[linux-2.6-block.git] / include / linux / bpf-cgroup.h

#ifndef _BPF_CGROUP_H
#define _BPF_CGROUP_H

#include <linux/jump_label.h>
#include <uapi/linux/bpf.h>

struct sock;
struct cgroup;
struct sk_buff;
struct bpf_sock_ops_kern;

#ifdef CONFIG_CGROUP_BPF

extern struct static_key_false cgroup_bpf_enabled_key;
#define cgroup_bpf_enabled static_branch_unlikely(&cgroup_bpf_enabled_key)

struct bpf_prog_list {
	struct list_head node;
	struct bpf_prog *prog;
};

struct bpf_prog_array;

struct cgroup_bpf {
	/* array of effective progs in this cgroup */
	struct bpf_prog_array __rcu *effective[MAX_BPF_ATTACH_TYPE];

	/* attached progs to this cgroup and attach flags
	 * when flags == 0 or BPF_F_ALLOW_OVERRIDE the progs list will
	 * have either zero or one element
	 * when BPF_F_ALLOW_MULTI the list can have up to BPF_CGROUP_MAX_PROGS
	 */
	struct list_head progs[MAX_BPF_ATTACH_TYPE];
	u32 flags[MAX_BPF_ATTACH_TYPE];

	/* temp storage for effective prog array used by prog_attach/detach */
	struct bpf_prog_array __rcu *inactive;
};

void cgroup_bpf_put(struct cgroup *cgrp);
int cgroup_bpf_inherit(struct cgroup *cgrp);

int __cgroup_bpf_attach(struct cgroup *cgrp, struct bpf_prog *prog,
			enum bpf_attach_type type, u32 flags);
int __cgroup_bpf_detach(struct cgroup *cgrp, struct bpf_prog *prog,
			enum bpf_attach_type type, u32 flags);

/* Wrapper for __cgroup_bpf_*() protected by cgroup_mutex */
int cgroup_bpf_attach(struct cgroup *cgrp, struct bpf_prog *prog,
		      enum bpf_attach_type type, u32 flags);
int cgroup_bpf_detach(struct cgroup *cgrp, struct bpf_prog *prog,
		      enum bpf_attach_type type, u32 flags);

int __cgroup_bpf_run_filter_skb(struct sock *sk,
				struct sk_buff *skb,
				enum bpf_attach_type type);

int __cgroup_bpf_run_filter_sk(struct sock *sk,
			       enum bpf_attach_type type);

int __cgroup_bpf_run_filter_sock_ops(struct sock *sk,
				     struct bpf_sock_ops_kern *sock_ops,
				     enum bpf_attach_type type);

/* Wrappers for __cgroup_bpf_run_filter_skb() guarded by cgroup_bpf_enabled. */
#define BPF_CGROUP_RUN_PROG_INET_INGRESS(sk, skb)			      \
({									      \
	int __ret = 0;							      \
	if (cgroup_bpf_enabled)						      \
		__ret = __cgroup_bpf_run_filter_skb(sk, skb,		      \
						    BPF_CGROUP_INET_INGRESS); \
									      \
	__ret;								      \
})

#define BPF_CGROUP_RUN_PROG_INET_EGRESS(sk, skb)			       \
({									       \
	int __ret = 0;							       \
	if (cgroup_bpf_enabled && sk && sk == skb->sk) {		       \
		typeof(sk) __sk = sk_to_full_sk(sk);			       \
		if (sk_fullsock(__sk))					       \
			__ret = __cgroup_bpf_run_filter_skb(__sk, skb,	       \
						      BPF_CGROUP_INET_EGRESS); \
	}								       \
	__ret;								       \
})

#define BPF_CGROUP_RUN_PROG_INET_SOCK(sk)				       \
({									       \
	int __ret = 0;							       \
	if (cgroup_bpf_enabled && sk) {					       \
		__ret = __cgroup_bpf_run_filter_sk(sk,			       \
						 BPF_CGROUP_INET_SOCK_CREATE); \
	}								       \
	__ret;								       \
})

#define BPF_CGROUP_RUN_PROG_SOCK_OPS(sock_ops)				       \
({									       \
	int __ret = 0;							       \
	if (cgroup_bpf_enabled && (sock_ops)->sk) {	       \
		typeof(sk) __sk = sk_to_full_sk((sock_ops)->sk);	       \
		if (__sk && sk_fullsock(__sk))				       \
			__ret = __cgroup_bpf_run_filter_sock_ops(__sk,	       \
								 sock_ops,     \
							 BPF_CGROUP_SOCK_OPS); \
	}								       \
	__ret;								       \
})
#else

struct cgroup_bpf {};
static inline void cgroup_bpf_put(struct cgroup *cgrp) {}
static inline int cgroup_bpf_inherit(struct cgroup *cgrp) { return 0; }

#define BPF_CGROUP_RUN_PROG_INET_INGRESS(sk,skb) ({ 0; })
#define BPF_CGROUP_RUN_PROG_INET_EGRESS(sk,skb) ({ 0; })
#define BPF_CGROUP_RUN_PROG_INET_SOCK(sk) ({ 0; })
#define BPF_CGROUP_RUN_PROG_SOCK_OPS(sock_ops) ({ 0; })

#endif /* CONFIG_CGROUP_BPF */

#endif /* _BPF_CGROUP_H */
Commit	Line	Data
30070984 DM	1	#ifndef _BPF_CGROUP_H
	2	#define _BPF_CGROUP_H
	3
30070984 DM	4	#include <linux/jump_label.h>
	5	#include <uapi/linux/bpf.h>
	6
	7	struct sock;
	8	struct cgroup;
	9	struct sk_buff;
40304b2a	10	struct bpf_sock_ops_kern;
30070984 DM	11
	12	#ifdef CONFIG_CGROUP_BPF
	13
	14	extern struct static_key_false cgroup_bpf_enabled_key;
	15	#define cgroup_bpf_enabled static_branch_unlikely(&cgroup_bpf_enabled_key)
	16
324bda9e AS	17	struct bpf_prog_list {
	18	struct list_head node;
	19	struct bpf_prog *prog;
	20	};
	21
	22	struct bpf_prog_array;
	23
30070984	24	struct cgroup_bpf {
324bda9e AS	25	/* array of effective progs in this cgroup */
	26	struct bpf_prog_array __rcu *effective[MAX_BPF_ATTACH_TYPE];
	27
	28	/* attached progs to this cgroup and attach flags
	29	* when flags == 0 or BPF_F_ALLOW_OVERRIDE the progs list will
	30	* have either zero or one element
	31	* when BPF_F_ALLOW_MULTI the list can have up to BPF_CGROUP_MAX_PROGS
30070984	32	*/
324bda9e AS	33	struct list_head progs[MAX_BPF_ATTACH_TYPE];
	34	u32 flags[MAX_BPF_ATTACH_TYPE];
	35
	36	/* temp storage for effective prog array used by prog_attach/detach */
	37	struct bpf_prog_array __rcu *inactive;
30070984 DM	38	};
	39
	40	void cgroup_bpf_put(struct cgroup *cgrp);
324bda9e	41	int cgroup_bpf_inherit(struct cgroup *cgrp);
30070984	42
324bda9e AS	43	int __cgroup_bpf_attach(struct cgroup cgrp, struct bpf_prog prog,
	44	enum bpf_attach_type type, u32 flags);
	45	int __cgroup_bpf_detach(struct cgroup cgrp, struct bpf_prog prog,
	46	enum bpf_attach_type type, u32 flags);
30070984	47
324bda9e AS	48	/* Wrapper for __cgroup_bpf_() protected by cgroup_mutex /
	49	int cgroup_bpf_attach(struct cgroup cgrp, struct bpf_prog prog,
	50	enum bpf_attach_type type, u32 flags);
	51	int cgroup_bpf_detach(struct cgroup cgrp, struct bpf_prog prog,
	52	enum bpf_attach_type type, u32 flags);
30070984	53
b2cd1257 DA	54	int __cgroup_bpf_run_filter_skb(struct sock *sk,
	55	struct sk_buff *skb,
	56	enum bpf_attach_type type);
	57
61023658 DA	58	int __cgroup_bpf_run_filter_sk(struct sock *sk,
	59	enum bpf_attach_type type);
	60
40304b2a LB	61	int __cgroup_bpf_run_filter_sock_ops(struct sock *sk,
	62	struct bpf_sock_ops_kern *sock_ops,
	63	enum bpf_attach_type type);
	64
b2cd1257 DA	65	/* Wrappers for __cgroup_bpf_run_filter_skb() guarded by cgroup_bpf_enabled. */
	66	#define BPF_CGROUP_RUN_PROG_INET_INGRESS(sk, skb) \
	67	({ \
	68	int __ret = 0; \
	69	if (cgroup_bpf_enabled) \
	70	__ret = __cgroup_bpf_run_filter_skb(sk, skb, \
	71	BPF_CGROUP_INET_INGRESS); \
	72	\
	73	__ret; \
30070984 DM	74	})
30070984 DM	75
b2cd1257 DA	76	#define BPF_CGROUP_RUN_PROG_INET_EGRESS(sk, skb) \
	77	({ \
	78	int __ret = 0; \
	79	if (cgroup_bpf_enabled && sk && sk == skb->sk) { \
	80	typeof(sk) __sk = sk_to_full_sk(sk); \
	81	if (sk_fullsock(__sk)) \
	82	__ret = __cgroup_bpf_run_filter_skb(__sk, skb, \
	83	BPF_CGROUP_INET_EGRESS); \
	84	} \
	85	__ret; \
30070984 DM	86	})
30070984 DM	87
61023658 DA	88	#define BPF_CGROUP_RUN_PROG_INET_SOCK(sk) \
	89	({ \
	90	int __ret = 0; \
	91	if (cgroup_bpf_enabled && sk) { \
	92	__ret = __cgroup_bpf_run_filter_sk(sk, \
	93	BPF_CGROUP_INET_SOCK_CREATE); \
	94	} \
	95	__ret; \
	96	})
	97
40304b2a LB	98	#define BPF_CGROUP_RUN_PROG_SOCK_OPS(sock_ops) \
	99	({ \
	100	int __ret = 0; \
	101	if (cgroup_bpf_enabled && (sock_ops)->sk) { \
	102	typeof(sk) __sk = sk_to_full_sk((sock_ops)->sk); \
df39a9f1	103	if (__sk && sk_fullsock(__sk)) \
40304b2a LB	104	__ret = __cgroup_bpf_run_filter_sock_ops(__sk, \
	105	sock_ops, \
	106	BPF_CGROUP_SOCK_OPS); \
	107	} \
	108	__ret; \
	109	})
30070984 DM	110	#else
	111
	112	struct cgroup_bpf {};
	113	static inline void cgroup_bpf_put(struct cgroup *cgrp) {}
324bda9e	114	static inline int cgroup_bpf_inherit(struct cgroup *cgrp) { return 0; }
30070984 DM	115
	116	#define BPF_CGROUP_RUN_PROG_INET_INGRESS(sk,skb) ({ 0; })
	117	#define BPF_CGROUP_RUN_PROG_INET_EGRESS(sk,skb) ({ 0; })
61023658	118	#define BPF_CGROUP_RUN_PROG_INET_SOCK(sk) ({ 0; })
40304b2a	119	#define BPF_CGROUP_RUN_PROG_SOCK_OPS(sock_ops) ({ 0; })
30070984 DM	120
	121	#endif /* CONFIG_CGROUP_BPF */
	122
	123	#endif /* _BPF_CGROUP_H */