Commit | Line | Data |
---|---|---|
5b497af4 | 1 | // SPDX-License-Identifier: GPL-2.0-only |
99c55f7d | 2 | /* Copyright (c) 2011-2014 PLUMgrid, http://plumgrid.com |
99c55f7d AS |
3 | */ |
4 | #include <linux/bpf.h> | |
aef2feda | 5 | #include <linux/bpf-cgroup.h> |
a67edbf4 | 6 | #include <linux/bpf_trace.h> |
f4364dcf | 7 | #include <linux/bpf_lirc.h> |
4a1e7c0c | 8 | #include <linux/bpf_verifier.h> |
61df10c7 | 9 | #include <linux/bsearch.h> |
f56a653c | 10 | #include <linux/btf.h> |
99c55f7d AS |
11 | #include <linux/syscalls.h> |
12 | #include <linux/slab.h> | |
3f07c014 | 13 | #include <linux/sched/signal.h> |
d407bd25 DB |
14 | #include <linux/vmalloc.h> |
15 | #include <linux/mmzone.h> | |
99c55f7d | 16 | #include <linux/anon_inodes.h> |
41bdc4b4 | 17 | #include <linux/fdtable.h> |
db20fd2b | 18 | #include <linux/file.h> |
41bdc4b4 | 19 | #include <linux/fs.h> |
09756af4 AS |
20 | #include <linux/license.h> |
21 | #include <linux/filter.h> | |
535e7b4b | 22 | #include <linux/kernel.h> |
dc4bb0e2 | 23 | #include <linux/idr.h> |
cb4d2b3f MKL |
24 | #include <linux/cred.h> |
25 | #include <linux/timekeeping.h> | |
26 | #include <linux/ctype.h> | |
9ef09e35 | 27 | #include <linux/nospec.h> |
bae141f5 | 28 | #include <linux/audit.h> |
ccfe29eb | 29 | #include <uapi/linux/btf.h> |
ca5999fd | 30 | #include <linux/pgtable.h> |
9e4e01df | 31 | #include <linux/bpf_lsm.h> |
457f4436 | 32 | #include <linux/poll.h> |
4d7d7f69 | 33 | #include <linux/sort.h> |
a3fd7cee | 34 | #include <linux/bpf-netns.h> |
1e6c62a8 | 35 | #include <linux/rcupdate_trace.h> |
48edc1f7 | 36 | #include <linux/memcontrol.h> |
0dcac272 | 37 | #include <linux/trace_events.h> |
84601d6e | 38 | #include <net/netfilter/nf_bpf_link.h> |
99c55f7d | 39 | |
e420bed0 DB |
40 | #include <net/tcx.h> |
41 | ||
da765a2f DB |
42 | #define IS_FD_ARRAY(map) ((map)->map_type == BPF_MAP_TYPE_PERF_EVENT_ARRAY || \ |
43 | (map)->map_type == BPF_MAP_TYPE_CGROUP_ARRAY || \ | |
44 | (map)->map_type == BPF_MAP_TYPE_ARRAY_OF_MAPS) | |
45 | #define IS_FD_PROG_ARRAY(map) ((map)->map_type == BPF_MAP_TYPE_PROG_ARRAY) | |
14dc6f04 | 46 | #define IS_FD_HASH(map) ((map)->map_type == BPF_MAP_TYPE_HASH_OF_MAPS) |
da765a2f DB |
47 | #define IS_FD_MAP(map) (IS_FD_ARRAY(map) || IS_FD_PROG_ARRAY(map) || \ |
48 | IS_FD_HASH(map)) | |
14dc6f04 | 49 | |
6e71b04a CF |
50 | #define BPF_OBJ_FLAG_MASK (BPF_F_RDONLY | BPF_F_WRONLY) |
51 | ||
b121d1e7 | 52 | DEFINE_PER_CPU(int, bpf_prog_active); |
dc4bb0e2 MKL |
53 | static DEFINE_IDR(prog_idr); |
54 | static DEFINE_SPINLOCK(prog_idr_lock); | |
f3f1c054 MKL |
55 | static DEFINE_IDR(map_idr); |
56 | static DEFINE_SPINLOCK(map_idr_lock); | |
a3b80e10 AN |
57 | static DEFINE_IDR(link_idr); |
58 | static DEFINE_SPINLOCK(link_idr_lock); | |
b121d1e7 | 59 | |
08389d88 DB |
60 | int sysctl_unprivileged_bpf_disabled __read_mostly = |
61 | IS_BUILTIN(CONFIG_BPF_UNPRIV_DEFAULT_OFF) ? 2 : 0; | |
1be7f75d | 62 | |
40077e0c | 63 | static const struct bpf_map_ops * const bpf_map_types[] = { |
91cc1a99 | 64 | #define BPF_PROG_TYPE(_id, _name, prog_ctx_type, kern_ctx_type) |
40077e0c JB |
65 | #define BPF_MAP_TYPE(_id, _ops) \ |
66 | [_id] = &_ops, | |
f2e10bff | 67 | #define BPF_LINK_TYPE(_id, _name) |
40077e0c JB |
68 | #include <linux/bpf_types.h> |
69 | #undef BPF_PROG_TYPE | |
70 | #undef BPF_MAP_TYPE | |
f2e10bff | 71 | #undef BPF_LINK_TYPE |
40077e0c | 72 | }; |
99c55f7d | 73 | |
752ba56f MS |
74 | /* |
75 | * If we're handed a bigger struct than we know of, ensure all the unknown bits | |
76 | * are 0 - i.e. new user-space does not rely on any kernel feature extensions | |
77 | * we don't know about yet. | |
78 | * | |
79 | * There is a ToCToU between this function call and the following | |
80 | * copy_from_user() call. However, this is not a concern since this function is | |
81 | * meant to be a future-proofing of bits. | |
82 | */ | |
af2ac3e1 | 83 | int bpf_check_uarg_tail_zero(bpfptr_t uaddr, |
dcab51f1 MKL |
84 | size_t expected_size, |
85 | size_t actual_size) | |
58291a74 | 86 | { |
b7e4b65f | 87 | int res; |
58291a74 | 88 | |
752ba56f MS |
89 | if (unlikely(actual_size > PAGE_SIZE)) /* silly large */ |
90 | return -E2BIG; | |
91 | ||
58291a74 MS |
92 | if (actual_size <= expected_size) |
93 | return 0; | |
94 | ||
af2ac3e1 AS |
95 | if (uaddr.is_kernel) |
96 | res = memchr_inv(uaddr.kernel + expected_size, 0, | |
97 | actual_size - expected_size) == NULL; | |
98 | else | |
99 | res = check_zeroed_user(uaddr.user + expected_size, | |
100 | actual_size - expected_size); | |
b7e4b65f AV |
101 | if (res < 0) |
102 | return res; | |
103 | return res ? 0 : -E2BIG; | |
58291a74 MS |
104 | } |
105 | ||
a3884572 | 106 | const struct bpf_map_ops bpf_map_offload_ops = { |
f4d05259 | 107 | .map_meta_equal = bpf_map_meta_equal, |
a3884572 JK |
108 | .map_alloc = bpf_map_offload_map_alloc, |
109 | .map_free = bpf_map_offload_map_free, | |
e8d2bec0 | 110 | .map_check_btf = map_check_no_btf, |
9629363c | 111 | .map_mem_usage = bpf_map_offload_map_mem_usage, |
a3884572 JK |
112 | }; |
113 | ||
353050be DB |
114 | static void bpf_map_write_active_inc(struct bpf_map *map) |
115 | { | |
116 | atomic64_inc(&map->writecnt); | |
117 | } | |
118 | ||
119 | static void bpf_map_write_active_dec(struct bpf_map *map) | |
120 | { | |
121 | atomic64_dec(&map->writecnt); | |
122 | } | |
123 | ||
124 | bool bpf_map_write_active(const struct bpf_map *map) | |
125 | { | |
126 | return atomic64_read(&map->writecnt) != 0; | |
127 | } | |
128 | ||
80ee81e0 | 129 | static u32 bpf_map_value_size(const struct bpf_map *map) |
15c14a3d BV |
130 | { |
131 | if (map->map_type == BPF_MAP_TYPE_PERCPU_HASH || | |
132 | map->map_type == BPF_MAP_TYPE_LRU_PERCPU_HASH || | |
133 | map->map_type == BPF_MAP_TYPE_PERCPU_ARRAY || | |
134 | map->map_type == BPF_MAP_TYPE_PERCPU_CGROUP_STORAGE) | |
135 | return round_up(map->value_size, 8) * num_possible_cpus(); | |
136 | else if (IS_FD_MAP(map)) | |
137 | return sizeof(u32); | |
138 | else | |
139 | return map->value_size; | |
140 | } | |
141 | ||
142 | static void maybe_wait_bpf_programs(struct bpf_map *map) | |
143 | { | |
144 | /* Wait for any running BPF programs to complete so that | |
145 | * userspace, when we return to it, knows that all programs | |
146 | * that could be running use the new map value. | |
147 | */ | |
148 | if (map->map_type == BPF_MAP_TYPE_HASH_OF_MAPS || | |
149 | map->map_type == BPF_MAP_TYPE_ARRAY_OF_MAPS) | |
150 | synchronize_rcu(); | |
151 | } | |
152 | ||
3af43ba4 HT |
153 | static int bpf_map_update_value(struct bpf_map *map, struct file *map_file, |
154 | void *key, void *value, __u64 flags) | |
15c14a3d BV |
155 | { |
156 | int err; | |
157 | ||
158 | /* Need to create a kthread, thus must support schedule */ | |
9d03ebc7 | 159 | if (bpf_map_is_offloaded(map)) { |
15c14a3d BV |
160 | return bpf_map_offload_update_elem(map, key, value, flags); |
161 | } else if (map->map_type == BPF_MAP_TYPE_CPUMAP || | |
15c14a3d BV |
162 | map->map_type == BPF_MAP_TYPE_STRUCT_OPS) { |
163 | return map->ops->map_update_elem(map, key, value, flags); | |
13b79d3f LB |
164 | } else if (map->map_type == BPF_MAP_TYPE_SOCKHASH || |
165 | map->map_type == BPF_MAP_TYPE_SOCKMAP) { | |
166 | return sock_map_update_elem_sys(map, key, value, flags); | |
15c14a3d | 167 | } else if (IS_FD_PROG_ARRAY(map)) { |
3af43ba4 | 168 | return bpf_fd_array_map_update_elem(map, map_file, key, value, |
15c14a3d BV |
169 | flags); |
170 | } | |
171 | ||
b6e5dae1 | 172 | bpf_disable_instrumentation(); |
15c14a3d BV |
173 | if (map->map_type == BPF_MAP_TYPE_PERCPU_HASH || |
174 | map->map_type == BPF_MAP_TYPE_LRU_PERCPU_HASH) { | |
175 | err = bpf_percpu_hash_update(map, key, value, flags); | |
176 | } else if (map->map_type == BPF_MAP_TYPE_PERCPU_ARRAY) { | |
177 | err = bpf_percpu_array_update(map, key, value, flags); | |
178 | } else if (map->map_type == BPF_MAP_TYPE_PERCPU_CGROUP_STORAGE) { | |
179 | err = bpf_percpu_cgroup_storage_update(map, key, value, | |
180 | flags); | |
181 | } else if (IS_FD_ARRAY(map)) { | |
182 | rcu_read_lock(); | |
3af43ba4 | 183 | err = bpf_fd_array_map_update_elem(map, map_file, key, value, |
15c14a3d BV |
184 | flags); |
185 | rcu_read_unlock(); | |
186 | } else if (map->map_type == BPF_MAP_TYPE_HASH_OF_MAPS) { | |
187 | rcu_read_lock(); | |
3af43ba4 | 188 | err = bpf_fd_htab_map_update_elem(map, map_file, key, value, |
15c14a3d BV |
189 | flags); |
190 | rcu_read_unlock(); | |
191 | } else if (map->map_type == BPF_MAP_TYPE_REUSEPORT_SOCKARRAY) { | |
192 | /* rcu_read_lock() is not needed */ | |
193 | err = bpf_fd_reuseport_array_update_elem(map, key, value, | |
194 | flags); | |
195 | } else if (map->map_type == BPF_MAP_TYPE_QUEUE || | |
9330986c JK |
196 | map->map_type == BPF_MAP_TYPE_STACK || |
197 | map->map_type == BPF_MAP_TYPE_BLOOM_FILTER) { | |
15c14a3d BV |
198 | err = map->ops->map_push_elem(map, value, flags); |
199 | } else { | |
200 | rcu_read_lock(); | |
201 | err = map->ops->map_update_elem(map, key, value, flags); | |
202 | rcu_read_unlock(); | |
203 | } | |
b6e5dae1 | 204 | bpf_enable_instrumentation(); |
15c14a3d BV |
205 | maybe_wait_bpf_programs(map); |
206 | ||
207 | return err; | |
208 | } | |
209 | ||
210 | static int bpf_map_copy_value(struct bpf_map *map, void *key, void *value, | |
211 | __u64 flags) | |
212 | { | |
213 | void *ptr; | |
214 | int err; | |
215 | ||
9d03ebc7 | 216 | if (bpf_map_is_offloaded(map)) |
cb4d03ab | 217 | return bpf_map_offload_lookup_elem(map, key, value); |
15c14a3d | 218 | |
b6e5dae1 | 219 | bpf_disable_instrumentation(); |
15c14a3d BV |
220 | if (map->map_type == BPF_MAP_TYPE_PERCPU_HASH || |
221 | map->map_type == BPF_MAP_TYPE_LRU_PERCPU_HASH) { | |
222 | err = bpf_percpu_hash_copy(map, key, value); | |
223 | } else if (map->map_type == BPF_MAP_TYPE_PERCPU_ARRAY) { | |
224 | err = bpf_percpu_array_copy(map, key, value); | |
225 | } else if (map->map_type == BPF_MAP_TYPE_PERCPU_CGROUP_STORAGE) { | |
226 | err = bpf_percpu_cgroup_storage_copy(map, key, value); | |
227 | } else if (map->map_type == BPF_MAP_TYPE_STACK_TRACE) { | |
228 | err = bpf_stackmap_copy(map, key, value); | |
229 | } else if (IS_FD_ARRAY(map) || IS_FD_PROG_ARRAY(map)) { | |
230 | err = bpf_fd_array_map_lookup_elem(map, key, value); | |
231 | } else if (IS_FD_HASH(map)) { | |
232 | err = bpf_fd_htab_map_lookup_elem(map, key, value); | |
233 | } else if (map->map_type == BPF_MAP_TYPE_REUSEPORT_SOCKARRAY) { | |
234 | err = bpf_fd_reuseport_array_lookup_elem(map, key, value); | |
235 | } else if (map->map_type == BPF_MAP_TYPE_QUEUE || | |
9330986c JK |
236 | map->map_type == BPF_MAP_TYPE_STACK || |
237 | map->map_type == BPF_MAP_TYPE_BLOOM_FILTER) { | |
15c14a3d BV |
238 | err = map->ops->map_peek_elem(map, value); |
239 | } else if (map->map_type == BPF_MAP_TYPE_STRUCT_OPS) { | |
240 | /* struct_ops map requires directly updating "value" */ | |
241 | err = bpf_struct_ops_map_sys_lookup_elem(map, key, value); | |
242 | } else { | |
243 | rcu_read_lock(); | |
244 | if (map->ops->map_lookup_elem_sys_only) | |
245 | ptr = map->ops->map_lookup_elem_sys_only(map, key); | |
246 | else | |
247 | ptr = map->ops->map_lookup_elem(map, key); | |
248 | if (IS_ERR(ptr)) { | |
249 | err = PTR_ERR(ptr); | |
250 | } else if (!ptr) { | |
251 | err = -ENOENT; | |
252 | } else { | |
253 | err = 0; | |
254 | if (flags & BPF_F_LOCK) | |
255 | /* lock 'ptr' and copy everything but lock */ | |
256 | copy_map_value_locked(map, value, ptr, true); | |
257 | else | |
258 | copy_map_value(map, value, ptr); | |
68134668 AS |
259 | /* mask lock and timer, since value wasn't zero inited */ |
260 | check_and_init_map_value(map, value); | |
15c14a3d BV |
261 | } |
262 | rcu_read_unlock(); | |
263 | } | |
264 | ||
b6e5dae1 | 265 | bpf_enable_instrumentation(); |
15c14a3d BV |
266 | maybe_wait_bpf_programs(map); |
267 | ||
268 | return err; | |
269 | } | |
270 | ||
d5299b67 RG |
271 | /* Please, do not use this function outside from the map creation path |
272 | * (e.g. in map update path) without taking care of setting the active | |
273 | * memory cgroup (see at bpf_map_kmalloc_node() for example). | |
274 | */ | |
196e8ca7 | 275 | static void *__bpf_map_area_alloc(u64 size, int numa_node, bool mmapable) |
d407bd25 | 276 | { |
f01a7dbe MP |
277 | /* We really just want to fail instead of triggering OOM killer |
278 | * under memory pressure, therefore we set __GFP_NORETRY to kmalloc, | |
279 | * which is used for lower order allocation requests. | |
280 | * | |
281 | * It has been observed that higher order allocation requests done by | |
282 | * vmalloc with __GFP_NORETRY being set might fail due to not trying | |
283 | * to reclaim memory from the page cache, thus we set | |
284 | * __GFP_RETRY_MAYFAIL to avoid such situations. | |
d407bd25 | 285 | */ |
f01a7dbe | 286 | |
ee53cbfb | 287 | gfp_t gfp = bpf_memcg_flags(__GFP_NOWARN | __GFP_ZERO); |
041de93f CH |
288 | unsigned int flags = 0; |
289 | unsigned long align = 1; | |
d407bd25 DB |
290 | void *area; |
291 | ||
196e8ca7 DB |
292 | if (size >= SIZE_MAX) |
293 | return NULL; | |
294 | ||
fc970227 | 295 | /* kmalloc()'ed memory can't be mmap()'ed */ |
041de93f CH |
296 | if (mmapable) { |
297 | BUG_ON(!PAGE_ALIGNED(size)); | |
298 | align = SHMLBA; | |
299 | flags = VM_USERMAP; | |
300 | } else if (size <= (PAGE_SIZE << PAGE_ALLOC_COSTLY_ORDER)) { | |
301 | area = kmalloc_node(size, gfp | GFP_USER | __GFP_NORETRY, | |
f01a7dbe | 302 | numa_node); |
d407bd25 DB |
303 | if (area != NULL) |
304 | return area; | |
305 | } | |
041de93f CH |
306 | |
307 | return __vmalloc_node_range(size, align, VMALLOC_START, VMALLOC_END, | |
308 | gfp | GFP_KERNEL | __GFP_RETRY_MAYFAIL, PAGE_KERNEL, | |
309 | flags, numa_node, __builtin_return_address(0)); | |
d407bd25 DB |
310 | } |
311 | ||
196e8ca7 | 312 | void *bpf_map_area_alloc(u64 size, int numa_node) |
fc970227 AN |
313 | { |
314 | return __bpf_map_area_alloc(size, numa_node, false); | |
315 | } | |
316 | ||
196e8ca7 | 317 | void *bpf_map_area_mmapable_alloc(u64 size, int numa_node) |
fc970227 AN |
318 | { |
319 | return __bpf_map_area_alloc(size, numa_node, true); | |
320 | } | |
321 | ||
d407bd25 DB |
322 | void bpf_map_area_free(void *area) |
323 | { | |
324 | kvfree(area); | |
325 | } | |
326 | ||
be70bcd5 DB |
327 | static u32 bpf_map_flags_retain_permanent(u32 flags) |
328 | { | |
329 | /* Some map creation flags are not tied to the map object but | |
330 | * rather to the map fd instead, so they have no meaning upon | |
331 | * map object inspection since multiple file descriptors with | |
332 | * different (access) properties can exist here. Thus, given | |
333 | * this has zero meaning for the map itself, lets clear these | |
334 | * from here. | |
335 | */ | |
336 | return flags & ~(BPF_F_RDONLY | BPF_F_WRONLY); | |
337 | } | |
338 | ||
bd475643 JK |
339 | void bpf_map_init_from_attr(struct bpf_map *map, union bpf_attr *attr) |
340 | { | |
341 | map->map_type = attr->map_type; | |
342 | map->key_size = attr->key_size; | |
343 | map->value_size = attr->value_size; | |
344 | map->max_entries = attr->max_entries; | |
be70bcd5 | 345 | map->map_flags = bpf_map_flags_retain_permanent(attr->map_flags); |
bd475643 | 346 | map->numa_node = bpf_map_attr_numa_node(attr); |
9330986c | 347 | map->map_extra = attr->map_extra; |
bd475643 JK |
348 | } |
349 | ||
f3f1c054 MKL |
350 | static int bpf_map_alloc_id(struct bpf_map *map) |
351 | { | |
352 | int id; | |
353 | ||
b76354cd | 354 | idr_preload(GFP_KERNEL); |
f3f1c054 MKL |
355 | spin_lock_bh(&map_idr_lock); |
356 | id = idr_alloc_cyclic(&map_idr, map, 1, INT_MAX, GFP_ATOMIC); | |
357 | if (id > 0) | |
358 | map->id = id; | |
359 | spin_unlock_bh(&map_idr_lock); | |
b76354cd | 360 | idr_preload_end(); |
f3f1c054 MKL |
361 | |
362 | if (WARN_ON_ONCE(!id)) | |
363 | return -ENOSPC; | |
364 | ||
365 | return id > 0 ? 0 : id; | |
366 | } | |
367 | ||
158e5e9e | 368 | void bpf_map_free_id(struct bpf_map *map) |
f3f1c054 | 369 | { |
930651a7 ED |
370 | unsigned long flags; |
371 | ||
a3884572 JK |
372 | /* Offloaded maps are removed from the IDR store when their device |
373 | * disappears - even if someone holds an fd to them they are unusable, | |
374 | * the memory is gone, all ops will fail; they are simply waiting for | |
375 | * refcnt to drop to be freed. | |
376 | */ | |
377 | if (!map->id) | |
378 | return; | |
379 | ||
158e5e9e | 380 | spin_lock_irqsave(&map_idr_lock, flags); |
bd5f5f4e | 381 | |
f3f1c054 | 382 | idr_remove(&map_idr, map->id); |
a3884572 | 383 | map->id = 0; |
bd5f5f4e | 384 | |
158e5e9e | 385 | spin_unlock_irqrestore(&map_idr_lock, flags); |
f3f1c054 MKL |
386 | } |
387 | ||
48edc1f7 RG |
388 | #ifdef CONFIG_MEMCG_KMEM |
389 | static void bpf_map_save_memcg(struct bpf_map *map) | |
390 | { | |
4201d9ab RG |
391 | /* Currently if a map is created by a process belonging to the root |
392 | * memory cgroup, get_obj_cgroup_from_current() will return NULL. | |
393 | * So we have to check map->objcg for being NULL each time it's | |
394 | * being used. | |
395 | */ | |
ee53cbfb YS |
396 | if (memcg_bpf_enabled()) |
397 | map->objcg = get_obj_cgroup_from_current(); | |
48edc1f7 RG |
398 | } |
399 | ||
400 | static void bpf_map_release_memcg(struct bpf_map *map) | |
401 | { | |
4201d9ab RG |
402 | if (map->objcg) |
403 | obj_cgroup_put(map->objcg); | |
404 | } | |
405 | ||
406 | static struct mem_cgroup *bpf_map_get_memcg(const struct bpf_map *map) | |
407 | { | |
408 | if (map->objcg) | |
409 | return get_mem_cgroup_from_objcg(map->objcg); | |
410 | ||
411 | return root_mem_cgroup; | |
48edc1f7 RG |
412 | } |
413 | ||
414 | void *bpf_map_kmalloc_node(const struct bpf_map *map, size_t size, gfp_t flags, | |
415 | int node) | |
416 | { | |
4201d9ab | 417 | struct mem_cgroup *memcg, *old_memcg; |
48edc1f7 RG |
418 | void *ptr; |
419 | ||
4201d9ab RG |
420 | memcg = bpf_map_get_memcg(map); |
421 | old_memcg = set_active_memcg(memcg); | |
48edc1f7 RG |
422 | ptr = kmalloc_node(size, flags | __GFP_ACCOUNT, node); |
423 | set_active_memcg(old_memcg); | |
4201d9ab | 424 | mem_cgroup_put(memcg); |
48edc1f7 RG |
425 | |
426 | return ptr; | |
427 | } | |
428 | ||
429 | void *bpf_map_kzalloc(const struct bpf_map *map, size_t size, gfp_t flags) | |
430 | { | |
4201d9ab | 431 | struct mem_cgroup *memcg, *old_memcg; |
48edc1f7 RG |
432 | void *ptr; |
433 | ||
4201d9ab RG |
434 | memcg = bpf_map_get_memcg(map); |
435 | old_memcg = set_active_memcg(memcg); | |
48edc1f7 RG |
436 | ptr = kzalloc(size, flags | __GFP_ACCOUNT); |
437 | set_active_memcg(old_memcg); | |
4201d9ab | 438 | mem_cgroup_put(memcg); |
48edc1f7 RG |
439 | |
440 | return ptr; | |
441 | } | |
442 | ||
ddef81b5 YS |
443 | void *bpf_map_kvcalloc(struct bpf_map *map, size_t n, size_t size, |
444 | gfp_t flags) | |
445 | { | |
446 | struct mem_cgroup *memcg, *old_memcg; | |
447 | void *ptr; | |
448 | ||
449 | memcg = bpf_map_get_memcg(map); | |
450 | old_memcg = set_active_memcg(memcg); | |
451 | ptr = kvcalloc(n, size, flags | __GFP_ACCOUNT); | |
452 | set_active_memcg(old_memcg); | |
453 | mem_cgroup_put(memcg); | |
454 | ||
455 | return ptr; | |
456 | } | |
457 | ||
48edc1f7 RG |
458 | void __percpu *bpf_map_alloc_percpu(const struct bpf_map *map, size_t size, |
459 | size_t align, gfp_t flags) | |
460 | { | |
4201d9ab | 461 | struct mem_cgroup *memcg, *old_memcg; |
48edc1f7 RG |
462 | void __percpu *ptr; |
463 | ||
4201d9ab RG |
464 | memcg = bpf_map_get_memcg(map); |
465 | old_memcg = set_active_memcg(memcg); | |
48edc1f7 RG |
466 | ptr = __alloc_percpu_gfp(size, align, flags | __GFP_ACCOUNT); |
467 | set_active_memcg(old_memcg); | |
4201d9ab | 468 | mem_cgroup_put(memcg); |
48edc1f7 RG |
469 | |
470 | return ptr; | |
471 | } | |
472 | ||
473 | #else | |
474 | static void bpf_map_save_memcg(struct bpf_map *map) | |
475 | { | |
476 | } | |
477 | ||
478 | static void bpf_map_release_memcg(struct bpf_map *map) | |
479 | { | |
480 | } | |
481 | #endif | |
482 | ||
aa3496ac | 483 | static int btf_field_cmp(const void *a, const void *b) |
61df10c7 | 484 | { |
aa3496ac | 485 | const struct btf_field *f1 = a, *f2 = b; |
61df10c7 | 486 | |
aa3496ac | 487 | if (f1->offset < f2->offset) |
61df10c7 | 488 | return -1; |
aa3496ac | 489 | else if (f1->offset > f2->offset) |
61df10c7 KKD |
490 | return 1; |
491 | return 0; | |
492 | } | |
493 | ||
aa3496ac | 494 | struct btf_field *btf_record_find(const struct btf_record *rec, u32 offset, |
74843b57 | 495 | u32 field_mask) |
61df10c7 | 496 | { |
aa3496ac | 497 | struct btf_field *field; |
61df10c7 | 498 | |
74843b57 | 499 | if (IS_ERR_OR_NULL(rec) || !(rec->field_mask & field_mask)) |
aa3496ac KKD |
500 | return NULL; |
501 | field = bsearch(&offset, rec->fields, rec->cnt, sizeof(rec->fields[0]), btf_field_cmp); | |
74843b57 | 502 | if (!field || !(field->type & field_mask)) |
61df10c7 | 503 | return NULL; |
aa3496ac | 504 | return field; |
61df10c7 KKD |
505 | } |
506 | ||
aa3496ac | 507 | void btf_record_free(struct btf_record *rec) |
61df10c7 | 508 | { |
61df10c7 KKD |
509 | int i; |
510 | ||
aa3496ac | 511 | if (IS_ERR_OR_NULL(rec)) |
61df10c7 | 512 | return; |
aa3496ac KKD |
513 | for (i = 0; i < rec->cnt; i++) { |
514 | switch (rec->fields[i].type) { | |
515 | case BPF_KPTR_UNREF: | |
516 | case BPF_KPTR_REF: | |
517 | if (rec->fields[i].kptr.module) | |
518 | module_put(rec->fields[i].kptr.module); | |
519 | btf_put(rec->fields[i].kptr.btf); | |
520 | break; | |
f0c5941f | 521 | case BPF_LIST_HEAD: |
8ffa5cc1 | 522 | case BPF_LIST_NODE: |
9c395c1b DM |
523 | case BPF_RB_ROOT: |
524 | case BPF_RB_NODE: | |
525 | case BPF_SPIN_LOCK: | |
526 | case BPF_TIMER: | |
d54730b5 | 527 | case BPF_REFCOUNT: |
9c395c1b | 528 | /* Nothing to release */ |
f0c5941f | 529 | break; |
aa3496ac KKD |
530 | default: |
531 | WARN_ON_ONCE(1); | |
532 | continue; | |
533 | } | |
14a324f6 | 534 | } |
aa3496ac KKD |
535 | kfree(rec); |
536 | } | |
537 | ||
538 | void bpf_map_free_record(struct bpf_map *map) | |
539 | { | |
540 | btf_record_free(map->record); | |
541 | map->record = NULL; | |
61df10c7 KKD |
542 | } |
543 | ||
aa3496ac | 544 | struct btf_record *btf_record_dup(const struct btf_record *rec) |
61df10c7 | 545 | { |
aa3496ac KKD |
546 | const struct btf_field *fields; |
547 | struct btf_record *new_rec; | |
548 | int ret, size, i; | |
61df10c7 | 549 | |
aa3496ac KKD |
550 | if (IS_ERR_OR_NULL(rec)) |
551 | return NULL; | |
552 | size = offsetof(struct btf_record, fields[rec->cnt]); | |
553 | new_rec = kmemdup(rec, size, GFP_KERNEL | __GFP_NOWARN); | |
554 | if (!new_rec) | |
61df10c7 | 555 | return ERR_PTR(-ENOMEM); |
aa3496ac KKD |
556 | /* Do a deep copy of the btf_record */ |
557 | fields = rec->fields; | |
558 | new_rec->cnt = 0; | |
559 | for (i = 0; i < rec->cnt; i++) { | |
560 | switch (fields[i].type) { | |
561 | case BPF_KPTR_UNREF: | |
562 | case BPF_KPTR_REF: | |
563 | btf_get(fields[i].kptr.btf); | |
564 | if (fields[i].kptr.module && !try_module_get(fields[i].kptr.module)) { | |
565 | ret = -ENXIO; | |
566 | goto free; | |
14a324f6 | 567 | } |
aa3496ac | 568 | break; |
f0c5941f | 569 | case BPF_LIST_HEAD: |
8ffa5cc1 | 570 | case BPF_LIST_NODE: |
9c395c1b DM |
571 | case BPF_RB_ROOT: |
572 | case BPF_RB_NODE: | |
573 | case BPF_SPIN_LOCK: | |
574 | case BPF_TIMER: | |
d54730b5 | 575 | case BPF_REFCOUNT: |
9c395c1b | 576 | /* Nothing to acquire */ |
f0c5941f | 577 | break; |
aa3496ac KKD |
578 | default: |
579 | ret = -EFAULT; | |
580 | WARN_ON_ONCE(1); | |
581 | goto free; | |
14a324f6 | 582 | } |
aa3496ac | 583 | new_rec->cnt++; |
14a324f6 | 584 | } |
aa3496ac KKD |
585 | return new_rec; |
586 | free: | |
587 | btf_record_free(new_rec); | |
588 | return ERR_PTR(ret); | |
61df10c7 KKD |
589 | } |
590 | ||
aa3496ac | 591 | bool btf_record_equal(const struct btf_record *rec_a, const struct btf_record *rec_b) |
61df10c7 | 592 | { |
aa3496ac | 593 | bool a_has_fields = !IS_ERR_OR_NULL(rec_a), b_has_fields = !IS_ERR_OR_NULL(rec_b); |
61df10c7 KKD |
594 | int size; |
595 | ||
aa3496ac | 596 | if (!a_has_fields && !b_has_fields) |
61df10c7 | 597 | return true; |
aa3496ac | 598 | if (a_has_fields != b_has_fields) |
61df10c7 | 599 | return false; |
aa3496ac | 600 | if (rec_a->cnt != rec_b->cnt) |
61df10c7 | 601 | return false; |
aa3496ac | 602 | size = offsetof(struct btf_record, fields[rec_a->cnt]); |
c22dfdd2 KKD |
603 | /* btf_parse_fields uses kzalloc to allocate a btf_record, so unused |
604 | * members are zeroed out. So memcmp is safe to do without worrying | |
605 | * about padding/unused fields. | |
606 | * | |
607 | * While spin_lock, timer, and kptr have no relation to map BTF, | |
608 | * list_head metadata is specific to map BTF, the btf and value_rec | |
609 | * members in particular. btf is the map BTF, while value_rec points to | |
610 | * btf_record in that map BTF. | |
611 | * | |
612 | * So while by default, we don't rely on the map BTF (which the records | |
613 | * were parsed from) matching for both records, which is not backwards | |
614 | * compatible, in case list_head is part of it, we implicitly rely on | |
615 | * that by way of depending on memcmp succeeding for it. | |
616 | */ | |
aa3496ac | 617 | return !memcmp(rec_a, rec_b, size); |
61df10c7 KKD |
618 | } |
619 | ||
db559117 KKD |
620 | void bpf_obj_free_timer(const struct btf_record *rec, void *obj) |
621 | { | |
622 | if (WARN_ON_ONCE(!btf_record_has_field(rec, BPF_TIMER))) | |
623 | return; | |
624 | bpf_timer_cancel_and_free(obj + rec->timer_off); | |
625 | } | |
626 | ||
9e36a204 DM |
627 | extern void __bpf_obj_drop_impl(void *p, const struct btf_record *rec); |
628 | ||
aa3496ac | 629 | void bpf_obj_free_fields(const struct btf_record *rec, void *obj) |
14a324f6 | 630 | { |
aa3496ac | 631 | const struct btf_field *fields; |
14a324f6 KKD |
632 | int i; |
633 | ||
aa3496ac KKD |
634 | if (IS_ERR_OR_NULL(rec)) |
635 | return; | |
636 | fields = rec->fields; | |
637 | for (i = 0; i < rec->cnt; i++) { | |
c8e18754 | 638 | struct btf_struct_meta *pointee_struct_meta; |
aa3496ac KKD |
639 | const struct btf_field *field = &fields[i]; |
640 | void *field_ptr = obj + field->offset; | |
c8e18754 | 641 | void *xchgd_field; |
aa3496ac KKD |
642 | |
643 | switch (fields[i].type) { | |
db559117 KKD |
644 | case BPF_SPIN_LOCK: |
645 | break; | |
646 | case BPF_TIMER: | |
647 | bpf_timer_cancel_and_free(field_ptr); | |
648 | break; | |
aa3496ac KKD |
649 | case BPF_KPTR_UNREF: |
650 | WRITE_ONCE(*(u64 *)field_ptr, 0); | |
651 | break; | |
652 | case BPF_KPTR_REF: | |
c8e18754 | 653 | xchgd_field = (void *)xchg((unsigned long *)field_ptr, 0); |
1431d0b5 DV |
654 | if (!xchgd_field) |
655 | break; | |
656 | ||
c8e18754 DM |
657 | if (!btf_is_kernel(field->kptr.btf)) { |
658 | pointee_struct_meta = btf_find_struct_meta(field->kptr.btf, | |
659 | field->kptr.btf_id); | |
660 | WARN_ON_ONCE(!pointee_struct_meta); | |
9e36a204 DM |
661 | migrate_disable(); |
662 | __bpf_obj_drop_impl(xchgd_field, pointee_struct_meta ? | |
663 | pointee_struct_meta->record : | |
664 | NULL); | |
665 | migrate_enable(); | |
c8e18754 DM |
666 | } else { |
667 | field->kptr.dtor(xchgd_field); | |
668 | } | |
aa3496ac | 669 | break; |
f0c5941f KKD |
670 | case BPF_LIST_HEAD: |
671 | if (WARN_ON_ONCE(rec->spin_lock_off < 0)) | |
672 | continue; | |
673 | bpf_list_head_free(field, field_ptr, obj + rec->spin_lock_off); | |
674 | break; | |
9c395c1b DM |
675 | case BPF_RB_ROOT: |
676 | if (WARN_ON_ONCE(rec->spin_lock_off < 0)) | |
677 | continue; | |
678 | bpf_rb_root_free(field, field_ptr, obj + rec->spin_lock_off); | |
679 | break; | |
8ffa5cc1 | 680 | case BPF_LIST_NODE: |
9c395c1b | 681 | case BPF_RB_NODE: |
d54730b5 | 682 | case BPF_REFCOUNT: |
8ffa5cc1 | 683 | break; |
aa3496ac KKD |
684 | default: |
685 | WARN_ON_ONCE(1); | |
14a324f6 KKD |
686 | continue; |
687 | } | |
14a324f6 KKD |
688 | } |
689 | } | |
690 | ||
99c55f7d AS |
691 | /* called from workqueue */ |
692 | static void bpf_map_free_deferred(struct work_struct *work) | |
693 | { | |
694 | struct bpf_map *map = container_of(work, struct bpf_map, work); | |
d7f5ef65 | 695 | struct btf_record *rec = map->record; |
99c55f7d | 696 | |
afdb09c7 | 697 | security_bpf_map_free(map); |
48edc1f7 | 698 | bpf_map_release_memcg(map); |
d7f5ef65 | 699 | /* implementation dependent freeing */ |
99c55f7d | 700 | map->ops->map_free(map); |
cd2a8079 | 701 | /* Delay freeing of btf_record for maps, as map_free |
d7f5ef65 KKD |
702 | * callback usually needs access to them. It is better to do it here |
703 | * than require each callback to do the free itself manually. | |
704 | * | |
705 | * Note that the btf_record stashed in map->inner_map_meta->record was | |
706 | * already freed using the map_free callback for map in map case which | |
707 | * eventually calls bpf_map_free_meta, since inner_map_meta is only a | |
708 | * template bpf_map struct used during verification. | |
709 | */ | |
d7f5ef65 | 710 | btf_record_free(rec); |
99c55f7d AS |
711 | } |
712 | ||
c9da161c DB |
713 | static void bpf_map_put_uref(struct bpf_map *map) |
714 | { | |
1e0bd5a0 | 715 | if (atomic64_dec_and_test(&map->usercnt)) { |
ba6b8de4 JF |
716 | if (map->ops->map_release_uref) |
717 | map->ops->map_release_uref(map); | |
c9da161c DB |
718 | } |
719 | } | |
720 | ||
99c55f7d | 721 | /* decrement map refcnt and schedule it for freeing via workqueue |
158e5e9e | 722 | * (underlying map implementation ops->map_free() might sleep) |
99c55f7d | 723 | */ |
158e5e9e | 724 | void bpf_map_put(struct bpf_map *map) |
99c55f7d | 725 | { |
1e0bd5a0 | 726 | if (atomic64_dec_and_test(&map->refcnt)) { |
34ad5580 | 727 | /* bpf_map_free_id() must be called first */ |
158e5e9e | 728 | bpf_map_free_id(map); |
78958fca | 729 | btf_put(map->btf); |
99c55f7d | 730 | INIT_WORK(&map->work, bpf_map_free_deferred); |
8d5a8011 AS |
731 | /* Avoid spawning kworkers, since they all might contend |
732 | * for the same mutex like slab_mutex. | |
733 | */ | |
734 | queue_work(system_unbound_wq, &map->work); | |
99c55f7d AS |
735 | } |
736 | } | |
630a4d38 | 737 | EXPORT_SYMBOL_GPL(bpf_map_put); |
bd5f5f4e | 738 | |
c9da161c | 739 | void bpf_map_put_with_uref(struct bpf_map *map) |
99c55f7d | 740 | { |
c9da161c | 741 | bpf_map_put_uref(map); |
99c55f7d | 742 | bpf_map_put(map); |
c9da161c DB |
743 | } |
744 | ||
745 | static int bpf_map_release(struct inode *inode, struct file *filp) | |
746 | { | |
61d1b6a4 DB |
747 | struct bpf_map *map = filp->private_data; |
748 | ||
749 | if (map->ops->map_release) | |
750 | map->ops->map_release(map, filp); | |
751 | ||
752 | bpf_map_put_with_uref(map); | |
99c55f7d AS |
753 | return 0; |
754 | } | |
755 | ||
87df15de DB |
756 | static fmode_t map_get_sys_perms(struct bpf_map *map, struct fd f) |
757 | { | |
758 | fmode_t mode = f.file->f_mode; | |
759 | ||
760 | /* Our file permissions may have been overridden by global | |
761 | * map permissions facing syscall side. | |
762 | */ | |
763 | if (READ_ONCE(map->frozen)) | |
764 | mode &= ~FMODE_CAN_WRITE; | |
765 | return mode; | |
766 | } | |
767 | ||
f99bf205 | 768 | #ifdef CONFIG_PROC_FS |
90a5527d YS |
769 | /* Show the memory usage of a bpf map */ |
770 | static u64 bpf_map_memory_usage(const struct bpf_map *map) | |
80ee81e0 | 771 | { |
6b4a6ea2 | 772 | return map->ops->map_mem_usage(map); |
80ee81e0 RG |
773 | } |
774 | ||
f99bf205 DB |
775 | static void bpf_map_show_fdinfo(struct seq_file *m, struct file *filp) |
776 | { | |
f45d5b6c | 777 | struct bpf_map *map = filp->private_data; |
2beee5f5 | 778 | u32 type = 0, jited = 0; |
21116b70 | 779 | |
f45d5b6c THJ |
780 | if (map_type_contains_progs(map)) { |
781 | spin_lock(&map->owner.lock); | |
782 | type = map->owner.type; | |
783 | jited = map->owner.jited; | |
784 | spin_unlock(&map->owner.lock); | |
21116b70 | 785 | } |
f99bf205 DB |
786 | |
787 | seq_printf(m, | |
788 | "map_type:\t%u\n" | |
789 | "key_size:\t%u\n" | |
790 | "value_size:\t%u\n" | |
322cea2f | 791 | "max_entries:\t%u\n" |
21116b70 | 792 | "map_flags:\t%#x\n" |
9330986c | 793 | "map_extra:\t%#llx\n" |
90a5527d | 794 | "memlock:\t%llu\n" |
87df15de DB |
795 | "map_id:\t%u\n" |
796 | "frozen:\t%u\n", | |
f99bf205 DB |
797 | map->map_type, |
798 | map->key_size, | |
799 | map->value_size, | |
322cea2f | 800 | map->max_entries, |
21116b70 | 801 | map->map_flags, |
9330986c | 802 | (unsigned long long)map->map_extra, |
90a5527d | 803 | bpf_map_memory_usage(map), |
87df15de DB |
804 | map->id, |
805 | READ_ONCE(map->frozen)); | |
2beee5f5 DB |
806 | if (type) { |
807 | seq_printf(m, "owner_prog_type:\t%u\n", type); | |
808 | seq_printf(m, "owner_jited:\t%u\n", jited); | |
9780c0ab | 809 | } |
f99bf205 DB |
810 | } |
811 | #endif | |
812 | ||
6e71b04a CF |
813 | static ssize_t bpf_dummy_read(struct file *filp, char __user *buf, size_t siz, |
814 | loff_t *ppos) | |
815 | { | |
816 | /* We need this handler such that alloc_file() enables | |
817 | * f_mode with FMODE_CAN_READ. | |
818 | */ | |
819 | return -EINVAL; | |
820 | } | |
821 | ||
822 | static ssize_t bpf_dummy_write(struct file *filp, const char __user *buf, | |
823 | size_t siz, loff_t *ppos) | |
824 | { | |
825 | /* We need this handler such that alloc_file() enables | |
826 | * f_mode with FMODE_CAN_WRITE. | |
827 | */ | |
828 | return -EINVAL; | |
829 | } | |
830 | ||
fc970227 AN |
831 | /* called for any extra memory-mapped regions (except initial) */ |
832 | static void bpf_map_mmap_open(struct vm_area_struct *vma) | |
833 | { | |
834 | struct bpf_map *map = vma->vm_file->private_data; | |
835 | ||
353050be DB |
836 | if (vma->vm_flags & VM_MAYWRITE) |
837 | bpf_map_write_active_inc(map); | |
fc970227 AN |
838 | } |
839 | ||
840 | /* called for all unmapped memory region (including initial) */ | |
841 | static void bpf_map_mmap_close(struct vm_area_struct *vma) | |
842 | { | |
843 | struct bpf_map *map = vma->vm_file->private_data; | |
844 | ||
353050be DB |
845 | if (vma->vm_flags & VM_MAYWRITE) |
846 | bpf_map_write_active_dec(map); | |
fc970227 AN |
847 | } |
848 | ||
849 | static const struct vm_operations_struct bpf_map_default_vmops = { | |
850 | .open = bpf_map_mmap_open, | |
851 | .close = bpf_map_mmap_close, | |
852 | }; | |
853 | ||
854 | static int bpf_map_mmap(struct file *filp, struct vm_area_struct *vma) | |
855 | { | |
856 | struct bpf_map *map = filp->private_data; | |
857 | int err; | |
858 | ||
db559117 | 859 | if (!map->ops->map_mmap || !IS_ERR_OR_NULL(map->record)) |
fc970227 AN |
860 | return -ENOTSUPP; |
861 | ||
862 | if (!(vma->vm_flags & VM_SHARED)) | |
863 | return -EINVAL; | |
864 | ||
865 | mutex_lock(&map->freeze_mutex); | |
866 | ||
dfeb376d AN |
867 | if (vma->vm_flags & VM_WRITE) { |
868 | if (map->frozen) { | |
869 | err = -EPERM; | |
870 | goto out; | |
871 | } | |
872 | /* map is meant to be read-only, so do not allow mapping as | |
873 | * writable, because it's possible to leak a writable page | |
874 | * reference and allows user-space to still modify it after | |
875 | * freezing, while verifier will assume contents do not change | |
876 | */ | |
877 | if (map->map_flags & BPF_F_RDONLY_PROG) { | |
878 | err = -EACCES; | |
879 | goto out; | |
880 | } | |
fc970227 AN |
881 | } |
882 | ||
883 | /* set default open/close callbacks */ | |
884 | vma->vm_ops = &bpf_map_default_vmops; | |
885 | vma->vm_private_data = map; | |
1c71222e | 886 | vm_flags_clear(vma, VM_MAYEXEC); |
1f6cb19b AN |
887 | if (!(vma->vm_flags & VM_WRITE)) |
888 | /* disallow re-mapping with PROT_WRITE */ | |
1c71222e | 889 | vm_flags_clear(vma, VM_MAYWRITE); |
fc970227 AN |
890 | |
891 | err = map->ops->map_mmap(map, vma); | |
892 | if (err) | |
893 | goto out; | |
894 | ||
1f6cb19b | 895 | if (vma->vm_flags & VM_MAYWRITE) |
353050be | 896 | bpf_map_write_active_inc(map); |
fc970227 AN |
897 | out: |
898 | mutex_unlock(&map->freeze_mutex); | |
899 | return err; | |
900 | } | |
901 | ||
457f4436 AN |
902 | static __poll_t bpf_map_poll(struct file *filp, struct poll_table_struct *pts) |
903 | { | |
904 | struct bpf_map *map = filp->private_data; | |
905 | ||
906 | if (map->ops->map_poll) | |
907 | return map->ops->map_poll(map, filp, pts); | |
908 | ||
909 | return EPOLLERR; | |
910 | } | |
911 | ||
f66e448c | 912 | const struct file_operations bpf_map_fops = { |
f99bf205 DB |
913 | #ifdef CONFIG_PROC_FS |
914 | .show_fdinfo = bpf_map_show_fdinfo, | |
915 | #endif | |
916 | .release = bpf_map_release, | |
6e71b04a CF |
917 | .read = bpf_dummy_read, |
918 | .write = bpf_dummy_write, | |
fc970227 | 919 | .mmap = bpf_map_mmap, |
457f4436 | 920 | .poll = bpf_map_poll, |
99c55f7d AS |
921 | }; |
922 | ||
6e71b04a | 923 | int bpf_map_new_fd(struct bpf_map *map, int flags) |
aa79781b | 924 | { |
afdb09c7 CF |
925 | int ret; |
926 | ||
927 | ret = security_bpf_map(map, OPEN_FMODE(flags)); | |
928 | if (ret < 0) | |
929 | return ret; | |
930 | ||
aa79781b | 931 | return anon_inode_getfd("bpf-map", &bpf_map_fops, map, |
6e71b04a CF |
932 | flags | O_CLOEXEC); |
933 | } | |
934 | ||
935 | int bpf_get_file_flag(int flags) | |
936 | { | |
937 | if ((flags & BPF_F_RDONLY) && (flags & BPF_F_WRONLY)) | |
938 | return -EINVAL; | |
939 | if (flags & BPF_F_RDONLY) | |
940 | return O_RDONLY; | |
941 | if (flags & BPF_F_WRONLY) | |
942 | return O_WRONLY; | |
943 | return O_RDWR; | |
aa79781b DB |
944 | } |
945 | ||
99c55f7d AS |
946 | /* helper macro to check that unused fields 'union bpf_attr' are zero */ |
947 | #define CHECK_ATTR(CMD) \ | |
948 | memchr_inv((void *) &attr->CMD##_LAST_FIELD + \ | |
949 | sizeof(attr->CMD##_LAST_FIELD), 0, \ | |
950 | sizeof(*attr) - \ | |
951 | offsetof(union bpf_attr, CMD##_LAST_FIELD) - \ | |
952 | sizeof(attr->CMD##_LAST_FIELD)) != NULL | |
953 | ||
8e7ae251 MKL |
954 | /* dst and src must have at least "size" number of bytes. |
955 | * Return strlen on success and < 0 on error. | |
cb4d2b3f | 956 | */ |
8e7ae251 | 957 | int bpf_obj_name_cpy(char *dst, const char *src, unsigned int size) |
cb4d2b3f | 958 | { |
8e7ae251 MKL |
959 | const char *end = src + size; |
960 | const char *orig_src = src; | |
cb4d2b3f | 961 | |
8e7ae251 | 962 | memset(dst, 0, size); |
3e0ddc4f | 963 | /* Copy all isalnum(), '_' and '.' chars. */ |
cb4d2b3f | 964 | while (src < end && *src) { |
3e0ddc4f DB |
965 | if (!isalnum(*src) && |
966 | *src != '_' && *src != '.') | |
cb4d2b3f MKL |
967 | return -EINVAL; |
968 | *dst++ = *src++; | |
969 | } | |
970 | ||
8e7ae251 | 971 | /* No '\0' found in "size" number of bytes */ |
cb4d2b3f MKL |
972 | if (src == end) |
973 | return -EINVAL; | |
974 | ||
8e7ae251 | 975 | return src - orig_src; |
cb4d2b3f MKL |
976 | } |
977 | ||
e8d2bec0 | 978 | int map_check_no_btf(const struct bpf_map *map, |
1b2b234b | 979 | const struct btf *btf, |
e8d2bec0 DB |
980 | const struct btf_type *key_type, |
981 | const struct btf_type *value_type) | |
982 | { | |
983 | return -ENOTSUPP; | |
984 | } | |
985 | ||
d83525ca | 986 | static int map_check_btf(struct bpf_map *map, const struct btf *btf, |
e8d2bec0 DB |
987 | u32 btf_key_id, u32 btf_value_id) |
988 | { | |
989 | const struct btf_type *key_type, *value_type; | |
990 | u32 key_size, value_size; | |
991 | int ret = 0; | |
992 | ||
2824ecb7 DB |
993 | /* Some maps allow key to be unspecified. */ |
994 | if (btf_key_id) { | |
995 | key_type = btf_type_id_size(btf, &btf_key_id, &key_size); | |
996 | if (!key_type || key_size != map->key_size) | |
997 | return -EINVAL; | |
998 | } else { | |
999 | key_type = btf_type_by_id(btf, 0); | |
1000 | if (!map->ops->map_check_btf) | |
1001 | return -EINVAL; | |
1002 | } | |
e8d2bec0 DB |
1003 | |
1004 | value_type = btf_type_id_size(btf, &btf_value_id, &value_size); | |
1005 | if (!value_type || value_size != map->value_size) | |
1006 | return -EINVAL; | |
1007 | ||
f0c5941f | 1008 | map->record = btf_parse_fields(btf, value_type, |
9c395c1b | 1009 | BPF_SPIN_LOCK | BPF_TIMER | BPF_KPTR | BPF_LIST_HEAD | |
d54730b5 | 1010 | BPF_RB_ROOT | BPF_REFCOUNT, |
db559117 | 1011 | map->value_size); |
aa3496ac KKD |
1012 | if (!IS_ERR_OR_NULL(map->record)) { |
1013 | int i; | |
1014 | ||
61df10c7 KKD |
1015 | if (!bpf_capable()) { |
1016 | ret = -EPERM; | |
1017 | goto free_map_tab; | |
1018 | } | |
1019 | if (map->map_flags & (BPF_F_RDONLY_PROG | BPF_F_WRONLY_PROG)) { | |
1020 | ret = -EACCES; | |
1021 | goto free_map_tab; | |
1022 | } | |
aa3496ac KKD |
1023 | for (i = 0; i < sizeof(map->record->field_mask) * 8; i++) { |
1024 | switch (map->record->field_mask & (1 << i)) { | |
1025 | case 0: | |
1026 | continue; | |
db559117 KKD |
1027 | case BPF_SPIN_LOCK: |
1028 | if (map->map_type != BPF_MAP_TYPE_HASH && | |
1029 | map->map_type != BPF_MAP_TYPE_ARRAY && | |
1030 | map->map_type != BPF_MAP_TYPE_CGROUP_STORAGE && | |
1031 | map->map_type != BPF_MAP_TYPE_SK_STORAGE && | |
1032 | map->map_type != BPF_MAP_TYPE_INODE_STORAGE && | |
1033 | map->map_type != BPF_MAP_TYPE_TASK_STORAGE && | |
1034 | map->map_type != BPF_MAP_TYPE_CGRP_STORAGE) { | |
1035 | ret = -EOPNOTSUPP; | |
1036 | goto free_map_tab; | |
1037 | } | |
1038 | break; | |
1039 | case BPF_TIMER: | |
1040 | if (map->map_type != BPF_MAP_TYPE_HASH && | |
1041 | map->map_type != BPF_MAP_TYPE_LRU_HASH && | |
1042 | map->map_type != BPF_MAP_TYPE_ARRAY) { | |
c237bfa5 | 1043 | ret = -EOPNOTSUPP; |
db559117 KKD |
1044 | goto free_map_tab; |
1045 | } | |
1046 | break; | |
aa3496ac KKD |
1047 | case BPF_KPTR_UNREF: |
1048 | case BPF_KPTR_REF: | |
d54730b5 | 1049 | case BPF_REFCOUNT: |
aa3496ac | 1050 | if (map->map_type != BPF_MAP_TYPE_HASH && |
65334e64 | 1051 | map->map_type != BPF_MAP_TYPE_PERCPU_HASH && |
aa3496ac | 1052 | map->map_type != BPF_MAP_TYPE_LRU_HASH && |
65334e64 | 1053 | map->map_type != BPF_MAP_TYPE_LRU_PERCPU_HASH && |
aa3496ac | 1054 | map->map_type != BPF_MAP_TYPE_ARRAY && |
9db44fdd KKD |
1055 | map->map_type != BPF_MAP_TYPE_PERCPU_ARRAY && |
1056 | map->map_type != BPF_MAP_TYPE_SK_STORAGE && | |
1057 | map->map_type != BPF_MAP_TYPE_INODE_STORAGE && | |
1058 | map->map_type != BPF_MAP_TYPE_TASK_STORAGE && | |
1059 | map->map_type != BPF_MAP_TYPE_CGRP_STORAGE) { | |
f0c5941f KKD |
1060 | ret = -EOPNOTSUPP; |
1061 | goto free_map_tab; | |
1062 | } | |
1063 | break; | |
1064 | case BPF_LIST_HEAD: | |
9c395c1b | 1065 | case BPF_RB_ROOT: |
f0c5941f KKD |
1066 | if (map->map_type != BPF_MAP_TYPE_HASH && |
1067 | map->map_type != BPF_MAP_TYPE_LRU_HASH && | |
1068 | map->map_type != BPF_MAP_TYPE_ARRAY) { | |
aa3496ac KKD |
1069 | ret = -EOPNOTSUPP; |
1070 | goto free_map_tab; | |
1071 | } | |
1072 | break; | |
1073 | default: | |
1074 | /* Fail if map_type checks are missing for a field type */ | |
1075 | ret = -EOPNOTSUPP; | |
1076 | goto free_map_tab; | |
1077 | } | |
61df10c7 KKD |
1078 | } |
1079 | } | |
1080 | ||
865ce09a KKD |
1081 | ret = btf_check_and_fixup_fields(btf, map->record); |
1082 | if (ret < 0) | |
1083 | goto free_map_tab; | |
1084 | ||
61df10c7 | 1085 | if (map->ops->map_check_btf) { |
1b2b234b | 1086 | ret = map->ops->map_check_btf(map, btf, key_type, value_type); |
61df10c7 KKD |
1087 | if (ret < 0) |
1088 | goto free_map_tab; | |
1089 | } | |
e8d2bec0 | 1090 | |
61df10c7 KKD |
1091 | return ret; |
1092 | free_map_tab: | |
aa3496ac | 1093 | bpf_map_free_record(map); |
e8d2bec0 DB |
1094 | return ret; |
1095 | } | |
1096 | ||
9330986c | 1097 | #define BPF_MAP_CREATE_LAST_FIELD map_extra |
99c55f7d AS |
1098 | /* called via syscall */ |
1099 | static int map_create(union bpf_attr *attr) | |
1100 | { | |
22db4122 | 1101 | const struct bpf_map_ops *ops; |
96eabe7a | 1102 | int numa_node = bpf_map_attr_numa_node(attr); |
22db4122 | 1103 | u32 map_type = attr->map_type; |
99c55f7d | 1104 | struct bpf_map *map; |
6e71b04a | 1105 | int f_flags; |
99c55f7d AS |
1106 | int err; |
1107 | ||
1108 | err = CHECK_ATTR(BPF_MAP_CREATE); | |
1109 | if (err) | |
1110 | return -EINVAL; | |
1111 | ||
85d33df3 MKL |
1112 | if (attr->btf_vmlinux_value_type_id) { |
1113 | if (attr->map_type != BPF_MAP_TYPE_STRUCT_OPS || | |
1114 | attr->btf_key_type_id || attr->btf_value_type_id) | |
1115 | return -EINVAL; | |
1116 | } else if (attr->btf_key_type_id && !attr->btf_value_type_id) { | |
1117 | return -EINVAL; | |
1118 | } | |
1119 | ||
9330986c JK |
1120 | if (attr->map_type != BPF_MAP_TYPE_BLOOM_FILTER && |
1121 | attr->map_extra != 0) | |
1122 | return -EINVAL; | |
1123 | ||
6e71b04a CF |
1124 | f_flags = bpf_get_file_flag(attr->map_flags); |
1125 | if (f_flags < 0) | |
1126 | return f_flags; | |
1127 | ||
96eabe7a | 1128 | if (numa_node != NUMA_NO_NODE && |
96e5ae4e ED |
1129 | ((unsigned int)numa_node >= nr_node_ids || |
1130 | !node_online(numa_node))) | |
96eabe7a MKL |
1131 | return -EINVAL; |
1132 | ||
99c55f7d | 1133 | /* find map type and init map: hashtable vs rbtree vs bloom vs ... */ |
22db4122 AN |
1134 | map_type = attr->map_type; |
1135 | if (map_type >= ARRAY_SIZE(bpf_map_types)) | |
1136 | return -EINVAL; | |
1137 | map_type = array_index_nospec(map_type, ARRAY_SIZE(bpf_map_types)); | |
1138 | ops = bpf_map_types[map_type]; | |
1139 | if (!ops) | |
1140 | return -EINVAL; | |
1141 | ||
1142 | if (ops->map_alloc_check) { | |
1143 | err = ops->map_alloc_check(attr); | |
1144 | if (err) | |
1145 | return err; | |
1146 | } | |
1147 | if (attr->map_ifindex) | |
1148 | ops = &bpf_map_offload_ops; | |
1149 | if (!ops->map_mem_usage) | |
1150 | return -EINVAL; | |
1151 | ||
1d28635a AN |
1152 | /* Intent here is for unprivileged_bpf_disabled to block BPF map |
1153 | * creation for unprivileged users; other actions depend | |
1154 | * on fd availability and access to bpffs, so are dependent on | |
1155 | * object creation success. Even with unprivileged BPF disabled, | |
1156 | * capability checks are still carried out. | |
1157 | */ | |
1158 | if (sysctl_unprivileged_bpf_disabled && !bpf_capable()) | |
1159 | return -EPERM; | |
1160 | ||
6c3eba1c AN |
1161 | /* check privileged map type permissions */ |
1162 | switch (map_type) { | |
1163 | case BPF_MAP_TYPE_ARRAY: | |
1164 | case BPF_MAP_TYPE_PERCPU_ARRAY: | |
1165 | case BPF_MAP_TYPE_PROG_ARRAY: | |
1166 | case BPF_MAP_TYPE_PERF_EVENT_ARRAY: | |
1167 | case BPF_MAP_TYPE_CGROUP_ARRAY: | |
1168 | case BPF_MAP_TYPE_ARRAY_OF_MAPS: | |
1169 | case BPF_MAP_TYPE_HASH: | |
1170 | case BPF_MAP_TYPE_PERCPU_HASH: | |
1171 | case BPF_MAP_TYPE_HASH_OF_MAPS: | |
1172 | case BPF_MAP_TYPE_RINGBUF: | |
1173 | case BPF_MAP_TYPE_USER_RINGBUF: | |
1174 | case BPF_MAP_TYPE_CGROUP_STORAGE: | |
1175 | case BPF_MAP_TYPE_PERCPU_CGROUP_STORAGE: | |
1176 | /* unprivileged */ | |
1177 | break; | |
1178 | case BPF_MAP_TYPE_SK_STORAGE: | |
1179 | case BPF_MAP_TYPE_INODE_STORAGE: | |
1180 | case BPF_MAP_TYPE_TASK_STORAGE: | |
1181 | case BPF_MAP_TYPE_CGRP_STORAGE: | |
1182 | case BPF_MAP_TYPE_BLOOM_FILTER: | |
1183 | case BPF_MAP_TYPE_LPM_TRIE: | |
1184 | case BPF_MAP_TYPE_REUSEPORT_SOCKARRAY: | |
1185 | case BPF_MAP_TYPE_STACK_TRACE: | |
1186 | case BPF_MAP_TYPE_QUEUE: | |
1187 | case BPF_MAP_TYPE_STACK: | |
1188 | case BPF_MAP_TYPE_LRU_HASH: | |
1189 | case BPF_MAP_TYPE_LRU_PERCPU_HASH: | |
1190 | case BPF_MAP_TYPE_STRUCT_OPS: | |
1191 | case BPF_MAP_TYPE_CPUMAP: | |
1192 | if (!bpf_capable()) | |
1193 | return -EPERM; | |
1194 | break; | |
1195 | case BPF_MAP_TYPE_SOCKMAP: | |
1196 | case BPF_MAP_TYPE_SOCKHASH: | |
1197 | case BPF_MAP_TYPE_DEVMAP: | |
1198 | case BPF_MAP_TYPE_DEVMAP_HASH: | |
1199 | case BPF_MAP_TYPE_XSKMAP: | |
1200 | if (!capable(CAP_NET_ADMIN)) | |
1201 | return -EPERM; | |
1202 | break; | |
1203 | default: | |
1204 | WARN(1, "unsupported map type %d", map_type); | |
1205 | return -EPERM; | |
1206 | } | |
1207 | ||
22db4122 | 1208 | map = ops->map_alloc(attr); |
99c55f7d AS |
1209 | if (IS_ERR(map)) |
1210 | return PTR_ERR(map); | |
22db4122 AN |
1211 | map->ops = ops; |
1212 | map->map_type = map_type; | |
99c55f7d | 1213 | |
8e7ae251 MKL |
1214 | err = bpf_obj_name_cpy(map->name, attr->map_name, |
1215 | sizeof(attr->map_name)); | |
1216 | if (err < 0) | |
b936ca64 | 1217 | goto free_map; |
ad5b177b | 1218 | |
1e0bd5a0 AN |
1219 | atomic64_set(&map->refcnt, 1); |
1220 | atomic64_set(&map->usercnt, 1); | |
fc970227 | 1221 | mutex_init(&map->freeze_mutex); |
f45d5b6c | 1222 | spin_lock_init(&map->owner.lock); |
99c55f7d | 1223 | |
85d33df3 MKL |
1224 | if (attr->btf_key_type_id || attr->btf_value_type_id || |
1225 | /* Even the map's value is a kernel's struct, | |
1226 | * the bpf_prog.o must have BTF to begin with | |
1227 | * to figure out the corresponding kernel's | |
1228 | * counter part. Thus, attr->btf_fd has | |
1229 | * to be valid also. | |
1230 | */ | |
1231 | attr->btf_vmlinux_value_type_id) { | |
a26ca7c9 MKL |
1232 | struct btf *btf; |
1233 | ||
a26ca7c9 MKL |
1234 | btf = btf_get_by_fd(attr->btf_fd); |
1235 | if (IS_ERR(btf)) { | |
1236 | err = PTR_ERR(btf); | |
b936ca64 | 1237 | goto free_map; |
a26ca7c9 | 1238 | } |
350a5c4d AS |
1239 | if (btf_is_kernel(btf)) { |
1240 | btf_put(btf); | |
1241 | err = -EACCES; | |
1242 | goto free_map; | |
1243 | } | |
85d33df3 | 1244 | map->btf = btf; |
a26ca7c9 | 1245 | |
85d33df3 MKL |
1246 | if (attr->btf_value_type_id) { |
1247 | err = map_check_btf(map, btf, attr->btf_key_type_id, | |
1248 | attr->btf_value_type_id); | |
1249 | if (err) | |
1250 | goto free_map; | |
a26ca7c9 MKL |
1251 | } |
1252 | ||
9b2cf328 MKL |
1253 | map->btf_key_type_id = attr->btf_key_type_id; |
1254 | map->btf_value_type_id = attr->btf_value_type_id; | |
85d33df3 MKL |
1255 | map->btf_vmlinux_value_type_id = |
1256 | attr->btf_vmlinux_value_type_id; | |
a26ca7c9 MKL |
1257 | } |
1258 | ||
4d7d7f69 KKD |
1259 | err = security_bpf_map_alloc(map); |
1260 | if (err) | |
cd2a8079 | 1261 | goto free_map; |
4d7d7f69 | 1262 | |
f3f1c054 MKL |
1263 | err = bpf_map_alloc_id(map); |
1264 | if (err) | |
b936ca64 | 1265 | goto free_map_sec; |
f3f1c054 | 1266 | |
48edc1f7 RG |
1267 | bpf_map_save_memcg(map); |
1268 | ||
6e71b04a | 1269 | err = bpf_map_new_fd(map, f_flags); |
bd5f5f4e MKL |
1270 | if (err < 0) { |
1271 | /* failed to allocate fd. | |
352d20d6 | 1272 | * bpf_map_put_with_uref() is needed because the above |
bd5f5f4e MKL |
1273 | * bpf_map_alloc_id() has published the map |
1274 | * to the userspace and the userspace may | |
1275 | * have refcnt-ed it through BPF_MAP_GET_FD_BY_ID. | |
1276 | */ | |
352d20d6 | 1277 | bpf_map_put_with_uref(map); |
bd5f5f4e MKL |
1278 | return err; |
1279 | } | |
99c55f7d AS |
1280 | |
1281 | return err; | |
1282 | ||
afdb09c7 CF |
1283 | free_map_sec: |
1284 | security_bpf_map_free(map); | |
b936ca64 | 1285 | free_map: |
a26ca7c9 | 1286 | btf_put(map->btf); |
99c55f7d AS |
1287 | map->ops->map_free(map); |
1288 | return err; | |
1289 | } | |
1290 | ||
db20fd2b AS |
1291 | /* if error is returned, fd is released. |
1292 | * On success caller should complete fd access with matching fdput() | |
1293 | */ | |
c2101297 | 1294 | struct bpf_map *__bpf_map_get(struct fd f) |
db20fd2b | 1295 | { |
db20fd2b AS |
1296 | if (!f.file) |
1297 | return ERR_PTR(-EBADF); | |
db20fd2b AS |
1298 | if (f.file->f_op != &bpf_map_fops) { |
1299 | fdput(f); | |
1300 | return ERR_PTR(-EINVAL); | |
1301 | } | |
1302 | ||
c2101297 DB |
1303 | return f.file->private_data; |
1304 | } | |
1305 | ||
1e0bd5a0 | 1306 | void bpf_map_inc(struct bpf_map *map) |
c9da161c | 1307 | { |
1e0bd5a0 | 1308 | atomic64_inc(&map->refcnt); |
c9da161c | 1309 | } |
630a4d38 | 1310 | EXPORT_SYMBOL_GPL(bpf_map_inc); |
c9da161c | 1311 | |
1e0bd5a0 AN |
1312 | void bpf_map_inc_with_uref(struct bpf_map *map) |
1313 | { | |
1314 | atomic64_inc(&map->refcnt); | |
1315 | atomic64_inc(&map->usercnt); | |
1316 | } | |
1317 | EXPORT_SYMBOL_GPL(bpf_map_inc_with_uref); | |
1318 | ||
1ed4d924 MKL |
1319 | struct bpf_map *bpf_map_get(u32 ufd) |
1320 | { | |
1321 | struct fd f = fdget(ufd); | |
1322 | struct bpf_map *map; | |
1323 | ||
1324 | map = __bpf_map_get(f); | |
1325 | if (IS_ERR(map)) | |
1326 | return map; | |
1327 | ||
1328 | bpf_map_inc(map); | |
1329 | fdput(f); | |
1330 | ||
1331 | return map; | |
1332 | } | |
b1d18a75 | 1333 | EXPORT_SYMBOL(bpf_map_get); |
1ed4d924 | 1334 | |
c9da161c | 1335 | struct bpf_map *bpf_map_get_with_uref(u32 ufd) |
c2101297 DB |
1336 | { |
1337 | struct fd f = fdget(ufd); | |
1338 | struct bpf_map *map; | |
1339 | ||
1340 | map = __bpf_map_get(f); | |
1341 | if (IS_ERR(map)) | |
1342 | return map; | |
1343 | ||
1e0bd5a0 | 1344 | bpf_map_inc_with_uref(map); |
c2101297 | 1345 | fdput(f); |
db20fd2b AS |
1346 | |
1347 | return map; | |
1348 | } | |
1349 | ||
b671c206 KFL |
1350 | /* map_idr_lock should have been held or the map should have been |
1351 | * protected by rcu read lock. | |
1352 | */ | |
1353 | struct bpf_map *__bpf_map_inc_not_zero(struct bpf_map *map, bool uref) | |
bd5f5f4e MKL |
1354 | { |
1355 | int refold; | |
1356 | ||
1e0bd5a0 | 1357 | refold = atomic64_fetch_add_unless(&map->refcnt, 1, 0); |
bd5f5f4e MKL |
1358 | if (!refold) |
1359 | return ERR_PTR(-ENOENT); | |
bd5f5f4e | 1360 | if (uref) |
1e0bd5a0 | 1361 | atomic64_inc(&map->usercnt); |
bd5f5f4e MKL |
1362 | |
1363 | return map; | |
1364 | } | |
1365 | ||
1e0bd5a0 | 1366 | struct bpf_map *bpf_map_inc_not_zero(struct bpf_map *map) |
b0e4701c SF |
1367 | { |
1368 | spin_lock_bh(&map_idr_lock); | |
1e0bd5a0 | 1369 | map = __bpf_map_inc_not_zero(map, false); |
b0e4701c SF |
1370 | spin_unlock_bh(&map_idr_lock); |
1371 | ||
1372 | return map; | |
1373 | } | |
1374 | EXPORT_SYMBOL_GPL(bpf_map_inc_not_zero); | |
1375 | ||
b8cdc051 AS |
1376 | int __weak bpf_stackmap_copy(struct bpf_map *map, void *key, void *value) |
1377 | { | |
1378 | return -ENOTSUPP; | |
1379 | } | |
1380 | ||
c9d29f46 MV |
1381 | static void *__bpf_copy_key(void __user *ukey, u64 key_size) |
1382 | { | |
1383 | if (key_size) | |
44779a4b | 1384 | return vmemdup_user(ukey, key_size); |
c9d29f46 MV |
1385 | |
1386 | if (ukey) | |
1387 | return ERR_PTR(-EINVAL); | |
1388 | ||
1389 | return NULL; | |
1390 | } | |
1391 | ||
af2ac3e1 AS |
1392 | static void *___bpf_copy_key(bpfptr_t ukey, u64 key_size) |
1393 | { | |
1394 | if (key_size) | |
44779a4b | 1395 | return kvmemdup_bpfptr(ukey, key_size); |
af2ac3e1 AS |
1396 | |
1397 | if (!bpfptr_is_null(ukey)) | |
1398 | return ERR_PTR(-EINVAL); | |
1399 | ||
1400 | return NULL; | |
1401 | } | |
1402 | ||
db20fd2b | 1403 | /* last field in 'union bpf_attr' used by this command */ |
96049f3a | 1404 | #define BPF_MAP_LOOKUP_ELEM_LAST_FIELD flags |
db20fd2b AS |
1405 | |
1406 | static int map_lookup_elem(union bpf_attr *attr) | |
1407 | { | |
535e7b4b MS |
1408 | void __user *ukey = u64_to_user_ptr(attr->key); |
1409 | void __user *uvalue = u64_to_user_ptr(attr->value); | |
db20fd2b | 1410 | int ufd = attr->map_fd; |
db20fd2b | 1411 | struct bpf_map *map; |
15c14a3d | 1412 | void *key, *value; |
15a07b33 | 1413 | u32 value_size; |
592867bf | 1414 | struct fd f; |
db20fd2b AS |
1415 | int err; |
1416 | ||
1417 | if (CHECK_ATTR(BPF_MAP_LOOKUP_ELEM)) | |
1418 | return -EINVAL; | |
1419 | ||
96049f3a AS |
1420 | if (attr->flags & ~BPF_F_LOCK) |
1421 | return -EINVAL; | |
1422 | ||
592867bf | 1423 | f = fdget(ufd); |
c2101297 | 1424 | map = __bpf_map_get(f); |
db20fd2b AS |
1425 | if (IS_ERR(map)) |
1426 | return PTR_ERR(map); | |
87df15de | 1427 | if (!(map_get_sys_perms(map, f) & FMODE_CAN_READ)) { |
6e71b04a CF |
1428 | err = -EPERM; |
1429 | goto err_put; | |
1430 | } | |
1431 | ||
96049f3a | 1432 | if ((attr->flags & BPF_F_LOCK) && |
db559117 | 1433 | !btf_record_has_field(map->record, BPF_SPIN_LOCK)) { |
96049f3a AS |
1434 | err = -EINVAL; |
1435 | goto err_put; | |
1436 | } | |
1437 | ||
c9d29f46 | 1438 | key = __bpf_copy_key(ukey, map->key_size); |
e4448ed8 AV |
1439 | if (IS_ERR(key)) { |
1440 | err = PTR_ERR(key); | |
db20fd2b | 1441 | goto err_put; |
e4448ed8 | 1442 | } |
db20fd2b | 1443 | |
15c14a3d | 1444 | value_size = bpf_map_value_size(map); |
15a07b33 | 1445 | |
8ebe667c | 1446 | err = -ENOMEM; |
f0dce1d9 | 1447 | value = kvmalloc(value_size, GFP_USER | __GFP_NOWARN); |
db20fd2b | 1448 | if (!value) |
8ebe667c AS |
1449 | goto free_key; |
1450 | ||
9330986c JK |
1451 | if (map->map_type == BPF_MAP_TYPE_BLOOM_FILTER) { |
1452 | if (copy_from_user(value, uvalue, value_size)) | |
1453 | err = -EFAULT; | |
1454 | else | |
1455 | err = bpf_map_copy_value(map, key, value, attr->flags); | |
1456 | goto free_value; | |
1457 | } | |
1458 | ||
15c14a3d | 1459 | err = bpf_map_copy_value(map, key, value, attr->flags); |
15a07b33 | 1460 | if (err) |
8ebe667c | 1461 | goto free_value; |
db20fd2b AS |
1462 | |
1463 | err = -EFAULT; | |
15a07b33 | 1464 | if (copy_to_user(uvalue, value, value_size) != 0) |
8ebe667c | 1465 | goto free_value; |
db20fd2b AS |
1466 | |
1467 | err = 0; | |
1468 | ||
8ebe667c | 1469 | free_value: |
f0dce1d9 | 1470 | kvfree(value); |
db20fd2b | 1471 | free_key: |
44779a4b | 1472 | kvfree(key); |
db20fd2b AS |
1473 | err_put: |
1474 | fdput(f); | |
1475 | return err; | |
1476 | } | |
1477 | ||
1ae80cf3 | 1478 | |
3274f520 | 1479 | #define BPF_MAP_UPDATE_ELEM_LAST_FIELD flags |
db20fd2b | 1480 | |
af2ac3e1 | 1481 | static int map_update_elem(union bpf_attr *attr, bpfptr_t uattr) |
db20fd2b | 1482 | { |
af2ac3e1 AS |
1483 | bpfptr_t ukey = make_bpfptr(attr->key, uattr.is_kernel); |
1484 | bpfptr_t uvalue = make_bpfptr(attr->value, uattr.is_kernel); | |
db20fd2b | 1485 | int ufd = attr->map_fd; |
db20fd2b AS |
1486 | struct bpf_map *map; |
1487 | void *key, *value; | |
15a07b33 | 1488 | u32 value_size; |
592867bf | 1489 | struct fd f; |
db20fd2b AS |
1490 | int err; |
1491 | ||
1492 | if (CHECK_ATTR(BPF_MAP_UPDATE_ELEM)) | |
1493 | return -EINVAL; | |
1494 | ||
592867bf | 1495 | f = fdget(ufd); |
c2101297 | 1496 | map = __bpf_map_get(f); |
db20fd2b AS |
1497 | if (IS_ERR(map)) |
1498 | return PTR_ERR(map); | |
353050be | 1499 | bpf_map_write_active_inc(map); |
87df15de | 1500 | if (!(map_get_sys_perms(map, f) & FMODE_CAN_WRITE)) { |
6e71b04a CF |
1501 | err = -EPERM; |
1502 | goto err_put; | |
1503 | } | |
1504 | ||
96049f3a | 1505 | if ((attr->flags & BPF_F_LOCK) && |
db559117 | 1506 | !btf_record_has_field(map->record, BPF_SPIN_LOCK)) { |
96049f3a AS |
1507 | err = -EINVAL; |
1508 | goto err_put; | |
1509 | } | |
1510 | ||
af2ac3e1 | 1511 | key = ___bpf_copy_key(ukey, map->key_size); |
e4448ed8 AV |
1512 | if (IS_ERR(key)) { |
1513 | err = PTR_ERR(key); | |
db20fd2b | 1514 | goto err_put; |
e4448ed8 | 1515 | } |
db20fd2b | 1516 | |
f0dce1d9 | 1517 | value_size = bpf_map_value_size(map); |
a02c118e WY |
1518 | value = kvmemdup_bpfptr(uvalue, value_size); |
1519 | if (IS_ERR(value)) { | |
1520 | err = PTR_ERR(value); | |
db20fd2b | 1521 | goto free_key; |
a02c118e | 1522 | } |
db20fd2b | 1523 | |
3af43ba4 | 1524 | err = bpf_map_update_value(map, f.file, key, value, attr->flags); |
6710e112 | 1525 | |
f0dce1d9 | 1526 | kvfree(value); |
db20fd2b | 1527 | free_key: |
44779a4b | 1528 | kvfree(key); |
db20fd2b | 1529 | err_put: |
353050be | 1530 | bpf_map_write_active_dec(map); |
db20fd2b AS |
1531 | fdput(f); |
1532 | return err; | |
1533 | } | |
1534 | ||
1535 | #define BPF_MAP_DELETE_ELEM_LAST_FIELD key | |
1536 | ||
b88df697 | 1537 | static int map_delete_elem(union bpf_attr *attr, bpfptr_t uattr) |
db20fd2b | 1538 | { |
b88df697 | 1539 | bpfptr_t ukey = make_bpfptr(attr->key, uattr.is_kernel); |
db20fd2b | 1540 | int ufd = attr->map_fd; |
db20fd2b | 1541 | struct bpf_map *map; |
592867bf | 1542 | struct fd f; |
db20fd2b AS |
1543 | void *key; |
1544 | int err; | |
1545 | ||
1546 | if (CHECK_ATTR(BPF_MAP_DELETE_ELEM)) | |
1547 | return -EINVAL; | |
1548 | ||
592867bf | 1549 | f = fdget(ufd); |
c2101297 | 1550 | map = __bpf_map_get(f); |
db20fd2b AS |
1551 | if (IS_ERR(map)) |
1552 | return PTR_ERR(map); | |
353050be | 1553 | bpf_map_write_active_inc(map); |
87df15de | 1554 | if (!(map_get_sys_perms(map, f) & FMODE_CAN_WRITE)) { |
6e71b04a CF |
1555 | err = -EPERM; |
1556 | goto err_put; | |
1557 | } | |
1558 | ||
b88df697 | 1559 | key = ___bpf_copy_key(ukey, map->key_size); |
e4448ed8 AV |
1560 | if (IS_ERR(key)) { |
1561 | err = PTR_ERR(key); | |
db20fd2b | 1562 | goto err_put; |
e4448ed8 | 1563 | } |
db20fd2b | 1564 | |
9d03ebc7 | 1565 | if (bpf_map_is_offloaded(map)) { |
a3884572 JK |
1566 | err = bpf_map_offload_delete_elem(map, key); |
1567 | goto out; | |
85d33df3 MKL |
1568 | } else if (IS_FD_PROG_ARRAY(map) || |
1569 | map->map_type == BPF_MAP_TYPE_STRUCT_OPS) { | |
1570 | /* These maps require sleepable context */ | |
da765a2f DB |
1571 | err = map->ops->map_delete_elem(map, key); |
1572 | goto out; | |
a3884572 JK |
1573 | } |
1574 | ||
b6e5dae1 | 1575 | bpf_disable_instrumentation(); |
db20fd2b AS |
1576 | rcu_read_lock(); |
1577 | err = map->ops->map_delete_elem(map, key); | |
1578 | rcu_read_unlock(); | |
b6e5dae1 | 1579 | bpf_enable_instrumentation(); |
1ae80cf3 | 1580 | maybe_wait_bpf_programs(map); |
a3884572 | 1581 | out: |
44779a4b | 1582 | kvfree(key); |
db20fd2b | 1583 | err_put: |
353050be | 1584 | bpf_map_write_active_dec(map); |
db20fd2b AS |
1585 | fdput(f); |
1586 | return err; | |
1587 | } | |
1588 | ||
1589 | /* last field in 'union bpf_attr' used by this command */ | |
1590 | #define BPF_MAP_GET_NEXT_KEY_LAST_FIELD next_key | |
1591 | ||
1592 | static int map_get_next_key(union bpf_attr *attr) | |
1593 | { | |
535e7b4b MS |
1594 | void __user *ukey = u64_to_user_ptr(attr->key); |
1595 | void __user *unext_key = u64_to_user_ptr(attr->next_key); | |
db20fd2b | 1596 | int ufd = attr->map_fd; |
db20fd2b AS |
1597 | struct bpf_map *map; |
1598 | void *key, *next_key; | |
592867bf | 1599 | struct fd f; |
db20fd2b AS |
1600 | int err; |
1601 | ||
1602 | if (CHECK_ATTR(BPF_MAP_GET_NEXT_KEY)) | |
1603 | return -EINVAL; | |
1604 | ||
592867bf | 1605 | f = fdget(ufd); |
c2101297 | 1606 | map = __bpf_map_get(f); |
db20fd2b AS |
1607 | if (IS_ERR(map)) |
1608 | return PTR_ERR(map); | |
87df15de | 1609 | if (!(map_get_sys_perms(map, f) & FMODE_CAN_READ)) { |
6e71b04a CF |
1610 | err = -EPERM; |
1611 | goto err_put; | |
1612 | } | |
1613 | ||
8fe45924 | 1614 | if (ukey) { |
c9d29f46 | 1615 | key = __bpf_copy_key(ukey, map->key_size); |
e4448ed8 AV |
1616 | if (IS_ERR(key)) { |
1617 | err = PTR_ERR(key); | |
8fe45924 | 1618 | goto err_put; |
e4448ed8 | 1619 | } |
8fe45924 TQ |
1620 | } else { |
1621 | key = NULL; | |
1622 | } | |
db20fd2b AS |
1623 | |
1624 | err = -ENOMEM; | |
44779a4b | 1625 | next_key = kvmalloc(map->key_size, GFP_USER); |
db20fd2b AS |
1626 | if (!next_key) |
1627 | goto free_key; | |
1628 | ||
9d03ebc7 | 1629 | if (bpf_map_is_offloaded(map)) { |
a3884572 JK |
1630 | err = bpf_map_offload_get_next_key(map, key, next_key); |
1631 | goto out; | |
1632 | } | |
1633 | ||
db20fd2b AS |
1634 | rcu_read_lock(); |
1635 | err = map->ops->map_get_next_key(map, key, next_key); | |
1636 | rcu_read_unlock(); | |
a3884572 | 1637 | out: |
db20fd2b AS |
1638 | if (err) |
1639 | goto free_next_key; | |
1640 | ||
1641 | err = -EFAULT; | |
1642 | if (copy_to_user(unext_key, next_key, map->key_size) != 0) | |
1643 | goto free_next_key; | |
1644 | ||
1645 | err = 0; | |
1646 | ||
1647 | free_next_key: | |
44779a4b | 1648 | kvfree(next_key); |
db20fd2b | 1649 | free_key: |
44779a4b | 1650 | kvfree(key); |
db20fd2b AS |
1651 | err_put: |
1652 | fdput(f); | |
1653 | return err; | |
1654 | } | |
1655 | ||
aa2e93b8 BV |
1656 | int generic_map_delete_batch(struct bpf_map *map, |
1657 | const union bpf_attr *attr, | |
1658 | union bpf_attr __user *uattr) | |
1659 | { | |
1660 | void __user *keys = u64_to_user_ptr(attr->batch.keys); | |
1661 | u32 cp, max_count; | |
1662 | int err = 0; | |
1663 | void *key; | |
1664 | ||
1665 | if (attr->batch.elem_flags & ~BPF_F_LOCK) | |
1666 | return -EINVAL; | |
1667 | ||
1668 | if ((attr->batch.elem_flags & BPF_F_LOCK) && | |
db559117 | 1669 | !btf_record_has_field(map->record, BPF_SPIN_LOCK)) { |
aa2e93b8 BV |
1670 | return -EINVAL; |
1671 | } | |
1672 | ||
1673 | max_count = attr->batch.count; | |
1674 | if (!max_count) | |
1675 | return 0; | |
1676 | ||
44779a4b | 1677 | key = kvmalloc(map->key_size, GFP_USER | __GFP_NOWARN); |
2e3a94aa BV |
1678 | if (!key) |
1679 | return -ENOMEM; | |
1680 | ||
aa2e93b8 | 1681 | for (cp = 0; cp < max_count; cp++) { |
2e3a94aa BV |
1682 | err = -EFAULT; |
1683 | if (copy_from_user(key, keys + cp * map->key_size, | |
1684 | map->key_size)) | |
aa2e93b8 | 1685 | break; |
aa2e93b8 | 1686 | |
9d03ebc7 | 1687 | if (bpf_map_is_offloaded(map)) { |
aa2e93b8 BV |
1688 | err = bpf_map_offload_delete_elem(map, key); |
1689 | break; | |
1690 | } | |
1691 | ||
b6e5dae1 | 1692 | bpf_disable_instrumentation(); |
aa2e93b8 BV |
1693 | rcu_read_lock(); |
1694 | err = map->ops->map_delete_elem(map, key); | |
1695 | rcu_read_unlock(); | |
b6e5dae1 | 1696 | bpf_enable_instrumentation(); |
aa2e93b8 BV |
1697 | if (err) |
1698 | break; | |
75134f16 | 1699 | cond_resched(); |
aa2e93b8 BV |
1700 | } |
1701 | if (copy_to_user(&uattr->batch.count, &cp, sizeof(cp))) | |
1702 | err = -EFAULT; | |
2e3a94aa | 1703 | |
44779a4b | 1704 | kvfree(key); |
9087c6ff ED |
1705 | |
1706 | maybe_wait_bpf_programs(map); | |
aa2e93b8 BV |
1707 | return err; |
1708 | } | |
1709 | ||
3af43ba4 | 1710 | int generic_map_update_batch(struct bpf_map *map, struct file *map_file, |
aa2e93b8 BV |
1711 | const union bpf_attr *attr, |
1712 | union bpf_attr __user *uattr) | |
1713 | { | |
1714 | void __user *values = u64_to_user_ptr(attr->batch.values); | |
1715 | void __user *keys = u64_to_user_ptr(attr->batch.keys); | |
1716 | u32 value_size, cp, max_count; | |
aa2e93b8 | 1717 | void *key, *value; |
aa2e93b8 BV |
1718 | int err = 0; |
1719 | ||
aa2e93b8 BV |
1720 | if (attr->batch.elem_flags & ~BPF_F_LOCK) |
1721 | return -EINVAL; | |
1722 | ||
1723 | if ((attr->batch.elem_flags & BPF_F_LOCK) && | |
db559117 | 1724 | !btf_record_has_field(map->record, BPF_SPIN_LOCK)) { |
aa2e93b8 BV |
1725 | return -EINVAL; |
1726 | } | |
1727 | ||
1728 | value_size = bpf_map_value_size(map); | |
1729 | ||
1730 | max_count = attr->batch.count; | |
1731 | if (!max_count) | |
1732 | return 0; | |
1733 | ||
44779a4b | 1734 | key = kvmalloc(map->key_size, GFP_USER | __GFP_NOWARN); |
2e3a94aa BV |
1735 | if (!key) |
1736 | return -ENOMEM; | |
1737 | ||
f0dce1d9 | 1738 | value = kvmalloc(value_size, GFP_USER | __GFP_NOWARN); |
2e3a94aa | 1739 | if (!value) { |
44779a4b | 1740 | kvfree(key); |
aa2e93b8 | 1741 | return -ENOMEM; |
2e3a94aa | 1742 | } |
aa2e93b8 BV |
1743 | |
1744 | for (cp = 0; cp < max_count; cp++) { | |
aa2e93b8 | 1745 | err = -EFAULT; |
2e3a94aa BV |
1746 | if (copy_from_user(key, keys + cp * map->key_size, |
1747 | map->key_size) || | |
1748 | copy_from_user(value, values + cp * value_size, value_size)) | |
aa2e93b8 BV |
1749 | break; |
1750 | ||
3af43ba4 | 1751 | err = bpf_map_update_value(map, map_file, key, value, |
aa2e93b8 BV |
1752 | attr->batch.elem_flags); |
1753 | ||
1754 | if (err) | |
1755 | break; | |
75134f16 | 1756 | cond_resched(); |
aa2e93b8 BV |
1757 | } |
1758 | ||
1759 | if (copy_to_user(&uattr->batch.count, &cp, sizeof(cp))) | |
1760 | err = -EFAULT; | |
1761 | ||
f0dce1d9 | 1762 | kvfree(value); |
44779a4b | 1763 | kvfree(key); |
aa2e93b8 BV |
1764 | return err; |
1765 | } | |
1766 | ||
cb4d03ab BV |
1767 | #define MAP_LOOKUP_RETRIES 3 |
1768 | ||
1769 | int generic_map_lookup_batch(struct bpf_map *map, | |
1770 | const union bpf_attr *attr, | |
1771 | union bpf_attr __user *uattr) | |
1772 | { | |
1773 | void __user *uobatch = u64_to_user_ptr(attr->batch.out_batch); | |
1774 | void __user *ubatch = u64_to_user_ptr(attr->batch.in_batch); | |
1775 | void __user *values = u64_to_user_ptr(attr->batch.values); | |
1776 | void __user *keys = u64_to_user_ptr(attr->batch.keys); | |
1777 | void *buf, *buf_prevkey, *prev_key, *key, *value; | |
1778 | int err, retry = MAP_LOOKUP_RETRIES; | |
1779 | u32 value_size, cp, max_count; | |
cb4d03ab BV |
1780 | |
1781 | if (attr->batch.elem_flags & ~BPF_F_LOCK) | |
1782 | return -EINVAL; | |
1783 | ||
1784 | if ((attr->batch.elem_flags & BPF_F_LOCK) && | |
db559117 | 1785 | !btf_record_has_field(map->record, BPF_SPIN_LOCK)) |
cb4d03ab BV |
1786 | return -EINVAL; |
1787 | ||
1788 | value_size = bpf_map_value_size(map); | |
1789 | ||
1790 | max_count = attr->batch.count; | |
1791 | if (!max_count) | |
1792 | return 0; | |
1793 | ||
1794 | if (put_user(0, &uattr->batch.count)) | |
1795 | return -EFAULT; | |
1796 | ||
44779a4b | 1797 | buf_prevkey = kvmalloc(map->key_size, GFP_USER | __GFP_NOWARN); |
cb4d03ab BV |
1798 | if (!buf_prevkey) |
1799 | return -ENOMEM; | |
1800 | ||
f0dce1d9 | 1801 | buf = kvmalloc(map->key_size + value_size, GFP_USER | __GFP_NOWARN); |
cb4d03ab | 1802 | if (!buf) { |
44779a4b | 1803 | kvfree(buf_prevkey); |
cb4d03ab BV |
1804 | return -ENOMEM; |
1805 | } | |
1806 | ||
1807 | err = -EFAULT; | |
cb4d03ab BV |
1808 | prev_key = NULL; |
1809 | if (ubatch && copy_from_user(buf_prevkey, ubatch, map->key_size)) | |
1810 | goto free_buf; | |
1811 | key = buf; | |
1812 | value = key + map->key_size; | |
1813 | if (ubatch) | |
1814 | prev_key = buf_prevkey; | |
1815 | ||
1816 | for (cp = 0; cp < max_count;) { | |
1817 | rcu_read_lock(); | |
1818 | err = map->ops->map_get_next_key(map, prev_key, key); | |
1819 | rcu_read_unlock(); | |
1820 | if (err) | |
1821 | break; | |
1822 | err = bpf_map_copy_value(map, key, value, | |
1823 | attr->batch.elem_flags); | |
1824 | ||
1825 | if (err == -ENOENT) { | |
1826 | if (retry) { | |
1827 | retry--; | |
1828 | continue; | |
1829 | } | |
1830 | err = -EINTR; | |
1831 | break; | |
1832 | } | |
1833 | ||
1834 | if (err) | |
1835 | goto free_buf; | |
1836 | ||
1837 | if (copy_to_user(keys + cp * map->key_size, key, | |
1838 | map->key_size)) { | |
1839 | err = -EFAULT; | |
1840 | goto free_buf; | |
1841 | } | |
1842 | if (copy_to_user(values + cp * value_size, value, value_size)) { | |
1843 | err = -EFAULT; | |
1844 | goto free_buf; | |
1845 | } | |
1846 | ||
1847 | if (!prev_key) | |
1848 | prev_key = buf_prevkey; | |
1849 | ||
1850 | swap(prev_key, key); | |
1851 | retry = MAP_LOOKUP_RETRIES; | |
1852 | cp++; | |
75134f16 | 1853 | cond_resched(); |
cb4d03ab BV |
1854 | } |
1855 | ||
1856 | if (err == -EFAULT) | |
1857 | goto free_buf; | |
1858 | ||
1859 | if ((copy_to_user(&uattr->batch.count, &cp, sizeof(cp)) || | |
1860 | (cp && copy_to_user(uobatch, prev_key, map->key_size)))) | |
1861 | err = -EFAULT; | |
1862 | ||
1863 | free_buf: | |
44779a4b | 1864 | kvfree(buf_prevkey); |
f0dce1d9 | 1865 | kvfree(buf); |
cb4d03ab BV |
1866 | return err; |
1867 | } | |
1868 | ||
3e87f192 | 1869 | #define BPF_MAP_LOOKUP_AND_DELETE_ELEM_LAST_FIELD flags |
bd513cd0 MV |
1870 | |
1871 | static int map_lookup_and_delete_elem(union bpf_attr *attr) | |
1872 | { | |
1873 | void __user *ukey = u64_to_user_ptr(attr->key); | |
1874 | void __user *uvalue = u64_to_user_ptr(attr->value); | |
1875 | int ufd = attr->map_fd; | |
1876 | struct bpf_map *map; | |
540fefc0 | 1877 | void *key, *value; |
bd513cd0 MV |
1878 | u32 value_size; |
1879 | struct fd f; | |
1880 | int err; | |
1881 | ||
1882 | if (CHECK_ATTR(BPF_MAP_LOOKUP_AND_DELETE_ELEM)) | |
1883 | return -EINVAL; | |
1884 | ||
3e87f192 DS |
1885 | if (attr->flags & ~BPF_F_LOCK) |
1886 | return -EINVAL; | |
1887 | ||
bd513cd0 MV |
1888 | f = fdget(ufd); |
1889 | map = __bpf_map_get(f); | |
1890 | if (IS_ERR(map)) | |
1891 | return PTR_ERR(map); | |
353050be | 1892 | bpf_map_write_active_inc(map); |
1ea0f912 AP |
1893 | if (!(map_get_sys_perms(map, f) & FMODE_CAN_READ) || |
1894 | !(map_get_sys_perms(map, f) & FMODE_CAN_WRITE)) { | |
bd513cd0 MV |
1895 | err = -EPERM; |
1896 | goto err_put; | |
1897 | } | |
1898 | ||
3e87f192 DS |
1899 | if (attr->flags && |
1900 | (map->map_type == BPF_MAP_TYPE_QUEUE || | |
1901 | map->map_type == BPF_MAP_TYPE_STACK)) { | |
1902 | err = -EINVAL; | |
1903 | goto err_put; | |
1904 | } | |
1905 | ||
1906 | if ((attr->flags & BPF_F_LOCK) && | |
db559117 | 1907 | !btf_record_has_field(map->record, BPF_SPIN_LOCK)) { |
3e87f192 DS |
1908 | err = -EINVAL; |
1909 | goto err_put; | |
1910 | } | |
1911 | ||
bd513cd0 MV |
1912 | key = __bpf_copy_key(ukey, map->key_size); |
1913 | if (IS_ERR(key)) { | |
1914 | err = PTR_ERR(key); | |
1915 | goto err_put; | |
1916 | } | |
1917 | ||
3e87f192 | 1918 | value_size = bpf_map_value_size(map); |
bd513cd0 MV |
1919 | |
1920 | err = -ENOMEM; | |
f0dce1d9 | 1921 | value = kvmalloc(value_size, GFP_USER | __GFP_NOWARN); |
bd513cd0 MV |
1922 | if (!value) |
1923 | goto free_key; | |
1924 | ||
3e87f192 | 1925 | err = -ENOTSUPP; |
bd513cd0 MV |
1926 | if (map->map_type == BPF_MAP_TYPE_QUEUE || |
1927 | map->map_type == BPF_MAP_TYPE_STACK) { | |
1928 | err = map->ops->map_pop_elem(map, value); | |
3e87f192 DS |
1929 | } else if (map->map_type == BPF_MAP_TYPE_HASH || |
1930 | map->map_type == BPF_MAP_TYPE_PERCPU_HASH || | |
1931 | map->map_type == BPF_MAP_TYPE_LRU_HASH || | |
1932 | map->map_type == BPF_MAP_TYPE_LRU_PERCPU_HASH) { | |
9d03ebc7 | 1933 | if (!bpf_map_is_offloaded(map)) { |
3e87f192 DS |
1934 | bpf_disable_instrumentation(); |
1935 | rcu_read_lock(); | |
1936 | err = map->ops->map_lookup_and_delete_elem(map, key, value, attr->flags); | |
1937 | rcu_read_unlock(); | |
1938 | bpf_enable_instrumentation(); | |
1939 | } | |
bd513cd0 MV |
1940 | } |
1941 | ||
1942 | if (err) | |
1943 | goto free_value; | |
1944 | ||
7f645462 WY |
1945 | if (copy_to_user(uvalue, value, value_size) != 0) { |
1946 | err = -EFAULT; | |
bd513cd0 | 1947 | goto free_value; |
7f645462 | 1948 | } |
bd513cd0 MV |
1949 | |
1950 | err = 0; | |
1951 | ||
1952 | free_value: | |
f0dce1d9 | 1953 | kvfree(value); |
bd513cd0 | 1954 | free_key: |
44779a4b | 1955 | kvfree(key); |
bd513cd0 | 1956 | err_put: |
353050be | 1957 | bpf_map_write_active_dec(map); |
bd513cd0 MV |
1958 | fdput(f); |
1959 | return err; | |
1960 | } | |
1961 | ||
87df15de DB |
1962 | #define BPF_MAP_FREEZE_LAST_FIELD map_fd |
1963 | ||
1964 | static int map_freeze(const union bpf_attr *attr) | |
1965 | { | |
1966 | int err = 0, ufd = attr->map_fd; | |
1967 | struct bpf_map *map; | |
1968 | struct fd f; | |
1969 | ||
1970 | if (CHECK_ATTR(BPF_MAP_FREEZE)) | |
1971 | return -EINVAL; | |
1972 | ||
1973 | f = fdget(ufd); | |
1974 | map = __bpf_map_get(f); | |
1975 | if (IS_ERR(map)) | |
1976 | return PTR_ERR(map); | |
fc970227 | 1977 | |
db559117 | 1978 | if (map->map_type == BPF_MAP_TYPE_STRUCT_OPS || !IS_ERR_OR_NULL(map->record)) { |
849b4d94 MKL |
1979 | fdput(f); |
1980 | return -ENOTSUPP; | |
1981 | } | |
1982 | ||
c4c84f6f | 1983 | if (!(map_get_sys_perms(map, f) & FMODE_CAN_WRITE)) { |
4266f41f DB |
1984 | fdput(f); |
1985 | return -EPERM; | |
c4c84f6f AN |
1986 | } |
1987 | ||
fc970227 | 1988 | mutex_lock(&map->freeze_mutex); |
353050be | 1989 | if (bpf_map_write_active(map)) { |
fc970227 AN |
1990 | err = -EBUSY; |
1991 | goto err_put; | |
1992 | } | |
87df15de DB |
1993 | if (READ_ONCE(map->frozen)) { |
1994 | err = -EBUSY; | |
1995 | goto err_put; | |
1996 | } | |
87df15de DB |
1997 | |
1998 | WRITE_ONCE(map->frozen, true); | |
1999 | err_put: | |
fc970227 | 2000 | mutex_unlock(&map->freeze_mutex); |
87df15de DB |
2001 | fdput(f); |
2002 | return err; | |
2003 | } | |
2004 | ||
7de16e3a | 2005 | static const struct bpf_prog_ops * const bpf_prog_types[] = { |
91cc1a99 | 2006 | #define BPF_PROG_TYPE(_id, _name, prog_ctx_type, kern_ctx_type) \ |
7de16e3a JK |
2007 | [_id] = & _name ## _prog_ops, |
2008 | #define BPF_MAP_TYPE(_id, _ops) | |
f2e10bff | 2009 | #define BPF_LINK_TYPE(_id, _name) |
7de16e3a JK |
2010 | #include <linux/bpf_types.h> |
2011 | #undef BPF_PROG_TYPE | |
2012 | #undef BPF_MAP_TYPE | |
f2e10bff | 2013 | #undef BPF_LINK_TYPE |
7de16e3a JK |
2014 | }; |
2015 | ||
09756af4 AS |
2016 | static int find_prog_type(enum bpf_prog_type type, struct bpf_prog *prog) |
2017 | { | |
d0f1a451 DB |
2018 | const struct bpf_prog_ops *ops; |
2019 | ||
2020 | if (type >= ARRAY_SIZE(bpf_prog_types)) | |
2021 | return -EINVAL; | |
2022 | type = array_index_nospec(type, ARRAY_SIZE(bpf_prog_types)); | |
2023 | ops = bpf_prog_types[type]; | |
2024 | if (!ops) | |
be9370a7 | 2025 | return -EINVAL; |
09756af4 | 2026 | |
9d03ebc7 | 2027 | if (!bpf_prog_is_offloaded(prog->aux)) |
d0f1a451 | 2028 | prog->aux->ops = ops; |
ab3f0063 JK |
2029 | else |
2030 | prog->aux->ops = &bpf_offload_prog_ops; | |
be9370a7 JB |
2031 | prog->type = type; |
2032 | return 0; | |
09756af4 AS |
2033 | } |
2034 | ||
bae141f5 DB |
2035 | enum bpf_audit { |
2036 | BPF_AUDIT_LOAD, | |
2037 | BPF_AUDIT_UNLOAD, | |
2038 | BPF_AUDIT_MAX, | |
2039 | }; | |
2040 | ||
2041 | static const char * const bpf_audit_str[BPF_AUDIT_MAX] = { | |
2042 | [BPF_AUDIT_LOAD] = "LOAD", | |
2043 | [BPF_AUDIT_UNLOAD] = "UNLOAD", | |
2044 | }; | |
2045 | ||
2046 | static void bpf_audit_prog(const struct bpf_prog *prog, unsigned int op) | |
2047 | { | |
2048 | struct audit_context *ctx = NULL; | |
2049 | struct audit_buffer *ab; | |
2050 | ||
2051 | if (WARN_ON_ONCE(op >= BPF_AUDIT_MAX)) | |
2052 | return; | |
2053 | if (audit_enabled == AUDIT_OFF) | |
2054 | return; | |
ef01f4e2 | 2055 | if (!in_irq() && !irqs_disabled()) |
bae141f5 DB |
2056 | ctx = audit_context(); |
2057 | ab = audit_log_start(ctx, GFP_ATOMIC, AUDIT_BPF); | |
2058 | if (unlikely(!ab)) | |
2059 | return; | |
2060 | audit_log_format(ab, "prog-id=%u op=%s", | |
2061 | prog->aux->id, bpf_audit_str[op]); | |
2062 | audit_log_end(ab); | |
2063 | } | |
2064 | ||
dc4bb0e2 MKL |
2065 | static int bpf_prog_alloc_id(struct bpf_prog *prog) |
2066 | { | |
2067 | int id; | |
2068 | ||
b76354cd | 2069 | idr_preload(GFP_KERNEL); |
dc4bb0e2 MKL |
2070 | spin_lock_bh(&prog_idr_lock); |
2071 | id = idr_alloc_cyclic(&prog_idr, prog, 1, INT_MAX, GFP_ATOMIC); | |
2072 | if (id > 0) | |
2073 | prog->aux->id = id; | |
2074 | spin_unlock_bh(&prog_idr_lock); | |
b76354cd | 2075 | idr_preload_end(); |
dc4bb0e2 MKL |
2076 | |
2077 | /* id is in [1, INT_MAX) */ | |
2078 | if (WARN_ON_ONCE(!id)) | |
2079 | return -ENOSPC; | |
2080 | ||
2081 | return id > 0 ? 0 : id; | |
2082 | } | |
2083 | ||
e7895f01 | 2084 | void bpf_prog_free_id(struct bpf_prog *prog) |
dc4bb0e2 | 2085 | { |
d809e134 AS |
2086 | unsigned long flags; |
2087 | ||
ad8ad79f JK |
2088 | /* cBPF to eBPF migrations are currently not in the idr store. |
2089 | * Offloaded programs are removed from the store when their device | |
2090 | * disappears - even if someone grabs an fd to them they are unusable, | |
2091 | * simply waiting for refcnt to drop to be freed. | |
2092 | */ | |
dc4bb0e2 MKL |
2093 | if (!prog->aux->id) |
2094 | return; | |
2095 | ||
e7895f01 | 2096 | spin_lock_irqsave(&prog_idr_lock, flags); |
dc4bb0e2 | 2097 | idr_remove(&prog_idr, prog->aux->id); |
ad8ad79f | 2098 | prog->aux->id = 0; |
e7895f01 | 2099 | spin_unlock_irqrestore(&prog_idr_lock, flags); |
dc4bb0e2 MKL |
2100 | } |
2101 | ||
1aacde3d | 2102 | static void __bpf_prog_put_rcu(struct rcu_head *rcu) |
abf2e7d6 AS |
2103 | { |
2104 | struct bpf_prog_aux *aux = container_of(rcu, struct bpf_prog_aux, rcu); | |
2105 | ||
3b4d9eb2 | 2106 | kvfree(aux->func_info); |
8c1b6e69 | 2107 | kfree(aux->func_info_aux); |
3ac1f01b | 2108 | free_uid(aux->user); |
afdb09c7 | 2109 | security_bpf_prog_free(aux); |
abf2e7d6 AS |
2110 | bpf_prog_free(aux->prog); |
2111 | } | |
2112 | ||
cd7455f1 DB |
2113 | static void __bpf_prog_put_noref(struct bpf_prog *prog, bool deferred) |
2114 | { | |
2115 | bpf_prog_kallsyms_del_all(prog); | |
2116 | btf_put(prog->aux->btf); | |
31bf1dbc | 2117 | module_put(prog->aux->mod); |
e16301fb MKL |
2118 | kvfree(prog->aux->jited_linfo); |
2119 | kvfree(prog->aux->linfo); | |
e6ac2450 | 2120 | kfree(prog->aux->kfunc_tab); |
22dc4a0f AN |
2121 | if (prog->aux->attach_btf) |
2122 | btf_put(prog->aux->attach_btf); | |
cd7455f1 | 2123 | |
1e6c62a8 AS |
2124 | if (deferred) { |
2125 | if (prog->aux->sleepable) | |
2126 | call_rcu_tasks_trace(&prog->aux->rcu, __bpf_prog_put_rcu); | |
2127 | else | |
2128 | call_rcu(&prog->aux->rcu, __bpf_prog_put_rcu); | |
2129 | } else { | |
cd7455f1 | 2130 | __bpf_prog_put_rcu(&prog->aux->rcu); |
1e6c62a8 | 2131 | } |
cd7455f1 DB |
2132 | } |
2133 | ||
d809e134 AS |
2134 | static void bpf_prog_put_deferred(struct work_struct *work) |
2135 | { | |
2136 | struct bpf_prog_aux *aux; | |
2137 | struct bpf_prog *prog; | |
2138 | ||
2139 | aux = container_of(work, struct bpf_prog_aux, work); | |
2140 | prog = aux->prog; | |
2141 | perf_event_bpf_event(prog, PERF_BPF_EVENT_PROG_UNLOAD, 0); | |
2142 | bpf_audit_prog(prog, BPF_AUDIT_UNLOAD); | |
e7895f01 | 2143 | bpf_prog_free_id(prog); |
d809e134 AS |
2144 | __bpf_prog_put_noref(prog, true); |
2145 | } | |
2146 | ||
e7895f01 | 2147 | static void __bpf_prog_put(struct bpf_prog *prog) |
09756af4 | 2148 | { |
d809e134 AS |
2149 | struct bpf_prog_aux *aux = prog->aux; |
2150 | ||
2151 | if (atomic64_dec_and_test(&aux->refcnt)) { | |
d809e134 AS |
2152 | if (in_irq() || irqs_disabled()) { |
2153 | INIT_WORK(&aux->work, bpf_prog_put_deferred); | |
2154 | schedule_work(&aux->work); | |
2155 | } else { | |
2156 | bpf_prog_put_deferred(&aux->work); | |
2157 | } | |
a67edbf4 | 2158 | } |
09756af4 | 2159 | } |
b16d9aa4 MKL |
2160 | |
2161 | void bpf_prog_put(struct bpf_prog *prog) | |
2162 | { | |
e7895f01 | 2163 | __bpf_prog_put(prog); |
b16d9aa4 | 2164 | } |
e2e9b654 | 2165 | EXPORT_SYMBOL_GPL(bpf_prog_put); |
09756af4 AS |
2166 | |
2167 | static int bpf_prog_release(struct inode *inode, struct file *filp) | |
2168 | { | |
2169 | struct bpf_prog *prog = filp->private_data; | |
2170 | ||
1aacde3d | 2171 | bpf_prog_put(prog); |
09756af4 AS |
2172 | return 0; |
2173 | } | |
2174 | ||
61a0abae ED |
2175 | struct bpf_prog_kstats { |
2176 | u64 nsecs; | |
2177 | u64 cnt; | |
2178 | u64 misses; | |
2179 | }; | |
2180 | ||
05b24ff9 JO |
2181 | void notrace bpf_prog_inc_misses_counter(struct bpf_prog *prog) |
2182 | { | |
2183 | struct bpf_prog_stats *stats; | |
2184 | unsigned int flags; | |
2185 | ||
2186 | stats = this_cpu_ptr(prog->stats); | |
2187 | flags = u64_stats_update_begin_irqsave(&stats->syncp); | |
2188 | u64_stats_inc(&stats->misses); | |
2189 | u64_stats_update_end_irqrestore(&stats->syncp, flags); | |
2190 | } | |
2191 | ||
492ecee8 | 2192 | static void bpf_prog_get_stats(const struct bpf_prog *prog, |
61a0abae | 2193 | struct bpf_prog_kstats *stats) |
492ecee8 | 2194 | { |
9ed9e9ba | 2195 | u64 nsecs = 0, cnt = 0, misses = 0; |
492ecee8 AS |
2196 | int cpu; |
2197 | ||
2198 | for_each_possible_cpu(cpu) { | |
2199 | const struct bpf_prog_stats *st; | |
2200 | unsigned int start; | |
9ed9e9ba | 2201 | u64 tnsecs, tcnt, tmisses; |
492ecee8 | 2202 | |
700d4796 | 2203 | st = per_cpu_ptr(prog->stats, cpu); |
492ecee8 | 2204 | do { |
97c4090b | 2205 | start = u64_stats_fetch_begin(&st->syncp); |
61a0abae ED |
2206 | tnsecs = u64_stats_read(&st->nsecs); |
2207 | tcnt = u64_stats_read(&st->cnt); | |
2208 | tmisses = u64_stats_read(&st->misses); | |
97c4090b | 2209 | } while (u64_stats_fetch_retry(&st->syncp, start)); |
492ecee8 AS |
2210 | nsecs += tnsecs; |
2211 | cnt += tcnt; | |
9ed9e9ba | 2212 | misses += tmisses; |
492ecee8 AS |
2213 | } |
2214 | stats->nsecs = nsecs; | |
2215 | stats->cnt = cnt; | |
9ed9e9ba | 2216 | stats->misses = misses; |
492ecee8 AS |
2217 | } |
2218 | ||
7bd509e3 DB |
2219 | #ifdef CONFIG_PROC_FS |
2220 | static void bpf_prog_show_fdinfo(struct seq_file *m, struct file *filp) | |
2221 | { | |
2222 | const struct bpf_prog *prog = filp->private_data; | |
f1f7714e | 2223 | char prog_tag[sizeof(prog->tag) * 2 + 1] = { }; |
61a0abae | 2224 | struct bpf_prog_kstats stats; |
7bd509e3 | 2225 | |
492ecee8 | 2226 | bpf_prog_get_stats(prog, &stats); |
f1f7714e | 2227 | bin2hex(prog_tag, prog->tag, sizeof(prog->tag)); |
7bd509e3 DB |
2228 | seq_printf(m, |
2229 | "prog_type:\t%u\n" | |
2230 | "prog_jited:\t%u\n" | |
f1f7714e | 2231 | "prog_tag:\t%s\n" |
4316b409 | 2232 | "memlock:\t%llu\n" |
492ecee8 AS |
2233 | "prog_id:\t%u\n" |
2234 | "run_time_ns:\t%llu\n" | |
9ed9e9ba | 2235 | "run_cnt:\t%llu\n" |
aba64c7d DM |
2236 | "recursion_misses:\t%llu\n" |
2237 | "verified_insns:\t%u\n", | |
7bd509e3 DB |
2238 | prog->type, |
2239 | prog->jited, | |
f1f7714e | 2240 | prog_tag, |
4316b409 | 2241 | prog->pages * 1ULL << PAGE_SHIFT, |
492ecee8 AS |
2242 | prog->aux->id, |
2243 | stats.nsecs, | |
9ed9e9ba | 2244 | stats.cnt, |
aba64c7d DM |
2245 | stats.misses, |
2246 | prog->aux->verified_insns); | |
7bd509e3 DB |
2247 | } |
2248 | #endif | |
2249 | ||
f66e448c | 2250 | const struct file_operations bpf_prog_fops = { |
7bd509e3 DB |
2251 | #ifdef CONFIG_PROC_FS |
2252 | .show_fdinfo = bpf_prog_show_fdinfo, | |
2253 | #endif | |
2254 | .release = bpf_prog_release, | |
6e71b04a CF |
2255 | .read = bpf_dummy_read, |
2256 | .write = bpf_dummy_write, | |
09756af4 AS |
2257 | }; |
2258 | ||
b2197755 | 2259 | int bpf_prog_new_fd(struct bpf_prog *prog) |
aa79781b | 2260 | { |
afdb09c7 CF |
2261 | int ret; |
2262 | ||
2263 | ret = security_bpf_prog(prog); | |
2264 | if (ret < 0) | |
2265 | return ret; | |
2266 | ||
aa79781b DB |
2267 | return anon_inode_getfd("bpf-prog", &bpf_prog_fops, prog, |
2268 | O_RDWR | O_CLOEXEC); | |
2269 | } | |
2270 | ||
113214be | 2271 | static struct bpf_prog *____bpf_prog_get(struct fd f) |
09756af4 | 2272 | { |
09756af4 AS |
2273 | if (!f.file) |
2274 | return ERR_PTR(-EBADF); | |
09756af4 AS |
2275 | if (f.file->f_op != &bpf_prog_fops) { |
2276 | fdput(f); | |
2277 | return ERR_PTR(-EINVAL); | |
2278 | } | |
2279 | ||
c2101297 | 2280 | return f.file->private_data; |
09756af4 AS |
2281 | } |
2282 | ||
85192dbf | 2283 | void bpf_prog_add(struct bpf_prog *prog, int i) |
92117d84 | 2284 | { |
85192dbf | 2285 | atomic64_add(i, &prog->aux->refcnt); |
92117d84 | 2286 | } |
59d3656d BB |
2287 | EXPORT_SYMBOL_GPL(bpf_prog_add); |
2288 | ||
c540594f DB |
2289 | void bpf_prog_sub(struct bpf_prog *prog, int i) |
2290 | { | |
2291 | /* Only to be used for undoing previous bpf_prog_add() in some | |
2292 | * error path. We still know that another entity in our call | |
2293 | * path holds a reference to the program, thus atomic_sub() can | |
2294 | * be safely used in such cases! | |
2295 | */ | |
85192dbf | 2296 | WARN_ON(atomic64_sub_return(i, &prog->aux->refcnt) == 0); |
c540594f DB |
2297 | } |
2298 | EXPORT_SYMBOL_GPL(bpf_prog_sub); | |
2299 | ||
85192dbf | 2300 | void bpf_prog_inc(struct bpf_prog *prog) |
59d3656d | 2301 | { |
85192dbf | 2302 | atomic64_inc(&prog->aux->refcnt); |
59d3656d | 2303 | } |
97bc402d | 2304 | EXPORT_SYMBOL_GPL(bpf_prog_inc); |
92117d84 | 2305 | |
b16d9aa4 | 2306 | /* prog_idr_lock should have been held */ |
a6f6df69 | 2307 | struct bpf_prog *bpf_prog_inc_not_zero(struct bpf_prog *prog) |
b16d9aa4 MKL |
2308 | { |
2309 | int refold; | |
2310 | ||
85192dbf | 2311 | refold = atomic64_fetch_add_unless(&prog->aux->refcnt, 1, 0); |
b16d9aa4 MKL |
2312 | |
2313 | if (!refold) | |
2314 | return ERR_PTR(-ENOENT); | |
2315 | ||
2316 | return prog; | |
2317 | } | |
a6f6df69 | 2318 | EXPORT_SYMBOL_GPL(bpf_prog_inc_not_zero); |
b16d9aa4 | 2319 | |
040ee692 | 2320 | bool bpf_prog_get_ok(struct bpf_prog *prog, |
288b3de5 | 2321 | enum bpf_prog_type *attach_type, bool attach_drv) |
248f346f | 2322 | { |
288b3de5 JK |
2323 | /* not an attachment, just a refcount inc, always allow */ |
2324 | if (!attach_type) | |
2325 | return true; | |
248f346f JK |
2326 | |
2327 | if (prog->type != *attach_type) | |
2328 | return false; | |
9d03ebc7 | 2329 | if (bpf_prog_is_offloaded(prog->aux) && !attach_drv) |
248f346f JK |
2330 | return false; |
2331 | ||
2332 | return true; | |
2333 | } | |
2334 | ||
2335 | static struct bpf_prog *__bpf_prog_get(u32 ufd, enum bpf_prog_type *attach_type, | |
288b3de5 | 2336 | bool attach_drv) |
09756af4 AS |
2337 | { |
2338 | struct fd f = fdget(ufd); | |
2339 | struct bpf_prog *prog; | |
2340 | ||
113214be | 2341 | prog = ____bpf_prog_get(f); |
09756af4 AS |
2342 | if (IS_ERR(prog)) |
2343 | return prog; | |
288b3de5 | 2344 | if (!bpf_prog_get_ok(prog, attach_type, attach_drv)) { |
113214be DB |
2345 | prog = ERR_PTR(-EINVAL); |
2346 | goto out; | |
2347 | } | |
09756af4 | 2348 | |
85192dbf | 2349 | bpf_prog_inc(prog); |
113214be | 2350 | out: |
09756af4 AS |
2351 | fdput(f); |
2352 | return prog; | |
2353 | } | |
113214be DB |
2354 | |
2355 | struct bpf_prog *bpf_prog_get(u32 ufd) | |
2356 | { | |
288b3de5 | 2357 | return __bpf_prog_get(ufd, NULL, false); |
113214be DB |
2358 | } |
2359 | ||
248f346f | 2360 | struct bpf_prog *bpf_prog_get_type_dev(u32 ufd, enum bpf_prog_type type, |
288b3de5 | 2361 | bool attach_drv) |
248f346f | 2362 | { |
4d220ed0 | 2363 | return __bpf_prog_get(ufd, &type, attach_drv); |
248f346f | 2364 | } |
6c8dfe21 | 2365 | EXPORT_SYMBOL_GPL(bpf_prog_get_type_dev); |
248f346f | 2366 | |
aac3fc32 AI |
2367 | /* Initially all BPF programs could be loaded w/o specifying |
2368 | * expected_attach_type. Later for some of them specifying expected_attach_type | |
2369 | * at load time became required so that program could be validated properly. | |
2370 | * Programs of types that are allowed to be loaded both w/ and w/o (for | |
2371 | * backward compatibility) expected_attach_type, should have the default attach | |
2372 | * type assigned to expected_attach_type for the latter case, so that it can be | |
2373 | * validated later at attach time. | |
2374 | * | |
2375 | * bpf_prog_load_fixup_attach_type() sets expected_attach_type in @attr if | |
2376 | * prog type requires it but has some attach types that have to be backward | |
2377 | * compatible. | |
2378 | */ | |
2379 | static void bpf_prog_load_fixup_attach_type(union bpf_attr *attr) | |
2380 | { | |
2381 | switch (attr->prog_type) { | |
2382 | case BPF_PROG_TYPE_CGROUP_SOCK: | |
2383 | /* Unfortunately BPF_ATTACH_TYPE_UNSPEC enumeration doesn't | |
2384 | * exist so checking for non-zero is the way to go here. | |
2385 | */ | |
2386 | if (!attr->expected_attach_type) | |
2387 | attr->expected_attach_type = | |
2388 | BPF_CGROUP_INET_SOCK_CREATE; | |
2389 | break; | |
d5e4ddae KI |
2390 | case BPF_PROG_TYPE_SK_REUSEPORT: |
2391 | if (!attr->expected_attach_type) | |
2392 | attr->expected_attach_type = | |
2393 | BPF_SK_REUSEPORT_SELECT; | |
2394 | break; | |
aac3fc32 AI |
2395 | } |
2396 | } | |
2397 | ||
5e43f899 | 2398 | static int |
ccfe29eb AS |
2399 | bpf_prog_load_check_attach(enum bpf_prog_type prog_type, |
2400 | enum bpf_attach_type expected_attach_type, | |
290248a5 AN |
2401 | struct btf *attach_btf, u32 btf_id, |
2402 | struct bpf_prog *dst_prog) | |
5e43f899 | 2403 | { |
27ae7997 | 2404 | if (btf_id) { |
c108e3c1 AS |
2405 | if (btf_id > BTF_MAX_TYPE) |
2406 | return -EINVAL; | |
27ae7997 | 2407 | |
290248a5 AN |
2408 | if (!attach_btf && !dst_prog) |
2409 | return -EINVAL; | |
2410 | ||
27ae7997 MKL |
2411 | switch (prog_type) { |
2412 | case BPF_PROG_TYPE_TRACING: | |
9e4e01df | 2413 | case BPF_PROG_TYPE_LSM: |
27ae7997 | 2414 | case BPF_PROG_TYPE_STRUCT_OPS: |
be8704ff | 2415 | case BPF_PROG_TYPE_EXT: |
27ae7997 MKL |
2416 | break; |
2417 | default: | |
c108e3c1 | 2418 | return -EINVAL; |
27ae7997 | 2419 | } |
c108e3c1 AS |
2420 | } |
2421 | ||
290248a5 AN |
2422 | if (attach_btf && (!btf_id || dst_prog)) |
2423 | return -EINVAL; | |
2424 | ||
2425 | if (dst_prog && prog_type != BPF_PROG_TYPE_TRACING && | |
be8704ff | 2426 | prog_type != BPF_PROG_TYPE_EXT) |
27ae7997 MKL |
2427 | return -EINVAL; |
2428 | ||
4fbac77d | 2429 | switch (prog_type) { |
aac3fc32 AI |
2430 | case BPF_PROG_TYPE_CGROUP_SOCK: |
2431 | switch (expected_attach_type) { | |
2432 | case BPF_CGROUP_INET_SOCK_CREATE: | |
f5836749 | 2433 | case BPF_CGROUP_INET_SOCK_RELEASE: |
aac3fc32 AI |
2434 | case BPF_CGROUP_INET4_POST_BIND: |
2435 | case BPF_CGROUP_INET6_POST_BIND: | |
2436 | return 0; | |
2437 | default: | |
2438 | return -EINVAL; | |
2439 | } | |
4fbac77d AI |
2440 | case BPF_PROG_TYPE_CGROUP_SOCK_ADDR: |
2441 | switch (expected_attach_type) { | |
2442 | case BPF_CGROUP_INET4_BIND: | |
2443 | case BPF_CGROUP_INET6_BIND: | |
d74bad4e AI |
2444 | case BPF_CGROUP_INET4_CONNECT: |
2445 | case BPF_CGROUP_INET6_CONNECT: | |
1b66d253 DB |
2446 | case BPF_CGROUP_INET4_GETPEERNAME: |
2447 | case BPF_CGROUP_INET6_GETPEERNAME: | |
2448 | case BPF_CGROUP_INET4_GETSOCKNAME: | |
2449 | case BPF_CGROUP_INET6_GETSOCKNAME: | |
1cedee13 AI |
2450 | case BPF_CGROUP_UDP4_SENDMSG: |
2451 | case BPF_CGROUP_UDP6_SENDMSG: | |
983695fa DB |
2452 | case BPF_CGROUP_UDP4_RECVMSG: |
2453 | case BPF_CGROUP_UDP6_RECVMSG: | |
4fbac77d AI |
2454 | return 0; |
2455 | default: | |
2456 | return -EINVAL; | |
2457 | } | |
5cf1e914 | 2458 | case BPF_PROG_TYPE_CGROUP_SKB: |
2459 | switch (expected_attach_type) { | |
2460 | case BPF_CGROUP_INET_INGRESS: | |
2461 | case BPF_CGROUP_INET_EGRESS: | |
2462 | return 0; | |
2463 | default: | |
2464 | return -EINVAL; | |
2465 | } | |
0d01da6a SF |
2466 | case BPF_PROG_TYPE_CGROUP_SOCKOPT: |
2467 | switch (expected_attach_type) { | |
2468 | case BPF_CGROUP_SETSOCKOPT: | |
2469 | case BPF_CGROUP_GETSOCKOPT: | |
2470 | return 0; | |
2471 | default: | |
2472 | return -EINVAL; | |
2473 | } | |
e9ddbb77 JS |
2474 | case BPF_PROG_TYPE_SK_LOOKUP: |
2475 | if (expected_attach_type == BPF_SK_LOOKUP) | |
2476 | return 0; | |
2477 | return -EINVAL; | |
d5e4ddae KI |
2478 | case BPF_PROG_TYPE_SK_REUSEPORT: |
2479 | switch (expected_attach_type) { | |
2480 | case BPF_SK_REUSEPORT_SELECT: | |
2481 | case BPF_SK_REUSEPORT_SELECT_OR_MIGRATE: | |
2482 | return 0; | |
2483 | default: | |
2484 | return -EINVAL; | |
2485 | } | |
132328e8 FW |
2486 | case BPF_PROG_TYPE_NETFILTER: |
2487 | if (expected_attach_type == BPF_NETFILTER) | |
2488 | return 0; | |
2489 | return -EINVAL; | |
79a7f8bd | 2490 | case BPF_PROG_TYPE_SYSCALL: |
be8704ff AS |
2491 | case BPF_PROG_TYPE_EXT: |
2492 | if (expected_attach_type) | |
2493 | return -EINVAL; | |
df561f66 | 2494 | fallthrough; |
4fbac77d AI |
2495 | default: |
2496 | return 0; | |
2497 | } | |
5e43f899 AI |
2498 | } |
2499 | ||
2c78ee89 AS |
2500 | static bool is_net_admin_prog_type(enum bpf_prog_type prog_type) |
2501 | { | |
2502 | switch (prog_type) { | |
2503 | case BPF_PROG_TYPE_SCHED_CLS: | |
2504 | case BPF_PROG_TYPE_SCHED_ACT: | |
2505 | case BPF_PROG_TYPE_XDP: | |
2506 | case BPF_PROG_TYPE_LWT_IN: | |
2507 | case BPF_PROG_TYPE_LWT_OUT: | |
2508 | case BPF_PROG_TYPE_LWT_XMIT: | |
2509 | case BPF_PROG_TYPE_LWT_SEG6LOCAL: | |
2510 | case BPF_PROG_TYPE_SK_SKB: | |
2511 | case BPF_PROG_TYPE_SK_MSG: | |
2c78ee89 AS |
2512 | case BPF_PROG_TYPE_FLOW_DISSECTOR: |
2513 | case BPF_PROG_TYPE_CGROUP_DEVICE: | |
2514 | case BPF_PROG_TYPE_CGROUP_SOCK: | |
2515 | case BPF_PROG_TYPE_CGROUP_SOCK_ADDR: | |
2516 | case BPF_PROG_TYPE_CGROUP_SOCKOPT: | |
2517 | case BPF_PROG_TYPE_CGROUP_SYSCTL: | |
2518 | case BPF_PROG_TYPE_SOCK_OPS: | |
2519 | case BPF_PROG_TYPE_EXT: /* extends any prog */ | |
84601d6e | 2520 | case BPF_PROG_TYPE_NETFILTER: |
2c78ee89 AS |
2521 | return true; |
2522 | case BPF_PROG_TYPE_CGROUP_SKB: | |
2523 | /* always unpriv */ | |
2524 | case BPF_PROG_TYPE_SK_REUSEPORT: | |
2525 | /* equivalent to SOCKET_FILTER. need CAP_BPF only */ | |
2526 | default: | |
2527 | return false; | |
2528 | } | |
2529 | } | |
2530 | ||
2531 | static bool is_perfmon_prog_type(enum bpf_prog_type prog_type) | |
2532 | { | |
2533 | switch (prog_type) { | |
2534 | case BPF_PROG_TYPE_KPROBE: | |
2535 | case BPF_PROG_TYPE_TRACEPOINT: | |
2536 | case BPF_PROG_TYPE_PERF_EVENT: | |
2537 | case BPF_PROG_TYPE_RAW_TRACEPOINT: | |
2538 | case BPF_PROG_TYPE_RAW_TRACEPOINT_WRITABLE: | |
2539 | case BPF_PROG_TYPE_TRACING: | |
2540 | case BPF_PROG_TYPE_LSM: | |
2541 | case BPF_PROG_TYPE_STRUCT_OPS: /* has access to struct sock */ | |
2542 | case BPF_PROG_TYPE_EXT: /* extends any prog */ | |
2543 | return true; | |
2544 | default: | |
2545 | return false; | |
2546 | } | |
2547 | } | |
2548 | ||
09756af4 | 2549 | /* last field in 'union bpf_attr' used by this command */ |
47a71c1f | 2550 | #define BPF_PROG_LOAD_LAST_FIELD log_true_size |
09756af4 | 2551 | |
47a71c1f | 2552 | static int bpf_prog_load(union bpf_attr *attr, bpfptr_t uattr, u32 uattr_size) |
09756af4 AS |
2553 | { |
2554 | enum bpf_prog_type type = attr->prog_type; | |
290248a5 AN |
2555 | struct bpf_prog *prog, *dst_prog = NULL; |
2556 | struct btf *attach_btf = NULL; | |
09756af4 AS |
2557 | int err; |
2558 | char license[128]; | |
09756af4 AS |
2559 | |
2560 | if (CHECK_ATTR(BPF_PROG_LOAD)) | |
2561 | return -EINVAL; | |
2562 | ||
c240eff6 JW |
2563 | if (attr->prog_flags & ~(BPF_F_STRICT_ALIGNMENT | |
2564 | BPF_F_ANY_ALIGNMENT | | |
10d274e8 | 2565 | BPF_F_TEST_STATE_FREQ | |
1e6c62a8 | 2566 | BPF_F_SLEEPABLE | |
c2f2cdbe | 2567 | BPF_F_TEST_RND_HI32 | |
2b3486bc SF |
2568 | BPF_F_XDP_HAS_FRAGS | |
2569 | BPF_F_XDP_DEV_BOUND_ONLY)) | |
e07b98d9 DM |
2570 | return -EINVAL; |
2571 | ||
e9ee9efc DM |
2572 | if (!IS_ENABLED(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) && |
2573 | (attr->prog_flags & BPF_F_ANY_ALIGNMENT) && | |
2c78ee89 | 2574 | !bpf_capable()) |
e9ee9efc DM |
2575 | return -EPERM; |
2576 | ||
1d28635a AN |
2577 | /* Intent here is for unprivileged_bpf_disabled to block BPF program |
2578 | * creation for unprivileged users; other actions depend | |
2579 | * on fd availability and access to bpffs, so are dependent on | |
2580 | * object creation success. Even with unprivileged BPF disabled, | |
2581 | * capability checks are still carried out for these | |
2582 | * and other operations. | |
2583 | */ | |
2584 | if (sysctl_unprivileged_bpf_disabled && !bpf_capable()) | |
2585 | return -EPERM; | |
09756af4 | 2586 | |
c04c0d2b | 2587 | if (attr->insn_cnt == 0 || |
2c78ee89 | 2588 | attr->insn_cnt > (bpf_capable() ? BPF_COMPLEXITY_LIMIT_INSNS : BPF_MAXINSNS)) |
ef0915ca | 2589 | return -E2BIG; |
80b7d819 CF |
2590 | if (type != BPF_PROG_TYPE_SOCKET_FILTER && |
2591 | type != BPF_PROG_TYPE_CGROUP_SKB && | |
2c78ee89 AS |
2592 | !bpf_capable()) |
2593 | return -EPERM; | |
2594 | ||
b338cb92 | 2595 | if (is_net_admin_prog_type(type) && !capable(CAP_NET_ADMIN) && !capable(CAP_SYS_ADMIN)) |
2c78ee89 AS |
2596 | return -EPERM; |
2597 | if (is_perfmon_prog_type(type) && !perfmon_capable()) | |
1be7f75d AS |
2598 | return -EPERM; |
2599 | ||
290248a5 AN |
2600 | /* attach_prog_fd/attach_btf_obj_fd can specify fd of either bpf_prog |
2601 | * or btf, we need to check which one it is | |
2602 | */ | |
2603 | if (attr->attach_prog_fd) { | |
2604 | dst_prog = bpf_prog_get(attr->attach_prog_fd); | |
2605 | if (IS_ERR(dst_prog)) { | |
2606 | dst_prog = NULL; | |
2607 | attach_btf = btf_get_by_fd(attr->attach_btf_obj_fd); | |
2608 | if (IS_ERR(attach_btf)) | |
2609 | return -EINVAL; | |
2610 | if (!btf_is_kernel(attach_btf)) { | |
8bdd8e27 AN |
2611 | /* attaching through specifying bpf_prog's BTF |
2612 | * objects directly might be supported eventually | |
2613 | */ | |
290248a5 | 2614 | btf_put(attach_btf); |
8bdd8e27 | 2615 | return -ENOTSUPP; |
290248a5 AN |
2616 | } |
2617 | } | |
2618 | } else if (attr->attach_btf_id) { | |
2619 | /* fall back to vmlinux BTF, if BTF type ID is specified */ | |
2620 | attach_btf = bpf_get_btf_vmlinux(); | |
2621 | if (IS_ERR(attach_btf)) | |
2622 | return PTR_ERR(attach_btf); | |
2623 | if (!attach_btf) | |
2624 | return -EINVAL; | |
2625 | btf_get(attach_btf); | |
2626 | } | |
2627 | ||
aac3fc32 | 2628 | bpf_prog_load_fixup_attach_type(attr); |
ccfe29eb | 2629 | if (bpf_prog_load_check_attach(type, attr->expected_attach_type, |
290248a5 AN |
2630 | attach_btf, attr->attach_btf_id, |
2631 | dst_prog)) { | |
2632 | if (dst_prog) | |
2633 | bpf_prog_put(dst_prog); | |
2634 | if (attach_btf) | |
2635 | btf_put(attach_btf); | |
5e43f899 | 2636 | return -EINVAL; |
290248a5 | 2637 | } |
5e43f899 | 2638 | |
09756af4 AS |
2639 | /* plain bpf_prog allocation */ |
2640 | prog = bpf_prog_alloc(bpf_prog_size(attr->insn_cnt), GFP_USER); | |
290248a5 AN |
2641 | if (!prog) { |
2642 | if (dst_prog) | |
2643 | bpf_prog_put(dst_prog); | |
2644 | if (attach_btf) | |
2645 | btf_put(attach_btf); | |
09756af4 | 2646 | return -ENOMEM; |
290248a5 | 2647 | } |
09756af4 | 2648 | |
5e43f899 | 2649 | prog->expected_attach_type = attr->expected_attach_type; |
290248a5 | 2650 | prog->aux->attach_btf = attach_btf; |
ccfe29eb | 2651 | prog->aux->attach_btf_id = attr->attach_btf_id; |
290248a5 | 2652 | prog->aux->dst_prog = dst_prog; |
2b3486bc | 2653 | prog->aux->dev_bound = !!attr->prog_ifindex; |
1e6c62a8 | 2654 | prog->aux->sleepable = attr->prog_flags & BPF_F_SLEEPABLE; |
c2f2cdbe | 2655 | prog->aux->xdp_has_frags = attr->prog_flags & BPF_F_XDP_HAS_FRAGS; |
9a18eedb | 2656 | |
afdb09c7 | 2657 | err = security_bpf_prog_alloc(prog->aux); |
aaac3ba9 | 2658 | if (err) |
3ac1f01b | 2659 | goto free_prog; |
afdb09c7 | 2660 | |
3ac1f01b | 2661 | prog->aux->user = get_current_user(); |
09756af4 AS |
2662 | prog->len = attr->insn_cnt; |
2663 | ||
2664 | err = -EFAULT; | |
af2ac3e1 AS |
2665 | if (copy_from_bpfptr(prog->insns, |
2666 | make_bpfptr(attr->insns, uattr.is_kernel), | |
2667 | bpf_prog_insn_size(prog)) != 0) | |
3ac1f01b | 2668 | goto free_prog_sec; |
7f6719f7 AN |
2669 | /* copy eBPF program license from user space */ |
2670 | if (strncpy_from_bpfptr(license, | |
2671 | make_bpfptr(attr->license, uattr.is_kernel), | |
2672 | sizeof(license) - 1) < 0) | |
2673 | goto free_prog_sec; | |
2674 | license[sizeof(license) - 1] = 0; | |
2675 | ||
2676 | /* eBPF programs must be GPL compatible to use GPL-ed functions */ | |
2677 | prog->gpl_compatible = license_is_gpl_compatible(license) ? 1 : 0; | |
09756af4 AS |
2678 | |
2679 | prog->orig_prog = NULL; | |
a91263d5 | 2680 | prog->jited = 0; |
09756af4 | 2681 | |
85192dbf | 2682 | atomic64_set(&prog->aux->refcnt, 1); |
09756af4 | 2683 | |
9a18eedb | 2684 | if (bpf_prog_is_dev_bound(prog->aux)) { |
2b3486bc | 2685 | err = bpf_prog_dev_bound_init(prog, attr); |
ab3f0063 | 2686 | if (err) |
3ac1f01b | 2687 | goto free_prog_sec; |
ab3f0063 JK |
2688 | } |
2689 | ||
fd7c211d THJ |
2690 | if (type == BPF_PROG_TYPE_EXT && dst_prog && |
2691 | bpf_prog_is_dev_bound(dst_prog->aux)) { | |
2692 | err = bpf_prog_dev_bound_inherit(prog, dst_prog); | |
ab3f0063 | 2693 | if (err) |
3ac1f01b | 2694 | goto free_prog_sec; |
ab3f0063 JK |
2695 | } |
2696 | ||
09756af4 AS |
2697 | /* find program type: socket_filter vs tracing_filter */ |
2698 | err = find_prog_type(type, prog); | |
2699 | if (err < 0) | |
3ac1f01b | 2700 | goto free_prog_sec; |
09756af4 | 2701 | |
9285ec4c | 2702 | prog->aux->load_time = ktime_get_boottime_ns(); |
8e7ae251 MKL |
2703 | err = bpf_obj_name_cpy(prog->aux->name, attr->prog_name, |
2704 | sizeof(attr->prog_name)); | |
2705 | if (err < 0) | |
3ac1f01b | 2706 | goto free_prog_sec; |
cb4d2b3f | 2707 | |
09756af4 | 2708 | /* run eBPF verifier */ |
47a71c1f | 2709 | err = bpf_check(&prog, attr, uattr, uattr_size); |
09756af4 AS |
2710 | if (err < 0) |
2711 | goto free_used_maps; | |
2712 | ||
9facc336 | 2713 | prog = bpf_prog_select_runtime(prog, &err); |
04fd61ab AS |
2714 | if (err < 0) |
2715 | goto free_used_maps; | |
09756af4 | 2716 | |
dc4bb0e2 MKL |
2717 | err = bpf_prog_alloc_id(prog); |
2718 | if (err) | |
2719 | goto free_used_maps; | |
2720 | ||
c751798a DB |
2721 | /* Upon success of bpf_prog_alloc_id(), the BPF prog is |
2722 | * effectively publicly exposed. However, retrieving via | |
2723 | * bpf_prog_get_fd_by_id() will take another reference, | |
2724 | * therefore it cannot be gone underneath us. | |
2725 | * | |
2726 | * Only for the time /after/ successful bpf_prog_new_fd() | |
2727 | * and before returning to userspace, we might just hold | |
2728 | * one reference and any parallel close on that fd could | |
2729 | * rip everything out. Hence, below notifications must | |
2730 | * happen before bpf_prog_new_fd(). | |
2731 | * | |
2732 | * Also, any failure handling from this point onwards must | |
2733 | * be using bpf_prog_put() given the program is exposed. | |
2734 | */ | |
74451e66 | 2735 | bpf_prog_kallsyms_add(prog); |
6ee52e2a | 2736 | perf_event_bpf_event(prog, PERF_BPF_EVENT_PROG_LOAD, 0); |
bae141f5 | 2737 | bpf_audit_prog(prog, BPF_AUDIT_LOAD); |
c751798a DB |
2738 | |
2739 | err = bpf_prog_new_fd(prog); | |
2740 | if (err < 0) | |
2741 | bpf_prog_put(prog); | |
09756af4 AS |
2742 | return err; |
2743 | ||
2744 | free_used_maps: | |
cd7455f1 DB |
2745 | /* In case we have subprogs, we need to wait for a grace |
2746 | * period before we can tear down JIT memory since symbols | |
2747 | * are already exposed under kallsyms. | |
2748 | */ | |
2749 | __bpf_prog_put_noref(prog, prog->aux->func_cnt); | |
2750 | return err; | |
afdb09c7 | 2751 | free_prog_sec: |
3ac1f01b | 2752 | free_uid(prog->aux->user); |
afdb09c7 | 2753 | security_bpf_prog_free(prog->aux); |
3ac1f01b | 2754 | free_prog: |
22dc4a0f AN |
2755 | if (prog->aux->attach_btf) |
2756 | btf_put(prog->aux->attach_btf); | |
09756af4 AS |
2757 | bpf_prog_free(prog); |
2758 | return err; | |
2759 | } | |
2760 | ||
cb8edce2 | 2761 | #define BPF_OBJ_LAST_FIELD path_fd |
b2197755 DB |
2762 | |
2763 | static int bpf_obj_pin(const union bpf_attr *attr) | |
2764 | { | |
cb8edce2 AN |
2765 | int path_fd; |
2766 | ||
2767 | if (CHECK_ATTR(BPF_OBJ) || attr->file_flags & ~BPF_F_PATH_FD) | |
2768 | return -EINVAL; | |
2769 | ||
2770 | /* path_fd has to be accompanied by BPF_F_PATH_FD flag */ | |
2771 | if (!(attr->file_flags & BPF_F_PATH_FD) && attr->path_fd) | |
b2197755 DB |
2772 | return -EINVAL; |
2773 | ||
cb8edce2 AN |
2774 | path_fd = attr->file_flags & BPF_F_PATH_FD ? attr->path_fd : AT_FDCWD; |
2775 | return bpf_obj_pin_user(attr->bpf_fd, path_fd, | |
2776 | u64_to_user_ptr(attr->pathname)); | |
b2197755 DB |
2777 | } |
2778 | ||
2779 | static int bpf_obj_get(const union bpf_attr *attr) | |
2780 | { | |
cb8edce2 AN |
2781 | int path_fd; |
2782 | ||
6e71b04a | 2783 | if (CHECK_ATTR(BPF_OBJ) || attr->bpf_fd != 0 || |
cb8edce2 AN |
2784 | attr->file_flags & ~(BPF_OBJ_FLAG_MASK | BPF_F_PATH_FD)) |
2785 | return -EINVAL; | |
2786 | ||
2787 | /* path_fd has to be accompanied by BPF_F_PATH_FD flag */ | |
2788 | if (!(attr->file_flags & BPF_F_PATH_FD) && attr->path_fd) | |
b2197755 DB |
2789 | return -EINVAL; |
2790 | ||
cb8edce2 AN |
2791 | path_fd = attr->file_flags & BPF_F_PATH_FD ? attr->path_fd : AT_FDCWD; |
2792 | return bpf_obj_get_user(path_fd, u64_to_user_ptr(attr->pathname), | |
6e71b04a | 2793 | attr->file_flags); |
b2197755 DB |
2794 | } |
2795 | ||
f2e10bff | 2796 | void bpf_link_init(struct bpf_link *link, enum bpf_link_type type, |
a3b80e10 | 2797 | const struct bpf_link_ops *ops, struct bpf_prog *prog) |
fec56f58 | 2798 | { |
70ed506c | 2799 | atomic64_set(&link->refcnt, 1); |
f2e10bff | 2800 | link->type = type; |
a3b80e10 | 2801 | link->id = 0; |
70ed506c AN |
2802 | link->ops = ops; |
2803 | link->prog = prog; | |
2804 | } | |
2805 | ||
a3b80e10 AN |
2806 | static void bpf_link_free_id(int id) |
2807 | { | |
2808 | if (!id) | |
2809 | return; | |
2810 | ||
2811 | spin_lock_bh(&link_idr_lock); | |
2812 | idr_remove(&link_idr, id); | |
2813 | spin_unlock_bh(&link_idr_lock); | |
2814 | } | |
2815 | ||
98868668 AN |
2816 | /* Clean up bpf_link and corresponding anon_inode file and FD. After |
2817 | * anon_inode is created, bpf_link can't be just kfree()'d due to deferred | |
a3b80e10 AN |
2818 | * anon_inode's release() call. This helper marksbpf_link as |
2819 | * defunct, releases anon_inode file and puts reserved FD. bpf_prog's refcnt | |
2820 | * is not decremented, it's the responsibility of a calling code that failed | |
2821 | * to complete bpf_link initialization. | |
98868668 | 2822 | */ |
a3b80e10 | 2823 | void bpf_link_cleanup(struct bpf_link_primer *primer) |
babf3164 | 2824 | { |
a3b80e10 AN |
2825 | primer->link->prog = NULL; |
2826 | bpf_link_free_id(primer->id); | |
2827 | fput(primer->file); | |
2828 | put_unused_fd(primer->fd); | |
babf3164 AN |
2829 | } |
2830 | ||
70ed506c AN |
2831 | void bpf_link_inc(struct bpf_link *link) |
2832 | { | |
2833 | atomic64_inc(&link->refcnt); | |
2834 | } | |
2835 | ||
2836 | /* bpf_link_free is guaranteed to be called from process context */ | |
2837 | static void bpf_link_free(struct bpf_link *link) | |
2838 | { | |
a3b80e10 | 2839 | bpf_link_free_id(link->id); |
babf3164 AN |
2840 | if (link->prog) { |
2841 | /* detach BPF program, clean up used resources */ | |
2842 | link->ops->release(link); | |
2843 | bpf_prog_put(link->prog); | |
2844 | } | |
2845 | /* free bpf_link and its containing memory */ | |
2846 | link->ops->dealloc(link); | |
70ed506c AN |
2847 | } |
2848 | ||
2849 | static void bpf_link_put_deferred(struct work_struct *work) | |
2850 | { | |
2851 | struct bpf_link *link = container_of(work, struct bpf_link, work); | |
2852 | ||
2853 | bpf_link_free(link); | |
2854 | } | |
2855 | ||
ab5d47bd SAS |
2856 | /* bpf_link_put might be called from atomic context. It needs to be called |
2857 | * from sleepable context in order to acquire sleeping locks during the process. | |
70ed506c AN |
2858 | */ |
2859 | void bpf_link_put(struct bpf_link *link) | |
2860 | { | |
2861 | if (!atomic64_dec_and_test(&link->refcnt)) | |
2862 | return; | |
2863 | ||
ab5d47bd SAS |
2864 | INIT_WORK(&link->work, bpf_link_put_deferred); |
2865 | schedule_work(&link->work); | |
70ed506c | 2866 | } |
cb80ddc6 | 2867 | EXPORT_SYMBOL(bpf_link_put); |
70ed506c | 2868 | |
ab5d47bd SAS |
2869 | static void bpf_link_put_direct(struct bpf_link *link) |
2870 | { | |
2871 | if (!atomic64_dec_and_test(&link->refcnt)) | |
2872 | return; | |
2873 | bpf_link_free(link); | |
2874 | } | |
2875 | ||
70ed506c AN |
2876 | static int bpf_link_release(struct inode *inode, struct file *filp) |
2877 | { | |
2878 | struct bpf_link *link = filp->private_data; | |
2879 | ||
ab5d47bd | 2880 | bpf_link_put_direct(link); |
fec56f58 AS |
2881 | return 0; |
2882 | } | |
2883 | ||
70ed506c | 2884 | #ifdef CONFIG_PROC_FS |
f2e10bff AN |
2885 | #define BPF_PROG_TYPE(_id, _name, prog_ctx_type, kern_ctx_type) |
2886 | #define BPF_MAP_TYPE(_id, _ops) | |
2887 | #define BPF_LINK_TYPE(_id, _name) [_id] = #_name, | |
2888 | static const char *bpf_link_type_strs[] = { | |
2889 | [BPF_LINK_TYPE_UNSPEC] = "<invalid>", | |
2890 | #include <linux/bpf_types.h> | |
2891 | }; | |
2892 | #undef BPF_PROG_TYPE | |
2893 | #undef BPF_MAP_TYPE | |
2894 | #undef BPF_LINK_TYPE | |
70ed506c AN |
2895 | |
2896 | static void bpf_link_show_fdinfo(struct seq_file *m, struct file *filp) | |
2897 | { | |
2898 | const struct bpf_link *link = filp->private_data; | |
2899 | const struct bpf_prog *prog = link->prog; | |
2900 | char prog_tag[sizeof(prog->tag) * 2 + 1] = { }; | |
70ed506c | 2901 | |
70ed506c AN |
2902 | seq_printf(m, |
2903 | "link_type:\t%s\n" | |
68b04864 | 2904 | "link_id:\t%u\n", |
f2e10bff | 2905 | bpf_link_type_strs[link->type], |
68b04864 KFL |
2906 | link->id); |
2907 | if (prog) { | |
2908 | bin2hex(prog_tag, prog->tag, sizeof(prog->tag)); | |
2909 | seq_printf(m, | |
2910 | "prog_tag:\t%s\n" | |
2911 | "prog_id:\t%u\n", | |
2912 | prog_tag, | |
2913 | prog->aux->id); | |
2914 | } | |
f2e10bff AN |
2915 | if (link->ops->show_fdinfo) |
2916 | link->ops->show_fdinfo(link, m); | |
70ed506c AN |
2917 | } |
2918 | #endif | |
2919 | ||
6f302bfb | 2920 | static const struct file_operations bpf_link_fops = { |
70ed506c AN |
2921 | #ifdef CONFIG_PROC_FS |
2922 | .show_fdinfo = bpf_link_show_fdinfo, | |
2923 | #endif | |
2924 | .release = bpf_link_release, | |
fec56f58 AS |
2925 | .read = bpf_dummy_read, |
2926 | .write = bpf_dummy_write, | |
2927 | }; | |
2928 | ||
a3b80e10 | 2929 | static int bpf_link_alloc_id(struct bpf_link *link) |
70ed506c | 2930 | { |
a3b80e10 | 2931 | int id; |
70ed506c | 2932 | |
a3b80e10 AN |
2933 | idr_preload(GFP_KERNEL); |
2934 | spin_lock_bh(&link_idr_lock); | |
2935 | id = idr_alloc_cyclic(&link_idr, link, 1, INT_MAX, GFP_ATOMIC); | |
2936 | spin_unlock_bh(&link_idr_lock); | |
2937 | idr_preload_end(); | |
70ed506c | 2938 | |
a3b80e10 AN |
2939 | return id; |
2940 | } | |
2941 | ||
2942 | /* Prepare bpf_link to be exposed to user-space by allocating anon_inode file, | |
2943 | * reserving unused FD and allocating ID from link_idr. This is to be paired | |
2944 | * with bpf_link_settle() to install FD and ID and expose bpf_link to | |
2945 | * user-space, if bpf_link is successfully attached. If not, bpf_link and | |
2946 | * pre-allocated resources are to be freed with bpf_cleanup() call. All the | |
2947 | * transient state is passed around in struct bpf_link_primer. | |
2948 | * This is preferred way to create and initialize bpf_link, especially when | |
c561d110 | 2949 | * there are complicated and expensive operations in between creating bpf_link |
a3b80e10 AN |
2950 | * itself and attaching it to BPF hook. By using bpf_link_prime() and |
2951 | * bpf_link_settle() kernel code using bpf_link doesn't have to perform | |
2952 | * expensive (and potentially failing) roll back operations in a rare case | |
2953 | * that file, FD, or ID can't be allocated. | |
babf3164 | 2954 | */ |
a3b80e10 | 2955 | int bpf_link_prime(struct bpf_link *link, struct bpf_link_primer *primer) |
babf3164 AN |
2956 | { |
2957 | struct file *file; | |
a3b80e10 | 2958 | int fd, id; |
babf3164 AN |
2959 | |
2960 | fd = get_unused_fd_flags(O_CLOEXEC); | |
2961 | if (fd < 0) | |
a3b80e10 | 2962 | return fd; |
babf3164 | 2963 | |
babf3164 | 2964 | |
a3b80e10 AN |
2965 | id = bpf_link_alloc_id(link); |
2966 | if (id < 0) { | |
2967 | put_unused_fd(fd); | |
a3b80e10 AN |
2968 | return id; |
2969 | } | |
babf3164 AN |
2970 | |
2971 | file = anon_inode_getfile("bpf_link", &bpf_link_fops, link, O_CLOEXEC); | |
2972 | if (IS_ERR(file)) { | |
138c6767 | 2973 | bpf_link_free_id(id); |
babf3164 | 2974 | put_unused_fd(fd); |
138c6767 | 2975 | return PTR_ERR(file); |
babf3164 AN |
2976 | } |
2977 | ||
a3b80e10 AN |
2978 | primer->link = link; |
2979 | primer->file = file; | |
2980 | primer->fd = fd; | |
2981 | primer->id = id; | |
2982 | return 0; | |
2983 | } | |
2984 | ||
2985 | int bpf_link_settle(struct bpf_link_primer *primer) | |
2986 | { | |
2987 | /* make bpf_link fetchable by ID */ | |
2988 | spin_lock_bh(&link_idr_lock); | |
2989 | primer->link->id = primer->id; | |
2990 | spin_unlock_bh(&link_idr_lock); | |
2991 | /* make bpf_link fetchable by FD */ | |
2992 | fd_install(primer->fd, primer->file); | |
2993 | /* pass through installed FD */ | |
2994 | return primer->fd; | |
2995 | } | |
2996 | ||
2997 | int bpf_link_new_fd(struct bpf_link *link) | |
2998 | { | |
2999 | return anon_inode_getfd("bpf-link", &bpf_link_fops, link, O_CLOEXEC); | |
babf3164 AN |
3000 | } |
3001 | ||
70ed506c AN |
3002 | struct bpf_link *bpf_link_get_from_fd(u32 ufd) |
3003 | { | |
3004 | struct fd f = fdget(ufd); | |
3005 | struct bpf_link *link; | |
3006 | ||
3007 | if (!f.file) | |
3008 | return ERR_PTR(-EBADF); | |
3009 | if (f.file->f_op != &bpf_link_fops) { | |
3010 | fdput(f); | |
3011 | return ERR_PTR(-EINVAL); | |
3012 | } | |
3013 | ||
3014 | link = f.file->private_data; | |
3015 | bpf_link_inc(link); | |
3016 | fdput(f); | |
3017 | ||
3018 | return link; | |
3019 | } | |
cb80ddc6 | 3020 | EXPORT_SYMBOL(bpf_link_get_from_fd); |
70ed506c | 3021 | |
70ed506c | 3022 | static void bpf_tracing_link_release(struct bpf_link *link) |
babf3164 | 3023 | { |
3aac1ead | 3024 | struct bpf_tracing_link *tr_link = |
f7e0beaf | 3025 | container_of(link, struct bpf_tracing_link, link.link); |
3aac1ead | 3026 | |
f7e0beaf | 3027 | WARN_ON_ONCE(bpf_trampoline_unlink_prog(&tr_link->link, |
3aac1ead THJ |
3028 | tr_link->trampoline)); |
3029 | ||
3030 | bpf_trampoline_put(tr_link->trampoline); | |
3031 | ||
3032 | /* tgt_prog is NULL if target is a kernel function */ | |
3033 | if (tr_link->tgt_prog) | |
3034 | bpf_prog_put(tr_link->tgt_prog); | |
babf3164 AN |
3035 | } |
3036 | ||
3037 | static void bpf_tracing_link_dealloc(struct bpf_link *link) | |
70ed506c AN |
3038 | { |
3039 | struct bpf_tracing_link *tr_link = | |
f7e0beaf | 3040 | container_of(link, struct bpf_tracing_link, link.link); |
70ed506c | 3041 | |
70ed506c AN |
3042 | kfree(tr_link); |
3043 | } | |
3044 | ||
f2e10bff AN |
3045 | static void bpf_tracing_link_show_fdinfo(const struct bpf_link *link, |
3046 | struct seq_file *seq) | |
3047 | { | |
3048 | struct bpf_tracing_link *tr_link = | |
f7e0beaf | 3049 | container_of(link, struct bpf_tracing_link, link.link); |
e859e429 | 3050 | u32 target_btf_id, target_obj_id; |
f2e10bff | 3051 | |
e859e429 YS |
3052 | bpf_trampoline_unpack_key(tr_link->trampoline->key, |
3053 | &target_obj_id, &target_btf_id); | |
f2e10bff | 3054 | seq_printf(seq, |
e859e429 YS |
3055 | "attach_type:\t%d\n" |
3056 | "target_obj_id:\t%u\n" | |
3057 | "target_btf_id:\t%u\n", | |
3058 | tr_link->attach_type, | |
3059 | target_obj_id, | |
3060 | target_btf_id); | |
f2e10bff AN |
3061 | } |
3062 | ||
3063 | static int bpf_tracing_link_fill_link_info(const struct bpf_link *link, | |
3064 | struct bpf_link_info *info) | |
3065 | { | |
3066 | struct bpf_tracing_link *tr_link = | |
f7e0beaf | 3067 | container_of(link, struct bpf_tracing_link, link.link); |
f2e10bff AN |
3068 | |
3069 | info->tracing.attach_type = tr_link->attach_type; | |
441e8c66 THJ |
3070 | bpf_trampoline_unpack_key(tr_link->trampoline->key, |
3071 | &info->tracing.target_obj_id, | |
3072 | &info->tracing.target_btf_id); | |
f2e10bff AN |
3073 | |
3074 | return 0; | |
3075 | } | |
3076 | ||
70ed506c AN |
3077 | static const struct bpf_link_ops bpf_tracing_link_lops = { |
3078 | .release = bpf_tracing_link_release, | |
babf3164 | 3079 | .dealloc = bpf_tracing_link_dealloc, |
f2e10bff AN |
3080 | .show_fdinfo = bpf_tracing_link_show_fdinfo, |
3081 | .fill_link_info = bpf_tracing_link_fill_link_info, | |
70ed506c AN |
3082 | }; |
3083 | ||
4a1e7c0c THJ |
3084 | static int bpf_tracing_prog_attach(struct bpf_prog *prog, |
3085 | int tgt_prog_fd, | |
2fcc8241 KFL |
3086 | u32 btf_id, |
3087 | u64 bpf_cookie) | |
fec56f58 | 3088 | { |
a3b80e10 | 3089 | struct bpf_link_primer link_primer; |
3aac1ead | 3090 | struct bpf_prog *tgt_prog = NULL; |
4a1e7c0c | 3091 | struct bpf_trampoline *tr = NULL; |
70ed506c | 3092 | struct bpf_tracing_link *link; |
4a1e7c0c | 3093 | u64 key = 0; |
a3b80e10 | 3094 | int err; |
fec56f58 | 3095 | |
9e4e01df KS |
3096 | switch (prog->type) { |
3097 | case BPF_PROG_TYPE_TRACING: | |
3098 | if (prog->expected_attach_type != BPF_TRACE_FENTRY && | |
3099 | prog->expected_attach_type != BPF_TRACE_FEXIT && | |
3100 | prog->expected_attach_type != BPF_MODIFY_RETURN) { | |
3101 | err = -EINVAL; | |
3102 | goto out_put_prog; | |
3103 | } | |
3104 | break; | |
3105 | case BPF_PROG_TYPE_EXT: | |
3106 | if (prog->expected_attach_type != 0) { | |
3107 | err = -EINVAL; | |
3108 | goto out_put_prog; | |
3109 | } | |
3110 | break; | |
3111 | case BPF_PROG_TYPE_LSM: | |
3112 | if (prog->expected_attach_type != BPF_LSM_MAC) { | |
3113 | err = -EINVAL; | |
3114 | goto out_put_prog; | |
3115 | } | |
3116 | break; | |
3117 | default: | |
fec56f58 AS |
3118 | err = -EINVAL; |
3119 | goto out_put_prog; | |
3120 | } | |
3121 | ||
4a1e7c0c THJ |
3122 | if (!!tgt_prog_fd != !!btf_id) { |
3123 | err = -EINVAL; | |
3124 | goto out_put_prog; | |
3125 | } | |
3126 | ||
3127 | if (tgt_prog_fd) { | |
3128 | /* For now we only allow new targets for BPF_PROG_TYPE_EXT */ | |
3129 | if (prog->type != BPF_PROG_TYPE_EXT) { | |
3130 | err = -EINVAL; | |
3131 | goto out_put_prog; | |
3132 | } | |
3133 | ||
3134 | tgt_prog = bpf_prog_get(tgt_prog_fd); | |
3135 | if (IS_ERR(tgt_prog)) { | |
3136 | err = PTR_ERR(tgt_prog); | |
3137 | tgt_prog = NULL; | |
3138 | goto out_put_prog; | |
3139 | } | |
3140 | ||
22dc4a0f | 3141 | key = bpf_trampoline_compute_key(tgt_prog, NULL, btf_id); |
4a1e7c0c THJ |
3142 | } |
3143 | ||
70ed506c AN |
3144 | link = kzalloc(sizeof(*link), GFP_USER); |
3145 | if (!link) { | |
3146 | err = -ENOMEM; | |
3147 | goto out_put_prog; | |
3148 | } | |
f7e0beaf | 3149 | bpf_link_init(&link->link.link, BPF_LINK_TYPE_TRACING, |
f2e10bff AN |
3150 | &bpf_tracing_link_lops, prog); |
3151 | link->attach_type = prog->expected_attach_type; | |
2fcc8241 | 3152 | link->link.cookie = bpf_cookie; |
70ed506c | 3153 | |
3aac1ead THJ |
3154 | mutex_lock(&prog->aux->dst_mutex); |
3155 | ||
4a1e7c0c THJ |
3156 | /* There are a few possible cases here: |
3157 | * | |
3158 | * - if prog->aux->dst_trampoline is set, the program was just loaded | |
3159 | * and not yet attached to anything, so we can use the values stored | |
3160 | * in prog->aux | |
3161 | * | |
3162 | * - if prog->aux->dst_trampoline is NULL, the program has already been | |
3163 | * attached to a target and its initial target was cleared (below) | |
3164 | * | |
3165 | * - if tgt_prog != NULL, the caller specified tgt_prog_fd + | |
3166 | * target_btf_id using the link_create API. | |
3167 | * | |
3168 | * - if tgt_prog == NULL when this function was called using the old | |
f3a95075 JO |
3169 | * raw_tracepoint_open API, and we need a target from prog->aux |
3170 | * | |
3171 | * - if prog->aux->dst_trampoline and tgt_prog is NULL, the program | |
3172 | * was detached and is going for re-attachment. | |
4a1e7c0c THJ |
3173 | */ |
3174 | if (!prog->aux->dst_trampoline && !tgt_prog) { | |
f3a95075 JO |
3175 | /* |
3176 | * Allow re-attach for TRACING and LSM programs. If it's | |
3177 | * currently linked, bpf_trampoline_link_prog will fail. | |
3178 | * EXT programs need to specify tgt_prog_fd, so they | |
3179 | * re-attach in separate code path. | |
3180 | */ | |
3181 | if (prog->type != BPF_PROG_TYPE_TRACING && | |
3182 | prog->type != BPF_PROG_TYPE_LSM) { | |
3183 | err = -EINVAL; | |
3184 | goto out_unlock; | |
3185 | } | |
3186 | btf_id = prog->aux->attach_btf_id; | |
3187 | key = bpf_trampoline_compute_key(NULL, prog->aux->attach_btf, btf_id); | |
babf3164 | 3188 | } |
4a1e7c0c THJ |
3189 | |
3190 | if (!prog->aux->dst_trampoline || | |
3191 | (key && key != prog->aux->dst_trampoline->key)) { | |
3192 | /* If there is no saved target, or the specified target is | |
3193 | * different from the destination specified at load time, we | |
3194 | * need a new trampoline and a check for compatibility | |
3195 | */ | |
3196 | struct bpf_attach_target_info tgt_info = {}; | |
3197 | ||
3198 | err = bpf_check_attach_target(NULL, prog, tgt_prog, btf_id, | |
3199 | &tgt_info); | |
3200 | if (err) | |
3201 | goto out_unlock; | |
3202 | ||
31bf1dbc VM |
3203 | if (tgt_info.tgt_mod) { |
3204 | module_put(prog->aux->mod); | |
3205 | prog->aux->mod = tgt_info.tgt_mod; | |
3206 | } | |
3207 | ||
4a1e7c0c THJ |
3208 | tr = bpf_trampoline_get(key, &tgt_info); |
3209 | if (!tr) { | |
3210 | err = -ENOMEM; | |
3211 | goto out_unlock; | |
3212 | } | |
3213 | } else { | |
3214 | /* The caller didn't specify a target, or the target was the | |
3215 | * same as the destination supplied during program load. This | |
3216 | * means we can reuse the trampoline and reference from program | |
3217 | * load time, and there is no need to allocate a new one. This | |
3218 | * can only happen once for any program, as the saved values in | |
3219 | * prog->aux are cleared below. | |
3220 | */ | |
3221 | tr = prog->aux->dst_trampoline; | |
3222 | tgt_prog = prog->aux->dst_prog; | |
3223 | } | |
3aac1ead | 3224 | |
f7e0beaf | 3225 | err = bpf_link_prime(&link->link.link, &link_primer); |
3aac1ead THJ |
3226 | if (err) |
3227 | goto out_unlock; | |
fec56f58 | 3228 | |
f7e0beaf | 3229 | err = bpf_trampoline_link_prog(&link->link, tr); |
babf3164 | 3230 | if (err) { |
a3b80e10 | 3231 | bpf_link_cleanup(&link_primer); |
3aac1ead THJ |
3232 | link = NULL; |
3233 | goto out_unlock; | |
fec56f58 | 3234 | } |
babf3164 | 3235 | |
3aac1ead THJ |
3236 | link->tgt_prog = tgt_prog; |
3237 | link->trampoline = tr; | |
3238 | ||
4a1e7c0c THJ |
3239 | /* Always clear the trampoline and target prog from prog->aux to make |
3240 | * sure the original attach destination is not kept alive after a | |
3241 | * program is (re-)attached to another target. | |
3242 | */ | |
3243 | if (prog->aux->dst_prog && | |
3244 | (tgt_prog_fd || tr != prog->aux->dst_trampoline)) | |
3245 | /* got extra prog ref from syscall, or attaching to different prog */ | |
3246 | bpf_prog_put(prog->aux->dst_prog); | |
3247 | if (prog->aux->dst_trampoline && tr != prog->aux->dst_trampoline) | |
3248 | /* we allocated a new trampoline, so free the old one */ | |
3249 | bpf_trampoline_put(prog->aux->dst_trampoline); | |
3250 | ||
3aac1ead THJ |
3251 | prog->aux->dst_prog = NULL; |
3252 | prog->aux->dst_trampoline = NULL; | |
3253 | mutex_unlock(&prog->aux->dst_mutex); | |
3254 | ||
a3b80e10 | 3255 | return bpf_link_settle(&link_primer); |
3aac1ead | 3256 | out_unlock: |
4a1e7c0c THJ |
3257 | if (tr && tr != prog->aux->dst_trampoline) |
3258 | bpf_trampoline_put(tr); | |
3aac1ead THJ |
3259 | mutex_unlock(&prog->aux->dst_mutex); |
3260 | kfree(link); | |
fec56f58 | 3261 | out_put_prog: |
4a1e7c0c THJ |
3262 | if (tgt_prog_fd && tgt_prog) |
3263 | bpf_prog_put(tgt_prog); | |
fec56f58 AS |
3264 | return err; |
3265 | } | |
3266 | ||
70ed506c AN |
3267 | struct bpf_raw_tp_link { |
3268 | struct bpf_link link; | |
c4f6699d | 3269 | struct bpf_raw_event_map *btp; |
c4f6699d AS |
3270 | }; |
3271 | ||
70ed506c | 3272 | static void bpf_raw_tp_link_release(struct bpf_link *link) |
c4f6699d | 3273 | { |
70ed506c AN |
3274 | struct bpf_raw_tp_link *raw_tp = |
3275 | container_of(link, struct bpf_raw_tp_link, link); | |
c4f6699d | 3276 | |
70ed506c | 3277 | bpf_probe_unregister(raw_tp->btp, raw_tp->link.prog); |
a38d1107 | 3278 | bpf_put_raw_tracepoint(raw_tp->btp); |
babf3164 AN |
3279 | } |
3280 | ||
3281 | static void bpf_raw_tp_link_dealloc(struct bpf_link *link) | |
3282 | { | |
3283 | struct bpf_raw_tp_link *raw_tp = | |
3284 | container_of(link, struct bpf_raw_tp_link, link); | |
3285 | ||
c4f6699d | 3286 | kfree(raw_tp); |
c4f6699d AS |
3287 | } |
3288 | ||
f2e10bff AN |
3289 | static void bpf_raw_tp_link_show_fdinfo(const struct bpf_link *link, |
3290 | struct seq_file *seq) | |
3291 | { | |
3292 | struct bpf_raw_tp_link *raw_tp_link = | |
3293 | container_of(link, struct bpf_raw_tp_link, link); | |
3294 | ||
3295 | seq_printf(seq, | |
3296 | "tp_name:\t%s\n", | |
3297 | raw_tp_link->btp->tp->name); | |
3298 | } | |
3299 | ||
57d48537 YS |
3300 | static int bpf_copy_to_user(char __user *ubuf, const char *buf, u32 ulen, |
3301 | u32 len) | |
3302 | { | |
3303 | if (ulen >= len + 1) { | |
3304 | if (copy_to_user(ubuf, buf, len + 1)) | |
3305 | return -EFAULT; | |
3306 | } else { | |
3307 | char zero = '\0'; | |
3308 | ||
3309 | if (copy_to_user(ubuf, buf, ulen - 1)) | |
3310 | return -EFAULT; | |
3311 | if (put_user(zero, ubuf + ulen - 1)) | |
3312 | return -EFAULT; | |
3313 | return -ENOSPC; | |
3314 | } | |
3315 | ||
3316 | return 0; | |
3317 | } | |
3318 | ||
f2e10bff AN |
3319 | static int bpf_raw_tp_link_fill_link_info(const struct bpf_link *link, |
3320 | struct bpf_link_info *info) | |
3321 | { | |
3322 | struct bpf_raw_tp_link *raw_tp_link = | |
3323 | container_of(link, struct bpf_raw_tp_link, link); | |
3324 | char __user *ubuf = u64_to_user_ptr(info->raw_tracepoint.tp_name); | |
3325 | const char *tp_name = raw_tp_link->btp->tp->name; | |
3326 | u32 ulen = info->raw_tracepoint.tp_name_len; | |
3327 | size_t tp_len = strlen(tp_name); | |
3328 | ||
b474959d | 3329 | if (!ulen ^ !ubuf) |
f2e10bff AN |
3330 | return -EINVAL; |
3331 | ||
3332 | info->raw_tracepoint.tp_name_len = tp_len + 1; | |
3333 | ||
3334 | if (!ubuf) | |
3335 | return 0; | |
3336 | ||
57d48537 | 3337 | return bpf_copy_to_user(ubuf, tp_name, ulen, tp_len); |
f2e10bff AN |
3338 | } |
3339 | ||
a3b80e10 | 3340 | static const struct bpf_link_ops bpf_raw_tp_link_lops = { |
70ed506c | 3341 | .release = bpf_raw_tp_link_release, |
babf3164 | 3342 | .dealloc = bpf_raw_tp_link_dealloc, |
f2e10bff AN |
3343 | .show_fdinfo = bpf_raw_tp_link_show_fdinfo, |
3344 | .fill_link_info = bpf_raw_tp_link_fill_link_info, | |
c4f6699d AS |
3345 | }; |
3346 | ||
b89fbfbb AN |
3347 | #ifdef CONFIG_PERF_EVENTS |
3348 | struct bpf_perf_link { | |
3349 | struct bpf_link link; | |
3350 | struct file *perf_file; | |
3351 | }; | |
3352 | ||
3353 | static void bpf_perf_link_release(struct bpf_link *link) | |
3354 | { | |
3355 | struct bpf_perf_link *perf_link = container_of(link, struct bpf_perf_link, link); | |
3356 | struct perf_event *event = perf_link->perf_file->private_data; | |
3357 | ||
3358 | perf_event_free_bpf_prog(event); | |
3359 | fput(perf_link->perf_file); | |
3360 | } | |
3361 | ||
3362 | static void bpf_perf_link_dealloc(struct bpf_link *link) | |
3363 | { | |
3364 | struct bpf_perf_link *perf_link = container_of(link, struct bpf_perf_link, link); | |
3365 | ||
3366 | kfree(perf_link); | |
3367 | } | |
3368 | ||
1b715e1b YS |
3369 | static int bpf_perf_link_fill_common(const struct perf_event *event, |
3370 | char __user *uname, u32 ulen, | |
3371 | u64 *probe_offset, u64 *probe_addr, | |
3372 | u32 *fd_type) | |
3373 | { | |
3374 | const char *buf; | |
3375 | u32 prog_id; | |
3376 | size_t len; | |
3377 | int err; | |
3378 | ||
3379 | if (!ulen ^ !uname) | |
3380 | return -EINVAL; | |
1b715e1b YS |
3381 | |
3382 | err = bpf_get_perf_event_info(event, &prog_id, fd_type, &buf, | |
3383 | probe_offset, probe_addr); | |
3384 | if (err) | |
3385 | return err; | |
0aa35162 YS |
3386 | if (!uname) |
3387 | return 0; | |
1b715e1b YS |
3388 | if (buf) { |
3389 | len = strlen(buf); | |
3390 | err = bpf_copy_to_user(uname, buf, ulen, len); | |
3391 | if (err) | |
3392 | return err; | |
3393 | } else { | |
3394 | char zero = '\0'; | |
3395 | ||
3396 | if (put_user(zero, uname)) | |
3397 | return -EFAULT; | |
3398 | } | |
3399 | return 0; | |
3400 | } | |
3401 | ||
3402 | #ifdef CONFIG_KPROBE_EVENTS | |
3403 | static int bpf_perf_link_fill_kprobe(const struct perf_event *event, | |
3404 | struct bpf_link_info *info) | |
3405 | { | |
3406 | char __user *uname; | |
3407 | u64 addr, offset; | |
3408 | u32 ulen, type; | |
3409 | int err; | |
3410 | ||
3411 | uname = u64_to_user_ptr(info->perf_event.kprobe.func_name); | |
3412 | ulen = info->perf_event.kprobe.name_len; | |
3413 | err = bpf_perf_link_fill_common(event, uname, ulen, &offset, &addr, | |
3414 | &type); | |
3415 | if (err) | |
3416 | return err; | |
3417 | if (type == BPF_FD_TYPE_KRETPROBE) | |
3418 | info->perf_event.type = BPF_PERF_EVENT_KRETPROBE; | |
3419 | else | |
3420 | info->perf_event.type = BPF_PERF_EVENT_KPROBE; | |
3421 | ||
3422 | info->perf_event.kprobe.offset = offset; | |
3423 | if (!kallsyms_show_value(current_cred())) | |
3424 | addr = 0; | |
3425 | info->perf_event.kprobe.addr = addr; | |
3426 | return 0; | |
3427 | } | |
3428 | #endif | |
3429 | ||
3430 | #ifdef CONFIG_UPROBE_EVENTS | |
3431 | static int bpf_perf_link_fill_uprobe(const struct perf_event *event, | |
3432 | struct bpf_link_info *info) | |
3433 | { | |
3434 | char __user *uname; | |
3435 | u64 addr, offset; | |
3436 | u32 ulen, type; | |
3437 | int err; | |
3438 | ||
3439 | uname = u64_to_user_ptr(info->perf_event.uprobe.file_name); | |
3440 | ulen = info->perf_event.uprobe.name_len; | |
3441 | err = bpf_perf_link_fill_common(event, uname, ulen, &offset, &addr, | |
3442 | &type); | |
3443 | if (err) | |
3444 | return err; | |
3445 | ||
3446 | if (type == BPF_FD_TYPE_URETPROBE) | |
3447 | info->perf_event.type = BPF_PERF_EVENT_URETPROBE; | |
3448 | else | |
3449 | info->perf_event.type = BPF_PERF_EVENT_UPROBE; | |
3450 | info->perf_event.uprobe.offset = offset; | |
3451 | return 0; | |
3452 | } | |
3453 | #endif | |
3454 | ||
3455 | static int bpf_perf_link_fill_probe(const struct perf_event *event, | |
3456 | struct bpf_link_info *info) | |
3457 | { | |
3458 | #ifdef CONFIG_KPROBE_EVENTS | |
3459 | if (event->tp_event->flags & TRACE_EVENT_FL_KPROBE) | |
3460 | return bpf_perf_link_fill_kprobe(event, info); | |
3461 | #endif | |
3462 | #ifdef CONFIG_UPROBE_EVENTS | |
3463 | if (event->tp_event->flags & TRACE_EVENT_FL_UPROBE) | |
3464 | return bpf_perf_link_fill_uprobe(event, info); | |
3465 | #endif | |
3466 | return -EOPNOTSUPP; | |
3467 | } | |
3468 | ||
3469 | static int bpf_perf_link_fill_tracepoint(const struct perf_event *event, | |
3470 | struct bpf_link_info *info) | |
3471 | { | |
3472 | char __user *uname; | |
3473 | u32 ulen; | |
3474 | ||
3475 | uname = u64_to_user_ptr(info->perf_event.tracepoint.tp_name); | |
3476 | ulen = info->perf_event.tracepoint.name_len; | |
3477 | info->perf_event.type = BPF_PERF_EVENT_TRACEPOINT; | |
3478 | return bpf_perf_link_fill_common(event, uname, ulen, NULL, NULL, NULL); | |
3479 | } | |
3480 | ||
3481 | static int bpf_perf_link_fill_perf_event(const struct perf_event *event, | |
3482 | struct bpf_link_info *info) | |
3483 | { | |
3484 | info->perf_event.event.type = event->attr.type; | |
3485 | info->perf_event.event.config = event->attr.config; | |
3486 | info->perf_event.type = BPF_PERF_EVENT_EVENT; | |
3487 | return 0; | |
3488 | } | |
3489 | ||
3490 | static int bpf_perf_link_fill_link_info(const struct bpf_link *link, | |
3491 | struct bpf_link_info *info) | |
3492 | { | |
3493 | struct bpf_perf_link *perf_link; | |
3494 | const struct perf_event *event; | |
3495 | ||
3496 | perf_link = container_of(link, struct bpf_perf_link, link); | |
3497 | event = perf_get_event(perf_link->perf_file); | |
3498 | if (IS_ERR(event)) | |
3499 | return PTR_ERR(event); | |
3500 | ||
3501 | switch (event->prog->type) { | |
3502 | case BPF_PROG_TYPE_PERF_EVENT: | |
3503 | return bpf_perf_link_fill_perf_event(event, info); | |
3504 | case BPF_PROG_TYPE_TRACEPOINT: | |
3505 | return bpf_perf_link_fill_tracepoint(event, info); | |
3506 | case BPF_PROG_TYPE_KPROBE: | |
3507 | return bpf_perf_link_fill_probe(event, info); | |
3508 | default: | |
3509 | return -EOPNOTSUPP; | |
3510 | } | |
3511 | } | |
3512 | ||
b89fbfbb AN |
3513 | static const struct bpf_link_ops bpf_perf_link_lops = { |
3514 | .release = bpf_perf_link_release, | |
3515 | .dealloc = bpf_perf_link_dealloc, | |
1b715e1b | 3516 | .fill_link_info = bpf_perf_link_fill_link_info, |
b89fbfbb AN |
3517 | }; |
3518 | ||
3519 | static int bpf_perf_link_attach(const union bpf_attr *attr, struct bpf_prog *prog) | |
3520 | { | |
3521 | struct bpf_link_primer link_primer; | |
3522 | struct bpf_perf_link *link; | |
3523 | struct perf_event *event; | |
3524 | struct file *perf_file; | |
3525 | int err; | |
3526 | ||
3527 | if (attr->link_create.flags) | |
3528 | return -EINVAL; | |
3529 | ||
3530 | perf_file = perf_event_get(attr->link_create.target_fd); | |
3531 | if (IS_ERR(perf_file)) | |
3532 | return PTR_ERR(perf_file); | |
3533 | ||
3534 | link = kzalloc(sizeof(*link), GFP_USER); | |
3535 | if (!link) { | |
3536 | err = -ENOMEM; | |
3537 | goto out_put_file; | |
3538 | } | |
3539 | bpf_link_init(&link->link, BPF_LINK_TYPE_PERF_EVENT, &bpf_perf_link_lops, prog); | |
3540 | link->perf_file = perf_file; | |
3541 | ||
3542 | err = bpf_link_prime(&link->link, &link_primer); | |
3543 | if (err) { | |
3544 | kfree(link); | |
3545 | goto out_put_file; | |
3546 | } | |
3547 | ||
3548 | event = perf_file->private_data; | |
82e6b1ee | 3549 | err = perf_event_set_bpf_prog(event, prog, attr->link_create.perf_event.bpf_cookie); |
b89fbfbb AN |
3550 | if (err) { |
3551 | bpf_link_cleanup(&link_primer); | |
3552 | goto out_put_file; | |
3553 | } | |
3554 | /* perf_event_set_bpf_prog() doesn't take its own refcnt on prog */ | |
3555 | bpf_prog_inc(prog); | |
3556 | ||
3557 | return bpf_link_settle(&link_primer); | |
3558 | ||
3559 | out_put_file: | |
3560 | fput(perf_file); | |
3561 | return err; | |
3562 | } | |
0dcac272 JO |
3563 | #else |
3564 | static int bpf_perf_link_attach(const union bpf_attr *attr, struct bpf_prog *prog) | |
3565 | { | |
3566 | return -EOPNOTSUPP; | |
3567 | } | |
b89fbfbb AN |
3568 | #endif /* CONFIG_PERF_EVENTS */ |
3569 | ||
df86ca0d AN |
3570 | static int bpf_raw_tp_link_attach(struct bpf_prog *prog, |
3571 | const char __user *user_tp_name) | |
c4f6699d | 3572 | { |
a3b80e10 | 3573 | struct bpf_link_primer link_primer; |
babf3164 | 3574 | struct bpf_raw_tp_link *link; |
c4f6699d | 3575 | struct bpf_raw_event_map *btp; |
ac4414b5 AS |
3576 | const char *tp_name; |
3577 | char buf[128]; | |
a3b80e10 | 3578 | int err; |
c4f6699d | 3579 | |
9e4e01df KS |
3580 | switch (prog->type) { |
3581 | case BPF_PROG_TYPE_TRACING: | |
3582 | case BPF_PROG_TYPE_EXT: | |
3583 | case BPF_PROG_TYPE_LSM: | |
df86ca0d | 3584 | if (user_tp_name) |
fec56f58 AS |
3585 | /* The attach point for this category of programs |
3586 | * should be specified via btf_id during program load. | |
ac4414b5 | 3587 | */ |
df86ca0d | 3588 | return -EINVAL; |
9e4e01df KS |
3589 | if (prog->type == BPF_PROG_TYPE_TRACING && |
3590 | prog->expected_attach_type == BPF_TRACE_RAW_TP) { | |
fec56f58 | 3591 | tp_name = prog->aux->attach_func_name; |
9e4e01df KS |
3592 | break; |
3593 | } | |
2fcc8241 | 3594 | return bpf_tracing_prog_attach(prog, 0, 0, 0); |
9e4e01df KS |
3595 | case BPF_PROG_TYPE_RAW_TRACEPOINT: |
3596 | case BPF_PROG_TYPE_RAW_TRACEPOINT_WRITABLE: | |
df86ca0d AN |
3597 | if (strncpy_from_user(buf, user_tp_name, sizeof(buf) - 1) < 0) |
3598 | return -EFAULT; | |
ac4414b5 AS |
3599 | buf[sizeof(buf) - 1] = 0; |
3600 | tp_name = buf; | |
9e4e01df KS |
3601 | break; |
3602 | default: | |
df86ca0d | 3603 | return -EINVAL; |
ac4414b5 | 3604 | } |
c4f6699d | 3605 | |
a38d1107 | 3606 | btp = bpf_get_raw_tracepoint(tp_name); |
df86ca0d AN |
3607 | if (!btp) |
3608 | return -ENOENT; | |
c4f6699d | 3609 | |
babf3164 AN |
3610 | link = kzalloc(sizeof(*link), GFP_USER); |
3611 | if (!link) { | |
a38d1107 MM |
3612 | err = -ENOMEM; |
3613 | goto out_put_btp; | |
3614 | } | |
f2e10bff AN |
3615 | bpf_link_init(&link->link, BPF_LINK_TYPE_RAW_TRACEPOINT, |
3616 | &bpf_raw_tp_link_lops, prog); | |
babf3164 | 3617 | link->btp = btp; |
c4f6699d | 3618 | |
a3b80e10 AN |
3619 | err = bpf_link_prime(&link->link, &link_primer); |
3620 | if (err) { | |
babf3164 | 3621 | kfree(link); |
babf3164 AN |
3622 | goto out_put_btp; |
3623 | } | |
c4f6699d | 3624 | |
babf3164 AN |
3625 | err = bpf_probe_register(link->btp, prog); |
3626 | if (err) { | |
a3b80e10 | 3627 | bpf_link_cleanup(&link_primer); |
babf3164 | 3628 | goto out_put_btp; |
c4f6699d | 3629 | } |
babf3164 | 3630 | |
a3b80e10 | 3631 | return bpf_link_settle(&link_primer); |
c4f6699d | 3632 | |
a38d1107 MM |
3633 | out_put_btp: |
3634 | bpf_put_raw_tracepoint(btp); | |
c4f6699d AS |
3635 | return err; |
3636 | } | |
3637 | ||
df86ca0d AN |
3638 | #define BPF_RAW_TRACEPOINT_OPEN_LAST_FIELD raw_tracepoint.prog_fd |
3639 | ||
3640 | static int bpf_raw_tracepoint_open(const union bpf_attr *attr) | |
3641 | { | |
3642 | struct bpf_prog *prog; | |
3643 | int fd; | |
3644 | ||
3645 | if (CHECK_ATTR(BPF_RAW_TRACEPOINT_OPEN)) | |
3646 | return -EINVAL; | |
3647 | ||
3648 | prog = bpf_prog_get(attr->raw_tracepoint.prog_fd); | |
3649 | if (IS_ERR(prog)) | |
3650 | return PTR_ERR(prog); | |
3651 | ||
3652 | fd = bpf_raw_tp_link_attach(prog, u64_to_user_ptr(attr->raw_tracepoint.name)); | |
3653 | if (fd < 0) | |
3654 | bpf_prog_put(prog); | |
3655 | return fd; | |
3656 | } | |
3657 | ||
33491588 AR |
3658 | static int bpf_prog_attach_check_attach_type(const struct bpf_prog *prog, |
3659 | enum bpf_attach_type attach_type) | |
3660 | { | |
3661 | switch (prog->type) { | |
3662 | case BPF_PROG_TYPE_CGROUP_SOCK: | |
3663 | case BPF_PROG_TYPE_CGROUP_SOCK_ADDR: | |
0d01da6a | 3664 | case BPF_PROG_TYPE_CGROUP_SOCKOPT: |
e9ddbb77 | 3665 | case BPF_PROG_TYPE_SK_LOOKUP: |
33491588 | 3666 | return attach_type == prog->expected_attach_type ? 0 : -EINVAL; |
5cf1e914 | 3667 | case BPF_PROG_TYPE_CGROUP_SKB: |
2c78ee89 AS |
3668 | if (!capable(CAP_NET_ADMIN)) |
3669 | /* cg-skb progs can be loaded by unpriv user. | |
3670 | * check permissions at attach time. | |
3671 | */ | |
3672 | return -EPERM; | |
5cf1e914 | 3673 | return prog->enforce_expected_attach_type && |
3674 | prog->expected_attach_type != attach_type ? | |
3675 | -EINVAL : 0; | |
db8eae6b JO |
3676 | case BPF_PROG_TYPE_KPROBE: |
3677 | if (prog->expected_attach_type == BPF_TRACE_KPROBE_MULTI && | |
3678 | attach_type != BPF_TRACE_KPROBE_MULTI) | |
3679 | return -EINVAL; | |
3680 | return 0; | |
33491588 AR |
3681 | default: |
3682 | return 0; | |
3683 | } | |
3684 | } | |
3685 | ||
e28784e3 AN |
3686 | static enum bpf_prog_type |
3687 | attach_type_to_prog_type(enum bpf_attach_type attach_type) | |
f4324551 | 3688 | { |
e28784e3 | 3689 | switch (attach_type) { |
f4324551 DM |
3690 | case BPF_CGROUP_INET_INGRESS: |
3691 | case BPF_CGROUP_INET_EGRESS: | |
e28784e3 | 3692 | return BPF_PROG_TYPE_CGROUP_SKB; |
61023658 | 3693 | case BPF_CGROUP_INET_SOCK_CREATE: |
f5836749 | 3694 | case BPF_CGROUP_INET_SOCK_RELEASE: |
aac3fc32 AI |
3695 | case BPF_CGROUP_INET4_POST_BIND: |
3696 | case BPF_CGROUP_INET6_POST_BIND: | |
e28784e3 | 3697 | return BPF_PROG_TYPE_CGROUP_SOCK; |
4fbac77d AI |
3698 | case BPF_CGROUP_INET4_BIND: |
3699 | case BPF_CGROUP_INET6_BIND: | |
d74bad4e AI |
3700 | case BPF_CGROUP_INET4_CONNECT: |
3701 | case BPF_CGROUP_INET6_CONNECT: | |
1b66d253 DB |
3702 | case BPF_CGROUP_INET4_GETPEERNAME: |
3703 | case BPF_CGROUP_INET6_GETPEERNAME: | |
3704 | case BPF_CGROUP_INET4_GETSOCKNAME: | |
3705 | case BPF_CGROUP_INET6_GETSOCKNAME: | |
1cedee13 AI |
3706 | case BPF_CGROUP_UDP4_SENDMSG: |
3707 | case BPF_CGROUP_UDP6_SENDMSG: | |
983695fa DB |
3708 | case BPF_CGROUP_UDP4_RECVMSG: |
3709 | case BPF_CGROUP_UDP6_RECVMSG: | |
e28784e3 | 3710 | return BPF_PROG_TYPE_CGROUP_SOCK_ADDR; |
40304b2a | 3711 | case BPF_CGROUP_SOCK_OPS: |
e28784e3 | 3712 | return BPF_PROG_TYPE_SOCK_OPS; |
ebc614f6 | 3713 | case BPF_CGROUP_DEVICE: |
e28784e3 | 3714 | return BPF_PROG_TYPE_CGROUP_DEVICE; |
4f738adb | 3715 | case BPF_SK_MSG_VERDICT: |
e28784e3 | 3716 | return BPF_PROG_TYPE_SK_MSG; |
464bc0fd JF |
3717 | case BPF_SK_SKB_STREAM_PARSER: |
3718 | case BPF_SK_SKB_STREAM_VERDICT: | |
a7ba4558 | 3719 | case BPF_SK_SKB_VERDICT: |
e28784e3 | 3720 | return BPF_PROG_TYPE_SK_SKB; |
f4364dcf | 3721 | case BPF_LIRC_MODE2: |
e28784e3 | 3722 | return BPF_PROG_TYPE_LIRC_MODE2; |
d58e468b | 3723 | case BPF_FLOW_DISSECTOR: |
e28784e3 | 3724 | return BPF_PROG_TYPE_FLOW_DISSECTOR; |
7b146ceb | 3725 | case BPF_CGROUP_SYSCTL: |
e28784e3 | 3726 | return BPF_PROG_TYPE_CGROUP_SYSCTL; |
0d01da6a SF |
3727 | case BPF_CGROUP_GETSOCKOPT: |
3728 | case BPF_CGROUP_SETSOCKOPT: | |
e28784e3 | 3729 | return BPF_PROG_TYPE_CGROUP_SOCKOPT; |
de4e05ca | 3730 | case BPF_TRACE_ITER: |
df86ca0d AN |
3731 | case BPF_TRACE_RAW_TP: |
3732 | case BPF_TRACE_FENTRY: | |
3733 | case BPF_TRACE_FEXIT: | |
3734 | case BPF_MODIFY_RETURN: | |
de4e05ca | 3735 | return BPF_PROG_TYPE_TRACING; |
df86ca0d AN |
3736 | case BPF_LSM_MAC: |
3737 | return BPF_PROG_TYPE_LSM; | |
e9ddbb77 JS |
3738 | case BPF_SK_LOOKUP: |
3739 | return BPF_PROG_TYPE_SK_LOOKUP; | |
aa8d3a71 AN |
3740 | case BPF_XDP: |
3741 | return BPF_PROG_TYPE_XDP; | |
69fd337a SF |
3742 | case BPF_LSM_CGROUP: |
3743 | return BPF_PROG_TYPE_LSM; | |
e420bed0 DB |
3744 | case BPF_TCX_INGRESS: |
3745 | case BPF_TCX_EGRESS: | |
3746 | return BPF_PROG_TYPE_SCHED_CLS; | |
f4324551 | 3747 | default: |
e28784e3 | 3748 | return BPF_PROG_TYPE_UNSPEC; |
f4324551 | 3749 | } |
e28784e3 AN |
3750 | } |
3751 | ||
e420bed0 DB |
3752 | #define BPF_PROG_ATTACH_LAST_FIELD expected_revision |
3753 | ||
3754 | #define BPF_F_ATTACH_MASK_BASE \ | |
3755 | (BPF_F_ALLOW_OVERRIDE | \ | |
3756 | BPF_F_ALLOW_MULTI | \ | |
3757 | BPF_F_REPLACE) | |
e28784e3 | 3758 | |
e420bed0 DB |
3759 | #define BPF_F_ATTACH_MASK_MPROG \ |
3760 | (BPF_F_REPLACE | \ | |
3761 | BPF_F_BEFORE | \ | |
3762 | BPF_F_AFTER | \ | |
3763 | BPF_F_ID | \ | |
3764 | BPF_F_LINK) | |
e28784e3 AN |
3765 | |
3766 | static int bpf_prog_attach(const union bpf_attr *attr) | |
3767 | { | |
3768 | enum bpf_prog_type ptype; | |
3769 | struct bpf_prog *prog; | |
e420bed0 | 3770 | u32 mask; |
e28784e3 AN |
3771 | int ret; |
3772 | ||
e28784e3 AN |
3773 | if (CHECK_ATTR(BPF_PROG_ATTACH)) |
3774 | return -EINVAL; | |
3775 | ||
e28784e3 AN |
3776 | ptype = attach_type_to_prog_type(attr->attach_type); |
3777 | if (ptype == BPF_PROG_TYPE_UNSPEC) | |
3778 | return -EINVAL; | |
e420bed0 DB |
3779 | mask = bpf_mprog_supported(ptype) ? |
3780 | BPF_F_ATTACH_MASK_MPROG : BPF_F_ATTACH_MASK_BASE; | |
3781 | if (attr->attach_flags & ~mask) | |
3782 | return -EINVAL; | |
f4324551 | 3783 | |
b2cd1257 DA |
3784 | prog = bpf_prog_get_type(attr->attach_bpf_fd, ptype); |
3785 | if (IS_ERR(prog)) | |
3786 | return PTR_ERR(prog); | |
3787 | ||
5e43f899 AI |
3788 | if (bpf_prog_attach_check_attach_type(prog, attr->attach_type)) { |
3789 | bpf_prog_put(prog); | |
3790 | return -EINVAL; | |
3791 | } | |
3792 | ||
fdb5c453 SY |
3793 | switch (ptype) { |
3794 | case BPF_PROG_TYPE_SK_SKB: | |
3795 | case BPF_PROG_TYPE_SK_MSG: | |
604326b4 | 3796 | ret = sock_map_get_from_fd(attr, prog); |
fdb5c453 SY |
3797 | break; |
3798 | case BPF_PROG_TYPE_LIRC_MODE2: | |
3799 | ret = lirc_prog_attach(attr, prog); | |
3800 | break; | |
d58e468b | 3801 | case BPF_PROG_TYPE_FLOW_DISSECTOR: |
a3fd7cee | 3802 | ret = netns_bpf_prog_attach(attr, prog); |
d58e468b | 3803 | break; |
e28784e3 AN |
3804 | case BPF_PROG_TYPE_CGROUP_DEVICE: |
3805 | case BPF_PROG_TYPE_CGROUP_SKB: | |
3806 | case BPF_PROG_TYPE_CGROUP_SOCK: | |
3807 | case BPF_PROG_TYPE_CGROUP_SOCK_ADDR: | |
3808 | case BPF_PROG_TYPE_CGROUP_SOCKOPT: | |
3809 | case BPF_PROG_TYPE_CGROUP_SYSCTL: | |
3810 | case BPF_PROG_TYPE_SOCK_OPS: | |
69fd337a SF |
3811 | case BPF_PROG_TYPE_LSM: |
3812 | if (ptype == BPF_PROG_TYPE_LSM && | |
3813 | prog->expected_attach_type != BPF_LSM_CGROUP) | |
e89f3edf ML |
3814 | ret = -EINVAL; |
3815 | else | |
3816 | ret = cgroup_bpf_prog_attach(attr, ptype, prog); | |
e28784e3 | 3817 | break; |
e420bed0 DB |
3818 | case BPF_PROG_TYPE_SCHED_CLS: |
3819 | ret = tcx_prog_attach(attr, prog); | |
3820 | break; | |
e28784e3 AN |
3821 | default: |
3822 | ret = -EINVAL; | |
b2cd1257 DA |
3823 | } |
3824 | ||
7f677633 AS |
3825 | if (ret) |
3826 | bpf_prog_put(prog); | |
7f677633 | 3827 | return ret; |
f4324551 DM |
3828 | } |
3829 | ||
e420bed0 | 3830 | #define BPF_PROG_DETACH_LAST_FIELD expected_revision |
f4324551 DM |
3831 | |
3832 | static int bpf_prog_detach(const union bpf_attr *attr) | |
3833 | { | |
e420bed0 | 3834 | struct bpf_prog *prog = NULL; |
324bda9e | 3835 | enum bpf_prog_type ptype; |
e420bed0 | 3836 | int ret; |
f4324551 | 3837 | |
f4324551 DM |
3838 | if (CHECK_ATTR(BPF_PROG_DETACH)) |
3839 | return -EINVAL; | |
3840 | ||
e28784e3 | 3841 | ptype = attach_type_to_prog_type(attr->attach_type); |
e420bed0 DB |
3842 | if (bpf_mprog_supported(ptype)) { |
3843 | if (ptype == BPF_PROG_TYPE_UNSPEC) | |
3844 | return -EINVAL; | |
3845 | if (attr->attach_flags & ~BPF_F_ATTACH_MASK_MPROG) | |
3846 | return -EINVAL; | |
3847 | if (attr->attach_bpf_fd) { | |
3848 | prog = bpf_prog_get_type(attr->attach_bpf_fd, ptype); | |
3849 | if (IS_ERR(prog)) | |
3850 | return PTR_ERR(prog); | |
3851 | } | |
3852 | } | |
e28784e3 AN |
3853 | |
3854 | switch (ptype) { | |
3855 | case BPF_PROG_TYPE_SK_MSG: | |
3856 | case BPF_PROG_TYPE_SK_SKB: | |
e420bed0 DB |
3857 | ret = sock_map_prog_detach(attr, ptype); |
3858 | break; | |
e28784e3 | 3859 | case BPF_PROG_TYPE_LIRC_MODE2: |
e420bed0 DB |
3860 | ret = lirc_prog_detach(attr); |
3861 | break; | |
e28784e3 | 3862 | case BPF_PROG_TYPE_FLOW_DISSECTOR: |
e420bed0 DB |
3863 | ret = netns_bpf_prog_detach(attr, ptype); |
3864 | break; | |
e28784e3 AN |
3865 | case BPF_PROG_TYPE_CGROUP_DEVICE: |
3866 | case BPF_PROG_TYPE_CGROUP_SKB: | |
3867 | case BPF_PROG_TYPE_CGROUP_SOCK: | |
3868 | case BPF_PROG_TYPE_CGROUP_SOCK_ADDR: | |
3869 | case BPF_PROG_TYPE_CGROUP_SOCKOPT: | |
3870 | case BPF_PROG_TYPE_CGROUP_SYSCTL: | |
3871 | case BPF_PROG_TYPE_SOCK_OPS: | |
69fd337a | 3872 | case BPF_PROG_TYPE_LSM: |
e420bed0 DB |
3873 | ret = cgroup_bpf_prog_detach(attr, ptype); |
3874 | break; | |
3875 | case BPF_PROG_TYPE_SCHED_CLS: | |
3876 | ret = tcx_prog_detach(attr, prog); | |
3877 | break; | |
f4324551 | 3878 | default: |
e420bed0 | 3879 | ret = -EINVAL; |
f4324551 | 3880 | } |
e420bed0 DB |
3881 | |
3882 | if (prog) | |
3883 | bpf_prog_put(prog); | |
3884 | return ret; | |
f4324551 | 3885 | } |
40304b2a | 3886 | |
e420bed0 | 3887 | #define BPF_PROG_QUERY_LAST_FIELD query.link_attach_flags |
468e2f64 AS |
3888 | |
3889 | static int bpf_prog_query(const union bpf_attr *attr, | |
3890 | union bpf_attr __user *uattr) | |
3891 | { | |
468e2f64 AS |
3892 | if (!capable(CAP_NET_ADMIN)) |
3893 | return -EPERM; | |
3894 | if (CHECK_ATTR(BPF_PROG_QUERY)) | |
3895 | return -EINVAL; | |
3896 | if (attr->query.query_flags & ~BPF_F_QUERY_EFFECTIVE) | |
3897 | return -EINVAL; | |
3898 | ||
3899 | switch (attr->query.attach_type) { | |
3900 | case BPF_CGROUP_INET_INGRESS: | |
3901 | case BPF_CGROUP_INET_EGRESS: | |
3902 | case BPF_CGROUP_INET_SOCK_CREATE: | |
f5836749 | 3903 | case BPF_CGROUP_INET_SOCK_RELEASE: |
4fbac77d AI |
3904 | case BPF_CGROUP_INET4_BIND: |
3905 | case BPF_CGROUP_INET6_BIND: | |
aac3fc32 AI |
3906 | case BPF_CGROUP_INET4_POST_BIND: |
3907 | case BPF_CGROUP_INET6_POST_BIND: | |
d74bad4e AI |
3908 | case BPF_CGROUP_INET4_CONNECT: |
3909 | case BPF_CGROUP_INET6_CONNECT: | |
1b66d253 DB |
3910 | case BPF_CGROUP_INET4_GETPEERNAME: |
3911 | case BPF_CGROUP_INET6_GETPEERNAME: | |
3912 | case BPF_CGROUP_INET4_GETSOCKNAME: | |
3913 | case BPF_CGROUP_INET6_GETSOCKNAME: | |
1cedee13 AI |
3914 | case BPF_CGROUP_UDP4_SENDMSG: |
3915 | case BPF_CGROUP_UDP6_SENDMSG: | |
983695fa DB |
3916 | case BPF_CGROUP_UDP4_RECVMSG: |
3917 | case BPF_CGROUP_UDP6_RECVMSG: | |
468e2f64 | 3918 | case BPF_CGROUP_SOCK_OPS: |
ebc614f6 | 3919 | case BPF_CGROUP_DEVICE: |
7b146ceb | 3920 | case BPF_CGROUP_SYSCTL: |
0d01da6a SF |
3921 | case BPF_CGROUP_GETSOCKOPT: |
3922 | case BPF_CGROUP_SETSOCKOPT: | |
b79c9fc9 | 3923 | case BPF_LSM_CGROUP: |
e28784e3 | 3924 | return cgroup_bpf_prog_query(attr, uattr); |
f4364dcf SY |
3925 | case BPF_LIRC_MODE2: |
3926 | return lirc_prog_query(attr, uattr); | |
118c8e9a | 3927 | case BPF_FLOW_DISSECTOR: |
e9ddbb77 | 3928 | case BPF_SK_LOOKUP: |
a3fd7cee | 3929 | return netns_bpf_prog_query(attr, uattr); |
748cd572 DZ |
3930 | case BPF_SK_SKB_STREAM_PARSER: |
3931 | case BPF_SK_SKB_STREAM_VERDICT: | |
3932 | case BPF_SK_MSG_VERDICT: | |
3933 | case BPF_SK_SKB_VERDICT: | |
3934 | return sock_map_bpf_prog_query(attr, uattr); | |
e420bed0 DB |
3935 | case BPF_TCX_INGRESS: |
3936 | case BPF_TCX_EGRESS: | |
3937 | return tcx_prog_query(attr, uattr); | |
468e2f64 AS |
3938 | default: |
3939 | return -EINVAL; | |
3940 | } | |
468e2f64 | 3941 | } |
f4324551 | 3942 | |
b530e9e1 | 3943 | #define BPF_PROG_TEST_RUN_LAST_FIELD test.batch_size |
1cf1cae9 AS |
3944 | |
3945 | static int bpf_prog_test_run(const union bpf_attr *attr, | |
3946 | union bpf_attr __user *uattr) | |
3947 | { | |
3948 | struct bpf_prog *prog; | |
3949 | int ret = -ENOTSUPP; | |
3950 | ||
3951 | if (CHECK_ATTR(BPF_PROG_TEST_RUN)) | |
3952 | return -EINVAL; | |
3953 | ||
b0b9395d SF |
3954 | if ((attr->test.ctx_size_in && !attr->test.ctx_in) || |
3955 | (!attr->test.ctx_size_in && attr->test.ctx_in)) | |
3956 | return -EINVAL; | |
3957 | ||
3958 | if ((attr->test.ctx_size_out && !attr->test.ctx_out) || | |
3959 | (!attr->test.ctx_size_out && attr->test.ctx_out)) | |
3960 | return -EINVAL; | |
3961 | ||
1cf1cae9 AS |
3962 | prog = bpf_prog_get(attr->test.prog_fd); |
3963 | if (IS_ERR(prog)) | |
3964 | return PTR_ERR(prog); | |
3965 | ||
3966 | if (prog->aux->ops->test_run) | |
3967 | ret = prog->aux->ops->test_run(prog, attr, uattr); | |
3968 | ||
3969 | bpf_prog_put(prog); | |
3970 | return ret; | |
3971 | } | |
3972 | ||
34ad5580 MKL |
3973 | #define BPF_OBJ_GET_NEXT_ID_LAST_FIELD next_id |
3974 | ||
3975 | static int bpf_obj_get_next_id(const union bpf_attr *attr, | |
3976 | union bpf_attr __user *uattr, | |
3977 | struct idr *idr, | |
3978 | spinlock_t *lock) | |
3979 | { | |
3980 | u32 next_id = attr->start_id; | |
3981 | int err = 0; | |
3982 | ||
3983 | if (CHECK_ATTR(BPF_OBJ_GET_NEXT_ID) || next_id >= INT_MAX) | |
3984 | return -EINVAL; | |
3985 | ||
3986 | if (!capable(CAP_SYS_ADMIN)) | |
3987 | return -EPERM; | |
3988 | ||
3989 | next_id++; | |
3990 | spin_lock_bh(lock); | |
3991 | if (!idr_get_next(idr, &next_id)) | |
3992 | err = -ENOENT; | |
3993 | spin_unlock_bh(lock); | |
3994 | ||
3995 | if (!err) | |
3996 | err = put_user(next_id, &uattr->next_id); | |
3997 | ||
3998 | return err; | |
3999 | } | |
4000 | ||
6086d29d YS |
4001 | struct bpf_map *bpf_map_get_curr_or_next(u32 *id) |
4002 | { | |
4003 | struct bpf_map *map; | |
4004 | ||
4005 | spin_lock_bh(&map_idr_lock); | |
4006 | again: | |
4007 | map = idr_get_next(&map_idr, id); | |
4008 | if (map) { | |
4009 | map = __bpf_map_inc_not_zero(map, false); | |
4010 | if (IS_ERR(map)) { | |
4011 | (*id)++; | |
4012 | goto again; | |
4013 | } | |
4014 | } | |
4015 | spin_unlock_bh(&map_idr_lock); | |
4016 | ||
4017 | return map; | |
4018 | } | |
4019 | ||
a228a64f AS |
4020 | struct bpf_prog *bpf_prog_get_curr_or_next(u32 *id) |
4021 | { | |
4022 | struct bpf_prog *prog; | |
4023 | ||
4024 | spin_lock_bh(&prog_idr_lock); | |
4025 | again: | |
4026 | prog = idr_get_next(&prog_idr, id); | |
4027 | if (prog) { | |
4028 | prog = bpf_prog_inc_not_zero(prog); | |
4029 | if (IS_ERR(prog)) { | |
4030 | (*id)++; | |
4031 | goto again; | |
4032 | } | |
4033 | } | |
4034 | spin_unlock_bh(&prog_idr_lock); | |
4035 | ||
4036 | return prog; | |
4037 | } | |
4038 | ||
b16d9aa4 MKL |
4039 | #define BPF_PROG_GET_FD_BY_ID_LAST_FIELD prog_id |
4040 | ||
7e6897f9 | 4041 | struct bpf_prog *bpf_prog_by_id(u32 id) |
b16d9aa4 MKL |
4042 | { |
4043 | struct bpf_prog *prog; | |
b16d9aa4 | 4044 | |
7e6897f9 BT |
4045 | if (!id) |
4046 | return ERR_PTR(-ENOENT); | |
b16d9aa4 MKL |
4047 | |
4048 | spin_lock_bh(&prog_idr_lock); | |
4049 | prog = idr_find(&prog_idr, id); | |
4050 | if (prog) | |
4051 | prog = bpf_prog_inc_not_zero(prog); | |
4052 | else | |
4053 | prog = ERR_PTR(-ENOENT); | |
4054 | spin_unlock_bh(&prog_idr_lock); | |
7e6897f9 BT |
4055 | return prog; |
4056 | } | |
4057 | ||
4058 | static int bpf_prog_get_fd_by_id(const union bpf_attr *attr) | |
4059 | { | |
4060 | struct bpf_prog *prog; | |
4061 | u32 id = attr->prog_id; | |
4062 | int fd; | |
4063 | ||
4064 | if (CHECK_ATTR(BPF_PROG_GET_FD_BY_ID)) | |
4065 | return -EINVAL; | |
4066 | ||
4067 | if (!capable(CAP_SYS_ADMIN)) | |
4068 | return -EPERM; | |
b16d9aa4 | 4069 | |
7e6897f9 | 4070 | prog = bpf_prog_by_id(id); |
b16d9aa4 MKL |
4071 | if (IS_ERR(prog)) |
4072 | return PTR_ERR(prog); | |
4073 | ||
4074 | fd = bpf_prog_new_fd(prog); | |
4075 | if (fd < 0) | |
4076 | bpf_prog_put(prog); | |
4077 | ||
4078 | return fd; | |
4079 | } | |
4080 | ||
6e71b04a | 4081 | #define BPF_MAP_GET_FD_BY_ID_LAST_FIELD open_flags |
bd5f5f4e MKL |
4082 | |
4083 | static int bpf_map_get_fd_by_id(const union bpf_attr *attr) | |
4084 | { | |
4085 | struct bpf_map *map; | |
4086 | u32 id = attr->map_id; | |
6e71b04a | 4087 | int f_flags; |
bd5f5f4e MKL |
4088 | int fd; |
4089 | ||
6e71b04a CF |
4090 | if (CHECK_ATTR(BPF_MAP_GET_FD_BY_ID) || |
4091 | attr->open_flags & ~BPF_OBJ_FLAG_MASK) | |
bd5f5f4e MKL |
4092 | return -EINVAL; |
4093 | ||
4094 | if (!capable(CAP_SYS_ADMIN)) | |
4095 | return -EPERM; | |
4096 | ||
6e71b04a CF |
4097 | f_flags = bpf_get_file_flag(attr->open_flags); |
4098 | if (f_flags < 0) | |
4099 | return f_flags; | |
4100 | ||
bd5f5f4e MKL |
4101 | spin_lock_bh(&map_idr_lock); |
4102 | map = idr_find(&map_idr, id); | |
4103 | if (map) | |
b0e4701c | 4104 | map = __bpf_map_inc_not_zero(map, true); |
bd5f5f4e MKL |
4105 | else |
4106 | map = ERR_PTR(-ENOENT); | |
4107 | spin_unlock_bh(&map_idr_lock); | |
4108 | ||
4109 | if (IS_ERR(map)) | |
4110 | return PTR_ERR(map); | |
4111 | ||
6e71b04a | 4112 | fd = bpf_map_new_fd(map, f_flags); |
bd5f5f4e | 4113 | if (fd < 0) |
781e6282 | 4114 | bpf_map_put_with_uref(map); |
bd5f5f4e MKL |
4115 | |
4116 | return fd; | |
4117 | } | |
4118 | ||
7105e828 | 4119 | static const struct bpf_map *bpf_map_from_imm(const struct bpf_prog *prog, |
d8eca5bb DB |
4120 | unsigned long addr, u32 *off, |
4121 | u32 *type) | |
7105e828 | 4122 | { |
d8eca5bb | 4123 | const struct bpf_map *map; |
7105e828 DB |
4124 | int i; |
4125 | ||
984fe94f | 4126 | mutex_lock(&prog->aux->used_maps_mutex); |
d8eca5bb DB |
4127 | for (i = 0, *off = 0; i < prog->aux->used_map_cnt; i++) { |
4128 | map = prog->aux->used_maps[i]; | |
4129 | if (map == (void *)addr) { | |
4130 | *type = BPF_PSEUDO_MAP_FD; | |
984fe94f | 4131 | goto out; |
d8eca5bb DB |
4132 | } |
4133 | if (!map->ops->map_direct_value_meta) | |
4134 | continue; | |
4135 | if (!map->ops->map_direct_value_meta(map, addr, off)) { | |
4136 | *type = BPF_PSEUDO_MAP_VALUE; | |
984fe94f | 4137 | goto out; |
d8eca5bb DB |
4138 | } |
4139 | } | |
984fe94f | 4140 | map = NULL; |
d8eca5bb | 4141 | |
984fe94f YZ |
4142 | out: |
4143 | mutex_unlock(&prog->aux->used_maps_mutex); | |
4144 | return map; | |
7105e828 DB |
4145 | } |
4146 | ||
63960260 KC |
4147 | static struct bpf_insn *bpf_insn_prepare_dump(const struct bpf_prog *prog, |
4148 | const struct cred *f_cred) | |
7105e828 DB |
4149 | { |
4150 | const struct bpf_map *map; | |
4151 | struct bpf_insn *insns; | |
d8eca5bb | 4152 | u32 off, type; |
7105e828 | 4153 | u64 imm; |
29fcb05b | 4154 | u8 code; |
7105e828 DB |
4155 | int i; |
4156 | ||
4157 | insns = kmemdup(prog->insnsi, bpf_prog_insn_size(prog), | |
4158 | GFP_USER); | |
4159 | if (!insns) | |
4160 | return insns; | |
4161 | ||
4162 | for (i = 0; i < prog->len; i++) { | |
29fcb05b AN |
4163 | code = insns[i].code; |
4164 | ||
4165 | if (code == (BPF_JMP | BPF_TAIL_CALL)) { | |
7105e828 DB |
4166 | insns[i].code = BPF_JMP | BPF_CALL; |
4167 | insns[i].imm = BPF_FUNC_tail_call; | |
4168 | /* fall-through */ | |
4169 | } | |
29fcb05b AN |
4170 | if (code == (BPF_JMP | BPF_CALL) || |
4171 | code == (BPF_JMP | BPF_CALL_ARGS)) { | |
4172 | if (code == (BPF_JMP | BPF_CALL_ARGS)) | |
7105e828 | 4173 | insns[i].code = BPF_JMP | BPF_CALL; |
63960260 | 4174 | if (!bpf_dump_raw_ok(f_cred)) |
7105e828 DB |
4175 | insns[i].imm = 0; |
4176 | continue; | |
4177 | } | |
29fcb05b AN |
4178 | if (BPF_CLASS(code) == BPF_LDX && BPF_MODE(code) == BPF_PROBE_MEM) { |
4179 | insns[i].code = BPF_LDX | BPF_SIZE(code) | BPF_MEM; | |
4180 | continue; | |
4181 | } | |
7105e828 | 4182 | |
29fcb05b | 4183 | if (code != (BPF_LD | BPF_IMM | BPF_DW)) |
7105e828 DB |
4184 | continue; |
4185 | ||
4186 | imm = ((u64)insns[i + 1].imm << 32) | (u32)insns[i].imm; | |
d8eca5bb | 4187 | map = bpf_map_from_imm(prog, imm, &off, &type); |
7105e828 | 4188 | if (map) { |
d8eca5bb | 4189 | insns[i].src_reg = type; |
7105e828 | 4190 | insns[i].imm = map->id; |
d8eca5bb | 4191 | insns[i + 1].imm = off; |
7105e828 DB |
4192 | continue; |
4193 | } | |
7105e828 DB |
4194 | } |
4195 | ||
4196 | return insns; | |
4197 | } | |
4198 | ||
c454a46b MKL |
4199 | static int set_info_rec_size(struct bpf_prog_info *info) |
4200 | { | |
4201 | /* | |
4202 | * Ensure info.*_rec_size is the same as kernel expected size | |
4203 | * | |
4204 | * or | |
4205 | * | |
4206 | * Only allow zero *_rec_size if both _rec_size and _cnt are | |
4207 | * zero. In this case, the kernel will set the expected | |
4208 | * _rec_size back to the info. | |
4209 | */ | |
4210 | ||
11d8b82d | 4211 | if ((info->nr_func_info || info->func_info_rec_size) && |
c454a46b MKL |
4212 | info->func_info_rec_size != sizeof(struct bpf_func_info)) |
4213 | return -EINVAL; | |
4214 | ||
11d8b82d | 4215 | if ((info->nr_line_info || info->line_info_rec_size) && |
c454a46b MKL |
4216 | info->line_info_rec_size != sizeof(struct bpf_line_info)) |
4217 | return -EINVAL; | |
4218 | ||
11d8b82d | 4219 | if ((info->nr_jited_line_info || info->jited_line_info_rec_size) && |
c454a46b MKL |
4220 | info->jited_line_info_rec_size != sizeof(__u64)) |
4221 | return -EINVAL; | |
4222 | ||
4223 | info->func_info_rec_size = sizeof(struct bpf_func_info); | |
4224 | info->line_info_rec_size = sizeof(struct bpf_line_info); | |
4225 | info->jited_line_info_rec_size = sizeof(__u64); | |
4226 | ||
4227 | return 0; | |
4228 | } | |
4229 | ||
63960260 KC |
4230 | static int bpf_prog_get_info_by_fd(struct file *file, |
4231 | struct bpf_prog *prog, | |
1e270976 MKL |
4232 | const union bpf_attr *attr, |
4233 | union bpf_attr __user *uattr) | |
4234 | { | |
4235 | struct bpf_prog_info __user *uinfo = u64_to_user_ptr(attr->info.info); | |
6644aabb | 4236 | struct btf *attach_btf = bpf_prog_get_target_btf(prog); |
5c6f2588 | 4237 | struct bpf_prog_info info; |
1e270976 | 4238 | u32 info_len = attr->info.info_len; |
61a0abae | 4239 | struct bpf_prog_kstats stats; |
1e270976 MKL |
4240 | char __user *uinsns; |
4241 | u32 ulen; | |
4242 | int err; | |
4243 | ||
af2ac3e1 | 4244 | err = bpf_check_uarg_tail_zero(USER_BPFPTR(uinfo), sizeof(info), info_len); |
1e270976 MKL |
4245 | if (err) |
4246 | return err; | |
4247 | info_len = min_t(u32, sizeof(info), info_len); | |
4248 | ||
5c6f2588 | 4249 | memset(&info, 0, sizeof(info)); |
1e270976 | 4250 | if (copy_from_user(&info, uinfo, info_len)) |
89b09689 | 4251 | return -EFAULT; |
1e270976 MKL |
4252 | |
4253 | info.type = prog->type; | |
4254 | info.id = prog->aux->id; | |
cb4d2b3f MKL |
4255 | info.load_time = prog->aux->load_time; |
4256 | info.created_by_uid = from_kuid_munged(current_user_ns(), | |
4257 | prog->aux->user->uid); | |
b85fab0e | 4258 | info.gpl_compatible = prog->gpl_compatible; |
1e270976 MKL |
4259 | |
4260 | memcpy(info.tag, prog->tag, sizeof(prog->tag)); | |
cb4d2b3f MKL |
4261 | memcpy(info.name, prog->aux->name, sizeof(prog->aux->name)); |
4262 | ||
984fe94f | 4263 | mutex_lock(&prog->aux->used_maps_mutex); |
cb4d2b3f MKL |
4264 | ulen = info.nr_map_ids; |
4265 | info.nr_map_ids = prog->aux->used_map_cnt; | |
4266 | ulen = min_t(u32, info.nr_map_ids, ulen); | |
4267 | if (ulen) { | |
721e08da | 4268 | u32 __user *user_map_ids = u64_to_user_ptr(info.map_ids); |
cb4d2b3f MKL |
4269 | u32 i; |
4270 | ||
4271 | for (i = 0; i < ulen; i++) | |
4272 | if (put_user(prog->aux->used_maps[i]->id, | |
984fe94f YZ |
4273 | &user_map_ids[i])) { |
4274 | mutex_unlock(&prog->aux->used_maps_mutex); | |
cb4d2b3f | 4275 | return -EFAULT; |
984fe94f | 4276 | } |
cb4d2b3f | 4277 | } |
984fe94f | 4278 | mutex_unlock(&prog->aux->used_maps_mutex); |
1e270976 | 4279 | |
c454a46b MKL |
4280 | err = set_info_rec_size(&info); |
4281 | if (err) | |
4282 | return err; | |
7337224f | 4283 | |
5f8f8b93 AS |
4284 | bpf_prog_get_stats(prog, &stats); |
4285 | info.run_time_ns = stats.nsecs; | |
4286 | info.run_cnt = stats.cnt; | |
9ed9e9ba | 4287 | info.recursion_misses = stats.misses; |
5f8f8b93 | 4288 | |
aba64c7d DM |
4289 | info.verified_insns = prog->aux->verified_insns; |
4290 | ||
2c78ee89 | 4291 | if (!bpf_capable()) { |
1e270976 MKL |
4292 | info.jited_prog_len = 0; |
4293 | info.xlated_prog_len = 0; | |
dbecd738 | 4294 | info.nr_jited_ksyms = 0; |
28c2fae7 | 4295 | info.nr_jited_func_lens = 0; |
11d8b82d YS |
4296 | info.nr_func_info = 0; |
4297 | info.nr_line_info = 0; | |
4298 | info.nr_jited_line_info = 0; | |
1e270976 MKL |
4299 | goto done; |
4300 | } | |
4301 | ||
1e270976 | 4302 | ulen = info.xlated_prog_len; |
9975a54b | 4303 | info.xlated_prog_len = bpf_prog_insn_size(prog); |
1e270976 | 4304 | if (info.xlated_prog_len && ulen) { |
7105e828 DB |
4305 | struct bpf_insn *insns_sanitized; |
4306 | bool fault; | |
4307 | ||
63960260 | 4308 | if (prog->blinded && !bpf_dump_raw_ok(file->f_cred)) { |
7105e828 DB |
4309 | info.xlated_prog_insns = 0; |
4310 | goto done; | |
4311 | } | |
63960260 | 4312 | insns_sanitized = bpf_insn_prepare_dump(prog, file->f_cred); |
7105e828 DB |
4313 | if (!insns_sanitized) |
4314 | return -ENOMEM; | |
1e270976 MKL |
4315 | uinsns = u64_to_user_ptr(info.xlated_prog_insns); |
4316 | ulen = min_t(u32, info.xlated_prog_len, ulen); | |
7105e828 DB |
4317 | fault = copy_to_user(uinsns, insns_sanitized, ulen); |
4318 | kfree(insns_sanitized); | |
4319 | if (fault) | |
1e270976 MKL |
4320 | return -EFAULT; |
4321 | } | |
4322 | ||
9d03ebc7 | 4323 | if (bpf_prog_is_offloaded(prog->aux)) { |
675fc275 JK |
4324 | err = bpf_prog_offload_info_fill(&info, prog); |
4325 | if (err) | |
4326 | return err; | |
fcfb126d JW |
4327 | goto done; |
4328 | } | |
4329 | ||
4330 | /* NOTE: the following code is supposed to be skipped for offload. | |
4331 | * bpf_prog_offload_info_fill() is the place to fill similar fields | |
4332 | * for offload. | |
4333 | */ | |
4334 | ulen = info.jited_prog_len; | |
4d56a76e SD |
4335 | if (prog->aux->func_cnt) { |
4336 | u32 i; | |
4337 | ||
4338 | info.jited_prog_len = 0; | |
4339 | for (i = 0; i < prog->aux->func_cnt; i++) | |
4340 | info.jited_prog_len += prog->aux->func[i]->jited_len; | |
4341 | } else { | |
4342 | info.jited_prog_len = prog->jited_len; | |
4343 | } | |
4344 | ||
fcfb126d | 4345 | if (info.jited_prog_len && ulen) { |
63960260 | 4346 | if (bpf_dump_raw_ok(file->f_cred)) { |
fcfb126d JW |
4347 | uinsns = u64_to_user_ptr(info.jited_prog_insns); |
4348 | ulen = min_t(u32, info.jited_prog_len, ulen); | |
4d56a76e SD |
4349 | |
4350 | /* for multi-function programs, copy the JITed | |
4351 | * instructions for all the functions | |
4352 | */ | |
4353 | if (prog->aux->func_cnt) { | |
4354 | u32 len, free, i; | |
4355 | u8 *img; | |
4356 | ||
4357 | free = ulen; | |
4358 | for (i = 0; i < prog->aux->func_cnt; i++) { | |
4359 | len = prog->aux->func[i]->jited_len; | |
4360 | len = min_t(u32, len, free); | |
4361 | img = (u8 *) prog->aux->func[i]->bpf_func; | |
4362 | if (copy_to_user(uinsns, img, len)) | |
4363 | return -EFAULT; | |
4364 | uinsns += len; | |
4365 | free -= len; | |
4366 | if (!free) | |
4367 | break; | |
4368 | } | |
4369 | } else { | |
4370 | if (copy_to_user(uinsns, prog->bpf_func, ulen)) | |
4371 | return -EFAULT; | |
4372 | } | |
fcfb126d JW |
4373 | } else { |
4374 | info.jited_prog_insns = 0; | |
4375 | } | |
675fc275 JK |
4376 | } |
4377 | ||
dbecd738 | 4378 | ulen = info.nr_jited_ksyms; |
ff1889fc | 4379 | info.nr_jited_ksyms = prog->aux->func_cnt ? : 1; |
7a5725dd | 4380 | if (ulen) { |
63960260 | 4381 | if (bpf_dump_raw_ok(file->f_cred)) { |
ff1889fc | 4382 | unsigned long ksym_addr; |
dbecd738 | 4383 | u64 __user *user_ksyms; |
dbecd738 SD |
4384 | u32 i; |
4385 | ||
4386 | /* copy the address of the kernel symbol | |
4387 | * corresponding to each function | |
4388 | */ | |
4389 | ulen = min_t(u32, info.nr_jited_ksyms, ulen); | |
4390 | user_ksyms = u64_to_user_ptr(info.jited_ksyms); | |
ff1889fc SL |
4391 | if (prog->aux->func_cnt) { |
4392 | for (i = 0; i < ulen; i++) { | |
4393 | ksym_addr = (unsigned long) | |
4394 | prog->aux->func[i]->bpf_func; | |
4395 | if (put_user((u64) ksym_addr, | |
4396 | &user_ksyms[i])) | |
4397 | return -EFAULT; | |
4398 | } | |
4399 | } else { | |
4400 | ksym_addr = (unsigned long) prog->bpf_func; | |
4401 | if (put_user((u64) ksym_addr, &user_ksyms[0])) | |
dbecd738 SD |
4402 | return -EFAULT; |
4403 | } | |
4404 | } else { | |
4405 | info.jited_ksyms = 0; | |
4406 | } | |
4407 | } | |
4408 | ||
815581c1 | 4409 | ulen = info.nr_jited_func_lens; |
ff1889fc | 4410 | info.nr_jited_func_lens = prog->aux->func_cnt ? : 1; |
7a5725dd | 4411 | if (ulen) { |
63960260 | 4412 | if (bpf_dump_raw_ok(file->f_cred)) { |
815581c1 SD |
4413 | u32 __user *user_lens; |
4414 | u32 func_len, i; | |
4415 | ||
4416 | /* copy the JITed image lengths for each function */ | |
4417 | ulen = min_t(u32, info.nr_jited_func_lens, ulen); | |
4418 | user_lens = u64_to_user_ptr(info.jited_func_lens); | |
ff1889fc SL |
4419 | if (prog->aux->func_cnt) { |
4420 | for (i = 0; i < ulen; i++) { | |
4421 | func_len = | |
4422 | prog->aux->func[i]->jited_len; | |
4423 | if (put_user(func_len, &user_lens[i])) | |
4424 | return -EFAULT; | |
4425 | } | |
4426 | } else { | |
4427 | func_len = prog->jited_len; | |
4428 | if (put_user(func_len, &user_lens[0])) | |
815581c1 SD |
4429 | return -EFAULT; |
4430 | } | |
4431 | } else { | |
4432 | info.jited_func_lens = 0; | |
4433 | } | |
4434 | } | |
4435 | ||
7337224f | 4436 | if (prog->aux->btf) |
22dc4a0f | 4437 | info.btf_id = btf_obj_id(prog->aux->btf); |
b79c9fc9 | 4438 | info.attach_btf_id = prog->aux->attach_btf_id; |
6644aabb SF |
4439 | if (attach_btf) |
4440 | info.attach_btf_obj_id = btf_obj_id(attach_btf); | |
838e9690 | 4441 | |
11d8b82d YS |
4442 | ulen = info.nr_func_info; |
4443 | info.nr_func_info = prog->aux->func_info_cnt; | |
4444 | if (info.nr_func_info && ulen) { | |
9e794163 | 4445 | char __user *user_finfo; |
7337224f | 4446 | |
9e794163 MKL |
4447 | user_finfo = u64_to_user_ptr(info.func_info); |
4448 | ulen = min_t(u32, info.nr_func_info, ulen); | |
4449 | if (copy_to_user(user_finfo, prog->aux->func_info, | |
4450 | info.func_info_rec_size * ulen)) | |
4451 | return -EFAULT; | |
838e9690 YS |
4452 | } |
4453 | ||
11d8b82d YS |
4454 | ulen = info.nr_line_info; |
4455 | info.nr_line_info = prog->aux->nr_linfo; | |
4456 | if (info.nr_line_info && ulen) { | |
9e794163 | 4457 | __u8 __user *user_linfo; |
c454a46b | 4458 | |
9e794163 MKL |
4459 | user_linfo = u64_to_user_ptr(info.line_info); |
4460 | ulen = min_t(u32, info.nr_line_info, ulen); | |
4461 | if (copy_to_user(user_linfo, prog->aux->linfo, | |
4462 | info.line_info_rec_size * ulen)) | |
4463 | return -EFAULT; | |
c454a46b MKL |
4464 | } |
4465 | ||
11d8b82d | 4466 | ulen = info.nr_jited_line_info; |
c454a46b | 4467 | if (prog->aux->jited_linfo) |
11d8b82d | 4468 | info.nr_jited_line_info = prog->aux->nr_linfo; |
c454a46b | 4469 | else |
11d8b82d YS |
4470 | info.nr_jited_line_info = 0; |
4471 | if (info.nr_jited_line_info && ulen) { | |
63960260 | 4472 | if (bpf_dump_raw_ok(file->f_cred)) { |
2cd00852 | 4473 | unsigned long line_addr; |
c454a46b MKL |
4474 | __u64 __user *user_linfo; |
4475 | u32 i; | |
4476 | ||
4477 | user_linfo = u64_to_user_ptr(info.jited_line_info); | |
11d8b82d | 4478 | ulen = min_t(u32, info.nr_jited_line_info, ulen); |
c454a46b | 4479 | for (i = 0; i < ulen; i++) { |
2cd00852 PL |
4480 | line_addr = (unsigned long)prog->aux->jited_linfo[i]; |
4481 | if (put_user((__u64)line_addr, &user_linfo[i])) | |
c454a46b MKL |
4482 | return -EFAULT; |
4483 | } | |
4484 | } else { | |
4485 | info.jited_line_info = 0; | |
4486 | } | |
4487 | } | |
4488 | ||
c872bdb3 SL |
4489 | ulen = info.nr_prog_tags; |
4490 | info.nr_prog_tags = prog->aux->func_cnt ? : 1; | |
4491 | if (ulen) { | |
4492 | __u8 __user (*user_prog_tags)[BPF_TAG_SIZE]; | |
4493 | u32 i; | |
4494 | ||
4495 | user_prog_tags = u64_to_user_ptr(info.prog_tags); | |
4496 | ulen = min_t(u32, info.nr_prog_tags, ulen); | |
4497 | if (prog->aux->func_cnt) { | |
4498 | for (i = 0; i < ulen; i++) { | |
4499 | if (copy_to_user(user_prog_tags[i], | |
4500 | prog->aux->func[i]->tag, | |
4501 | BPF_TAG_SIZE)) | |
4502 | return -EFAULT; | |
4503 | } | |
4504 | } else { | |
4505 | if (copy_to_user(user_prog_tags[0], | |
4506 | prog->tag, BPF_TAG_SIZE)) | |
4507 | return -EFAULT; | |
4508 | } | |
4509 | } | |
4510 | ||
1e270976 MKL |
4511 | done: |
4512 | if (copy_to_user(uinfo, &info, info_len) || | |
4513 | put_user(info_len, &uattr->info.info_len)) | |
4514 | return -EFAULT; | |
4515 | ||
4516 | return 0; | |
4517 | } | |
4518 | ||
63960260 KC |
4519 | static int bpf_map_get_info_by_fd(struct file *file, |
4520 | struct bpf_map *map, | |
1e270976 MKL |
4521 | const union bpf_attr *attr, |
4522 | union bpf_attr __user *uattr) | |
4523 | { | |
4524 | struct bpf_map_info __user *uinfo = u64_to_user_ptr(attr->info.info); | |
5c6f2588 | 4525 | struct bpf_map_info info; |
1e270976 MKL |
4526 | u32 info_len = attr->info.info_len; |
4527 | int err; | |
4528 | ||
af2ac3e1 | 4529 | err = bpf_check_uarg_tail_zero(USER_BPFPTR(uinfo), sizeof(info), info_len); |
1e270976 MKL |
4530 | if (err) |
4531 | return err; | |
4532 | info_len = min_t(u32, sizeof(info), info_len); | |
4533 | ||
5c6f2588 | 4534 | memset(&info, 0, sizeof(info)); |
1e270976 MKL |
4535 | info.type = map->map_type; |
4536 | info.id = map->id; | |
4537 | info.key_size = map->key_size; | |
4538 | info.value_size = map->value_size; | |
4539 | info.max_entries = map->max_entries; | |
4540 | info.map_flags = map->map_flags; | |
9330986c | 4541 | info.map_extra = map->map_extra; |
ad5b177b | 4542 | memcpy(info.name, map->name, sizeof(map->name)); |
1e270976 | 4543 | |
78958fca | 4544 | if (map->btf) { |
22dc4a0f | 4545 | info.btf_id = btf_obj_id(map->btf); |
9b2cf328 MKL |
4546 | info.btf_key_type_id = map->btf_key_type_id; |
4547 | info.btf_value_type_id = map->btf_value_type_id; | |
78958fca | 4548 | } |
85d33df3 | 4549 | info.btf_vmlinux_value_type_id = map->btf_vmlinux_value_type_id; |
78958fca | 4550 | |
9d03ebc7 | 4551 | if (bpf_map_is_offloaded(map)) { |
52775b33 JK |
4552 | err = bpf_map_offload_info_fill(&info, map); |
4553 | if (err) | |
4554 | return err; | |
4555 | } | |
4556 | ||
1e270976 MKL |
4557 | if (copy_to_user(uinfo, &info, info_len) || |
4558 | put_user(info_len, &uattr->info.info_len)) | |
4559 | return -EFAULT; | |
4560 | ||
4561 | return 0; | |
4562 | } | |
4563 | ||
63960260 KC |
4564 | static int bpf_btf_get_info_by_fd(struct file *file, |
4565 | struct btf *btf, | |
62dab84c MKL |
4566 | const union bpf_attr *attr, |
4567 | union bpf_attr __user *uattr) | |
4568 | { | |
4569 | struct bpf_btf_info __user *uinfo = u64_to_user_ptr(attr->info.info); | |
4570 | u32 info_len = attr->info.info_len; | |
4571 | int err; | |
4572 | ||
af2ac3e1 | 4573 | err = bpf_check_uarg_tail_zero(USER_BPFPTR(uinfo), sizeof(*uinfo), info_len); |
62dab84c MKL |
4574 | if (err) |
4575 | return err; | |
4576 | ||
4577 | return btf_get_info_by_fd(btf, attr, uattr); | |
4578 | } | |
4579 | ||
63960260 KC |
4580 | static int bpf_link_get_info_by_fd(struct file *file, |
4581 | struct bpf_link *link, | |
f2e10bff AN |
4582 | const union bpf_attr *attr, |
4583 | union bpf_attr __user *uattr) | |
4584 | { | |
4585 | struct bpf_link_info __user *uinfo = u64_to_user_ptr(attr->info.info); | |
4586 | struct bpf_link_info info; | |
4587 | u32 info_len = attr->info.info_len; | |
4588 | int err; | |
4589 | ||
af2ac3e1 | 4590 | err = bpf_check_uarg_tail_zero(USER_BPFPTR(uinfo), sizeof(info), info_len); |
f2e10bff AN |
4591 | if (err) |
4592 | return err; | |
4593 | info_len = min_t(u32, sizeof(info), info_len); | |
4594 | ||
4595 | memset(&info, 0, sizeof(info)); | |
4596 | if (copy_from_user(&info, uinfo, info_len)) | |
4597 | return -EFAULT; | |
4598 | ||
4599 | info.type = link->type; | |
4600 | info.id = link->id; | |
68b04864 KFL |
4601 | if (link->prog) |
4602 | info.prog_id = link->prog->aux->id; | |
f2e10bff AN |
4603 | |
4604 | if (link->ops->fill_link_info) { | |
4605 | err = link->ops->fill_link_info(link, &info); | |
4606 | if (err) | |
4607 | return err; | |
4608 | } | |
4609 | ||
4610 | if (copy_to_user(uinfo, &info, info_len) || | |
4611 | put_user(info_len, &uattr->info.info_len)) | |
4612 | return -EFAULT; | |
4613 | ||
4614 | return 0; | |
4615 | } | |
4616 | ||
4617 | ||
1e270976 MKL |
4618 | #define BPF_OBJ_GET_INFO_BY_FD_LAST_FIELD info.info |
4619 | ||
4620 | static int bpf_obj_get_info_by_fd(const union bpf_attr *attr, | |
4621 | union bpf_attr __user *uattr) | |
4622 | { | |
4623 | int ufd = attr->info.bpf_fd; | |
4624 | struct fd f; | |
4625 | int err; | |
4626 | ||
4627 | if (CHECK_ATTR(BPF_OBJ_GET_INFO_BY_FD)) | |
4628 | return -EINVAL; | |
4629 | ||
4630 | f = fdget(ufd); | |
4631 | if (!f.file) | |
4632 | return -EBADFD; | |
4633 | ||
4634 | if (f.file->f_op == &bpf_prog_fops) | |
63960260 | 4635 | err = bpf_prog_get_info_by_fd(f.file, f.file->private_data, attr, |
1e270976 MKL |
4636 | uattr); |
4637 | else if (f.file->f_op == &bpf_map_fops) | |
63960260 | 4638 | err = bpf_map_get_info_by_fd(f.file, f.file->private_data, attr, |
1e270976 | 4639 | uattr); |
60197cfb | 4640 | else if (f.file->f_op == &btf_fops) |
63960260 | 4641 | err = bpf_btf_get_info_by_fd(f.file, f.file->private_data, attr, uattr); |
f2e10bff | 4642 | else if (f.file->f_op == &bpf_link_fops) |
63960260 | 4643 | err = bpf_link_get_info_by_fd(f.file, f.file->private_data, |
f2e10bff | 4644 | attr, uattr); |
1e270976 MKL |
4645 | else |
4646 | err = -EINVAL; | |
4647 | ||
4648 | fdput(f); | |
4649 | return err; | |
4650 | } | |
4651 | ||
47a71c1f | 4652 | #define BPF_BTF_LOAD_LAST_FIELD btf_log_true_size |
f56a653c | 4653 | |
47a71c1f | 4654 | static int bpf_btf_load(const union bpf_attr *attr, bpfptr_t uattr, __u32 uattr_size) |
f56a653c MKL |
4655 | { |
4656 | if (CHECK_ATTR(BPF_BTF_LOAD)) | |
4657 | return -EINVAL; | |
4658 | ||
2c78ee89 | 4659 | if (!bpf_capable()) |
f56a653c MKL |
4660 | return -EPERM; |
4661 | ||
47a71c1f | 4662 | return btf_new_fd(attr, uattr, uattr_size); |
f56a653c MKL |
4663 | } |
4664 | ||
78958fca MKL |
4665 | #define BPF_BTF_GET_FD_BY_ID_LAST_FIELD btf_id |
4666 | ||
4667 | static int bpf_btf_get_fd_by_id(const union bpf_attr *attr) | |
4668 | { | |
4669 | if (CHECK_ATTR(BPF_BTF_GET_FD_BY_ID)) | |
4670 | return -EINVAL; | |
4671 | ||
4672 | if (!capable(CAP_SYS_ADMIN)) | |
4673 | return -EPERM; | |
4674 | ||
4675 | return btf_get_fd_by_id(attr->btf_id); | |
4676 | } | |
4677 | ||
41bdc4b4 YS |
4678 | static int bpf_task_fd_query_copy(const union bpf_attr *attr, |
4679 | union bpf_attr __user *uattr, | |
4680 | u32 prog_id, u32 fd_type, | |
4681 | const char *buf, u64 probe_offset, | |
4682 | u64 probe_addr) | |
4683 | { | |
4684 | char __user *ubuf = u64_to_user_ptr(attr->task_fd_query.buf); | |
4685 | u32 len = buf ? strlen(buf) : 0, input_len; | |
4686 | int err = 0; | |
4687 | ||
4688 | if (put_user(len, &uattr->task_fd_query.buf_len)) | |
4689 | return -EFAULT; | |
4690 | input_len = attr->task_fd_query.buf_len; | |
4691 | if (input_len && ubuf) { | |
4692 | if (!len) { | |
4693 | /* nothing to copy, just make ubuf NULL terminated */ | |
4694 | char zero = '\0'; | |
4695 | ||
4696 | if (put_user(zero, ubuf)) | |
4697 | return -EFAULT; | |
4698 | } else if (input_len >= len + 1) { | |
4699 | /* ubuf can hold the string with NULL terminator */ | |
4700 | if (copy_to_user(ubuf, buf, len + 1)) | |
4701 | return -EFAULT; | |
4702 | } else { | |
4703 | /* ubuf cannot hold the string with NULL terminator, | |
4704 | * do a partial copy with NULL terminator. | |
4705 | */ | |
4706 | char zero = '\0'; | |
4707 | ||
4708 | err = -ENOSPC; | |
4709 | if (copy_to_user(ubuf, buf, input_len - 1)) | |
4710 | return -EFAULT; | |
4711 | if (put_user(zero, ubuf + input_len - 1)) | |
4712 | return -EFAULT; | |
4713 | } | |
4714 | } | |
4715 | ||
4716 | if (put_user(prog_id, &uattr->task_fd_query.prog_id) || | |
4717 | put_user(fd_type, &uattr->task_fd_query.fd_type) || | |
4718 | put_user(probe_offset, &uattr->task_fd_query.probe_offset) || | |
4719 | put_user(probe_addr, &uattr->task_fd_query.probe_addr)) | |
4720 | return -EFAULT; | |
4721 | ||
4722 | return err; | |
4723 | } | |
4724 | ||
4725 | #define BPF_TASK_FD_QUERY_LAST_FIELD task_fd_query.probe_addr | |
4726 | ||
4727 | static int bpf_task_fd_query(const union bpf_attr *attr, | |
4728 | union bpf_attr __user *uattr) | |
4729 | { | |
4730 | pid_t pid = attr->task_fd_query.pid; | |
4731 | u32 fd = attr->task_fd_query.fd; | |
4732 | const struct perf_event *event; | |
41bdc4b4 YS |
4733 | struct task_struct *task; |
4734 | struct file *file; | |
4735 | int err; | |
4736 | ||
4737 | if (CHECK_ATTR(BPF_TASK_FD_QUERY)) | |
4738 | return -EINVAL; | |
4739 | ||
4740 | if (!capable(CAP_SYS_ADMIN)) | |
4741 | return -EPERM; | |
4742 | ||
4743 | if (attr->task_fd_query.flags != 0) | |
4744 | return -EINVAL; | |
4745 | ||
83c10cc3 | 4746 | rcu_read_lock(); |
41bdc4b4 | 4747 | task = get_pid_task(find_vpid(pid), PIDTYPE_PID); |
83c10cc3 | 4748 | rcu_read_unlock(); |
41bdc4b4 YS |
4749 | if (!task) |
4750 | return -ENOENT; | |
4751 | ||
41bdc4b4 | 4752 | err = 0; |
b48845af EB |
4753 | file = fget_task(task, fd); |
4754 | put_task_struct(task); | |
41bdc4b4 | 4755 | if (!file) |
b48845af | 4756 | return -EBADF; |
41bdc4b4 | 4757 | |
70ed506c AN |
4758 | if (file->f_op == &bpf_link_fops) { |
4759 | struct bpf_link *link = file->private_data; | |
41bdc4b4 | 4760 | |
a3b80e10 | 4761 | if (link->ops == &bpf_raw_tp_link_lops) { |
70ed506c AN |
4762 | struct bpf_raw_tp_link *raw_tp = |
4763 | container_of(link, struct bpf_raw_tp_link, link); | |
4764 | struct bpf_raw_event_map *btp = raw_tp->btp; | |
4765 | ||
4766 | err = bpf_task_fd_query_copy(attr, uattr, | |
4767 | raw_tp->link.prog->aux->id, | |
4768 | BPF_FD_TYPE_RAW_TRACEPOINT, | |
4769 | btp->tp->name, 0, 0); | |
4770 | goto put_file; | |
4771 | } | |
4772 | goto out_not_supp; | |
41bdc4b4 YS |
4773 | } |
4774 | ||
4775 | event = perf_get_event(file); | |
4776 | if (!IS_ERR(event)) { | |
4777 | u64 probe_offset, probe_addr; | |
4778 | u32 prog_id, fd_type; | |
4779 | const char *buf; | |
4780 | ||
4781 | err = bpf_get_perf_event_info(event, &prog_id, &fd_type, | |
4782 | &buf, &probe_offset, | |
4783 | &probe_addr); | |
4784 | if (!err) | |
4785 | err = bpf_task_fd_query_copy(attr, uattr, prog_id, | |
4786 | fd_type, buf, | |
4787 | probe_offset, | |
4788 | probe_addr); | |
4789 | goto put_file; | |
4790 | } | |
4791 | ||
70ed506c | 4792 | out_not_supp: |
41bdc4b4 YS |
4793 | err = -ENOTSUPP; |
4794 | put_file: | |
4795 | fput(file); | |
41bdc4b4 YS |
4796 | return err; |
4797 | } | |
4798 | ||
cb4d03ab BV |
4799 | #define BPF_MAP_BATCH_LAST_FIELD batch.flags |
4800 | ||
3af43ba4 | 4801 | #define BPF_DO_BATCH(fn, ...) \ |
cb4d03ab BV |
4802 | do { \ |
4803 | if (!fn) { \ | |
4804 | err = -ENOTSUPP; \ | |
4805 | goto err_put; \ | |
4806 | } \ | |
3af43ba4 | 4807 | err = fn(__VA_ARGS__); \ |
cb4d03ab BV |
4808 | } while (0) |
4809 | ||
4810 | static int bpf_map_do_batch(const union bpf_attr *attr, | |
4811 | union bpf_attr __user *uattr, | |
4812 | int cmd) | |
4813 | { | |
353050be DB |
4814 | bool has_read = cmd == BPF_MAP_LOOKUP_BATCH || |
4815 | cmd == BPF_MAP_LOOKUP_AND_DELETE_BATCH; | |
4816 | bool has_write = cmd != BPF_MAP_LOOKUP_BATCH; | |
cb4d03ab BV |
4817 | struct bpf_map *map; |
4818 | int err, ufd; | |
4819 | struct fd f; | |
4820 | ||
4821 | if (CHECK_ATTR(BPF_MAP_BATCH)) | |
4822 | return -EINVAL; | |
4823 | ||
4824 | ufd = attr->batch.map_fd; | |
4825 | f = fdget(ufd); | |
4826 | map = __bpf_map_get(f); | |
4827 | if (IS_ERR(map)) | |
4828 | return PTR_ERR(map); | |
353050be DB |
4829 | if (has_write) |
4830 | bpf_map_write_active_inc(map); | |
4831 | if (has_read && !(map_get_sys_perms(map, f) & FMODE_CAN_READ)) { | |
cb4d03ab BV |
4832 | err = -EPERM; |
4833 | goto err_put; | |
4834 | } | |
353050be | 4835 | if (has_write && !(map_get_sys_perms(map, f) & FMODE_CAN_WRITE)) { |
cb4d03ab BV |
4836 | err = -EPERM; |
4837 | goto err_put; | |
4838 | } | |
4839 | ||
4840 | if (cmd == BPF_MAP_LOOKUP_BATCH) | |
3af43ba4 | 4841 | BPF_DO_BATCH(map->ops->map_lookup_batch, map, attr, uattr); |
05799638 | 4842 | else if (cmd == BPF_MAP_LOOKUP_AND_DELETE_BATCH) |
3af43ba4 | 4843 | BPF_DO_BATCH(map->ops->map_lookup_and_delete_batch, map, attr, uattr); |
aa2e93b8 | 4844 | else if (cmd == BPF_MAP_UPDATE_BATCH) |
3af43ba4 | 4845 | BPF_DO_BATCH(map->ops->map_update_batch, map, f.file, attr, uattr); |
aa2e93b8 | 4846 | else |
3af43ba4 | 4847 | BPF_DO_BATCH(map->ops->map_delete_batch, map, attr, uattr); |
cb4d03ab | 4848 | err_put: |
353050be DB |
4849 | if (has_write) |
4850 | bpf_map_write_active_dec(map); | |
cb4d03ab BV |
4851 | fdput(f); |
4852 | return err; | |
4853 | } | |
4854 | ||
ca74823c | 4855 | #define BPF_LINK_CREATE_LAST_FIELD link_create.kprobe_multi.cookies |
af2ac3e1 | 4856 | static int link_create(union bpf_attr *attr, bpfptr_t uattr) |
af6eea57 AN |
4857 | { |
4858 | enum bpf_prog_type ptype; | |
4859 | struct bpf_prog *prog; | |
4860 | int ret; | |
4861 | ||
af6eea57 AN |
4862 | if (CHECK_ATTR(BPF_LINK_CREATE)) |
4863 | return -EINVAL; | |
4864 | ||
68b04864 KFL |
4865 | if (attr->link_create.attach_type == BPF_STRUCT_OPS) |
4866 | return bpf_struct_ops_link_create(attr); | |
4867 | ||
4a1e7c0c | 4868 | prog = bpf_prog_get(attr->link_create.prog_fd); |
af6eea57 AN |
4869 | if (IS_ERR(prog)) |
4870 | return PTR_ERR(prog); | |
4871 | ||
4872 | ret = bpf_prog_attach_check_attach_type(prog, | |
4873 | attr->link_create.attach_type); | |
4874 | if (ret) | |
4a1e7c0c THJ |
4875 | goto out; |
4876 | ||
b89fbfbb AN |
4877 | switch (prog->type) { |
4878 | case BPF_PROG_TYPE_EXT: | |
132328e8 | 4879 | break; |
84601d6e | 4880 | case BPF_PROG_TYPE_NETFILTER: |
132328e8 FW |
4881 | if (attr->link_create.attach_type != BPF_NETFILTER) { |
4882 | ret = -EINVAL; | |
4883 | goto out; | |
4884 | } | |
df86ca0d | 4885 | break; |
b89fbfbb | 4886 | case BPF_PROG_TYPE_PERF_EVENT: |
b89fbfbb AN |
4887 | case BPF_PROG_TYPE_TRACEPOINT: |
4888 | if (attr->link_create.attach_type != BPF_PERF_EVENT) { | |
4889 | ret = -EINVAL; | |
4890 | goto out; | |
4891 | } | |
b89fbfbb | 4892 | break; |
0dcac272 JO |
4893 | case BPF_PROG_TYPE_KPROBE: |
4894 | if (attr->link_create.attach_type != BPF_PERF_EVENT && | |
4895 | attr->link_create.attach_type != BPF_TRACE_KPROBE_MULTI) { | |
4896 | ret = -EINVAL; | |
4897 | goto out; | |
4898 | } | |
0dcac272 | 4899 | break; |
e420bed0 DB |
4900 | case BPF_PROG_TYPE_SCHED_CLS: |
4901 | if (attr->link_create.attach_type != BPF_TCX_INGRESS && | |
4902 | attr->link_create.attach_type != BPF_TCX_EGRESS) { | |
4903 | ret = -EINVAL; | |
4904 | goto out; | |
4905 | } | |
4906 | break; | |
b89fbfbb AN |
4907 | default: |
4908 | ptype = attach_type_to_prog_type(attr->link_create.attach_type); | |
4909 | if (ptype == BPF_PROG_TYPE_UNSPEC || ptype != prog->type) { | |
4910 | ret = -EINVAL; | |
4911 | goto out; | |
4912 | } | |
4913 | break; | |
4a1e7c0c | 4914 | } |
af6eea57 | 4915 | |
df86ca0d | 4916 | switch (prog->type) { |
af6eea57 AN |
4917 | case BPF_PROG_TYPE_CGROUP_SKB: |
4918 | case BPF_PROG_TYPE_CGROUP_SOCK: | |
4919 | case BPF_PROG_TYPE_CGROUP_SOCK_ADDR: | |
4920 | case BPF_PROG_TYPE_SOCK_OPS: | |
4921 | case BPF_PROG_TYPE_CGROUP_DEVICE: | |
4922 | case BPF_PROG_TYPE_CGROUP_SYSCTL: | |
4923 | case BPF_PROG_TYPE_CGROUP_SOCKOPT: | |
4924 | ret = cgroup_bpf_link_attach(attr, prog); | |
4925 | break; | |
df86ca0d AN |
4926 | case BPF_PROG_TYPE_EXT: |
4927 | ret = bpf_tracing_prog_attach(prog, | |
4928 | attr->link_create.target_fd, | |
2fcc8241 KFL |
4929 | attr->link_create.target_btf_id, |
4930 | attr->link_create.tracing.cookie); | |
df86ca0d AN |
4931 | break; |
4932 | case BPF_PROG_TYPE_LSM: | |
de4e05ca | 4933 | case BPF_PROG_TYPE_TRACING: |
df86ca0d AN |
4934 | if (attr->link_create.attach_type != prog->expected_attach_type) { |
4935 | ret = -EINVAL; | |
4936 | goto out; | |
4937 | } | |
4938 | if (prog->expected_attach_type == BPF_TRACE_RAW_TP) | |
4939 | ret = bpf_raw_tp_link_attach(prog, NULL); | |
4940 | else if (prog->expected_attach_type == BPF_TRACE_ITER) | |
4941 | ret = bpf_iter_link_attach(attr, uattr, prog); | |
69fd337a SF |
4942 | else if (prog->expected_attach_type == BPF_LSM_CGROUP) |
4943 | ret = cgroup_bpf_link_attach(attr, prog); | |
df86ca0d AN |
4944 | else |
4945 | ret = bpf_tracing_prog_attach(prog, | |
4946 | attr->link_create.target_fd, | |
2fcc8241 KFL |
4947 | attr->link_create.target_btf_id, |
4948 | attr->link_create.tracing.cookie); | |
de4e05ca | 4949 | break; |
7f045a49 | 4950 | case BPF_PROG_TYPE_FLOW_DISSECTOR: |
e9ddbb77 | 4951 | case BPF_PROG_TYPE_SK_LOOKUP: |
7f045a49 JS |
4952 | ret = netns_bpf_link_create(attr, prog); |
4953 | break; | |
310ad797 | 4954 | #ifdef CONFIG_NET |
aa8d3a71 AN |
4955 | case BPF_PROG_TYPE_XDP: |
4956 | ret = bpf_xdp_link_attach(attr, prog); | |
84601d6e | 4957 | break; |
e420bed0 DB |
4958 | case BPF_PROG_TYPE_SCHED_CLS: |
4959 | ret = tcx_link_attach(attr, prog); | |
4960 | break; | |
84601d6e FW |
4961 | case BPF_PROG_TYPE_NETFILTER: |
4962 | ret = bpf_nf_link_attach(attr, prog); | |
aa8d3a71 | 4963 | break; |
b89fbfbb | 4964 | #endif |
b89fbfbb AN |
4965 | case BPF_PROG_TYPE_PERF_EVENT: |
4966 | case BPF_PROG_TYPE_TRACEPOINT: | |
b89fbfbb AN |
4967 | ret = bpf_perf_link_attach(attr, prog); |
4968 | break; | |
0dcac272 JO |
4969 | case BPF_PROG_TYPE_KPROBE: |
4970 | if (attr->link_create.attach_type == BPF_PERF_EVENT) | |
4971 | ret = bpf_perf_link_attach(attr, prog); | |
4972 | else | |
4973 | ret = bpf_kprobe_multi_link_attach(attr, prog); | |
4974 | break; | |
af6eea57 AN |
4975 | default: |
4976 | ret = -EINVAL; | |
4977 | } | |
4978 | ||
4a1e7c0c | 4979 | out: |
af6eea57 AN |
4980 | if (ret < 0) |
4981 | bpf_prog_put(prog); | |
4982 | return ret; | |
4983 | } | |
4984 | ||
aef56f2e KFL |
4985 | static int link_update_map(struct bpf_link *link, union bpf_attr *attr) |
4986 | { | |
4987 | struct bpf_map *new_map, *old_map = NULL; | |
4988 | int ret; | |
4989 | ||
4990 | new_map = bpf_map_get(attr->link_update.new_map_fd); | |
4991 | if (IS_ERR(new_map)) | |
55fbae05 | 4992 | return PTR_ERR(new_map); |
aef56f2e KFL |
4993 | |
4994 | if (attr->link_update.flags & BPF_F_REPLACE) { | |
4995 | old_map = bpf_map_get(attr->link_update.old_map_fd); | |
4996 | if (IS_ERR(old_map)) { | |
55fbae05 | 4997 | ret = PTR_ERR(old_map); |
aef56f2e KFL |
4998 | goto out_put; |
4999 | } | |
5000 | } else if (attr->link_update.old_map_fd) { | |
5001 | ret = -EINVAL; | |
5002 | goto out_put; | |
5003 | } | |
5004 | ||
5005 | ret = link->ops->update_map(link, new_map, old_map); | |
5006 | ||
5007 | if (old_map) | |
5008 | bpf_map_put(old_map); | |
5009 | out_put: | |
5010 | bpf_map_put(new_map); | |
5011 | return ret; | |
5012 | } | |
5013 | ||
0c991ebc AN |
5014 | #define BPF_LINK_UPDATE_LAST_FIELD link_update.old_prog_fd |
5015 | ||
5016 | static int link_update(union bpf_attr *attr) | |
5017 | { | |
5018 | struct bpf_prog *old_prog = NULL, *new_prog; | |
5019 | struct bpf_link *link; | |
5020 | u32 flags; | |
5021 | int ret; | |
5022 | ||
0c991ebc AN |
5023 | if (CHECK_ATTR(BPF_LINK_UPDATE)) |
5024 | return -EINVAL; | |
5025 | ||
5026 | flags = attr->link_update.flags; | |
5027 | if (flags & ~BPF_F_REPLACE) | |
5028 | return -EINVAL; | |
5029 | ||
5030 | link = bpf_link_get_from_fd(attr->link_update.link_fd); | |
5031 | if (IS_ERR(link)) | |
5032 | return PTR_ERR(link); | |
5033 | ||
aef56f2e KFL |
5034 | if (link->ops->update_map) { |
5035 | ret = link_update_map(link, attr); | |
5036 | goto out_put_link; | |
5037 | } | |
5038 | ||
0c991ebc | 5039 | new_prog = bpf_prog_get(attr->link_update.new_prog_fd); |
4adb7a4a AN |
5040 | if (IS_ERR(new_prog)) { |
5041 | ret = PTR_ERR(new_prog); | |
5042 | goto out_put_link; | |
5043 | } | |
0c991ebc AN |
5044 | |
5045 | if (flags & BPF_F_REPLACE) { | |
5046 | old_prog = bpf_prog_get(attr->link_update.old_prog_fd); | |
5047 | if (IS_ERR(old_prog)) { | |
5048 | ret = PTR_ERR(old_prog); | |
5049 | old_prog = NULL; | |
5050 | goto out_put_progs; | |
5051 | } | |
4adb7a4a AN |
5052 | } else if (attr->link_update.old_prog_fd) { |
5053 | ret = -EINVAL; | |
5054 | goto out_put_progs; | |
0c991ebc AN |
5055 | } |
5056 | ||
f9d04127 AN |
5057 | if (link->ops->update_prog) |
5058 | ret = link->ops->update_prog(link, new_prog, old_prog); | |
5059 | else | |
fe537393 | 5060 | ret = -EINVAL; |
0c991ebc AN |
5061 | |
5062 | out_put_progs: | |
5063 | if (old_prog) | |
5064 | bpf_prog_put(old_prog); | |
5065 | if (ret) | |
5066 | bpf_prog_put(new_prog); | |
4adb7a4a | 5067 | out_put_link: |
ab5d47bd | 5068 | bpf_link_put_direct(link); |
0c991ebc AN |
5069 | return ret; |
5070 | } | |
5071 | ||
73b11c2a AN |
5072 | #define BPF_LINK_DETACH_LAST_FIELD link_detach.link_fd |
5073 | ||
5074 | static int link_detach(union bpf_attr *attr) | |
5075 | { | |
5076 | struct bpf_link *link; | |
5077 | int ret; | |
5078 | ||
5079 | if (CHECK_ATTR(BPF_LINK_DETACH)) | |
5080 | return -EINVAL; | |
5081 | ||
5082 | link = bpf_link_get_from_fd(attr->link_detach.link_fd); | |
5083 | if (IS_ERR(link)) | |
5084 | return PTR_ERR(link); | |
5085 | ||
5086 | if (link->ops->detach) | |
5087 | ret = link->ops->detach(link); | |
5088 | else | |
5089 | ret = -EOPNOTSUPP; | |
5090 | ||
ab5d47bd | 5091 | bpf_link_put_direct(link); |
73b11c2a AN |
5092 | return ret; |
5093 | } | |
5094 | ||
005142b8 | 5095 | static struct bpf_link *bpf_link_inc_not_zero(struct bpf_link *link) |
2d602c8c | 5096 | { |
005142b8 | 5097 | return atomic64_fetch_add_unless(&link->refcnt, 1, 0) ? link : ERR_PTR(-ENOENT); |
2d602c8c AN |
5098 | } |
5099 | ||
005142b8 | 5100 | struct bpf_link *bpf_link_by_id(u32 id) |
2d602c8c AN |
5101 | { |
5102 | struct bpf_link *link; | |
2d602c8c | 5103 | |
005142b8 AS |
5104 | if (!id) |
5105 | return ERR_PTR(-ENOENT); | |
2d602c8c AN |
5106 | |
5107 | spin_lock_bh(&link_idr_lock); | |
2d602c8c | 5108 | /* before link is "settled", ID is 0, pretend it doesn't exist yet */ |
005142b8 | 5109 | link = idr_find(&link_idr, id); |
2d602c8c AN |
5110 | if (link) { |
5111 | if (link->id) | |
005142b8 | 5112 | link = bpf_link_inc_not_zero(link); |
2d602c8c | 5113 | else |
005142b8 | 5114 | link = ERR_PTR(-EAGAIN); |
2d602c8c | 5115 | } else { |
005142b8 | 5116 | link = ERR_PTR(-ENOENT); |
2d602c8c AN |
5117 | } |
5118 | spin_unlock_bh(&link_idr_lock); | |
005142b8 AS |
5119 | return link; |
5120 | } | |
2d602c8c | 5121 | |
9f883612 DD |
5122 | struct bpf_link *bpf_link_get_curr_or_next(u32 *id) |
5123 | { | |
5124 | struct bpf_link *link; | |
5125 | ||
5126 | spin_lock_bh(&link_idr_lock); | |
5127 | again: | |
5128 | link = idr_get_next(&link_idr, id); | |
5129 | if (link) { | |
5130 | link = bpf_link_inc_not_zero(link); | |
5131 | if (IS_ERR(link)) { | |
5132 | (*id)++; | |
5133 | goto again; | |
5134 | } | |
5135 | } | |
5136 | spin_unlock_bh(&link_idr_lock); | |
5137 | ||
5138 | return link; | |
5139 | } | |
5140 | ||
005142b8 AS |
5141 | #define BPF_LINK_GET_FD_BY_ID_LAST_FIELD link_id |
5142 | ||
5143 | static int bpf_link_get_fd_by_id(const union bpf_attr *attr) | |
5144 | { | |
5145 | struct bpf_link *link; | |
5146 | u32 id = attr->link_id; | |
5147 | int fd; | |
5148 | ||
5149 | if (CHECK_ATTR(BPF_LINK_GET_FD_BY_ID)) | |
5150 | return -EINVAL; | |
5151 | ||
5152 | if (!capable(CAP_SYS_ADMIN)) | |
5153 | return -EPERM; | |
5154 | ||
5155 | link = bpf_link_by_id(id); | |
5156 | if (IS_ERR(link)) | |
5157 | return PTR_ERR(link); | |
2d602c8c AN |
5158 | |
5159 | fd = bpf_link_new_fd(link); | |
5160 | if (fd < 0) | |
ab5d47bd | 5161 | bpf_link_put_direct(link); |
2d602c8c AN |
5162 | |
5163 | return fd; | |
5164 | } | |
5165 | ||
d46edd67 SL |
5166 | DEFINE_MUTEX(bpf_stats_enabled_mutex); |
5167 | ||
5168 | static int bpf_stats_release(struct inode *inode, struct file *file) | |
5169 | { | |
5170 | mutex_lock(&bpf_stats_enabled_mutex); | |
5171 | static_key_slow_dec(&bpf_stats_enabled_key.key); | |
5172 | mutex_unlock(&bpf_stats_enabled_mutex); | |
5173 | return 0; | |
5174 | } | |
5175 | ||
5176 | static const struct file_operations bpf_stats_fops = { | |
5177 | .release = bpf_stats_release, | |
5178 | }; | |
5179 | ||
5180 | static int bpf_enable_runtime_stats(void) | |
5181 | { | |
5182 | int fd; | |
5183 | ||
5184 | mutex_lock(&bpf_stats_enabled_mutex); | |
5185 | ||
5186 | /* Set a very high limit to avoid overflow */ | |
5187 | if (static_key_count(&bpf_stats_enabled_key.key) > INT_MAX / 2) { | |
5188 | mutex_unlock(&bpf_stats_enabled_mutex); | |
5189 | return -EBUSY; | |
5190 | } | |
5191 | ||
5192 | fd = anon_inode_getfd("bpf-stats", &bpf_stats_fops, NULL, O_CLOEXEC); | |
5193 | if (fd >= 0) | |
5194 | static_key_slow_inc(&bpf_stats_enabled_key.key); | |
5195 | ||
5196 | mutex_unlock(&bpf_stats_enabled_mutex); | |
5197 | return fd; | |
5198 | } | |
5199 | ||
5200 | #define BPF_ENABLE_STATS_LAST_FIELD enable_stats.type | |
5201 | ||
5202 | static int bpf_enable_stats(union bpf_attr *attr) | |
5203 | { | |
5204 | ||
5205 | if (CHECK_ATTR(BPF_ENABLE_STATS)) | |
5206 | return -EINVAL; | |
5207 | ||
5208 | if (!capable(CAP_SYS_ADMIN)) | |
5209 | return -EPERM; | |
5210 | ||
5211 | switch (attr->enable_stats.type) { | |
5212 | case BPF_STATS_RUN_TIME: | |
5213 | return bpf_enable_runtime_stats(); | |
5214 | default: | |
5215 | break; | |
5216 | } | |
5217 | return -EINVAL; | |
5218 | } | |
5219 | ||
ac51d99b YS |
5220 | #define BPF_ITER_CREATE_LAST_FIELD iter_create.flags |
5221 | ||
5222 | static int bpf_iter_create(union bpf_attr *attr) | |
5223 | { | |
5224 | struct bpf_link *link; | |
5225 | int err; | |
5226 | ||
5227 | if (CHECK_ATTR(BPF_ITER_CREATE)) | |
5228 | return -EINVAL; | |
5229 | ||
5230 | if (attr->iter_create.flags) | |
5231 | return -EINVAL; | |
5232 | ||
5233 | link = bpf_link_get_from_fd(attr->iter_create.link_fd); | |
5234 | if (IS_ERR(link)) | |
5235 | return PTR_ERR(link); | |
5236 | ||
5237 | err = bpf_iter_new_fd(link); | |
ab5d47bd | 5238 | bpf_link_put_direct(link); |
ac51d99b YS |
5239 | |
5240 | return err; | |
5241 | } | |
5242 | ||
ef15314a YZ |
5243 | #define BPF_PROG_BIND_MAP_LAST_FIELD prog_bind_map.flags |
5244 | ||
5245 | static int bpf_prog_bind_map(union bpf_attr *attr) | |
5246 | { | |
5247 | struct bpf_prog *prog; | |
5248 | struct bpf_map *map; | |
5249 | struct bpf_map **used_maps_old, **used_maps_new; | |
5250 | int i, ret = 0; | |
5251 | ||
5252 | if (CHECK_ATTR(BPF_PROG_BIND_MAP)) | |
5253 | return -EINVAL; | |
5254 | ||
5255 | if (attr->prog_bind_map.flags) | |
5256 | return -EINVAL; | |
5257 | ||
5258 | prog = bpf_prog_get(attr->prog_bind_map.prog_fd); | |
5259 | if (IS_ERR(prog)) | |
5260 | return PTR_ERR(prog); | |
5261 | ||
5262 | map = bpf_map_get(attr->prog_bind_map.map_fd); | |
5263 | if (IS_ERR(map)) { | |
5264 | ret = PTR_ERR(map); | |
5265 | goto out_prog_put; | |
5266 | } | |
5267 | ||
5268 | mutex_lock(&prog->aux->used_maps_mutex); | |
5269 | ||
5270 | used_maps_old = prog->aux->used_maps; | |
5271 | ||
5272 | for (i = 0; i < prog->aux->used_map_cnt; i++) | |
1028ae40 SF |
5273 | if (used_maps_old[i] == map) { |
5274 | bpf_map_put(map); | |
ef15314a | 5275 | goto out_unlock; |
1028ae40 | 5276 | } |
ef15314a YZ |
5277 | |
5278 | used_maps_new = kmalloc_array(prog->aux->used_map_cnt + 1, | |
5279 | sizeof(used_maps_new[0]), | |
5280 | GFP_KERNEL); | |
5281 | if (!used_maps_new) { | |
5282 | ret = -ENOMEM; | |
5283 | goto out_unlock; | |
5284 | } | |
5285 | ||
5286 | memcpy(used_maps_new, used_maps_old, | |
5287 | sizeof(used_maps_old[0]) * prog->aux->used_map_cnt); | |
5288 | used_maps_new[prog->aux->used_map_cnt] = map; | |
5289 | ||
5290 | prog->aux->used_map_cnt++; | |
5291 | prog->aux->used_maps = used_maps_new; | |
5292 | ||
5293 | kfree(used_maps_old); | |
5294 | ||
5295 | out_unlock: | |
5296 | mutex_unlock(&prog->aux->used_maps_mutex); | |
5297 | ||
5298 | if (ret) | |
5299 | bpf_map_put(map); | |
5300 | out_prog_put: | |
5301 | bpf_prog_put(prog); | |
5302 | return ret; | |
5303 | } | |
5304 | ||
af2ac3e1 | 5305 | static int __sys_bpf(int cmd, bpfptr_t uattr, unsigned int size) |
99c55f7d | 5306 | { |
8096f229 | 5307 | union bpf_attr attr; |
99c55f7d AS |
5308 | int err; |
5309 | ||
dcab51f1 | 5310 | err = bpf_check_uarg_tail_zero(uattr, sizeof(attr), size); |
1e270976 MKL |
5311 | if (err) |
5312 | return err; | |
5313 | size = min_t(u32, size, sizeof(attr)); | |
99c55f7d AS |
5314 | |
5315 | /* copy attributes from user space, may be less than sizeof(bpf_attr) */ | |
8096f229 | 5316 | memset(&attr, 0, sizeof(attr)); |
af2ac3e1 | 5317 | if (copy_from_bpfptr(&attr, uattr, size) != 0) |
99c55f7d AS |
5318 | return -EFAULT; |
5319 | ||
afdb09c7 CF |
5320 | err = security_bpf(cmd, &attr, size); |
5321 | if (err < 0) | |
5322 | return err; | |
5323 | ||
99c55f7d AS |
5324 | switch (cmd) { |
5325 | case BPF_MAP_CREATE: | |
5326 | err = map_create(&attr); | |
5327 | break; | |
db20fd2b AS |
5328 | case BPF_MAP_LOOKUP_ELEM: |
5329 | err = map_lookup_elem(&attr); | |
5330 | break; | |
5331 | case BPF_MAP_UPDATE_ELEM: | |
af2ac3e1 | 5332 | err = map_update_elem(&attr, uattr); |
db20fd2b AS |
5333 | break; |
5334 | case BPF_MAP_DELETE_ELEM: | |
b88df697 | 5335 | err = map_delete_elem(&attr, uattr); |
db20fd2b AS |
5336 | break; |
5337 | case BPF_MAP_GET_NEXT_KEY: | |
5338 | err = map_get_next_key(&attr); | |
5339 | break; | |
87df15de DB |
5340 | case BPF_MAP_FREEZE: |
5341 | err = map_freeze(&attr); | |
5342 | break; | |
09756af4 | 5343 | case BPF_PROG_LOAD: |
47a71c1f | 5344 | err = bpf_prog_load(&attr, uattr, size); |
09756af4 | 5345 | break; |
b2197755 DB |
5346 | case BPF_OBJ_PIN: |
5347 | err = bpf_obj_pin(&attr); | |
5348 | break; | |
5349 | case BPF_OBJ_GET: | |
5350 | err = bpf_obj_get(&attr); | |
5351 | break; | |
f4324551 DM |
5352 | case BPF_PROG_ATTACH: |
5353 | err = bpf_prog_attach(&attr); | |
5354 | break; | |
5355 | case BPF_PROG_DETACH: | |
5356 | err = bpf_prog_detach(&attr); | |
5357 | break; | |
468e2f64 | 5358 | case BPF_PROG_QUERY: |
af2ac3e1 | 5359 | err = bpf_prog_query(&attr, uattr.user); |
468e2f64 | 5360 | break; |
1cf1cae9 | 5361 | case BPF_PROG_TEST_RUN: |
af2ac3e1 | 5362 | err = bpf_prog_test_run(&attr, uattr.user); |
1cf1cae9 | 5363 | break; |
34ad5580 | 5364 | case BPF_PROG_GET_NEXT_ID: |
af2ac3e1 | 5365 | err = bpf_obj_get_next_id(&attr, uattr.user, |
34ad5580 MKL |
5366 | &prog_idr, &prog_idr_lock); |
5367 | break; | |
5368 | case BPF_MAP_GET_NEXT_ID: | |
af2ac3e1 | 5369 | err = bpf_obj_get_next_id(&attr, uattr.user, |
34ad5580 MKL |
5370 | &map_idr, &map_idr_lock); |
5371 | break; | |
1b9ed84e | 5372 | case BPF_BTF_GET_NEXT_ID: |
af2ac3e1 | 5373 | err = bpf_obj_get_next_id(&attr, uattr.user, |
1b9ed84e QM |
5374 | &btf_idr, &btf_idr_lock); |
5375 | break; | |
b16d9aa4 MKL |
5376 | case BPF_PROG_GET_FD_BY_ID: |
5377 | err = bpf_prog_get_fd_by_id(&attr); | |
5378 | break; | |
bd5f5f4e MKL |
5379 | case BPF_MAP_GET_FD_BY_ID: |
5380 | err = bpf_map_get_fd_by_id(&attr); | |
5381 | break; | |
1e270976 | 5382 | case BPF_OBJ_GET_INFO_BY_FD: |
af2ac3e1 | 5383 | err = bpf_obj_get_info_by_fd(&attr, uattr.user); |
1e270976 | 5384 | break; |
c4f6699d AS |
5385 | case BPF_RAW_TRACEPOINT_OPEN: |
5386 | err = bpf_raw_tracepoint_open(&attr); | |
5387 | break; | |
f56a653c | 5388 | case BPF_BTF_LOAD: |
47a71c1f | 5389 | err = bpf_btf_load(&attr, uattr, size); |
f56a653c | 5390 | break; |
78958fca MKL |
5391 | case BPF_BTF_GET_FD_BY_ID: |
5392 | err = bpf_btf_get_fd_by_id(&attr); | |
5393 | break; | |
41bdc4b4 | 5394 | case BPF_TASK_FD_QUERY: |
af2ac3e1 | 5395 | err = bpf_task_fd_query(&attr, uattr.user); |
41bdc4b4 | 5396 | break; |
bd513cd0 MV |
5397 | case BPF_MAP_LOOKUP_AND_DELETE_ELEM: |
5398 | err = map_lookup_and_delete_elem(&attr); | |
5399 | break; | |
cb4d03ab | 5400 | case BPF_MAP_LOOKUP_BATCH: |
af2ac3e1 | 5401 | err = bpf_map_do_batch(&attr, uattr.user, BPF_MAP_LOOKUP_BATCH); |
cb4d03ab | 5402 | break; |
05799638 | 5403 | case BPF_MAP_LOOKUP_AND_DELETE_BATCH: |
af2ac3e1 | 5404 | err = bpf_map_do_batch(&attr, uattr.user, |
05799638 YS |
5405 | BPF_MAP_LOOKUP_AND_DELETE_BATCH); |
5406 | break; | |
aa2e93b8 | 5407 | case BPF_MAP_UPDATE_BATCH: |
af2ac3e1 | 5408 | err = bpf_map_do_batch(&attr, uattr.user, BPF_MAP_UPDATE_BATCH); |
aa2e93b8 BV |
5409 | break; |
5410 | case BPF_MAP_DELETE_BATCH: | |
af2ac3e1 | 5411 | err = bpf_map_do_batch(&attr, uattr.user, BPF_MAP_DELETE_BATCH); |
aa2e93b8 | 5412 | break; |
af6eea57 | 5413 | case BPF_LINK_CREATE: |
af2ac3e1 | 5414 | err = link_create(&attr, uattr); |
af6eea57 | 5415 | break; |
0c991ebc AN |
5416 | case BPF_LINK_UPDATE: |
5417 | err = link_update(&attr); | |
5418 | break; | |
2d602c8c AN |
5419 | case BPF_LINK_GET_FD_BY_ID: |
5420 | err = bpf_link_get_fd_by_id(&attr); | |
5421 | break; | |
5422 | case BPF_LINK_GET_NEXT_ID: | |
af2ac3e1 | 5423 | err = bpf_obj_get_next_id(&attr, uattr.user, |
2d602c8c AN |
5424 | &link_idr, &link_idr_lock); |
5425 | break; | |
d46edd67 SL |
5426 | case BPF_ENABLE_STATS: |
5427 | err = bpf_enable_stats(&attr); | |
5428 | break; | |
ac51d99b YS |
5429 | case BPF_ITER_CREATE: |
5430 | err = bpf_iter_create(&attr); | |
5431 | break; | |
73b11c2a AN |
5432 | case BPF_LINK_DETACH: |
5433 | err = link_detach(&attr); | |
5434 | break; | |
ef15314a YZ |
5435 | case BPF_PROG_BIND_MAP: |
5436 | err = bpf_prog_bind_map(&attr); | |
5437 | break; | |
99c55f7d AS |
5438 | default: |
5439 | err = -EINVAL; | |
5440 | break; | |
5441 | } | |
5442 | ||
5443 | return err; | |
5444 | } | |
79a7f8bd | 5445 | |
af2ac3e1 AS |
5446 | SYSCALL_DEFINE3(bpf, int, cmd, union bpf_attr __user *, uattr, unsigned int, size) |
5447 | { | |
5448 | return __sys_bpf(cmd, USER_BPFPTR(uattr), size); | |
5449 | } | |
5450 | ||
79a7f8bd AS |
5451 | static bool syscall_prog_is_valid_access(int off, int size, |
5452 | enum bpf_access_type type, | |
5453 | const struct bpf_prog *prog, | |
5454 | struct bpf_insn_access_aux *info) | |
5455 | { | |
5456 | if (off < 0 || off >= U16_MAX) | |
5457 | return false; | |
5458 | if (off % size != 0) | |
5459 | return false; | |
5460 | return true; | |
5461 | } | |
5462 | ||
b1d18a75 | 5463 | BPF_CALL_3(bpf_sys_bpf, int, cmd, union bpf_attr *, attr, u32, attr_size) |
79a7f8bd | 5464 | { |
af2ac3e1 AS |
5465 | switch (cmd) { |
5466 | case BPF_MAP_CREATE: | |
b88df697 | 5467 | case BPF_MAP_DELETE_ELEM: |
af2ac3e1 AS |
5468 | case BPF_MAP_UPDATE_ELEM: |
5469 | case BPF_MAP_FREEZE: | |
b88df697 | 5470 | case BPF_MAP_GET_FD_BY_ID: |
af2ac3e1 | 5471 | case BPF_PROG_LOAD: |
c571bd75 | 5472 | case BPF_BTF_LOAD: |
b1d18a75 AS |
5473 | case BPF_LINK_CREATE: |
5474 | case BPF_RAW_TRACEPOINT_OPEN: | |
af2ac3e1 | 5475 | break; |
86f44fce AS |
5476 | default: |
5477 | return -EINVAL; | |
5478 | } | |
5479 | return __sys_bpf(cmd, KERNEL_BPFPTR(attr), attr_size); | |
5480 | } | |
5481 | ||
4e4588f1 AS |
5482 | |
5483 | /* To shut up -Wmissing-prototypes. | |
5484 | * This function is used by the kernel light skeleton | |
5485 | * to load bpf programs when modules are loaded or during kernel boot. | |
5486 | * See tools/lib/bpf/skel_internal.h | |
5487 | */ | |
5488 | int kern_sys_bpf(int cmd, union bpf_attr *attr, unsigned int size); | |
5489 | ||
86f44fce AS |
5490 | int kern_sys_bpf(int cmd, union bpf_attr *attr, unsigned int size) |
5491 | { | |
5492 | struct bpf_prog * __maybe_unused prog; | |
5493 | struct bpf_tramp_run_ctx __maybe_unused run_ctx; | |
5494 | ||
5495 | switch (cmd) { | |
b1d18a75 AS |
5496 | #ifdef CONFIG_BPF_JIT /* __bpf_prog_enter_sleepable used by trampoline and JIT */ |
5497 | case BPF_PROG_TEST_RUN: | |
5498 | if (attr->test.data_in || attr->test.data_out || | |
5499 | attr->test.ctx_out || attr->test.duration || | |
5500 | attr->test.repeat || attr->test.flags) | |
5501 | return -EINVAL; | |
5502 | ||
5503 | prog = bpf_prog_get_type(attr->test.prog_fd, BPF_PROG_TYPE_SYSCALL); | |
5504 | if (IS_ERR(prog)) | |
5505 | return PTR_ERR(prog); | |
5506 | ||
5507 | if (attr->test.ctx_size_in < prog->aux->max_ctx_offset || | |
5508 | attr->test.ctx_size_in > U16_MAX) { | |
5509 | bpf_prog_put(prog); | |
5510 | return -EINVAL; | |
5511 | } | |
5512 | ||
e384c7b7 KFL |
5513 | run_ctx.bpf_cookie = 0; |
5514 | run_ctx.saved_run_ctx = NULL; | |
271de525 | 5515 | if (!__bpf_prog_enter_sleepable_recur(prog, &run_ctx)) { |
b1d18a75 AS |
5516 | /* recursion detected */ |
5517 | bpf_prog_put(prog); | |
5518 | return -EBUSY; | |
5519 | } | |
5520 | attr->test.retval = bpf_prog_run(prog, (void *) (long) attr->test.ctx_in); | |
271de525 MKL |
5521 | __bpf_prog_exit_sleepable_recur(prog, 0 /* bpf_prog_run does runtime stats */, |
5522 | &run_ctx); | |
b1d18a75 AS |
5523 | bpf_prog_put(prog); |
5524 | return 0; | |
5525 | #endif | |
af2ac3e1 | 5526 | default: |
86f44fce | 5527 | return ____bpf_sys_bpf(cmd, attr, size); |
af2ac3e1 | 5528 | } |
79a7f8bd | 5529 | } |
86f44fce | 5530 | EXPORT_SYMBOL(kern_sys_bpf); |
79a7f8bd | 5531 | |
3a2daa72 | 5532 | static const struct bpf_func_proto bpf_sys_bpf_proto = { |
79a7f8bd AS |
5533 | .func = bpf_sys_bpf, |
5534 | .gpl_only = false, | |
5535 | .ret_type = RET_INTEGER, | |
5536 | .arg1_type = ARG_ANYTHING, | |
216e3cd2 | 5537 | .arg2_type = ARG_PTR_TO_MEM | MEM_RDONLY, |
79a7f8bd AS |
5538 | .arg3_type = ARG_CONST_SIZE, |
5539 | }; | |
5540 | ||
5541 | const struct bpf_func_proto * __weak | |
5542 | tracing_prog_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog) | |
5543 | { | |
5544 | return bpf_base_func_proto(func_id); | |
5545 | } | |
5546 | ||
3abea089 AS |
5547 | BPF_CALL_1(bpf_sys_close, u32, fd) |
5548 | { | |
5549 | /* When bpf program calls this helper there should not be | |
5550 | * an fdget() without matching completed fdput(). | |
5551 | * This helper is allowed in the following callchain only: | |
5552 | * sys_bpf->prog_test_run->bpf_prog->bpf_sys_close | |
5553 | */ | |
5554 | return close_fd(fd); | |
5555 | } | |
5556 | ||
3a2daa72 | 5557 | static const struct bpf_func_proto bpf_sys_close_proto = { |
3abea089 AS |
5558 | .func = bpf_sys_close, |
5559 | .gpl_only = false, | |
5560 | .ret_type = RET_INTEGER, | |
5561 | .arg1_type = ARG_ANYTHING, | |
5562 | }; | |
5563 | ||
d6aef08a KKD |
5564 | BPF_CALL_4(bpf_kallsyms_lookup_name, const char *, name, int, name_sz, int, flags, u64 *, res) |
5565 | { | |
5566 | if (flags) | |
5567 | return -EINVAL; | |
5568 | ||
5569 | if (name_sz <= 1 || name[name_sz - 1]) | |
5570 | return -EINVAL; | |
5571 | ||
5572 | if (!bpf_dump_raw_ok(current_cred())) | |
5573 | return -EPERM; | |
5574 | ||
5575 | *res = kallsyms_lookup_name(name); | |
5576 | return *res ? 0 : -ENOENT; | |
5577 | } | |
5578 | ||
dc368e1c | 5579 | static const struct bpf_func_proto bpf_kallsyms_lookup_name_proto = { |
d6aef08a KKD |
5580 | .func = bpf_kallsyms_lookup_name, |
5581 | .gpl_only = false, | |
5582 | .ret_type = RET_INTEGER, | |
5583 | .arg1_type = ARG_PTR_TO_MEM, | |
d4efb170 | 5584 | .arg2_type = ARG_CONST_SIZE_OR_ZERO, |
d6aef08a KKD |
5585 | .arg3_type = ARG_ANYTHING, |
5586 | .arg4_type = ARG_PTR_TO_LONG, | |
5587 | }; | |
5588 | ||
79a7f8bd AS |
5589 | static const struct bpf_func_proto * |
5590 | syscall_prog_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog) | |
5591 | { | |
5592 | switch (func_id) { | |
5593 | case BPF_FUNC_sys_bpf: | |
14b20b78 | 5594 | return !perfmon_capable() ? NULL : &bpf_sys_bpf_proto; |
3d78417b AS |
5595 | case BPF_FUNC_btf_find_by_name_kind: |
5596 | return &bpf_btf_find_by_name_kind_proto; | |
3abea089 AS |
5597 | case BPF_FUNC_sys_close: |
5598 | return &bpf_sys_close_proto; | |
d6aef08a KKD |
5599 | case BPF_FUNC_kallsyms_lookup_name: |
5600 | return &bpf_kallsyms_lookup_name_proto; | |
79a7f8bd AS |
5601 | default: |
5602 | return tracing_prog_func_proto(func_id, prog); | |
5603 | } | |
5604 | } | |
5605 | ||
5606 | const struct bpf_verifier_ops bpf_syscall_verifier_ops = { | |
5607 | .get_func_proto = syscall_prog_func_proto, | |
5608 | .is_valid_access = syscall_prog_is_valid_access, | |
5609 | }; | |
5610 | ||
5611 | const struct bpf_prog_ops bpf_syscall_prog_ops = { | |
5612 | .test_run = bpf_prog_test_run_syscall, | |
5613 | }; | |
2900005e YZ |
5614 | |
5615 | #ifdef CONFIG_SYSCTL | |
5616 | static int bpf_stats_handler(struct ctl_table *table, int write, | |
5617 | void *buffer, size_t *lenp, loff_t *ppos) | |
5618 | { | |
5619 | struct static_key *key = (struct static_key *)table->data; | |
5620 | static int saved_val; | |
5621 | int val, ret; | |
5622 | struct ctl_table tmp = { | |
5623 | .data = &val, | |
5624 | .maxlen = sizeof(val), | |
5625 | .mode = table->mode, | |
5626 | .extra1 = SYSCTL_ZERO, | |
5627 | .extra2 = SYSCTL_ONE, | |
5628 | }; | |
5629 | ||
5630 | if (write && !capable(CAP_SYS_ADMIN)) | |
5631 | return -EPERM; | |
5632 | ||
5633 | mutex_lock(&bpf_stats_enabled_mutex); | |
5634 | val = saved_val; | |
5635 | ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos); | |
5636 | if (write && !ret && val != saved_val) { | |
5637 | if (val) | |
5638 | static_key_slow_inc(key); | |
5639 | else | |
5640 | static_key_slow_dec(key); | |
5641 | saved_val = val; | |
5642 | } | |
5643 | mutex_unlock(&bpf_stats_enabled_mutex); | |
5644 | return ret; | |
5645 | } | |
5646 | ||
5647 | void __weak unpriv_ebpf_notify(int new_state) | |
5648 | { | |
5649 | } | |
5650 | ||
5651 | static int bpf_unpriv_handler(struct ctl_table *table, int write, | |
5652 | void *buffer, size_t *lenp, loff_t *ppos) | |
5653 | { | |
5654 | int ret, unpriv_enable = *(int *)table->data; | |
5655 | bool locked_state = unpriv_enable == 1; | |
5656 | struct ctl_table tmp = *table; | |
5657 | ||
5658 | if (write && !capable(CAP_SYS_ADMIN)) | |
5659 | return -EPERM; | |
5660 | ||
5661 | tmp.data = &unpriv_enable; | |
5662 | ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos); | |
5663 | if (write && !ret) { | |
5664 | if (locked_state && unpriv_enable != 1) | |
5665 | return -EPERM; | |
5666 | *(int *)table->data = unpriv_enable; | |
5667 | } | |
5668 | ||
fedf9920 KFL |
5669 | if (write) |
5670 | unpriv_ebpf_notify(unpriv_enable); | |
2900005e YZ |
5671 | |
5672 | return ret; | |
5673 | } | |
5674 | ||
5675 | static struct ctl_table bpf_syscall_table[] = { | |
5676 | { | |
5677 | .procname = "unprivileged_bpf_disabled", | |
5678 | .data = &sysctl_unprivileged_bpf_disabled, | |
5679 | .maxlen = sizeof(sysctl_unprivileged_bpf_disabled), | |
5680 | .mode = 0644, | |
5681 | .proc_handler = bpf_unpriv_handler, | |
5682 | .extra1 = SYSCTL_ZERO, | |
5683 | .extra2 = SYSCTL_TWO, | |
5684 | }, | |
5685 | { | |
5686 | .procname = "bpf_stats_enabled", | |
5687 | .data = &bpf_stats_enabled_key.key, | |
2900005e YZ |
5688 | .mode = 0644, |
5689 | .proc_handler = bpf_stats_handler, | |
5690 | }, | |
5691 | { } | |
5692 | }; | |
5693 | ||
5694 | static int __init bpf_syscall_sysctl_init(void) | |
5695 | { | |
5696 | register_sysctl_init("kernel", bpf_syscall_table); | |
5697 | return 0; | |
5698 | } | |
5699 | late_initcall(bpf_syscall_sysctl_init); | |
5700 | #endif /* CONFIG_SYSCTL */ |