map)
789 : return -EINVAL;
790 : break;
791 : default:
792 : return -EINVAL;
793 : }
794 :
795 : tab = krealloc(tab, size * sizeof(*poke), GFP_KERNEL);
796 : if (!tab)
797 : return -ENOMEM;
798 :
799 : memcpy(&tab[slot], poke, sizeof(*poke));
800 : prog->aux->size_poke_tab = size;
801 : prog->aux->poke_tab = tab;
802 :
803 : return slot;
804 : }
805 :
806 : static atomic_long_t bpf_jit_current;
807 :
808 : /* Can be overridden by an arch's JIT compiler if it has a custom,
809 : * dedicated BPF backend memory area, or if neither of the two
810 : * below apply.
811 : */
812 : u64 __weak bpf_jit_alloc_exec_limit(void)
813 : {
814 : #if defined(MODULES_VADDR)
815 : return MODULES_END - MODULES_VADDR;
816 : #else
817 : return VMALLOC_END - VMALLOC_START;
818 : #endif
819 : }
820 :
821 : static int __init bpf_jit_charge_init(void)
822 : {
823 : /* Only used as heuristic here to derive limit. */
824 : bpf_jit_limit = min_t(u64, round_up(bpf_jit_alloc_exec_limit() >> 2,
825 : PAGE_SIZE), LONG_MAX);
826 : return 0;
827 : }
828 : pure_initcall(bpf_jit_charge_init);
829 :
830 : static int bpf_jit_charge_modmem(u32 pages)
831 : {
832 : if (atomic_long_add_return(pages, &bpf_jit_current) >
833 : (bpf_jit_limit >> PAGE_SHIFT)) {
834 : if (!capable(CAP_SYS_ADMIN)) {
835 : atomic_long_sub(pages, &bpf_jit_current);
836 : return -EPERM;
837 : }
838 : }
839 :
840 : return 0;
841 : }
842 :
843 : static void bpf_jit_uncharge_modmem(u32 pages)
844 : {
845 : atomic_long_sub(pages, &bpf_jit_current);
846 : }
847 :
848 : void *__weak bpf_jit_alloc_exec(unsigned long size)
849 : {
850 : return module_alloc(size);
851 : }
852 :
853 : void __weak bpf_jit_free_exec(void *addr)
854 : {
855 : module_memfree(addr);
856 : }
857 :
858 : struct bpf_binary_header *
859 : bpf_jit_binary_alloc(unsigned int proglen, u8 **image_ptr,
860 : unsigned int alignment,
861 : bpf_jit_fill_hole_t bpf_fill_ill_insns)
862 : {
863 : struct bpf_binary_header *hdr;
864 : u32 size, hole, start, pages;
865 :
866 : WARN_ON_ONCE(!is_power_of_2(alignment) ||
867 : alignment > BPF_IMAGE_ALIGNMENT);
868 :
869 : /* Most of BPF filters are really small, but if some of them
870 : * fill a page, allow at least 128 extra bytes to insert a
871 : * random section of illegal instructions.
872 : */
873 : size = round_up(proglen + sizeof(*hdr) + 128, PAGE_SIZE);
874 : pages = size / PAGE_SIZE;
875 :
876 : if (bpf_jit_charge_modmem(pages))
877 : return NULL;
878 : hdr = bpf_jit_alloc_exec(size);
879 : if (!hdr) {
880 : bpf_jit_uncharge_modmem(pages);
881 : return NULL;
882 : }
883 :
884 : /* Fill space with illegal/arch-dep instructions. */
885 : bpf_fill_ill_insns(hdr, size);
886 :
887 : hdr->pages = pages;
888 : hole = min_t(unsigned int, size - (proglen + sizeof(*hdr)),
889 : PAGE_SIZE - sizeof(*hdr));
890 : start = (get_random_int() % hole) & ~(alignment - 1);
891 :
892 : /* Leave a random number of instructions before BPF code. */
893 : *image_ptr = &hdr->image[start];
894 :
895 : return hdr;
896 : }
897 :
898 : void bpf_jit_binary_free(struct bpf_binary_header *hdr)
899 : {
900 : u32 pages = hdr->pages;
901 :
902 : bpf_jit_free_exec(hdr);
903 : bpf_jit_uncharge_modmem(pages);
904 : }
905 :
906 : /* This symbol is only overridden by archs that have different
907 : * requirements than the usual eBPF JITs, f.e. when they only
908 : * implement cBPF JIT, do not set images read-only, etc.
909 : */
910 : void __weak bpf_jit_free(struct bpf_prog *fp)
911 : {
912 : if (fp->jited) {
913 : struct bpf_binary_header *hdr = bpf_jit_binary_hdr(fp);
914 :
915 : bpf_jit_binary_free(hdr);
916 :
917 : WARN_ON_ONCE(!bpf_prog_kallsyms_verify_off(fp));
918 : }
919 :
920 : bpf_prog_unlock_free(fp);
921 : }
922 :
923 : int bpf_jit_get_func_addr(const struct bpf_prog *prog,
924 : const struct bpf_insn *insn, bool extra_pass,
925 : u64 *func_addr, bool *func_addr_fixed)
926 : {
927 : s16 off = insn->off;
928 : s32 imm = insn->imm;
929 : u8 *addr;
930 :
931 : *func_addr_fixed = insn->src_reg != BPF_PSEUDO_CALL;
932 : if (!*func_addr_fixed) {
933 : /* Place-holder address till the last pass has collected
934 : * all addresses for JITed subprograms in which case we
935 : * can pick them up from prog->aux.
936 : */
937 : if (!extra_pass)
938 : addr = NULL;
939 : else if (prog->aux->func &&
940 : off >= 0 && off < prog->aux->func_cnt)
941 : addr = (u8 *)prog->aux->func[off]->bpf_func;
942 : else
943 : return -EINVAL;
944 : } else {
945 : /* Address of a BPF helper call. Since part of the core
946 : * kernel, it's always at a fixed location. __bpf_call_base
947 : * and the helper with imm relative to it are both in core
948 : * kernel.
949 : */
950 : addr = (u8 *)__bpf_call_base + imm;
951 : }
952 :
953 : *func_addr = (unsigned long)addr;
954 : return 0;
955 : }
956 :
957 : static int bpf_jit_blind_insn(const struct bpf_insn *from,
958 : const struct bpf_insn *aux,
959 : struct bpf_insn *to_buff,
960 : bool emit_zext)
961 : {
962 : struct bpf_insn *to = to_buff;
963 : u32 imm_rnd = get_random_int();
964 : s16 off;
965 :
966 : BUILD_BUG_ON(BPF_REG_AX + 1 != MAX_BPF_JIT_REG);
967 : BUILD_BUG_ON(MAX_BPF_REG + 1 != MAX_BPF_JIT_REG);
968 :
969 : /* Constraints on AX register:
970 : *
971 : * AX register is inaccessible from user space. It is mapped in
972 : * all JITs, and used here for constant blinding rewrites. It is
973 : * typically "stateless" meaning its contents are only valid within
974 : * the executed instruction, but not across several instructions.
975 : * There are a few exceptions however which are further detailed
976 : * below.
977 : *
978 : * Constant blinding is only used by JITs, not in the interpreter.
979 : * The interpreter uses AX in some occasions as a local temporary
980 : * register e.g. in DIV or MOD instructions.
981 : *
982 : * In restricted circumstances, the verifier can also use the AX
983 : * register for rewrites as long as they do not interfere with
984 : * the above cases!
985 : */
986 : if (from->dst_reg == BPF_REG_AX || from->src_reg == BPF_REG_AX)
987 : goto out;
988 :
989 : if (from->imm == 0 &&
990 : (from->code == (BPF_ALU | BPF_MOV | BPF_K) ||
991 : from->code == (BPF_ALU64 | BPF_MOV | BPF_K))) {
992 : *to++ = BPF_ALU64_REG(BPF_XOR, from->dst_reg, from->dst_reg);
993 : goto out;
994 : }
995 :
996 : switch (from->code) {
997 : case BPF_ALU | BPF_ADD | BPF_K:
998 : case BPF_ALU | BPF_SUB | BPF_K:
999 : case BPF_ALU | BPF_AND | BPF_K:
1000 : case BPF_ALU | BPF_OR | BPF_K:
1001 : case BPF_ALU | BPF_XOR | BPF_K:
1002 : case BPF_ALU | BPF_MUL | BPF_K:
1003 : case BPF_ALU | BPF_MOV | BPF_K:
1004 : case BPF_ALU | BPF_DIV | BPF_K:
1005 : case BPF_ALU | BPF_MOD | BPF_K:
1006 : *to++ = BPF_ALU32_IMM(BPF_MOV, BPF_REG_AX, imm_rnd ^ from->imm);
1007 : *to++ = BPF_ALU32_IMM(BPF_XOR, BPF_REG_AX, imm_rnd);
1008 : *to++ = BPF_ALU32_REG(from->code, from->dst_reg, BPF_REG_AX);
1009 : break;
1010 :
1011 : case BPF_ALU64 | BPF_ADD | BPF_K:
1012 : case BPF_ALU64 | BPF_SUB | BPF_K:
1013 : case BPF_ALU64 | BPF_AND | BPF_K:
1014 : case BPF_ALU64 | BPF_OR | BPF_K:
1015 : case BPF_ALU64 | BPF_XOR | BPF_K:
1016 : case BPF_ALU64 | BPF_MUL | BPF_K:
1017 : case BPF_ALU64 | BPF_MOV | BPF_K:
1018 : case BPF_ALU64 | BPF_DIV | BPF_K:
1019 : case BPF_ALU64 | BPF_MOD | BPF_K:
1020 : *to++ = BPF_ALU64_IMM(BPF_MOV, BPF_REG_AX, imm_rnd ^ from->imm);
1021 : *to++ = BPF_ALU64_IMM(BPF_XOR, BPF_REG_AX, imm_rnd);
1022 : *to++ = BPF_ALU64_REG(from->code, from->dst_reg, BPF_REG_AX);
1023 : break;
1024 :
1025 : case BPF_JMP | BPF_JEQ | BPF_K:
1026 : case BPF_JMP | BPF_JNE | BPF_K:
1027 : case BPF_JMP | BPF_JGT | BPF_K:
1028 : case BPF_JMP | BPF_JLT | BPF_K:
1029 : case BPF_JMP | BPF_JGE | BPF_K:
1030 : case BPF_JMP | BPF_JLE | BPF_K:
1031 : case BPF_JMP | BPF_JSGT | BPF_K:
1032 : case BPF_JMP | BPF_JSLT | BPF_K:
1033 : case BPF_JMP | BPF_JSGE | BPF_K:
1034 : case BPF_JMP | BPF_JSLE | BPF_K:
1035 : case BPF_JMP | BPF_JSET | BPF_K:
1036 : /* Accommodate for extra offset in case of a backjump. */
1037 : off = from->off;
1038 : if (off < 0)
1039 : off -= 2;
1040 : *to++ = BPF_ALU64_IMM(BPF_MOV, BPF_REG_AX, imm_rnd ^ from->imm);
1041 : *to++ = BPF_ALU64_IMM(BPF_XOR, BPF_REG_AX, imm_rnd);
1042 : *to++ = BPF_JMP_REG(from->code, from->dst_reg, BPF_REG_AX, off);
1043 : break;
1044 :
1045 : case BPF_JMP32 | BPF_JEQ | BPF_K:
1046 : case BPF_JMP32 | BPF_JNE | BPF_K:
1047 : case BPF_JMP32 | BPF_JGT | BPF_K:
1048 : case BPF_JMP32 | BPF_JLT | BPF_K:
1049 : case BPF_JMP32 | BPF_JGE | BPF_K:
1050 : case BPF_JMP32 | BPF_JLE | BPF_K:
1051 : case BPF_JMP32 | BPF_JSGT | BPF_K:
1052 : case BPF_JMP32 | BPF_JSLT | BPF_K:
1053 : case BPF_JMP32 | BPF_JSGE | BPF_K:
1054 : case BPF_JMP32 | BPF_JSLE | BPF_K:
1055 : case BPF_JMP32 | BPF_JSET | BPF_K:
1056 : /* Accommodate for extra offset in case of a backjump. */
1057 : off = from->off;
1058 : if (off < 0)
1059 : off -= 2;
1060 : *to++ = BPF_ALU32_IMM(BPF_MOV, BPF_REG_AX, imm_rnd ^ from->imm);
1061 : *to++ = BPF_ALU32_IMM(BPF_XOR, BPF_REG_AX, imm_rnd);
1062 : *to++ = BPF_JMP32_REG(from->code, from->dst_reg, BPF_REG_AX,
1063 : off);
1064 : break;
1065 :
1066 : case BPF_LD | BPF_IMM | BPF_DW:
1067 : *to++ = BPF_ALU64_IMM(BPF_MOV, BPF_REG_AX, imm_rnd ^ aux[1].imm);
1068 : *to++ = BPF_ALU64_IMM(BPF_XOR, BPF_REG_AX, imm_rnd);
1069 : *to++ = BPF_ALU64_IMM(BPF_LSH, BPF_REG_AX, 32);
1070 : *to++ = BPF_ALU64_REG(BPF_MOV, aux[0].dst_reg, BPF_REG_AX);
1071 : break;
1072 : case 0: /* Part 2 of BPF_LD | BPF_IMM | BPF_DW. */
1073 : *to++ = BPF_ALU32_IMM(BPF_MOV, BPF_REG_AX, imm_rnd ^ aux[0].imm);
1074 : *to++ = BPF_ALU32_IMM(BPF_XOR, BPF_REG_AX, imm_rnd);
1075 : if (emit_zext)
1076 : *to++ = BPF_ZEXT_REG(BPF_REG_AX);
1077 : *to++ = BPF_ALU64_REG(BPF_OR, aux[0].dst_reg, BPF_REG_AX);
1078 : break;
1079 :
1080 : case BPF_ST | BPF_MEM | BPF_DW:
1081 : case BPF_ST | BPF_MEM | BPF_W:
1082 : case BPF_ST | BPF_MEM | BPF_H:
1083 : case BPF_ST | BPF_MEM | BPF_B:
1084 : *to++ = BPF_ALU64_IMM(BPF_MOV, BPF_REG_AX, imm_rnd ^ from->imm);
1085 : *to++ = BPF_ALU64_IMM(BPF_XOR, BPF_REG_AX, imm_rnd);
1086 : *to++ = BPF_STX_MEM(from->code, from->dst_reg, BPF_REG_AX, from->off);
1087 : break;
1088 : }
1089 : out:
1090 : return to - to_buff;
1091 : }
1092 :
1093 : static struct bpf_prog *bpf_prog_clone_create(struct bpf_prog *fp_other,
1094 : gfp_t gfp_extra_flags)
1095 : {
1096 : gfp_t gfp_flags = GFP_KERNEL | __GFP_ZERO | gfp_extra_flags;
1097 : struct bpf_prog *fp;
1098 :
1099 : fp = __vmalloc(fp_other->pages * PAGE_SIZE, gfp_flags);
1100 : if (fp != NULL) {
1101 : /* aux->prog still points to the fp_other one, so
1102 : * when promoting the clone to the real program,
1103 : * this still needs to be adapted.
1104 : */
1105 : memcpy(fp, fp_other, fp_other->pages * PAGE_SIZE);
1106 : }
1107 :
1108 : return fp;
1109 : }
1110 :
1111 : static void bpf_prog_clone_free(struct bpf_prog *fp)
1112 : {
1113 : /* aux was stolen by the other clone, so we cannot free
1114 : * it from this path! It will be freed eventually by the
1115 : * other program on release.
1116 : *
1117 : * At this point, we don't need a deferred release since
1118 : * clone is guaranteed to not be locked.
1119 : */
1120 : fp->aux = NULL;
1121 : fp->stats = NULL;
1122 : fp->active = NULL;
1123 : __bpf_prog_free(fp);
1124 : }
1125 :
1126 : void bpf_jit_prog_release_other(struct bpf_prog *fp, struct bpf_prog *fp_other)
1127 : {
1128 : /* We have to repoint aux->prog to self, as we don't
1129 : * know whether fp here is the clone or the original.
1130 : */
1131 : fp->aux->prog = fp;
1132 : bpf_prog_clone_free(fp_other);
1133 : }
1134 :
1135 : struct bpf_prog *bpf_jit_blind_constants(struct bpf_prog *prog)
1136 : {
1137 : struct bpf_insn insn_buff[16], aux[2];
1138 : struct bpf_prog *clone, *tmp;
1139 : int insn_delta, insn_cnt;
1140 : struct bpf_insn *insn;
1141 : int i, rewritten;
1142 :
1143 : if (!bpf_jit_blinding_enabled(prog) || prog->blinded)
1144 : return prog;
1145 :
1146 : clone = bpf_prog_clone_create(prog, GFP_USER);
1147 : if (!clone)
1148 : return ERR_PTR(-ENOMEM);
1149 :
1150 : insn_cnt = clone->len;
1151 : insn = clone->insnsi;
1152 :
1153 : for (i = 0; i < insn_cnt; i++, insn++) {
1154 : /* We temporarily need to hold the original ld64 insn
1155 : * so that we can still access the first part in the
1156 : * second blinding run.
1157 : */
1158 : if (insn[0].code == (BPF_LD | BPF_IMM | BPF_DW) &&
1159 : insn[1].code == 0)
1160 : memcpy(aux, insn, sizeof(aux));
1161 :
1162 : rewritten = bpf_jit_blind_insn(insn, aux, insn_buff,
1163 : clone->aux->verifier_zext);
1164 : if (!rewritten)
1165 : continue;
1166 :
1167 : tmp = bpf_patch_insn_single(clone, i, insn_buff, rewritten);
1168 : if (IS_ERR(tmp)) {
1169 : /* Patching may have repointed aux->prog during
1170 : * realloc from the original one, so we need to
1171 : * fix it up here on error.
1172 : */
1173 : bpf_jit_prog_release_other(prog, clone);
1174 : return tmp;
1175 : }
1176 :
1177 : clone = tmp;
1178 : insn_delta = rewritten - 1;
1179 :
1180 : /* Walk new program and skip insns we just inserted. */
1181 : insn = clone->insnsi + i + insn_delta;
1182 : insn_cnt += insn_delta;
1183 : i += insn_delta;
1184 : }
1185 :
1186 : clone->blinded = 1;
1187 : return clone;
1188 : }
1189 : #endif /* CONFIG_BPF_JIT */
1190 :
1191 : /* Base function for offset calculation. Needs to go into .text section,
1192 : * therefore keeping it non-static as well; will also be used by JITs
1193 : * anyway later on, so do not let the compiler omit it. This also needs
1194 : * to go into kallsyms for correlation from e.g. bpftool, so naming
1195 : * must not change.
1196 : */
1197 66 : noinline u64 __bpf_call_base(u64 r1, u64 r2, u64 r3, u64 r4, u64 r5)
1198 : {
1199 66 : return 0;
1200 : }
1201 : EXPORT_SYMBOL_GPL(__bpf_call_base);
1202 :
1203 : /* All UAPI available opcodes. */
1204 : #define BPF_INSN_MAP(INSN_2, INSN_3) \
1205 : /* 32 bit ALU operations. */ \
1206 : /* Register based. */ \
1207 : INSN_3(ALU, ADD, X), \
1208 : INSN_3(ALU, SUB, X), \
1209 : INSN_3(ALU, AND, X), \
1210 : INSN_3(ALU, OR, X), \
1211 : INSN_3(ALU, LSH, X), \
1212 : INSN_3(ALU, RSH, X), \
1213 : INSN_3(ALU, XOR, X), \
1214 : INSN_3(ALU, MUL, X), \
1215 : INSN_3(ALU, MOV, X), \
1216 : INSN_3(ALU, ARSH, X), \
1217 : INSN_3(ALU, DIV, X), \
1218 : INSN_3(ALU, MOD, X), \
1219 : INSN_2(ALU, NEG), \
1220 : INSN_3(ALU, END, TO_BE), \
1221 : INSN_3(ALU, END, TO_LE), \
1222 : /* Immediate based. */ \
1223 : INSN_3(ALU, ADD, K), \
1224 : INSN_3(ALU, SUB, K), \
1225 : INSN_3(ALU, AND, K), \
1226 : INSN_3(ALU, OR, K), \
1227 : INSN_3(ALU, LSH, K), \
1228 : INSN_3(ALU, RSH, K), \
1229 : INSN_3(ALU, XOR, K), \
1230 : INSN_3(ALU, MUL, K), \
1231 : INSN_3(ALU, MOV, K), \
1232 : INSN_3(ALU, ARSH, K), \
1233 : INSN_3(ALU, DIV, K), \
1234 : INSN_3(ALU, MOD, K), \
1235 : /* 64 bit ALU operations. */ \
1236 : /* Register based. */ \
1237 : INSN_3(ALU64, ADD, X), \
1238 : INSN_3(ALU64, SUB, X), \
1239 : INSN_3(ALU64, AND, X), \
1240 : INSN_3(ALU64, OR, X), \
1241 : INSN_3(ALU64, LSH, X), \
1242 : INSN_3(ALU64, RSH, X), \
1243 : INSN_3(ALU64, XOR, X), \
1244 : INSN_3(ALU64, MUL, X), \
1245 : INSN_3(ALU64, MOV, X), \
1246 : INSN_3(ALU64, ARSH, X), \
1247 : INSN_3(ALU64, DIV, X), \
1248 : INSN_3(ALU64, MOD, X), \
1249 : INSN_2(ALU64, NEG), \
1250 : /* Immediate based. */ \
1251 : INSN_3(ALU64, ADD, K), \
1252 : INSN_3(ALU64, SUB, K), \
1253 : INSN_3(ALU64, AND, K), \
1254 : INSN_3(ALU64, OR, K), \
1255 : INSN_3(ALU64, LSH, K), \
1256 : INSN_3(ALU64, RSH, K), \
1257 : INSN_3(ALU64, XOR, K), \
1258 : INSN_3(ALU64, MUL, K), \
1259 : INSN_3(ALU64, MOV, K), \
1260 : INSN_3(ALU64, ARSH, K), \
1261 : INSN_3(ALU64, DIV, K), \
1262 : INSN_3(ALU64, MOD, K), \
1263 : /* Call instruction. */ \
1264 : INSN_2(JMP, CALL), \
1265 : /* Exit instruction. */ \
1266 : INSN_2(JMP, EXIT), \
1267 : /* 32-bit Jump instructions. */ \
1268 : /* Register based. */ \
1269 : INSN_3(JMP32, JEQ, X), \
1270 : INSN_3(JMP32, JNE, X), \
1271 : INSN_3(JMP32, JGT, X), \
1272 : INSN_3(JMP32, JLT, X), \
1273 : INSN_3(JMP32, JGE, X), \
1274 : INSN_3(JMP32, JLE, X), \
1275 : INSN_3(JMP32, JSGT, X), \
1276 : INSN_3(JMP32, JSLT, X), \
1277 : INSN_3(JMP32, JSGE, X), \
1278 : INSN_3(JMP32, JSLE, X), \
1279 : INSN_3(JMP32, JSET, X), \
1280 : /* Immediate based. */ \
1281 : INSN_3(JMP32, JEQ, K), \
1282 : INSN_3(JMP32, JNE, K), \
1283 : INSN_3(JMP32, JGT, K), \
1284 : INSN_3(JMP32, JLT, K), \
1285 : INSN_3(JMP32, JGE, K), \
1286 : INSN_3(JMP32, JLE, K), \
1287 : INSN_3(JMP32, JSGT, K), \
1288 : INSN_3(JMP32, JSLT, K), \
1289 : INSN_3(JMP32, JSGE, K), \
1290 : INSN_3(JMP32, JSLE, K), \
1291 : INSN_3(JMP32, JSET, K), \
1292 : /* Jump instructions. */ \
1293 : /* Register based. */ \
1294 : INSN_3(JMP, JEQ, X), \
1295 : INSN_3(JMP, JNE, X), \
1296 : INSN_3(JMP, JGT, X), \
1297 : INSN_3(JMP, JLT, X), \
1298 : INSN_3(JMP, JGE, X), \
1299 : INSN_3(JMP, JLE, X), \
1300 : INSN_3(JMP, JSGT, X), \
1301 : INSN_3(JMP, JSLT, X), \
1302 : INSN_3(JMP, JSGE, X), \
1303 : INSN_3(JMP, JSLE, X), \
1304 : INSN_3(JMP, JSET, X), \
1305 : /* Immediate based. */ \
1306 : INSN_3(JMP, JEQ, K), \
1307 : INSN_3(JMP, JNE, K), \
1308 : INSN_3(JMP, JGT, K), \
1309 : INSN_3(JMP, JLT, K), \
1310 : INSN_3(JMP, JGE, K), \
1311 : INSN_3(JMP, JLE, K), \
1312 : INSN_3(JMP, JSGT, K), \
1313 : INSN_3(JMP, JSLT, K), \
1314 : INSN_3(JMP, JSGE, K), \
1315 : INSN_3(JMP, JSLE, K), \
1316 : INSN_3(JMP, JSET, K), \
1317 : INSN_2(JMP, JA), \
1318 : /* Store instructions. */ \
1319 : /* Register based. */ \
1320 : INSN_3(STX, MEM, B), \
1321 : INSN_3(STX, MEM, H), \
1322 : INSN_3(STX, MEM, W), \
1323 : INSN_3(STX, MEM, DW), \
1324 : INSN_3(STX, ATOMIC, W), \
1325 : INSN_3(STX, ATOMIC, DW), \
1326 : /* Immediate based. */ \
1327 : INSN_3(ST, MEM, B), \
1328 : INSN_3(ST, MEM, H), \
1329 : INSN_3(ST, MEM, W), \
1330 : INSN_3(ST, MEM, DW), \
1331 : /* Load instructions. */ \
1332 : /* Register based. */ \
1333 : INSN_3(LDX, MEM, B), \
1334 : INSN_3(LDX, MEM, H), \
1335 : INSN_3(LDX, MEM, W), \
1336 : INSN_3(LDX, MEM, DW), \
1337 : /* Immediate based. */ \
1338 : INSN_3(LD, IMM, DW)
1339 :
1340 0 : bool bpf_opcode_in_insntable(u8 code)
1341 : {
1342 : #define BPF_INSN_2_TBL(x, y) [BPF_##x | BPF_##y] = true
1343 : #define BPF_INSN_3_TBL(x, y, z) [BPF_##x | BPF_##y | BPF_##z] = true
1344 0 : static const bool public_insntable[256] = {
1345 : [0 ... 255] = false,
1346 : /* Now overwrite non-defaults ... */
1347 : BPF_INSN_MAP(BPF_INSN_2_TBL, BPF_INSN_3_TBL),
1348 : /* UAPI exposed, but rewritten opcodes. cBPF carry-over. */
1349 : [BPF_LD | BPF_ABS | BPF_B] = true,
1350 : [BPF_LD | BPF_ABS | BPF_H] = true,
1351 : [BPF_LD | BPF_ABS | BPF_W] = true,
1352 : [BPF_LD | BPF_IND | BPF_B] = true,
1353 : [BPF_LD | BPF_IND | BPF_H] = true,
1354 : [BPF_LD | BPF_IND | BPF_W] = true,
1355 : };
1356 : #undef BPF_INSN_3_TBL
1357 : #undef BPF_INSN_2_TBL
1358 0 : return public_insntable[code];
1359 : }
1360 :
1361 : #ifndef CONFIG_BPF_JIT_ALWAYS_ON
1362 0 : u64 __weak bpf_probe_read_kernel(void *dst, u32 size, const void *unsafe_ptr)
1363 : {
1364 0 : memset(dst, 0, size);
1365 0 : return -EFAULT;
1366 : }
1367 :
1368 : /**
1369 : * __bpf_prog_run - run eBPF program on a given context
1370 : * @regs: is the array of MAX_BPF_EXT_REG eBPF pseudo-registers
1371 : * @insn: is the array of eBPF instructions
1372 : * @stack: is the eBPF storage stack
1373 : *
1374 : * Decode and execute eBPF instructions.
1375 : */
1376 1074 : static u64 ___bpf_prog_run(u64 *regs, const struct bpf_insn *insn, u64 *stack)
1377 : {
1378 : #define BPF_INSN_2_LBL(x, y) [BPF_##x | BPF_##y] = &&x##_##y
1379 : #define BPF_INSN_3_LBL(x, y, z) [BPF_##x | BPF_##y | BPF_##z] = &&x##_##y##_##z
1380 1074 : static const void * const jumptable[256] __annotate_jump_table = {
1381 : [0 ... 255] = &&default_label,
1382 : /* Now overwrite non-defaults ... */
1383 : BPF_INSN_MAP(BPF_INSN_2_LBL, BPF_INSN_3_LBL),
1384 : /* Non-UAPI available opcodes. */
1385 : [BPF_JMP | BPF_CALL_ARGS] = &&JMP_CALL_ARGS,
1386 : [BPF_JMP | BPF_TAIL_CALL] = &&JMP_TAIL_CALL,
1387 : [BPF_LDX | BPF_PROBE_MEM | BPF_B] = &&LDX_PROBE_MEM_B,
1388 : [BPF_LDX | BPF_PROBE_MEM | BPF_H] = &&LDX_PROBE_MEM_H,
1389 : [BPF_LDX | BPF_PROBE_MEM | BPF_W] = &&LDX_PROBE_MEM_W,
1390 : [BPF_LDX | BPF_PROBE_MEM | BPF_DW] = &&LDX_PROBE_MEM_DW,
1391 : };
1392 : #undef BPF_INSN_3_LBL
1393 : #undef BPF_INSN_2_LBL
1394 1074 : u32 tail_call_cnt = 0;
1395 :
1396 : #define CONT ({ insn++; goto select_insn; })
1397 : #define CONT_JMP ({ insn++; goto select_insn; })
1398 :
1399 : select_insn:
1400 24516 : goto *jumptable[insn->code];
1401 :
1402 : /* ALU */
1403 : #define ALU(OPCODE, OP) \
1404 : ALU64_##OPCODE##_X: \
1405 : DST = DST OP SRC; \
1406 : CONT; \
1407 : ALU_##OPCODE##_X: \
1408 : DST = (u32) DST OP (u32) SRC; \
1409 : CONT; \
1410 : ALU64_##OPCODE##_K: \
1411 : DST = DST OP IMM; \
1412 : CONT; \
1413 : ALU_##OPCODE##_K: \
1414 : DST = (u32) DST OP (u32) IMM; \
1415 : CONT;
1416 :
1417 9 : ALU(ADD, +)
1418 3251 : ALU(SUB, -)
1419 210 : ALU(AND, &)
1420 0 : ALU(OR, |)
1421 9 : ALU(LSH, <<)
1422 0 : ALU(RSH, >>)
1423 2148 : ALU(XOR, ^)
1424 0 : ALU(MUL, *)
1425 : #undef ALU
1426 0 : ALU_NEG:
1427 0 : DST = (u32) -DST;
1428 0 : CONT;
1429 0 : ALU64_NEG:
1430 0 : DST = -DST;
1431 0 : CONT;
1432 0 : ALU_MOV_X:
1433 0 : DST = (u32) SRC;
1434 0 : CONT;
1435 1260 : ALU_MOV_K:
1436 1260 : DST = (u32) IMM;
1437 1260 : CONT;
1438 3323 : ALU64_MOV_X:
1439 3323 : DST = SRC;
1440 3323 : CONT;
1441 0 : ALU64_MOV_K:
1442 0 : DST = IMM;
1443 0 : CONT;
1444 0 : LD_IMM_DW:
1445 0 : DST = (u64) (u32) insn[0].imm | ((u64) (u32) insn[1].imm) << 32;
1446 0 : insn++;
1447 0 : CONT;
1448 0 : ALU_ARSH_X:
1449 0 : DST = (u64) (u32) (((s32) DST) >> SRC);
1450 0 : CONT;
1451 0 : ALU_ARSH_K:
1452 0 : DST = (u64) (u32) (((s32) DST) >> IMM);
1453 0 : CONT;
1454 0 : ALU64_ARSH_X:
1455 0 : (*(s64 *) &DST) >>= SRC;
1456 0 : CONT;
1457 0 : ALU64_ARSH_K:
1458 0 : (*(s64 *) &DST) >>= IMM;
1459 0 : CONT;
1460 0 : ALU64_MOD_X:
1461 0 : div64_u64_rem(DST, SRC, &AX);
1462 0 : DST = AX;
1463 0 : CONT;
1464 0 : ALU_MOD_X:
1465 0 : AX = (u32) DST;
1466 0 : DST = do_div(AX, (u32) SRC);
1467 0 : CONT;
1468 0 : ALU64_MOD_K:
1469 0 : div64_u64_rem(DST, IMM, &AX);
1470 0 : DST = AX;
1471 0 : CONT;
1472 0 : ALU_MOD_K:
1473 0 : AX = (u32) DST;
1474 0 : DST = do_div(AX, (u32) IMM);
1475 0 : CONT;
1476 0 : ALU64_DIV_X:
1477 0 : DST = div64_u64(DST, SRC);
1478 0 : CONT;
1479 0 : ALU_DIV_X:
1480 0 : AX = (u32) DST;
1481 0 : do_div(AX, (u32) SRC);
1482 0 : DST = (u32) AX;
1483 0 : CONT;
1484 0 : ALU64_DIV_K:
1485 0 : DST = div64_u64(DST, IMM);
1486 0 : CONT;
1487 0 : ALU_DIV_K:
1488 0 : AX = (u32) DST;
1489 0 : do_div(AX, (u32) IMM);
1490 0 : DST = (u32) AX;
1491 0 : CONT;
1492 1284 : ALU_END_TO_BE:
1493 1284 : switch (IMM) {
1494 897 : case 16:
1495 897 : DST = (__force u16) cpu_to_be16(DST);
1496 897 : break;
1497 387 : case 32:
1498 387 : DST = (__force u32) cpu_to_be32(DST);
1499 387 : break;
1500 0 : case 64:
1501 0 : DST = (__force u64) cpu_to_be64(DST);
1502 0 : break;
1503 : }
1504 1284 : CONT;
1505 0 : ALU_END_TO_LE:
1506 0 : switch (IMM) {
1507 0 : case 16:
1508 0 : DST = (__force u16) cpu_to_le16(DST);
1509 0 : break;
1510 0 : case 32:
1511 0 : DST = (__force u32) cpu_to_le32(DST);
1512 0 : break;
1513 : case 64:
1514 : DST = (__force u64) cpu_to_le64(DST);
1515 : break;
1516 : }
1517 0 : CONT;
1518 :
1519 : /* CALL */
1520 9 : JMP_CALL:
1521 : /* Function call scratches BPF_R1-BPF_R5 registers,
1522 : * preserves BPF_R6-BPF_R9, and stores return value
1523 : * into BPF_R0.
1524 : */
1525 9 : BPF_R0 = (__bpf_call_base + insn->imm)(BPF_R1, BPF_R2, BPF_R3,
1526 : BPF_R4, BPF_R5);
1527 9 : CONT;
1528 :
1529 0 : JMP_CALL_ARGS:
1530 0 : BPF_R0 = (__bpf_call_base_args + insn->imm)(BPF_R1, BPF_R2,
1531 : BPF_R3, BPF_R4,
1532 : BPF_R5,
1533 0 : insn + insn->off + 1);
1534 0 : CONT;
1535 :
1536 0 : JMP_TAIL_CALL: {
1537 0 : struct bpf_map *map = (struct bpf_map *) (unsigned long) BPF_R2;
1538 0 : struct bpf_array *array = container_of(map, struct bpf_array, map);
1539 0 : struct bpf_prog *prog;
1540 0 : u32 index = BPF_R3;
1541 :
1542 0 : if (unlikely(index >= array->map.max_entries))
1543 0 : goto out;
1544 0 : if (unlikely(tail_call_cnt > MAX_TAIL_CALL_CNT))
1545 0 : goto out;
1546 :
1547 0 : tail_call_cnt++;
1548 :
1549 0 : prog = READ_ONCE(array->ptrs[index]);
1550 0 : if (!prog)
1551 0 : goto out;
1552 :
1553 : /* ARG1 at this point is guaranteed to point to CTX from
1554 : * the verifier side due to the fact that the tail call is
1555 : * handled like a helper, that is, bpf_tail_call_proto,
1556 : * where arg1_type is ARG_PTR_TO_CTX.
1557 : */
1558 0 : insn = prog->insnsi;
1559 0 : goto select_insn;
1560 0 : out:
1561 0 : CONT;
1562 : }
1563 2177 : JMP_JA:
1564 2177 : insn += insn->off;
1565 2177 : CONT;
1566 1074 : JMP_EXIT:
1567 1074 : return BPF_R0;
1568 : /* JMP */
1569 : #define COND_JMP(SIGN, OPCODE, CMP_OP) \
1570 : JMP_##OPCODE##_X: \
1571 : if ((SIGN##64) DST CMP_OP (SIGN##64) SRC) { \
1572 : insn += insn->off; \
1573 : CONT_JMP; \
1574 : } \
1575 : CONT; \
1576 : JMP32_##OPCODE##_X: \
1577 : if ((SIGN##32) DST CMP_OP (SIGN##32) SRC) { \
1578 : insn += insn->off; \
1579 : CONT_JMP; \
1580 : } \
1581 : CONT; \
1582 : JMP_##OPCODE##_K: \
1583 : if ((SIGN##64) DST CMP_OP (SIGN##64) IMM) { \
1584 : insn += insn->off; \
1585 : CONT_JMP; \
1586 : } \
1587 : CONT; \
1588 : JMP32_##OPCODE##_K: \
1589 : if ((SIGN##32) DST CMP_OP (SIGN##32) IMM) { \
1590 : insn += insn->off; \
1591 : CONT_JMP; \
1592 : } \
1593 : CONT;
1594 201 : COND_JMP(u, JEQ, ==)
1595 1967 : COND_JMP(u, JNE, !=)
1596 0 : COND_JMP(u, JGT, >)
1597 0 : COND_JMP(u, JLT, <)
1598 0 : COND_JMP(u, JGE, >=)
1599 0 : COND_JMP(u, JLE, <=)
1600 9 : COND_JMP(u, JSET, &)
1601 0 : COND_JMP(s, JSGT, >)
1602 2177 : COND_JMP(s, JSLT, <)
1603 9 : COND_JMP(s, JSGE, >=)
1604 0 : COND_JMP(s, JSLE, <=)
1605 : #undef COND_JMP
1606 : /* STX and ST and LDX*/
1607 : #define LDST(SIZEOP, SIZE) \
1608 : STX_MEM_##SIZEOP: \
1609 : *(SIZE *)(unsigned long) (DST + insn->off) = SRC; \
1610 : CONT; \
1611 : ST_MEM_##SIZEOP: \
1612 : *(SIZE *)(unsigned long) (DST + insn->off) = IMM; \
1613 : CONT; \
1614 : LDX_MEM_##SIZEOP: \
1615 : DST = *(SIZE *)(unsigned long) (SRC + insn->off); \
1616 : CONT;
1617 :
1618 893 : LDST(B, u8)
1619 897 : LDST(H, u16)
1620 2535 : LDST(W, u32)
1621 1074 : LDST(DW, u64)
1622 : #undef LDST
1623 : #define LDX_PROBE(SIZEOP, SIZE) \
1624 : LDX_PROBE_MEM_##SIZEOP: \
1625 : bpf_probe_read_kernel(&DST, SIZE, (const void *)(long) (SRC + insn->off)); \
1626 : CONT;
1627 0 : LDX_PROBE(B, 1)
1628 0 : LDX_PROBE(H, 2)
1629 0 : LDX_PROBE(W, 4)
1630 0 : LDX_PROBE(DW, 8)
1631 : #undef LDX_PROBE
1632 :
1633 : #define ATOMIC_ALU_OP(BOP, KOP) \
1634 : case BOP: \
1635 : if (BPF_SIZE(insn->code) == BPF_W) \
1636 : atomic_##KOP((u32) SRC, (atomic_t *)(unsigned long) \
1637 : (DST + insn->off)); \
1638 : else \
1639 : atomic64_##KOP((u64) SRC, (atomic64_t *)(unsigned long) \
1640 : (DST + insn->off)); \
1641 : break; \
1642 : case BOP | BPF_FETCH: \
1643 : if (BPF_SIZE(insn->code) == BPF_W) \
1644 : SRC = (u32) atomic_fetch_##KOP( \
1645 : (u32) SRC, \
1646 : (atomic_t *)(unsigned long) (DST + insn->off)); \
1647 : else \
1648 : SRC = (u64) atomic64_fetch_##KOP( \
1649 : (u64) SRC, \
1650 : (atomic64_t *)(unsigned long) (DST + insn->off)); \
1651 : break;
1652 :
1653 0 : STX_ATOMIC_DW:
1654 0 : STX_ATOMIC_W:
1655 0 : switch (IMM) {
1656 0 : ATOMIC_ALU_OP(BPF_ADD, add)
1657 0 : ATOMIC_ALU_OP(BPF_AND, and)
1658 0 : ATOMIC_ALU_OP(BPF_OR, or)
1659 0 : ATOMIC_ALU_OP(BPF_XOR, xor)
1660 : #undef ATOMIC_ALU_OP
1661 :
1662 0 : case BPF_XCHG:
1663 0 : if (BPF_SIZE(insn->code) == BPF_W)
1664 0 : SRC = (u32) atomic_xchg(
1665 0 : (atomic_t *)(unsigned long) (DST + insn->off),
1666 0 : (u32) SRC);
1667 : else
1668 0 : SRC = (u64) atomic64_xchg(
1669 0 : (atomic64_t *)(unsigned long) (DST + insn->off),
1670 0 : (u64) SRC);
1671 : break;
1672 0 : case BPF_CMPXCHG:
1673 0 : if (BPF_SIZE(insn->code) == BPF_W)
1674 0 : BPF_R0 = (u32) atomic_cmpxchg(
1675 0 : (atomic_t *)(unsigned long) (DST + insn->off),
1676 0 : (u32) BPF_R0, (u32) SRC);
1677 : else
1678 0 : BPF_R0 = (u64) atomic64_cmpxchg(
1679 0 : (atomic64_t *)(unsigned long) (DST + insn->off),
1680 0 : (u64) BPF_R0, (u64) SRC);
1681 : break;
1682 :
1683 0 : default:
1684 0 : goto default_label;
1685 : }
1686 0 : CONT;
1687 :
1688 0 : default_label:
1689 : /* If we ever reach this, we have a bug somewhere. Die hard here
1690 : * instead of just returning 0; we could be somewhere in a subprog,
1691 : * so execution could continue otherwise which we do /not/ want.
1692 : *
1693 : * Note, verifier whitelists all opcodes in bpf_opcode_in_insntable().
1694 : */
1695 0 : pr_warn("BPF interpreter: unknown opcode %02x (imm: 0x%x)\n",
1696 : insn->code, insn->imm);
1697 0 : BUG_ON(1);
1698 : return 0;
1699 : }
1700 :
1701 : #define PROG_NAME(stack_size) __bpf_prog_run##stack_size
1702 : #define DEFINE_BPF_PROG_RUN(stack_size) \
1703 : static unsigned int PROG_NAME(stack_size)(const void *ctx, const struct bpf_insn *insn) \
1704 : { \
1705 : u64 stack[stack_size / sizeof(u64)]; \
1706 : u64 regs[MAX_BPF_EXT_REG]; \
1707 : \
1708 : FP = (u64) (unsigned long) &stack[ARRAY_SIZE(stack)]; \
1709 : ARG1 = (u64) (unsigned long) ctx; \
1710 : return ___bpf_prog_run(regs, insn, stack); \
1711 : }
1712 :
1713 : #define PROG_NAME_ARGS(stack_size) __bpf_prog_run_args##stack_size
1714 : #define DEFINE_BPF_PROG_RUN_ARGS(stack_size) \
1715 : static u64 PROG_NAME_ARGS(stack_size)(u64 r1, u64 r2, u64 r3, u64 r4, u64 r5, \
1716 : const struct bpf_insn *insn) \
1717 : { \
1718 : u64 stack[stack_size / sizeof(u64)]; \
1719 : u64 regs[MAX_BPF_EXT_REG]; \
1720 : \
1721 : FP = (u64) (unsigned long) &stack[ARRAY_SIZE(stack)]; \
1722 : BPF_R1 = r1; \
1723 : BPF_R2 = r2; \
1724 : BPF_R3 = r3; \
1725 : BPF_R4 = r4; \
1726 : BPF_R5 = r5; \
1727 : return ___bpf_prog_run(regs, insn, stack); \
1728 : }
1729 :
1730 : #define EVAL1(FN, X) FN(X)
1731 : #define EVAL2(FN, X, Y...) FN(X) EVAL1(FN, Y)
1732 : #define EVAL3(FN, X, Y...) FN(X) EVAL2(FN, Y)
1733 : #define EVAL4(FN, X, Y...) FN(X) EVAL3(FN, Y)
1734 : #define EVAL5(FN, X, Y...) FN(X) EVAL4(FN, Y)
1735 : #define EVAL6(FN, X, Y...) FN(X) EVAL5(FN, Y)
1736 :
1737 1074 : EVAL6(DEFINE_BPF_PROG_RUN, 32, 64, 96, 128, 160, 192);
1738 0 : EVAL6(DEFINE_BPF_PROG_RUN, 224, 256, 288, 320, 352, 384);
1739 0 : EVAL4(DEFINE_BPF_PROG_RUN, 416, 448, 480, 512);
1740 :
1741 0 : EVAL6(DEFINE_BPF_PROG_RUN_ARGS, 32, 64, 96, 128, 160, 192);
1742 0 : EVAL6(DEFINE_BPF_PROG_RUN_ARGS, 224, 256, 288, 320, 352, 384);
1743 0 : EVAL4(DEFINE_BPF_PROG_RUN_ARGS, 416, 448, 480, 512);
1744 :
1745 : #define PROG_NAME_LIST(stack_size) PROG_NAME(stack_size),
1746 :
1747 : static unsigned int (*interpreters[])(const void *ctx,
1748 : const struct bpf_insn *insn) = {
1749 : EVAL6(PROG_NAME_LIST, 32, 64, 96, 128, 160, 192)
1750 : EVAL6(PROG_NAME_LIST, 224, 256, 288, 320, 352, 384)
1751 : EVAL4(PROG_NAME_LIST, 416, 448, 480, 512)
1752 : };
1753 : #undef PROG_NAME_LIST
1754 : #define PROG_NAME_LIST(stack_size) PROG_NAME_ARGS(stack_size),
1755 : static u64 (*interpreters_args[])(u64 r1, u64 r2, u64 r3, u64 r4, u64 r5,
1756 : const struct bpf_insn *insn) = {
1757 : EVAL6(PROG_NAME_LIST, 32, 64, 96, 128, 160, 192)
1758 : EVAL6(PROG_NAME_LIST, 224, 256, 288, 320, 352, 384)
1759 : EVAL4(PROG_NAME_LIST, 416, 448, 480, 512)
1760 : };
1761 : #undef PROG_NAME_LIST
1762 :
1763 0 : void bpf_patch_call_args(struct bpf_insn *insn, u32 stack_depth)
1764 : {
1765 0 : stack_depth = max_t(u32, stack_depth, 1);
1766 0 : insn->off = (s16) insn->imm;
1767 0 : insn->imm = interpreters_args[(round_up(stack_depth, 32) / 32) - 1] -
1768 : __bpf_call_base_args;
1769 0 : insn->code = BPF_JMP | BPF_CALL_ARGS;
1770 0 : }
1771 :
1772 : #else
1773 : static unsigned int __bpf_prog_ret0_warn(const void *ctx,
1774 : const struct bpf_insn *insn)
1775 : {
1776 : /* If this handler ever gets executed, then BPF_JIT_ALWAYS_ON
1777 : * is not working properly, so warn about it!
1778 : */
1779 : WARN_ON_ONCE(1);
1780 : return 0;
1781 : }
1782 : #endif
1783 :
1784 0 : bool bpf_prog_array_compatible(struct bpf_array *array,
1785 : const struct bpf_prog *fp)
1786 : {
1787 0 : if (fp->kprobe_override)
1788 : return false;
1789 :
1790 0 : if (!array->aux->type) {
1791 : /* There's no owner yet where we could check for
1792 : * compatibility.
1793 : */
1794 0 : array->aux->type = fp->type;
1795 0 : array->aux->jited = fp->jited;
1796 0 : return true;
1797 : }
1798 :
1799 0 : return array->aux->type == fp->type &&
1800 0 : array->aux->jited == fp->jited;
1801 : }
1802 :
1803 7 : static int bpf_check_tail_call(const struct bpf_prog *fp)
1804 : {
1805 7 : struct bpf_prog_aux *aux = fp->aux;
1806 7 : int i, ret = 0;
1807 :
1808 7 : mutex_lock(&aux->used_maps_mutex);
1809 14 : for (i = 0; i < aux->used_map_cnt; i++) {
1810 0 : struct bpf_map *map = aux->used_maps[i];
1811 0 : struct bpf_array *array;
1812 :
1813 0 : if (map->map_type != BPF_MAP_TYPE_PROG_ARRAY)
1814 0 : continue;
1815 :
1816 0 : array = container_of(map, struct bpf_array, map);
1817 0 : if (!bpf_prog_array_compatible(array, fp)) {
1818 0 : ret = -EINVAL;
1819 0 : goto out;
1820 : }
1821 : }
1822 :
1823 7 : out:
1824 7 : mutex_unlock(&aux->used_maps_mutex);
1825 7 : return ret;
1826 : }
1827 :
1828 7 : static void bpf_prog_select_func(struct bpf_prog *fp)
1829 : {
1830 : #ifndef CONFIG_BPF_JIT_ALWAYS_ON
1831 7 : u32 stack_depth = max_t(u32, fp->aux->stack_depth, 1);
1832 :
1833 7 : fp->bpf_func = interpreters[(round_up(stack_depth, 32) / 32) - 1];
1834 : #else
1835 : fp->bpf_func = __bpf_prog_ret0_warn;
1836 : #endif
1837 7 : }
1838 :
1839 : /**
1840 : * bpf_prog_select_runtime - select exec runtime for BPF program
1841 : * @fp: bpf_prog populated with internal BPF program
1842 : * @err: pointer to error variable
1843 : *
1844 : * Try to JIT eBPF program, if JIT is not available, use interpreter.
1845 : * The BPF program will be executed via BPF_PROG_RUN() macro.
1846 : */
1847 7 : struct bpf_prog *bpf_prog_select_runtime(struct bpf_prog *fp, int *err)
1848 : {
1849 : /* In case of BPF to BPF calls, verifier did all the prep
1850 : * work with regards to JITing, etc.
1851 : */
1852 7 : if (fp->bpf_func)
1853 0 : goto finalize;
1854 :
1855 7 : bpf_prog_select_func(fp);
1856 :
1857 : /* eBPF JITs can rewrite the program in case constant
1858 : * blinding is active. However, in case of error during
1859 : * blinding, bpf_int_jit_compile() must always return a
1860 : * valid program, which in this case would simply not
1861 : * be JITed, but falls back to the interpreter.
1862 : */
1863 7 : if (!bpf_prog_is_dev_bound(fp->aux)) {
1864 7 : *err = bpf_prog_alloc_jited_linfo(fp);
1865 7 : if (*err)
1866 : return fp;
1867 :
1868 7 : fp = bpf_int_jit_compile(fp);
1869 7 : if (!fp->jited) {
1870 7 : bpf_prog_free_jited_linfo(fp);
1871 : #ifdef CONFIG_BPF_JIT_ALWAYS_ON
1872 : *err = -ENOTSUPP;
1873 : return fp;
1874 : #endif
1875 : } else {
1876 0 : bpf_prog_free_unused_jited_linfo(fp);
1877 : }
1878 : } else {
1879 : *err = bpf_prog_offload_compile(fp);
1880 : if (*err)
1881 : return fp;
1882 : }
1883 :
1884 7 : finalize:
1885 7 : bpf_prog_lock_ro(fp);
1886 :
1887 : /* The tail call compatibility check can only be done at
1888 : * this late stage as we need to determine, if we deal
1889 : * with JITed or non JITed program concatenations and not
1890 : * all eBPF JITs might immediately support all features.
1891 : */
1892 7 : *err = bpf_check_tail_call(fp);
1893 :
1894 7 : return fp;
1895 : }
1896 : EXPORT_SYMBOL_GPL(bpf_prog_select_runtime);
1897 :
1898 0 : static unsigned int __bpf_prog_ret1(const void *ctx,
1899 : const struct bpf_insn *insn)
1900 : {
1901 0 : return 1;
1902 : }
1903 :
1904 : static struct bpf_prog_dummy {
1905 : struct bpf_prog prog;
1906 : } dummy_bpf_prog = {
1907 : .prog = {
1908 : .bpf_func = __bpf_prog_ret1,
1909 : },
1910 : };
1911 :
1912 : /* to avoid allocating empty bpf_prog_array for cgroups that
1913 : * don't have bpf program attached use one global 'empty_prog_array'
1914 : * It will not be modified the caller of bpf_prog_array_alloc()
1915 : * (since caller requested prog_cnt == 0)
1916 : * that pointer should be 'freed' by bpf_prog_array_free()
1917 : */
1918 : static struct {
1919 : struct bpf_prog_array hdr;
1920 : struct bpf_prog *null_prog;
1921 : } empty_prog_array = {
1922 : .null_prog = NULL,
1923 : };
1924 :
1925 0 : struct bpf_prog_array *bpf_prog_array_alloc(u32 prog_cnt, gfp_t flags)
1926 : {
1927 0 : if (prog_cnt)
1928 0 : return kzalloc(sizeof(struct bpf_prog_array) +
1929 0 : sizeof(struct bpf_prog_array_item) *
1930 0 : (prog_cnt + 1),
1931 : flags);
1932 :
1933 : return &empty_prog_array.hdr;
1934 : }
1935 :
1936 0 : void bpf_prog_array_free(struct bpf_prog_array *progs)
1937 : {
1938 0 : if (!progs || progs == &empty_prog_array.hdr)
1939 : return;
1940 0 : kfree_rcu(progs, rcu);
1941 : }
1942 :
1943 0 : int bpf_prog_array_length(struct bpf_prog_array *array)
1944 : {
1945 0 : struct bpf_prog_array_item *item;
1946 0 : u32 cnt = 0;
1947 :
1948 0 : for (item = array->items; item->prog; item++)
1949 0 : if (item->prog != &dummy_bpf_prog.prog)
1950 0 : cnt++;
1951 0 : return cnt;
1952 : }
1953 :
1954 0 : bool bpf_prog_array_is_empty(struct bpf_prog_array *array)
1955 : {
1956 0 : struct bpf_prog_array_item *item;
1957 :
1958 0 : for (item = array->items; item->prog; item++)
1959 0 : if (item->prog != &dummy_bpf_prog.prog)
1960 : return false;
1961 : return true;
1962 : }
1963 :
1964 0 : static bool bpf_prog_array_copy_core(struct bpf_prog_array *array,
1965 : u32 *prog_ids,
1966 : u32 request_cnt)
1967 : {
1968 0 : struct bpf_prog_array_item *item;
1969 0 : int i = 0;
1970 :
1971 0 : for (item = array->items; item->prog; item++) {
1972 0 : if (item->prog == &dummy_bpf_prog.prog)
1973 0 : continue;
1974 0 : prog_ids[i] = item->prog->aux->id;
1975 0 : if (++i == request_cnt) {
1976 0 : item++;
1977 0 : break;
1978 : }
1979 : }
1980 :
1981 0 : return !!(item->prog);
1982 : }
1983 :
1984 0 : int bpf_prog_array_copy_to_user(struct bpf_prog_array *array,
1985 : __u32 __user *prog_ids, u32 cnt)
1986 : {
1987 0 : unsigned long err = 0;
1988 0 : bool nospc;
1989 0 : u32 *ids;
1990 :
1991 : /* users of this function are doing:
1992 : * cnt = bpf_prog_array_length();
1993 : * if (cnt > 0)
1994 : * bpf_prog_array_copy_to_user(..., cnt);
1995 : * so below kcalloc doesn't need extra cnt > 0 check.
1996 : */
1997 0 : ids = kcalloc(cnt, sizeof(u32), GFP_USER | __GFP_NOWARN);
1998 0 : if (!ids)
1999 : return -ENOMEM;
2000 0 : nospc = bpf_prog_array_copy_core(array, ids, cnt);
2001 0 : err = copy_to_user(prog_ids, ids, cnt * sizeof(u32));
2002 0 : kfree(ids);
2003 0 : if (err)
2004 : return -EFAULT;
2005 0 : if (nospc)
2006 0 : return -ENOSPC;
2007 : return 0;
2008 : }
2009 :
2010 0 : void bpf_prog_array_delete_safe(struct bpf_prog_array *array,
2011 : struct bpf_prog *old_prog)
2012 : {
2013 0 : struct bpf_prog_array_item *item;
2014 :
2015 0 : for (item = array->items; item->prog; item++)
2016 0 : if (item->prog == old_prog) {
2017 0 : WRITE_ONCE(item->prog, &dummy_bpf_prog.prog);
2018 0 : break;
2019 : }
2020 0 : }
2021 :
2022 : /**
2023 : * bpf_prog_array_delete_safe_at() - Replaces the program at the given
2024 : * index into the program array with
2025 : * a dummy no-op program.
2026 : * @array: a bpf_prog_array
2027 : * @index: the index of the program to replace
2028 : *
2029 : * Skips over dummy programs, by not counting them, when calculating
2030 : * the position of the program to replace.
2031 : *
2032 : * Return:
2033 : * * 0 - Success
2034 : * * -EINVAL - Invalid index value. Must be a non-negative integer.
2035 : * * -ENOENT - Index out of range
2036 : */
2037 0 : int bpf_prog_array_delete_safe_at(struct bpf_prog_array *array, int index)
2038 : {
2039 0 : return bpf_prog_array_update_at(array, index, &dummy_bpf_prog.prog);
2040 : }
2041 :
2042 : /**
2043 : * bpf_prog_array_update_at() - Updates the program at the given index
2044 : * into the program array.
2045 : * @array: a bpf_prog_array
2046 : * @index: the index of the program to update
2047 : * @prog: the program to insert into the array
2048 : *
2049 : * Skips over dummy programs, by not counting them, when calculating
2050 : * the position of the program to update.
2051 : *
2052 : * Return:
2053 : * * 0 - Success
2054 : * * -EINVAL - Invalid index value. Must be a non-negative integer.
2055 : * * -ENOENT - Index out of range
2056 : */
2057 0 : int bpf_prog_array_update_at(struct bpf_prog_array *array, int index,
2058 : struct bpf_prog *prog)
2059 : {
2060 0 : struct bpf_prog_array_item *item;
2061 :
2062 0 : if (unlikely(index < 0))
2063 : return -EINVAL;
2064 :
2065 0 : for (item = array->items; item->prog; item++) {
2066 0 : if (item->prog == &dummy_bpf_prog.prog)
2067 0 : continue;
2068 0 : if (!index) {
2069 0 : WRITE_ONCE(item->prog, prog);
2070 0 : return 0;
2071 : }
2072 0 : index--;
2073 : }
2074 : return -ENOENT;
2075 : }
2076 :
2077 0 : int bpf_prog_array_copy(struct bpf_prog_array *old_array,
2078 : struct bpf_prog *exclude_prog,
2079 : struct bpf_prog *include_prog,
2080 : struct bpf_prog_array **new_array)
2081 : {
2082 0 : int new_prog_cnt, carry_prog_cnt = 0;
2083 0 : struct bpf_prog_array_item *existing;
2084 0 : struct bpf_prog_array *array;
2085 0 : bool found_exclude = false;
2086 0 : int new_prog_idx = 0;
2087 :
2088 : /* Figure out how many existing progs we need to carry over to
2089 : * the new array.
2090 : */
2091 0 : if (old_array) {
2092 0 : existing = old_array->items;
2093 0 : for (; existing->prog; existing++) {
2094 0 : if (existing->prog == exclude_prog) {
2095 0 : found_exclude = true;
2096 0 : continue;
2097 : }
2098 0 : if (existing->prog != &dummy_bpf_prog.prog)
2099 0 : carry_prog_cnt++;
2100 0 : if (existing->prog == include_prog)
2101 : return -EEXIST;
2102 : }
2103 : }
2104 :
2105 0 : if (exclude_prog && !found_exclude)
2106 : return -ENOENT;
2107 :
2108 : /* How many progs (not NULL) will be in the new array? */
2109 0 : new_prog_cnt = carry_prog_cnt;
2110 0 : if (include_prog)
2111 0 : new_prog_cnt += 1;
2112 :
2113 : /* Do we have any prog (not NULL) in the new array? */
2114 0 : if (!new_prog_cnt) {
2115 0 : *new_array = NULL;
2116 0 : return 0;
2117 : }
2118 :
2119 : /* +1 as the end of prog_array is marked with NULL */
2120 0 : array = bpf_prog_array_alloc(new_prog_cnt + 1, GFP_KERNEL);
2121 0 : if (!array)
2122 : return -ENOMEM;
2123 :
2124 : /* Fill in the new prog array */
2125 0 : if (carry_prog_cnt) {
2126 0 : existing = old_array->items;
2127 0 : for (; existing->prog; existing++)
2128 0 : if (existing->prog != exclude_prog &&
2129 : existing->prog != &dummy_bpf_prog.prog) {
2130 0 : array->items[new_prog_idx++].prog =
2131 : existing->prog;
2132 : }
2133 : }
2134 0 : if (include_prog)
2135 0 : array->items[new_prog_idx++].prog = include_prog;
2136 0 : array->items[new_prog_idx].prog = NULL;
2137 0 : *new_array = array;
2138 0 : return 0;
2139 : }
2140 :
2141 0 : int bpf_prog_array_copy_info(struct bpf_prog_array *array,
2142 : u32 *prog_ids, u32 request_cnt,
2143 : u32 *prog_cnt)
2144 : {
2145 0 : u32 cnt = 0;
2146 :
2147 0 : if (array)
2148 0 : cnt = bpf_prog_array_length(array);
2149 :
2150 0 : *prog_cnt = cnt;
2151 :
2152 : /* return early if user requested only program count or nothing to copy */
2153 0 : if (!request_cnt || !cnt)
2154 : return 0;
2155 :
2156 : /* this function is called under trace/bpf_trace.c: bpf_event_mutex */
2157 0 : return bpf_prog_array_copy_core(array, prog_ids, request_cnt) ? -ENOSPC
2158 0 : : 0;
2159 : }
2160 :
2161 0 : void __bpf_free_used_maps(struct bpf_prog_aux *aux,
2162 : struct bpf_map **used_maps, u32 len)
2163 : {
2164 0 : struct bpf_map *map;
2165 0 : u32 i;
2166 :
2167 0 : for (i = 0; i < len; i++) {
2168 0 : map = used_maps[i];
2169 0 : if (map->ops->map_poke_untrack)
2170 0 : map->ops->map_poke_untrack(map, aux);
2171 0 : bpf_map_put(map);
2172 : }
2173 0 : }
2174 :
2175 0 : static void bpf_free_used_maps(struct bpf_prog_aux *aux)
2176 : {
2177 0 : __bpf_free_used_maps(aux, aux->used_maps, aux->used_map_cnt);
2178 0 : kfree(aux->used_maps);
2179 0 : }
2180 :
2181 0 : void __bpf_free_used_btfs(struct bpf_prog_aux *aux,
2182 : struct btf_mod_pair *used_btfs, u32 len)
2183 : {
2184 : #ifdef CONFIG_BPF_SYSCALL
2185 : struct btf_mod_pair *btf_mod;
2186 : u32 i;
2187 :
2188 : for (i = 0; i < len; i++) {
2189 : btf_mod = &used_btfs[i];
2190 : if (btf_mod->module)
2191 : module_put(btf_mod->module);
2192 : btf_put(btf_mod->btf);
2193 : }
2194 : #endif
2195 0 : }
2196 :
2197 0 : static void bpf_free_used_btfs(struct bpf_prog_aux *aux)
2198 : {
2199 0 : __bpf_free_used_btfs(aux, aux->used_btfs, aux->used_btf_cnt);
2200 0 : kfree(aux->used_btfs);
2201 : }
2202 :
2203 0 : static void bpf_prog_free_deferred(struct work_struct *work)
2204 : {
2205 0 : struct bpf_prog_aux *aux;
2206 0 : int i;
2207 :
2208 0 : aux = container_of(work, struct bpf_prog_aux, work);
2209 0 : bpf_free_used_maps(aux);
2210 0 : bpf_free_used_btfs(aux);
2211 0 : if (bpf_prog_is_dev_bound(aux))
2212 : bpf_prog_offload_destroy(aux->prog);
2213 : #ifdef CONFIG_PERF_EVENTS
2214 0 : if (aux->prog->has_callchain_buf)
2215 0 : put_callchain_buffers();
2216 : #endif
2217 0 : if (aux->dst_trampoline)
2218 0 : bpf_trampoline_put(aux->dst_trampoline);
2219 0 : for (i = 0; i < aux->func_cnt; i++)
2220 0 : bpf_jit_free(aux->func[i]);
2221 0 : if (aux->func_cnt) {
2222 0 : kfree(aux->func);
2223 0 : bpf_prog_unlock_free(aux->prog);
2224 : } else {
2225 0 : bpf_jit_free(aux->prog);
2226 : }
2227 0 : }
2228 :
2229 : /* Free internal BPF program */
2230 0 : void bpf_prog_free(struct bpf_prog *fp)
2231 : {
2232 0 : struct bpf_prog_aux *aux = fp->aux;
2233 :
2234 0 : if (aux->dst_prog)
2235 0 : bpf_prog_put(aux->dst_prog);
2236 0 : INIT_WORK(&aux->work, bpf_prog_free_deferred);
2237 0 : schedule_work(&aux->work);
2238 0 : }
2239 : EXPORT_SYMBOL_GPL(bpf_prog_free);
2240 :
2241 : /* RNG for unpriviledged user space with separated state from prandom_u32(). */
2242 : static DEFINE_PER_CPU(struct rnd_state, bpf_user_rnd_state);
2243 :
2244 0 : void bpf_user_rnd_init_once(void)
2245 : {
2246 0 : prandom_init_once(&bpf_user_rnd_state);
2247 0 : }
2248 :
2249 0 : BPF_CALL_0(bpf_user_rnd_u32)
2250 : {
2251 : /* Should someone ever have the rather unwise idea to use some
2252 : * of the registers passed into this function, then note that
2253 : * this function is called from native eBPF and classic-to-eBPF
2254 : * transformations. Register assignments from both sides are
2255 : * different, f.e. classic always sets fn(ctx, A, X) here.
2256 : */
2257 0 : struct rnd_state *state;
2258 0 : u32 res;
2259 :
2260 0 : state = &get_cpu_var(bpf_user_rnd_state);
2261 0 : res = prandom_u32_state(state);
2262 0 : put_cpu_var(bpf_user_rnd_state);
2263 :
2264 0 : return res;
2265 : }
2266 :
2267 0 : BPF_CALL_0(bpf_get_raw_cpu_id)
2268 : {
2269 0 : return raw_smp_processor_id();
2270 : }
2271 :
2272 : /* Weak definitions of helper functions in case we don't have bpf syscall. */
2273 : const struct bpf_func_proto bpf_map_lookup_elem_proto __weak;
2274 : const struct bpf_func_proto bpf_map_update_elem_proto __weak;
2275 : const struct bpf_func_proto bpf_map_delete_elem_proto __weak;
2276 : const struct bpf_func_proto bpf_map_push_elem_proto __weak;
2277 : const struct bpf_func_proto bpf_map_pop_elem_proto __weak;
2278 : const struct bpf_func_proto bpf_map_peek_elem_proto __weak;
2279 : const struct bpf_func_proto bpf_spin_lock_proto __weak;
2280 : const struct bpf_func_proto bpf_spin_unlock_proto __weak;
2281 : const struct bpf_func_proto bpf_jiffies64_proto __weak;
2282 :
2283 : const struct bpf_func_proto bpf_get_prandom_u32_proto __weak;
2284 : const struct bpf_func_proto bpf_get_smp_processor_id_proto __weak;
2285 : const struct bpf_func_proto bpf_get_numa_node_id_proto __weak;
2286 : const struct bpf_func_proto bpf_ktime_get_ns_proto __weak;
2287 : const struct bpf_func_proto bpf_ktime_get_boot_ns_proto __weak;
2288 : const struct bpf_func_proto bpf_ktime_get_coarse_ns_proto __weak;
2289 :
2290 : const struct bpf_func_proto bpf_get_current_pid_tgid_proto __weak;
2291 : const struct bpf_func_proto bpf_get_current_uid_gid_proto __weak;
2292 : const struct bpf_func_proto bpf_get_current_comm_proto __weak;
2293 : const struct bpf_func_proto bpf_get_current_cgroup_id_proto __weak;
2294 : const struct bpf_func_proto bpf_get_current_ancestor_cgroup_id_proto __weak;
2295 : const struct bpf_func_proto bpf_get_local_storage_proto __weak;
2296 : const struct bpf_func_proto bpf_get_ns_current_pid_tgid_proto __weak;
2297 : const struct bpf_func_proto bpf_snprintf_btf_proto __weak;
2298 : const struct bpf_func_proto bpf_seq_printf_btf_proto __weak;
2299 :
2300 0 : const struct bpf_func_proto * __weak bpf_get_trace_printk_proto(void)
2301 : {
2302 0 : return NULL;
2303 : }
2304 :
2305 : u64 __weak
2306 0 : bpf_event_output(struct bpf_map *map, u64 flags, void *meta, u64 meta_size,
2307 : void *ctx, u64 ctx_size, bpf_ctx_copy_t ctx_copy)
2308 : {
2309 0 : return -ENOTSUPP;
2310 : }
2311 : EXPORT_SYMBOL_GPL(bpf_event_output);
2312 :
2313 : /* Always built-in helper functions. */
2314 : const struct bpf_func_proto bpf_tail_call_proto = {
2315 : .func = NULL,
2316 : .gpl_only = false,
2317 : .ret_type = RET_VOID,
2318 : .arg1_type = ARG_PTR_TO_CTX,
2319 : .arg2_type = ARG_CONST_MAP_PTR,
2320 : .arg3_type = ARG_ANYTHING,
2321 : };
2322 :
2323 : /* Stub for JITs that only support cBPF. eBPF programs are interpreted.
2324 : * It is encouraged to implement bpf_int_jit_compile() instead, so that
2325 : * eBPF and implicitly also cBPF can get JITed!
2326 : */
2327 7 : struct bpf_prog * __weak bpf_int_jit_compile(struct bpf_prog *prog)
2328 : {
2329 7 : return prog;
2330 : }
2331 :
2332 : /* Stub for JITs that support eBPF. All cBPF code gets transformed into
2333 : * eBPF by the kernel and is later compiled by bpf_int_jit_compile().
2334 : */
2335 7 : void __weak bpf_jit_compile(struct bpf_prog *prog)
2336 : {
2337 7 : }
2338 :
2339 0 : bool __weak bpf_helper_changes_pkt_data(void *func)
2340 : {
2341 0 : return false;
2342 : }
2343 :
2344 : /* Return TRUE if the JIT backend wants verifier to enable sub-register usage
2345 : * analysis code and wants explicit zero extension inserted by verifier.
2346 : * Otherwise, return FALSE.
2347 : *
2348 : * The verifier inserts an explicit zero extension after BPF_CMPXCHGs even if
2349 : * you don't override this. JITs that don't want these extra insns can detect
2350 : * them using insn_is_zext.
2351 : */
2352 0 : bool __weak bpf_jit_needs_zext(void)
2353 : {
2354 0 : return false;
2355 : }
2356 :
2357 : /* To execute LD_ABS/LD_IND instructions __bpf_prog_run() may call
2358 : * skb_copy_bits(), so provide a weak definition of it for NET-less config.
2359 : */
2360 0 : int __weak skb_copy_bits(const struct sk_buff *skb, int offset, void *to,
2361 : int len)
2362 : {
2363 0 : return -EFAULT;
2364 : }
2365 :
2366 0 : int __weak bpf_arch_text_poke(void *ip, enum bpf_text_poke_type t,
2367 : void *addr1, void *addr2)
2368 : {
2369 0 : return -ENOTSUPP;
2370 : }
2371 :
2372 : DEFINE_STATIC_KEY_FALSE(bpf_stats_enabled_key);
2373 : EXPORT_SYMBOL(bpf_stats_enabled_key);
2374 :
2375 : /* All definitions of tracepoints related to BPF. */
2376 : #define CREATE_TRACE_POINTS
2377 : #include <linux/bpf_trace.h>
2378 :
2379 : EXPORT_TRACEPOINT_SYMBOL_GPL(xdp_exception);
2380 : EXPORT_TRACEPOINT_SYMBOL_GPL(xdp_bulk_tx);
|
