Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-5.4 / de9cbbaadba5adf88a19e46df61f7054000838f6 / . / include / linux / bpf-cgroup.h
blob: 7d00d58869edc785590961de2fd176df4a0e6c4a [file] [log] [blame]
Greg Kroah-Hartmanb2441312017-11-01 15:07:57 +0100[diff] [blame]1/* SPDX-License-Identifier: GPL-2.0 */
Daniel Mack30070982016-11-23 16:52:26 +0100[diff] [blame]2#ifndef _BPF_CGROUP_H
3#define _BPF_CGROUP_H
4
Roman Gushchinf292b872018-07-06 14:34:29 -0700[diff] [blame]5#include <linux/errno.h>
Daniel Mack30070982016-11-23 16:52:26 +0100[diff] [blame]6#include <linux/jump_label.h>
Roman Gushchinde9cbba2018-08-02 14:27:18 -0700[diff] [blame^]7#include <linux/rbtree.h>
Daniel Mack30070982016-11-23 16:52:26 +0100[diff] [blame]8#include <uapi/linux/bpf.h>
9
10struct sock;
Andrey Ignatov4fbac772018-03-30 15:08:02 -0700[diff] [blame]11struct sockaddr;
Daniel Mack30070982016-11-23 16:52:26 +0100[diff] [blame]12struct cgroup;
13struct sk_buff;
Roman Gushchinde9cbba2018-08-02 14:27:18 -0700[diff] [blame^]14struct bpf_map;
15struct bpf_prog;
Lawrence Brakmo40304b22017-06-30 20:02:40 -0700[diff] [blame]16struct bpf_sock_ops_kern;
Roman Gushchinde9cbba2018-08-02 14:27:18 -0700[diff] [blame^]17struct bpf_cgroup_storage;
Daniel Mack30070982016-11-23 16:52:26 +0100[diff] [blame]18
19#ifdef CONFIG_CGROUP_BPF
20
21extern struct static_key_false cgroup_bpf_enabled_key;
22#define cgroup_bpf_enabled static_branch_unlikely(&cgroup_bpf_enabled_key)
23
Roman Gushchinde9cbba2018-08-02 14:27:18 -0700[diff] [blame^]24struct bpf_cgroup_storage_map;
25
26struct bpf_storage_buffer {
27 struct rcu_head rcu;
28 char data[0];
29};
30
31struct bpf_cgroup_storage {
32 struct bpf_storage_buffer *buf;
33 struct bpf_cgroup_storage_map *map;
34 struct bpf_cgroup_storage_key key;
35 struct list_head list;
36 struct rb_node node;
37 struct rcu_head rcu;
38};
39
Alexei Starovoitov324bda9e62017-10-02 22:50:21 -0700[diff] [blame]40struct bpf_prog_list {
41 struct list_head node;
42 struct bpf_prog *prog;
43};
44
45struct bpf_prog_array;
46
Daniel Mack30070982016-11-23 16:52:26 +0100[diff] [blame]47struct cgroup_bpf {
Alexei Starovoitov324bda9e62017-10-02 22:50:21 -0700[diff] [blame]48 /* array of effective progs in this cgroup */
49 struct bpf_prog_array __rcu *effective[MAX_BPF_ATTACH_TYPE];
50
51 /* attached progs to this cgroup and attach flags
52 * when flags == 0 or BPF_F_ALLOW_OVERRIDE the progs list will
53 * have either zero or one element
54 * when BPF_F_ALLOW_MULTI the list can have up to BPF_CGROUP_MAX_PROGS
Daniel Mack30070982016-11-23 16:52:26 +0100[diff] [blame]55 */
Alexei Starovoitov324bda9e62017-10-02 22:50:21 -0700[diff] [blame]56 struct list_head progs[MAX_BPF_ATTACH_TYPE];
57 u32 flags[MAX_BPF_ATTACH_TYPE];
58
59 /* temp storage for effective prog array used by prog_attach/detach */
60 struct bpf_prog_array __rcu *inactive;
Daniel Mack30070982016-11-23 16:52:26 +0100[diff] [blame]61};
62
63void cgroup_bpf_put(struct cgroup *cgrp);
Alexei Starovoitov324bda9e62017-10-02 22:50:21 -0700[diff] [blame]64int cgroup_bpf_inherit(struct cgroup *cgrp);
Daniel Mack30070982016-11-23 16:52:26 +0100[diff] [blame]65
Alexei Starovoitov324bda9e62017-10-02 22:50:21 -0700[diff] [blame]66int __cgroup_bpf_attach(struct cgroup *cgrp, struct bpf_prog *prog,
67 enum bpf_attach_type type, u32 flags);
68int __cgroup_bpf_detach(struct cgroup *cgrp, struct bpf_prog *prog,
69 enum bpf_attach_type type, u32 flags);
Alexei Starovoitov468e2f62017-10-02 22:50:22 -0700[diff] [blame]70int __cgroup_bpf_query(struct cgroup *cgrp, const union bpf_attr *attr,
71 union bpf_attr __user *uattr);
Daniel Mack30070982016-11-23 16:52:26 +0100[diff] [blame]72
Alexei Starovoitov324bda9e62017-10-02 22:50:21 -0700[diff] [blame]73/* Wrapper for __cgroup_bpf_*() protected by cgroup_mutex */
74int cgroup_bpf_attach(struct cgroup *cgrp, struct bpf_prog *prog,
75 enum bpf_attach_type type, u32 flags);
76int cgroup_bpf_detach(struct cgroup *cgrp, struct bpf_prog *prog,
77 enum bpf_attach_type type, u32 flags);
Alexei Starovoitov468e2f62017-10-02 22:50:22 -0700[diff] [blame]78int cgroup_bpf_query(struct cgroup *cgrp, const union bpf_attr *attr,
79 union bpf_attr __user *uattr);
Daniel Mack30070982016-11-23 16:52:26 +0100[diff] [blame]80
David Ahernb2cd1252016-12-01 08:48:03 -0800[diff] [blame]81int __cgroup_bpf_run_filter_skb(struct sock *sk,
82 struct sk_buff *skb,
83 enum bpf_attach_type type);
Daniel Mack30070982016-11-23 16:52:26 +0100[diff] [blame]84
David Ahern610236582016-12-01 08:48:04 -0800[diff] [blame]85int __cgroup_bpf_run_filter_sk(struct sock *sk,
86 enum bpf_attach_type type);
87
Andrey Ignatov4fbac772018-03-30 15:08:02 -0700[diff] [blame]88int __cgroup_bpf_run_filter_sock_addr(struct sock *sk,
89 struct sockaddr *uaddr,
Andrey Ignatov1cedee12018-05-25 08:55:23 -0700[diff] [blame]90 enum bpf_attach_type type,
91 void *t_ctx);
Andrey Ignatov4fbac772018-03-30 15:08:02 -0700[diff] [blame]92
Lawrence Brakmo40304b22017-06-30 20:02:40 -0700[diff] [blame]93int __cgroup_bpf_run_filter_sock_ops(struct sock *sk,
94 struct bpf_sock_ops_kern *sock_ops,
95 enum bpf_attach_type type);
96
Roman Gushchinebc614f2017-11-05 08:15:32 -0500[diff] [blame]97int __cgroup_bpf_check_dev_permission(short dev_type, u32 major, u32 minor,
98 short access, enum bpf_attach_type type);
99
Roman Gushchinde9cbba2018-08-02 14:27:18 -0700[diff] [blame^]100struct bpf_cgroup_storage *bpf_cgroup_storage_alloc(struct bpf_prog *prog);
101void bpf_cgroup_storage_free(struct bpf_cgroup_storage *storage);
102void bpf_cgroup_storage_link(struct bpf_cgroup_storage *storage,
103 struct cgroup *cgroup,
104 enum bpf_attach_type type);
105void bpf_cgroup_storage_unlink(struct bpf_cgroup_storage *storage);
106int bpf_cgroup_storage_assign(struct bpf_prog *prog, struct bpf_map *map);
107void bpf_cgroup_storage_release(struct bpf_prog *prog, struct bpf_map *map);
108
David Ahernb2cd1252016-12-01 08:48:03 -0800[diff] [blame]109/* Wrappers for __cgroup_bpf_run_filter_skb() guarded by cgroup_bpf_enabled. */
110#define BPF_CGROUP_RUN_PROG_INET_INGRESS(sk, skb) \
111({ \
112 int __ret = 0; \
113 if (cgroup_bpf_enabled) \
114 __ret = __cgroup_bpf_run_filter_skb(sk, skb, \
115 BPF_CGROUP_INET_INGRESS); \
116 \
117 __ret; \
Daniel Mack30070982016-11-23 16:52:26 +0100[diff] [blame]118})
119
David Ahernb2cd1252016-12-01 08:48:03 -0800[diff] [blame]120#define BPF_CGROUP_RUN_PROG_INET_EGRESS(sk, skb) \
121({ \
122 int __ret = 0; \
123 if (cgroup_bpf_enabled && sk && sk == skb->sk) { \
124 typeof(sk) __sk = sk_to_full_sk(sk); \
125 if (sk_fullsock(__sk)) \
126 __ret = __cgroup_bpf_run_filter_skb(__sk, skb, \
127 BPF_CGROUP_INET_EGRESS); \
128 } \
129 __ret; \
Daniel Mack30070982016-11-23 16:52:26 +0100[diff] [blame]130})
131
Andrey Ignatovaac3fc32018-03-30 15:08:07 -0700[diff] [blame]132#define BPF_CGROUP_RUN_SK_PROG(sk, type) \
David Ahern610236582016-12-01 08:48:04 -0800[diff] [blame]133({ \
134 int __ret = 0; \
Yafang Shaoee078622018-02-23 14:58:41 +0800[diff] [blame]135 if (cgroup_bpf_enabled) { \
Andrey Ignatovaac3fc32018-03-30 15:08:07 -0700[diff] [blame]136 __ret = __cgroup_bpf_run_filter_sk(sk, type); \
David Ahern610236582016-12-01 08:48:04 -0800[diff] [blame]137 } \
138 __ret; \
139})
140
Andrey Ignatovaac3fc32018-03-30 15:08:07 -0700[diff] [blame]141#define BPF_CGROUP_RUN_PROG_INET_SOCK(sk) \
142 BPF_CGROUP_RUN_SK_PROG(sk, BPF_CGROUP_INET_SOCK_CREATE)
143
144#define BPF_CGROUP_RUN_PROG_INET4_POST_BIND(sk) \
145 BPF_CGROUP_RUN_SK_PROG(sk, BPF_CGROUP_INET4_POST_BIND)
146
147#define BPF_CGROUP_RUN_PROG_INET6_POST_BIND(sk) \
148 BPF_CGROUP_RUN_SK_PROG(sk, BPF_CGROUP_INET6_POST_BIND)
149
Andrey Ignatov4fbac772018-03-30 15:08:02 -0700[diff] [blame]150#define BPF_CGROUP_RUN_SA_PROG(sk, uaddr, type) \
151({ \
152 int __ret = 0; \
153 if (cgroup_bpf_enabled) \
Andrey Ignatov1cedee12018-05-25 08:55:23 -0700[diff] [blame]154 __ret = __cgroup_bpf_run_filter_sock_addr(sk, uaddr, type, \
155 NULL); \
Andrey Ignatov4fbac772018-03-30 15:08:02 -0700[diff] [blame]156 __ret; \
157})
158
Andrey Ignatov1cedee12018-05-25 08:55:23 -0700[diff] [blame]159#define BPF_CGROUP_RUN_SA_PROG_LOCK(sk, uaddr, type, t_ctx) \
Andrey Ignatovd74bad42018-03-30 15:08:05 -0700[diff] [blame]160({ \
161 int __ret = 0; \
162 if (cgroup_bpf_enabled) { \
163 lock_sock(sk); \
Andrey Ignatov1cedee12018-05-25 08:55:23 -0700[diff] [blame]164 __ret = __cgroup_bpf_run_filter_sock_addr(sk, uaddr, type, \
165 t_ctx); \
Andrey Ignatovd74bad42018-03-30 15:08:05 -0700[diff] [blame]166 release_sock(sk); \
167 } \
168 __ret; \
169})
170
Andrey Ignatov4fbac772018-03-30 15:08:02 -0700[diff] [blame]171#define BPF_CGROUP_RUN_PROG_INET4_BIND(sk, uaddr) \
172 BPF_CGROUP_RUN_SA_PROG(sk, uaddr, BPF_CGROUP_INET4_BIND)
173
174#define BPF_CGROUP_RUN_PROG_INET6_BIND(sk, uaddr) \
175 BPF_CGROUP_RUN_SA_PROG(sk, uaddr, BPF_CGROUP_INET6_BIND)
176
Andrey Ignatovd74bad42018-03-30 15:08:05 -0700[diff] [blame]177#define BPF_CGROUP_PRE_CONNECT_ENABLED(sk) (cgroup_bpf_enabled && \
178 sk->sk_prot->pre_connect)
179
180#define BPF_CGROUP_RUN_PROG_INET4_CONNECT(sk, uaddr) \
181 BPF_CGROUP_RUN_SA_PROG(sk, uaddr, BPF_CGROUP_INET4_CONNECT)
182
183#define BPF_CGROUP_RUN_PROG_INET6_CONNECT(sk, uaddr) \
184 BPF_CGROUP_RUN_SA_PROG(sk, uaddr, BPF_CGROUP_INET6_CONNECT)
185
186#define BPF_CGROUP_RUN_PROG_INET4_CONNECT_LOCK(sk, uaddr) \
Andrey Ignatov1cedee12018-05-25 08:55:23 -0700[diff] [blame]187 BPF_CGROUP_RUN_SA_PROG_LOCK(sk, uaddr, BPF_CGROUP_INET4_CONNECT, NULL)
Andrey Ignatovd74bad42018-03-30 15:08:05 -0700[diff] [blame]188
189#define BPF_CGROUP_RUN_PROG_INET6_CONNECT_LOCK(sk, uaddr) \
Andrey Ignatov1cedee12018-05-25 08:55:23 -0700[diff] [blame]190 BPF_CGROUP_RUN_SA_PROG_LOCK(sk, uaddr, BPF_CGROUP_INET6_CONNECT, NULL)
191
192#define BPF_CGROUP_RUN_PROG_UDP4_SENDMSG_LOCK(sk, uaddr, t_ctx) \
193 BPF_CGROUP_RUN_SA_PROG_LOCK(sk, uaddr, BPF_CGROUP_UDP4_SENDMSG, t_ctx)
194
195#define BPF_CGROUP_RUN_PROG_UDP6_SENDMSG_LOCK(sk, uaddr, t_ctx) \
196 BPF_CGROUP_RUN_SA_PROG_LOCK(sk, uaddr, BPF_CGROUP_UDP6_SENDMSG, t_ctx)
Andrey Ignatovd74bad42018-03-30 15:08:05 -0700[diff] [blame]197
Lawrence Brakmo40304b22017-06-30 20:02:40 -0700[diff] [blame]198#define BPF_CGROUP_RUN_PROG_SOCK_OPS(sock_ops) \
199({ \
200 int __ret = 0; \
201 if (cgroup_bpf_enabled && (sock_ops)->sk) { \
202 typeof(sk) __sk = sk_to_full_sk((sock_ops)->sk); \
WANG Congdf39a9f2017-07-17 11:42:55 -0700[diff] [blame]203 if (__sk && sk_fullsock(__sk)) \
Lawrence Brakmo40304b22017-06-30 20:02:40 -0700[diff] [blame]204 __ret = __cgroup_bpf_run_filter_sock_ops(__sk, \
205 sock_ops, \
206 BPF_CGROUP_SOCK_OPS); \
207 } \
208 __ret; \
209})
Roman Gushchinebc614f2017-11-05 08:15:32 -0500[diff] [blame]210
211#define BPF_CGROUP_RUN_PROG_DEVICE_CGROUP(type, major, minor, access) \
212({ \
213 int __ret = 0; \
214 if (cgroup_bpf_enabled) \
215 __ret = __cgroup_bpf_check_dev_permission(type, major, minor, \
216 access, \
217 BPF_CGROUP_DEVICE); \
218 \
219 __ret; \
220})
Sean Youngfdb5c452018-06-19 00:04:24 +0100[diff] [blame]221int cgroup_bpf_prog_attach(const union bpf_attr *attr,
222 enum bpf_prog_type ptype, struct bpf_prog *prog);
223int cgroup_bpf_prog_detach(const union bpf_attr *attr,
224 enum bpf_prog_type ptype);
225int cgroup_bpf_prog_query(const union bpf_attr *attr,
226 union bpf_attr __user *uattr);
Daniel Mack30070982016-11-23 16:52:26 +0100[diff] [blame]227#else
228
Sean Youngfdb5c452018-06-19 00:04:24 +0100[diff] [blame]229struct bpf_prog;
Daniel Mack30070982016-11-23 16:52:26 +0100[diff] [blame]230struct cgroup_bpf {};
231static inline void cgroup_bpf_put(struct cgroup *cgrp) {}
Alexei Starovoitov324bda9e62017-10-02 22:50:21 -0700[diff] [blame]232static inline int cgroup_bpf_inherit(struct cgroup *cgrp) { return 0; }
Daniel Mack30070982016-11-23 16:52:26 +0100[diff] [blame]233
Sean Youngfdb5c452018-06-19 00:04:24 +0100[diff] [blame]234static inline int cgroup_bpf_prog_attach(const union bpf_attr *attr,
235 enum bpf_prog_type ptype,
236 struct bpf_prog *prog)
237{
238 return -EINVAL;
239}
240
241static inline int cgroup_bpf_prog_detach(const union bpf_attr *attr,
242 enum bpf_prog_type ptype)
243{
244 return -EINVAL;
245}
246
247static inline int cgroup_bpf_prog_query(const union bpf_attr *attr,
248 union bpf_attr __user *uattr)
249{
250 return -EINVAL;
251}
252
Roman Gushchinde9cbba2018-08-02 14:27:18 -0700[diff] [blame^]253static inline int bpf_cgroup_storage_assign(struct bpf_prog *prog,
254 struct bpf_map *map) { return 0; }
255static inline void bpf_cgroup_storage_release(struct bpf_prog *prog,
256 struct bpf_map *map) {}
257static inline struct bpf_cgroup_storage *bpf_cgroup_storage_alloc(
258 struct bpf_prog *prog) { return 0; }
259static inline void bpf_cgroup_storage_free(
260 struct bpf_cgroup_storage *storage) {}
261
Andrey Ignatov13193b02018-05-25 08:55:22 -0700[diff] [blame]262#define cgroup_bpf_enabled (0)
Andrey Ignatovd74bad42018-03-30 15:08:05 -0700[diff] [blame]263#define BPF_CGROUP_PRE_CONNECT_ENABLED(sk) (0)
Daniel Mack30070982016-11-23 16:52:26 +0100[diff] [blame]264#define BPF_CGROUP_RUN_PROG_INET_INGRESS(sk,skb) ({ 0; })
265#define BPF_CGROUP_RUN_PROG_INET_EGRESS(sk,skb) ({ 0; })
David Ahern610236582016-12-01 08:48:04 -0800[diff] [blame]266#define BPF_CGROUP_RUN_PROG_INET_SOCK(sk) ({ 0; })
Andrey Ignatov4fbac772018-03-30 15:08:02 -0700[diff] [blame]267#define BPF_CGROUP_RUN_PROG_INET4_BIND(sk, uaddr) ({ 0; })
268#define BPF_CGROUP_RUN_PROG_INET6_BIND(sk, uaddr) ({ 0; })
Andrey Ignatovaac3fc32018-03-30 15:08:07 -0700[diff] [blame]269#define BPF_CGROUP_RUN_PROG_INET4_POST_BIND(sk) ({ 0; })
270#define BPF_CGROUP_RUN_PROG_INET6_POST_BIND(sk) ({ 0; })
Andrey Ignatovd74bad42018-03-30 15:08:05 -0700[diff] [blame]271#define BPF_CGROUP_RUN_PROG_INET4_CONNECT(sk, uaddr) ({ 0; })
272#define BPF_CGROUP_RUN_PROG_INET4_CONNECT_LOCK(sk, uaddr) ({ 0; })
273#define BPF_CGROUP_RUN_PROG_INET6_CONNECT(sk, uaddr) ({ 0; })
274#define BPF_CGROUP_RUN_PROG_INET6_CONNECT_LOCK(sk, uaddr) ({ 0; })
Andrey Ignatov1cedee12018-05-25 08:55:23 -0700[diff] [blame]275#define BPF_CGROUP_RUN_PROG_UDP4_SENDMSG_LOCK(sk, uaddr, t_ctx) ({ 0; })
276#define BPF_CGROUP_RUN_PROG_UDP6_SENDMSG_LOCK(sk, uaddr, t_ctx) ({ 0; })
Lawrence Brakmo40304b22017-06-30 20:02:40 -0700[diff] [blame]277#define BPF_CGROUP_RUN_PROG_SOCK_OPS(sock_ops) ({ 0; })
Roman Gushchinebc614f2017-11-05 08:15:32 -0500[diff] [blame]278#define BPF_CGROUP_RUN_PROG_DEVICE_CGROUP(type,major,minor,access) ({ 0; })
Daniel Mack30070982016-11-23 16:52:26 +0100[diff] [blame]279
280#endif /* CONFIG_CGROUP_BPF */
281
282#endif /* _BPF_CGROUP_H */