1 /* Copyright (c) 2011-2014 PLUMgrid, http://plumgrid.com
3 * This program is free software; you can redistribute it and/or
4 * modify it under the terms of version 2 of the GNU General Public
5 * License as published by the Free Software Foundation.
7 * This program is distributed in the hope that it will be useful, but
8 * WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
10 * General Public License for more details.
12 #include <linux/bpf.h>
13 #include <linux/bpf_trace.h>
14 #include <linux/btf.h>
15 #include <linux/syscalls.h>
16 #include <linux/slab.h>
17 #include <linux/sched/signal.h>
18 #include <linux/vmalloc.h>
19 #include <linux/mmzone.h>
20 #include <linux/anon_inodes.h>
21 #include <linux/file.h>
22 #include <linux/license.h>
23 #include <linux/filter.h>
24 #include <linux/version.h>
25 #include <linux/kernel.h>
26 #include <linux/idr.h>
27 #include <linux/cred.h>
28 #include <linux/timekeeping.h>
29 #include <linux/ctype.h>
30 #include <linux/btf.h>
32 #define IS_FD_ARRAY(map) ((map)->map_type == BPF_MAP_TYPE_PROG_ARRAY || \
33 (map)->map_type == BPF_MAP_TYPE_PERF_EVENT_ARRAY || \
34 (map)->map_type == BPF_MAP_TYPE_CGROUP_ARRAY || \
35 (map)->map_type == BPF_MAP_TYPE_ARRAY_OF_MAPS)
36 #define IS_FD_HASH(map) ((map)->map_type == BPF_MAP_TYPE_HASH_OF_MAPS)
37 #define IS_FD_MAP(map) (IS_FD_ARRAY(map) || IS_FD_HASH(map))
39 #define BPF_OBJ_FLAG_MASK (BPF_F_RDONLY | BPF_F_WRONLY)
41 DEFINE_PER_CPU(int, bpf_prog_active);
42 static DEFINE_IDR(prog_idr);
43 static DEFINE_SPINLOCK(prog_idr_lock);
44 static DEFINE_IDR(map_idr);
45 static DEFINE_SPINLOCK(map_idr_lock);
47 int sysctl_unprivileged_bpf_disabled __read_mostly;
49 static const struct bpf_map_ops * const bpf_map_types[] = {
50 #define BPF_PROG_TYPE(_id, _ops)
51 #define BPF_MAP_TYPE(_id, _ops) \
53 #include <linux/bpf_types.h>
59 * If we're handed a bigger struct than we know of, ensure all the unknown bits
60 * are 0 - i.e. new user-space does not rely on any kernel feature extensions
61 * we don't know about yet.
63 * There is a ToCToU between this function call and the following
64 * copy_from_user() call. However, this is not a concern since this function is
65 * meant to be a future-proofing of bits.
67 static int check_uarg_tail_zero(void __user *uaddr,
71 unsigned char __user *addr;
72 unsigned char __user *end;
76 if (unlikely(actual_size > PAGE_SIZE)) /* silly large */
79 if (unlikely(!access_ok(VERIFY_READ, uaddr, actual_size)))
82 if (actual_size <= expected_size)
85 addr = uaddr + expected_size;
86 end = uaddr + actual_size;
88 for (; addr < end; addr++) {
89 err = get_user(val, addr);
99 const struct bpf_map_ops bpf_map_offload_ops = {
100 .map_alloc = bpf_map_offload_map_alloc,
101 .map_free = bpf_map_offload_map_free,
104 static struct bpf_map *find_and_alloc_map(union bpf_attr *attr)
106 const struct bpf_map_ops *ops;
110 if (attr->map_type >= ARRAY_SIZE(bpf_map_types))
111 return ERR_PTR(-EINVAL);
112 ops = bpf_map_types[attr->map_type];
114 return ERR_PTR(-EINVAL);
116 if (ops->map_alloc_check) {
117 err = ops->map_alloc_check(attr);
121 if (attr->map_ifindex)
122 ops = &bpf_map_offload_ops;
123 map = ops->map_alloc(attr);
127 map->map_type = attr->map_type;
131 void *bpf_map_area_alloc(size_t size, int numa_node)
133 /* We definitely need __GFP_NORETRY, so OOM killer doesn't
134 * trigger under memory pressure as we really just want to
137 const gfp_t flags = __GFP_NOWARN | __GFP_NORETRY | __GFP_ZERO;
140 if (size <= (PAGE_SIZE << PAGE_ALLOC_COSTLY_ORDER)) {
141 area = kmalloc_node(size, GFP_USER | flags, numa_node);
146 return __vmalloc_node_flags_caller(size, numa_node, GFP_KERNEL | flags,
147 __builtin_return_address(0));
150 void bpf_map_area_free(void *area)
155 void bpf_map_init_from_attr(struct bpf_map *map, union bpf_attr *attr)
157 map->map_type = attr->map_type;
158 map->key_size = attr->key_size;
159 map->value_size = attr->value_size;
160 map->max_entries = attr->max_entries;
161 map->map_flags = attr->map_flags;
162 map->numa_node = bpf_map_attr_numa_node(attr);
165 int bpf_map_precharge_memlock(u32 pages)
167 struct user_struct *user = get_current_user();
168 unsigned long memlock_limit, cur;
170 memlock_limit = rlimit(RLIMIT_MEMLOCK) >> PAGE_SHIFT;
171 cur = atomic_long_read(&user->locked_vm);
173 if (cur + pages > memlock_limit)
178 static int bpf_map_charge_memlock(struct bpf_map *map)
180 struct user_struct *user = get_current_user();
181 unsigned long memlock_limit;
183 memlock_limit = rlimit(RLIMIT_MEMLOCK) >> PAGE_SHIFT;
185 atomic_long_add(map->pages, &user->locked_vm);
187 if (atomic_long_read(&user->locked_vm) > memlock_limit) {
188 atomic_long_sub(map->pages, &user->locked_vm);
196 static void bpf_map_uncharge_memlock(struct bpf_map *map)
198 struct user_struct *user = map->user;
200 atomic_long_sub(map->pages, &user->locked_vm);
204 static int bpf_map_alloc_id(struct bpf_map *map)
208 idr_preload(GFP_KERNEL);
209 spin_lock_bh(&map_idr_lock);
210 id = idr_alloc_cyclic(&map_idr, map, 1, INT_MAX, GFP_ATOMIC);
213 spin_unlock_bh(&map_idr_lock);
216 if (WARN_ON_ONCE(!id))
219 return id > 0 ? 0 : id;
222 void bpf_map_free_id(struct bpf_map *map, bool do_idr_lock)
226 /* Offloaded maps are removed from the IDR store when their device
227 * disappears - even if someone holds an fd to them they are unusable,
228 * the memory is gone, all ops will fail; they are simply waiting for
229 * refcnt to drop to be freed.
235 spin_lock_irqsave(&map_idr_lock, flags);
237 __acquire(&map_idr_lock);
239 idr_remove(&map_idr, map->id);
243 spin_unlock_irqrestore(&map_idr_lock, flags);
245 __release(&map_idr_lock);
248 /* called from workqueue */
249 static void bpf_map_free_deferred(struct work_struct *work)
251 struct bpf_map *map = container_of(work, struct bpf_map, work);
253 bpf_map_uncharge_memlock(map);
254 security_bpf_map_free(map);
256 /* implementation dependent freeing */
257 map->ops->map_free(map);
260 static void bpf_map_put_uref(struct bpf_map *map)
262 if (atomic_dec_and_test(&map->usercnt)) {
263 if (map->ops->map_release_uref)
264 map->ops->map_release_uref(map);
268 /* decrement map refcnt and schedule it for freeing via workqueue
269 * (unrelying map implementation ops->map_free() might sleep)
271 static void __bpf_map_put(struct bpf_map *map, bool do_idr_lock)
273 if (atomic_dec_and_test(&map->refcnt)) {
274 /* bpf_map_free_id() must be called first */
275 bpf_map_free_id(map, do_idr_lock);
276 INIT_WORK(&map->work, bpf_map_free_deferred);
277 schedule_work(&map->work);
281 void bpf_map_put(struct bpf_map *map)
283 __bpf_map_put(map, true);
286 void bpf_map_put_with_uref(struct bpf_map *map)
288 bpf_map_put_uref(map);
292 static int bpf_map_release(struct inode *inode, struct file *filp)
294 struct bpf_map *map = filp->private_data;
296 if (map->ops->map_release)
297 map->ops->map_release(map, filp);
299 bpf_map_put_with_uref(map);
303 #ifdef CONFIG_PROC_FS
304 static void bpf_map_show_fdinfo(struct seq_file *m, struct file *filp)
306 const struct bpf_map *map = filp->private_data;
307 const struct bpf_array *array;
308 u32 owner_prog_type = 0;
311 if (map->map_type == BPF_MAP_TYPE_PROG_ARRAY) {
312 array = container_of(map, struct bpf_array, map);
313 owner_prog_type = array->owner_prog_type;
314 owner_jited = array->owner_jited;
329 map->pages * 1ULL << PAGE_SHIFT);
331 if (owner_prog_type) {
332 seq_printf(m, "owner_prog_type:\t%u\n",
334 seq_printf(m, "owner_jited:\t%u\n",
340 static ssize_t bpf_dummy_read(struct file *filp, char __user *buf, size_t siz,
343 /* We need this handler such that alloc_file() enables
344 * f_mode with FMODE_CAN_READ.
349 static ssize_t bpf_dummy_write(struct file *filp, const char __user *buf,
350 size_t siz, loff_t *ppos)
352 /* We need this handler such that alloc_file() enables
353 * f_mode with FMODE_CAN_WRITE.
358 const struct file_operations bpf_map_fops = {
359 #ifdef CONFIG_PROC_FS
360 .show_fdinfo = bpf_map_show_fdinfo,
362 .release = bpf_map_release,
363 .read = bpf_dummy_read,
364 .write = bpf_dummy_write,
367 int bpf_map_new_fd(struct bpf_map *map, int flags)
371 ret = security_bpf_map(map, OPEN_FMODE(flags));
375 return anon_inode_getfd("bpf-map", &bpf_map_fops, map,
379 int bpf_get_file_flag(int flags)
381 if ((flags & BPF_F_RDONLY) && (flags & BPF_F_WRONLY))
383 if (flags & BPF_F_RDONLY)
385 if (flags & BPF_F_WRONLY)
390 /* helper macro to check that unused fields 'union bpf_attr' are zero */
391 #define CHECK_ATTR(CMD) \
392 memchr_inv((void *) &attr->CMD##_LAST_FIELD + \
393 sizeof(attr->CMD##_LAST_FIELD), 0, \
395 offsetof(union bpf_attr, CMD##_LAST_FIELD) - \
396 sizeof(attr->CMD##_LAST_FIELD)) != NULL
398 /* dst and src must have at least BPF_OBJ_NAME_LEN number of bytes.
399 * Return 0 on success and < 0 on error.
401 static int bpf_obj_name_cpy(char *dst, const char *src)
403 const char *end = src + BPF_OBJ_NAME_LEN;
405 memset(dst, 0, BPF_OBJ_NAME_LEN);
407 /* Copy all isalnum() and '_' char */
408 while (src < end && *src) {
409 if (!isalnum(*src) && *src != '_')
414 /* No '\0' found in BPF_OBJ_NAME_LEN number of bytes */
421 #define BPF_MAP_CREATE_LAST_FIELD btf_value_id
422 /* called via syscall */
423 static int map_create(union bpf_attr *attr)
425 int numa_node = bpf_map_attr_numa_node(attr);
430 err = CHECK_ATTR(BPF_MAP_CREATE);
434 f_flags = bpf_get_file_flag(attr->map_flags);
438 if (numa_node != NUMA_NO_NODE &&
439 ((unsigned int)numa_node >= nr_node_ids ||
440 !node_online(numa_node)))
443 /* find map type and init map: hashtable vs rbtree vs bloom vs ... */
444 map = find_and_alloc_map(attr);
448 err = bpf_obj_name_cpy(map->name, attr->map_name);
450 goto free_map_nouncharge;
452 atomic_set(&map->refcnt, 1);
453 atomic_set(&map->usercnt, 1);
455 if (bpf_map_support_seq_show(map) &&
456 (attr->btf_key_id || attr->btf_value_id)) {
459 if (!attr->btf_key_id || !attr->btf_value_id) {
461 goto free_map_nouncharge;
464 btf = btf_get_by_fd(attr->btf_fd);
467 goto free_map_nouncharge;
470 err = map->ops->map_check_btf(map, btf, attr->btf_key_id,
474 goto free_map_nouncharge;
478 map->btf_key_id = attr->btf_key_id;
479 map->btf_value_id = attr->btf_value_id;
482 err = security_bpf_map_alloc(map);
484 goto free_map_nouncharge;
486 err = bpf_map_charge_memlock(map);
490 err = bpf_map_alloc_id(map);
494 err = bpf_map_new_fd(map, f_flags);
496 /* failed to allocate fd.
497 * bpf_map_put() is needed because the above
498 * bpf_map_alloc_id() has published the map
499 * to the userspace and the userspace may
500 * have refcnt-ed it through BPF_MAP_GET_FD_BY_ID.
509 bpf_map_uncharge_memlock(map);
511 security_bpf_map_free(map);
514 map->ops->map_free(map);
518 /* if error is returned, fd is released.
519 * On success caller should complete fd access with matching fdput()
521 struct bpf_map *__bpf_map_get(struct fd f)
524 return ERR_PTR(-EBADF);
525 if (f.file->f_op != &bpf_map_fops) {
527 return ERR_PTR(-EINVAL);
530 return f.file->private_data;
533 /* prog's and map's refcnt limit */
534 #define BPF_MAX_REFCNT 32768
536 struct bpf_map *bpf_map_inc(struct bpf_map *map, bool uref)
538 if (atomic_inc_return(&map->refcnt) > BPF_MAX_REFCNT) {
539 atomic_dec(&map->refcnt);
540 return ERR_PTR(-EBUSY);
543 atomic_inc(&map->usercnt);
547 struct bpf_map *bpf_map_get_with_uref(u32 ufd)
549 struct fd f = fdget(ufd);
552 map = __bpf_map_get(f);
556 map = bpf_map_inc(map, true);
562 /* map_idr_lock should have been held */
563 static struct bpf_map *bpf_map_inc_not_zero(struct bpf_map *map,
568 refold = __atomic_add_unless(&map->refcnt, 1, 0);
570 if (refold >= BPF_MAX_REFCNT) {
571 __bpf_map_put(map, false);
572 return ERR_PTR(-EBUSY);
576 return ERR_PTR(-ENOENT);
579 atomic_inc(&map->usercnt);
584 int __weak bpf_stackmap_copy(struct bpf_map *map, void *key, void *value)
589 /* last field in 'union bpf_attr' used by this command */
590 #define BPF_MAP_LOOKUP_ELEM_LAST_FIELD value
592 static int map_lookup_elem(union bpf_attr *attr)
594 void __user *ukey = u64_to_user_ptr(attr->key);
595 void __user *uvalue = u64_to_user_ptr(attr->value);
596 int ufd = attr->map_fd;
598 void *key, *value, *ptr;
603 if (CHECK_ATTR(BPF_MAP_LOOKUP_ELEM))
607 map = __bpf_map_get(f);
611 if (!(f.file->f_mode & FMODE_CAN_READ)) {
616 key = memdup_user(ukey, map->key_size);
622 if (map->map_type == BPF_MAP_TYPE_PERCPU_HASH ||
623 map->map_type == BPF_MAP_TYPE_LRU_PERCPU_HASH ||
624 map->map_type == BPF_MAP_TYPE_PERCPU_ARRAY)
625 value_size = round_up(map->value_size, 8) * num_possible_cpus();
626 else if (IS_FD_MAP(map))
627 value_size = sizeof(u32);
629 value_size = map->value_size;
632 value = kmalloc(value_size, GFP_USER | __GFP_NOWARN);
636 if (bpf_map_is_dev_bound(map)) {
637 err = bpf_map_offload_lookup_elem(map, key, value);
638 } else if (map->map_type == BPF_MAP_TYPE_PERCPU_HASH ||
639 map->map_type == BPF_MAP_TYPE_LRU_PERCPU_HASH) {
640 err = bpf_percpu_hash_copy(map, key, value);
641 } else if (map->map_type == BPF_MAP_TYPE_PERCPU_ARRAY) {
642 err = bpf_percpu_array_copy(map, key, value);
643 } else if (map->map_type == BPF_MAP_TYPE_STACK_TRACE) {
644 err = bpf_stackmap_copy(map, key, value);
645 } else if (IS_FD_ARRAY(map)) {
646 err = bpf_fd_array_map_lookup_elem(map, key, value);
647 } else if (IS_FD_HASH(map)) {
648 err = bpf_fd_htab_map_lookup_elem(map, key, value);
651 ptr = map->ops->map_lookup_elem(map, key);
653 memcpy(value, ptr, value_size);
655 err = ptr ? 0 : -ENOENT;
662 if (copy_to_user(uvalue, value, value_size) != 0)
676 #define BPF_MAP_UPDATE_ELEM_LAST_FIELD flags
678 static int map_update_elem(union bpf_attr *attr)
680 void __user *ukey = u64_to_user_ptr(attr->key);
681 void __user *uvalue = u64_to_user_ptr(attr->value);
682 int ufd = attr->map_fd;
689 if (CHECK_ATTR(BPF_MAP_UPDATE_ELEM))
693 map = __bpf_map_get(f);
697 if (!(f.file->f_mode & FMODE_CAN_WRITE)) {
702 key = memdup_user(ukey, map->key_size);
708 if (map->map_type == BPF_MAP_TYPE_PERCPU_HASH ||
709 map->map_type == BPF_MAP_TYPE_LRU_PERCPU_HASH ||
710 map->map_type == BPF_MAP_TYPE_PERCPU_ARRAY)
711 value_size = round_up(map->value_size, 8) * num_possible_cpus();
713 value_size = map->value_size;
716 value = kmalloc(value_size, GFP_USER | __GFP_NOWARN);
721 if (copy_from_user(value, uvalue, value_size) != 0)
724 /* Need to create a kthread, thus must support schedule */
725 if (bpf_map_is_dev_bound(map)) {
726 err = bpf_map_offload_update_elem(map, key, value, attr->flags);
728 } else if (map->map_type == BPF_MAP_TYPE_CPUMAP) {
729 err = map->ops->map_update_elem(map, key, value, attr->flags);
733 /* must increment bpf_prog_active to avoid kprobe+bpf triggering from
734 * inside bpf map update or delete otherwise deadlocks are possible
737 __this_cpu_inc(bpf_prog_active);
738 if (map->map_type == BPF_MAP_TYPE_PERCPU_HASH ||
739 map->map_type == BPF_MAP_TYPE_LRU_PERCPU_HASH) {
740 err = bpf_percpu_hash_update(map, key, value, attr->flags);
741 } else if (map->map_type == BPF_MAP_TYPE_PERCPU_ARRAY) {
742 err = bpf_percpu_array_update(map, key, value, attr->flags);
743 } else if (IS_FD_ARRAY(map)) {
745 err = bpf_fd_array_map_update_elem(map, f.file, key, value,
748 } else if (map->map_type == BPF_MAP_TYPE_HASH_OF_MAPS) {
750 err = bpf_fd_htab_map_update_elem(map, f.file, key, value,
755 err = map->ops->map_update_elem(map, key, value, attr->flags);
758 __this_cpu_dec(bpf_prog_active);
770 #define BPF_MAP_DELETE_ELEM_LAST_FIELD key
772 static int map_delete_elem(union bpf_attr *attr)
774 void __user *ukey = u64_to_user_ptr(attr->key);
775 int ufd = attr->map_fd;
781 if (CHECK_ATTR(BPF_MAP_DELETE_ELEM))
785 map = __bpf_map_get(f);
789 if (!(f.file->f_mode & FMODE_CAN_WRITE)) {
794 key = memdup_user(ukey, map->key_size);
800 if (bpf_map_is_dev_bound(map)) {
801 err = bpf_map_offload_delete_elem(map, key);
806 __this_cpu_inc(bpf_prog_active);
808 err = map->ops->map_delete_elem(map, key);
810 __this_cpu_dec(bpf_prog_active);
819 /* last field in 'union bpf_attr' used by this command */
820 #define BPF_MAP_GET_NEXT_KEY_LAST_FIELD next_key
822 static int map_get_next_key(union bpf_attr *attr)
824 void __user *ukey = u64_to_user_ptr(attr->key);
825 void __user *unext_key = u64_to_user_ptr(attr->next_key);
826 int ufd = attr->map_fd;
828 void *key, *next_key;
832 if (CHECK_ATTR(BPF_MAP_GET_NEXT_KEY))
836 map = __bpf_map_get(f);
840 if (!(f.file->f_mode & FMODE_CAN_READ)) {
846 key = memdup_user(ukey, map->key_size);
856 next_key = kmalloc(map->key_size, GFP_USER);
860 if (bpf_map_is_dev_bound(map)) {
861 err = bpf_map_offload_get_next_key(map, key, next_key);
866 err = map->ops->map_get_next_key(map, key, next_key);
873 if (copy_to_user(unext_key, next_key, map->key_size) != 0)
887 static const struct bpf_prog_ops * const bpf_prog_types[] = {
888 #define BPF_PROG_TYPE(_id, _name) \
889 [_id] = & _name ## _prog_ops,
890 #define BPF_MAP_TYPE(_id, _ops)
891 #include <linux/bpf_types.h>
896 static int find_prog_type(enum bpf_prog_type type, struct bpf_prog *prog)
898 if (type >= ARRAY_SIZE(bpf_prog_types) || !bpf_prog_types[type])
901 if (!bpf_prog_is_dev_bound(prog->aux))
902 prog->aux->ops = bpf_prog_types[type];
904 prog->aux->ops = &bpf_offload_prog_ops;
909 /* drop refcnt on maps used by eBPF program and free auxilary data */
910 static void free_used_maps(struct bpf_prog_aux *aux)
914 for (i = 0; i < aux->used_map_cnt; i++)
915 bpf_map_put(aux->used_maps[i]);
917 kfree(aux->used_maps);
920 int __bpf_prog_charge(struct user_struct *user, u32 pages)
922 unsigned long memlock_limit = rlimit(RLIMIT_MEMLOCK) >> PAGE_SHIFT;
923 unsigned long user_bufs;
926 user_bufs = atomic_long_add_return(pages, &user->locked_vm);
927 if (user_bufs > memlock_limit) {
928 atomic_long_sub(pages, &user->locked_vm);
936 void __bpf_prog_uncharge(struct user_struct *user, u32 pages)
939 atomic_long_sub(pages, &user->locked_vm);
942 static int bpf_prog_charge_memlock(struct bpf_prog *prog)
944 struct user_struct *user = get_current_user();
947 ret = __bpf_prog_charge(user, prog->pages);
953 prog->aux->user = user;
957 static void bpf_prog_uncharge_memlock(struct bpf_prog *prog)
959 struct user_struct *user = prog->aux->user;
961 __bpf_prog_uncharge(user, prog->pages);
965 static int bpf_prog_alloc_id(struct bpf_prog *prog)
969 idr_preload(GFP_KERNEL);
970 spin_lock_bh(&prog_idr_lock);
971 id = idr_alloc_cyclic(&prog_idr, prog, 1, INT_MAX, GFP_ATOMIC);
974 spin_unlock_bh(&prog_idr_lock);
977 /* id is in [1, INT_MAX) */
978 if (WARN_ON_ONCE(!id))
981 return id > 0 ? 0 : id;
984 void bpf_prog_free_id(struct bpf_prog *prog, bool do_idr_lock)
986 /* cBPF to eBPF migrations are currently not in the idr store.
987 * Offloaded programs are removed from the store when their device
988 * disappears - even if someone grabs an fd to them they are unusable,
989 * simply waiting for refcnt to drop to be freed.
995 spin_lock_bh(&prog_idr_lock);
997 __acquire(&prog_idr_lock);
999 idr_remove(&prog_idr, prog->aux->id);
1003 spin_unlock_bh(&prog_idr_lock);
1005 __release(&prog_idr_lock);
1008 static void __bpf_prog_put_rcu(struct rcu_head *rcu)
1010 struct bpf_prog_aux *aux = container_of(rcu, struct bpf_prog_aux, rcu);
1012 free_used_maps(aux);
1013 bpf_prog_uncharge_memlock(aux->prog);
1014 security_bpf_prog_free(aux);
1015 bpf_prog_free(aux->prog);
1018 static void __bpf_prog_put(struct bpf_prog *prog, bool do_idr_lock)
1020 if (atomic_dec_and_test(&prog->aux->refcnt)) {
1023 /* bpf_prog_free_id() must be called first */
1024 bpf_prog_free_id(prog, do_idr_lock);
1026 for (i = 0; i < prog->aux->func_cnt; i++)
1027 bpf_prog_kallsyms_del(prog->aux->func[i]);
1028 bpf_prog_kallsyms_del(prog);
1030 call_rcu(&prog->aux->rcu, __bpf_prog_put_rcu);
1034 void bpf_prog_put(struct bpf_prog *prog)
1036 __bpf_prog_put(prog, true);
1038 EXPORT_SYMBOL_GPL(bpf_prog_put);
1040 static int bpf_prog_release(struct inode *inode, struct file *filp)
1042 struct bpf_prog *prog = filp->private_data;
1048 #ifdef CONFIG_PROC_FS
1049 static void bpf_prog_show_fdinfo(struct seq_file *m, struct file *filp)
1051 const struct bpf_prog *prog = filp->private_data;
1052 char prog_tag[sizeof(prog->tag) * 2 + 1] = { };
1054 bin2hex(prog_tag, prog->tag, sizeof(prog->tag));
1063 prog->pages * 1ULL << PAGE_SHIFT);
1067 const struct file_operations bpf_prog_fops = {
1068 #ifdef CONFIG_PROC_FS
1069 .show_fdinfo = bpf_prog_show_fdinfo,
1071 .release = bpf_prog_release,
1072 .read = bpf_dummy_read,
1073 .write = bpf_dummy_write,
1076 int bpf_prog_new_fd(struct bpf_prog *prog)
1080 ret = security_bpf_prog(prog);
1084 return anon_inode_getfd("bpf-prog", &bpf_prog_fops, prog,
1085 O_RDWR | O_CLOEXEC);
1088 static struct bpf_prog *____bpf_prog_get(struct fd f)
1091 return ERR_PTR(-EBADF);
1092 if (f.file->f_op != &bpf_prog_fops) {
1094 return ERR_PTR(-EINVAL);
1097 return f.file->private_data;
1100 struct bpf_prog *bpf_prog_add(struct bpf_prog *prog, int i)
1102 if (atomic_add_return(i, &prog->aux->refcnt) > BPF_MAX_REFCNT) {
1103 atomic_sub(i, &prog->aux->refcnt);
1104 return ERR_PTR(-EBUSY);
1108 EXPORT_SYMBOL_GPL(bpf_prog_add);
1110 void bpf_prog_sub(struct bpf_prog *prog, int i)
1112 /* Only to be used for undoing previous bpf_prog_add() in some
1113 * error path. We still know that another entity in our call
1114 * path holds a reference to the program, thus atomic_sub() can
1115 * be safely used in such cases!
1117 WARN_ON(atomic_sub_return(i, &prog->aux->refcnt) == 0);
1119 EXPORT_SYMBOL_GPL(bpf_prog_sub);
1121 struct bpf_prog *bpf_prog_inc(struct bpf_prog *prog)
1123 return bpf_prog_add(prog, 1);
1125 EXPORT_SYMBOL_GPL(bpf_prog_inc);
1127 /* prog_idr_lock should have been held */
1128 struct bpf_prog *bpf_prog_inc_not_zero(struct bpf_prog *prog)
1132 refold = __atomic_add_unless(&prog->aux->refcnt, 1, 0);
1134 if (refold >= BPF_MAX_REFCNT) {
1135 __bpf_prog_put(prog, false);
1136 return ERR_PTR(-EBUSY);
1140 return ERR_PTR(-ENOENT);
1144 EXPORT_SYMBOL_GPL(bpf_prog_inc_not_zero);
1146 bool bpf_prog_get_ok(struct bpf_prog *prog,
1147 enum bpf_prog_type *attach_type, bool attach_drv)
1149 /* not an attachment, just a refcount inc, always allow */
1153 if (prog->type != *attach_type)
1155 if (bpf_prog_is_dev_bound(prog->aux) && !attach_drv)
1161 static struct bpf_prog *__bpf_prog_get(u32 ufd, enum bpf_prog_type *attach_type,
1164 struct fd f = fdget(ufd);
1165 struct bpf_prog *prog;
1167 prog = ____bpf_prog_get(f);
1170 if (!bpf_prog_get_ok(prog, attach_type, attach_drv)) {
1171 prog = ERR_PTR(-EINVAL);
1175 prog = bpf_prog_inc(prog);
1181 struct bpf_prog *bpf_prog_get(u32 ufd)
1183 return __bpf_prog_get(ufd, NULL, false);
1186 struct bpf_prog *bpf_prog_get_type_dev(u32 ufd, enum bpf_prog_type type,
1189 return __bpf_prog_get(ufd, &type, attach_drv);
1191 EXPORT_SYMBOL_GPL(bpf_prog_get_type_dev);
1193 /* Initially all BPF programs could be loaded w/o specifying
1194 * expected_attach_type. Later for some of them specifying expected_attach_type
1195 * at load time became required so that program could be validated properly.
1196 * Programs of types that are allowed to be loaded both w/ and w/o (for
1197 * backward compatibility) expected_attach_type, should have the default attach
1198 * type assigned to expected_attach_type for the latter case, so that it can be
1199 * validated later at attach time.
1201 * bpf_prog_load_fixup_attach_type() sets expected_attach_type in @attr if
1202 * prog type requires it but has some attach types that have to be backward
1205 static void bpf_prog_load_fixup_attach_type(union bpf_attr *attr)
1207 switch (attr->prog_type) {
1208 case BPF_PROG_TYPE_CGROUP_SOCK:
1209 /* Unfortunately BPF_ATTACH_TYPE_UNSPEC enumeration doesn't
1210 * exist so checking for non-zero is the way to go here.
1212 if (!attr->expected_attach_type)
1213 attr->expected_attach_type =
1214 BPF_CGROUP_INET_SOCK_CREATE;
1220 bpf_prog_load_check_attach_type(enum bpf_prog_type prog_type,
1221 enum bpf_attach_type expected_attach_type)
1223 switch (prog_type) {
1224 case BPF_PROG_TYPE_CGROUP_SOCK:
1225 switch (expected_attach_type) {
1226 case BPF_CGROUP_INET_SOCK_CREATE:
1227 case BPF_CGROUP_INET4_POST_BIND:
1228 case BPF_CGROUP_INET6_POST_BIND:
1233 case BPF_PROG_TYPE_CGROUP_SOCK_ADDR:
1234 switch (expected_attach_type) {
1235 case BPF_CGROUP_INET4_BIND:
1236 case BPF_CGROUP_INET6_BIND:
1237 case BPF_CGROUP_INET4_CONNECT:
1238 case BPF_CGROUP_INET6_CONNECT:
1248 /* last field in 'union bpf_attr' used by this command */
1249 #define BPF_PROG_LOAD_LAST_FIELD expected_attach_type
1251 static int bpf_prog_load(union bpf_attr *attr)
1253 enum bpf_prog_type type = attr->prog_type;
1254 struct bpf_prog *prog;
1259 if (CHECK_ATTR(BPF_PROG_LOAD))
1262 if (attr->prog_flags & ~BPF_F_STRICT_ALIGNMENT)
1265 /* copy eBPF program license from user space */
1266 if (strncpy_from_user(license, u64_to_user_ptr(attr->license),
1267 sizeof(license) - 1) < 0)
1269 license[sizeof(license) - 1] = 0;
1271 /* eBPF programs must be GPL compatible to use GPL-ed functions */
1272 is_gpl = license_is_gpl_compatible(license);
1274 if (attr->insn_cnt == 0 || attr->insn_cnt > BPF_MAXINSNS)
1277 if (type == BPF_PROG_TYPE_KPROBE &&
1278 attr->kern_version != LINUX_VERSION_CODE)
1281 if (type != BPF_PROG_TYPE_SOCKET_FILTER &&
1282 type != BPF_PROG_TYPE_CGROUP_SKB &&
1283 !capable(CAP_SYS_ADMIN))
1286 bpf_prog_load_fixup_attach_type(attr);
1287 if (bpf_prog_load_check_attach_type(type, attr->expected_attach_type))
1290 /* plain bpf_prog allocation */
1291 prog = bpf_prog_alloc(bpf_prog_size(attr->insn_cnt), GFP_USER);
1295 prog->expected_attach_type = attr->expected_attach_type;
1297 prog->aux->offload_requested = !!attr->prog_ifindex;
1299 err = security_bpf_prog_alloc(prog->aux);
1301 goto free_prog_nouncharge;
1303 err = bpf_prog_charge_memlock(prog);
1307 prog->len = attr->insn_cnt;
1310 if (copy_from_user(prog->insns, u64_to_user_ptr(attr->insns),
1311 bpf_prog_insn_size(prog)) != 0)
1314 prog->orig_prog = NULL;
1317 atomic_set(&prog->aux->refcnt, 1);
1318 prog->gpl_compatible = is_gpl ? 1 : 0;
1320 if (bpf_prog_is_dev_bound(prog->aux)) {
1321 err = bpf_prog_offload_init(prog, attr);
1326 /* find program type: socket_filter vs tracing_filter */
1327 err = find_prog_type(type, prog);
1331 prog->aux->load_time = ktime_get_boot_ns();
1332 err = bpf_obj_name_cpy(prog->aux->name, attr->prog_name);
1336 /* run eBPF verifier */
1337 err = bpf_check(&prog, attr);
1339 goto free_used_maps;
1341 /* eBPF program is ready to be JITed */
1342 if (!prog->bpf_func)
1343 prog = bpf_prog_select_runtime(prog, &err);
1345 goto free_used_maps;
1347 err = bpf_prog_alloc_id(prog);
1349 goto free_used_maps;
1351 err = bpf_prog_new_fd(prog);
1353 /* failed to allocate fd.
1354 * bpf_prog_put() is needed because the above
1355 * bpf_prog_alloc_id() has published the prog
1356 * to the userspace and the userspace may
1357 * have refcnt-ed it through BPF_PROG_GET_FD_BY_ID.
1363 bpf_prog_kallsyms_add(prog);
1367 free_used_maps(prog->aux);
1369 bpf_prog_uncharge_memlock(prog);
1371 security_bpf_prog_free(prog->aux);
1372 free_prog_nouncharge:
1373 bpf_prog_free(prog);
1377 #define BPF_OBJ_LAST_FIELD file_flags
1379 static int bpf_obj_pin(const union bpf_attr *attr)
1381 if (CHECK_ATTR(BPF_OBJ) || attr->file_flags != 0)
1384 return bpf_obj_pin_user(attr->bpf_fd, u64_to_user_ptr(attr->pathname));
1387 static int bpf_obj_get(const union bpf_attr *attr)
1389 if (CHECK_ATTR(BPF_OBJ) || attr->bpf_fd != 0 ||
1390 attr->file_flags & ~BPF_OBJ_FLAG_MASK)
1393 return bpf_obj_get_user(u64_to_user_ptr(attr->pathname),
1397 struct bpf_raw_tracepoint {
1398 struct bpf_raw_event_map *btp;
1399 struct bpf_prog *prog;
1402 static int bpf_raw_tracepoint_release(struct inode *inode, struct file *filp)
1404 struct bpf_raw_tracepoint *raw_tp = filp->private_data;
1407 bpf_probe_unregister(raw_tp->btp, raw_tp->prog);
1408 bpf_prog_put(raw_tp->prog);
1414 static const struct file_operations bpf_raw_tp_fops = {
1415 .release = bpf_raw_tracepoint_release,
1416 .read = bpf_dummy_read,
1417 .write = bpf_dummy_write,
1420 #define BPF_RAW_TRACEPOINT_OPEN_LAST_FIELD raw_tracepoint.prog_fd
1422 static int bpf_raw_tracepoint_open(const union bpf_attr *attr)
1424 struct bpf_raw_tracepoint *raw_tp;
1425 struct bpf_raw_event_map *btp;
1426 struct bpf_prog *prog;
1430 if (strncpy_from_user(tp_name, u64_to_user_ptr(attr->raw_tracepoint.name),
1431 sizeof(tp_name) - 1) < 0)
1433 tp_name[sizeof(tp_name) - 1] = 0;
1435 btp = bpf_find_raw_tracepoint(tp_name);
1439 raw_tp = kzalloc(sizeof(*raw_tp), GFP_USER);
1444 prog = bpf_prog_get_type(attr->raw_tracepoint.prog_fd,
1445 BPF_PROG_TYPE_RAW_TRACEPOINT);
1447 err = PTR_ERR(prog);
1451 err = bpf_probe_register(raw_tp->btp, prog);
1455 raw_tp->prog = prog;
1456 tp_fd = anon_inode_getfd("bpf-raw-tracepoint", &bpf_raw_tp_fops, raw_tp,
1459 bpf_probe_unregister(raw_tp->btp, prog);
1472 #ifdef CONFIG_CGROUP_BPF
1474 static int bpf_prog_attach_check_attach_type(const struct bpf_prog *prog,
1475 enum bpf_attach_type attach_type)
1477 switch (prog->type) {
1478 case BPF_PROG_TYPE_CGROUP_SOCK:
1479 case BPF_PROG_TYPE_CGROUP_SOCK_ADDR:
1480 return attach_type == prog->expected_attach_type ? 0 : -EINVAL;
1486 #define BPF_PROG_ATTACH_LAST_FIELD attach_flags
1488 static int sockmap_get_from_fd(const union bpf_attr *attr,
1489 int type, bool attach)
1491 struct bpf_prog *prog = NULL;
1492 int ufd = attr->target_fd;
1493 struct bpf_map *map;
1498 map = __bpf_map_get(f);
1500 return PTR_ERR(map);
1503 prog = bpf_prog_get_type(attr->attach_bpf_fd, type);
1506 return PTR_ERR(prog);
1510 err = sock_map_prog(map, prog, attr->attach_type);
1522 #define BPF_F_ATTACH_MASK \
1523 (BPF_F_ALLOW_OVERRIDE | BPF_F_ALLOW_MULTI)
1525 static int bpf_prog_attach(const union bpf_attr *attr)
1527 enum bpf_prog_type ptype;
1528 struct bpf_prog *prog;
1529 struct cgroup *cgrp;
1532 if (!capable(CAP_NET_ADMIN))
1535 if (CHECK_ATTR(BPF_PROG_ATTACH))
1538 if (attr->attach_flags & ~BPF_F_ATTACH_MASK)
1541 switch (attr->attach_type) {
1542 case BPF_CGROUP_INET_INGRESS:
1543 case BPF_CGROUP_INET_EGRESS:
1544 ptype = BPF_PROG_TYPE_CGROUP_SKB;
1546 case BPF_CGROUP_INET_SOCK_CREATE:
1547 case BPF_CGROUP_INET4_POST_BIND:
1548 case BPF_CGROUP_INET6_POST_BIND:
1549 ptype = BPF_PROG_TYPE_CGROUP_SOCK;
1551 case BPF_CGROUP_INET4_BIND:
1552 case BPF_CGROUP_INET6_BIND:
1553 case BPF_CGROUP_INET4_CONNECT:
1554 case BPF_CGROUP_INET6_CONNECT:
1555 ptype = BPF_PROG_TYPE_CGROUP_SOCK_ADDR;
1557 case BPF_CGROUP_SOCK_OPS:
1558 ptype = BPF_PROG_TYPE_SOCK_OPS;
1560 case BPF_CGROUP_DEVICE:
1561 ptype = BPF_PROG_TYPE_CGROUP_DEVICE;
1563 case BPF_SK_MSG_VERDICT:
1564 return sockmap_get_from_fd(attr, BPF_PROG_TYPE_SK_MSG, true);
1565 case BPF_SK_SKB_STREAM_PARSER:
1566 case BPF_SK_SKB_STREAM_VERDICT:
1567 return sockmap_get_from_fd(attr, BPF_PROG_TYPE_SK_SKB, true);
1572 prog = bpf_prog_get_type(attr->attach_bpf_fd, ptype);
1574 return PTR_ERR(prog);
1576 if (bpf_prog_attach_check_attach_type(prog, attr->attach_type)) {
1581 cgrp = cgroup_get_from_fd(attr->target_fd);
1584 return PTR_ERR(cgrp);
1587 ret = cgroup_bpf_attach(cgrp, prog, attr->attach_type,
1588 attr->attach_flags);
1596 #define BPF_PROG_DETACH_LAST_FIELD attach_type
1598 static int bpf_prog_detach(const union bpf_attr *attr)
1600 enum bpf_prog_type ptype;
1601 struct bpf_prog *prog;
1602 struct cgroup *cgrp;
1605 if (!capable(CAP_NET_ADMIN))
1608 if (CHECK_ATTR(BPF_PROG_DETACH))
1611 switch (attr->attach_type) {
1612 case BPF_CGROUP_INET_INGRESS:
1613 case BPF_CGROUP_INET_EGRESS:
1614 ptype = BPF_PROG_TYPE_CGROUP_SKB;
1616 case BPF_CGROUP_INET_SOCK_CREATE:
1617 case BPF_CGROUP_INET4_POST_BIND:
1618 case BPF_CGROUP_INET6_POST_BIND:
1619 ptype = BPF_PROG_TYPE_CGROUP_SOCK;
1621 case BPF_CGROUP_INET4_BIND:
1622 case BPF_CGROUP_INET6_BIND:
1623 case BPF_CGROUP_INET4_CONNECT:
1624 case BPF_CGROUP_INET6_CONNECT:
1625 ptype = BPF_PROG_TYPE_CGROUP_SOCK_ADDR;
1627 case BPF_CGROUP_SOCK_OPS:
1628 ptype = BPF_PROG_TYPE_SOCK_OPS;
1630 case BPF_CGROUP_DEVICE:
1631 ptype = BPF_PROG_TYPE_CGROUP_DEVICE;
1633 case BPF_SK_MSG_VERDICT:
1634 return sockmap_get_from_fd(attr, BPF_PROG_TYPE_SK_MSG, false);
1635 case BPF_SK_SKB_STREAM_PARSER:
1636 case BPF_SK_SKB_STREAM_VERDICT:
1637 return sockmap_get_from_fd(attr, BPF_PROG_TYPE_SK_SKB, false);
1642 cgrp = cgroup_get_from_fd(attr->target_fd);
1644 return PTR_ERR(cgrp);
1646 prog = bpf_prog_get_type(attr->attach_bpf_fd, ptype);
1650 ret = cgroup_bpf_detach(cgrp, prog, attr->attach_type, 0);
1657 #define BPF_PROG_QUERY_LAST_FIELD query.prog_cnt
1659 static int bpf_prog_query(const union bpf_attr *attr,
1660 union bpf_attr __user *uattr)
1662 struct cgroup *cgrp;
1665 if (!capable(CAP_NET_ADMIN))
1667 if (CHECK_ATTR(BPF_PROG_QUERY))
1669 if (attr->query.query_flags & ~BPF_F_QUERY_EFFECTIVE)
1672 switch (attr->query.attach_type) {
1673 case BPF_CGROUP_INET_INGRESS:
1674 case BPF_CGROUP_INET_EGRESS:
1675 case BPF_CGROUP_INET_SOCK_CREATE:
1676 case BPF_CGROUP_INET4_BIND:
1677 case BPF_CGROUP_INET6_BIND:
1678 case BPF_CGROUP_INET4_POST_BIND:
1679 case BPF_CGROUP_INET6_POST_BIND:
1680 case BPF_CGROUP_INET4_CONNECT:
1681 case BPF_CGROUP_INET6_CONNECT:
1682 case BPF_CGROUP_SOCK_OPS:
1683 case BPF_CGROUP_DEVICE:
1688 cgrp = cgroup_get_from_fd(attr->query.target_fd);
1690 return PTR_ERR(cgrp);
1691 ret = cgroup_bpf_query(cgrp, attr, uattr);
1695 #endif /* CONFIG_CGROUP_BPF */
1697 #define BPF_PROG_TEST_RUN_LAST_FIELD test.duration
1699 static int bpf_prog_test_run(const union bpf_attr *attr,
1700 union bpf_attr __user *uattr)
1702 struct bpf_prog *prog;
1703 int ret = -ENOTSUPP;
1705 if (!capable(CAP_SYS_ADMIN))
1707 if (CHECK_ATTR(BPF_PROG_TEST_RUN))
1710 prog = bpf_prog_get(attr->test.prog_fd);
1712 return PTR_ERR(prog);
1714 if (prog->aux->ops->test_run)
1715 ret = prog->aux->ops->test_run(prog, attr, uattr);
1721 #define BPF_OBJ_GET_NEXT_ID_LAST_FIELD next_id
1723 static int bpf_obj_get_next_id(const union bpf_attr *attr,
1724 union bpf_attr __user *uattr,
1728 u32 next_id = attr->start_id;
1731 if (CHECK_ATTR(BPF_OBJ_GET_NEXT_ID) || next_id >= INT_MAX)
1734 if (!capable(CAP_SYS_ADMIN))
1739 if (!idr_get_next(idr, &next_id))
1741 spin_unlock_bh(lock);
1744 err = put_user(next_id, &uattr->next_id);
1749 #define BPF_PROG_GET_FD_BY_ID_LAST_FIELD prog_id
1751 static int bpf_prog_get_fd_by_id(const union bpf_attr *attr)
1753 struct bpf_prog *prog;
1754 u32 id = attr->prog_id;
1757 if (CHECK_ATTR(BPF_PROG_GET_FD_BY_ID))
1760 if (!capable(CAP_SYS_ADMIN))
1763 spin_lock_bh(&prog_idr_lock);
1764 prog = idr_find(&prog_idr, id);
1766 prog = bpf_prog_inc_not_zero(prog);
1768 prog = ERR_PTR(-ENOENT);
1769 spin_unlock_bh(&prog_idr_lock);
1772 return PTR_ERR(prog);
1774 fd = bpf_prog_new_fd(prog);
1781 #define BPF_MAP_GET_FD_BY_ID_LAST_FIELD open_flags
1783 static int bpf_map_get_fd_by_id(const union bpf_attr *attr)
1785 struct bpf_map *map;
1786 u32 id = attr->map_id;
1790 if (CHECK_ATTR(BPF_MAP_GET_FD_BY_ID) ||
1791 attr->open_flags & ~BPF_OBJ_FLAG_MASK)
1794 if (!capable(CAP_SYS_ADMIN))
1797 f_flags = bpf_get_file_flag(attr->open_flags);
1801 spin_lock_bh(&map_idr_lock);
1802 map = idr_find(&map_idr, id);
1804 map = bpf_map_inc_not_zero(map, true);
1806 map = ERR_PTR(-ENOENT);
1807 spin_unlock_bh(&map_idr_lock);
1810 return PTR_ERR(map);
1812 fd = bpf_map_new_fd(map, f_flags);
1819 static const struct bpf_map *bpf_map_from_imm(const struct bpf_prog *prog,
1824 for (i = 0; i < prog->aux->used_map_cnt; i++)
1825 if (prog->aux->used_maps[i] == (void *)addr)
1826 return prog->aux->used_maps[i];
1830 static struct bpf_insn *bpf_insn_prepare_dump(const struct bpf_prog *prog)
1832 const struct bpf_map *map;
1833 struct bpf_insn *insns;
1837 insns = kmemdup(prog->insnsi, bpf_prog_insn_size(prog),
1842 for (i = 0; i < prog->len; i++) {
1843 if (insns[i].code == (BPF_JMP | BPF_TAIL_CALL)) {
1844 insns[i].code = BPF_JMP | BPF_CALL;
1845 insns[i].imm = BPF_FUNC_tail_call;
1848 if (insns[i].code == (BPF_JMP | BPF_CALL) ||
1849 insns[i].code == (BPF_JMP | BPF_CALL_ARGS)) {
1850 if (insns[i].code == (BPF_JMP | BPF_CALL_ARGS))
1851 insns[i].code = BPF_JMP | BPF_CALL;
1852 if (!bpf_dump_raw_ok())
1857 if (insns[i].code != (BPF_LD | BPF_IMM | BPF_DW))
1860 imm = ((u64)insns[i + 1].imm << 32) | (u32)insns[i].imm;
1861 map = bpf_map_from_imm(prog, imm);
1863 insns[i].src_reg = BPF_PSEUDO_MAP_FD;
1864 insns[i].imm = map->id;
1865 insns[i + 1].imm = 0;
1869 if (!bpf_dump_raw_ok() &&
1870 imm == (unsigned long)prog->aux) {
1872 insns[i + 1].imm = 0;
1880 static int bpf_prog_get_info_by_fd(struct bpf_prog *prog,
1881 const union bpf_attr *attr,
1882 union bpf_attr __user *uattr)
1884 struct bpf_prog_info __user *uinfo = u64_to_user_ptr(attr->info.info);
1885 struct bpf_prog_info info = {};
1886 u32 info_len = attr->info.info_len;
1887 char __user *uinsns;
1891 err = check_uarg_tail_zero(uinfo, sizeof(info), info_len);
1894 info_len = min_t(u32, sizeof(info), info_len);
1896 if (copy_from_user(&info, uinfo, info_len))
1899 info.type = prog->type;
1900 info.id = prog->aux->id;
1901 info.load_time = prog->aux->load_time;
1902 info.created_by_uid = from_kuid_munged(current_user_ns(),
1903 prog->aux->user->uid);
1904 info.gpl_compatible = prog->gpl_compatible;
1906 memcpy(info.tag, prog->tag, sizeof(prog->tag));
1907 memcpy(info.name, prog->aux->name, sizeof(prog->aux->name));
1909 ulen = info.nr_map_ids;
1910 info.nr_map_ids = prog->aux->used_map_cnt;
1911 ulen = min_t(u32, info.nr_map_ids, ulen);
1913 u32 __user *user_map_ids = u64_to_user_ptr(info.map_ids);
1916 for (i = 0; i < ulen; i++)
1917 if (put_user(prog->aux->used_maps[i]->id,
1922 if (!capable(CAP_SYS_ADMIN)) {
1923 info.jited_prog_len = 0;
1924 info.xlated_prog_len = 0;
1928 ulen = info.xlated_prog_len;
1929 info.xlated_prog_len = bpf_prog_insn_size(prog);
1930 if (info.xlated_prog_len && ulen) {
1931 struct bpf_insn *insns_sanitized;
1934 if (prog->blinded && !bpf_dump_raw_ok()) {
1935 info.xlated_prog_insns = 0;
1938 insns_sanitized = bpf_insn_prepare_dump(prog);
1939 if (!insns_sanitized)
1941 uinsns = u64_to_user_ptr(info.xlated_prog_insns);
1942 ulen = min_t(u32, info.xlated_prog_len, ulen);
1943 fault = copy_to_user(uinsns, insns_sanitized, ulen);
1944 kfree(insns_sanitized);
1949 if (bpf_prog_is_dev_bound(prog->aux)) {
1950 err = bpf_prog_offload_info_fill(&info, prog);
1956 /* NOTE: the following code is supposed to be skipped for offload.
1957 * bpf_prog_offload_info_fill() is the place to fill similar fields
1960 ulen = info.jited_prog_len;
1961 info.jited_prog_len = prog->jited_len;
1962 if (info.jited_prog_len && ulen) {
1963 if (bpf_dump_raw_ok()) {
1964 uinsns = u64_to_user_ptr(info.jited_prog_insns);
1965 ulen = min_t(u32, info.jited_prog_len, ulen);
1966 if (copy_to_user(uinsns, prog->bpf_func, ulen))
1969 info.jited_prog_insns = 0;
1974 if (copy_to_user(uinfo, &info, info_len) ||
1975 put_user(info_len, &uattr->info.info_len))
1981 static int bpf_map_get_info_by_fd(struct bpf_map *map,
1982 const union bpf_attr *attr,
1983 union bpf_attr __user *uattr)
1985 struct bpf_map_info __user *uinfo = u64_to_user_ptr(attr->info.info);
1986 struct bpf_map_info info = {};
1987 u32 info_len = attr->info.info_len;
1990 err = check_uarg_tail_zero(uinfo, sizeof(info), info_len);
1993 info_len = min_t(u32, sizeof(info), info_len);
1995 info.type = map->map_type;
1997 info.key_size = map->key_size;
1998 info.value_size = map->value_size;
1999 info.max_entries = map->max_entries;
2000 info.map_flags = map->map_flags;
2001 memcpy(info.name, map->name, sizeof(map->name));
2003 if (bpf_map_is_dev_bound(map)) {
2004 err = bpf_map_offload_info_fill(&info, map);
2009 if (copy_to_user(uinfo, &info, info_len) ||
2010 put_user(info_len, &uattr->info.info_len))
2016 #define BPF_OBJ_GET_INFO_BY_FD_LAST_FIELD info.info
2018 static int bpf_obj_get_info_by_fd(const union bpf_attr *attr,
2019 union bpf_attr __user *uattr)
2021 int ufd = attr->info.bpf_fd;
2025 if (CHECK_ATTR(BPF_OBJ_GET_INFO_BY_FD))
2032 if (f.file->f_op == &bpf_prog_fops)
2033 err = bpf_prog_get_info_by_fd(f.file->private_data, attr,
2035 else if (f.file->f_op == &bpf_map_fops)
2036 err = bpf_map_get_info_by_fd(f.file->private_data, attr,
2038 else if (f.file->f_op == &btf_fops)
2039 err = btf_get_info_by_fd(f.file->private_data, attr, uattr);
2047 #define BPF_BTF_LOAD_LAST_FIELD btf_log_level
2049 static int bpf_btf_load(const union bpf_attr *attr)
2051 if (CHECK_ATTR(BPF_BTF_LOAD))
2054 if (!capable(CAP_SYS_ADMIN))
2057 return btf_new_fd(attr);
2060 SYSCALL_DEFINE3(bpf, int, cmd, union bpf_attr __user *, uattr, unsigned int, size)
2062 union bpf_attr attr = {};
2065 if (sysctl_unprivileged_bpf_disabled && !capable(CAP_SYS_ADMIN))
2068 err = check_uarg_tail_zero(uattr, sizeof(attr), size);
2071 size = min_t(u32, size, sizeof(attr));
2073 /* copy attributes from user space, may be less than sizeof(bpf_attr) */
2074 if (copy_from_user(&attr, uattr, size) != 0)
2077 err = security_bpf(cmd, &attr, size);
2082 case BPF_MAP_CREATE:
2083 err = map_create(&attr);
2085 case BPF_MAP_LOOKUP_ELEM:
2086 err = map_lookup_elem(&attr);
2088 case BPF_MAP_UPDATE_ELEM:
2089 err = map_update_elem(&attr);
2091 case BPF_MAP_DELETE_ELEM:
2092 err = map_delete_elem(&attr);
2094 case BPF_MAP_GET_NEXT_KEY:
2095 err = map_get_next_key(&attr);
2098 err = bpf_prog_load(&attr);
2101 err = bpf_obj_pin(&attr);
2104 err = bpf_obj_get(&attr);
2106 #ifdef CONFIG_CGROUP_BPF
2107 case BPF_PROG_ATTACH:
2108 err = bpf_prog_attach(&attr);
2110 case BPF_PROG_DETACH:
2111 err = bpf_prog_detach(&attr);
2113 case BPF_PROG_QUERY:
2114 err = bpf_prog_query(&attr, uattr);
2117 case BPF_PROG_TEST_RUN:
2118 err = bpf_prog_test_run(&attr, uattr);
2120 case BPF_PROG_GET_NEXT_ID:
2121 err = bpf_obj_get_next_id(&attr, uattr,
2122 &prog_idr, &prog_idr_lock);
2124 case BPF_MAP_GET_NEXT_ID:
2125 err = bpf_obj_get_next_id(&attr, uattr,
2126 &map_idr, &map_idr_lock);
2128 case BPF_PROG_GET_FD_BY_ID:
2129 err = bpf_prog_get_fd_by_id(&attr);
2131 case BPF_MAP_GET_FD_BY_ID:
2132 err = bpf_map_get_fd_by_id(&attr);
2134 case BPF_OBJ_GET_INFO_BY_FD:
2135 err = bpf_obj_get_info_by_fd(&attr, uattr);
2137 case BPF_RAW_TRACEPOINT_OPEN:
2138 err = bpf_raw_tracepoint_open(&attr);
2141 err = bpf_btf_load(&attr);
projects / linux-2.6-block.git / blob