Skip to content
Navigation Menu
Toggle navigation
Sign in
In this repository
All GitHub Enterprise
↵
Jump to
↵
No suggested jump to results
In this repository
All GitHub Enterprise
↵
Jump to
↵
In this organization
All GitHub Enterprise
↵
Jump to
↵
In this repository
All GitHub Enterprise
↵
Jump to
↵
Sign in
Reseting focus
You signed in with another tab or window.
Reload
to refresh your session.
You signed out in another tab or window.
Reload
to refresh your session.
You switched accounts on another tab or window.
Reload
to refresh your session.
Dismiss alert
{{ message }}
mariux64
/
linux
Public
Notifications
You must be signed in to change notification settings
Fork
0
Star
0
Code
Issues
2
Pull requests
0
Actions
Projects
0
Wiki
Security
Insights
Additional navigation options
Code
Issues
Pull requests
Actions
Projects
Wiki
Security
Insights
Files
a85373f
Documentation
LICENSES
arch
block
certs
crypto
drivers
fs
include
acpi
asm-generic
clocksource
crypto
drm
dt-bindings
keys
kunit
kvm
linux
amba
atomic
avf
bcma
byteorder
can
ceph
clk
crush
decompress
device
dma
dsa
extcon
firmware
fpga
fsl
gpio
greybus
hsi
i3c
iio
input
irqchip
isdn
lockd
mailbox
mdio
mfd
mlx4
mlx5
mmc
mtd
mux
net
netfilter
netfilter_arp
netfilter_bridge
netfilter_ipv4
netfilter_ipv6
pcs
perf
phy
pinctrl
platform_data
power
qed
8250_pci.h
a.out.h
acct.h
acpi.h
acpi_dma.h
acpi_iort.h
acpi_mdio.h
acpi_pmtmr.h
acpi_viot.h
adb.h
adfs_fs.h
adreno-smmu-priv.h
adxl.h
aer.h
agp_backend.h
agpgart.h
ahci-remap.h
ahci_platform.h
aio.h
alarmtimer.h
alcor_pci.h
align.h
altera_jtaguart.h
altera_uart.h
amd-iommu.h
anon_inodes.h
apm-emulation.h
apm_bios.h
apple-gmux.h
apple-mailbox.h
apple_bl.h
arch_topology.h
arm-cci.h
arm-smccc.h
arm_ffa.h
arm_sdei.h
armada-37xx-rwtm-mailbox.h
ascii85.h
asn1.h
asn1_ber_bytecode.h
asn1_decoder.h
asn1_encoder.h
assoc_array.h
assoc_array_priv.h
async.h
async_tx.h
ata.h
ata_platform.h
atalk.h
ath9k_platform.h
atm.h
atm_tcp.h
atmdev.h
atmel-isc-media.h
atmel-mci.h
atmel-ssc.h
atmel_pdc.h
atomic.h
attribute_container.h
audit.h
audit_arch.h
auto_dev-ioctl.h
auto_fs.h
auxiliary_bus.h
auxvec.h
average.h
backing-dev-defs.h
backing-dev.h
backlight.h
badblocks.h
balloon_compaction.h
bcd.h
bch.h
bcm47xx_nvram.h
bcm47xx_sprom.h
bcm47xx_wdt.h
bcm963xx_nvram.h
bcm963xx_tag.h
binfmts.h
bio.h
bit_spinlock.h
bitfield.h
bitmap.h
bitops.h
bitrev.h
bits.h
blk-cgroup.h
blk-crypto-profile.h
blk-crypto.h
blk-integrity.h
blk-mq-pci.h
blk-mq-rdma.h
blk-mq-virtio.h
blk-mq.h
blk-pm.h
blk_types.h
blkdev.h
blkpg.h
blktrace_api.h
blockgroup_lock.h
bma150.h
bootconfig.h
bootmem_info.h
bottom_half.h
bpf-cgroup.h
bpf-netns.h
bpf.h
bpf_lirc.h
bpf_local_storage.h
bpf_lsm.h
bpf_trace.h
bpf_types.h
bpf_verifier.h
bpfilter.h
bpfptr.h
brcmphy.h
bsearch.h
bsg-lib.h
bsg.h
btf.h
btf_ids.h
btree-128.h
btree-type.h
btree.h
btrfs.h
buffer_head.h
bug.h
build-salt.h
build_bug.h
buildid.h
bvec.h
c2port.h
cache.h
cacheinfo.h
capability.h
cb710.h
cc_platform.h
cciss_ioctl.h
ccp.h
cdev.h
cdrom.h
cfag12864b.h
cfi.h
cgroup-defs.h
cgroup.h
cgroup_rdma.h
cgroup_subsys.h
circ_buf.h
cleancache.h
clk-provider.h
clk.h
clkdev.h
clockchips.h
clocksource.h
clocksource_ids.h
cm4000_cs.h
cma.h
cn_proc.h
cnt32_to_63.h
coda.h
compaction.h
compat.h
compiler-clang.h
compiler-gcc.h
compiler-intel.h
compiler-version.h
compiler.h
compiler_attributes.h
compiler_types.h
completion.h
component.h
configfs.h
connector.h
console.h
console_struct.h
consolemap.h
const.h
container.h
context_tracking.h
context_tracking_state.h
cookie.h
cordic.h
coredump.h
coresight-pmu.h
coresight-stm.h
coresight.h
count_zeros.h
counter.h
counter_enum.h
cper.h
cpu.h
cpu_cooling.h
cpu_pm.h
cpu_rmap.h
cpufeature.h
cpufreq.h
cpuhotplug.h
cpuidle.h
cpuidle_haltpoll.h
cpumask.h
cpuset.h
crash_core.h
crash_dump.h
crc-ccitt.h
crc-itu-t.h
crc-t10dif.h
crc16.h
crc32.h
crc32c.h
crc32poly.h
crc4.h
crc64.h
crc7.h
crc8.h
cred.h
crypto.h
cs5535.h
ctype.h
cuda.h
damon.h
dasd_mod.h
davinci_emac.h
dax.h
dca.h
dcache.h
dccp.h
debug_locks.h
debugfs.h
debugobjects.h
delay.h
delayacct.h
delayed_call.h
dev_printk.h
devcoredump.h
devfreq-event.h
devfreq.h
devfreq_cooling.h
device-mapper.h
device.h
device_cgroup.h
devm-helpers.h
devpts_fs.h
dfl.h
digsig.h
dim.h
dio.h
dirent.h
dlm.h
dlm_plock.h
dm-bufio.h
dm-dirty-log.h
dm-io.h
dm-kcopyd.h
dm-region-hash.h
dm9000.h
dma-buf-map.h
dma-buf.h
dma-direct.h
dma-direction.h
dma-fence-array.h
dma-fence-chain.h
dma-fence.h
dma-heap.h
dma-iommu.h
dma-map-ops.h
dma-mapping.h
dma-resv.h
dmaengine.h
dmapool.h
dmar.h
dmi.h
dnotify.h
dns_resolver.h
dqblk_qtree.h
dqblk_v1.h
dqblk_v2.h
drbd.h
drbd_genl.h
drbd_genl_api.h
drbd_limits.h
ds2782_battery.h
dtlk.h
dtpm.h
dw_apb_timer.h
dynamic_debug.h
dynamic_queue_limits.h
earlycpio.h
ecryptfs.h
edac.h
edd.h
eeprom_93cx6.h
eeprom_93xx46.h
efi-bgrt.h
efi.h
efi_embedded_fw.h
efs_vh.h
eisa.h
elf-fdpic.h
elf-randomize.h
elf.h
elfcore-compat.h
elfcore.h
elfnote-lto.h
elfnote.h
enclosure.h
energy_model.h
entry-common.h
entry-kvm.h
err.h
errname.h
errno.h
error-injection.h
errqueue.h
errseq.h
etherdevice.h
ethtool.h
ethtool_netlink.h
eventfd.h
eventpoll.h
evm.h
export.h
exportfs.h
ext2_fs.h
extable.h
extcon-provider.h
extcon.h
f2fs_fs.h
f75375s.h
falloc.h
fanotify.h
fault-inject-usercopy.h
fault-inject.h
fb.h
fbcon.h
fcdevice.h
fcntl.h
fd.h
fddidevice.h
fdtable.h
fec.h
fiemap.h
file.h
fileattr.h
filter.h
fips.h
firewire.h
firmware-map.h
firmware.h
fixp-arith.h
flat.h
flex_proportions.h
font.h
fortify-string.h
freelist.h
freezer.h
frontswap.h
fs.h
fs_context.h
fs_enet_pd.h
fs_parser.h
fs_pin.h
fs_stack.h
fs_struct.h
fs_types.h
fs_uart_pd.h
fscache-cache.h
fscache.h
fscrypt.h
fsi-occ.h
fsi-sbefifo.h
fsi.h
fsl-diu-fb.h
fsl_devices.h
fsl_hypervisor.h
fsl_ifc.h
fsldma.h
fsnotify.h
fsnotify_backend.h
fsverity.h
ftrace.h
ftrace_irq.h
futex.h
fwnode.h
fwnode_mdio.h
gameport.h
gcd.h
genalloc.h
generic-radix-tree.h
genetlink.h
genhd.h
genl_magic_func.h
genl_magic_struct.h
getcpu.h
gfp.h
glob.h
gnss.h
goldfish.h
gpio-pxa.h
gpio.h
gpio_keys.h
greybus.h
hardirq.h
hash.h
hashtable.h
hdlc.h
hdlcdrv.h
hdmi.h
hid-debug.h
hid-roccat.h
hid-sensor-hub.h
hid-sensor-ids.h
hid.h
hidden.h
hiddev.h
hidraw.h
highmem-internal.h
highmem.h
highuid.h
hil.h
hil_mlc.h
hippidevice.h
hmm.h
host1x.h
hp_sdc.h
hpet.h
hrtimer.h
hrtimer_defs.h
htcpld.h
huge_mm.h
hugetlb.h
hugetlb_cgroup.h
hugetlb_inline.h
hw_breakpoint.h
hw_random.h
hwmon-sysfs.h
hwmon-vid.h
hwmon.h
hwspinlock.h
hyperv.h
hypervisor.h
i2c-algo-bit.h
i2c-algo-pca.h
i2c-algo-pcf.h
i2c-dev.h
i2c-mux.h
i2c-smbus.h
i2c.h
i8042.h
i8253.h
icmp.h
icmpv6.h
idle_inject.h
idr.h
ieee80211.h
ieee802154.h
if_arp.h
if_bridge.h
if_eql.h
if_ether.h
if_fddi.h
if_hsr.h
if_link.h
if_ltalk.h
if_macvlan.h
if_phonet.h
if_pppol2tp.h
if_pppox.h
if_rmnet.h
if_tap.h
if_team.h
if_tun.h
if_tunnel.h
if_vlan.h
igmp.h
ihex.h
ima.h
imx-media.h
in.h
in6.h
indirect_call_wrapper.h
inet.h
inet_diag.h
inetdevice.h
init.h
init_ohci1394_dma.h
init_syscalls.h
init_task.h
initrd.h
inotify.h
input.h
instrumentation.h
instrumented.h
integrity.h
intel-iommu.h
intel-ish-client-if.h
intel-svm.h
intel_rapl.h
intel_th.h
interconnect-provider.h
interconnect.h
interrupt.h
interval_tree.h
interval_tree_generic.h
io-64-nonatomic-hi-lo.h
io-64-nonatomic-lo-hi.h
io-mapping.h
io-pgtable.h
io.h
io_uring.h
ioam6.h
ioam6_genl.h
ioam6_iptunnel.h
ioasid.h
iocontext.h
iomap.h
iommu-helper.h
iommu.h
iopoll.h
ioport.h
ioprio.h
iova.h
ip.h
ipack.h
ipc.h
ipc_namespace.h
ipmi.h
ipmi_smi.h
ipv6.h
ipv6_route.h
irq.h
irq_poll.h
irq_sim.h
irq_work.h
irqbypass.h
irqchip.h
irqdesc.h
irqdomain.h
irqflags.h
irqhandler.h
irqnr.h
irqreturn.h
isa.h
isapnp.h
iscsi_boot_sysfs.h
iscsi_ibft.h
iversion.h
jbd2.h
jhash.h
jiffies.h
journal-head.h
joystick.h
jump_label.h
jump_label_ratelimit.h
jz4740-adc.h
jz4780-nemc.h
kallsyms.h
kasan-checks.h
kasan-tags.h
kasan.h
kbd_diacr.h
kbd_kern.h
kbuild.h
kconfig.h
kcore.h
kcov.h
kcsan-checks.h
kcsan.h
kdb.h
kdebug.h
kdev_t.h
kern_levels.h
kernel-page-flags.h
kernel.h
kernel_read_file.h
kernel_stat.h
kernelcapi.h
kernfs.h
kexec.h
key-type.h
key.h
keyboard.h
keyctl.h
kfence.h
kfifo.h
kgdb.h
khugepaged.h
klist.h
kmemleak.h
kmod.h
kmsg_dump.h
kobj_map.h
kobject.h
kobject_ns.h
kprobes.h
kref.h
ks0108.h
ks8842.h
ks8851_mll.h
ksm.h
kstrtox.h
kthread.h
ktime.h
kvm_dirty_ring.h
kvm_host.h
kvm_irqfd.h
kvm_para.h
kvm_types.h
l2tp.h
lantiq.h
lapb.h
latencytop.h
lcd.h
lcm.h
led-class-flash.h
led-class-multicolor.h
led-lm3530.h
leds-bd2802.h
leds-lp3944.h
leds-lp3952.h
leds-pca9532.h
leds-regulator.h
leds-ti-lmu-common.h
leds.h
libata.h
libfdt.h
libfdt_env.h
libgcc.h
libnvdimm.h
libps2.h
license.h
limits.h
linear_range.h
linkage.h
linkmode.h
linux_logo.h
lis3lv02d.h
list.h
list_bl.h
list_lru.h
list_nulls.h
list_sort.h
litex.h
livepatch.h
llc.h
llist.h
local_lock.h
local_lock_internal.h
lockdep.h
lockdep_types.h
lockref.h
log2.h
logic_iomem.h
logic_pio.h
lp.h
lru_cache.h
lsm_audit.h
lsm_hook_defs.h
lsm_hooks.h
lz4.h
lzo.h
mISDNdsp.h
mISDNhw.h
mISDNif.h
mailbox_client.h
mailbox_controller.h
maple.h
marvell_phy.h
math.h
math64.h
mbcache.h
mbus.h
mc146818rtc.h
mc6821.h
mcb.h
mdev.h
mdio-bitbang.h
mdio-gpio.h
mdio-mux.h
mdio.h
mei_cl_bus.h
mem_encrypt.h
memblock.h
memcontrol.h
memfd.h
memory.h
memory_hotplug.h
mempolicy.h
mempool.h
memregion.h
memremap.h
memstick.h
mhi.h
micrel_phy.h
microchipphy.h
migrate.h
migrate_mode.h
mii.h
mii_timestamper.h
min_heap.h
minmax.h
misc_cgroup.h
miscdevice.h
mm.h
mm_inline.h
mm_types.h
mm_types_task.h
mman.h
mmap_lock.h
mmdebug.h
mmiotrace.h
mmu_context.h
mmu_notifier.h
mmzone.h
mnt_namespace.h
mod_devicetable.h
module.h
module_signature.h
moduleloader.h
moduleparam.h
most.h
mount.h
moxtet.h
mpage.h
mpi.h
mpls.h
mpls_iptunnel.h
mroute.h
mroute6.h
mroute_base.h
msdos_fs.h
msdos_partition.h
msg.h
msi.h
mtio.h
mutex.h
mv643xx.h
mv643xx_eth.h
mv643xx_i2c.h
mvebu-pmsu.h
mxm-wmi.h
namei.h
nd.h
ndctl.h
net.h
netdev_features.h
netdevice.h
netfilter.h
netfilter_bridge.h
netfilter_defs.h
netfilter_ipv4.h
netfilter_ipv6.h
netfilter_netdev.h
netfs.h
netlink.h
netpoll.h
nfs.h
nfs3.h
nfs4.h
nfs_fs.h
nfs_fs_i.h
nfs_fs_sb.h
nfs_iostat.h
nfs_page.h
nfs_ssc.h
nfs_xdr.h
nfsacl.h
nitro_enclaves.h
nl802154.h
nls.h
nmi.h
node.h
nodemask.h
nospec.h
notifier.h
ns_common.h
nsc_gpio.h
nsproxy.h
ntb.h
ntb_transport.h
nubus.h
numa.h
nvme-fc-driver.h
nvme-fc.h
nvme-rdma.h
nvme-tcp.h
nvme.h
nvmem-consumer.h
nvmem-provider.h
nvram.h
objagg.h
objtool.h
of.h
of_address.h
of_clk.h
of_device.h
of_dma.h
of_fdt.h
of_gpio.h
of_graph.h
of_iommu.h
of_irq.h
of_mdio.h
of_net.h
of_pci.h
of_pdt.h
of_platform.h
of_reserved_mem.h
oid_registry.h
olpc-ec.h
omap-dma.h
omap-gpmc.h
omap-iommu.h
omap-mailbox.h
omapfb.h
once.h
once_lite.h
oom.h
openvswitch.h
osq_lock.h
overflow.h
packing.h
padata.h
page-flags-layout.h
page-flags.h
page-isolation.h
page_counter.h
page_ext.h
page_idle.h
page_owner.h
page_ref.h
page_reporting.h
pageblock-flags.h
pagemap.h
pagevec.h
pagewalk.h
panic.h
panic_notifier.h
parman.h
parport.h
parport_pc.h
parser.h
part_stat.h
pata_arasan_cf_data.h
patchkey.h
path.h
pch_dma.h
pci-acpi.h
pci-ats.h
pci-dma-compat.h
pci-ecam.h
pci-ep-cfs.h
pci-epc.h
pci-epf.h
pci-p2pdma.h
pci.h
pci_hotplug.h
pci_ids.h
pcs-lynx.h
pda_power.h
pe.h
percpu-defs.h
percpu-refcount.h
percpu-rwsem.h
percpu.h
percpu_counter.h
perf_event.h
perf_regs.h
personality.h
pfn.h
pfn_t.h
pgtable.h
phonet.h
phy.h
phy_fixed.h
phy_led_triggers.h
phylink.h
pid.h
pid_namespace.h
pim.h
pipe_fs_i.h
pkeys.h
pktcdvd.h
pl320-ipc.h
platform_device.h
platform_profile.h
pldmfw.h
plist.h
pm-trace.h
pm.h
pm_clock.h
pm_domain.h
pm_opp.h
pm_qos.h
pm_runtime.h
pm_wakeirq.h
pm_wakeup.h
pmbus.h
pmu.h
pnfs_osd_xdr.h
pnp.h
poison.h
poll.h
posix-clock.h
posix-timers.h
posix_acl.h
posix_acl_xattr.h
power_supply.h
powercap.h
ppp-comp.h
ppp_channel.h
ppp_defs.h
pps_kernel.h
pr.h
prandom.h
preempt.h
prefetch.h
prime_numbers.h
printk.h
prmt.h
proc_fs.h
proc_ns.h
processor.h
profile.h
projid.h
property.h
pruss_driver.h
psci.h
pseudo_fs.h
psi.h
psi_types.h
psp-sev.h
psp-tee.h
pstore.h
pstore_blk.h
pstore_ram.h
pstore_zone.h
ptdump.h
pti.h
ptp_classify.h
ptp_clock_kernel.h
ptp_kvm.h
ptp_pch.h
ptr_ring.h
ptrace.h
purgatory.h
pvclock_gtod.h
pwm.h
pwm_backlight.h
pxa168_eth.h
pxa2xx_ssp.h
qcom-geni-se.h
qcom_scm.h
qnx6_fs.h
393 entries not shown
math-emu
media
memory
misc
net
pcmcia
ras
rdma
scsi
soc
sound
target
trace
uapi
vdso
video
xen
init
ipc
kernel
lib
mm
net
samples
scripts
security
sound
tools
usr
virt
.clang-format
.cocciconfig
.get_maintainer.ignore
.gitattributes
.gitignore
.mailmap
COPYING
CREDITS
Kbuild
Kconfig
MAINTAINERS
Makefile
README
Breadcrumbs
linux
/
include
/
linux
/
bpf-cgroup.h
Copy path
Blame
Blame
Latest commit
History
History
532 lines (460 loc) · 17.7 KB
Breadcrumbs
linux
/
include
/
linux
/
bpf-cgroup.h
Top
File metadata and controls
Code
Blame
532 lines (460 loc) · 17.7 KB
Raw
/* SPDX-License-Identifier: GPL-2.0 */ #ifndef _BPF_CGROUP_H #define _BPF_CGROUP_H #include <linux/bpf.h> #include <linux/errno.h> #include <linux/jump_label.h> #include <linux/percpu.h> #include <linux/percpu-refcount.h> #include <linux/rbtree.h> #include <uapi/linux/bpf.h> struct sock; struct sockaddr; struct cgroup; struct sk_buff; struct bpf_map; struct bpf_prog; struct bpf_sock_ops_kern; struct bpf_cgroup_storage; struct ctl_table; struct ctl_table_header; struct task_struct; #ifdef CONFIG_CGROUP_BPF enum cgroup_bpf_attach_type { CGROUP_BPF_ATTACH_TYPE_INVALID = -1, CGROUP_INET_INGRESS = 0, CGROUP_INET_EGRESS, CGROUP_INET_SOCK_CREATE, CGROUP_SOCK_OPS, CGROUP_DEVICE, CGROUP_INET4_BIND, CGROUP_INET6_BIND, CGROUP_INET4_CONNECT, CGROUP_INET6_CONNECT, CGROUP_INET4_POST_BIND, CGROUP_INET6_POST_BIND, CGROUP_UDP4_SENDMSG, CGROUP_UDP6_SENDMSG, CGROUP_SYSCTL, CGROUP_UDP4_RECVMSG, CGROUP_UDP6_RECVMSG, CGROUP_GETSOCKOPT, CGROUP_SETSOCKOPT, CGROUP_INET4_GETPEERNAME, CGROUP_INET6_GETPEERNAME, CGROUP_INET4_GETSOCKNAME, CGROUP_INET6_GETSOCKNAME, CGROUP_INET_SOCK_RELEASE, MAX_CGROUP_BPF_ATTACH_TYPE }; #define CGROUP_ATYPE(type) \ case BPF_##type: return type static inline enum cgroup_bpf_attach_type to_cgroup_bpf_attach_type(enum bpf_attach_type attach_type) { switch (attach_type) { CGROUP_ATYPE(CGROUP_INET_INGRESS); CGROUP_ATYPE(CGROUP_INET_EGRESS); CGROUP_ATYPE(CGROUP_INET_SOCK_CREATE); CGROUP_ATYPE(CGROUP_SOCK_OPS); CGROUP_ATYPE(CGROUP_DEVICE); CGROUP_ATYPE(CGROUP_INET4_BIND); CGROUP_ATYPE(CGROUP_INET6_BIND); CGROUP_ATYPE(CGROUP_INET4_CONNECT); CGROUP_ATYPE(CGROUP_INET6_CONNECT); CGROUP_ATYPE(CGROUP_INET4_POST_BIND); CGROUP_ATYPE(CGROUP_INET6_POST_BIND); CGROUP_ATYPE(CGROUP_UDP4_SENDMSG); CGROUP_ATYPE(CGROUP_UDP6_SENDMSG); CGROUP_ATYPE(CGROUP_SYSCTL); CGROUP_ATYPE(CGROUP_UDP4_RECVMSG); CGROUP_ATYPE(CGROUP_UDP6_RECVMSG); CGROUP_ATYPE(CGROUP_GETSOCKOPT); CGROUP_ATYPE(CGROUP_SETSOCKOPT); CGROUP_ATYPE(CGROUP_INET4_GETPEERNAME); CGROUP_ATYPE(CGROUP_INET6_GETPEERNAME); CGROUP_ATYPE(CGROUP_INET4_GETSOCKNAME); CGROUP_ATYPE(CGROUP_INET6_GETSOCKNAME); CGROUP_ATYPE(CGROUP_INET_SOCK_RELEASE); default: return CGROUP_BPF_ATTACH_TYPE_INVALID; } } #undef CGROUP_ATYPE extern struct static_key_false cgroup_bpf_enabled_key[MAX_CGROUP_BPF_ATTACH_TYPE]; #define cgroup_bpf_enabled(atype) static_branch_unlikely(&cgroup_bpf_enabled_key[atype]) #define for_each_cgroup_storage_type(stype) \ for (stype = 0; stype < MAX_BPF_CGROUP_STORAGE_TYPE; stype++) struct bpf_cgroup_storage_map; struct bpf_storage_buffer { struct rcu_head rcu; char data[]; }; struct bpf_cgroup_storage { union { struct bpf_storage_buffer *buf; void __percpu *percpu_buf; }; struct bpf_cgroup_storage_map *map; struct bpf_cgroup_storage_key key; struct list_head list_map; struct list_head list_cg; struct rb_node node; struct rcu_head rcu; }; struct bpf_cgroup_link { struct bpf_link link; struct cgroup *cgroup; enum bpf_attach_type type; }; struct bpf_prog_list { struct list_head node; struct bpf_prog *prog; struct bpf_cgroup_link *link; struct bpf_cgroup_storage *storage[MAX_BPF_CGROUP_STORAGE_TYPE]; }; struct bpf_prog_array; struct cgroup_bpf { /* array of effective progs in this cgroup */ struct bpf_prog_array __rcu *effective[MAX_CGROUP_BPF_ATTACH_TYPE]; /* attached progs to this cgroup and attach flags * when flags == 0 or BPF_F_ALLOW_OVERRIDE the progs list will * have either zero or one element * when BPF_F_ALLOW_MULTI the list can have up to BPF_CGROUP_MAX_PROGS */ struct list_head progs[MAX_CGROUP_BPF_ATTACH_TYPE]; u32 flags[MAX_CGROUP_BPF_ATTACH_TYPE]; /* list of cgroup shared storages */ struct list_head storages; /* temp storage for effective prog array used by prog_attach/detach */ struct bpf_prog_array *inactive; /* reference counter used to detach bpf programs after cgroup removal */ struct percpu_ref refcnt; /* cgroup_bpf is released using a work queue */ struct work_struct release_work; }; int cgroup_bpf_inherit(struct cgroup *cgrp); void cgroup_bpf_offline(struct cgroup *cgrp); int __cgroup_bpf_run_filter_skb(struct sock *sk, struct sk_buff *skb, enum cgroup_bpf_attach_type atype); int __cgroup_bpf_run_filter_sk(struct sock *sk, enum cgroup_bpf_attach_type atype); int __cgroup_bpf_run_filter_sock_addr(struct sock *sk, struct sockaddr *uaddr, enum cgroup_bpf_attach_type atype, void *t_ctx, u32 *flags); int __cgroup_bpf_run_filter_sock_ops(struct sock *sk, struct bpf_sock_ops_kern *sock_ops, enum cgroup_bpf_attach_type atype); int __cgroup_bpf_check_dev_permission(short dev_type, u32 major, u32 minor, short access, enum cgroup_bpf_attach_type atype); int __cgroup_bpf_run_filter_sysctl(struct ctl_table_header *head, struct ctl_table *table, int write, char **buf, size_t *pcount, loff_t *ppos, enum cgroup_bpf_attach_type atype); int __cgroup_bpf_run_filter_setsockopt(struct sock *sock, int *level, int *optname, char __user *optval, int *optlen, char **kernel_optval); int __cgroup_bpf_run_filter_getsockopt(struct sock *sk, int level, int optname, char __user *optval, int __user *optlen, int max_optlen, int retval); int __cgroup_bpf_run_filter_getsockopt_kern(struct sock *sk, int level, int optname, void *optval, int *optlen, int retval); static inline enum bpf_cgroup_storage_type cgroup_storage_type( struct bpf_map *map) { if (map->map_type == BPF_MAP_TYPE_PERCPU_CGROUP_STORAGE) return BPF_CGROUP_STORAGE_PERCPU; return BPF_CGROUP_STORAGE_SHARED; } struct bpf_cgroup_storage * cgroup_storage_lookup(struct bpf_cgroup_storage_map *map, void *key, bool locked); struct bpf_cgroup_storage *bpf_cgroup_storage_alloc(struct bpf_prog *prog, enum bpf_cgroup_storage_type stype); void bpf_cgroup_storage_free(struct bpf_cgroup_storage *storage); void bpf_cgroup_storage_link(struct bpf_cgroup_storage *storage, struct cgroup *cgroup, enum bpf_attach_type type); void bpf_cgroup_storage_unlink(struct bpf_cgroup_storage *storage); int bpf_cgroup_storage_assign(struct bpf_prog_aux *aux, struct bpf_map *map); int bpf_percpu_cgroup_storage_copy(struct bpf_map *map, void *key, void *value); int bpf_percpu_cgroup_storage_update(struct bpf_map *map, void *key, void *value, u64 flags); /* Wrappers for __cgroup_bpf_run_filter_skb() guarded by cgroup_bpf_enabled. */ #define BPF_CGROUP_RUN_PROG_INET_INGRESS(sk, skb) \ ({ \ int __ret = 0; \ if (cgroup_bpf_enabled(CGROUP_INET_INGRESS)) \ __ret = __cgroup_bpf_run_filter_skb(sk, skb, \ CGROUP_INET_INGRESS); \ \ __ret; \ }) #define BPF_CGROUP_RUN_PROG_INET_EGRESS(sk, skb) \ ({ \ int __ret = 0; \ if (cgroup_bpf_enabled(CGROUP_INET_EGRESS) && sk && sk == skb->sk) { \ typeof(sk) __sk = sk_to_full_sk(sk); \ if (sk_fullsock(__sk)) \ __ret = __cgroup_bpf_run_filter_skb(__sk, skb, \ CGROUP_INET_EGRESS); \ } \ __ret; \ }) #define BPF_CGROUP_RUN_SK_PROG(sk, atype) \ ({ \ int __ret = 0; \ if (cgroup_bpf_enabled(atype)) { \ __ret = __cgroup_bpf_run_filter_sk(sk, atype); \ } \ __ret; \ }) #define BPF_CGROUP_RUN_PROG_INET_SOCK(sk) \ BPF_CGROUP_RUN_SK_PROG(sk, CGROUP_INET_SOCK_CREATE) #define BPF_CGROUP_RUN_PROG_INET_SOCK_RELEASE(sk) \ BPF_CGROUP_RUN_SK_PROG(sk, CGROUP_INET_SOCK_RELEASE) #define BPF_CGROUP_RUN_PROG_INET4_POST_BIND(sk) \ BPF_CGROUP_RUN_SK_PROG(sk, CGROUP_INET4_POST_BIND) #define BPF_CGROUP_RUN_PROG_INET6_POST_BIND(sk) \ BPF_CGROUP_RUN_SK_PROG(sk, CGROUP_INET6_POST_BIND) #define BPF_CGROUP_RUN_SA_PROG(sk, uaddr, atype) \ ({ \ u32 __unused_flags; \ int __ret = 0; \ if (cgroup_bpf_enabled(atype)) \ __ret = __cgroup_bpf_run_filter_sock_addr(sk, uaddr, atype, \ NULL, \ &__unused_flags); \ __ret; \ }) #define BPF_CGROUP_RUN_SA_PROG_LOCK(sk, uaddr, atype, t_ctx) \ ({ \ u32 __unused_flags; \ int __ret = 0; \ if (cgroup_bpf_enabled(atype)) { \ lock_sock(sk); \ __ret = __cgroup_bpf_run_filter_sock_addr(sk, uaddr, atype, \ t_ctx, \ &__unused_flags); \ release_sock(sk); \ } \ __ret; \ }) /* BPF_CGROUP_INET4_BIND and BPF_CGROUP_INET6_BIND can return extra flags * via upper bits of return code. The only flag that is supported * (at bit position 0) is to indicate CAP_NET_BIND_SERVICE capability check * should be bypassed (BPF_RET_BIND_NO_CAP_NET_BIND_SERVICE). */ #define BPF_CGROUP_RUN_PROG_INET_BIND_LOCK(sk, uaddr, atype, bind_flags) \ ({ \ u32 __flags = 0; \ int __ret = 0; \ if (cgroup_bpf_enabled(atype)) { \ lock_sock(sk); \ __ret = __cgroup_bpf_run_filter_sock_addr(sk, uaddr, atype, \ NULL, &__flags); \ release_sock(sk); \ if (__flags & BPF_RET_BIND_NO_CAP_NET_BIND_SERVICE) \ *bind_flags |= BIND_NO_CAP_NET_BIND_SERVICE; \ } \ __ret; \ }) #define BPF_CGROUP_PRE_CONNECT_ENABLED(sk) \ ((cgroup_bpf_enabled(CGROUP_INET4_CONNECT) || \ cgroup_bpf_enabled(CGROUP_INET6_CONNECT)) && \ (sk)->sk_prot->pre_connect) #define BPF_CGROUP_RUN_PROG_INET4_CONNECT(sk, uaddr) \ BPF_CGROUP_RUN_SA_PROG(sk, uaddr, CGROUP_INET4_CONNECT) #define BPF_CGROUP_RUN_PROG_INET6_CONNECT(sk, uaddr) \ BPF_CGROUP_RUN_SA_PROG(sk, uaddr, CGROUP_INET6_CONNECT) #define BPF_CGROUP_RUN_PROG_INET4_CONNECT_LOCK(sk, uaddr) \ BPF_CGROUP_RUN_SA_PROG_LOCK(sk, uaddr, CGROUP_INET4_CONNECT, NULL) #define BPF_CGROUP_RUN_PROG_INET6_CONNECT_LOCK(sk, uaddr) \ BPF_CGROUP_RUN_SA_PROG_LOCK(sk, uaddr, CGROUP_INET6_CONNECT, NULL) #define BPF_CGROUP_RUN_PROG_UDP4_SENDMSG_LOCK(sk, uaddr, t_ctx) \ BPF_CGROUP_RUN_SA_PROG_LOCK(sk, uaddr, CGROUP_UDP4_SENDMSG, t_ctx) #define BPF_CGROUP_RUN_PROG_UDP6_SENDMSG_LOCK(sk, uaddr, t_ctx) \ BPF_CGROUP_RUN_SA_PROG_LOCK(sk, uaddr, CGROUP_UDP6_SENDMSG, t_ctx) #define BPF_CGROUP_RUN_PROG_UDP4_RECVMSG_LOCK(sk, uaddr) \ BPF_CGROUP_RUN_SA_PROG_LOCK(sk, uaddr, CGROUP_UDP4_RECVMSG, NULL) #define BPF_CGROUP_RUN_PROG_UDP6_RECVMSG_LOCK(sk, uaddr) \ BPF_CGROUP_RUN_SA_PROG_LOCK(sk, uaddr, CGROUP_UDP6_RECVMSG, NULL) /* The SOCK_OPS"_SK" macro should be used when sock_ops->sk is not a * fullsock and its parent fullsock cannot be traced by * sk_to_full_sk(). * * e.g. sock_ops->sk is a request_sock and it is under syncookie mode. * Its listener-sk is not attached to the rsk_listener. * In this case, the caller holds the listener-sk (unlocked), * set its sock_ops->sk to req_sk, and call this SOCK_OPS"_SK" with * the listener-sk such that the cgroup-bpf-progs of the * listener-sk will be run. * * Regardless of syncookie mode or not, * calling bpf_setsockopt on listener-sk will not make sense anyway, * so passing 'sock_ops->sk == req_sk' to the bpf prog is appropriate here. */ #define BPF_CGROUP_RUN_PROG_SOCK_OPS_SK(sock_ops, sk) \ ({ \ int __ret = 0; \ if (cgroup_bpf_enabled(CGROUP_SOCK_OPS)) \ __ret = __cgroup_bpf_run_filter_sock_ops(sk, \ sock_ops, \ CGROUP_SOCK_OPS); \ __ret; \ }) #define BPF_CGROUP_RUN_PROG_SOCK_OPS(sock_ops) \ ({ \ int __ret = 0; \ if (cgroup_bpf_enabled(CGROUP_SOCK_OPS) && (sock_ops)->sk) { \ typeof(sk) __sk = sk_to_full_sk((sock_ops)->sk); \ if (__sk && sk_fullsock(__sk)) \ __ret = __cgroup_bpf_run_filter_sock_ops(__sk, \ sock_ops, \ CGROUP_SOCK_OPS); \ } \ __ret; \ }) #define BPF_CGROUP_RUN_PROG_DEVICE_CGROUP(atype, major, minor, access) \ ({ \ int __ret = 0; \ if (cgroup_bpf_enabled(CGROUP_DEVICE)) \ __ret = __cgroup_bpf_check_dev_permission(atype, major, minor, \ access, \ CGROUP_DEVICE); \ \ __ret; \ }) #define BPF_CGROUP_RUN_PROG_SYSCTL(head, table, write, buf, count, pos) \ ({ \ int __ret = 0; \ if (cgroup_bpf_enabled(CGROUP_SYSCTL)) \ __ret = __cgroup_bpf_run_filter_sysctl(head, table, write, \ buf, count, pos, \ CGROUP_SYSCTL); \ __ret; \ }) #define BPF_CGROUP_RUN_PROG_SETSOCKOPT(sock, level, optname, optval, optlen, \ kernel_optval) \ ({ \ int __ret = 0; \ if (cgroup_bpf_enabled(CGROUP_SETSOCKOPT)) \ __ret = __cgroup_bpf_run_filter_setsockopt(sock, level, \ optname, optval, \ optlen, \ kernel_optval); \ __ret; \ }) #define BPF_CGROUP_GETSOCKOPT_MAX_OPTLEN(optlen) \ ({ \ int __ret = 0; \ if (cgroup_bpf_enabled(CGROUP_GETSOCKOPT)) \ get_user(__ret, optlen); \ __ret; \ }) #define BPF_CGROUP_RUN_PROG_GETSOCKOPT(sock, level, optname, optval, optlen, \ max_optlen, retval) \ ({ \ int __ret = retval; \ if (cgroup_bpf_enabled(CGROUP_GETSOCKOPT)) \ if (!(sock)->sk_prot->bpf_bypass_getsockopt || \ !INDIRECT_CALL_INET_1((sock)->sk_prot->bpf_bypass_getsockopt, \ tcp_bpf_bypass_getsockopt, \ level, optname)) \ __ret = __cgroup_bpf_run_filter_getsockopt( \ sock, level, optname, optval, optlen, \ max_optlen, retval); \ __ret; \ }) #define BPF_CGROUP_RUN_PROG_GETSOCKOPT_KERN(sock, level, optname, optval, \ optlen, retval) \ ({ \ int __ret = retval; \ if (cgroup_bpf_enabled(CGROUP_GETSOCKOPT)) \ __ret = __cgroup_bpf_run_filter_getsockopt_kern( \ sock, level, optname, optval, optlen, retval); \ __ret; \ }) int cgroup_bpf_prog_attach(const union bpf_attr *attr, enum bpf_prog_type ptype, struct bpf_prog *prog); int cgroup_bpf_prog_detach(const union bpf_attr *attr, enum bpf_prog_type ptype); int cgroup_bpf_link_attach(const union bpf_attr *attr, struct bpf_prog *prog); int cgroup_bpf_prog_query(const union bpf_attr *attr, union bpf_attr __user *uattr); #else struct cgroup_bpf {}; static inline int cgroup_bpf_inherit(struct cgroup *cgrp) { return 0; } static inline void cgroup_bpf_offline(struct cgroup *cgrp) {} static inline int cgroup_bpf_prog_attach(const union bpf_attr *attr, enum bpf_prog_type ptype, struct bpf_prog *prog) { return -EINVAL; } static inline int cgroup_bpf_prog_detach(const union bpf_attr *attr, enum bpf_prog_type ptype) { return -EINVAL; } static inline int cgroup_bpf_link_attach(const union bpf_attr *attr, struct bpf_prog *prog) { return -EINVAL; } static inline int cgroup_bpf_prog_query(const union bpf_attr *attr, union bpf_attr __user *uattr) { return -EINVAL; } static inline int bpf_cgroup_storage_assign(struct bpf_prog_aux *aux, struct bpf_map *map) { return 0; } static inline struct bpf_cgroup_storage *bpf_cgroup_storage_alloc( struct bpf_prog *prog, enum bpf_cgroup_storage_type stype) { return NULL; } static inline void bpf_cgroup_storage_free( struct bpf_cgroup_storage *storage) {} static inline int bpf_percpu_cgroup_storage_copy(struct bpf_map *map, void *key, void *value) { return 0; } static inline int bpf_percpu_cgroup_storage_update(struct bpf_map *map, void *key, void *value, u64 flags) { return 0; } #define cgroup_bpf_enabled(atype) (0) #define BPF_CGROUP_RUN_SA_PROG_LOCK(sk, uaddr, atype, t_ctx) ({ 0; }) #define BPF_CGROUP_RUN_SA_PROG(sk, uaddr, atype) ({ 0; }) #define BPF_CGROUP_PRE_CONNECT_ENABLED(sk) (0) #define BPF_CGROUP_RUN_PROG_INET_INGRESS(sk,skb) ({ 0; }) #define BPF_CGROUP_RUN_PROG_INET_EGRESS(sk,skb) ({ 0; }) #define BPF_CGROUP_RUN_PROG_INET_SOCK(sk) ({ 0; }) #define BPF_CGROUP_RUN_PROG_INET_SOCK_RELEASE(sk) ({ 0; }) #define BPF_CGROUP_RUN_PROG_INET_BIND_LOCK(sk, uaddr, atype, flags) ({ 0; }) #define BPF_CGROUP_RUN_PROG_INET4_POST_BIND(sk) ({ 0; }) #define BPF_CGROUP_RUN_PROG_INET6_POST_BIND(sk) ({ 0; }) #define BPF_CGROUP_RUN_PROG_INET4_CONNECT(sk, uaddr) ({ 0; }) #define BPF_CGROUP_RUN_PROG_INET4_CONNECT_LOCK(sk, uaddr) ({ 0; }) #define BPF_CGROUP_RUN_PROG_INET6_CONNECT(sk, uaddr) ({ 0; }) #define BPF_CGROUP_RUN_PROG_INET6_CONNECT_LOCK(sk, uaddr) ({ 0; }) #define BPF_CGROUP_RUN_PROG_UDP4_SENDMSG_LOCK(sk, uaddr, t_ctx) ({ 0; }) #define BPF_CGROUP_RUN_PROG_UDP6_SENDMSG_LOCK(sk, uaddr, t_ctx) ({ 0; }) #define BPF_CGROUP_RUN_PROG_UDP4_RECVMSG_LOCK(sk, uaddr) ({ 0; }) #define BPF_CGROUP_RUN_PROG_UDP6_RECVMSG_LOCK(sk, uaddr) ({ 0; }) #define BPF_CGROUP_RUN_PROG_SOCK_OPS(sock_ops) ({ 0; }) #define BPF_CGROUP_RUN_PROG_DEVICE_CGROUP(atype, major, minor, access) ({ 0; }) #define BPF_CGROUP_RUN_PROG_SYSCTL(head,table,write,buf,count,pos) ({ 0; }) #define BPF_CGROUP_GETSOCKOPT_MAX_OPTLEN(optlen) ({ 0; }) #define BPF_CGROUP_RUN_PROG_GETSOCKOPT(sock, level, optname, optval, \ optlen, max_optlen, retval) ({ retval; }) #define BPF_CGROUP_RUN_PROG_GETSOCKOPT_KERN(sock, level, optname, optval, \ optlen, retval) ({ retval; }) #define BPF_CGROUP_RUN_PROG_SETSOCKOPT(sock, level, optname, optval, optlen, \ kernel_optval) ({ 0; }) #define for_each_cgroup_storage_type(stype) for (; false; ) #endif /* CONFIG_CGROUP_BPF */ #endif /* _BPF_CGROUP_H */
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
You can’t perform that action at this time.
While the code is focused, press Alt+F1 for a menu of operations.