1 // SPDX-License-Identifier: GPL-2.0
2 /* Copyright (c) 2011-2015 PLUMgrid, http://plumgrid.com
18 #include <linux/error-injection.h>
56 static struct bpf_raw_event_map *bpf_get_raw_tracepoint_module(const char *name)  in bpf_get_raw_tracepoint_module()  argument
64 		for (i = 0; i < btm->module->num_bpf_raw_events; ++i) {  in bpf_get_raw_tracepoint_module()
65 			btp = &btm->module->bpf_raw_events[i];  in bpf_get_raw_tracepoint_module()
66 			if (!strcmp(btp->tp->name, name)) {  in bpf_get_raw_tracepoint_module()
67 				if (try_module_get(btm->module))  in bpf_get_raw_tracepoint_module()
78 static struct bpf_raw_event_map *bpf_get_raw_tracepoint_module(const char *name)  in bpf_get_raw_tracepoint_module()  argument
97  * trace_call_bpf - invoke BPF program
106  * 0 - return from kprobe (event is filtered out)
107  * 1 - store kprobe event into ring buffer
120 		 * and don't send kprobe event into ring-buffer,  in trace_call_bpf()
124 		bpf_prog_inc_misses_counters(rcu_dereference(call->prog_array));  in trace_call_bpf()
133 	 * whether call->prog_array is empty or not, which is  in trace_call_bpf()
137 	 * non-NULL, we go into trace_call_bpf() and do the actual  in trace_call_bpf()
146 	ret = bpf_prog_run_array(rcu_dereference(call->prog_array),  in trace_call_bpf()
209 	 * strncpy_from_user() does long-sized strides in the fast path. If the  in bpf_probe_read_user_str_common()
333 	 * access_ok() should prevent writing to non-user memory, but in  in BPF_CALL_3()
343 		     current->flags & (PF_KTHREAD | PF_EXITING)))  in BPF_CALL_3()
344 		return -EPERM;  in BPF_CALL_3()
346 		return -EPERM;  in BPF_CALL_3()
427 		return -EINVAL;  in BPF_CALL_4()
469 		return -EINVAL;  in BPF_CALL_5()
480 	return seq_has_overflowed(m) ? -EOVERFLOW : 0;  in BPF_CALL_5()
499 	return seq_write(m, data, len) ? -EOVERFLOW : 0;  in BPF_CALL_3()
523 	return btf_type_seq_show_flags(btf, btf_id, ptr->ptr, m, flags);  in BPF_CALL_4()
547 		return -EINVAL;  in get_map_perf_counter()
550 	if (unlikely(index >= array->map.max_entries))  in get_map_perf_counter()
551 		return -E2BIG;  in get_map_perf_counter()
553 	ee = READ_ONCE(array->ptrs[index]);  in get_map_perf_counter()
555 		return -ENOENT;  in get_map_perf_counter()
557 	return perf_event_read_local(ee->event, value, enabled, running);  in get_map_perf_counter()
567 	 * this api is ugly since we miss [-22..-2] range of valid  in BPF_CALL_2()
586 	int err = -EINVAL;  in BPF_CALL_4()
590 	err = get_map_perf_counter(map, flags, &buf->counter, &buf->enabled,  in BPF_CALL_4()
591 				   &buf->running);  in BPF_CALL_4()
628 	if (unlikely(index >= array->map.max_entries))  in __bpf_perf_event_output()
629 		return -E2BIG;  in __bpf_perf_event_output()
631 	ee = READ_ONCE(array->ptrs[index]);  in __bpf_perf_event_output()
633 		return -ENOENT;  in __bpf_perf_event_output()
635 	event = ee->event;  in __bpf_perf_event_output()
636 	if (unlikely(event->attr.type != PERF_TYPE_SOFTWARE ||  in __bpf_perf_event_output()
637 		     event->attr.config != PERF_COUNT_SW_BPF_OUTPUT))  in __bpf_perf_event_output()
638 		return -EINVAL;  in __bpf_perf_event_output()
640 	if (unlikely(event->oncpu != cpu))  in __bpf_perf_event_output()
641 		return -EOPNOTSUPP;  in __bpf_perf_event_output()
675 	if (WARN_ON_ONCE(nest_level > ARRAY_SIZE(sds->sds))) {  in BPF_CALL_5()
676 		err = -EBUSY;  in BPF_CALL_5()
680 	sd = &sds->sds[nest_level - 1];  in BPF_CALL_5()
683 		err = -EINVAL;  in BPF_CALL_5()
740 		ret = -EBUSY;  in bpf_event_output()
743 	sd = this_cpu_ptr(&bpf_misc_sds.sds[nest_level - 1]);  in bpf_event_output()
744 	regs = this_cpu_ptr(&bpf_pt_regs.regs[nest_level - 1]);  in bpf_event_output()
800 	enum pid_type type;
813 	siginfo = work->has_siginfo ? &work->info : SEND_SIG_PRIV;  in do_bpf_send_signal()
815 	group_send_sig_info(work->sig, siginfo, work->task, work->type);  in do_bpf_send_signal()
816 	put_task_struct(work->task);  in do_bpf_send_signal()
819 static int bpf_send_signal_common(u32 sig, enum pid_type type, struct task_struct *task, u64 value)  in bpf_send_signal_common()
844 	if (unlikely(task->flags & (PF_KTHREAD | PF_EXITING)))  in bpf_send_signal_common()
845 		return -EPERM;  in bpf_send_signal_common()
847 		return -EPERM;  in bpf_send_signal_common()
850 		return -EPERM;  in bpf_send_signal_common()
857 			return -EINVAL;  in bpf_send_signal_common()
860 		if (irq_work_is_busy(&work->irq_work))  in bpf_send_signal_common()
861 			return -EBUSY;  in bpf_send_signal_common()
867 		work->task = get_task_struct(task);  in bpf_send_signal_common()
868 		work->has_siginfo = siginfo == &info;  in bpf_send_signal_common()
869 		if (work->has_siginfo)  in bpf_send_signal_common()
870 			copy_siginfo(&work->info, &info);  in bpf_send_signal_common()
871 		work->sig = sig;  in bpf_send_signal_common()
872 		work->type = type;  in bpf_send_signal_common()
873 		irq_work_queue(&work->irq_work);  in bpf_send_signal_common()
926 		len = buf + sz - p;  in BPF_CALL_3()
951 	if (prog->type == BPF_PROG_TYPE_TRACING &&  in BTF_ID()
952 	    prog->expected_attach_type == BPF_TRACE_ITER)  in BTF_ID()
955 	if (prog->type == BPF_PROG_TYPE_LSM)  in BTF_ID()
956 		return bpf_lsm_is_sleepable_hook(prog->aux->attach_btf_id);  in BTF_ID()
959 				   prog->aux->attach_btf_id);  in BTF_ID()
985 		return -EINVAL;  in bpf_btf_printf_prepare()
988 		return -EINVAL;  in bpf_btf_printf_prepare()
993 		return IS_ERR(*btf) ? PTR_ERR(*btf) : -EINVAL;  in bpf_btf_printf_prepare()
995 	if (ptr->type_id > 0)  in bpf_btf_printf_prepare()
996 		*btf_id = ptr->type_id;  in bpf_btf_printf_prepare()
998 		return -EINVAL;  in bpf_btf_printf_prepare()
1003 		return -ENOENT;  in bpf_btf_printf_prepare()
1019 	return btf_type_snprintf_show(btf, btf_id, ptr->ptr, str, str_size,  in BPF_CALL_5()
1037 	return ((u64 *)ctx)[-2];  in BPF_CALL_1()
1050 	if (is_endbr((void *)(fentry_ip - ENDBR_INSN_SIZE)))  in get_entry_ip()
1051 		fentry_ip -= ENDBR_INSN_SIZE;  in get_entry_ip()
1062 	run_ctx = container_of(current->bpf_ctx, struct bpf_trace_run_ctx, run_ctx);  in BPF_CALL_1()
1063 	if (run_ctx->is_uprobe)  in BPF_CALL_1()
1064 		return ((struct uprobe_dispatch_data *)current->utask->vaddr)->bp_addr;  in BPF_CALL_1()
1069 	if (!kp || !(kp->flags & KPROBE_FLAG_ON_FUNC_ENTRY))  in BPF_CALL_1()
1072 	return get_entry_ip((uintptr_t)kp->addr);  in BPF_CALL_1()
1084 	return bpf_kprobe_multi_entry_ip(current->bpf_ctx);  in BPF_CALL_1()
1096 	return bpf_kprobe_multi_cookie(current->bpf_ctx);  in BPF_CALL_1()
1108 	return bpf_uprobe_multi_entry_ip(current->bpf_ctx);  in BPF_CALL_1()
1120 	return bpf_uprobe_multi_cookie(current->bpf_ctx);  in BPF_CALL_1()
1134 	run_ctx = container_of(current->bpf_ctx, struct bpf_trace_run_ctx, run_ctx);  in BPF_CALL_1()
1135 	return run_ctx->bpf_cookie;  in BPF_CALL_1()
1147 	return ctx->event->bpf_cookie;  in BPF_CALL_1()
1161 	run_ctx = container_of(current->bpf_ctx, struct bpf_trace_run_ctx, run_ctx);  in BPF_CALL_1()
1162 	return run_ctx->bpf_cookie;  in BPF_CALL_1()
1180 		return -EINVAL;  in BPF_CALL_3()
1183 		return -ENOENT;  in BPF_CALL_3()
1199 	u64 nr_args = ((u64 *)ctx)[-1];  in BPF_CALL_3()
1202 		return -EINVAL;  in BPF_CALL_3()
1219 	u64 nr_args = ((u64 *)ctx)[-1];  in BPF_CALL_2()
1236 	return ((u64 *)ctx)[-1];  in BPF_CALL_1()
1249  * bpf_lookup_user_key - lookup a key by its serial
1251  * @flags: lookup-specific flags
1262  * one of the available key-specific kfuncs.
1295 	bkey->key = key_ref_to_ptr(key_ref);  in bpf_lookup_user_key()
1296 	bkey->has_ref = true;  in bpf_lookup_user_key()
1302  * bpf_lookup_system_key - lookup a key by a system-defined ID
1320  *         pre-determined ID on success, a NULL pointer otherwise
1333 	bkey->key = (struct key *)(unsigned long)id;  in bpf_lookup_system_key()
1334 	bkey->has_ref = false;  in bpf_lookup_system_key()
1340  * bpf_key_put - decrement key reference count if key is valid and free bpf_key
1348 	if (bkey->has_ref)  in bpf_key_put()
1349 		key_put(bkey->key);  in bpf_key_put()
1356  * bpf_verify_pkcs7_signature - verify a PKCS#7 signature
1376 	if (trusted_keyring->has_ref) {  in bpf_verify_pkcs7_signature()
1385 		ret = key_validate(trusted_keyring->key);  in bpf_verify_pkcs7_signature()
1396 				      trusted_keyring->key,  in bpf_verify_pkcs7_signature()
1428 bpf_tracing_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog)  in bpf_tracing_func_proto()
1518 		return prog->sleepable ? &bpf_get_task_stack_sleepable_proto  in bpf_tracing_func_proto()
1558 	if (!bpf_token_capable(prog->aux->token, CAP_SYS_ADMIN))  in bpf_tracing_func_proto()
1572 	return prog->expected_attach_type == BPF_TRACE_KPROBE_MULTI ||  in is_kprobe_multi()
1573 	       prog->expected_attach_type == BPF_TRACE_KPROBE_SESSION;  in is_kprobe_multi()
1578 	return prog->expected_attach_type == BPF_TRACE_KPROBE_SESSION;  in is_kprobe_session()
1583 	return prog->expected_attach_type == BPF_TRACE_UPROBE_MULTI ||  in is_uprobe_multi()
1584 	       prog->expected_attach_type == BPF_TRACE_UPROBE_SESSION;  in is_uprobe_multi()
1589 	return prog->expected_attach_type == BPF_TRACE_UPROBE_SESSION;  in is_uprobe_session()
1593 kprobe_prog_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog)  in kprobe_prog_func_proto()
1601 		return prog->sleepable ? &bpf_get_stack_sleepable_proto : &bpf_get_stack_proto;  in kprobe_prog_func_proto()
1624 static bool kprobe_prog_is_valid_access(int off, int size, enum bpf_access_type type,  in kprobe_prog_is_valid_access()
1719 tp_prog_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog)  in tp_prog_func_proto()
1735 static bool tp_prog_is_valid_access(int off, int size, enum bpf_access_type type,  in tp_prog_is_valid_access()
1761 	int err = -EINVAL;  in BPF_CALL_3()
1765 	err = perf_event_read_local(ctx->event, &buf->counter, &buf->enabled,  in BPF_CALL_3()
1766 				    &buf->running);  in BPF_CALL_3()
1788 	struct perf_branch_stack *br_stack = ctx->data->br_stack;  in BPF_CALL_4()
1792 		return -EINVAL;  in BPF_CALL_4()
1794 	if (unlikely(!(ctx->data->sample_flags & PERF_SAMPLE_BRANCH_STACK)))  in BPF_CALL_4()
1795 		return -ENOENT;  in BPF_CALL_4()
1798 		return -ENOENT;  in BPF_CALL_4()
1801 		return br_stack->nr * br_entry_size;  in BPF_CALL_4()
1804 		return -EINVAL;  in BPF_CALL_4()
1806 	to_copy = min_t(u32, br_stack->nr * br_entry_size, size);  in BPF_CALL_4()
1807 	memcpy(buf, br_stack->entries, to_copy);  in BPF_CALL_4()
1823 pe_prog_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog)  in pe_prog_func_proto()
1861 	if (WARN_ON_ONCE(nest_level > ARRAY_SIZE(tp_regs->regs))) {  in get_bpf_raw_tp_regs()
1863 		return ERR_PTR(-EBUSY);  in get_bpf_raw_tp_regs()
1866 	return &tp_regs->regs[nest_level - 1];  in get_bpf_raw_tp_regs()
1958 raw_tp_prog_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog)  in raw_tp_prog_func_proto()
1975 tracing_prog_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog)  in tracing_prog_func_proto()
2011 		return prog->expected_attach_type == BPF_TRACE_ITER ?  in tracing_prog_func_proto()
2015 		return prog->expected_attach_type == BPF_TRACE_ITER ?  in tracing_prog_func_proto()
2019 		return prog->expected_attach_type == BPF_TRACE_ITER ?  in tracing_prog_func_proto()
2031 		if (prog->type == BPF_PROG_TYPE_TRACING &&  in tracing_prog_func_proto()
2032 		    prog->expected_attach_type == BPF_TRACE_RAW_TP)  in tracing_prog_func_proto()
2037 		if (!fn && prog->expected_attach_type == BPF_TRACE_ITER)  in tracing_prog_func_proto()
2044 					enum bpf_access_type type,  in raw_tp_prog_is_valid_access()
2052 					 enum bpf_access_type type,  in tracing_prog_is_valid_access()
2063 	return -ENOTSUPP;  in bpf_prog_test_run_tracing()
2087 						 enum bpf_access_type type,  in raw_tp_writable_prog_is_valid_access()
2094 		info->reg_type = PTR_TO_TP_BUFFER;  in raw_tp_writable_prog_is_valid_access()
2107 static bool pe_prog_is_valid_access(int off, int size, enum bpf_access_type type,  in pe_prog_is_valid_access()
2145 static u32 pe_prog_convert_ctx_access(enum bpf_access_type type,  in pe_prog_convert_ctx_access()
2152 	switch (si->off) {  in pe_prog_convert_ctx_access()
2155 						       data), si->dst_reg, si->src_reg,  in pe_prog_convert_ctx_access()
2157 		*insn++ = BPF_LDX_MEM(BPF_DW, si->dst_reg, si->dst_reg,  in pe_prog_convert_ctx_access()
2163 						       data), si->dst_reg, si->src_reg,  in pe_prog_convert_ctx_access()
2165 		*insn++ = BPF_LDX_MEM(BPF_DW, si->dst_reg, si->dst_reg,  in pe_prog_convert_ctx_access()
2171 						       regs), si->dst_reg, si->src_reg,  in pe_prog_convert_ctx_access()
2173 		*insn++ = BPF_LDX_MEM(BPF_SIZEOF(long), si->dst_reg, si->dst_reg,  in pe_prog_convert_ctx_access()
2174 				      si->off);  in pe_prog_convert_ctx_access()
2178 	return insn - insn_buf;  in pe_prog_convert_ctx_access()
2200 	int ret = -EEXIST;  in perf_event_attach_bpf_prog()
2204 	 * and only if they are on the opt-in list.  in perf_event_attach_bpf_prog()
2206 	if (prog->kprobe_override &&  in perf_event_attach_bpf_prog()
2207 	    (!trace_kprobe_on_func_entry(event->tp_event) ||  in perf_event_attach_bpf_prog()
2208 	     !trace_kprobe_error_injectable(event->tp_event)))  in perf_event_attach_bpf_prog()
2209 		return -EINVAL;  in perf_event_attach_bpf_prog()
2213 	if (event->prog)  in perf_event_attach_bpf_prog()
2216 	old_array = bpf_event_rcu_dereference(event->tp_event->prog_array);  in perf_event_attach_bpf_prog()
2219 		ret = -E2BIG;  in perf_event_attach_bpf_prog()
2227 	/* set the new array to event->tp_event and set event->prog */  in perf_event_attach_bpf_prog()
2228 	event->prog = prog;  in perf_event_attach_bpf_prog()
2229 	event->bpf_cookie = bpf_cookie;  in perf_event_attach_bpf_prog()
2230 	rcu_assign_pointer(event->tp_event->prog_array, new_array);  in perf_event_attach_bpf_prog()
2247 	if (!event->prog)  in perf_event_detach_bpf_prog()
2250 	old_array = bpf_event_rcu_dereference(event->tp_event->prog_array);  in perf_event_detach_bpf_prog()
2254 	ret = bpf_prog_array_copy(old_array, event->prog, NULL, 0, &new_array);  in perf_event_detach_bpf_prog()
2256 		bpf_prog_array_delete_safe(old_array, event->prog);  in perf_event_detach_bpf_prog()
2258 		rcu_assign_pointer(event->tp_event->prog_array, new_array);  in perf_event_detach_bpf_prog()
2263 	prog = event->prog;  in perf_event_detach_bpf_prog()
2264 	event->prog = NULL;  in perf_event_detach_bpf_prog()
2273 		 * programs and uses tasks-trace-RCU.  in perf_event_detach_bpf_prog()
2290 		return -EPERM;  in perf_event_query_prog_array()
2291 	if (event->attr.type != PERF_TYPE_TRACEPOINT)  in perf_event_query_prog_array()
2292 		return -EINVAL;  in perf_event_query_prog_array()
2294 		return -EFAULT;  in perf_event_query_prog_array()
2298 		return -E2BIG;  in perf_event_query_prog_array()
2301 		return -ENOMEM;  in perf_event_query_prog_array()
2304 	 * is required when user only wants to check for uquery->prog_cnt.  in perf_event_query_prog_array()
2310 	progs = bpf_event_rcu_dereference(event->tp_event->prog_array);  in perf_event_query_prog_array()
2314 	if (copy_to_user(&uquery->prog_cnt, &prog_cnt, sizeof(prog_cnt)) ||  in perf_event_query_prog_array()
2315 	    copy_to_user(uquery->ids, ids, ids_len * sizeof(u32)))  in perf_event_query_prog_array()
2316 		ret = -EFAULT;  in perf_event_query_prog_array()
2325 struct bpf_raw_event_map *bpf_get_raw_tracepoint(const char *name)  in bpf_get_raw_tracepoint()  argument
2330 		if (!strcmp(btp->tp->name, name))  in bpf_get_raw_tracepoint()
2334 	return bpf_get_raw_tracepoint_module(name);  in bpf_get_raw_tracepoint()
2349 	struct bpf_prog *prog = link->link.prog;  in __bpf_trace_run()
2354 	if (unlikely(this_cpu_inc_return(*(prog->active)) != 1)) {  in __bpf_trace_run()
2359 	run_ctx.bpf_cookie = link->cookie;  in __bpf_trace_run()
2368 	this_cpu_dec(*(prog->active));  in __bpf_trace_run()
2418 	struct tracepoint *tp = btp->tp;  in bpf_probe_register()
2419 	struct bpf_prog *prog = link->link.prog;  in bpf_probe_register()
2425 	if (prog->aux->max_ctx_offset > btp->num_args * sizeof(u64))  in bpf_probe_register()
2426 		return -EINVAL;  in bpf_probe_register()
2428 	if (prog->aux->max_tp_access > btp->writable_size)  in bpf_probe_register()
2429 		return -EINVAL;  in bpf_probe_register()
2431 	return tracepoint_probe_register_may_exist(tp, (void *)btp->bpf_func, link);  in bpf_probe_register()
2436 	return tracepoint_probe_unregister(btp->tp, (void *)btp->bpf_func, link);  in bpf_probe_unregister()
2448 	prog = event->prog;  in bpf_get_perf_event_info()
2450 		return -ENOENT;  in bpf_get_perf_event_info()
2453 	if (prog->type == BPF_PROG_TYPE_PERF_EVENT)  in bpf_get_perf_event_info()
2454 		return -EOPNOTSUPP;  in bpf_get_perf_event_info()
2456 	*prog_id = prog->aux->id;  in bpf_get_perf_event_info()
2457 	flags = event->tp_event->flags;  in bpf_get_perf_event_info()
2459 	is_syscall_tp = is_syscall_trace_event(event->tp_event);  in bpf_get_perf_event_info()
2462 		*buf = is_tracepoint ? event->tp_event->tp->name  in bpf_get_perf_event_info()
2463 				     : event->tp_event->name;  in bpf_get_perf_event_info()
2473 		err = -EOPNOTSUPP;  in bpf_get_perf_event_info()
2478 						  event->attr.type == PERF_TYPE_TRACEPOINT);  in bpf_get_perf_event_info()
2484 						  event->attr.type == PERF_TYPE_TRACEPOINT);  in bpf_get_perf_event_info()
2498 		init_irq_work(&work->irq_work, do_bpf_send_signal);  in send_signal_irq_work_init()
2513 	if (mod->num_bpf_raw_events == 0 ||  in bpf_event_notify()
2523 			btm->module = module;  in bpf_event_notify()
2524 			list_add(&btm->list, &bpf_trace_modules);  in bpf_event_notify()
2526 			ret = -ENOMEM;  in bpf_event_notify()
2531 			if (btm->module == module) {  in bpf_event_notify()
2532 				list_del(&btm->list);  in bpf_event_notify()
2571 	u32 cnt;  member
2602 static int copy_user_syms(struct user_syms *us, unsigned long __user *usyms, u32 cnt)  in copy_user_syms()  argument
2607 	int err = -ENOMEM;  in copy_user_syms()
2610 	syms = kvmalloc_array(cnt, sizeof(*syms), GFP_KERNEL);  in copy_user_syms()
2614 	buf = kvmalloc_array(cnt, KSYM_NAME_LEN, GFP_KERNEL);  in copy_user_syms()
2618 	for (p = buf, i = 0; i < cnt; i++) {  in copy_user_syms()
2620 			err = -EFAULT;  in copy_user_syms()
2625 			err = -E2BIG;  in copy_user_syms()
2632 	us->syms = syms;  in copy_user_syms()
2633 	us->buf = buf;  in copy_user_syms()
2644 static void kprobe_multi_put_modules(struct module **mods, u32 cnt)  in kprobe_multi_put_modules()  argument
2648 	for (i = 0; i < cnt; i++)  in kprobe_multi_put_modules()
2654 	kvfree(us->syms);  in free_user_syms()
2655 	kvfree(us->buf);  in free_user_syms()
2663 	unregister_fprobe(&kmulti_link->fp);  in bpf_kprobe_multi_link_release()
2664 	kprobe_multi_put_modules(kmulti_link->mods, kmulti_link->mods_cnt);  in bpf_kprobe_multi_link_release()
2672 	kvfree(kmulti_link->addrs);  in bpf_kprobe_multi_link_dealloc()
2673 	kvfree(kmulti_link->cookies);  in bpf_kprobe_multi_link_dealloc()
2674 	kfree(kmulti_link->mods);  in bpf_kprobe_multi_link_dealloc()
2681 	u64 __user *ucookies = u64_to_user_ptr(info->kprobe_multi.cookies);  in bpf_kprobe_multi_link_fill_link_info()
2682 	u64 __user *uaddrs = u64_to_user_ptr(info->kprobe_multi.addrs);  in bpf_kprobe_multi_link_fill_link_info()
2684 	u32 ucount = info->kprobe_multi.count;  in bpf_kprobe_multi_link_fill_link_info()
2688 		return -EINVAL;  in bpf_kprobe_multi_link_fill_link_info()
2690 		return -EINVAL;  in bpf_kprobe_multi_link_fill_link_info()
2693 	info->kprobe_multi.count = kmulti_link->cnt;  in bpf_kprobe_multi_link_fill_link_info()
2694 	info->kprobe_multi.flags = kmulti_link->flags;  in bpf_kprobe_multi_link_fill_link_info()
2695 	info->kprobe_multi.missed = kmulti_link->fp.nmissed;  in bpf_kprobe_multi_link_fill_link_info()
2699 	if (ucount < kmulti_link->cnt)  in bpf_kprobe_multi_link_fill_link_info()
2700 		err = -ENOSPC;  in bpf_kprobe_multi_link_fill_link_info()
2702 		ucount = kmulti_link->cnt;  in bpf_kprobe_multi_link_fill_link_info()
2705 		if (kmulti_link->cookies) {  in bpf_kprobe_multi_link_fill_link_info()
2706 			if (copy_to_user(ucookies, kmulti_link->cookies, ucount * sizeof(u64)))  in bpf_kprobe_multi_link_fill_link_info()
2707 				return -EFAULT;  in bpf_kprobe_multi_link_fill_link_info()
2711 					return -EFAULT;  in bpf_kprobe_multi_link_fill_link_info()
2717 		if (copy_to_user(uaddrs, kmulti_link->addrs, ucount * sizeof(u64)))  in bpf_kprobe_multi_link_fill_link_info()
2718 			return -EFAULT;  in bpf_kprobe_multi_link_fill_link_info()
2722 				return -EFAULT;  in bpf_kprobe_multi_link_fill_link_info()
2740 	cookie_a = link->cookies + (addr_a - link->addrs);  in bpf_kprobe_multi_cookie_swap()
2741 	cookie_b = link->cookies + (addr_b - link->addrs);  in bpf_kprobe_multi_cookie_swap()
2754 	return *addr_a < *addr_b ? -1 : 1;  in bpf_kprobe_multi_addrs_cmp()
2771 	run_ctx = container_of(current->bpf_ctx, struct bpf_kprobe_multi_run_ctx,  in bpf_kprobe_multi_cookie()
2773 	link = run_ctx->link;  in bpf_kprobe_multi_cookie()
2774 	if (!link->cookies)  in bpf_kprobe_multi_cookie()
2776 	entry_ip = run_ctx->entry_ip;  in bpf_kprobe_multi_cookie()
2777 	addr = bsearch(&entry_ip, link->addrs, link->cnt, sizeof(entry_ip),  in bpf_kprobe_multi_cookie()
2781 	cookie = link->cookies + (addr - link->addrs);  in bpf_kprobe_multi_cookie()
2789 	run_ctx = container_of(current->bpf_ctx, struct bpf_kprobe_multi_run_ctx,  in bpf_kprobe_multi_entry_ip()
2791 	return run_ctx->entry_ip;  in bpf_kprobe_multi_entry_ip()
2812 		bpf_prog_inc_misses_counter(link->link.prog);  in kprobe_multi_link_prog_run()
2821 	err = bpf_prog_run(link->link.prog, regs);  in kprobe_multi_link_prog_run()
2842 	return is_kprobe_session(link->link.prog) ? err : 0;  in kprobe_multi_link_handler()
2878 	if (data->cookies) {  in symbols_swap_r()
2881 		cookie_a = data->cookies + (name_a - data->funcs);  in symbols_swap_r()
2882 		cookie_b = data->cookies + (name_b - data->funcs);  in symbols_swap_r()
2897 	if (arr->mods_cnt == arr->mods_cap) {  in add_module()
2898 		arr->mods_cap = max(16, arr->mods_cap * 3 / 2);  in add_module()
2899 		mods = krealloc_array(arr->mods, arr->mods_cap, sizeof(*mods), GFP_KERNEL);  in add_module()
2901 			return -ENOMEM;  in add_module()
2902 		arr->mods = mods;  in add_module()
2905 	arr->mods[arr->mods_cnt] = mod;  in add_module()
2906 	arr->mods_cnt++;  in add_module()
2914 	for (i = arr->mods_cnt - 1; i >= 0; i--) {  in has_module()
2915 		if (arr->mods[i] == mod)  in has_module()
2938 				err = -EINVAL;  in get_modules_for_addrs()
2963 static int addrs_check_error_injection_list(unsigned long *addrs, u32 cnt)  in addrs_check_error_injection_list()  argument
2967 	for (i = 0; i < cnt; i++) {  in addrs_check_error_injection_list()
2969 			return -EINVAL;  in addrs_check_error_injection_list()
2980 	u32 flags, cnt, size;  in bpf_kprobe_multi_link_attach()  local
2988 		return -EOPNOTSUPP;  in bpf_kprobe_multi_link_attach()
2991 		return -EINVAL;  in bpf_kprobe_multi_link_attach()
2993 	flags = attr->link_create.kprobe_multi.flags;  in bpf_kprobe_multi_link_attach()
2995 		return -EINVAL;  in bpf_kprobe_multi_link_attach()
2997 	uaddrs = u64_to_user_ptr(attr->link_create.kprobe_multi.addrs);  in bpf_kprobe_multi_link_attach()
2998 	usyms = u64_to_user_ptr(attr->link_create.kprobe_multi.syms);  in bpf_kprobe_multi_link_attach()
3000 		return -EINVAL;  in bpf_kprobe_multi_link_attach()
3002 	cnt = attr->link_create.kprobe_multi.cnt;  in bpf_kprobe_multi_link_attach()
3003 	if (!cnt)  in bpf_kprobe_multi_link_attach()
3004 		return -EINVAL;  in bpf_kprobe_multi_link_attach()
3005 	if (cnt > MAX_KPROBE_MULTI_CNT)  in bpf_kprobe_multi_link_attach()
3006 		return -E2BIG;  in bpf_kprobe_multi_link_attach()
3008 	size = cnt * sizeof(*addrs);  in bpf_kprobe_multi_link_attach()
3009 	addrs = kvmalloc_array(cnt, sizeof(*addrs), GFP_KERNEL);  in bpf_kprobe_multi_link_attach()
3011 		return -ENOMEM;  in bpf_kprobe_multi_link_attach()
3013 	ucookies = u64_to_user_ptr(attr->link_create.kprobe_multi.cookies);  in bpf_kprobe_multi_link_attach()
3015 		cookies = kvmalloc_array(cnt, sizeof(*addrs), GFP_KERNEL);  in bpf_kprobe_multi_link_attach()
3017 			err = -ENOMEM;  in bpf_kprobe_multi_link_attach()
3021 			err = -EFAULT;  in bpf_kprobe_multi_link_attach()
3028 			err = -EFAULT;  in bpf_kprobe_multi_link_attach()
3037 		err = copy_user_syms(&us, usyms, cnt);  in bpf_kprobe_multi_link_attach()
3044 		sort_r(us.syms, cnt, sizeof(*us.syms), symbols_cmp_r,  in bpf_kprobe_multi_link_attach()
3047 		err = ftrace_lookup_symbols(us.syms, cnt, addrs);  in bpf_kprobe_multi_link_attach()
3053 	if (prog->kprobe_override && addrs_check_error_injection_list(addrs, cnt)) {  in bpf_kprobe_multi_link_attach()
3054 		err = -EINVAL;  in bpf_kprobe_multi_link_attach()
3060 		err = -ENOMEM;  in bpf_kprobe_multi_link_attach()
3064 	bpf_link_init(&link->link, BPF_LINK_TYPE_KPROBE_MULTI,  in bpf_kprobe_multi_link_attach()
3067 	err = bpf_link_prime(&link->link, &link_primer);  in bpf_kprobe_multi_link_attach()
3072 		link->fp.entry_handler = kprobe_multi_link_handler;  in bpf_kprobe_multi_link_attach()
3074 		link->fp.exit_handler = kprobe_multi_link_exit_handler;  in bpf_kprobe_multi_link_attach()
3076 		link->fp.entry_data_size = sizeof(u64);  in bpf_kprobe_multi_link_attach()
3078 	link->addrs = addrs;  in bpf_kprobe_multi_link_attach()
3079 	link->cookies = cookies;  in bpf_kprobe_multi_link_attach()
3080 	link->cnt = cnt;  in bpf_kprobe_multi_link_attach()
3081 	link->flags = flags;  in bpf_kprobe_multi_link_attach()
3090 		sort_r(addrs, cnt, sizeof(*addrs),  in bpf_kprobe_multi_link_attach()
3096 	err = get_modules_for_addrs(&link->mods, addrs, cnt);  in bpf_kprobe_multi_link_attach()
3101 	link->mods_cnt = err;  in bpf_kprobe_multi_link_attach()
3103 	err = register_fprobe_ips(&link->fp, addrs, cnt);  in bpf_kprobe_multi_link_attach()
3105 		kprobe_multi_put_modules(link->mods, link->mods_cnt);  in bpf_kprobe_multi_link_attach()
3121 	return -EOPNOTSUPP;  in bpf_kprobe_multi_link_attach()
3149 	u32 cnt;  member
3161 static void bpf_uprobe_unregister(struct bpf_uprobe *uprobes, u32 cnt)  in bpf_uprobe_unregister()  argument
3165 	for (i = 0; i < cnt; i++)  in bpf_uprobe_unregister()
3168 	if (cnt)  in bpf_uprobe_unregister()
3177 	bpf_uprobe_unregister(umulti_link->uprobes, umulti_link->cnt);  in bpf_uprobe_multi_link_release()
3178 	if (umulti_link->task)  in bpf_uprobe_multi_link_release()
3179 		put_task_struct(umulti_link->task);  in bpf_uprobe_multi_link_release()
3180 	path_put(&umulti_link->path);  in bpf_uprobe_multi_link_release()
3188 	kvfree(umulti_link->uprobes);  in bpf_uprobe_multi_link_dealloc()
3195 	u64 __user *uref_ctr_offsets = u64_to_user_ptr(info->uprobe_multi.ref_ctr_offsets);  in bpf_uprobe_multi_link_fill_link_info()
3196 	u64 __user *ucookies = u64_to_user_ptr(info->uprobe_multi.cookies);  in bpf_uprobe_multi_link_fill_link_info()
3197 	u64 __user *uoffsets = u64_to_user_ptr(info->uprobe_multi.offsets);  in bpf_uprobe_multi_link_fill_link_info()
3198 	u64 __user *upath = u64_to_user_ptr(info->uprobe_multi.path);  in bpf_uprobe_multi_link_fill_link_info()
3199 	u32 upath_size = info->uprobe_multi.path_size;  in bpf_uprobe_multi_link_fill_link_info()
3201 	u32 ucount = info->uprobe_multi.count;  in bpf_uprobe_multi_link_fill_link_info()
3207 		return -EINVAL;  in bpf_uprobe_multi_link_fill_link_info()
3210 		return -EINVAL;  in bpf_uprobe_multi_link_fill_link_info()
3213 	info->uprobe_multi.count = umulti_link->cnt;  in bpf_uprobe_multi_link_fill_link_info()
3214 	info->uprobe_multi.flags = umulti_link->flags;  in bpf_uprobe_multi_link_fill_link_info()
3215 	info->uprobe_multi.pid = umulti_link->task ?  in bpf_uprobe_multi_link_fill_link_info()
3216 				 task_pid_nr_ns(umulti_link->task, task_active_pid_ns(current)) : 0;  in bpf_uprobe_multi_link_fill_link_info()
3221 		return -ENOMEM;  in bpf_uprobe_multi_link_fill_link_info()
3222 	p = d_path(&umulti_link->path, buf, upath_size);  in bpf_uprobe_multi_link_fill_link_info()
3227 	upath_size = buf + upath_size - p;  in bpf_uprobe_multi_link_fill_link_info()
3233 		return -EFAULT;  in bpf_uprobe_multi_link_fill_link_info()
3234 	info->uprobe_multi.path_size = upath_size;  in bpf_uprobe_multi_link_fill_link_info()
3239 	if (ucount < umulti_link->cnt)  in bpf_uprobe_multi_link_fill_link_info()
3240 		err = -ENOSPC;  in bpf_uprobe_multi_link_fill_link_info()
3242 		ucount = umulti_link->cnt;  in bpf_uprobe_multi_link_fill_link_info()
3246 		    put_user(umulti_link->uprobes[i].offset, uoffsets + i))  in bpf_uprobe_multi_link_fill_link_info()
3247 			return -EFAULT;  in bpf_uprobe_multi_link_fill_link_info()
3249 		    put_user(umulti_link->uprobes[i].ref_ctr_offset, uref_ctr_offsets + i))  in bpf_uprobe_multi_link_fill_link_info()
3250 			return -EFAULT;  in bpf_uprobe_multi_link_fill_link_info()
3252 		    put_user(umulti_link->uprobes[i].cookie, ucookies + i))  in bpf_uprobe_multi_link_fill_link_info()
3253 			return -EFAULT;  in bpf_uprobe_multi_link_fill_link_info()
3270 	struct bpf_uprobe_multi_link *link = uprobe->link;  in uprobe_prog_run()
3279 	struct bpf_prog *prog = link->link.prog;  in uprobe_prog_run()
3280 	bool sleepable = prog->sleepable;  in uprobe_prog_run()
3284 	if (link->task && !same_thread_group(current, link->task))  in uprobe_prog_run()
3295 	err = bpf_prog_run(link->link.prog, regs);  in uprobe_prog_run()
3313 	return uprobe->link->task->mm == mm;  in uprobe_multi_link_filter()
3325 	if (uprobe->session)  in uprobe_multi_link_handler()
3345 	run_ctx = container_of(current->bpf_ctx, struct bpf_uprobe_multi_run_ctx,  in bpf_uprobe_multi_entry_ip()
3347 	return run_ctx->entry_ip;  in bpf_uprobe_multi_entry_ip()
3354 	run_ctx = container_of(current->bpf_ctx, struct bpf_uprobe_multi_run_ctx,  in bpf_uprobe_multi_cookie()
3356 	return run_ctx->uprobe->cookie;  in bpf_uprobe_multi_cookie()
3369 	u32 flags, cnt, i;  in bpf_uprobe_multi_link_attach()  local
3371 	char *name;  in bpf_uprobe_multi_link_attach()  local
3377 		return -EOPNOTSUPP;  in bpf_uprobe_multi_link_attach()
3380 		return -EINVAL;  in bpf_uprobe_multi_link_attach()
3382 	flags = attr->link_create.uprobe_multi.flags;  in bpf_uprobe_multi_link_attach()
3384 		return -EINVAL;  in bpf_uprobe_multi_link_attach()
3387 	 * path, offsets and cnt are mandatory,  in bpf_uprobe_multi_link_attach()
3390 	upath = u64_to_user_ptr(attr->link_create.uprobe_multi.path);  in bpf_uprobe_multi_link_attach()
3391 	uoffsets = u64_to_user_ptr(attr->link_create.uprobe_multi.offsets);  in bpf_uprobe_multi_link_attach()
3392 	cnt = attr->link_create.uprobe_multi.cnt;  in bpf_uprobe_multi_link_attach()
3393 	pid = attr->link_create.uprobe_multi.pid;  in bpf_uprobe_multi_link_attach()
3395 	if (!upath || !uoffsets || !cnt || pid < 0)  in bpf_uprobe_multi_link_attach()
3396 		return -EINVAL;  in bpf_uprobe_multi_link_attach()
3397 	if (cnt > MAX_UPROBE_MULTI_CNT)  in bpf_uprobe_multi_link_attach()
3398 		return -E2BIG;  in bpf_uprobe_multi_link_attach()
3400 	uref_ctr_offsets = u64_to_user_ptr(attr->link_create.uprobe_multi.ref_ctr_offsets);  in bpf_uprobe_multi_link_attach()
3401 	ucookies = u64_to_user_ptr(attr->link_create.uprobe_multi.cookies);  in bpf_uprobe_multi_link_attach()
3403 	name = strndup_user(upath, PATH_MAX);  in bpf_uprobe_multi_link_attach()
3404 	if (IS_ERR(name)) {  in bpf_uprobe_multi_link_attach()
3405 		err = PTR_ERR(name);  in bpf_uprobe_multi_link_attach()
3409 	err = kern_path(name, LOOKUP_FOLLOW, &path);  in bpf_uprobe_multi_link_attach()
3410 	kfree(name);  in bpf_uprobe_multi_link_attach()
3415 		err = -EBADF;  in bpf_uprobe_multi_link_attach()
3422 			err = -ESRCH;  in bpf_uprobe_multi_link_attach()
3427 	err = -ENOMEM;  in bpf_uprobe_multi_link_attach()
3430 	uprobes = kvcalloc(cnt, sizeof(*uprobes), GFP_KERNEL);  in bpf_uprobe_multi_link_attach()
3435 	for (i = 0; i < cnt; i++) {  in bpf_uprobe_multi_link_attach()
3437 			err = -EFAULT;  in bpf_uprobe_multi_link_attach()
3441 			err = -EINVAL;  in bpf_uprobe_multi_link_attach()
3445 			err = -EFAULT;  in bpf_uprobe_multi_link_attach()
3449 			err = -EFAULT;  in bpf_uprobe_multi_link_attach()
3465 	link->cnt = cnt;  in bpf_uprobe_multi_link_attach()
3466 	link->uprobes = uprobes;  in bpf_uprobe_multi_link_attach()
3467 	link->path = path;  in bpf_uprobe_multi_link_attach()
3468 	link->task = task;  in bpf_uprobe_multi_link_attach()
3469 	link->flags = flags;  in bpf_uprobe_multi_link_attach()
3471 	bpf_link_init(&link->link, BPF_LINK_TYPE_UPROBE_MULTI,  in bpf_uprobe_multi_link_attach()
3474 	for (i = 0; i < cnt; i++) {  in bpf_uprobe_multi_link_attach()
3475 		uprobes[i].uprobe = uprobe_register(d_real_inode(link->path.dentry),  in bpf_uprobe_multi_link_attach()
3481 			link->cnt = i;  in bpf_uprobe_multi_link_attach()
3486 	err = bpf_link_prime(&link->link, &link_primer);  in bpf_uprobe_multi_link_attach()
3493 	bpf_uprobe_unregister(uprobes, link->cnt);  in bpf_uprobe_multi_link_attach()
3507 	return -EOPNOTSUPP;  in bpf_uprobe_multi_link_attach()
3525 	session_ctx = container_of(current->bpf_ctx, struct bpf_session_run_ctx, run_ctx);  in bpf_session_is_return()
3526 	return session_ctx->is_return;  in bpf_session_is_return()
3533 	session_ctx = container_of(current->bpf_ctx, struct bpf_session_run_ctx, run_ctx);  in bpf_session_cookie()
3534 	return session_ctx->data;  in bpf_session_cookie()
3550 		return -EACCES;  in BTF_ID_FLAGS()
3570 __bpf_kfunc int bpf_send_signal_task(struct task_struct *task, int sig, enum pid_type type,  in bpf_send_signal_task()
3574 		return -EINVAL;  in bpf_send_signal_task()