1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Performance events ring-buffer code: 4 * 5 * Copyright (C) 2008 Thomas Gleixner <tglx@linutronix.de> 6 * Copyright (C) 2008-2011 Red Hat, Inc., Ingo Molnar 7 * Copyright (C) 2008-2011 Red Hat, Inc., Peter Zijlstra 8 * Copyright © 2009 Paul Mackerras, IBM Corp. <paulus@au1.ibm.com> 9 */ 10 11 #include <linux/perf_event.h> 12 #include <linux/vmalloc.h> 13 #include <linux/slab.h> 14 #include <linux/circ_buf.h> 15 #include <linux/poll.h> 16 #include <linux/nospec.h> 17 18 #include "internal.h" 19 20 static void perf_output_wakeup(struct perf_output_handle *handle) 21 { 22 atomic_set(&handle->rb->poll, EPOLLIN); 23 24 handle->event->pending_wakeup = 1; 25 irq_work_queue(&handle->event->pending); 26 } 27 28 /* 29 * We need to ensure a later event_id doesn't publish a head when a former 30 * event isn't done writing. However since we need to deal with NMIs we 31 * cannot fully serialize things. 32 * 33 * We only publish the head (and generate a wakeup) when the outer-most 34 * event completes. 35 */ 36 static void perf_output_get_handle(struct perf_output_handle *handle) 37 { 38 struct perf_buffer *rb = handle->rb; 39 40 preempt_disable(); 41 42 /* 43 * Avoid an explicit LOAD/STORE such that architectures with memops 44 * can use them. 45 */ 46 (*(volatile unsigned int *)&rb->nest)++; 47 handle->wakeup = local_read(&rb->wakeup); 48 } 49 50 static void perf_output_put_handle(struct perf_output_handle *handle) 51 { 52 struct perf_buffer *rb = handle->rb; 53 unsigned long head; 54 unsigned int nest; 55 56 /* 57 * If this isn't the outermost nesting, we don't have to update 58 * @rb->user_page->data_head. 59 */ 60 nest = READ_ONCE(rb->nest); 61 if (nest > 1) { 62 WRITE_ONCE(rb->nest, nest - 1); 63 goto out; 64 } 65 66 again: 67 /* 68 * In order to avoid publishing a head value that goes backwards, 69 * we must ensure the load of @rb->head happens after we've 70 * incremented @rb->nest. 71 * 72 * Otherwise we can observe a @rb->head value before one published 73 * by an IRQ/NMI happening between the load and the increment. 74 */ 75 barrier(); 76 head = local_read(&rb->head); 77 78 /* 79 * IRQ/NMI can happen here and advance @rb->head, causing our 80 * load above to be stale. 81 */ 82 83 /* 84 * Since the mmap() consumer (userspace) can run on a different CPU: 85 * 86 * kernel user 87 * 88 * if (LOAD ->data_tail) { LOAD ->data_head 89 * (A) smp_rmb() (C) 90 * STORE $data LOAD $data 91 * smp_wmb() (B) smp_mb() (D) 92 * STORE ->data_head STORE ->data_tail 93 * } 94 * 95 * Where A pairs with D, and B pairs with C. 96 * 97 * In our case (A) is a control dependency that separates the load of 98 * the ->data_tail and the stores of $data. In case ->data_tail 99 * indicates there is no room in the buffer to store $data we do not. 100 * 101 * D needs to be a full barrier since it separates the data READ 102 * from the tail WRITE. 103 * 104 * For B a WMB is sufficient since it separates two WRITEs, and for C 105 * an RMB is sufficient since it separates two READs. 106 * 107 * See perf_output_begin(). 108 */ 109 smp_wmb(); /* B, matches C */ 110 WRITE_ONCE(rb->user_page->data_head, head); 111 112 /* 113 * We must publish the head before decrementing the nest count, 114 * otherwise an IRQ/NMI can publish a more recent head value and our 115 * write will (temporarily) publish a stale value. 116 */ 117 barrier(); 118 WRITE_ONCE(rb->nest, 0); 119 120 /* 121 * Ensure we decrement @rb->nest before we validate the @rb->head. 122 * Otherwise we cannot be sure we caught the 'last' nested update. 123 */ 124 barrier(); 125 if (unlikely(head != local_read(&rb->head))) { 126 WRITE_ONCE(rb->nest, 1); 127 goto again; 128 } 129 130 if (handle->wakeup != local_read(&rb->wakeup)) 131 perf_output_wakeup(handle); 132 133 out: 134 preempt_enable(); 135 } 136 137 static __always_inline bool 138 ring_buffer_has_space(unsigned long head, unsigned long tail, 139 unsigned long data_size, unsigned int size, 140 bool backward) 141 { 142 if (!backward) 143 return CIRC_SPACE(head, tail, data_size) >= size; 144 else 145 return CIRC_SPACE(tail, head, data_size) >= size; 146 } 147 148 static __always_inline int 149 __perf_output_begin(struct perf_output_handle *handle, 150 struct perf_event *event, unsigned int size, 151 bool backward) 152 { 153 struct perf_buffer *rb; 154 unsigned long tail, offset, head; 155 int have_lost, page_shift; 156 struct { 157 struct perf_event_header header; 158 u64 id; 159 u64 lost; 160 } lost_event; 161 162 rcu_read_lock(); 163 /* 164 * For inherited events we send all the output towards the parent. 165 */ 166 if (event->parent) 167 event = event->parent; 168 169 rb = rcu_dereference(event->rb); 170 if (unlikely(!rb)) 171 goto out; 172 173 if (unlikely(rb->paused)) { 174 if (rb->nr_pages) 175 local_inc(&rb->lost); 176 goto out; 177 } 178 179 handle->rb = rb; 180 handle->event = event; 181 182 have_lost = local_read(&rb->lost); 183 if (unlikely(have_lost)) { 184 size += sizeof(lost_event); 185 if (event->attr.sample_id_all) 186 size += event->id_header_size; 187 } 188 189 perf_output_get_handle(handle); 190 191 do { 192 tail = READ_ONCE(rb->user_page->data_tail); 193 offset = head = local_read(&rb->head); 194 if (!rb->overwrite) { 195 if (unlikely(!ring_buffer_has_space(head, tail, 196 perf_data_size(rb), 197 size, backward))) 198 goto fail; 199 } 200 201 /* 202 * The above forms a control dependency barrier separating the 203 * @tail load above from the data stores below. Since the @tail 204 * load is required to compute the branch to fail below. 205 * 206 * A, matches D; the full memory barrier userspace SHOULD issue 207 * after reading the data and before storing the new tail 208 * position. 209 * 210 * See perf_output_put_handle(). 211 */ 212 213 if (!backward) 214 head += size; 215 else 216 head -= size; 217 } while (local_cmpxchg(&rb->head, offset, head) != offset); 218 219 if (backward) { 220 offset = head; 221 head = (u64)(-head); 222 } 223 224 /* 225 * We rely on the implied barrier() by local_cmpxchg() to ensure 226 * none of the data stores below can be lifted up by the compiler. 227 */ 228 229 if (unlikely(head - local_read(&rb->wakeup) > rb->watermark)) 230 local_add(rb->watermark, &rb->wakeup); 231 232 page_shift = PAGE_SHIFT + page_order(rb); 233 234 handle->page = (offset >> page_shift) & (rb->nr_pages - 1); 235 offset &= (1UL << page_shift) - 1; 236 handle->addr = rb->data_pages[handle->page] + offset; 237 handle->size = (1UL << page_shift) - offset; 238 239 if (unlikely(have_lost)) { 240 struct perf_sample_data sample_data; 241 242 lost_event.header.size = sizeof(lost_event); 243 lost_event.header.type = PERF_RECORD_LOST; 244 lost_event.header.misc = 0; 245 lost_event.id = event->id; 246 lost_event.lost = local_xchg(&rb->lost, 0); 247 248 perf_event_header__init_id(&lost_event.header, 249 &sample_data, event); 250 perf_output_put(handle, lost_event); 251 perf_event__output_id_sample(event, handle, &sample_data); 252 } 253 254 return 0; 255 256 fail: 257 local_inc(&rb->lost); 258 perf_output_put_handle(handle); 259 out: 260 rcu_read_unlock(); 261 262 return -ENOSPC; 263 } 264 265 int perf_output_begin_forward(struct perf_output_handle *handle, 266 struct perf_event *event, unsigned int size) 267 { 268 return __perf_output_begin(handle, event, size, false); 269 } 270 271 int perf_output_begin_backward(struct perf_output_handle *handle, 272 struct perf_event *event, unsigned int size) 273 { 274 return __perf_output_begin(handle, event, size, true); 275 } 276 277 int perf_output_begin(struct perf_output_handle *handle, 278 struct perf_event *event, unsigned int size) 279 { 280 281 return __perf_output_begin(handle, event, size, 282 unlikely(is_write_backward(event))); 283 } 284 285 unsigned int perf_output_copy(struct perf_output_handle *handle, 286 const void *buf, unsigned int len) 287 { 288 return __output_copy(handle, buf, len); 289 } 290 291 unsigned int perf_output_skip(struct perf_output_handle *handle, 292 unsigned int len) 293 { 294 return __output_skip(handle, NULL, len); 295 } 296 297 void perf_output_end(struct perf_output_handle *handle) 298 { 299 perf_output_put_handle(handle); 300 rcu_read_unlock(); 301 } 302 303 static void 304 ring_buffer_init(struct perf_buffer *rb, long watermark, int flags) 305 { 306 long max_size = perf_data_size(rb); 307 308 if (watermark) 309 rb->watermark = min(max_size, watermark); 310 311 if (!rb->watermark) 312 rb->watermark = max_size / 2; 313 314 if (flags & RING_BUFFER_WRITABLE) 315 rb->overwrite = 0; 316 else 317 rb->overwrite = 1; 318 319 refcount_set(&rb->refcount, 1); 320 321 INIT_LIST_HEAD(&rb->event_list); 322 spin_lock_init(&rb->event_lock); 323 324 /* 325 * perf_output_begin() only checks rb->paused, therefore 326 * rb->paused must be true if we have no pages for output. 327 */ 328 if (!rb->nr_pages) 329 rb->paused = 1; 330 } 331 332 void perf_aux_output_flag(struct perf_output_handle *handle, u64 flags) 333 { 334 /* 335 * OVERWRITE is determined by perf_aux_output_end() and can't 336 * be passed in directly. 337 */ 338 if (WARN_ON_ONCE(flags & PERF_AUX_FLAG_OVERWRITE)) 339 return; 340 341 handle->aux_flags |= flags; 342 } 343 EXPORT_SYMBOL_GPL(perf_aux_output_flag); 344 345 /* 346 * This is called before hardware starts writing to the AUX area to 347 * obtain an output handle and make sure there's room in the buffer. 348 * When the capture completes, call perf_aux_output_end() to commit 349 * the recorded data to the buffer. 350 * 351 * The ordering is similar to that of perf_output_{begin,end}, with 352 * the exception of (B), which should be taken care of by the pmu 353 * driver, since ordering rules will differ depending on hardware. 354 * 355 * Call this from pmu::start(); see the comment in perf_aux_output_end() 356 * about its use in pmu callbacks. Both can also be called from the PMI 357 * handler if needed. 358 */ 359 void *perf_aux_output_begin(struct perf_output_handle *handle, 360 struct perf_event *event) 361 { 362 struct perf_event *output_event = event; 363 unsigned long aux_head, aux_tail; 364 struct perf_buffer *rb; 365 unsigned int nest; 366 367 if (output_event->parent) 368 output_event = output_event->parent; 369 370 /* 371 * Since this will typically be open across pmu::add/pmu::del, we 372 * grab ring_buffer's refcount instead of holding rcu read lock 373 * to make sure it doesn't disappear under us. 374 */ 375 rb = ring_buffer_get(output_event); 376 if (!rb) 377 return NULL; 378 379 if (!rb_has_aux(rb)) 380 goto err; 381 382 /* 383 * If aux_mmap_count is zero, the aux buffer is in perf_mmap_close(), 384 * about to get freed, so we leave immediately. 385 * 386 * Checking rb::aux_mmap_count and rb::refcount has to be done in 387 * the same order, see perf_mmap_close. Otherwise we end up freeing 388 * aux pages in this path, which is a bug, because in_atomic(). 389 */ 390 if (!atomic_read(&rb->aux_mmap_count)) 391 goto err; 392 393 if (!refcount_inc_not_zero(&rb->aux_refcount)) 394 goto err; 395 396 nest = READ_ONCE(rb->aux_nest); 397 /* 398 * Nesting is not supported for AUX area, make sure nested 399 * writers are caught early 400 */ 401 if (WARN_ON_ONCE(nest)) 402 goto err_put; 403 404 WRITE_ONCE(rb->aux_nest, nest + 1); 405 406 aux_head = rb->aux_head; 407 408 handle->rb = rb; 409 handle->event = event; 410 handle->head = aux_head; 411 handle->size = 0; 412 handle->aux_flags = 0; 413 414 /* 415 * In overwrite mode, AUX data stores do not depend on aux_tail, 416 * therefore (A) control dependency barrier does not exist. The 417 * (B) <-> (C) ordering is still observed by the pmu driver. 418 */ 419 if (!rb->aux_overwrite) { 420 aux_tail = READ_ONCE(rb->user_page->aux_tail); 421 handle->wakeup = rb->aux_wakeup + rb->aux_watermark; 422 if (aux_head - aux_tail < perf_aux_size(rb)) 423 handle->size = CIRC_SPACE(aux_head, aux_tail, perf_aux_size(rb)); 424 425 /* 426 * handle->size computation depends on aux_tail load; this forms a 427 * control dependency barrier separating aux_tail load from aux data 428 * store that will be enabled on successful return 429 */ 430 if (!handle->size) { /* A, matches D */ 431 event->pending_disable = smp_processor_id(); 432 perf_output_wakeup(handle); 433 WRITE_ONCE(rb->aux_nest, 0); 434 goto err_put; 435 } 436 } 437 438 return handle->rb->aux_priv; 439 440 err_put: 441 /* can't be last */ 442 rb_free_aux(rb); 443 444 err: 445 ring_buffer_put(rb); 446 handle->event = NULL; 447 448 return NULL; 449 } 450 EXPORT_SYMBOL_GPL(perf_aux_output_begin); 451 452 static __always_inline bool rb_need_aux_wakeup(struct perf_buffer *rb) 453 { 454 if (rb->aux_overwrite) 455 return false; 456 457 if (rb->aux_head - rb->aux_wakeup >= rb->aux_watermark) { 458 rb->aux_wakeup = rounddown(rb->aux_head, rb->aux_watermark); 459 return true; 460 } 461 462 return false; 463 } 464 465 /* 466 * Commit the data written by hardware into the ring buffer by adjusting 467 * aux_head and posting a PERF_RECORD_AUX into the perf buffer. It is the 468 * pmu driver's responsibility to observe ordering rules of the hardware, 469 * so that all the data is externally visible before this is called. 470 * 471 * Note: this has to be called from pmu::stop() callback, as the assumption 472 * of the AUX buffer management code is that after pmu::stop(), the AUX 473 * transaction must be stopped and therefore drop the AUX reference count. 474 */ 475 void perf_aux_output_end(struct perf_output_handle *handle, unsigned long size) 476 { 477 bool wakeup = !!(handle->aux_flags & PERF_AUX_FLAG_TRUNCATED); 478 struct perf_buffer *rb = handle->rb; 479 unsigned long aux_head; 480 481 /* in overwrite mode, driver provides aux_head via handle */ 482 if (rb->aux_overwrite) { 483 handle->aux_flags |= PERF_AUX_FLAG_OVERWRITE; 484 485 aux_head = handle->head; 486 rb->aux_head = aux_head; 487 } else { 488 handle->aux_flags &= ~PERF_AUX_FLAG_OVERWRITE; 489 490 aux_head = rb->aux_head; 491 rb->aux_head += size; 492 } 493 494 /* 495 * Only send RECORD_AUX if we have something useful to communicate 496 * 497 * Note: the OVERWRITE records by themselves are not considered 498 * useful, as they don't communicate any *new* information, 499 * aside from the short-lived offset, that becomes history at 500 * the next event sched-in and therefore isn't useful. 501 * The userspace that needs to copy out AUX data in overwrite 502 * mode should know to use user_page::aux_head for the actual 503 * offset. So, from now on we don't output AUX records that 504 * have *only* OVERWRITE flag set. 505 */ 506 if (size || (handle->aux_flags & ~(u64)PERF_AUX_FLAG_OVERWRITE)) 507 perf_event_aux_event(handle->event, aux_head, size, 508 handle->aux_flags); 509 510 WRITE_ONCE(rb->user_page->aux_head, rb->aux_head); 511 if (rb_need_aux_wakeup(rb)) 512 wakeup = true; 513 514 if (wakeup) { 515 if (handle->aux_flags & PERF_AUX_FLAG_TRUNCATED) 516 handle->event->pending_disable = smp_processor_id(); 517 perf_output_wakeup(handle); 518 } 519 520 handle->event = NULL; 521 522 WRITE_ONCE(rb->aux_nest, 0); 523 /* can't be last */ 524 rb_free_aux(rb); 525 ring_buffer_put(rb); 526 } 527 EXPORT_SYMBOL_GPL(perf_aux_output_end); 528 529 /* 530 * Skip over a given number of bytes in the AUX buffer, due to, for example, 531 * hardware's alignment constraints. 532 */ 533 int perf_aux_output_skip(struct perf_output_handle *handle, unsigned long size) 534 { 535 struct perf_buffer *rb = handle->rb; 536 537 if (size > handle->size) 538 return -ENOSPC; 539 540 rb->aux_head += size; 541 542 WRITE_ONCE(rb->user_page->aux_head, rb->aux_head); 543 if (rb_need_aux_wakeup(rb)) { 544 perf_output_wakeup(handle); 545 handle->wakeup = rb->aux_wakeup + rb->aux_watermark; 546 } 547 548 handle->head = rb->aux_head; 549 handle->size -= size; 550 551 return 0; 552 } 553 EXPORT_SYMBOL_GPL(perf_aux_output_skip); 554 555 void *perf_get_aux(struct perf_output_handle *handle) 556 { 557 /* this is only valid between perf_aux_output_begin and *_end */ 558 if (!handle->event) 559 return NULL; 560 561 return handle->rb->aux_priv; 562 } 563 EXPORT_SYMBOL_GPL(perf_get_aux); 564 565 /* 566 * Copy out AUX data from an AUX handle. 567 */ 568 long perf_output_copy_aux(struct perf_output_handle *aux_handle, 569 struct perf_output_handle *handle, 570 unsigned long from, unsigned long to) 571 { 572 struct perf_buffer *rb = aux_handle->rb; 573 unsigned long tocopy, remainder, len = 0; 574 void *addr; 575 576 from &= (rb->aux_nr_pages << PAGE_SHIFT) - 1; 577 to &= (rb->aux_nr_pages << PAGE_SHIFT) - 1; 578 579 do { 580 tocopy = PAGE_SIZE - offset_in_page(from); 581 if (to > from) 582 tocopy = min(tocopy, to - from); 583 if (!tocopy) 584 break; 585 586 addr = rb->aux_pages[from >> PAGE_SHIFT]; 587 addr += offset_in_page(from); 588 589 remainder = perf_output_copy(handle, addr, tocopy); 590 if (remainder) 591 return -EFAULT; 592 593 len += tocopy; 594 from += tocopy; 595 from &= (rb->aux_nr_pages << PAGE_SHIFT) - 1; 596 } while (to != from); 597 598 return len; 599 } 600 601 #define PERF_AUX_GFP (GFP_KERNEL | __GFP_ZERO | __GFP_NOWARN | __GFP_NORETRY) 602 603 static struct page *rb_alloc_aux_page(int node, int order) 604 { 605 struct page *page; 606 607 if (order > MAX_ORDER) 608 order = MAX_ORDER; 609 610 do { 611 page = alloc_pages_node(node, PERF_AUX_GFP, order); 612 } while (!page && order--); 613 614 if (page && order) { 615 /* 616 * Communicate the allocation size to the driver: 617 * if we managed to secure a high-order allocation, 618 * set its first page's private to this order; 619 * !PagePrivate(page) means it's just a normal page. 620 */ 621 split_page(page, order); 622 SetPagePrivate(page); 623 set_page_private(page, order); 624 } 625 626 return page; 627 } 628 629 static void rb_free_aux_page(struct perf_buffer *rb, int idx) 630 { 631 struct page *page = virt_to_page(rb->aux_pages[idx]); 632 633 ClearPagePrivate(page); 634 page->mapping = NULL; 635 __free_page(page); 636 } 637 638 static void __rb_free_aux(struct perf_buffer *rb) 639 { 640 int pg; 641 642 /* 643 * Should never happen, the last reference should be dropped from 644 * perf_mmap_close() path, which first stops aux transactions (which 645 * in turn are the atomic holders of aux_refcount) and then does the 646 * last rb_free_aux(). 647 */ 648 WARN_ON_ONCE(in_atomic()); 649 650 if (rb->aux_priv) { 651 rb->free_aux(rb->aux_priv); 652 rb->free_aux = NULL; 653 rb->aux_priv = NULL; 654 } 655 656 if (rb->aux_nr_pages) { 657 for (pg = 0; pg < rb->aux_nr_pages; pg++) 658 rb_free_aux_page(rb, pg); 659 660 kfree(rb->aux_pages); 661 rb->aux_nr_pages = 0; 662 } 663 } 664 665 int rb_alloc_aux(struct perf_buffer *rb, struct perf_event *event, 666 pgoff_t pgoff, int nr_pages, long watermark, int flags) 667 { 668 bool overwrite = !(flags & RING_BUFFER_WRITABLE); 669 int node = (event->cpu == -1) ? -1 : cpu_to_node(event->cpu); 670 int ret = -ENOMEM, max_order; 671 672 if (!has_aux(event)) 673 return -EOPNOTSUPP; 674 675 /* 676 * We need to start with the max_order that fits in nr_pages, 677 * not the other way around, hence ilog2() and not get_order. 678 */ 679 max_order = ilog2(nr_pages); 680 681 /* 682 * PMU requests more than one contiguous chunks of memory 683 * for SW double buffering 684 */ 685 if (!overwrite) { 686 if (!max_order) 687 return -EINVAL; 688 689 max_order--; 690 } 691 692 rb->aux_pages = kcalloc_node(nr_pages, sizeof(void *), GFP_KERNEL, 693 node); 694 if (!rb->aux_pages) 695 return -ENOMEM; 696 697 rb->free_aux = event->pmu->free_aux; 698 for (rb->aux_nr_pages = 0; rb->aux_nr_pages < nr_pages;) { 699 struct page *page; 700 int last, order; 701 702 order = min(max_order, ilog2(nr_pages - rb->aux_nr_pages)); 703 page = rb_alloc_aux_page(node, order); 704 if (!page) 705 goto out; 706 707 for (last = rb->aux_nr_pages + (1 << page_private(page)); 708 last > rb->aux_nr_pages; rb->aux_nr_pages++) 709 rb->aux_pages[rb->aux_nr_pages] = page_address(page++); 710 } 711 712 /* 713 * In overwrite mode, PMUs that don't support SG may not handle more 714 * than one contiguous allocation, since they rely on PMI to do double 715 * buffering. In this case, the entire buffer has to be one contiguous 716 * chunk. 717 */ 718 if ((event->pmu->capabilities & PERF_PMU_CAP_AUX_NO_SG) && 719 overwrite) { 720 struct page *page = virt_to_page(rb->aux_pages[0]); 721 722 if (page_private(page) != max_order) 723 goto out; 724 } 725 726 rb->aux_priv = event->pmu->setup_aux(event, rb->aux_pages, nr_pages, 727 overwrite); 728 if (!rb->aux_priv) 729 goto out; 730 731 ret = 0; 732 733 /* 734 * aux_pages (and pmu driver's private data, aux_priv) will be 735 * referenced in both producer's and consumer's contexts, thus 736 * we keep a refcount here to make sure either of the two can 737 * reference them safely. 738 */ 739 refcount_set(&rb->aux_refcount, 1); 740 741 rb->aux_overwrite = overwrite; 742 rb->aux_watermark = watermark; 743 744 if (!rb->aux_watermark && !rb->aux_overwrite) 745 rb->aux_watermark = nr_pages << (PAGE_SHIFT - 1); 746 747 out: 748 if (!ret) 749 rb->aux_pgoff = pgoff; 750 else 751 __rb_free_aux(rb); 752 753 return ret; 754 } 755 756 void rb_free_aux(struct perf_buffer *rb) 757 { 758 if (refcount_dec_and_test(&rb->aux_refcount)) 759 __rb_free_aux(rb); 760 } 761 762 #ifndef CONFIG_PERF_USE_VMALLOC 763 764 /* 765 * Back perf_mmap() with regular GFP_KERNEL-0 pages. 766 */ 767 768 static struct page * 769 __perf_mmap_to_page(struct perf_buffer *rb, unsigned long pgoff) 770 { 771 if (pgoff > rb->nr_pages) 772 return NULL; 773 774 if (pgoff == 0) 775 return virt_to_page(rb->user_page); 776 777 return virt_to_page(rb->data_pages[pgoff - 1]); 778 } 779 780 static void *perf_mmap_alloc_page(int cpu) 781 { 782 struct page *page; 783 int node; 784 785 node = (cpu == -1) ? cpu : cpu_to_node(cpu); 786 page = alloc_pages_node(node, GFP_KERNEL | __GFP_ZERO, 0); 787 if (!page) 788 return NULL; 789 790 return page_address(page); 791 } 792 793 static void perf_mmap_free_page(void *addr) 794 { 795 struct page *page = virt_to_page(addr); 796 797 page->mapping = NULL; 798 __free_page(page); 799 } 800 801 struct perf_buffer *rb_alloc(int nr_pages, long watermark, int cpu, int flags) 802 { 803 struct perf_buffer *rb; 804 unsigned long size; 805 int i; 806 807 size = sizeof(struct perf_buffer); 808 size += nr_pages * sizeof(void *); 809 810 if (order_base_2(size) >= PAGE_SHIFT+MAX_ORDER) 811 goto fail; 812 813 rb = kzalloc(size, GFP_KERNEL); 814 if (!rb) 815 goto fail; 816 817 rb->user_page = perf_mmap_alloc_page(cpu); 818 if (!rb->user_page) 819 goto fail_user_page; 820 821 for (i = 0; i < nr_pages; i++) { 822 rb->data_pages[i] = perf_mmap_alloc_page(cpu); 823 if (!rb->data_pages[i]) 824 goto fail_data_pages; 825 } 826 827 rb->nr_pages = nr_pages; 828 829 ring_buffer_init(rb, watermark, flags); 830 831 return rb; 832 833 fail_data_pages: 834 for (i--; i >= 0; i--) 835 perf_mmap_free_page(rb->data_pages[i]); 836 837 perf_mmap_free_page(rb->user_page); 838 839 fail_user_page: 840 kfree(rb); 841 842 fail: 843 return NULL; 844 } 845 846 void rb_free(struct perf_buffer *rb) 847 { 848 int i; 849 850 perf_mmap_free_page(rb->user_page); 851 for (i = 0; i < rb->nr_pages; i++) 852 perf_mmap_free_page(rb->data_pages[i]); 853 kfree(rb); 854 } 855 856 #else 857 static int data_page_nr(struct perf_buffer *rb) 858 { 859 return rb->nr_pages << page_order(rb); 860 } 861 862 static struct page * 863 __perf_mmap_to_page(struct perf_buffer *rb, unsigned long pgoff) 864 { 865 /* The '>' counts in the user page. */ 866 if (pgoff > data_page_nr(rb)) 867 return NULL; 868 869 return vmalloc_to_page((void *)rb->user_page + pgoff * PAGE_SIZE); 870 } 871 872 static void perf_mmap_unmark_page(void *addr) 873 { 874 struct page *page = vmalloc_to_page(addr); 875 876 page->mapping = NULL; 877 } 878 879 static void rb_free_work(struct work_struct *work) 880 { 881 struct perf_buffer *rb; 882 void *base; 883 int i, nr; 884 885 rb = container_of(work, struct perf_buffer, work); 886 nr = data_page_nr(rb); 887 888 base = rb->user_page; 889 /* The '<=' counts in the user page. */ 890 for (i = 0; i <= nr; i++) 891 perf_mmap_unmark_page(base + (i * PAGE_SIZE)); 892 893 vfree(base); 894 kfree(rb); 895 } 896 897 void rb_free(struct perf_buffer *rb) 898 { 899 schedule_work(&rb->work); 900 } 901 902 struct perf_buffer *rb_alloc(int nr_pages, long watermark, int cpu, int flags) 903 { 904 struct perf_buffer *rb; 905 unsigned long size; 906 void *all_buf; 907 908 size = sizeof(struct perf_buffer); 909 size += sizeof(void *); 910 911 rb = kzalloc(size, GFP_KERNEL); 912 if (!rb) 913 goto fail; 914 915 INIT_WORK(&rb->work, rb_free_work); 916 917 all_buf = vmalloc_user((nr_pages + 1) * PAGE_SIZE); 918 if (!all_buf) 919 goto fail_all_buf; 920 921 rb->user_page = all_buf; 922 rb->data_pages[0] = all_buf + PAGE_SIZE; 923 if (nr_pages) { 924 rb->nr_pages = 1; 925 rb->page_order = ilog2(nr_pages); 926 } 927 928 ring_buffer_init(rb, watermark, flags); 929 930 return rb; 931 932 fail_all_buf: 933 kfree(rb); 934 935 fail: 936 return NULL; 937 } 938 939 #endif 940 941 struct page * 942 perf_mmap_to_page(struct perf_buffer *rb, unsigned long pgoff) 943 { 944 if (rb->aux_nr_pages) { 945 /* above AUX space */ 946 if (pgoff > rb->aux_pgoff + rb->aux_nr_pages) 947 return NULL; 948 949 /* AUX space */ 950 if (pgoff >= rb->aux_pgoff) { 951 int aux_pgoff = array_index_nospec(pgoff - rb->aux_pgoff, rb->aux_nr_pages); 952 return virt_to_page(rb->aux_pages[aux_pgoff]); 953 } 954 } 955 956 return __perf_mmap_to_page(rb, pgoff); 957 } 958