[linux-2.6-block.git] / include / linux / filter.h

/*
 * Linux Socket Filter Data Structures
 */
#ifndef __LINUX_FILTER_H__
#define __LINUX_FILTER_H__

#include <linux/atomic.h>
#include <linux/compat.h>
#include <linux/workqueue.h>
#include <uapi/linux/filter.h>

/* Internally used and optimized filter representation with extended
 * instruction set based on top of classic BPF.
 */

/* instruction classes */
#define BPF_ALU64	0x07	/* alu mode in double word width */

/* ld/ldx fields */
#define BPF_DW		0x18	/* double word */
#define BPF_XADD	0xc0	/* exclusive add */

/* alu/jmp fields */
#define BPF_MOV		0xb0	/* mov reg to reg */
#define BPF_ARSH	0xc0	/* sign extending arithmetic shift right */

/* change endianness of a register */
#define BPF_END		0xd0	/* flags for endianness conversion: */
#define BPF_TO_LE	0x00	/* convert to little-endian */
#define BPF_TO_BE	0x08	/* convert to big-endian */
#define BPF_FROM_LE	BPF_TO_LE
#define BPF_FROM_BE	BPF_TO_BE

#define BPF_JNE		0x50	/* jump != */
#define BPF_JSGT	0x60	/* SGT is signed '>', GT in x86 */
#define BPF_JSGE	0x70	/* SGE is signed '>=', GE in x86 */
#define BPF_CALL	0x80	/* function call */
#define BPF_EXIT	0x90	/* function return */

/* Register numbers */
enum {
	BPF_REG_0 = 0,
	BPF_REG_1,
	BPF_REG_2,
	BPF_REG_3,
	BPF_REG_4,
	BPF_REG_5,
	BPF_REG_6,
	BPF_REG_7,
	BPF_REG_8,
	BPF_REG_9,
	BPF_REG_10,
	__MAX_BPF_REG,
};

/* BPF has 10 general purpose 64-bit registers and stack frame. */
#define MAX_BPF_REG	__MAX_BPF_REG

/* ArgX, context and stack frame pointer register positions. Note,
 * Arg1, Arg2, Arg3, etc are used as argument mappings of function
 * calls in BPF_CALL instruction.
 */
#define BPF_REG_ARG1	BPF_REG_1
#define BPF_REG_ARG2	BPF_REG_2
#define BPF_REG_ARG3	BPF_REG_3
#define BPF_REG_ARG4	BPF_REG_4
#define BPF_REG_ARG5	BPF_REG_5
#define BPF_REG_CTX	BPF_REG_6
#define BPF_REG_FP	BPF_REG_10

/* Additional register mappings for converted user programs. */
#define BPF_REG_A	BPF_REG_0
#define BPF_REG_X	BPF_REG_7
#define BPF_REG_TMP	BPF_REG_8

/* BPF program can access up to 512 bytes of stack space. */
#define MAX_BPF_STACK	512

/* Helper macros for filter block array initializers. */

/* ALU ops on registers, bpf_add|sub|...: A += X */

#define BPF_ALU64_REG(OP, A, X)					\
	((struct sock_filter_int) {				\
		.code  = BPF_ALU64 | BPF_OP(OP) | BPF_X,	\
		.a_reg = A,					\
		.x_reg = X,					\
		.off   = 0,					\
		.imm   = 0 })

#define BPF_ALU32_REG(OP, A, X)					\
	((struct sock_filter_int) {				\
		.code  = BPF_ALU | BPF_OP(OP) | BPF_X,		\
		.a_reg = A,					\
		.x_reg = X,					\
		.off   = 0,					\
		.imm   = 0 })

/* ALU ops on immediates, bpf_add|sub|...: A += IMM */

#define BPF_ALU64_IMM(OP, A, IMM)				\
	((struct sock_filter_int) {				\
		.code  = BPF_ALU64 | BPF_OP(OP) | BPF_K,	\
		.a_reg = A,					\
		.x_reg = 0,					\
		.off   = 0,					\
		.imm   = IMM })

#define BPF_ALU32_IMM(OP, A, IMM)				\
	((struct sock_filter_int) {				\
		.code  = BPF_ALU | BPF_OP(OP) | BPF_K,		\
		.a_reg = A,					\
		.x_reg = 0,					\
		.off   = 0,					\
		.imm   = IMM })

/* Endianess conversion, cpu_to_{l,b}e(), {l,b}e_to_cpu() */

#define BPF_ENDIAN(TYPE, A, LEN)				\
	((struct sock_filter_int) {				\
		.code  = BPF_ALU | BPF_END | BPF_SRC(TYPE),	\
		.a_reg = A,					\
		.x_reg = 0,					\
		.off   = 0,					\
		.imm   = LEN })

/* Short form of mov, A = X */

#define BPF_MOV64_REG(A, X)					\
	((struct sock_filter_int) {				\
		.code  = BPF_ALU64 | BPF_MOV | BPF_X,		\
		.a_reg = A,					\
		.x_reg = X,					\
		.off   = 0,					\
		.imm   = 0 })

#define BPF_MOV32_REG(A, X)					\
	((struct sock_filter_int) {				\
		.code  = BPF_ALU | BPF_MOV | BPF_X,		\
		.a_reg = A,					\
		.x_reg = X,					\
		.off   = 0,					\
		.imm   = 0 })

/* Short form of mov, A = IMM */

#define BPF_MOV64_IMM(A, IMM)					\
	((struct sock_filter_int) {				\
		.code  = BPF_ALU64 | BPF_MOV | BPF_K,		\
		.a_reg = A,					\
		.x_reg = 0,					\
		.off   = 0,					\
		.imm   = IMM })

#define BPF_MOV32_IMM(A, IMM)					\
	((struct sock_filter_int) {				\
		.code  = BPF_ALU | BPF_MOV | BPF_K,		\
		.a_reg = A,					\
		.x_reg = 0,					\
		.off   = 0,					\
		.imm   = IMM })

/* Short form of mov based on type, BPF_X: A = X,  BPF_K: A = IMM */

#define BPF_MOV64_RAW(TYPE, A, X, IMM)				\
	((struct sock_filter_int) {				\
		.code  = BPF_ALU64 | BPF_MOV | BPF_SRC(TYPE),	\
		.a_reg = A,					\
		.x_reg = X,					\
		.off   = 0,					\
		.imm   = IMM })

#define BPF_MOV32_RAW(TYPE, A, X, IMM)				\
	((struct sock_filter_int) {				\
		.code  = BPF_ALU | BPF_MOV | BPF_SRC(TYPE),	\
		.a_reg = A,					\
		.x_reg = X,					\
		.off   = 0,					\
		.imm   = IMM })

/* Direct packet access, R0 = *(uint *) (skb->data + OFF) */

#define BPF_LD_ABS(SIZE, OFF)					\
	((struct sock_filter_int) {				\
		.code  = BPF_LD | BPF_SIZE(SIZE) | BPF_ABS,	\
		.a_reg = 0,					\
		.x_reg = 0,					\
		.off   = 0,					\
		.imm   = OFF })

/* Indirect packet access, R0 = *(uint *) (skb->data + X + OFF) */

#define BPF_LD_IND(SIZE, X, OFF)				\
	((struct sock_filter_int) {				\
		.code  = BPF_LD | BPF_SIZE(SIZE) | BPF_IND,	\
		.a_reg = 0,					\
		.x_reg = X,					\
		.off   = 0,					\
		.imm   = OFF })

/* Memory store, A = *(uint *) (X + OFF), and vice versa */

#define BPF_LDX_MEM(SIZE, A, X, OFF)				\
	((struct sock_filter_int) {				\
		.code  = BPF_LDX | BPF_SIZE(SIZE) | BPF_MEM,	\
		.a_reg = A,					\
		.x_reg = X,					\
		.off   = OFF,					\
		.imm   = 0 })

#define BPF_STX_MEM(SIZE, A, X, OFF)				\
	((struct sock_filter_int) {				\
		.code  = BPF_STX | BPF_SIZE(SIZE) | BPF_MEM,	\
		.a_reg = A,					\
		.x_reg = X,					\
		.off   = OFF,					\
		.imm   = 0 })

/* Conditional jumps against registers, if (A 'op' X) goto pc + OFF */

#define BPF_JMP_REG(OP, A, X, OFF)				\
	((struct sock_filter_int) {				\
		.code  = BPF_JMP | BPF_OP(OP) | BPF_X,		\
		.a_reg = A,					\
		.x_reg = X,					\
		.off   = OFF,					\
		.imm   = 0 })

/* Conditional jumps against immediates, if (A 'op' IMM) goto pc + OFF */

#define BPF_JMP_IMM(OP, A, IMM, OFF)				\
	((struct sock_filter_int) {				\
		.code  = BPF_JMP | BPF_OP(OP) | BPF_K,		\
		.a_reg = A,					\
		.x_reg = 0,					\
		.off   = OFF,					\
		.imm   = IMM })

/* Function call */

#define BPF_EMIT_CALL(FUNC)					\
	((struct sock_filter_int) {				\
		.code  = BPF_JMP | BPF_CALL,			\
		.a_reg = 0,					\
		.x_reg = 0,					\
		.off   = 0,					\
		.imm   = ((FUNC) - __bpf_call_base) })

/* Raw code statement block */

#define BPF_RAW_INSN(CODE, A, X, OFF, IMM)			\
	((struct sock_filter_int) {				\
		.code  = CODE,					\
		.a_reg = A,					\
		.x_reg = X,					\
		.off   = OFF,					\
		.imm   = IMM })

/* Program exit */

#define BPF_EXIT_INSN()						\
	((struct sock_filter_int) {				\
		.code  = BPF_JMP | BPF_EXIT,			\
		.a_reg = 0,					\
		.x_reg = 0,					\
		.off   = 0,					\
		.imm   = 0 })

#define bytes_to_bpf_size(bytes)				\
({								\
	int bpf_size = -EINVAL;					\
								\
	if (bytes == sizeof(u8))				\
		bpf_size = BPF_B;				\
	else if (bytes == sizeof(u16))				\
		bpf_size = BPF_H;				\
	else if (bytes == sizeof(u32))				\
		bpf_size = BPF_W;				\
	else if (bytes == sizeof(u64))				\
		bpf_size = BPF_DW;				\
								\
	bpf_size;						\
})

/* Macro to invoke filter function. */
#define SK_RUN_FILTER(filter, ctx)  (*filter->bpf_func)(ctx, filter->insnsi)

struct sock_filter_int {
	__u8	code;		/* opcode */
	__u8	a_reg:4;	/* dest register */
	__u8	x_reg:4;	/* source register */
	__s16	off;		/* signed offset */
	__s32	imm;		/* signed immediate constant */
};

#ifdef CONFIG_COMPAT
/* A struct sock_filter is architecture independent. */
struct compat_sock_fprog {
	u16		len;
	compat_uptr_t	filter;	/* struct sock_filter * */
};
#endif

struct sock_fprog_kern {
	u16			len;
	struct sock_filter	*filter;
};

struct sk_buff;
struct sock;
struct seccomp_data;

struct sk_filter {
	atomic_t		refcnt;
	u32			jited:1,	/* Is our filter JIT'ed? */
				len:31;		/* Number of filter blocks */
	struct sock_fprog_kern	*orig_prog;	/* Original BPF program */
	struct rcu_head		rcu;
	unsigned int		(*bpf_func)(const struct sk_buff *skb,
					    const struct sock_filter_int *filter);
	union {
		struct sock_filter	insns[0];
		struct sock_filter_int	insnsi[0];
		struct work_struct	work;
	};
};

static inline unsigned int sk_filter_size(unsigned int proglen)
{
	return max(sizeof(struct sk_filter),
		   offsetof(struct sk_filter, insns[proglen]));
}

#define sk_filter_proglen(fprog)			\
		(fprog->len * sizeof(fprog->filter[0]))

int sk_filter(struct sock *sk, struct sk_buff *skb);

void sk_filter_select_runtime(struct sk_filter *fp);
void sk_filter_free(struct sk_filter *fp);

int sk_convert_filter(struct sock_filter *prog, int len,
		      struct sock_filter_int *new_prog, int *new_len);

int sk_unattached_filter_create(struct sk_filter **pfp,
				struct sock_fprog_kern *fprog);
void sk_unattached_filter_destroy(struct sk_filter *fp);

int sk_attach_filter(struct sock_fprog *fprog, struct sock *sk);
int sk_detach_filter(struct sock *sk);

int sk_chk_filter(struct sock_filter *filter, unsigned int flen);
int sk_get_filter(struct sock *sk, struct sock_filter __user *filter,
		  unsigned int len);

void sk_filter_charge(struct sock *sk, struct sk_filter *fp);
void sk_filter_uncharge(struct sock *sk, struct sk_filter *fp);

u64 __bpf_call_base(u64 r1, u64 r2, u64 r3, u64 r4, u64 r5);
void bpf_int_jit_compile(struct sk_filter *fp);

#define BPF_ANC		BIT(15)

static inline u16 bpf_anc_helper(const struct sock_filter *ftest)
{
	BUG_ON(ftest->code & BPF_ANC);

	switch (ftest->code) {
	case BPF_LD | BPF_W | BPF_ABS:
	case BPF_LD | BPF_H | BPF_ABS:
	case BPF_LD | BPF_B | BPF_ABS:
#define BPF_ANCILLARY(CODE)	case SKF_AD_OFF + SKF_AD_##CODE:	\
				return BPF_ANC | SKF_AD_##CODE
		switch (ftest->k) {
		BPF_ANCILLARY(PROTOCOL);
		BPF_ANCILLARY(PKTTYPE);
		BPF_ANCILLARY(IFINDEX);
		BPF_ANCILLARY(NLATTR);
		BPF_ANCILLARY(NLATTR_NEST);
		BPF_ANCILLARY(MARK);
		BPF_ANCILLARY(QUEUE);
		BPF_ANCILLARY(HATYPE);
		BPF_ANCILLARY(RXHASH);
		BPF_ANCILLARY(CPU);
		BPF_ANCILLARY(ALU_XOR_X);
		BPF_ANCILLARY(VLAN_TAG);
		BPF_ANCILLARY(VLAN_TAG_PRESENT);
		BPF_ANCILLARY(PAY_OFFSET);
		BPF_ANCILLARY(RANDOM);
		}
		/* Fallthrough. */
	default:
		return ftest->code;
	}
}

#ifdef CONFIG_BPF_JIT
#include <stdarg.h>
#include <linux/linkage.h>
#include <linux/printk.h>

void bpf_jit_compile(struct sk_filter *fp);
void bpf_jit_free(struct sk_filter *fp);

static inline void bpf_jit_dump(unsigned int flen, unsigned int proglen,
				u32 pass, void *image)
{
	pr_err("flen=%u proglen=%u pass=%u image=%pK\n",
	       flen, proglen, pass, image);
	if (image)
		print_hex_dump(KERN_ERR, "JIT code: ", DUMP_PREFIX_OFFSET,
			       16, 1, image, proglen, false);
}
#else
#include <linux/slab.h>

static inline void bpf_jit_compile(struct sk_filter *fp)
{
}

static inline void bpf_jit_free(struct sk_filter *fp)
{
	kfree(fp);
}
#endif /* CONFIG_BPF_JIT */

static inline int bpf_tell_extensions(void)
{
	return SKF_AD_MAX;
}

#endif /* __LINUX_FILTER_H__ */
Commit	Line	Data
1da177e4 LT	1	/*
	2	* Linux Socket Filter Data Structures
	3	*/
1da177e4 LT	4	#ifndef __LINUX_FILTER_H__
	5	#define __LINUX_FILTER_H__
	6
60063497	7	#include <linux/atomic.h>
0c5fe1b4	8	#include <linux/compat.h>
d45ed4a4	9	#include <linux/workqueue.h>
607ca46e	10	#include <uapi/linux/filter.h>
792d4b5c	11
bd4cf0ed AS	12	/* Internally used and optimized filter representation with extended
bd4cf0ed AS	13	* instruction set based on top of classic BPF.
0c5fe1b4	14	*/
bd4cf0ed AS	15
	16	/* instruction classes */
	17	#define BPF_ALU64 0x07 /* alu mode in double word width */
	18
	19	/* ld/ldx fields */
	20	#define BPF_DW 0x18 /* double word */
	21	#define BPF_XADD 0xc0 /* exclusive add */
	22
	23	/* alu/jmp fields */
	24	#define BPF_MOV 0xb0 /* mov reg to reg */
	25	#define BPF_ARSH 0xc0 /* sign extending arithmetic shift right */
	26
	27	/* change endianness of a register */
	28	#define BPF_END 0xd0 /* flags for endianness conversion: */
	29	#define BPF_TO_LE 0x00 /* convert to little-endian */
	30	#define BPF_TO_BE 0x08 /* convert to big-endian */
	31	#define BPF_FROM_LE BPF_TO_LE
	32	#define BPF_FROM_BE BPF_TO_BE
	33
	34	#define BPF_JNE 0x50 /* jump != */
	35	#define BPF_JSGT 0x60 /* SGT is signed '>', GT in x86 */
	36	#define BPF_JSGE 0x70 /* SGE is signed '>=', GE in x86 */
	37	#define BPF_CALL 0x80 /* function call */
	38	#define BPF_EXIT 0x90 /* function return */
	39
30743837 DB	40	/* Register numbers */
	41	enum {
	42	BPF_REG_0 = 0,
	43	BPF_REG_1,
	44	BPF_REG_2,
	45	BPF_REG_3,
	46	BPF_REG_4,
	47	BPF_REG_5,
	48	BPF_REG_6,
	49	BPF_REG_7,
	50	BPF_REG_8,
	51	BPF_REG_9,
	52	BPF_REG_10,
	53	__MAX_BPF_REG,
	54	};
	55
bd4cf0ed	56	/* BPF has 10 general purpose 64-bit registers and stack frame. */
30743837 DB	57	#define MAX_BPF_REG __MAX_BPF_REG
	58
	59	/* ArgX, context and stack frame pointer register positions. Note,
	60	* Arg1, Arg2, Arg3, etc are used as argument mappings of function
	61	* calls in BPF_CALL instruction.
	62	*/
	63	#define BPF_REG_ARG1 BPF_REG_1
	64	#define BPF_REG_ARG2 BPF_REG_2
	65	#define BPF_REG_ARG3 BPF_REG_3
	66	#define BPF_REG_ARG4 BPF_REG_4
	67	#define BPF_REG_ARG5 BPF_REG_5
	68	#define BPF_REG_CTX BPF_REG_6
	69	#define BPF_REG_FP BPF_REG_10
	70
	71	/* Additional register mappings for converted user programs. */
	72	#define BPF_REG_A BPF_REG_0
	73	#define BPF_REG_X BPF_REG_7
	74	#define BPF_REG_TMP BPF_REG_8
bd4cf0ed AS	75
	76	/* BPF program can access up to 512 bytes of stack space. */
	77	#define MAX_BPF_STACK 512
	78
f8f6d679 DB	79	/* Helper macros for filter block array initializers. */
	80
	81	/* ALU ops on registers, bpf_add\|sub\|...: A += X */
	82
	83	#define BPF_ALU64_REG(OP, A, X) \
	84	((struct sock_filter_int) { \
	85	.code = BPF_ALU64 \| BPF_OP(OP) \| BPF_X, \
	86	.a_reg = A, \
	87	.x_reg = X, \
	88	.off = 0, \
	89	.imm = 0 })
	90
	91	#define BPF_ALU32_REG(OP, A, X) \
	92	((struct sock_filter_int) { \
	93	.code = BPF_ALU \| BPF_OP(OP) \| BPF_X, \
	94	.a_reg = A, \
	95	.x_reg = X, \
	96	.off = 0, \
	97	.imm = 0 })
	98
	99	/* ALU ops on immediates, bpf_add\|sub\|...: A += IMM */
	100
	101	#define BPF_ALU64_IMM(OP, A, IMM) \
	102	((struct sock_filter_int) { \
	103	.code = BPF_ALU64 \| BPF_OP(OP) \| BPF_K, \
	104	.a_reg = A, \
	105	.x_reg = 0, \
	106	.off = 0, \
	107	.imm = IMM })
	108
	109	#define BPF_ALU32_IMM(OP, A, IMM) \
	110	((struct sock_filter_int) { \
	111	.code = BPF_ALU \| BPF_OP(OP) \| BPF_K, \
	112	.a_reg = A, \
	113	.x_reg = 0, \
	114	.off = 0, \
	115	.imm = IMM })
	116
	117	/* Endianess conversion, cpu_to_{l,b}e(), {l,b}e_to_cpu() */
	118
	119	#define BPF_ENDIAN(TYPE, A, LEN) \
	120	((struct sock_filter_int) { \
	121	.code = BPF_ALU \| BPF_END \| BPF_SRC(TYPE), \
	122	.a_reg = A, \
	123	.x_reg = 0, \
	124	.off = 0, \
	125	.imm = LEN })
	126
	127	/* Short form of mov, A = X */
	128
	129	#define BPF_MOV64_REG(A, X) \
	130	((struct sock_filter_int) { \
	131	.code = BPF_ALU64 \| BPF_MOV \| BPF_X, \
	132	.a_reg = A, \
	133	.x_reg = X, \
	134	.off = 0, \
	135	.imm = 0 })
	136
	137	#define BPF_MOV32_REG(A, X) \
	138	((struct sock_filter_int) { \
	139	.code = BPF_ALU \| BPF_MOV \| BPF_X, \
	140	.a_reg = A, \
	141	.x_reg = X, \
	142	.off = 0, \
143	.imm = 0 })
144
145	/* Short form of mov, A = IMM */
146
147	#define BPF_MOV64_IMM(A, IMM) \
148	((struct sock_filter_int) { \
149	.code = BPF_ALU64 \| BPF_MOV \| BPF_K, \
150	.a_reg = A, \
151	.x_reg = 0, \
152	.off = 0, \
153	.imm = IMM })
154
155	#define BPF_MOV32_IMM(A, IMM) \
156	((struct sock_filter_int) { \
157	.code = BPF_ALU \| BPF_MOV \| BPF_K, \
158	.a_reg = A, \
159	.x_reg = 0, \
160	.off = 0, \
161	.imm = IMM })
162
163	/* Short form of mov based on type, BPF_X: A = X, BPF_K: A = IMM */
164
165	#define BPF_MOV64_RAW(TYPE, A, X, IMM) \
166	((struct sock_filter_int) { \
167	.code = BPF_ALU64 \| BPF_MOV \| BPF_SRC(TYPE), \
168	.a_reg = A, \
169	.x_reg = X, \
170	.off = 0, \
171	.imm = IMM })
172
173	#define BPF_MOV32_RAW(TYPE, A, X, IMM) \
174	((struct sock_filter_int) { \
175	.code = BPF_ALU \| BPF_MOV \| BPF_SRC(TYPE), \
176	.a_reg = A, \
177	.x_reg = X, \
178	.off = 0, \
179	.imm = IMM })
180
181	/* Direct packet access, R0 = (uint ) (skb->data + OFF) */
182
183	#define BPF_LD_ABS(SIZE, OFF) \
184	((struct sock_filter_int) { \
185	.code = BPF_LD \| BPF_SIZE(SIZE) \| BPF_ABS, \
186	.a_reg = 0, \
187	.x_reg = 0, \
188	.off = 0, \
189	.imm = OFF })
190
191	/* Indirect packet access, R0 = (uint ) (skb->data + X + OFF) */
192
193	#define BPF_LD_IND(SIZE, X, OFF) \
194	((struct sock_filter_int) { \
195	.code = BPF_LD \| BPF_SIZE(SIZE) \| BPF_IND, \
196	.a_reg = 0, \
197	.x_reg = X, \
198	.off = 0, \
199	.imm = OFF })
200
201	/* Memory store, A = (uint ) (X + OFF), and vice versa */
202
203	#define BPF_LDX_MEM(SIZE, A, X, OFF) \
204	((struct sock_filter_int) { \
205	.code = BPF_LDX \| BPF_SIZE(SIZE) \| BPF_MEM, \
206	.a_reg = A, \
207	.x_reg = X, \
208	.off = OFF, \
209	.imm = 0 })
210
211	#define BPF_STX_MEM(SIZE, A, X, OFF) \
212	((struct sock_filter_int) { \
213	.code = BPF_STX \| BPF_SIZE(SIZE) \| BPF_MEM, \
214	.a_reg = A, \
215	.x_reg = X, \
216	.off = OFF, \
217	.imm = 0 })
218
219	/* Conditional jumps against registers, if (A 'op' X) goto pc + OFF */
220
221	#define BPF_JMP_REG(OP, A, X, OFF) \
222	((struct sock_filter_int) { \
223	.code = BPF_JMP \| BPF_OP(OP) \| BPF_X, \
224	.a_reg = A, \
225	.x_reg = X, \
226	.off = OFF, \
227	.imm = 0 })
228
229	/* Conditional jumps against immediates, if (A 'op' IMM) goto pc + OFF */
230
231	#define BPF_JMP_IMM(OP, A, IMM, OFF) \
232	((struct sock_filter_int) { \
233	.code = BPF_JMP \| BPF_OP(OP) \| BPF_K, \
234	.a_reg = A, \
235	.x_reg = 0, \
236	.off = OFF, \
237	.imm = IMM })
238
239	/* Function call */
240
241	#define BPF_EMIT_CALL(FUNC) \
242	((struct sock_filter_int) { \
243	.code = BPF_JMP \| BPF_CALL, \
244	.a_reg = 0, \
245	.x_reg = 0, \
246	.off = 0, \
247	.imm = ((FUNC) - __bpf_call_base) })
248
249	/* Raw code statement block */
250
251	#define BPF_RAW_INSN(CODE, A, X, OFF, IMM) \
252	((struct sock_filter_int) { \
253	.code = CODE, \
254	.a_reg = A, \
255	.x_reg = X, \
256	.off = OFF, \
257	.imm = IMM })
258
259	/* Program exit */
260
261	#define BPF_EXIT_INSN() \
262	((struct sock_filter_int) { \
263	.code = BPF_JMP \| BPF_EXIT, \
264	.a_reg = 0, \
265	.x_reg = 0, \
266	.off = 0, \
267	.imm = 0 })
268
269	#define bytes_to_bpf_size(bytes) \
270	({ \
271	int bpf_size = -EINVAL; \
272	\
273	if (bytes == sizeof(u8)) \
274	bpf_size = BPF_B; \
275	else if (bytes == sizeof(u16)) \
276	bpf_size = BPF_H; \
277	else if (bytes == sizeof(u32)) \
278	bpf_size = BPF_W; \
279	else if (bytes == sizeof(u64)) \
280	bpf_size = BPF_DW; \
281	\
282	bpf_size; \
283	})
9739eef1	284
30743837 DB	285	/* Macro to invoke filter function. */
30743837 DB	286	#define SK_RUN_FILTER(filter, ctx) (*filter->bpf_func)(ctx, filter->insnsi)
bd4cf0ed AS	287
	288	struct sock_filter_int {
	289	__u8 code; /* opcode */
	290	__u8 a_reg:4; /* dest register */
	291	__u8 x_reg:4; /* source register */
	292	__s16 off; /* signed offset */
	293	__s32 imm; /* signed immediate constant */
	294	};
	295
	296	#ifdef CONFIG_COMPAT
	297	/* A struct sock_filter is architecture independent. */
0c5fe1b4 WD	298	struct compat_sock_fprog {
0c5fe1b4 WD	299	u16 len;
bd4cf0ed	300	compat_uptr_t filter; /* struct sock_filter * */
0c5fe1b4 WD	301	};
	302	#endif
	303
a3ea269b DB	304	struct sock_fprog_kern {
	305	u16 len;
	306	struct sock_filter *filter;
	307	};
	308
792d4b5c HC	309	struct sk_buff;
792d4b5c HC	310	struct sock;
bd4cf0ed	311	struct seccomp_data;
792d4b5c	312
a3ea269b	313	struct sk_filter {
b715631f	314	atomic_t refcnt;
f8bbbfc3 DB	315	u32 jited:1, /* Is our filter JIT'ed? */
f8bbbfc3 DB	316	len:31; /* Number of filter blocks */
a3ea269b	317	struct sock_fprog_kern orig_prog; / Original BPF program */
d45ed4a4	318	struct rcu_head rcu;
0a14842f	319	unsigned int (bpf_func)(const struct sk_buff skb,
bd4cf0ed	320	const struct sock_filter_int *filter);
d45ed4a4	321	union {
bd4cf0ed AS	322	struct sock_filter insns[0];
bd4cf0ed AS	323	struct sock_filter_int insnsi[0];
d45ed4a4 AS	324	struct work_struct work;
d45ed4a4 AS	325	};
b715631f SH	326	};
b715631f SH	327
d45ed4a4	328	static inline unsigned int sk_filter_size(unsigned int proglen)
b715631f	329	{
d45ed4a4 AS	330	return max(sizeof(struct sk_filter),
d45ed4a4 AS	331	offsetof(struct sk_filter, insns[proglen]));
b715631f SH	332	}
b715631f SH	333
a3ea269b DB	334	#define sk_filter_proglen(fprog) \
	335	(fprog->len * sizeof(fprog->filter[0]))
	336
fbc907f0	337	int sk_filter(struct sock sk, struct sk_buff skb);
bd4cf0ed	338
5fe821a9 AS	339	void sk_filter_select_runtime(struct sk_filter *fp);
5fe821a9 AS	340	void sk_filter_free(struct sk_filter *fp);
bd4cf0ed AS	341
	342	int sk_convert_filter(struct sock_filter *prog, int len,
	343	struct sock_filter_int new_prog, int new_len);
a3ea269b	344
fbc907f0	345	int sk_unattached_filter_create(struct sk_filter **pfp,
b1fcd35c	346	struct sock_fprog_kern *fprog);
fbc907f0	347	void sk_unattached_filter_destroy(struct sk_filter *fp);
a3ea269b	348
fbc907f0 DB	349	int sk_attach_filter(struct sock_fprog fprog, struct sock sk);
fbc907f0 DB	350	int sk_detach_filter(struct sock *sk);
a3ea269b	351
fbc907f0 DB	352	int sk_chk_filter(struct sock_filter *filter, unsigned int flen);
	353	int sk_get_filter(struct sock sk, struct sock_filter __user filter,
	354	unsigned int len);
fbc907f0 DB	355
	356	void sk_filter_charge(struct sock sk, struct sk_filter fp);
	357	void sk_filter_uncharge(struct sock sk, struct sk_filter fp);
0a14842f	358
62258278 AS	359	u64 __bpf_call_base(u64 r1, u64 r2, u64 r3, u64 r4, u64 r5);
	360	void bpf_int_jit_compile(struct sk_filter *fp);
	361
34805931 DB	362	#define BPF_ANC BIT(15)
	363
	364	static inline u16 bpf_anc_helper(const struct sock_filter *ftest)
	365	{
	366	BUG_ON(ftest->code & BPF_ANC);
	367
	368	switch (ftest->code) {
	369	case BPF_LD \| BPF_W \| BPF_ABS:
	370	case BPF_LD \| BPF_H \| BPF_ABS:
	371	case BPF_LD \| BPF_B \| BPF_ABS:
	372	#define BPF_ANCILLARY(CODE) case SKF_AD_OFF + SKF_AD_##CODE: \
	373	return BPF_ANC \| SKF_AD_##CODE
	374	switch (ftest->k) {
	375	BPF_ANCILLARY(PROTOCOL);
	376	BPF_ANCILLARY(PKTTYPE);
	377	BPF_ANCILLARY(IFINDEX);
	378	BPF_ANCILLARY(NLATTR);
	379	BPF_ANCILLARY(NLATTR_NEST);
	380	BPF_ANCILLARY(MARK);
	381	BPF_ANCILLARY(QUEUE);
	382	BPF_ANCILLARY(HATYPE);
	383	BPF_ANCILLARY(RXHASH);
	384	BPF_ANCILLARY(CPU);
	385	BPF_ANCILLARY(ALU_XOR_X);
	386	BPF_ANCILLARY(VLAN_TAG);
	387	BPF_ANCILLARY(VLAN_TAG_PRESENT);
	388	BPF_ANCILLARY(PAY_OFFSET);
	389	BPF_ANCILLARY(RANDOM);
	390	}
	391	/* Fallthrough. */
	392	default:
	393	return ftest->code;
	394	}
	395	}
	396
0a14842f	397	#ifdef CONFIG_BPF_JIT
20074f35	398	#include <stdarg.h>
a691ce7f CG	399	#include <linux/linkage.h>
	400	#include <linux/printk.h>
	401
fbc907f0 DB	402	void bpf_jit_compile(struct sk_filter *fp);
fbc907f0 DB	403	void bpf_jit_free(struct sk_filter *fp);
79617801 DB	404
	405	static inline void bpf_jit_dump(unsigned int flen, unsigned int proglen,
	406	u32 pass, void *image)
	407	{
16495445	408	pr_err("flen=%u proglen=%u pass=%u image=%pK\n",
79617801 DB	409	flen, proglen, pass, image);
79617801 DB	410	if (image)
16495445	411	print_hex_dump(KERN_ERR, "JIT code: ", DUMP_PREFIX_OFFSET,
79617801 DB	412	16, 1, image, proglen, false);
79617801 DB	413	}
0a14842f	414	#else
d45ed4a4	415	#include <linux/slab.h>
34805931	416
0a14842f ED	417	static inline void bpf_jit_compile(struct sk_filter *fp)
	418	{
	419	}
34805931	420
0a14842f ED	421	static inline void bpf_jit_free(struct sk_filter *fp)
0a14842f ED	422	{
d45ed4a4	423	kfree(fp);
0a14842f	424	}
34805931	425	#endif /* CONFIG_BPF_JIT */
0a14842f	426
ea02f941 MS	427	static inline int bpf_tell_extensions(void)
ea02f941 MS	428	{
37692299	429	return SKF_AD_MAX;
ea02f941 MS	430	}
ea02f941 MS	431
1da177e4	432	#endif /* __LINUX_FILTER_H__ */