Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-5.4 / f292b87d3ac020418644d8a4bbf29814890505cb / . / include / linux / bpf-cgroup.h
blob: d50c2f0a655ae3f95271d5f8de40f8eabc917c65 [file] [log] [blame]
Greg Kroah-Hartmanb2441312017-11-01 15:07:57 +0100[diff] [blame]1/* SPDX-License-Identifier: GPL-2.0 */
Daniel Mack30070982016-11-23 16:52:26 +0100[diff] [blame]2#ifndef _BPF_CGROUP_H
3#define _BPF_CGROUP_H
4
Roman Gushchinf292b872018-07-06 14:34:29 -0700[diff] [blame^]5#include <linux/errno.h>
Daniel Mack30070982016-11-23 16:52:26 +0100[diff] [blame]6#include <linux/jump_label.h>
7#include <uapi/linux/bpf.h>
8
9struct sock;
Andrey Ignatov4fbac772018-03-30 15:08:02 -0700[diff] [blame]10struct sockaddr;
Daniel Mack30070982016-11-23 16:52:26 +0100[diff] [blame]11struct cgroup;
12struct sk_buff;
Lawrence Brakmo40304b22017-06-30 20:02:40 -0700[diff] [blame]13struct bpf_sock_ops_kern;
Daniel Mack30070982016-11-23 16:52:26 +0100[diff] [blame]14
15#ifdef CONFIG_CGROUP_BPF
16
17extern struct static_key_false cgroup_bpf_enabled_key;
18#define cgroup_bpf_enabled static_branch_unlikely(&cgroup_bpf_enabled_key)
19
Alexei Starovoitov324bda9e62017-10-02 22:50:21 -0700[diff] [blame]20struct bpf_prog_list {
21 struct list_head node;
22 struct bpf_prog *prog;
23};
24
25struct bpf_prog_array;
26
Daniel Mack30070982016-11-23 16:52:26 +0100[diff] [blame]27struct cgroup_bpf {
Alexei Starovoitov324bda9e62017-10-02 22:50:21 -0700[diff] [blame]28 /* array of effective progs in this cgroup */
29 struct bpf_prog_array __rcu *effective[MAX_BPF_ATTACH_TYPE];
30
31 /* attached progs to this cgroup and attach flags
32 * when flags == 0 or BPF_F_ALLOW_OVERRIDE the progs list will
33 * have either zero or one element
34 * when BPF_F_ALLOW_MULTI the list can have up to BPF_CGROUP_MAX_PROGS
Daniel Mack30070982016-11-23 16:52:26 +0100[diff] [blame]35 */
Alexei Starovoitov324bda9e62017-10-02 22:50:21 -0700[diff] [blame]36 struct list_head progs[MAX_BPF_ATTACH_TYPE];
37 u32 flags[MAX_BPF_ATTACH_TYPE];
38
39 /* temp storage for effective prog array used by prog_attach/detach */
40 struct bpf_prog_array __rcu *inactive;
Daniel Mack30070982016-11-23 16:52:26 +0100[diff] [blame]41};
42
43void cgroup_bpf_put(struct cgroup *cgrp);
Alexei Starovoitov324bda9e62017-10-02 22:50:21 -0700[diff] [blame]44int cgroup_bpf_inherit(struct cgroup *cgrp);
Daniel Mack30070982016-11-23 16:52:26 +0100[diff] [blame]45
Alexei Starovoitov324bda9e62017-10-02 22:50:21 -0700[diff] [blame]46int __cgroup_bpf_attach(struct cgroup *cgrp, struct bpf_prog *prog,
47 enum bpf_attach_type type, u32 flags);
48int __cgroup_bpf_detach(struct cgroup *cgrp, struct bpf_prog *prog,
49 enum bpf_attach_type type, u32 flags);
Alexei Starovoitov468e2f62017-10-02 22:50:22 -0700[diff] [blame]50int __cgroup_bpf_query(struct cgroup *cgrp, const union bpf_attr *attr,
51 union bpf_attr __user *uattr);
Daniel Mack30070982016-11-23 16:52:26 +0100[diff] [blame]52
Alexei Starovoitov324bda9e62017-10-02 22:50:21 -0700[diff] [blame]53/* Wrapper for __cgroup_bpf_*() protected by cgroup_mutex */
54int cgroup_bpf_attach(struct cgroup *cgrp, struct bpf_prog *prog,
55 enum bpf_attach_type type, u32 flags);
56int cgroup_bpf_detach(struct cgroup *cgrp, struct bpf_prog *prog,
57 enum bpf_attach_type type, u32 flags);
Alexei Starovoitov468e2f62017-10-02 22:50:22 -0700[diff] [blame]58int cgroup_bpf_query(struct cgroup *cgrp, const union bpf_attr *attr,
59 union bpf_attr __user *uattr);
Daniel Mack30070982016-11-23 16:52:26 +0100[diff] [blame]60
David Ahernb2cd1252016-12-01 08:48:03 -0800[diff] [blame]61int __cgroup_bpf_run_filter_skb(struct sock *sk,
62 struct sk_buff *skb,
63 enum bpf_attach_type type);
Daniel Mack30070982016-11-23 16:52:26 +0100[diff] [blame]64
David Ahern610236582016-12-01 08:48:04 -0800[diff] [blame]65int __cgroup_bpf_run_filter_sk(struct sock *sk,
66 enum bpf_attach_type type);
67
Andrey Ignatov4fbac772018-03-30 15:08:02 -0700[diff] [blame]68int __cgroup_bpf_run_filter_sock_addr(struct sock *sk,
69 struct sockaddr *uaddr,
Andrey Ignatov1cedee12018-05-25 08:55:23 -0700[diff] [blame]70 enum bpf_attach_type type,
71 void *t_ctx);
Andrey Ignatov4fbac772018-03-30 15:08:02 -0700[diff] [blame]72
Lawrence Brakmo40304b22017-06-30 20:02:40 -0700[diff] [blame]73int __cgroup_bpf_run_filter_sock_ops(struct sock *sk,
74 struct bpf_sock_ops_kern *sock_ops,
75 enum bpf_attach_type type);
76
Roman Gushchinebc614f2017-11-05 08:15:32 -0500[diff] [blame]77int __cgroup_bpf_check_dev_permission(short dev_type, u32 major, u32 minor,
78 short access, enum bpf_attach_type type);
79
David Ahernb2cd1252016-12-01 08:48:03 -0800[diff] [blame]80/* Wrappers for __cgroup_bpf_run_filter_skb() guarded by cgroup_bpf_enabled. */
81#define BPF_CGROUP_RUN_PROG_INET_INGRESS(sk, skb) \
82({ \
83 int __ret = 0; \
84 if (cgroup_bpf_enabled) \
85 __ret = __cgroup_bpf_run_filter_skb(sk, skb, \
86 BPF_CGROUP_INET_INGRESS); \
87 \
88 __ret; \
Daniel Mack30070982016-11-23 16:52:26 +0100[diff] [blame]89})
90
David Ahernb2cd1252016-12-01 08:48:03 -0800[diff] [blame]91#define BPF_CGROUP_RUN_PROG_INET_EGRESS(sk, skb) \
92({ \
93 int __ret = 0; \
94 if (cgroup_bpf_enabled && sk && sk == skb->sk) { \
95 typeof(sk) __sk = sk_to_full_sk(sk); \
96 if (sk_fullsock(__sk)) \
97 __ret = __cgroup_bpf_run_filter_skb(__sk, skb, \
98 BPF_CGROUP_INET_EGRESS); \
99 } \
100 __ret; \
Daniel Mack30070982016-11-23 16:52:26 +0100[diff] [blame]101})
102
Andrey Ignatovaac3fc32018-03-30 15:08:07 -0700[diff] [blame]103#define BPF_CGROUP_RUN_SK_PROG(sk, type) \
David Ahern610236582016-12-01 08:48:04 -0800[diff] [blame]104({ \
105 int __ret = 0; \
Yafang Shaoee078622018-02-23 14:58:41 +0800[diff] [blame]106 if (cgroup_bpf_enabled) { \
Andrey Ignatovaac3fc32018-03-30 15:08:07 -0700[diff] [blame]107 __ret = __cgroup_bpf_run_filter_sk(sk, type); \
David Ahern610236582016-12-01 08:48:04 -0800[diff] [blame]108 } \
109 __ret; \
110})
111
Andrey Ignatovaac3fc32018-03-30 15:08:07 -0700[diff] [blame]112#define BPF_CGROUP_RUN_PROG_INET_SOCK(sk) \
113 BPF_CGROUP_RUN_SK_PROG(sk, BPF_CGROUP_INET_SOCK_CREATE)
114
115#define BPF_CGROUP_RUN_PROG_INET4_POST_BIND(sk) \
116 BPF_CGROUP_RUN_SK_PROG(sk, BPF_CGROUP_INET4_POST_BIND)
117
118#define BPF_CGROUP_RUN_PROG_INET6_POST_BIND(sk) \
119 BPF_CGROUP_RUN_SK_PROG(sk, BPF_CGROUP_INET6_POST_BIND)
120
Andrey Ignatov4fbac772018-03-30 15:08:02 -0700[diff] [blame]121#define BPF_CGROUP_RUN_SA_PROG(sk, uaddr, type) \
122({ \
123 int __ret = 0; \
124 if (cgroup_bpf_enabled) \
Andrey Ignatov1cedee12018-05-25 08:55:23 -0700[diff] [blame]125 __ret = __cgroup_bpf_run_filter_sock_addr(sk, uaddr, type, \
126 NULL); \
Andrey Ignatov4fbac772018-03-30 15:08:02 -0700[diff] [blame]127 __ret; \
128})
129
Andrey Ignatov1cedee12018-05-25 08:55:23 -0700[diff] [blame]130#define BPF_CGROUP_RUN_SA_PROG_LOCK(sk, uaddr, type, t_ctx) \
Andrey Ignatovd74bad42018-03-30 15:08:05 -0700[diff] [blame]131({ \
132 int __ret = 0; \
133 if (cgroup_bpf_enabled) { \
134 lock_sock(sk); \
Andrey Ignatov1cedee12018-05-25 08:55:23 -0700[diff] [blame]135 __ret = __cgroup_bpf_run_filter_sock_addr(sk, uaddr, type, \
136 t_ctx); \
Andrey Ignatovd74bad42018-03-30 15:08:05 -0700[diff] [blame]137 release_sock(sk); \
138 } \
139 __ret; \
140})
141
Andrey Ignatov4fbac772018-03-30 15:08:02 -0700[diff] [blame]142#define BPF_CGROUP_RUN_PROG_INET4_BIND(sk, uaddr) \
143 BPF_CGROUP_RUN_SA_PROG(sk, uaddr, BPF_CGROUP_INET4_BIND)
144
145#define BPF_CGROUP_RUN_PROG_INET6_BIND(sk, uaddr) \
146 BPF_CGROUP_RUN_SA_PROG(sk, uaddr, BPF_CGROUP_INET6_BIND)
147
Andrey Ignatovd74bad42018-03-30 15:08:05 -0700[diff] [blame]148#define BPF_CGROUP_PRE_CONNECT_ENABLED(sk) (cgroup_bpf_enabled && \
149 sk->sk_prot->pre_connect)
150
151#define BPF_CGROUP_RUN_PROG_INET4_CONNECT(sk, uaddr) \
152 BPF_CGROUP_RUN_SA_PROG(sk, uaddr, BPF_CGROUP_INET4_CONNECT)
153
154#define BPF_CGROUP_RUN_PROG_INET6_CONNECT(sk, uaddr) \
155 BPF_CGROUP_RUN_SA_PROG(sk, uaddr, BPF_CGROUP_INET6_CONNECT)
156
157#define BPF_CGROUP_RUN_PROG_INET4_CONNECT_LOCK(sk, uaddr) \
Andrey Ignatov1cedee12018-05-25 08:55:23 -0700[diff] [blame]158 BPF_CGROUP_RUN_SA_PROG_LOCK(sk, uaddr, BPF_CGROUP_INET4_CONNECT, NULL)
Andrey Ignatovd74bad42018-03-30 15:08:05 -0700[diff] [blame]159
160#define BPF_CGROUP_RUN_PROG_INET6_CONNECT_LOCK(sk, uaddr) \
Andrey Ignatov1cedee12018-05-25 08:55:23 -0700[diff] [blame]161 BPF_CGROUP_RUN_SA_PROG_LOCK(sk, uaddr, BPF_CGROUP_INET6_CONNECT, NULL)
162
163#define BPF_CGROUP_RUN_PROG_UDP4_SENDMSG_LOCK(sk, uaddr, t_ctx) \
164 BPF_CGROUP_RUN_SA_PROG_LOCK(sk, uaddr, BPF_CGROUP_UDP4_SENDMSG, t_ctx)
165
166#define BPF_CGROUP_RUN_PROG_UDP6_SENDMSG_LOCK(sk, uaddr, t_ctx) \
167 BPF_CGROUP_RUN_SA_PROG_LOCK(sk, uaddr, BPF_CGROUP_UDP6_SENDMSG, t_ctx)
Andrey Ignatovd74bad42018-03-30 15:08:05 -0700[diff] [blame]168
Lawrence Brakmo40304b22017-06-30 20:02:40 -0700[diff] [blame]169#define BPF_CGROUP_RUN_PROG_SOCK_OPS(sock_ops) \
170({ \
171 int __ret = 0; \
172 if (cgroup_bpf_enabled && (sock_ops)->sk) { \
173 typeof(sk) __sk = sk_to_full_sk((sock_ops)->sk); \
WANG Congdf39a9f2017-07-17 11:42:55 -0700[diff] [blame]174 if (__sk && sk_fullsock(__sk)) \
Lawrence Brakmo40304b22017-06-30 20:02:40 -0700[diff] [blame]175 __ret = __cgroup_bpf_run_filter_sock_ops(__sk, \
176 sock_ops, \
177 BPF_CGROUP_SOCK_OPS); \
178 } \
179 __ret; \
180})
Roman Gushchinebc614f2017-11-05 08:15:32 -0500[diff] [blame]181
182#define BPF_CGROUP_RUN_PROG_DEVICE_CGROUP(type, major, minor, access) \
183({ \
184 int __ret = 0; \
185 if (cgroup_bpf_enabled) \
186 __ret = __cgroup_bpf_check_dev_permission(type, major, minor, \
187 access, \
188 BPF_CGROUP_DEVICE); \
189 \
190 __ret; \
191})
Sean Youngfdb5c452018-06-19 00:04:24 +0100[diff] [blame]192int cgroup_bpf_prog_attach(const union bpf_attr *attr,
193 enum bpf_prog_type ptype, struct bpf_prog *prog);
194int cgroup_bpf_prog_detach(const union bpf_attr *attr,
195 enum bpf_prog_type ptype);
196int cgroup_bpf_prog_query(const union bpf_attr *attr,
197 union bpf_attr __user *uattr);
Daniel Mack30070982016-11-23 16:52:26 +0100[diff] [blame]198#else
199
Sean Youngfdb5c452018-06-19 00:04:24 +0100[diff] [blame]200struct bpf_prog;
Daniel Mack30070982016-11-23 16:52:26 +0100[diff] [blame]201struct cgroup_bpf {};
202static inline void cgroup_bpf_put(struct cgroup *cgrp) {}
Alexei Starovoitov324bda9e62017-10-02 22:50:21 -0700[diff] [blame]203static inline int cgroup_bpf_inherit(struct cgroup *cgrp) { return 0; }
Daniel Mack30070982016-11-23 16:52:26 +0100[diff] [blame]204
Sean Youngfdb5c452018-06-19 00:04:24 +0100[diff] [blame]205static inline int cgroup_bpf_prog_attach(const union bpf_attr *attr,
206 enum bpf_prog_type ptype,
207 struct bpf_prog *prog)
208{
209 return -EINVAL;
210}
211
212static inline int cgroup_bpf_prog_detach(const union bpf_attr *attr,
213 enum bpf_prog_type ptype)
214{
215 return -EINVAL;
216}
217
218static inline int cgroup_bpf_prog_query(const union bpf_attr *attr,
219 union bpf_attr __user *uattr)
220{
221 return -EINVAL;
222}
223
Andrey Ignatov13193b02018-05-25 08:55:22 -0700[diff] [blame]224#define cgroup_bpf_enabled (0)
Andrey Ignatovd74bad42018-03-30 15:08:05 -0700[diff] [blame]225#define BPF_CGROUP_PRE_CONNECT_ENABLED(sk) (0)
Daniel Mack30070982016-11-23 16:52:26 +0100[diff] [blame]226#define BPF_CGROUP_RUN_PROG_INET_INGRESS(sk,skb) ({ 0; })
227#define BPF_CGROUP_RUN_PROG_INET_EGRESS(sk,skb) ({ 0; })
David Ahern610236582016-12-01 08:48:04 -0800[diff] [blame]228#define BPF_CGROUP_RUN_PROG_INET_SOCK(sk) ({ 0; })
Andrey Ignatov4fbac772018-03-30 15:08:02 -0700[diff] [blame]229#define BPF_CGROUP_RUN_PROG_INET4_BIND(sk, uaddr) ({ 0; })
230#define BPF_CGROUP_RUN_PROG_INET6_BIND(sk, uaddr) ({ 0; })
Andrey Ignatovaac3fc32018-03-30 15:08:07 -0700[diff] [blame]231#define BPF_CGROUP_RUN_PROG_INET4_POST_BIND(sk) ({ 0; })
232#define BPF_CGROUP_RUN_PROG_INET6_POST_BIND(sk) ({ 0; })
Andrey Ignatovd74bad42018-03-30 15:08:05 -0700[diff] [blame]233#define BPF_CGROUP_RUN_PROG_INET4_CONNECT(sk, uaddr) ({ 0; })
234#define BPF_CGROUP_RUN_PROG_INET4_CONNECT_LOCK(sk, uaddr) ({ 0; })
235#define BPF_CGROUP_RUN_PROG_INET6_CONNECT(sk, uaddr) ({ 0; })
236#define BPF_CGROUP_RUN_PROG_INET6_CONNECT_LOCK(sk, uaddr) ({ 0; })
Andrey Ignatov1cedee12018-05-25 08:55:23 -0700[diff] [blame]237#define BPF_CGROUP_RUN_PROG_UDP4_SENDMSG_LOCK(sk, uaddr, t_ctx) ({ 0; })
238#define BPF_CGROUP_RUN_PROG_UDP6_SENDMSG_LOCK(sk, uaddr, t_ctx) ({ 0; })
Lawrence Brakmo40304b22017-06-30 20:02:40 -0700[diff] [blame]239#define BPF_CGROUP_RUN_PROG_SOCK_OPS(sock_ops) ({ 0; })
Roman Gushchinebc614f2017-11-05 08:15:32 -0500[diff] [blame]240#define BPF_CGROUP_RUN_PROG_DEVICE_CGROUP(type,major,minor,access) ({ 0; })
Daniel Mack30070982016-11-23 16:52:26 +0100[diff] [blame]241
242#endif /* CONFIG_CGROUP_BPF */
243
244#endif /* _BPF_CGROUP_H */