Loading...
1// SPDX-License-Identifier: GPL-2.0
2/*
3 * Performance events ring-buffer code:
4 *
5 * Copyright (C) 2008 Thomas Gleixner <tglx@linutronix.de>
6 * Copyright (C) 2008-2011 Red Hat, Inc., Ingo Molnar
7 * Copyright (C) 2008-2011 Red Hat, Inc., Peter Zijlstra
8 * Copyright © 2009 Paul Mackerras, IBM Corp. <paulus@au1.ibm.com>
9 */
10
11#include <linux/perf_event.h>
12#include <linux/vmalloc.h>
13#include <linux/slab.h>
14#include <linux/circ_buf.h>
15#include <linux/poll.h>
16#include <linux/nospec.h>
17
18#include "internal.h"
19
20static void perf_output_wakeup(struct perf_output_handle *handle)
21{
22 atomic_set(&handle->rb->poll, EPOLLIN);
23
24 handle->event->pending_wakeup = 1;
25 irq_work_queue(&handle->event->pending);
26}
27
28/*
29 * We need to ensure a later event_id doesn't publish a head when a former
30 * event isn't done writing. However since we need to deal with NMIs we
31 * cannot fully serialize things.
32 *
33 * We only publish the head (and generate a wakeup) when the outer-most
34 * event completes.
35 */
36static void perf_output_get_handle(struct perf_output_handle *handle)
37{
38 struct ring_buffer *rb = handle->rb;
39
40 preempt_disable();
41
42 /*
43 * Avoid an explicit LOAD/STORE such that architectures with memops
44 * can use them.
45 */
46 (*(volatile unsigned int *)&rb->nest)++;
47 handle->wakeup = local_read(&rb->wakeup);
48}
49
50static void perf_output_put_handle(struct perf_output_handle *handle)
51{
52 struct ring_buffer *rb = handle->rb;
53 unsigned long head;
54 unsigned int nest;
55
56 /*
57 * If this isn't the outermost nesting, we don't have to update
58 * @rb->user_page->data_head.
59 */
60 nest = READ_ONCE(rb->nest);
61 if (nest > 1) {
62 WRITE_ONCE(rb->nest, nest - 1);
63 goto out;
64 }
65
66again:
67 /*
68 * In order to avoid publishing a head value that goes backwards,
69 * we must ensure the load of @rb->head happens after we've
70 * incremented @rb->nest.
71 *
72 * Otherwise we can observe a @rb->head value before one published
73 * by an IRQ/NMI happening between the load and the increment.
74 */
75 barrier();
76 head = local_read(&rb->head);
77
78 /*
79 * IRQ/NMI can happen here and advance @rb->head, causing our
80 * load above to be stale.
81 */
82
83 /*
84 * Since the mmap() consumer (userspace) can run on a different CPU:
85 *
86 * kernel user
87 *
88 * if (LOAD ->data_tail) { LOAD ->data_head
89 * (A) smp_rmb() (C)
90 * STORE $data LOAD $data
91 * smp_wmb() (B) smp_mb() (D)
92 * STORE ->data_head STORE ->data_tail
93 * }
94 *
95 * Where A pairs with D, and B pairs with C.
96 *
97 * In our case (A) is a control dependency that separates the load of
98 * the ->data_tail and the stores of $data. In case ->data_tail
99 * indicates there is no room in the buffer to store $data we do not.
100 *
101 * D needs to be a full barrier since it separates the data READ
102 * from the tail WRITE.
103 *
104 * For B a WMB is sufficient since it separates two WRITEs, and for C
105 * an RMB is sufficient since it separates two READs.
106 *
107 * See perf_output_begin().
108 */
109 smp_wmb(); /* B, matches C */
110 WRITE_ONCE(rb->user_page->data_head, head);
111
112 /*
113 * We must publish the head before decrementing the nest count,
114 * otherwise an IRQ/NMI can publish a more recent head value and our
115 * write will (temporarily) publish a stale value.
116 */
117 barrier();
118 WRITE_ONCE(rb->nest, 0);
119
120 /*
121 * Ensure we decrement @rb->nest before we validate the @rb->head.
122 * Otherwise we cannot be sure we caught the 'last' nested update.
123 */
124 barrier();
125 if (unlikely(head != local_read(&rb->head))) {
126 WRITE_ONCE(rb->nest, 1);
127 goto again;
128 }
129
130 if (handle->wakeup != local_read(&rb->wakeup))
131 perf_output_wakeup(handle);
132
133out:
134 preempt_enable();
135}
136
137static __always_inline bool
138ring_buffer_has_space(unsigned long head, unsigned long tail,
139 unsigned long data_size, unsigned int size,
140 bool backward)
141{
142 if (!backward)
143 return CIRC_SPACE(head, tail, data_size) >= size;
144 else
145 return CIRC_SPACE(tail, head, data_size) >= size;
146}
147
148static __always_inline int
149__perf_output_begin(struct perf_output_handle *handle,
150 struct perf_event *event, unsigned int size,
151 bool backward)
152{
153 struct ring_buffer *rb;
154 unsigned long tail, offset, head;
155 int have_lost, page_shift;
156 struct {
157 struct perf_event_header header;
158 u64 id;
159 u64 lost;
160 } lost_event;
161
162 rcu_read_lock();
163 /*
164 * For inherited events we send all the output towards the parent.
165 */
166 if (event->parent)
167 event = event->parent;
168
169 rb = rcu_dereference(event->rb);
170 if (unlikely(!rb))
171 goto out;
172
173 if (unlikely(rb->paused)) {
174 if (rb->nr_pages)
175 local_inc(&rb->lost);
176 goto out;
177 }
178
179 handle->rb = rb;
180 handle->event = event;
181
182 have_lost = local_read(&rb->lost);
183 if (unlikely(have_lost)) {
184 size += sizeof(lost_event);
185 if (event->attr.sample_id_all)
186 size += event->id_header_size;
187 }
188
189 perf_output_get_handle(handle);
190
191 do {
192 tail = READ_ONCE(rb->user_page->data_tail);
193 offset = head = local_read(&rb->head);
194 if (!rb->overwrite) {
195 if (unlikely(!ring_buffer_has_space(head, tail,
196 perf_data_size(rb),
197 size, backward)))
198 goto fail;
199 }
200
201 /*
202 * The above forms a control dependency barrier separating the
203 * @tail load above from the data stores below. Since the @tail
204 * load is required to compute the branch to fail below.
205 *
206 * A, matches D; the full memory barrier userspace SHOULD issue
207 * after reading the data and before storing the new tail
208 * position.
209 *
210 * See perf_output_put_handle().
211 */
212
213 if (!backward)
214 head += size;
215 else
216 head -= size;
217 } while (local_cmpxchg(&rb->head, offset, head) != offset);
218
219 if (backward) {
220 offset = head;
221 head = (u64)(-head);
222 }
223
224 /*
225 * We rely on the implied barrier() by local_cmpxchg() to ensure
226 * none of the data stores below can be lifted up by the compiler.
227 */
228
229 if (unlikely(head - local_read(&rb->wakeup) > rb->watermark))
230 local_add(rb->watermark, &rb->wakeup);
231
232 page_shift = PAGE_SHIFT + page_order(rb);
233
234 handle->page = (offset >> page_shift) & (rb->nr_pages - 1);
235 offset &= (1UL << page_shift) - 1;
236 handle->addr = rb->data_pages[handle->page] + offset;
237 handle->size = (1UL << page_shift) - offset;
238
239 if (unlikely(have_lost)) {
240 struct perf_sample_data sample_data;
241
242 lost_event.header.size = sizeof(lost_event);
243 lost_event.header.type = PERF_RECORD_LOST;
244 lost_event.header.misc = 0;
245 lost_event.id = event->id;
246 lost_event.lost = local_xchg(&rb->lost, 0);
247
248 perf_event_header__init_id(&lost_event.header,
249 &sample_data, event);
250 perf_output_put(handle, lost_event);
251 perf_event__output_id_sample(event, handle, &sample_data);
252 }
253
254 return 0;
255
256fail:
257 local_inc(&rb->lost);
258 perf_output_put_handle(handle);
259out:
260 rcu_read_unlock();
261
262 return -ENOSPC;
263}
264
265int perf_output_begin_forward(struct perf_output_handle *handle,
266 struct perf_event *event, unsigned int size)
267{
268 return __perf_output_begin(handle, event, size, false);
269}
270
271int perf_output_begin_backward(struct perf_output_handle *handle,
272 struct perf_event *event, unsigned int size)
273{
274 return __perf_output_begin(handle, event, size, true);
275}
276
277int perf_output_begin(struct perf_output_handle *handle,
278 struct perf_event *event, unsigned int size)
279{
280
281 return __perf_output_begin(handle, event, size,
282 unlikely(is_write_backward(event)));
283}
284
285unsigned int perf_output_copy(struct perf_output_handle *handle,
286 const void *buf, unsigned int len)
287{
288 return __output_copy(handle, buf, len);
289}
290
291unsigned int perf_output_skip(struct perf_output_handle *handle,
292 unsigned int len)
293{
294 return __output_skip(handle, NULL, len);
295}
296
297void perf_output_end(struct perf_output_handle *handle)
298{
299 perf_output_put_handle(handle);
300 rcu_read_unlock();
301}
302
303static void
304ring_buffer_init(struct ring_buffer *rb, long watermark, int flags)
305{
306 long max_size = perf_data_size(rb);
307
308 if (watermark)
309 rb->watermark = min(max_size, watermark);
310
311 if (!rb->watermark)
312 rb->watermark = max_size / 2;
313
314 if (flags & RING_BUFFER_WRITABLE)
315 rb->overwrite = 0;
316 else
317 rb->overwrite = 1;
318
319 refcount_set(&rb->refcount, 1);
320
321 INIT_LIST_HEAD(&rb->event_list);
322 spin_lock_init(&rb->event_lock);
323
324 /*
325 * perf_output_begin() only checks rb->paused, therefore
326 * rb->paused must be true if we have no pages for output.
327 */
328 if (!rb->nr_pages)
329 rb->paused = 1;
330}
331
332void perf_aux_output_flag(struct perf_output_handle *handle, u64 flags)
333{
334 /*
335 * OVERWRITE is determined by perf_aux_output_end() and can't
336 * be passed in directly.
337 */
338 if (WARN_ON_ONCE(flags & PERF_AUX_FLAG_OVERWRITE))
339 return;
340
341 handle->aux_flags |= flags;
342}
343EXPORT_SYMBOL_GPL(perf_aux_output_flag);
344
345/*
346 * This is called before hardware starts writing to the AUX area to
347 * obtain an output handle and make sure there's room in the buffer.
348 * When the capture completes, call perf_aux_output_end() to commit
349 * the recorded data to the buffer.
350 *
351 * The ordering is similar to that of perf_output_{begin,end}, with
352 * the exception of (B), which should be taken care of by the pmu
353 * driver, since ordering rules will differ depending on hardware.
354 *
355 * Call this from pmu::start(); see the comment in perf_aux_output_end()
356 * about its use in pmu callbacks. Both can also be called from the PMI
357 * handler if needed.
358 */
359void *perf_aux_output_begin(struct perf_output_handle *handle,
360 struct perf_event *event)
361{
362 struct perf_event *output_event = event;
363 unsigned long aux_head, aux_tail;
364 struct ring_buffer *rb;
365 unsigned int nest;
366
367 if (output_event->parent)
368 output_event = output_event->parent;
369
370 /*
371 * Since this will typically be open across pmu::add/pmu::del, we
372 * grab ring_buffer's refcount instead of holding rcu read lock
373 * to make sure it doesn't disappear under us.
374 */
375 rb = ring_buffer_get(output_event);
376 if (!rb)
377 return NULL;
378
379 if (!rb_has_aux(rb))
380 goto err;
381
382 /*
383 * If aux_mmap_count is zero, the aux buffer is in perf_mmap_close(),
384 * about to get freed, so we leave immediately.
385 *
386 * Checking rb::aux_mmap_count and rb::refcount has to be done in
387 * the same order, see perf_mmap_close. Otherwise we end up freeing
388 * aux pages in this path, which is a bug, because in_atomic().
389 */
390 if (!atomic_read(&rb->aux_mmap_count))
391 goto err;
392
393 if (!refcount_inc_not_zero(&rb->aux_refcount))
394 goto err;
395
396 nest = READ_ONCE(rb->aux_nest);
397 /*
398 * Nesting is not supported for AUX area, make sure nested
399 * writers are caught early
400 */
401 if (WARN_ON_ONCE(nest))
402 goto err_put;
403
404 WRITE_ONCE(rb->aux_nest, nest + 1);
405
406 aux_head = rb->aux_head;
407
408 handle->rb = rb;
409 handle->event = event;
410 handle->head = aux_head;
411 handle->size = 0;
412 handle->aux_flags = 0;
413
414 /*
415 * In overwrite mode, AUX data stores do not depend on aux_tail,
416 * therefore (A) control dependency barrier does not exist. The
417 * (B) <-> (C) ordering is still observed by the pmu driver.
418 */
419 if (!rb->aux_overwrite) {
420 aux_tail = READ_ONCE(rb->user_page->aux_tail);
421 handle->wakeup = rb->aux_wakeup + rb->aux_watermark;
422 if (aux_head - aux_tail < perf_aux_size(rb))
423 handle->size = CIRC_SPACE(aux_head, aux_tail, perf_aux_size(rb));
424
425 /*
426 * handle->size computation depends on aux_tail load; this forms a
427 * control dependency barrier separating aux_tail load from aux data
428 * store that will be enabled on successful return
429 */
430 if (!handle->size) { /* A, matches D */
431 event->pending_disable = smp_processor_id();
432 perf_output_wakeup(handle);
433 WRITE_ONCE(rb->aux_nest, 0);
434 goto err_put;
435 }
436 }
437
438 return handle->rb->aux_priv;
439
440err_put:
441 /* can't be last */
442 rb_free_aux(rb);
443
444err:
445 ring_buffer_put(rb);
446 handle->event = NULL;
447
448 return NULL;
449}
450EXPORT_SYMBOL_GPL(perf_aux_output_begin);
451
452static __always_inline bool rb_need_aux_wakeup(struct ring_buffer *rb)
453{
454 if (rb->aux_overwrite)
455 return false;
456
457 if (rb->aux_head - rb->aux_wakeup >= rb->aux_watermark) {
458 rb->aux_wakeup = rounddown(rb->aux_head, rb->aux_watermark);
459 return true;
460 }
461
462 return false;
463}
464
465/*
466 * Commit the data written by hardware into the ring buffer by adjusting
467 * aux_head and posting a PERF_RECORD_AUX into the perf buffer. It is the
468 * pmu driver's responsibility to observe ordering rules of the hardware,
469 * so that all the data is externally visible before this is called.
470 *
471 * Note: this has to be called from pmu::stop() callback, as the assumption
472 * of the AUX buffer management code is that after pmu::stop(), the AUX
473 * transaction must be stopped and therefore drop the AUX reference count.
474 */
475void perf_aux_output_end(struct perf_output_handle *handle, unsigned long size)
476{
477 bool wakeup = !!(handle->aux_flags & PERF_AUX_FLAG_TRUNCATED);
478 struct ring_buffer *rb = handle->rb;
479 unsigned long aux_head;
480
481 /* in overwrite mode, driver provides aux_head via handle */
482 if (rb->aux_overwrite) {
483 handle->aux_flags |= PERF_AUX_FLAG_OVERWRITE;
484
485 aux_head = handle->head;
486 rb->aux_head = aux_head;
487 } else {
488 handle->aux_flags &= ~PERF_AUX_FLAG_OVERWRITE;
489
490 aux_head = rb->aux_head;
491 rb->aux_head += size;
492 }
493
494 /*
495 * Only send RECORD_AUX if we have something useful to communicate
496 *
497 * Note: the OVERWRITE records by themselves are not considered
498 * useful, as they don't communicate any *new* information,
499 * aside from the short-lived offset, that becomes history at
500 * the next event sched-in and therefore isn't useful.
501 * The userspace that needs to copy out AUX data in overwrite
502 * mode should know to use user_page::aux_head for the actual
503 * offset. So, from now on we don't output AUX records that
504 * have *only* OVERWRITE flag set.
505 */
506 if (size || (handle->aux_flags & ~(u64)PERF_AUX_FLAG_OVERWRITE))
507 perf_event_aux_event(handle->event, aux_head, size,
508 handle->aux_flags);
509
510 WRITE_ONCE(rb->user_page->aux_head, rb->aux_head);
511 if (rb_need_aux_wakeup(rb))
512 wakeup = true;
513
514 if (wakeup) {
515 if (handle->aux_flags & PERF_AUX_FLAG_TRUNCATED)
516 handle->event->pending_disable = smp_processor_id();
517 perf_output_wakeup(handle);
518 }
519
520 handle->event = NULL;
521
522 WRITE_ONCE(rb->aux_nest, 0);
523 /* can't be last */
524 rb_free_aux(rb);
525 ring_buffer_put(rb);
526}
527EXPORT_SYMBOL_GPL(perf_aux_output_end);
528
529/*
530 * Skip over a given number of bytes in the AUX buffer, due to, for example,
531 * hardware's alignment constraints.
532 */
533int perf_aux_output_skip(struct perf_output_handle *handle, unsigned long size)
534{
535 struct ring_buffer *rb = handle->rb;
536
537 if (size > handle->size)
538 return -ENOSPC;
539
540 rb->aux_head += size;
541
542 WRITE_ONCE(rb->user_page->aux_head, rb->aux_head);
543 if (rb_need_aux_wakeup(rb)) {
544 perf_output_wakeup(handle);
545 handle->wakeup = rb->aux_wakeup + rb->aux_watermark;
546 }
547
548 handle->head = rb->aux_head;
549 handle->size -= size;
550
551 return 0;
552}
553EXPORT_SYMBOL_GPL(perf_aux_output_skip);
554
555void *perf_get_aux(struct perf_output_handle *handle)
556{
557 /* this is only valid between perf_aux_output_begin and *_end */
558 if (!handle->event)
559 return NULL;
560
561 return handle->rb->aux_priv;
562}
563EXPORT_SYMBOL_GPL(perf_get_aux);
564
565#define PERF_AUX_GFP (GFP_KERNEL | __GFP_ZERO | __GFP_NOWARN | __GFP_NORETRY)
566
567static struct page *rb_alloc_aux_page(int node, int order)
568{
569 struct page *page;
570
571 if (order > MAX_ORDER)
572 order = MAX_ORDER;
573
574 do {
575 page = alloc_pages_node(node, PERF_AUX_GFP, order);
576 } while (!page && order--);
577
578 if (page && order) {
579 /*
580 * Communicate the allocation size to the driver:
581 * if we managed to secure a high-order allocation,
582 * set its first page's private to this order;
583 * !PagePrivate(page) means it's just a normal page.
584 */
585 split_page(page, order);
586 SetPagePrivate(page);
587 set_page_private(page, order);
588 }
589
590 return page;
591}
592
593static void rb_free_aux_page(struct ring_buffer *rb, int idx)
594{
595 struct page *page = virt_to_page(rb->aux_pages[idx]);
596
597 ClearPagePrivate(page);
598 page->mapping = NULL;
599 __free_page(page);
600}
601
602static void __rb_free_aux(struct ring_buffer *rb)
603{
604 int pg;
605
606 /*
607 * Should never happen, the last reference should be dropped from
608 * perf_mmap_close() path, which first stops aux transactions (which
609 * in turn are the atomic holders of aux_refcount) and then does the
610 * last rb_free_aux().
611 */
612 WARN_ON_ONCE(in_atomic());
613
614 if (rb->aux_priv) {
615 rb->free_aux(rb->aux_priv);
616 rb->free_aux = NULL;
617 rb->aux_priv = NULL;
618 }
619
620 if (rb->aux_nr_pages) {
621 for (pg = 0; pg < rb->aux_nr_pages; pg++)
622 rb_free_aux_page(rb, pg);
623
624 kfree(rb->aux_pages);
625 rb->aux_nr_pages = 0;
626 }
627}
628
629int rb_alloc_aux(struct ring_buffer *rb, struct perf_event *event,
630 pgoff_t pgoff, int nr_pages, long watermark, int flags)
631{
632 bool overwrite = !(flags & RING_BUFFER_WRITABLE);
633 int node = (event->cpu == -1) ? -1 : cpu_to_node(event->cpu);
634 int ret = -ENOMEM, max_order;
635
636 if (!has_aux(event))
637 return -EOPNOTSUPP;
638
639 /*
640 * We need to start with the max_order that fits in nr_pages,
641 * not the other way around, hence ilog2() and not get_order.
642 */
643 max_order = ilog2(nr_pages);
644
645 /*
646 * PMU requests more than one contiguous chunks of memory
647 * for SW double buffering
648 */
649 if (!overwrite) {
650 if (!max_order)
651 return -EINVAL;
652
653 max_order--;
654 }
655
656 rb->aux_pages = kcalloc_node(nr_pages, sizeof(void *), GFP_KERNEL,
657 node);
658 if (!rb->aux_pages)
659 return -ENOMEM;
660
661 rb->free_aux = event->pmu->free_aux;
662 for (rb->aux_nr_pages = 0; rb->aux_nr_pages < nr_pages;) {
663 struct page *page;
664 int last, order;
665
666 order = min(max_order, ilog2(nr_pages - rb->aux_nr_pages));
667 page = rb_alloc_aux_page(node, order);
668 if (!page)
669 goto out;
670
671 for (last = rb->aux_nr_pages + (1 << page_private(page));
672 last > rb->aux_nr_pages; rb->aux_nr_pages++)
673 rb->aux_pages[rb->aux_nr_pages] = page_address(page++);
674 }
675
676 /*
677 * In overwrite mode, PMUs that don't support SG may not handle more
678 * than one contiguous allocation, since they rely on PMI to do double
679 * buffering. In this case, the entire buffer has to be one contiguous
680 * chunk.
681 */
682 if ((event->pmu->capabilities & PERF_PMU_CAP_AUX_NO_SG) &&
683 overwrite) {
684 struct page *page = virt_to_page(rb->aux_pages[0]);
685
686 if (page_private(page) != max_order)
687 goto out;
688 }
689
690 rb->aux_priv = event->pmu->setup_aux(event, rb->aux_pages, nr_pages,
691 overwrite);
692 if (!rb->aux_priv)
693 goto out;
694
695 ret = 0;
696
697 /*
698 * aux_pages (and pmu driver's private data, aux_priv) will be
699 * referenced in both producer's and consumer's contexts, thus
700 * we keep a refcount here to make sure either of the two can
701 * reference them safely.
702 */
703 refcount_set(&rb->aux_refcount, 1);
704
705 rb->aux_overwrite = overwrite;
706 rb->aux_watermark = watermark;
707
708 if (!rb->aux_watermark && !rb->aux_overwrite)
709 rb->aux_watermark = nr_pages << (PAGE_SHIFT - 1);
710
711out:
712 if (!ret)
713 rb->aux_pgoff = pgoff;
714 else
715 __rb_free_aux(rb);
716
717 return ret;
718}
719
720void rb_free_aux(struct ring_buffer *rb)
721{
722 if (refcount_dec_and_test(&rb->aux_refcount))
723 __rb_free_aux(rb);
724}
725
726#ifndef CONFIG_PERF_USE_VMALLOC
727
728/*
729 * Back perf_mmap() with regular GFP_KERNEL-0 pages.
730 */
731
732static struct page *
733__perf_mmap_to_page(struct ring_buffer *rb, unsigned long pgoff)
734{
735 if (pgoff > rb->nr_pages)
736 return NULL;
737
738 if (pgoff == 0)
739 return virt_to_page(rb->user_page);
740
741 return virt_to_page(rb->data_pages[pgoff - 1]);
742}
743
744static void *perf_mmap_alloc_page(int cpu)
745{
746 struct page *page;
747 int node;
748
749 node = (cpu == -1) ? cpu : cpu_to_node(cpu);
750 page = alloc_pages_node(node, GFP_KERNEL | __GFP_ZERO, 0);
751 if (!page)
752 return NULL;
753
754 return page_address(page);
755}
756
757struct ring_buffer *rb_alloc(int nr_pages, long watermark, int cpu, int flags)
758{
759 struct ring_buffer *rb;
760 unsigned long size;
761 int i;
762
763 size = sizeof(struct ring_buffer);
764 size += nr_pages * sizeof(void *);
765
766 if (order_base_2(size) >= PAGE_SHIFT+MAX_ORDER)
767 goto fail;
768
769 rb = kzalloc(size, GFP_KERNEL);
770 if (!rb)
771 goto fail;
772
773 rb->user_page = perf_mmap_alloc_page(cpu);
774 if (!rb->user_page)
775 goto fail_user_page;
776
777 for (i = 0; i < nr_pages; i++) {
778 rb->data_pages[i] = perf_mmap_alloc_page(cpu);
779 if (!rb->data_pages[i])
780 goto fail_data_pages;
781 }
782
783 rb->nr_pages = nr_pages;
784
785 ring_buffer_init(rb, watermark, flags);
786
787 return rb;
788
789fail_data_pages:
790 for (i--; i >= 0; i--)
791 free_page((unsigned long)rb->data_pages[i]);
792
793 free_page((unsigned long)rb->user_page);
794
795fail_user_page:
796 kfree(rb);
797
798fail:
799 return NULL;
800}
801
802static void perf_mmap_free_page(unsigned long addr)
803{
804 struct page *page = virt_to_page((void *)addr);
805
806 page->mapping = NULL;
807 __free_page(page);
808}
809
810void rb_free(struct ring_buffer *rb)
811{
812 int i;
813
814 perf_mmap_free_page((unsigned long)rb->user_page);
815 for (i = 0; i < rb->nr_pages; i++)
816 perf_mmap_free_page((unsigned long)rb->data_pages[i]);
817 kfree(rb);
818}
819
820#else
821static int data_page_nr(struct ring_buffer *rb)
822{
823 return rb->nr_pages << page_order(rb);
824}
825
826static struct page *
827__perf_mmap_to_page(struct ring_buffer *rb, unsigned long pgoff)
828{
829 /* The '>' counts in the user page. */
830 if (pgoff > data_page_nr(rb))
831 return NULL;
832
833 return vmalloc_to_page((void *)rb->user_page + pgoff * PAGE_SIZE);
834}
835
836static void perf_mmap_unmark_page(void *addr)
837{
838 struct page *page = vmalloc_to_page(addr);
839
840 page->mapping = NULL;
841}
842
843static void rb_free_work(struct work_struct *work)
844{
845 struct ring_buffer *rb;
846 void *base;
847 int i, nr;
848
849 rb = container_of(work, struct ring_buffer, work);
850 nr = data_page_nr(rb);
851
852 base = rb->user_page;
853 /* The '<=' counts in the user page. */
854 for (i = 0; i <= nr; i++)
855 perf_mmap_unmark_page(base + (i * PAGE_SIZE));
856
857 vfree(base);
858 kfree(rb);
859}
860
861void rb_free(struct ring_buffer *rb)
862{
863 schedule_work(&rb->work);
864}
865
866struct ring_buffer *rb_alloc(int nr_pages, long watermark, int cpu, int flags)
867{
868 struct ring_buffer *rb;
869 unsigned long size;
870 void *all_buf;
871
872 size = sizeof(struct ring_buffer);
873 size += sizeof(void *);
874
875 rb = kzalloc(size, GFP_KERNEL);
876 if (!rb)
877 goto fail;
878
879 INIT_WORK(&rb->work, rb_free_work);
880
881 all_buf = vmalloc_user((nr_pages + 1) * PAGE_SIZE);
882 if (!all_buf)
883 goto fail_all_buf;
884
885 rb->user_page = all_buf;
886 rb->data_pages[0] = all_buf + PAGE_SIZE;
887 if (nr_pages) {
888 rb->nr_pages = 1;
889 rb->page_order = ilog2(nr_pages);
890 }
891
892 ring_buffer_init(rb, watermark, flags);
893
894 return rb;
895
896fail_all_buf:
897 kfree(rb);
898
899fail:
900 return NULL;
901}
902
903#endif
904
905struct page *
906perf_mmap_to_page(struct ring_buffer *rb, unsigned long pgoff)
907{
908 if (rb->aux_nr_pages) {
909 /* above AUX space */
910 if (pgoff > rb->aux_pgoff + rb->aux_nr_pages)
911 return NULL;
912
913 /* AUX space */
914 if (pgoff >= rb->aux_pgoff) {
915 int aux_pgoff = array_index_nospec(pgoff - rb->aux_pgoff, rb->aux_nr_pages);
916 return virt_to_page(rb->aux_pages[aux_pgoff]);
917 }
918 }
919
920 return __perf_mmap_to_page(rb, pgoff);
921}
1// SPDX-License-Identifier: GPL-2.0
2/*
3 * Performance events ring-buffer code:
4 *
5 * Copyright (C) 2008 Thomas Gleixner <tglx@linutronix.de>
6 * Copyright (C) 2008-2011 Red Hat, Inc., Ingo Molnar
7 * Copyright (C) 2008-2011 Red Hat, Inc., Peter Zijlstra
8 * Copyright © 2009 Paul Mackerras, IBM Corp. <paulus@au1.ibm.com>
9 */
10
11#include <linux/perf_event.h>
12#include <linux/vmalloc.h>
13#include <linux/slab.h>
14#include <linux/circ_buf.h>
15#include <linux/poll.h>
16#include <linux/nospec.h>
17
18#include "internal.h"
19
20static void perf_output_wakeup(struct perf_output_handle *handle)
21{
22 atomic_set(&handle->rb->poll, EPOLLIN);
23
24 handle->event->pending_wakeup = 1;
25 irq_work_queue(&handle->event->pending_irq);
26}
27
28/*
29 * We need to ensure a later event_id doesn't publish a head when a former
30 * event isn't done writing. However since we need to deal with NMIs we
31 * cannot fully serialize things.
32 *
33 * We only publish the head (and generate a wakeup) when the outer-most
34 * event completes.
35 */
36static void perf_output_get_handle(struct perf_output_handle *handle)
37{
38 struct perf_buffer *rb = handle->rb;
39
40 preempt_disable();
41
42 /*
43 * Avoid an explicit LOAD/STORE such that architectures with memops
44 * can use them.
45 */
46 (*(volatile unsigned int *)&rb->nest)++;
47 handle->wakeup = local_read(&rb->wakeup);
48}
49
50static void perf_output_put_handle(struct perf_output_handle *handle)
51{
52 struct perf_buffer *rb = handle->rb;
53 unsigned long head;
54 unsigned int nest;
55
56 /*
57 * If this isn't the outermost nesting, we don't have to update
58 * @rb->user_page->data_head.
59 */
60 nest = READ_ONCE(rb->nest);
61 if (nest > 1) {
62 WRITE_ONCE(rb->nest, nest - 1);
63 goto out;
64 }
65
66again:
67 /*
68 * In order to avoid publishing a head value that goes backwards,
69 * we must ensure the load of @rb->head happens after we've
70 * incremented @rb->nest.
71 *
72 * Otherwise we can observe a @rb->head value before one published
73 * by an IRQ/NMI happening between the load and the increment.
74 */
75 barrier();
76 head = local_read(&rb->head);
77
78 /*
79 * IRQ/NMI can happen here and advance @rb->head, causing our
80 * load above to be stale.
81 */
82
83 /*
84 * Since the mmap() consumer (userspace) can run on a different CPU:
85 *
86 * kernel user
87 *
88 * if (LOAD ->data_tail) { LOAD ->data_head
89 * (A) smp_rmb() (C)
90 * STORE $data LOAD $data
91 * smp_wmb() (B) smp_mb() (D)
92 * STORE ->data_head STORE ->data_tail
93 * }
94 *
95 * Where A pairs with D, and B pairs with C.
96 *
97 * In our case (A) is a control dependency that separates the load of
98 * the ->data_tail and the stores of $data. In case ->data_tail
99 * indicates there is no room in the buffer to store $data we do not.
100 *
101 * D needs to be a full barrier since it separates the data READ
102 * from the tail WRITE.
103 *
104 * For B a WMB is sufficient since it separates two WRITEs, and for C
105 * an RMB is sufficient since it separates two READs.
106 *
107 * See perf_output_begin().
108 */
109 smp_wmb(); /* B, matches C */
110 WRITE_ONCE(rb->user_page->data_head, head);
111
112 /*
113 * We must publish the head before decrementing the nest count,
114 * otherwise an IRQ/NMI can publish a more recent head value and our
115 * write will (temporarily) publish a stale value.
116 */
117 barrier();
118 WRITE_ONCE(rb->nest, 0);
119
120 /*
121 * Ensure we decrement @rb->nest before we validate the @rb->head.
122 * Otherwise we cannot be sure we caught the 'last' nested update.
123 */
124 barrier();
125 if (unlikely(head != local_read(&rb->head))) {
126 WRITE_ONCE(rb->nest, 1);
127 goto again;
128 }
129
130 if (handle->wakeup != local_read(&rb->wakeup))
131 perf_output_wakeup(handle);
132
133out:
134 preempt_enable();
135}
136
137static __always_inline bool
138ring_buffer_has_space(unsigned long head, unsigned long tail,
139 unsigned long data_size, unsigned int size,
140 bool backward)
141{
142 if (!backward)
143 return CIRC_SPACE(head, tail, data_size) >= size;
144 else
145 return CIRC_SPACE(tail, head, data_size) >= size;
146}
147
148static __always_inline int
149__perf_output_begin(struct perf_output_handle *handle,
150 struct perf_sample_data *data,
151 struct perf_event *event, unsigned int size,
152 bool backward)
153{
154 struct perf_buffer *rb;
155 unsigned long tail, offset, head;
156 int have_lost, page_shift;
157 struct {
158 struct perf_event_header header;
159 u64 id;
160 u64 lost;
161 } lost_event;
162
163 rcu_read_lock();
164 /*
165 * For inherited events we send all the output towards the parent.
166 */
167 if (event->parent)
168 event = event->parent;
169
170 rb = rcu_dereference(event->rb);
171 if (unlikely(!rb))
172 goto out;
173
174 if (unlikely(rb->paused)) {
175 if (rb->nr_pages) {
176 local_inc(&rb->lost);
177 atomic64_inc(&event->lost_samples);
178 }
179 goto out;
180 }
181
182 handle->rb = rb;
183 handle->event = event;
184
185 have_lost = local_read(&rb->lost);
186 if (unlikely(have_lost)) {
187 size += sizeof(lost_event);
188 if (event->attr.sample_id_all)
189 size += event->id_header_size;
190 }
191
192 perf_output_get_handle(handle);
193
194 offset = local_read(&rb->head);
195 do {
196 head = offset;
197 tail = READ_ONCE(rb->user_page->data_tail);
198 if (!rb->overwrite) {
199 if (unlikely(!ring_buffer_has_space(head, tail,
200 perf_data_size(rb),
201 size, backward)))
202 goto fail;
203 }
204
205 /*
206 * The above forms a control dependency barrier separating the
207 * @tail load above from the data stores below. Since the @tail
208 * load is required to compute the branch to fail below.
209 *
210 * A, matches D; the full memory barrier userspace SHOULD issue
211 * after reading the data and before storing the new tail
212 * position.
213 *
214 * See perf_output_put_handle().
215 */
216
217 if (!backward)
218 head += size;
219 else
220 head -= size;
221 } while (!local_try_cmpxchg(&rb->head, &offset, head));
222
223 if (backward) {
224 offset = head;
225 head = (u64)(-head);
226 }
227
228 /*
229 * We rely on the implied barrier() by local_cmpxchg() to ensure
230 * none of the data stores below can be lifted up by the compiler.
231 */
232
233 if (unlikely(head - local_read(&rb->wakeup) > rb->watermark))
234 local_add(rb->watermark, &rb->wakeup);
235
236 page_shift = PAGE_SHIFT + page_order(rb);
237
238 handle->page = (offset >> page_shift) & (rb->nr_pages - 1);
239 offset &= (1UL << page_shift) - 1;
240 handle->addr = rb->data_pages[handle->page] + offset;
241 handle->size = (1UL << page_shift) - offset;
242
243 if (unlikely(have_lost)) {
244 lost_event.header.size = sizeof(lost_event);
245 lost_event.header.type = PERF_RECORD_LOST;
246 lost_event.header.misc = 0;
247 lost_event.id = event->id;
248 lost_event.lost = local_xchg(&rb->lost, 0);
249
250 /* XXX mostly redundant; @data is already fully initializes */
251 perf_event_header__init_id(&lost_event.header, data, event);
252 perf_output_put(handle, lost_event);
253 perf_event__output_id_sample(event, handle, data);
254 }
255
256 return 0;
257
258fail:
259 local_inc(&rb->lost);
260 atomic64_inc(&event->lost_samples);
261 perf_output_put_handle(handle);
262out:
263 rcu_read_unlock();
264
265 return -ENOSPC;
266}
267
268int perf_output_begin_forward(struct perf_output_handle *handle,
269 struct perf_sample_data *data,
270 struct perf_event *event, unsigned int size)
271{
272 return __perf_output_begin(handle, data, event, size, false);
273}
274
275int perf_output_begin_backward(struct perf_output_handle *handle,
276 struct perf_sample_data *data,
277 struct perf_event *event, unsigned int size)
278{
279 return __perf_output_begin(handle, data, event, size, true);
280}
281
282int perf_output_begin(struct perf_output_handle *handle,
283 struct perf_sample_data *data,
284 struct perf_event *event, unsigned int size)
285{
286
287 return __perf_output_begin(handle, data, event, size,
288 unlikely(is_write_backward(event)));
289}
290
291unsigned int perf_output_copy(struct perf_output_handle *handle,
292 const void *buf, unsigned int len)
293{
294 return __output_copy(handle, buf, len);
295}
296
297unsigned int perf_output_skip(struct perf_output_handle *handle,
298 unsigned int len)
299{
300 return __output_skip(handle, NULL, len);
301}
302
303void perf_output_end(struct perf_output_handle *handle)
304{
305 perf_output_put_handle(handle);
306 rcu_read_unlock();
307}
308
309static void
310ring_buffer_init(struct perf_buffer *rb, long watermark, int flags)
311{
312 long max_size = perf_data_size(rb);
313
314 if (watermark)
315 rb->watermark = min(max_size, watermark);
316
317 if (!rb->watermark)
318 rb->watermark = max_size / 2;
319
320 if (flags & RING_BUFFER_WRITABLE)
321 rb->overwrite = 0;
322 else
323 rb->overwrite = 1;
324
325 refcount_set(&rb->refcount, 1);
326
327 INIT_LIST_HEAD(&rb->event_list);
328 spin_lock_init(&rb->event_lock);
329
330 /*
331 * perf_output_begin() only checks rb->paused, therefore
332 * rb->paused must be true if we have no pages for output.
333 */
334 if (!rb->nr_pages)
335 rb->paused = 1;
336}
337
338void perf_aux_output_flag(struct perf_output_handle *handle, u64 flags)
339{
340 /*
341 * OVERWRITE is determined by perf_aux_output_end() and can't
342 * be passed in directly.
343 */
344 if (WARN_ON_ONCE(flags & PERF_AUX_FLAG_OVERWRITE))
345 return;
346
347 handle->aux_flags |= flags;
348}
349EXPORT_SYMBOL_GPL(perf_aux_output_flag);
350
351/*
352 * This is called before hardware starts writing to the AUX area to
353 * obtain an output handle and make sure there's room in the buffer.
354 * When the capture completes, call perf_aux_output_end() to commit
355 * the recorded data to the buffer.
356 *
357 * The ordering is similar to that of perf_output_{begin,end}, with
358 * the exception of (B), which should be taken care of by the pmu
359 * driver, since ordering rules will differ depending on hardware.
360 *
361 * Call this from pmu::start(); see the comment in perf_aux_output_end()
362 * about its use in pmu callbacks. Both can also be called from the PMI
363 * handler if needed.
364 */
365void *perf_aux_output_begin(struct perf_output_handle *handle,
366 struct perf_event *event)
367{
368 struct perf_event *output_event = event;
369 unsigned long aux_head, aux_tail;
370 struct perf_buffer *rb;
371 unsigned int nest;
372
373 if (output_event->parent)
374 output_event = output_event->parent;
375
376 /*
377 * Since this will typically be open across pmu::add/pmu::del, we
378 * grab ring_buffer's refcount instead of holding rcu read lock
379 * to make sure it doesn't disappear under us.
380 */
381 rb = ring_buffer_get(output_event);
382 if (!rb)
383 return NULL;
384
385 if (!rb_has_aux(rb))
386 goto err;
387
388 /*
389 * If aux_mmap_count is zero, the aux buffer is in perf_mmap_close(),
390 * about to get freed, so we leave immediately.
391 *
392 * Checking rb::aux_mmap_count and rb::refcount has to be done in
393 * the same order, see perf_mmap_close. Otherwise we end up freeing
394 * aux pages in this path, which is a bug, because in_atomic().
395 */
396 if (!atomic_read(&rb->aux_mmap_count))
397 goto err;
398
399 if (!refcount_inc_not_zero(&rb->aux_refcount))
400 goto err;
401
402 nest = READ_ONCE(rb->aux_nest);
403 /*
404 * Nesting is not supported for AUX area, make sure nested
405 * writers are caught early
406 */
407 if (WARN_ON_ONCE(nest))
408 goto err_put;
409
410 WRITE_ONCE(rb->aux_nest, nest + 1);
411
412 aux_head = rb->aux_head;
413
414 handle->rb = rb;
415 handle->event = event;
416 handle->head = aux_head;
417 handle->size = 0;
418 handle->aux_flags = 0;
419
420 /*
421 * In overwrite mode, AUX data stores do not depend on aux_tail,
422 * therefore (A) control dependency barrier does not exist. The
423 * (B) <-> (C) ordering is still observed by the pmu driver.
424 */
425 if (!rb->aux_overwrite) {
426 aux_tail = READ_ONCE(rb->user_page->aux_tail);
427 handle->wakeup = rb->aux_wakeup + rb->aux_watermark;
428 if (aux_head - aux_tail < perf_aux_size(rb))
429 handle->size = CIRC_SPACE(aux_head, aux_tail, perf_aux_size(rb));
430
431 /*
432 * handle->size computation depends on aux_tail load; this forms a
433 * control dependency barrier separating aux_tail load from aux data
434 * store that will be enabled on successful return
435 */
436 if (!handle->size) { /* A, matches D */
437 event->pending_disable = smp_processor_id();
438 perf_output_wakeup(handle);
439 WRITE_ONCE(rb->aux_nest, 0);
440 goto err_put;
441 }
442 }
443
444 return handle->rb->aux_priv;
445
446err_put:
447 /* can't be last */
448 rb_free_aux(rb);
449
450err:
451 ring_buffer_put(rb);
452 handle->event = NULL;
453
454 return NULL;
455}
456EXPORT_SYMBOL_GPL(perf_aux_output_begin);
457
458static __always_inline bool rb_need_aux_wakeup(struct perf_buffer *rb)
459{
460 if (rb->aux_overwrite)
461 return false;
462
463 if (rb->aux_head - rb->aux_wakeup >= rb->aux_watermark) {
464 rb->aux_wakeup = rounddown(rb->aux_head, rb->aux_watermark);
465 return true;
466 }
467
468 return false;
469}
470
471/*
472 * Commit the data written by hardware into the ring buffer by adjusting
473 * aux_head and posting a PERF_RECORD_AUX into the perf buffer. It is the
474 * pmu driver's responsibility to observe ordering rules of the hardware,
475 * so that all the data is externally visible before this is called.
476 *
477 * Note: this has to be called from pmu::stop() callback, as the assumption
478 * of the AUX buffer management code is that after pmu::stop(), the AUX
479 * transaction must be stopped and therefore drop the AUX reference count.
480 */
481void perf_aux_output_end(struct perf_output_handle *handle, unsigned long size)
482{
483 bool wakeup = !!(handle->aux_flags & PERF_AUX_FLAG_TRUNCATED);
484 struct perf_buffer *rb = handle->rb;
485 unsigned long aux_head;
486
487 /* in overwrite mode, driver provides aux_head via handle */
488 if (rb->aux_overwrite) {
489 handle->aux_flags |= PERF_AUX_FLAG_OVERWRITE;
490
491 aux_head = handle->head;
492 rb->aux_head = aux_head;
493 } else {
494 handle->aux_flags &= ~PERF_AUX_FLAG_OVERWRITE;
495
496 aux_head = rb->aux_head;
497 rb->aux_head += size;
498 }
499
500 /*
501 * Only send RECORD_AUX if we have something useful to communicate
502 *
503 * Note: the OVERWRITE records by themselves are not considered
504 * useful, as they don't communicate any *new* information,
505 * aside from the short-lived offset, that becomes history at
506 * the next event sched-in and therefore isn't useful.
507 * The userspace that needs to copy out AUX data in overwrite
508 * mode should know to use user_page::aux_head for the actual
509 * offset. So, from now on we don't output AUX records that
510 * have *only* OVERWRITE flag set.
511 */
512 if (size || (handle->aux_flags & ~(u64)PERF_AUX_FLAG_OVERWRITE))
513 perf_event_aux_event(handle->event, aux_head, size,
514 handle->aux_flags);
515
516 WRITE_ONCE(rb->user_page->aux_head, rb->aux_head);
517 if (rb_need_aux_wakeup(rb))
518 wakeup = true;
519
520 if (wakeup) {
521 if (handle->aux_flags & PERF_AUX_FLAG_TRUNCATED)
522 handle->event->pending_disable = smp_processor_id();
523 perf_output_wakeup(handle);
524 }
525
526 handle->event = NULL;
527
528 WRITE_ONCE(rb->aux_nest, 0);
529 /* can't be last */
530 rb_free_aux(rb);
531 ring_buffer_put(rb);
532}
533EXPORT_SYMBOL_GPL(perf_aux_output_end);
534
535/*
536 * Skip over a given number of bytes in the AUX buffer, due to, for example,
537 * hardware's alignment constraints.
538 */
539int perf_aux_output_skip(struct perf_output_handle *handle, unsigned long size)
540{
541 struct perf_buffer *rb = handle->rb;
542
543 if (size > handle->size)
544 return -ENOSPC;
545
546 rb->aux_head += size;
547
548 WRITE_ONCE(rb->user_page->aux_head, rb->aux_head);
549 if (rb_need_aux_wakeup(rb)) {
550 perf_output_wakeup(handle);
551 handle->wakeup = rb->aux_wakeup + rb->aux_watermark;
552 }
553
554 handle->head = rb->aux_head;
555 handle->size -= size;
556
557 return 0;
558}
559EXPORT_SYMBOL_GPL(perf_aux_output_skip);
560
561void *perf_get_aux(struct perf_output_handle *handle)
562{
563 /* this is only valid between perf_aux_output_begin and *_end */
564 if (!handle->event)
565 return NULL;
566
567 return handle->rb->aux_priv;
568}
569EXPORT_SYMBOL_GPL(perf_get_aux);
570
571/*
572 * Copy out AUX data from an AUX handle.
573 */
574long perf_output_copy_aux(struct perf_output_handle *aux_handle,
575 struct perf_output_handle *handle,
576 unsigned long from, unsigned long to)
577{
578 struct perf_buffer *rb = aux_handle->rb;
579 unsigned long tocopy, remainder, len = 0;
580 void *addr;
581
582 from &= (rb->aux_nr_pages << PAGE_SHIFT) - 1;
583 to &= (rb->aux_nr_pages << PAGE_SHIFT) - 1;
584
585 do {
586 tocopy = PAGE_SIZE - offset_in_page(from);
587 if (to > from)
588 tocopy = min(tocopy, to - from);
589 if (!tocopy)
590 break;
591
592 addr = rb->aux_pages[from >> PAGE_SHIFT];
593 addr += offset_in_page(from);
594
595 remainder = perf_output_copy(handle, addr, tocopy);
596 if (remainder)
597 return -EFAULT;
598
599 len += tocopy;
600 from += tocopy;
601 from &= (rb->aux_nr_pages << PAGE_SHIFT) - 1;
602 } while (to != from);
603
604 return len;
605}
606
607#define PERF_AUX_GFP (GFP_KERNEL | __GFP_ZERO | __GFP_NOWARN | __GFP_NORETRY)
608
609static struct page *rb_alloc_aux_page(int node, int order)
610{
611 struct page *page;
612
613 if (order > MAX_PAGE_ORDER)
614 order = MAX_PAGE_ORDER;
615
616 do {
617 page = alloc_pages_node(node, PERF_AUX_GFP, order);
618 } while (!page && order--);
619
620 if (page && order) {
621 /*
622 * Communicate the allocation size to the driver:
623 * if we managed to secure a high-order allocation,
624 * set its first page's private to this order;
625 * !PagePrivate(page) means it's just a normal page.
626 */
627 split_page(page, order);
628 SetPagePrivate(page);
629 set_page_private(page, order);
630 }
631
632 return page;
633}
634
635static void rb_free_aux_page(struct perf_buffer *rb, int idx)
636{
637 struct page *page = virt_to_page(rb->aux_pages[idx]);
638
639 ClearPagePrivate(page);
640 page->mapping = NULL;
641 __free_page(page);
642}
643
644static void __rb_free_aux(struct perf_buffer *rb)
645{
646 int pg;
647
648 /*
649 * Should never happen, the last reference should be dropped from
650 * perf_mmap_close() path, which first stops aux transactions (which
651 * in turn are the atomic holders of aux_refcount) and then does the
652 * last rb_free_aux().
653 */
654 WARN_ON_ONCE(in_atomic());
655
656 if (rb->aux_priv) {
657 rb->free_aux(rb->aux_priv);
658 rb->free_aux = NULL;
659 rb->aux_priv = NULL;
660 }
661
662 if (rb->aux_nr_pages) {
663 for (pg = 0; pg < rb->aux_nr_pages; pg++)
664 rb_free_aux_page(rb, pg);
665
666 kfree(rb->aux_pages);
667 rb->aux_nr_pages = 0;
668 }
669}
670
671int rb_alloc_aux(struct perf_buffer *rb, struct perf_event *event,
672 pgoff_t pgoff, int nr_pages, long watermark, int flags)
673{
674 bool overwrite = !(flags & RING_BUFFER_WRITABLE);
675 int node = (event->cpu == -1) ? -1 : cpu_to_node(event->cpu);
676 int ret = -ENOMEM, max_order;
677
678 if (!has_aux(event))
679 return -EOPNOTSUPP;
680
681 if (!overwrite) {
682 /*
683 * Watermark defaults to half the buffer, and so does the
684 * max_order, to aid PMU drivers in double buffering.
685 */
686 if (!watermark)
687 watermark = nr_pages << (PAGE_SHIFT - 1);
688
689 /*
690 * Use aux_watermark as the basis for chunking to
691 * help PMU drivers honor the watermark.
692 */
693 max_order = get_order(watermark);
694 } else {
695 /*
696 * We need to start with the max_order that fits in nr_pages,
697 * not the other way around, hence ilog2() and not get_order.
698 */
699 max_order = ilog2(nr_pages);
700 watermark = 0;
701 }
702
703 /*
704 * kcalloc_node() is unable to allocate buffer if the size is larger
705 * than: PAGE_SIZE << MAX_PAGE_ORDER; directly bail out in this case.
706 */
707 if (get_order((unsigned long)nr_pages * sizeof(void *)) > MAX_PAGE_ORDER)
708 return -ENOMEM;
709 rb->aux_pages = kcalloc_node(nr_pages, sizeof(void *), GFP_KERNEL,
710 node);
711 if (!rb->aux_pages)
712 return -ENOMEM;
713
714 rb->free_aux = event->pmu->free_aux;
715 for (rb->aux_nr_pages = 0; rb->aux_nr_pages < nr_pages;) {
716 struct page *page;
717 int last, order;
718
719 order = min(max_order, ilog2(nr_pages - rb->aux_nr_pages));
720 page = rb_alloc_aux_page(node, order);
721 if (!page)
722 goto out;
723
724 for (last = rb->aux_nr_pages + (1 << page_private(page));
725 last > rb->aux_nr_pages; rb->aux_nr_pages++)
726 rb->aux_pages[rb->aux_nr_pages] = page_address(page++);
727 }
728
729 /*
730 * In overwrite mode, PMUs that don't support SG may not handle more
731 * than one contiguous allocation, since they rely on PMI to do double
732 * buffering. In this case, the entire buffer has to be one contiguous
733 * chunk.
734 */
735 if ((event->pmu->capabilities & PERF_PMU_CAP_AUX_NO_SG) &&
736 overwrite) {
737 struct page *page = virt_to_page(rb->aux_pages[0]);
738
739 if (page_private(page) != max_order)
740 goto out;
741 }
742
743 rb->aux_priv = event->pmu->setup_aux(event, rb->aux_pages, nr_pages,
744 overwrite);
745 if (!rb->aux_priv)
746 goto out;
747
748 ret = 0;
749
750 /*
751 * aux_pages (and pmu driver's private data, aux_priv) will be
752 * referenced in both producer's and consumer's contexts, thus
753 * we keep a refcount here to make sure either of the two can
754 * reference them safely.
755 */
756 refcount_set(&rb->aux_refcount, 1);
757
758 rb->aux_overwrite = overwrite;
759 rb->aux_watermark = watermark;
760
761out:
762 if (!ret)
763 rb->aux_pgoff = pgoff;
764 else
765 __rb_free_aux(rb);
766
767 return ret;
768}
769
770void rb_free_aux(struct perf_buffer *rb)
771{
772 if (refcount_dec_and_test(&rb->aux_refcount))
773 __rb_free_aux(rb);
774}
775
776#ifndef CONFIG_PERF_USE_VMALLOC
777
778/*
779 * Back perf_mmap() with regular GFP_KERNEL-0 pages.
780 */
781
782static struct page *
783__perf_mmap_to_page(struct perf_buffer *rb, unsigned long pgoff)
784{
785 if (pgoff > rb->nr_pages)
786 return NULL;
787
788 if (pgoff == 0)
789 return virt_to_page(rb->user_page);
790
791 return virt_to_page(rb->data_pages[pgoff - 1]);
792}
793
794static void *perf_mmap_alloc_page(int cpu)
795{
796 struct page *page;
797 int node;
798
799 node = (cpu == -1) ? cpu : cpu_to_node(cpu);
800 page = alloc_pages_node(node, GFP_KERNEL | __GFP_ZERO, 0);
801 if (!page)
802 return NULL;
803
804 return page_address(page);
805}
806
807static void perf_mmap_free_page(void *addr)
808{
809 struct page *page = virt_to_page(addr);
810
811 page->mapping = NULL;
812 __free_page(page);
813}
814
815struct perf_buffer *rb_alloc(int nr_pages, long watermark, int cpu, int flags)
816{
817 struct perf_buffer *rb;
818 unsigned long size;
819 int i, node;
820
821 size = sizeof(struct perf_buffer);
822 size += nr_pages * sizeof(void *);
823
824 if (order_base_2(size) > PAGE_SHIFT+MAX_PAGE_ORDER)
825 goto fail;
826
827 node = (cpu == -1) ? cpu : cpu_to_node(cpu);
828 rb = kzalloc_node(size, GFP_KERNEL, node);
829 if (!rb)
830 goto fail;
831
832 rb->user_page = perf_mmap_alloc_page(cpu);
833 if (!rb->user_page)
834 goto fail_user_page;
835
836 for (i = 0; i < nr_pages; i++) {
837 rb->data_pages[i] = perf_mmap_alloc_page(cpu);
838 if (!rb->data_pages[i])
839 goto fail_data_pages;
840 }
841
842 rb->nr_pages = nr_pages;
843
844 ring_buffer_init(rb, watermark, flags);
845
846 return rb;
847
848fail_data_pages:
849 for (i--; i >= 0; i--)
850 perf_mmap_free_page(rb->data_pages[i]);
851
852 perf_mmap_free_page(rb->user_page);
853
854fail_user_page:
855 kfree(rb);
856
857fail:
858 return NULL;
859}
860
861void rb_free(struct perf_buffer *rb)
862{
863 int i;
864
865 perf_mmap_free_page(rb->user_page);
866 for (i = 0; i < rb->nr_pages; i++)
867 perf_mmap_free_page(rb->data_pages[i]);
868 kfree(rb);
869}
870
871#else
872static struct page *
873__perf_mmap_to_page(struct perf_buffer *rb, unsigned long pgoff)
874{
875 /* The '>' counts in the user page. */
876 if (pgoff > data_page_nr(rb))
877 return NULL;
878
879 return vmalloc_to_page((void *)rb->user_page + pgoff * PAGE_SIZE);
880}
881
882static void perf_mmap_unmark_page(void *addr)
883{
884 struct page *page = vmalloc_to_page(addr);
885
886 page->mapping = NULL;
887}
888
889static void rb_free_work(struct work_struct *work)
890{
891 struct perf_buffer *rb;
892 void *base;
893 int i, nr;
894
895 rb = container_of(work, struct perf_buffer, work);
896 nr = data_page_nr(rb);
897
898 base = rb->user_page;
899 /* The '<=' counts in the user page. */
900 for (i = 0; i <= nr; i++)
901 perf_mmap_unmark_page(base + (i * PAGE_SIZE));
902
903 vfree(base);
904 kfree(rb);
905}
906
907void rb_free(struct perf_buffer *rb)
908{
909 schedule_work(&rb->work);
910}
911
912struct perf_buffer *rb_alloc(int nr_pages, long watermark, int cpu, int flags)
913{
914 struct perf_buffer *rb;
915 unsigned long size;
916 void *all_buf;
917 int node;
918
919 size = sizeof(struct perf_buffer);
920 size += sizeof(void *);
921
922 node = (cpu == -1) ? cpu : cpu_to_node(cpu);
923 rb = kzalloc_node(size, GFP_KERNEL, node);
924 if (!rb)
925 goto fail;
926
927 INIT_WORK(&rb->work, rb_free_work);
928
929 all_buf = vmalloc_user((nr_pages + 1) * PAGE_SIZE);
930 if (!all_buf)
931 goto fail_all_buf;
932
933 rb->user_page = all_buf;
934 rb->data_pages[0] = all_buf + PAGE_SIZE;
935 if (nr_pages) {
936 rb->nr_pages = 1;
937 rb->page_order = ilog2(nr_pages);
938 }
939
940 ring_buffer_init(rb, watermark, flags);
941
942 return rb;
943
944fail_all_buf:
945 kfree(rb);
946
947fail:
948 return NULL;
949}
950
951#endif
952
953struct page *
954perf_mmap_to_page(struct perf_buffer *rb, unsigned long pgoff)
955{
956 if (rb->aux_nr_pages) {
957 /* above AUX space */
958 if (pgoff > rb->aux_pgoff + rb->aux_nr_pages)
959 return NULL;
960
961 /* AUX space */
962 if (pgoff >= rb->aux_pgoff) {
963 int aux_pgoff = array_index_nospec(pgoff - rb->aux_pgoff, rb->aux_nr_pages);
964 return virt_to_page(rb->aux_pages[aux_pgoff]);
965 }
966 }
967
968 return __perf_mmap_to_page(rb, pgoff);
969}