1 // SPDX-License-Identifier: GPL-2.0
3 * Performance events ring-buffer code:
5 * Copyright (C) 2008 Thomas Gleixner <tglx@linutronix.de>
6 * Copyright (C) 2008-2011 Red Hat, Inc., Ingo Molnar
7 * Copyright (C) 2008-2011 Red Hat, Inc., Peter Zijlstra
8 * Copyright © 2009 Paul Mackerras, IBM Corp. <paulus@au1.ibm.com>
11 #include <linux/perf_event.h>
12 #include <linux/vmalloc.h>
13 #include <linux/slab.h>
14 #include <linux/circ_buf.h>
15 #include <linux/poll.h>
16 #include <linux/nospec.h>
20 static void perf_output_wakeup(struct perf_output_handle *handle)
22 atomic_set(&handle->rb->poll, EPOLLIN);
24 handle->event->pending_wakeup = 1;
25 irq_work_queue(&handle->event->pending);
29 * We need to ensure a later event_id doesn't publish a head when a former
30 * event isn't done writing. However since we need to deal with NMIs we
31 * cannot fully serialize things.
33 * We only publish the head (and generate a wakeup) when the outer-most
36 static void perf_output_get_handle(struct perf_output_handle *handle)
38 struct perf_buffer *rb = handle->rb;
43 * Avoid an explicit LOAD/STORE such that architectures with memops
46 (*(volatile unsigned int *)&rb->nest)++;
47 handle->wakeup = local_read(&rb->wakeup);
50 static void perf_output_put_handle(struct perf_output_handle *handle)
52 struct perf_buffer *rb = handle->rb;
57 * If this isn't the outermost nesting, we don't have to update
58 * @rb->user_page->data_head.
60 nest = READ_ONCE(rb->nest);
62 WRITE_ONCE(rb->nest, nest - 1);
68 * In order to avoid publishing a head value that goes backwards,
69 * we must ensure the load of @rb->head happens after we've
70 * incremented @rb->nest.
72 * Otherwise we can observe a @rb->head value before one published
73 * by an IRQ/NMI happening between the load and the increment.
76 head = local_read(&rb->head);
79 * IRQ/NMI can happen here and advance @rb->head, causing our
80 * load above to be stale.
84 * Since the mmap() consumer (userspace) can run on a different CPU:
88 * if (LOAD ->data_tail) { LOAD ->data_head
90 * STORE $data LOAD $data
91 * smp_wmb() (B) smp_mb() (D)
92 * STORE ->data_head STORE ->data_tail
95 * Where A pairs with D, and B pairs with C.
97 * In our case (A) is a control dependency that separates the load of
98 * the ->data_tail and the stores of $data. In case ->data_tail
99 * indicates there is no room in the buffer to store $data we do not.
101 * D needs to be a full barrier since it separates the data READ
102 * from the tail WRITE.
104 * For B a WMB is sufficient since it separates two WRITEs, and for C
105 * an RMB is sufficient since it separates two READs.
107 * See perf_output_begin().
109 smp_wmb(); /* B, matches C */
110 WRITE_ONCE(rb->user_page->data_head, head);
113 * We must publish the head before decrementing the nest count,
114 * otherwise an IRQ/NMI can publish a more recent head value and our
115 * write will (temporarily) publish a stale value.
118 WRITE_ONCE(rb->nest, 0);
121 * Ensure we decrement @rb->nest before we validate the @rb->head.
122 * Otherwise we cannot be sure we caught the 'last' nested update.
125 if (unlikely(head != local_read(&rb->head))) {
126 WRITE_ONCE(rb->nest, 1);
130 if (handle->wakeup != local_read(&rb->wakeup))
131 perf_output_wakeup(handle);
137 static __always_inline bool
138 ring_buffer_has_space(unsigned long head, unsigned long tail,
139 unsigned long data_size, unsigned int size,
143 return CIRC_SPACE(head, tail, data_size) >= size;
145 return CIRC_SPACE(tail, head, data_size) >= size;
148 static __always_inline int
149 __perf_output_begin(struct perf_output_handle *handle,
150 struct perf_sample_data *data,
151 struct perf_event *event, unsigned int size,
154 struct perf_buffer *rb;
155 unsigned long tail, offset, head;
156 int have_lost, page_shift;
158 struct perf_event_header header;
165 * For inherited events we send all the output towards the parent.
168 event = event->parent;
170 rb = rcu_dereference(event->rb);
174 if (unlikely(rb->paused)) {
176 local_inc(&rb->lost);
177 atomic64_inc(&event->lost_samples);
183 handle->event = event;
185 have_lost = local_read(&rb->lost);
186 if (unlikely(have_lost)) {
187 size += sizeof(lost_event);
188 if (event->attr.sample_id_all)
189 size += event->id_header_size;
192 perf_output_get_handle(handle);
195 tail = READ_ONCE(rb->user_page->data_tail);
196 offset = head = local_read(&rb->head);
197 if (!rb->overwrite) {
198 if (unlikely(!ring_buffer_has_space(head, tail,
205 * The above forms a control dependency barrier separating the
206 * @tail load above from the data stores below. Since the @tail
207 * load is required to compute the branch to fail below.
209 * A, matches D; the full memory barrier userspace SHOULD issue
210 * after reading the data and before storing the new tail
213 * See perf_output_put_handle().
220 } while (local_cmpxchg(&rb->head, offset, head) != offset);
228 * We rely on the implied barrier() by local_cmpxchg() to ensure
229 * none of the data stores below can be lifted up by the compiler.
232 if (unlikely(head - local_read(&rb->wakeup) > rb->watermark))
233 local_add(rb->watermark, &rb->wakeup);
235 page_shift = PAGE_SHIFT + page_order(rb);
237 handle->page = (offset >> page_shift) & (rb->nr_pages - 1);
238 offset &= (1UL << page_shift) - 1;
239 handle->addr = rb->data_pages[handle->page] + offset;
240 handle->size = (1UL << page_shift) - offset;
242 if (unlikely(have_lost)) {
243 lost_event.header.size = sizeof(lost_event);
244 lost_event.header.type = PERF_RECORD_LOST;
245 lost_event.header.misc = 0;
246 lost_event.id = event->id;
247 lost_event.lost = local_xchg(&rb->lost, 0);
249 /* XXX mostly redundant; @data is already fully initializes */
250 perf_event_header__init_id(&lost_event.header, data, event);
251 perf_output_put(handle, lost_event);
252 perf_event__output_id_sample(event, handle, data);
258 local_inc(&rb->lost);
259 atomic64_inc(&event->lost_samples);
260 perf_output_put_handle(handle);
267 int perf_output_begin_forward(struct perf_output_handle *handle,
268 struct perf_sample_data *data,
269 struct perf_event *event, unsigned int size)
271 return __perf_output_begin(handle, data, event, size, false);
274 int perf_output_begin_backward(struct perf_output_handle *handle,
275 struct perf_sample_data *data,
276 struct perf_event *event, unsigned int size)
278 return __perf_output_begin(handle, data, event, size, true);
281 int perf_output_begin(struct perf_output_handle *handle,
282 struct perf_sample_data *data,
283 struct perf_event *event, unsigned int size)
286 return __perf_output_begin(handle, data, event, size,
287 unlikely(is_write_backward(event)));
290 unsigned int perf_output_copy(struct perf_output_handle *handle,
291 const void *buf, unsigned int len)
293 return __output_copy(handle, buf, len);
296 unsigned int perf_output_skip(struct perf_output_handle *handle,
299 return __output_skip(handle, NULL, len);
302 void perf_output_end(struct perf_output_handle *handle)
304 perf_output_put_handle(handle);
309 ring_buffer_init(struct perf_buffer *rb, long watermark, int flags)
311 long max_size = perf_data_size(rb);
314 rb->watermark = min(max_size, watermark);
317 rb->watermark = max_size / 2;
319 if (flags & RING_BUFFER_WRITABLE)
324 refcount_set(&rb->refcount, 1);
326 INIT_LIST_HEAD(&rb->event_list);
327 spin_lock_init(&rb->event_lock);
330 * perf_output_begin() only checks rb->paused, therefore
331 * rb->paused must be true if we have no pages for output.
337 void perf_aux_output_flag(struct perf_output_handle *handle, u64 flags)
340 * OVERWRITE is determined by perf_aux_output_end() and can't
341 * be passed in directly.
343 if (WARN_ON_ONCE(flags & PERF_AUX_FLAG_OVERWRITE))
346 handle->aux_flags |= flags;
348 EXPORT_SYMBOL_GPL(perf_aux_output_flag);
351 * This is called before hardware starts writing to the AUX area to
352 * obtain an output handle and make sure there's room in the buffer.
353 * When the capture completes, call perf_aux_output_end() to commit
354 * the recorded data to the buffer.
356 * The ordering is similar to that of perf_output_{begin,end}, with
357 * the exception of (B), which should be taken care of by the pmu
358 * driver, since ordering rules will differ depending on hardware.
360 * Call this from pmu::start(); see the comment in perf_aux_output_end()
361 * about its use in pmu callbacks. Both can also be called from the PMI
364 void *perf_aux_output_begin(struct perf_output_handle *handle,
365 struct perf_event *event)
367 struct perf_event *output_event = event;
368 unsigned long aux_head, aux_tail;
369 struct perf_buffer *rb;
372 if (output_event->parent)
373 output_event = output_event->parent;
376 * Since this will typically be open across pmu::add/pmu::del, we
377 * grab ring_buffer's refcount instead of holding rcu read lock
378 * to make sure it doesn't disappear under us.
380 rb = ring_buffer_get(output_event);
388 * If aux_mmap_count is zero, the aux buffer is in perf_mmap_close(),
389 * about to get freed, so we leave immediately.
391 * Checking rb::aux_mmap_count and rb::refcount has to be done in
392 * the same order, see perf_mmap_close. Otherwise we end up freeing
393 * aux pages in this path, which is a bug, because in_atomic().
395 if (!atomic_read(&rb->aux_mmap_count))
398 if (!refcount_inc_not_zero(&rb->aux_refcount))
401 nest = READ_ONCE(rb->aux_nest);
403 * Nesting is not supported for AUX area, make sure nested
404 * writers are caught early
406 if (WARN_ON_ONCE(nest))
409 WRITE_ONCE(rb->aux_nest, nest + 1);
411 aux_head = rb->aux_head;
414 handle->event = event;
415 handle->head = aux_head;
417 handle->aux_flags = 0;
420 * In overwrite mode, AUX data stores do not depend on aux_tail,
421 * therefore (A) control dependency barrier does not exist. The
422 * (B) <-> (C) ordering is still observed by the pmu driver.
424 if (!rb->aux_overwrite) {
425 aux_tail = READ_ONCE(rb->user_page->aux_tail);
426 handle->wakeup = rb->aux_wakeup + rb->aux_watermark;
427 if (aux_head - aux_tail < perf_aux_size(rb))
428 handle->size = CIRC_SPACE(aux_head, aux_tail, perf_aux_size(rb));
431 * handle->size computation depends on aux_tail load; this forms a
432 * control dependency barrier separating aux_tail load from aux data
433 * store that will be enabled on successful return
435 if (!handle->size) { /* A, matches D */
436 event->pending_disable = smp_processor_id();
437 perf_output_wakeup(handle);
438 WRITE_ONCE(rb->aux_nest, 0);
443 return handle->rb->aux_priv;
451 handle->event = NULL;
455 EXPORT_SYMBOL_GPL(perf_aux_output_begin);
457 static __always_inline bool rb_need_aux_wakeup(struct perf_buffer *rb)
459 if (rb->aux_overwrite)
462 if (rb->aux_head - rb->aux_wakeup >= rb->aux_watermark) {
463 rb->aux_wakeup = rounddown(rb->aux_head, rb->aux_watermark);
471 * Commit the data written by hardware into the ring buffer by adjusting
472 * aux_head and posting a PERF_RECORD_AUX into the perf buffer. It is the
473 * pmu driver's responsibility to observe ordering rules of the hardware,
474 * so that all the data is externally visible before this is called.
476 * Note: this has to be called from pmu::stop() callback, as the assumption
477 * of the AUX buffer management code is that after pmu::stop(), the AUX
478 * transaction must be stopped and therefore drop the AUX reference count.
480 void perf_aux_output_end(struct perf_output_handle *handle, unsigned long size)
482 bool wakeup = !!(handle->aux_flags & PERF_AUX_FLAG_TRUNCATED);
483 struct perf_buffer *rb = handle->rb;
484 unsigned long aux_head;
486 /* in overwrite mode, driver provides aux_head via handle */
487 if (rb->aux_overwrite) {
488 handle->aux_flags |= PERF_AUX_FLAG_OVERWRITE;
490 aux_head = handle->head;
491 rb->aux_head = aux_head;
493 handle->aux_flags &= ~PERF_AUX_FLAG_OVERWRITE;
495 aux_head = rb->aux_head;
496 rb->aux_head += size;
500 * Only send RECORD_AUX if we have something useful to communicate
502 * Note: the OVERWRITE records by themselves are not considered
503 * useful, as they don't communicate any *new* information,
504 * aside from the short-lived offset, that becomes history at
505 * the next event sched-in and therefore isn't useful.
506 * The userspace that needs to copy out AUX data in overwrite
507 * mode should know to use user_page::aux_head for the actual
508 * offset. So, from now on we don't output AUX records that
509 * have *only* OVERWRITE flag set.
511 if (size || (handle->aux_flags & ~(u64)PERF_AUX_FLAG_OVERWRITE))
512 perf_event_aux_event(handle->event, aux_head, size,
515 WRITE_ONCE(rb->user_page->aux_head, rb->aux_head);
516 if (rb_need_aux_wakeup(rb))
520 if (handle->aux_flags & PERF_AUX_FLAG_TRUNCATED)
521 handle->event->pending_disable = smp_processor_id();
522 perf_output_wakeup(handle);
525 handle->event = NULL;
527 WRITE_ONCE(rb->aux_nest, 0);
532 EXPORT_SYMBOL_GPL(perf_aux_output_end);
535 * Skip over a given number of bytes in the AUX buffer, due to, for example,
536 * hardware's alignment constraints.
538 int perf_aux_output_skip(struct perf_output_handle *handle, unsigned long size)
540 struct perf_buffer *rb = handle->rb;
542 if (size > handle->size)
545 rb->aux_head += size;
547 WRITE_ONCE(rb->user_page->aux_head, rb->aux_head);
548 if (rb_need_aux_wakeup(rb)) {
549 perf_output_wakeup(handle);
550 handle->wakeup = rb->aux_wakeup + rb->aux_watermark;
553 handle->head = rb->aux_head;
554 handle->size -= size;
558 EXPORT_SYMBOL_GPL(perf_aux_output_skip);
560 void *perf_get_aux(struct perf_output_handle *handle)
562 /* this is only valid between perf_aux_output_begin and *_end */
566 return handle->rb->aux_priv;
568 EXPORT_SYMBOL_GPL(perf_get_aux);
571 * Copy out AUX data from an AUX handle.
573 long perf_output_copy_aux(struct perf_output_handle *aux_handle,
574 struct perf_output_handle *handle,
575 unsigned long from, unsigned long to)
577 struct perf_buffer *rb = aux_handle->rb;
578 unsigned long tocopy, remainder, len = 0;
581 from &= (rb->aux_nr_pages << PAGE_SHIFT) - 1;
582 to &= (rb->aux_nr_pages << PAGE_SHIFT) - 1;
585 tocopy = PAGE_SIZE - offset_in_page(from);
587 tocopy = min(tocopy, to - from);
591 addr = rb->aux_pages[from >> PAGE_SHIFT];
592 addr += offset_in_page(from);
594 remainder = perf_output_copy(handle, addr, tocopy);
600 from &= (rb->aux_nr_pages << PAGE_SHIFT) - 1;
601 } while (to != from);
606 #define PERF_AUX_GFP (GFP_KERNEL | __GFP_ZERO | __GFP_NOWARN | __GFP_NORETRY)
608 static struct page *rb_alloc_aux_page(int node, int order)
612 if (order > MAX_ORDER)
616 page = alloc_pages_node(node, PERF_AUX_GFP, order);
617 } while (!page && order--);
621 * Communicate the allocation size to the driver:
622 * if we managed to secure a high-order allocation,
623 * set its first page's private to this order;
624 * !PagePrivate(page) means it's just a normal page.
626 split_page(page, order);
627 SetPagePrivate(page);
628 set_page_private(page, order);
634 static void rb_free_aux_page(struct perf_buffer *rb, int idx)
636 struct page *page = virt_to_page(rb->aux_pages[idx]);
638 ClearPagePrivate(page);
639 page->mapping = NULL;
643 static void __rb_free_aux(struct perf_buffer *rb)
648 * Should never happen, the last reference should be dropped from
649 * perf_mmap_close() path, which first stops aux transactions (which
650 * in turn are the atomic holders of aux_refcount) and then does the
651 * last rb_free_aux().
653 WARN_ON_ONCE(in_atomic());
656 rb->free_aux(rb->aux_priv);
661 if (rb->aux_nr_pages) {
662 for (pg = 0; pg < rb->aux_nr_pages; pg++)
663 rb_free_aux_page(rb, pg);
665 kfree(rb->aux_pages);
666 rb->aux_nr_pages = 0;
670 int rb_alloc_aux(struct perf_buffer *rb, struct perf_event *event,
671 pgoff_t pgoff, int nr_pages, long watermark, int flags)
673 bool overwrite = !(flags & RING_BUFFER_WRITABLE);
674 int node = (event->cpu == -1) ? -1 : cpu_to_node(event->cpu);
675 int ret = -ENOMEM, max_order;
681 * We need to start with the max_order that fits in nr_pages,
682 * not the other way around, hence ilog2() and not get_order.
684 max_order = ilog2(nr_pages);
687 * PMU requests more than one contiguous chunks of memory
688 * for SW double buffering
698 * kcalloc_node() is unable to allocate buffer if the size is larger
699 * than: PAGE_SIZE << MAX_ORDER; directly bail out in this case.
701 if (get_order((unsigned long)nr_pages * sizeof(void *)) > MAX_ORDER)
703 rb->aux_pages = kcalloc_node(nr_pages, sizeof(void *), GFP_KERNEL,
708 rb->free_aux = event->pmu->free_aux;
709 for (rb->aux_nr_pages = 0; rb->aux_nr_pages < nr_pages;) {
713 order = min(max_order, ilog2(nr_pages - rb->aux_nr_pages));
714 page = rb_alloc_aux_page(node, order);
718 for (last = rb->aux_nr_pages + (1 << page_private(page));
719 last > rb->aux_nr_pages; rb->aux_nr_pages++)
720 rb->aux_pages[rb->aux_nr_pages] = page_address(page++);
724 * In overwrite mode, PMUs that don't support SG may not handle more
725 * than one contiguous allocation, since they rely on PMI to do double
726 * buffering. In this case, the entire buffer has to be one contiguous
729 if ((event->pmu->capabilities & PERF_PMU_CAP_AUX_NO_SG) &&
731 struct page *page = virt_to_page(rb->aux_pages[0]);
733 if (page_private(page) != max_order)
737 rb->aux_priv = event->pmu->setup_aux(event, rb->aux_pages, nr_pages,
745 * aux_pages (and pmu driver's private data, aux_priv) will be
746 * referenced in both producer's and consumer's contexts, thus
747 * we keep a refcount here to make sure either of the two can
748 * reference them safely.
750 refcount_set(&rb->aux_refcount, 1);
752 rb->aux_overwrite = overwrite;
753 rb->aux_watermark = watermark;
755 if (!rb->aux_watermark && !rb->aux_overwrite)
756 rb->aux_watermark = nr_pages << (PAGE_SHIFT - 1);
760 rb->aux_pgoff = pgoff;
767 void rb_free_aux(struct perf_buffer *rb)
769 if (refcount_dec_and_test(&rb->aux_refcount))
773 #ifndef CONFIG_PERF_USE_VMALLOC
776 * Back perf_mmap() with regular GFP_KERNEL-0 pages.
780 __perf_mmap_to_page(struct perf_buffer *rb, unsigned long pgoff)
782 if (pgoff > rb->nr_pages)
786 return virt_to_page(rb->user_page);
788 return virt_to_page(rb->data_pages[pgoff - 1]);
791 static void *perf_mmap_alloc_page(int cpu)
796 node = (cpu == -1) ? cpu : cpu_to_node(cpu);
797 page = alloc_pages_node(node, GFP_KERNEL | __GFP_ZERO, 0);
801 return page_address(page);
804 static void perf_mmap_free_page(void *addr)
806 struct page *page = virt_to_page(addr);
808 page->mapping = NULL;
812 struct perf_buffer *rb_alloc(int nr_pages, long watermark, int cpu, int flags)
814 struct perf_buffer *rb;
818 size = sizeof(struct perf_buffer);
819 size += nr_pages * sizeof(void *);
821 if (order_base_2(size) >= PAGE_SHIFT+MAX_ORDER)
824 rb = kzalloc(size, GFP_KERNEL);
828 rb->user_page = perf_mmap_alloc_page(cpu);
832 for (i = 0; i < nr_pages; i++) {
833 rb->data_pages[i] = perf_mmap_alloc_page(cpu);
834 if (!rb->data_pages[i])
835 goto fail_data_pages;
838 rb->nr_pages = nr_pages;
840 ring_buffer_init(rb, watermark, flags);
845 for (i--; i >= 0; i--)
846 perf_mmap_free_page(rb->data_pages[i]);
848 perf_mmap_free_page(rb->user_page);
857 void rb_free(struct perf_buffer *rb)
861 perf_mmap_free_page(rb->user_page);
862 for (i = 0; i < rb->nr_pages; i++)
863 perf_mmap_free_page(rb->data_pages[i]);
869 __perf_mmap_to_page(struct perf_buffer *rb, unsigned long pgoff)
871 /* The '>' counts in the user page. */
872 if (pgoff > data_page_nr(rb))
875 return vmalloc_to_page((void *)rb->user_page + pgoff * PAGE_SIZE);
878 static void perf_mmap_unmark_page(void *addr)
880 struct page *page = vmalloc_to_page(addr);
882 page->mapping = NULL;
885 static void rb_free_work(struct work_struct *work)
887 struct perf_buffer *rb;
891 rb = container_of(work, struct perf_buffer, work);
892 nr = data_page_nr(rb);
894 base = rb->user_page;
895 /* The '<=' counts in the user page. */
896 for (i = 0; i <= nr; i++)
897 perf_mmap_unmark_page(base + (i * PAGE_SIZE));
903 void rb_free(struct perf_buffer *rb)
905 schedule_work(&rb->work);
908 struct perf_buffer *rb_alloc(int nr_pages, long watermark, int cpu, int flags)
910 struct perf_buffer *rb;
914 size = sizeof(struct perf_buffer);
915 size += sizeof(void *);
917 rb = kzalloc(size, GFP_KERNEL);
921 INIT_WORK(&rb->work, rb_free_work);
923 all_buf = vmalloc_user((nr_pages + 1) * PAGE_SIZE);
927 rb->user_page = all_buf;
928 rb->data_pages[0] = all_buf + PAGE_SIZE;
931 rb->page_order = ilog2(nr_pages);
934 ring_buffer_init(rb, watermark, flags);
948 perf_mmap_to_page(struct perf_buffer *rb, unsigned long pgoff)
950 if (rb->aux_nr_pages) {
951 /* above AUX space */
952 if (pgoff > rb->aux_pgoff + rb->aux_nr_pages)
956 if (pgoff >= rb->aux_pgoff) {
957 int aux_pgoff = array_index_nospec(pgoff - rb->aux_pgoff, rb->aux_nr_pages);
958 return virt_to_page(rb->aux_pages[aux_pgoff]);
962 return __perf_mmap_to_page(rb, pgoff);
projects / releases.git / blob