bpf: Add bpf_loop helper

extern const struct bpf_func_proto bpf_sk_getsockopt_proto;

extern const struct bpf_func_proto bpf_kallsyms_lookup_name_proto;

extern const struct bpf_func_proto bpf_find_vma_proto;

extern const struct bpf_func_proto bpf_loop_proto;

const struct bpf_func_proto *tracing_prog_func_proto(

  enum bpf_func_id func_id, const struct bpf_prog *prog);

 *		**-ENOENT** if *task->mm* is NULL, or no vma contains *addr*.

 *		**-EBUSY** if failed to try lock mmap_lock.

 *		**-EINVAL** for invalid **flags**.

 *

 * long bpf_loop(u32 nr_loops, void *callback_fn, void *callback_ctx, u64 flags)

 *	Description

 *		For **nr_loops**, call **callback_fn** function

 *		with **callback_ctx** as the context parameter.

 *		The **callback_fn** should be a static function and

 *		the **callback_ctx** should be a pointer to the stack.

 *		The **flags** is used to control certain aspects of the helper.

 *		Currently, the **flags** must be 0. Currently, nr_loops is

 *		limited to 1 << 23 (~8 million) loops.

 *

 *		long (\*callback_fn)(u32 index, void \*ctx);

 *

 *		where **index** is the current index in the loop. The index

 *		is zero-indexed.

 *

 *		If **callback_fn** returns 0, the helper will continue to the next

 *		loop. If return value is 1, the helper will skip the rest of

 *		the loops and return. Other return values are not used now,

 *		and will be rejected by the verifier.

 *

 *	Return

 *		The number of loops performed, **-EINVAL** for invalid **flags**,

 *		**-E2BIG** if **nr_loops** exceeds the maximum number of loops.

 */

#define __BPF_FUNC_MAPPER(FN)		\

	FN(unspec),			\

	FN(skc_to_unix_sock),		\

	FN(kallsyms_lookup_name),	\

	FN(find_vma),			\

	FN(loop),			\

	/* */

/* integer value in 'imm' field of BPF_CALL instruction selects which helper

	.arg3_type	= ARG_PTR_TO_STACK_OR_NULL,

	.arg4_type	= ARG_ANYTHING,

};

/* maximum number of loops */

#define MAX_LOOPS	BIT(23)

BPF_CALL_4(bpf_loop, u32, nr_loops, void *, callback_fn, void *, callback_ctx,

	   u64, flags)

{

	bpf_callback_t callback = (bpf_callback_t)callback_fn;

	u64 ret;

	u32 i;

	if (flags)

		return -EINVAL;

	if (nr_loops > MAX_LOOPS)

		return -E2BIG;

	for (i = 0; i < nr_loops; i++) {

		ret = callback((u64)i, (u64)(long)callback_ctx, 0, 0, 0);

		/* return value: 0 - continue, 1 - stop and return */

		if (ret)

			return i + 1;

	}

	return i;

}

const struct bpf_func_proto bpf_loop_proto = {

	.func		= bpf_loop,

	.gpl_only	= false,

	.ret_type	= RET_INTEGER,

	.arg1_type	= ARG_ANYTHING,

	.arg2_type	= ARG_PTR_TO_FUNC,

	.arg3_type	= ARG_PTR_TO_STACK_OR_NULL,

	.arg4_type	= ARG_ANYTHING,

};

		return &bpf_ringbuf_query_proto;

	case BPF_FUNC_for_each_map_elem:

		return &bpf_for_each_map_elem_proto;

	case BPF_FUNC_loop:

		return &bpf_loop_proto;

	default:

		break;

	}

	return 0;

}

static int set_loop_callback_state(struct bpf_verifier_env *env,

				   struct bpf_func_state *caller,

				   struct bpf_func_state *callee,

				   int insn_idx)

{

	/* bpf_loop(u32 nr_loops, void *callback_fn, void *callback_ctx,

	 *	    u64 flags);

	 * callback_fn(u32 index, void *callback_ctx);

	 */

	callee->regs[BPF_REG_1].type = SCALAR_VALUE;

	callee->regs[BPF_REG_2] = caller->regs[BPF_REG_3];

	/* unused */

	__mark_reg_not_init(env, &callee->regs[BPF_REG_3]);

	__mark_reg_not_init(env, &callee->regs[BPF_REG_4]);

	__mark_reg_not_init(env, &callee->regs[BPF_REG_5]);

	callee->in_callback_fn = true;

	return 0;

}

static int set_timer_callback_state(struct bpf_verifier_env *env,

				    struct bpf_func_state *caller,

				    struct bpf_func_state *callee,

			return err;

	}

	if (func_id == BPF_FUNC_tail_call) {

		err = check_reference_leak(env);

		if (err) {

			verbose(env, "tail_call would lead to reference leak\n");

			return err;

		}

	} else if (is_release_function(func_id)) {

	if (is_release_function(func_id)) {

		err = release_reference(env, meta.ref_obj_id);

		if (err) {

			verbose(env, "func %s#%d reference has not been acquired before\n",

	regs = cur_regs(env);

	switch (func_id) {

	case BPF_FUNC_tail_call:

		err = check_reference_leak(env);

		if (err) {

			verbose(env, "tail_call would lead to reference leak\n");

			return err;

		}

		break;

	case BPF_FUNC_get_local_storage:

		/* check that flags argument in get_local_storage(map, flags) is 0,

		 * this is required because get_local_storage() can't return an error.

		 */

	if (func_id == BPF_FUNC_get_local_storage &&

	    !register_is_null(&regs[BPF_REG_2])) {

		if (!register_is_null(&regs[BPF_REG_2])) {

			verbose(env, "get_local_storage() doesn't support non-zero flags\n");

			return -EINVAL;

		}

	if (func_id == BPF_FUNC_for_each_map_elem) {

		break;

	case BPF_FUNC_for_each_map_elem:

		err = __check_func_call(env, insn, insn_idx_p, meta.subprogno,

					set_map_elem_callback_state);

		if (err < 0)

			return -EINVAL;

	}

	if (func_id == BPF_FUNC_timer_set_callback) {

		break;

	case BPF_FUNC_timer_set_callback:

		err = __check_func_call(env, insn, insn_idx_p, meta.subprogno,

					set_timer_callback_state);

		if (err < 0)

			return -EINVAL;

	}

	if (func_id == BPF_FUNC_find_vma) {

		break;

	case BPF_FUNC_find_vma:

		err = __check_func_call(env, insn, insn_idx_p, meta.subprogno,

					set_find_vma_callback_state);

		if (err < 0)

			return -EINVAL;

		break;

	case BPF_FUNC_snprintf:

		err = check_bpf_snprintf_call(env, regs);

		break;

	case BPF_FUNC_loop:

		err = __check_func_call(env, insn, insn_idx_p, meta.subprogno,

					set_loop_callback_state);

		break;

	}

	if (func_id == BPF_FUNC_snprintf) {

		err = check_bpf_snprintf_call(env, regs);

		if (err < 0)

	if (err)

		return err;

	}

	/* reset caller saved regs */

	for (i = 0; i < CALLER_SAVED_REGS; i++) {