1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * Performance events ring-buffer code:
4 *
5 * Copyright (C) 2008 Thomas Gleixner <tglx@linutronix.de>
6 * Copyright (C) 2008-2011 Red Hat, Inc., Ingo Molnar
7 * Copyright (C) 2008-2011 Red Hat, Inc., Peter Zijlstra
8 * Copyright © 2009 Paul Mackerras, IBM Corp. <paulus@au1.ibm.com>
9 */
10
11 #include <linux/perf_event.h>
12 #include <linux/vmalloc.h>
13 #include <linux/slab.h>
14 #include <linux/circ_buf.h>
15 #include <linux/poll.h>
16 #include <linux/nospec.h>
17
18 #include "internal.h"
19
perf_output_wakeup(struct perf_output_handle * handle)20 static void perf_output_wakeup(struct perf_output_handle *handle)
21 {
22 atomic_set(&handle->rb->poll, EPOLLIN | EPOLLRDNORM);
23
24 handle->event->pending_wakeup = 1;
25 irq_work_queue(&handle->event->pending_irq);
26 }
27
28 /*
29 * We need to ensure a later event_id doesn't publish a head when a former
30 * event isn't done writing. However since we need to deal with NMIs we
31 * cannot fully serialize things.
32 *
33 * We only publish the head (and generate a wakeup) when the outer-most
34 * event completes.
35 */
perf_output_get_handle(struct perf_output_handle * handle)36 static void perf_output_get_handle(struct perf_output_handle *handle)
37 {
38 struct perf_buffer *rb = handle->rb;
39
40 preempt_disable();
41
42 /*
43 * Avoid an explicit LOAD/STORE such that architectures with memops
44 * can use them.
45 */
46 (*(volatile unsigned int *)&rb->nest)++;
47 handle->wakeup = local_read(&rb->wakeup);
48 }
49
perf_output_put_handle(struct perf_output_handle * handle)50 static void perf_output_put_handle(struct perf_output_handle *handle)
51 {
52 struct perf_buffer *rb = handle->rb;
53 unsigned long head;
54 unsigned int nest;
55
56 /*
57 * If this isn't the outermost nesting, we don't have to update
58 * @rb->user_page->data_head.
59 */
60 nest = READ_ONCE(rb->nest);
61 if (nest > 1) {
62 WRITE_ONCE(rb->nest, nest - 1);
63 goto out;
64 }
65
66 again:
67 /*
68 * In order to avoid publishing a head value that goes backwards,
69 * we must ensure the load of @rb->head happens after we've
70 * incremented @rb->nest.
71 *
72 * Otherwise we can observe a @rb->head value before one published
73 * by an IRQ/NMI happening between the load and the increment.
74 */
75 barrier();
76 head = local_read(&rb->head);
77
78 /*
79 * IRQ/NMI can happen here and advance @rb->head, causing our
80 * load above to be stale.
81 */
82
83 /*
84 * Since the mmap() consumer (userspace) can run on a different CPU:
85 *
86 * kernel user
87 *
88 * if (LOAD ->data_tail) { LOAD ->data_head
89 * (A) smp_rmb() (C)
90 * STORE $data LOAD $data
91 * smp_wmb() (B) smp_mb() (D)
92 * STORE ->data_head STORE ->data_tail
93 * }
94 *
95 * Where A pairs with D, and B pairs with C.
96 *
97 * In our case (A) is a control dependency that separates the load of
98 * the ->data_tail and the stores of $data. In case ->data_tail
99 * indicates there is no room in the buffer to store $data we do not.
100 *
101 * D needs to be a full barrier since it separates the data READ
102 * from the tail WRITE.
103 *
104 * For B a WMB is sufficient since it separates two WRITEs, and for C
105 * an RMB is sufficient since it separates two READs.
106 *
107 * See perf_output_begin().
108 */
109 smp_wmb(); /* B, matches C */
110 WRITE_ONCE(rb->user_page->data_head, head);
111
112 /*
113 * We must publish the head before decrementing the nest count,
114 * otherwise an IRQ/NMI can publish a more recent head value and our
115 * write will (temporarily) publish a stale value.
116 */
117 barrier();
118 WRITE_ONCE(rb->nest, 0);
119
120 /*
121 * Ensure we decrement @rb->nest before we validate the @rb->head.
122 * Otherwise we cannot be sure we caught the 'last' nested update.
123 */
124 barrier();
125 if (unlikely(head != local_read(&rb->head))) {
126 WRITE_ONCE(rb->nest, 1);
127 goto again;
128 }
129
130 if (handle->wakeup != local_read(&rb->wakeup))
131 perf_output_wakeup(handle);
132
133 out:
134 preempt_enable();
135 }
136
137 static __always_inline bool
ring_buffer_has_space(unsigned long head,unsigned long tail,unsigned long data_size,unsigned int size,bool backward)138 ring_buffer_has_space(unsigned long head, unsigned long tail,
139 unsigned long data_size, unsigned int size,
140 bool backward)
141 {
142 if (!backward)
143 return CIRC_SPACE(head, tail, data_size) >= size;
144 else
145 return CIRC_SPACE(tail, head, data_size) >= size;
146 }
147
148 static __always_inline int
__perf_output_begin(struct perf_output_handle * handle,struct perf_sample_data * data,struct perf_event * event,unsigned int size,bool backward)149 __perf_output_begin(struct perf_output_handle *handle,
150 struct perf_sample_data *data,
151 struct perf_event *event, unsigned int size,
152 bool backward)
153 {
154 struct perf_buffer *rb;
155 unsigned long tail, offset, head;
156 int have_lost, page_shift;
157 struct {
158 struct perf_event_header header;
159 u64 id;
160 u64 lost;
161 } lost_event;
162
163 rcu_read_lock();
164 /*
165 * For inherited events we send all the output towards the parent.
166 */
167 if (event->parent)
168 event = event->parent;
169
170 rb = rcu_dereference(event->rb);
171 if (unlikely(!rb))
172 goto out;
173
174 if (unlikely(rb->paused)) {
175 if (rb->nr_pages) {
176 local_inc(&rb->lost);
177 atomic64_inc(&event->lost_samples);
178 }
179 goto out;
180 }
181
182 handle->rb = rb;
183 handle->event = event;
184 handle->flags = 0;
185
186 have_lost = local_read(&rb->lost);
187 if (unlikely(have_lost)) {
188 size += sizeof(lost_event);
189 if (event->attr.sample_id_all)
190 size += event->id_header_size;
191 }
192
193 perf_output_get_handle(handle);
194
195 offset = local_read(&rb->head);
196 do {
197 head = offset;
198 tail = READ_ONCE(rb->user_page->data_tail);
199 if (!rb->overwrite) {
200 if (unlikely(!ring_buffer_has_space(head, tail,
201 perf_data_size(rb),
202 size, backward)))
203 goto fail;
204 }
205
206 /*
207 * The above forms a control dependency barrier separating the
208 * @tail load above from the data stores below. Since the @tail
209 * load is required to compute the branch to fail below.
210 *
211 * A, matches D; the full memory barrier userspace SHOULD issue
212 * after reading the data and before storing the new tail
213 * position.
214 *
215 * See perf_output_put_handle().
216 */
217
218 if (!backward)
219 head += size;
220 else
221 head -= size;
222 } while (!local_try_cmpxchg(&rb->head, &offset, head));
223
224 if (backward) {
225 offset = head;
226 head = (u64)(-head);
227 }
228
229 /*
230 * We rely on the implied barrier() by local_cmpxchg() to ensure
231 * none of the data stores below can be lifted up by the compiler.
232 */
233
234 if (unlikely(head - local_read(&rb->wakeup) > rb->watermark))
235 local_add(rb->watermark, &rb->wakeup);
236
237 page_shift = PAGE_SHIFT + page_order(rb);
238
239 handle->page = (offset >> page_shift) & (rb->nr_pages - 1);
240 offset &= (1UL << page_shift) - 1;
241 handle->addr = rb->data_pages[handle->page] + offset;
242 handle->size = (1UL << page_shift) - offset;
243
244 if (unlikely(have_lost)) {
245 lost_event.header.size = sizeof(lost_event);
246 lost_event.header.type = PERF_RECORD_LOST;
247 lost_event.header.misc = 0;
248 lost_event.id = event->id;
249 lost_event.lost = local_xchg(&rb->lost, 0);
250
251 /* XXX mostly redundant; @data is already fully initializes */
252 perf_event_header__init_id(&lost_event.header, data, event);
253 perf_output_put(handle, lost_event);
254 perf_event__output_id_sample(event, handle, data);
255 }
256
257 return 0;
258
259 fail:
260 local_inc(&rb->lost);
261 atomic64_inc(&event->lost_samples);
262 perf_output_put_handle(handle);
263 out:
264 rcu_read_unlock();
265
266 return -ENOSPC;
267 }
268
perf_output_begin_forward(struct perf_output_handle * handle,struct perf_sample_data * data,struct perf_event * event,unsigned int size)269 int perf_output_begin_forward(struct perf_output_handle *handle,
270 struct perf_sample_data *data,
271 struct perf_event *event, unsigned int size)
272 {
273 return __perf_output_begin(handle, data, event, size, false);
274 }
275
perf_output_begin_backward(struct perf_output_handle * handle,struct perf_sample_data * data,struct perf_event * event,unsigned int size)276 int perf_output_begin_backward(struct perf_output_handle *handle,
277 struct perf_sample_data *data,
278 struct perf_event *event, unsigned int size)
279 {
280 return __perf_output_begin(handle, data, event, size, true);
281 }
282
perf_output_begin(struct perf_output_handle * handle,struct perf_sample_data * data,struct perf_event * event,unsigned int size)283 int perf_output_begin(struct perf_output_handle *handle,
284 struct perf_sample_data *data,
285 struct perf_event *event, unsigned int size)
286 {
287
288 return __perf_output_begin(handle, data, event, size,
289 unlikely(is_write_backward(event)));
290 }
291
perf_output_copy(struct perf_output_handle * handle,const void * buf,unsigned int len)292 unsigned int perf_output_copy(struct perf_output_handle *handle,
293 const void *buf, unsigned int len)
294 {
295 return __output_copy(handle, buf, len);
296 }
297
perf_output_skip(struct perf_output_handle * handle,unsigned int len)298 unsigned int perf_output_skip(struct perf_output_handle *handle,
299 unsigned int len)
300 {
301 return __output_skip(handle, NULL, len);
302 }
303
perf_output_end(struct perf_output_handle * handle)304 void perf_output_end(struct perf_output_handle *handle)
305 {
306 perf_output_put_handle(handle);
307 rcu_read_unlock();
308 }
309
310 static void
ring_buffer_init(struct perf_buffer * rb,long watermark,int flags)311 ring_buffer_init(struct perf_buffer *rb, long watermark, int flags)
312 {
313 long max_size = perf_data_size(rb);
314
315 if (watermark)
316 rb->watermark = min(max_size, watermark);
317
318 if (!rb->watermark)
319 rb->watermark = max_size / 2;
320
321 if (flags & RING_BUFFER_WRITABLE)
322 rb->overwrite = 0;
323 else
324 rb->overwrite = 1;
325
326 refcount_set(&rb->refcount, 1);
327
328 INIT_LIST_HEAD(&rb->event_list);
329 spin_lock_init(&rb->event_lock);
330
331 /*
332 * perf_output_begin() only checks rb->paused, therefore
333 * rb->paused must be true if we have no pages for output.
334 */
335 if (!rb->nr_pages)
336 rb->paused = 1;
337
338 mutex_init(&rb->aux_mutex);
339 }
340
perf_aux_output_flag(struct perf_output_handle * handle,u64 flags)341 void perf_aux_output_flag(struct perf_output_handle *handle, u64 flags)
342 {
343 /*
344 * OVERWRITE is determined by perf_aux_output_end() and can't
345 * be passed in directly.
346 */
347 if (WARN_ON_ONCE(flags & PERF_AUX_FLAG_OVERWRITE))
348 return;
349
350 handle->aux_flags |= flags;
351 }
352 EXPORT_SYMBOL_GPL(perf_aux_output_flag);
353
354 /*
355 * This is called before hardware starts writing to the AUX area to
356 * obtain an output handle and make sure there's room in the buffer.
357 * When the capture completes, call perf_aux_output_end() to commit
358 * the recorded data to the buffer.
359 *
360 * The ordering is similar to that of perf_output_{begin,end}, with
361 * the exception of (B), which should be taken care of by the pmu
362 * driver, since ordering rules will differ depending on hardware.
363 *
364 * Call this from pmu::start(); see the comment in perf_aux_output_end()
365 * about its use in pmu callbacks. Both can also be called from the PMI
366 * handler if needed.
367 */
perf_aux_output_begin(struct perf_output_handle * handle,struct perf_event * event)368 void *perf_aux_output_begin(struct perf_output_handle *handle,
369 struct perf_event *event)
370 {
371 struct perf_event *output_event = event;
372 unsigned long aux_head, aux_tail;
373 struct perf_buffer *rb;
374 unsigned int nest;
375
376 if (output_event->parent)
377 output_event = output_event->parent;
378
379 /*
380 * Since this will typically be open across pmu::add/pmu::del, we
381 * grab ring_buffer's refcount instead of holding rcu read lock
382 * to make sure it doesn't disappear under us.
383 */
384 rb = ring_buffer_get(output_event);
385 if (!rb)
386 return NULL;
387
388 if (!rb_has_aux(rb))
389 goto err;
390
391 /*
392 * If aux_mmap_count is zero, the aux buffer is in perf_mmap_close(),
393 * about to get freed, so we leave immediately.
394 *
395 * Checking rb::aux_mmap_count and rb::refcount has to be done in
396 * the same order, see perf_mmap_close. Otherwise we end up freeing
397 * aux pages in this path, which is a bug, because in_atomic().
398 */
399 if (!atomic_read(&rb->aux_mmap_count))
400 goto err;
401
402 if (!refcount_inc_not_zero(&rb->aux_refcount))
403 goto err;
404
405 nest = READ_ONCE(rb->aux_nest);
406 /*
407 * Nesting is not supported for AUX area, make sure nested
408 * writers are caught early
409 */
410 if (WARN_ON_ONCE(nest))
411 goto err_put;
412
413 WRITE_ONCE(rb->aux_nest, nest + 1);
414
415 aux_head = rb->aux_head;
416
417 handle->rb = rb;
418 handle->event = event;
419 handle->head = aux_head;
420 handle->size = 0;
421 handle->aux_flags = 0;
422
423 /*
424 * In overwrite mode, AUX data stores do not depend on aux_tail,
425 * therefore (A) control dependency barrier does not exist. The
426 * (B) <-> (C) ordering is still observed by the pmu driver.
427 */
428 if (!rb->aux_overwrite) {
429 aux_tail = READ_ONCE(rb->user_page->aux_tail);
430 handle->wakeup = rb->aux_wakeup + rb->aux_watermark;
431 if (aux_head - aux_tail < perf_aux_size(rb))
432 handle->size = CIRC_SPACE(aux_head, aux_tail, perf_aux_size(rb));
433
434 /*
435 * handle->size computation depends on aux_tail load; this forms a
436 * control dependency barrier separating aux_tail load from aux data
437 * store that will be enabled on successful return
438 */
439 if (!handle->size) { /* A, matches D */
440 event->pending_disable = smp_processor_id();
441 perf_output_wakeup(handle);
442 WRITE_ONCE(rb->aux_nest, 0);
443 goto err_put;
444 }
445 }
446
447 return handle->rb->aux_priv;
448
449 err_put:
450 /* can't be last */
451 rb_free_aux(rb);
452
453 err:
454 ring_buffer_put(rb);
455 handle->event = NULL;
456
457 return NULL;
458 }
459 EXPORT_SYMBOL_GPL(perf_aux_output_begin);
460
rb_need_aux_wakeup(struct perf_buffer * rb)461 static __always_inline bool rb_need_aux_wakeup(struct perf_buffer *rb)
462 {
463 if (rb->aux_overwrite)
464 return false;
465
466 if (rb->aux_head - rb->aux_wakeup >= rb->aux_watermark) {
467 rb->aux_wakeup = rounddown(rb->aux_head, rb->aux_watermark);
468 return true;
469 }
470
471 return false;
472 }
473
474 /*
475 * Commit the data written by hardware into the ring buffer by adjusting
476 * aux_head and posting a PERF_RECORD_AUX into the perf buffer. It is the
477 * pmu driver's responsibility to observe ordering rules of the hardware,
478 * so that all the data is externally visible before this is called.
479 *
480 * Note: this has to be called from pmu::stop() callback, as the assumption
481 * of the AUX buffer management code is that after pmu::stop(), the AUX
482 * transaction must be stopped and therefore drop the AUX reference count.
483 */
perf_aux_output_end(struct perf_output_handle * handle,unsigned long size)484 void perf_aux_output_end(struct perf_output_handle *handle, unsigned long size)
485 {
486 bool wakeup = !!(handle->aux_flags & PERF_AUX_FLAG_TRUNCATED);
487 struct perf_buffer *rb = handle->rb;
488 unsigned long aux_head;
489
490 /* in overwrite mode, driver provides aux_head via handle */
491 if (rb->aux_overwrite) {
492 handle->aux_flags |= PERF_AUX_FLAG_OVERWRITE;
493
494 aux_head = handle->head;
495 rb->aux_head = aux_head;
496 } else {
497 handle->aux_flags &= ~PERF_AUX_FLAG_OVERWRITE;
498
499 aux_head = rb->aux_head;
500 rb->aux_head += size;
501 }
502
503 /*
504 * Only send RECORD_AUX if we have something useful to communicate
505 *
506 * Note: the OVERWRITE records by themselves are not considered
507 * useful, as they don't communicate any *new* information,
508 * aside from the short-lived offset, that becomes history at
509 * the next event sched-in and therefore isn't useful.
510 * The userspace that needs to copy out AUX data in overwrite
511 * mode should know to use user_page::aux_head for the actual
512 * offset. So, from now on we don't output AUX records that
513 * have *only* OVERWRITE flag set.
514 */
515 if (size || (handle->aux_flags & ~(u64)PERF_AUX_FLAG_OVERWRITE))
516 perf_event_aux_event(handle->event, aux_head, size,
517 handle->aux_flags);
518
519 WRITE_ONCE(rb->user_page->aux_head, rb->aux_head);
520 if (rb_need_aux_wakeup(rb))
521 wakeup = true;
522
523 if (wakeup) {
524 if (handle->aux_flags & PERF_AUX_FLAG_TRUNCATED)
525 handle->event->pending_disable = smp_processor_id();
526 perf_output_wakeup(handle);
527 }
528
529 handle->event = NULL;
530
531 WRITE_ONCE(rb->aux_nest, 0);
532 /* can't be last */
533 rb_free_aux(rb);
534 ring_buffer_put(rb);
535 }
536 EXPORT_SYMBOL_GPL(perf_aux_output_end);
537
538 /*
539 * Skip over a given number of bytes in the AUX buffer, due to, for example,
540 * hardware's alignment constraints.
541 */
perf_aux_output_skip(struct perf_output_handle * handle,unsigned long size)542 int perf_aux_output_skip(struct perf_output_handle *handle, unsigned long size)
543 {
544 struct perf_buffer *rb = handle->rb;
545
546 if (size > handle->size)
547 return -ENOSPC;
548
549 rb->aux_head += size;
550
551 WRITE_ONCE(rb->user_page->aux_head, rb->aux_head);
552 if (rb_need_aux_wakeup(rb)) {
553 perf_output_wakeup(handle);
554 handle->wakeup = rb->aux_wakeup + rb->aux_watermark;
555 }
556
557 handle->head = rb->aux_head;
558 handle->size -= size;
559
560 return 0;
561 }
562 EXPORT_SYMBOL_GPL(perf_aux_output_skip);
563
perf_get_aux(struct perf_output_handle * handle)564 void *perf_get_aux(struct perf_output_handle *handle)
565 {
566 /* this is only valid between perf_aux_output_begin and *_end */
567 if (!handle->event)
568 return NULL;
569
570 return handle->rb->aux_priv;
571 }
572 EXPORT_SYMBOL_GPL(perf_get_aux);
573
574 /*
575 * Copy out AUX data from an AUX handle.
576 */
perf_output_copy_aux(struct perf_output_handle * aux_handle,struct perf_output_handle * handle,unsigned long from,unsigned long to)577 long perf_output_copy_aux(struct perf_output_handle *aux_handle,
578 struct perf_output_handle *handle,
579 unsigned long from, unsigned long to)
580 {
581 struct perf_buffer *rb = aux_handle->rb;
582 unsigned long tocopy, remainder, len = 0;
583 void *addr;
584
585 from &= (rb->aux_nr_pages << PAGE_SHIFT) - 1;
586 to &= (rb->aux_nr_pages << PAGE_SHIFT) - 1;
587
588 do {
589 tocopy = PAGE_SIZE - offset_in_page(from);
590 if (to > from)
591 tocopy = min(tocopy, to - from);
592 if (!tocopy)
593 break;
594
595 addr = rb->aux_pages[from >> PAGE_SHIFT];
596 addr += offset_in_page(from);
597
598 remainder = perf_output_copy(handle, addr, tocopy);
599 if (remainder)
600 return -EFAULT;
601
602 len += tocopy;
603 from += tocopy;
604 from &= (rb->aux_nr_pages << PAGE_SHIFT) - 1;
605 } while (to != from);
606
607 return len;
608 }
609
610 #define PERF_AUX_GFP (GFP_KERNEL | __GFP_ZERO | __GFP_NOWARN | __GFP_NORETRY)
611
rb_alloc_aux_page(int node,int order)612 static struct page *rb_alloc_aux_page(int node, int order)
613 {
614 struct page *page;
615
616 if (order > MAX_ORDER)
617 order = MAX_ORDER;
618
619 do {
620 page = alloc_pages_node(node, PERF_AUX_GFP, order);
621 } while (!page && order--);
622
623 if (page && order) {
624 /*
625 * Communicate the allocation size to the driver:
626 * if we managed to secure a high-order allocation,
627 * set its first page's private to this order;
628 * !PagePrivate(page) means it's just a normal page.
629 */
630 split_page(page, order);
631 SetPagePrivate(page);
632 set_page_private(page, order);
633 }
634
635 return page;
636 }
637
rb_free_aux_page(struct perf_buffer * rb,int idx)638 static void rb_free_aux_page(struct perf_buffer *rb, int idx)
639 {
640 struct page *page = virt_to_page(rb->aux_pages[idx]);
641
642 ClearPagePrivate(page);
643 page->mapping = NULL;
644 __free_page(page);
645 }
646
__rb_free_aux(struct perf_buffer * rb)647 static void __rb_free_aux(struct perf_buffer *rb)
648 {
649 int pg;
650
651 /*
652 * Should never happen, the last reference should be dropped from
653 * perf_mmap_close() path, which first stops aux transactions (which
654 * in turn are the atomic holders of aux_refcount) and then does the
655 * last rb_free_aux().
656 */
657 WARN_ON_ONCE(in_atomic());
658
659 if (rb->aux_priv) {
660 rb->free_aux(rb->aux_priv);
661 rb->free_aux = NULL;
662 rb->aux_priv = NULL;
663 }
664
665 if (rb->aux_nr_pages) {
666 for (pg = 0; pg < rb->aux_nr_pages; pg++)
667 rb_free_aux_page(rb, pg);
668
669 kfree(rb->aux_pages);
670 rb->aux_nr_pages = 0;
671 }
672 }
673
rb_alloc_aux(struct perf_buffer * rb,struct perf_event * event,pgoff_t pgoff,int nr_pages,long watermark,int flags)674 int rb_alloc_aux(struct perf_buffer *rb, struct perf_event *event,
675 pgoff_t pgoff, int nr_pages, long watermark, int flags)
676 {
677 bool overwrite = !(flags & RING_BUFFER_WRITABLE);
678 int node = (event->cpu == -1) ? -1 : cpu_to_node(event->cpu);
679 int ret = -ENOMEM, max_order;
680
681 if (!has_aux(event))
682 return -EOPNOTSUPP;
683
684 if (!overwrite) {
685 /*
686 * Watermark defaults to half the buffer, and so does the
687 * max_order, to aid PMU drivers in double buffering.
688 */
689 if (!watermark)
690 watermark = min_t(unsigned long,
691 U32_MAX,
692 (unsigned long)nr_pages << (PAGE_SHIFT - 1));
693
694 /*
695 * Use aux_watermark as the basis for chunking to
696 * help PMU drivers honor the watermark.
697 */
698 max_order = get_order(watermark);
699 } else {
700 /*
701 * We need to start with the max_order that fits in nr_pages,
702 * not the other way around, hence ilog2() and not get_order.
703 */
704 max_order = ilog2(nr_pages);
705 watermark = 0;
706 }
707
708 /*
709 * kcalloc_node() is unable to allocate buffer if the size is larger
710 * than: PAGE_SIZE << MAX_ORDER; directly bail out in this case.
711 */
712 if (get_order((unsigned long)nr_pages * sizeof(void *)) > MAX_ORDER)
713 return -ENOMEM;
714 rb->aux_pages = kcalloc_node(nr_pages, sizeof(void *), GFP_KERNEL,
715 node);
716 if (!rb->aux_pages)
717 return -ENOMEM;
718
719 rb->free_aux = event->pmu->free_aux;
720 for (rb->aux_nr_pages = 0; rb->aux_nr_pages < nr_pages;) {
721 struct page *page;
722 int last, order;
723
724 order = min(max_order, ilog2(nr_pages - rb->aux_nr_pages));
725 page = rb_alloc_aux_page(node, order);
726 if (!page)
727 goto out;
728
729 for (last = rb->aux_nr_pages + (1 << page_private(page));
730 last > rb->aux_nr_pages; rb->aux_nr_pages++)
731 rb->aux_pages[rb->aux_nr_pages] = page_address(page++);
732 }
733
734 /*
735 * In overwrite mode, PMUs that don't support SG may not handle more
736 * than one contiguous allocation, since they rely on PMI to do double
737 * buffering. In this case, the entire buffer has to be one contiguous
738 * chunk.
739 */
740 if ((event->pmu->capabilities & PERF_PMU_CAP_AUX_NO_SG) &&
741 overwrite) {
742 struct page *page = virt_to_page(rb->aux_pages[0]);
743
744 if (page_private(page) != max_order)
745 goto out;
746 }
747
748 rb->aux_priv = event->pmu->setup_aux(event, rb->aux_pages, nr_pages,
749 overwrite);
750 if (!rb->aux_priv)
751 goto out;
752
753 ret = 0;
754
755 /*
756 * aux_pages (and pmu driver's private data, aux_priv) will be
757 * referenced in both producer's and consumer's contexts, thus
758 * we keep a refcount here to make sure either of the two can
759 * reference them safely.
760 */
761 refcount_set(&rb->aux_refcount, 1);
762
763 rb->aux_overwrite = overwrite;
764 rb->aux_watermark = watermark;
765
766 out:
767 if (!ret)
768 rb->aux_pgoff = pgoff;
769 else
770 __rb_free_aux(rb);
771
772 return ret;
773 }
774
rb_free_aux(struct perf_buffer * rb)775 void rb_free_aux(struct perf_buffer *rb)
776 {
777 if (refcount_dec_and_test(&rb->aux_refcount))
778 __rb_free_aux(rb);
779 }
780
781 #ifndef CONFIG_PERF_USE_VMALLOC
782
783 /*
784 * Back perf_mmap() with regular GFP_KERNEL-0 pages.
785 */
786
787 static struct page *
__perf_mmap_to_page(struct perf_buffer * rb,unsigned long pgoff)788 __perf_mmap_to_page(struct perf_buffer *rb, unsigned long pgoff)
789 {
790 if (pgoff > rb->nr_pages)
791 return NULL;
792
793 if (pgoff == 0)
794 return virt_to_page(rb->user_page);
795
796 return virt_to_page(rb->data_pages[pgoff - 1]);
797 }
798
perf_mmap_alloc_page(int cpu)799 static void *perf_mmap_alloc_page(int cpu)
800 {
801 struct page *page;
802 int node;
803
804 node = (cpu == -1) ? cpu : cpu_to_node(cpu);
805 page = alloc_pages_node(node, GFP_KERNEL | __GFP_ZERO, 0);
806 if (!page)
807 return NULL;
808
809 return page_address(page);
810 }
811
perf_mmap_free_page(void * addr)812 static void perf_mmap_free_page(void *addr)
813 {
814 struct page *page = virt_to_page(addr);
815
816 page->mapping = NULL;
817 __free_page(page);
818 }
819
rb_alloc(int nr_pages,long watermark,int cpu,int flags)820 struct perf_buffer *rb_alloc(int nr_pages, long watermark, int cpu, int flags)
821 {
822 struct perf_buffer *rb;
823 unsigned long size;
824 int i, node;
825
826 size = sizeof(struct perf_buffer);
827 size += nr_pages * sizeof(void *);
828
829 if (order_base_2(size) > PAGE_SHIFT+MAX_ORDER)
830 goto fail;
831
832 node = (cpu == -1) ? cpu : cpu_to_node(cpu);
833 rb = kzalloc_node(size, GFP_KERNEL, node);
834 if (!rb)
835 goto fail;
836
837 rb->user_page = perf_mmap_alloc_page(cpu);
838 if (!rb->user_page)
839 goto fail_user_page;
840
841 for (i = 0; i < nr_pages; i++) {
842 rb->data_pages[i] = perf_mmap_alloc_page(cpu);
843 if (!rb->data_pages[i])
844 goto fail_data_pages;
845 }
846
847 rb->nr_pages = nr_pages;
848
849 ring_buffer_init(rb, watermark, flags);
850
851 return rb;
852
853 fail_data_pages:
854 for (i--; i >= 0; i--)
855 perf_mmap_free_page(rb->data_pages[i]);
856
857 perf_mmap_free_page(rb->user_page);
858
859 fail_user_page:
860 kfree(rb);
861
862 fail:
863 return NULL;
864 }
865
rb_free(struct perf_buffer * rb)866 void rb_free(struct perf_buffer *rb)
867 {
868 int i;
869
870 perf_mmap_free_page(rb->user_page);
871 for (i = 0; i < rb->nr_pages; i++)
872 perf_mmap_free_page(rb->data_pages[i]);
873 kfree(rb);
874 }
875
876 #else
877 static struct page *
__perf_mmap_to_page(struct perf_buffer * rb,unsigned long pgoff)878 __perf_mmap_to_page(struct perf_buffer *rb, unsigned long pgoff)
879 {
880 /* The '>' counts in the user page. */
881 if (pgoff > data_page_nr(rb))
882 return NULL;
883
884 return vmalloc_to_page((void *)rb->user_page + pgoff * PAGE_SIZE);
885 }
886
perf_mmap_unmark_page(void * addr)887 static void perf_mmap_unmark_page(void *addr)
888 {
889 struct page *page = vmalloc_to_page(addr);
890
891 page->mapping = NULL;
892 }
893
rb_free_work(struct work_struct * work)894 static void rb_free_work(struct work_struct *work)
895 {
896 struct perf_buffer *rb;
897 void *base;
898 int i, nr;
899
900 rb = container_of(work, struct perf_buffer, work);
901 nr = data_page_nr(rb);
902
903 base = rb->user_page;
904 /* The '<=' counts in the user page. */
905 for (i = 0; i <= nr; i++)
906 perf_mmap_unmark_page(base + (i * PAGE_SIZE));
907
908 vfree(base);
909 kfree(rb);
910 }
911
rb_free(struct perf_buffer * rb)912 void rb_free(struct perf_buffer *rb)
913 {
914 schedule_work(&rb->work);
915 }
916
rb_alloc(int nr_pages,long watermark,int cpu,int flags)917 struct perf_buffer *rb_alloc(int nr_pages, long watermark, int cpu, int flags)
918 {
919 struct perf_buffer *rb;
920 unsigned long size;
921 void *all_buf;
922 int node;
923
924 size = sizeof(struct perf_buffer);
925 size += sizeof(void *);
926
927 node = (cpu == -1) ? cpu : cpu_to_node(cpu);
928 rb = kzalloc_node(size, GFP_KERNEL, node);
929 if (!rb)
930 goto fail;
931
932 INIT_WORK(&rb->work, rb_free_work);
933
934 all_buf = vmalloc_user((nr_pages + 1) * PAGE_SIZE);
935 if (!all_buf)
936 goto fail_all_buf;
937
938 rb->user_page = all_buf;
939 rb->data_pages[0] = all_buf + PAGE_SIZE;
940 if (nr_pages) {
941 rb->nr_pages = 1;
942 rb->page_order = ilog2(nr_pages);
943 }
944
945 ring_buffer_init(rb, watermark, flags);
946
947 return rb;
948
949 fail_all_buf:
950 kfree(rb);
951
952 fail:
953 return NULL;
954 }
955
956 #endif
957
958 struct page *
perf_mmap_to_page(struct perf_buffer * rb,unsigned long pgoff)959 perf_mmap_to_page(struct perf_buffer *rb, unsigned long pgoff)
960 {
961 if (rb->aux_nr_pages) {
962 /* above AUX space */
963 if (pgoff > rb->aux_pgoff + rb->aux_nr_pages)
964 return NULL;
965
966 /* AUX space */
967 if (pgoff >= rb->aux_pgoff) {
968 int aux_pgoff = array_index_nospec(pgoff - rb->aux_pgoff, rb->aux_nr_pages);
969 return virt_to_page(rb->aux_pages[aux_pgoff]);
970 }
971 }
972
973 return __perf_mmap_to_page(rb, pgoff);
974 }
975