[mirror_ubuntu-artful-kernel.git] / include / linux / bpf-cgroup.h

#ifndef _BPF_CGROUP_H
#define _BPF_CGROUP_H

#include <linux/jump_label.h>
#include <uapi/linux/bpf.h>

struct sock;
struct cgroup;
struct sk_buff;

#ifdef CONFIG_CGROUP_BPF

extern struct static_key_false cgroup_bpf_enabled_key;
#define cgroup_bpf_enabled static_branch_unlikely(&cgroup_bpf_enabled_key)

struct cgroup_bpf {
	/*
	 * Store two sets of bpf_prog pointers, one for programs that are
	 * pinned directly to this cgroup, and one for those that are effective
	 * when this cgroup is accessed.
	 */
	struct bpf_prog *prog[MAX_BPF_ATTACH_TYPE];
	struct bpf_prog __rcu *effective[MAX_BPF_ATTACH_TYPE];
	bool disallow_override[MAX_BPF_ATTACH_TYPE];
};

void cgroup_bpf_put(struct cgroup *cgrp);
void cgroup_bpf_inherit(struct cgroup *cgrp, struct cgroup *parent);

int __cgroup_bpf_update(struct cgroup *cgrp, struct cgroup *parent,
			struct bpf_prog *prog, enum bpf_attach_type type,
			bool overridable);

/* Wrapper for __cgroup_bpf_update() protected by cgroup_mutex */
int cgroup_bpf_update(struct cgroup *cgrp, struct bpf_prog *prog,
		      enum bpf_attach_type type, bool overridable);

int __cgroup_bpf_run_filter_skb(struct sock *sk,
				struct sk_buff *skb,
				enum bpf_attach_type type);

int __cgroup_bpf_run_filter_sk(struct sock *sk,
			       enum bpf_attach_type type);

/* Wrappers for __cgroup_bpf_run_filter_skb() guarded by cgroup_bpf_enabled. */
#define BPF_CGROUP_RUN_PROG_INET_INGRESS(sk, skb)			      \
({									      \
	int __ret = 0;							      \
	if (cgroup_bpf_enabled)						      \
		__ret = __cgroup_bpf_run_filter_skb(sk, skb,		      \
						    BPF_CGROUP_INET_INGRESS); \
									      \
	__ret;								      \
})

#define BPF_CGROUP_RUN_PROG_INET_EGRESS(sk, skb)			       \
({									       \
	int __ret = 0;							       \
	if (cgroup_bpf_enabled && sk && sk == skb->sk) {		       \
		typeof(sk) __sk = sk_to_full_sk(sk);			       \
		if (sk_fullsock(__sk))					       \
			__ret = __cgroup_bpf_run_filter_skb(__sk, skb,	       \
						      BPF_CGROUP_INET_EGRESS); \
	}								       \
	__ret;								       \
})

#define BPF_CGROUP_RUN_PROG_INET_SOCK(sk)				       \
({									       \
	int __ret = 0;							       \
	if (cgroup_bpf_enabled && sk) {					       \
		__ret = __cgroup_bpf_run_filter_sk(sk,			       \
						 BPF_CGROUP_INET_SOCK_CREATE); \
	}								       \
	__ret;								       \
})

#else

struct cgroup_bpf {};
static inline void cgroup_bpf_put(struct cgroup *cgrp) {}
static inline void cgroup_bpf_inherit(struct cgroup *cgrp,
				      struct cgroup *parent) {}

#define BPF_CGROUP_RUN_PROG_INET_INGRESS(sk,skb) ({ 0; })
#define BPF_CGROUP_RUN_PROG_INET_EGRESS(sk,skb) ({ 0; })
#define BPF_CGROUP_RUN_PROG_INET_SOCK(sk) ({ 0; })

#endif /* CONFIG_CGROUP_BPF */

#endif /* _BPF_CGROUP_H */
Commit	Line	Data
30070984 DM	1	#ifndef _BPF_CGROUP_H
	2	#define _BPF_CGROUP_H
	3
30070984 DM	4	#include <linux/jump_label.h>
	5	#include <uapi/linux/bpf.h>
	6
	7	struct sock;
	8	struct cgroup;
	9	struct sk_buff;
	10
	11	#ifdef CONFIG_CGROUP_BPF
	12
	13	extern struct static_key_false cgroup_bpf_enabled_key;
	14	#define cgroup_bpf_enabled static_branch_unlikely(&cgroup_bpf_enabled_key)
	15
	16	struct cgroup_bpf {
	17	/*
	18	* Store two sets of bpf_prog pointers, one for programs that are
	19	* pinned directly to this cgroup, and one for those that are effective
	20	* when this cgroup is accessed.
	21	*/
	22	struct bpf_prog *prog[MAX_BPF_ATTACH_TYPE];
dcdc43d6	23	struct bpf_prog __rcu *effective[MAX_BPF_ATTACH_TYPE];
7f677633	24	bool disallow_override[MAX_BPF_ATTACH_TYPE];
30070984 DM	25	};
	26
	27	void cgroup_bpf_put(struct cgroup *cgrp);
	28	void cgroup_bpf_inherit(struct cgroup cgrp, struct cgroup parent);
	29
7f677633 AS	30	int __cgroup_bpf_update(struct cgroup cgrp, struct cgroup parent,
	31	struct bpf_prog *prog, enum bpf_attach_type type,
	32	bool overridable);
30070984 DM	33
30070984 DM	34	/* Wrapper for __cgroup_bpf_update() protected by cgroup_mutex */
7f677633 AS	35	int cgroup_bpf_update(struct cgroup cgrp, struct bpf_prog prog,
7f677633 AS	36	enum bpf_attach_type type, bool overridable);
30070984	37
b2cd1257 DA	38	int __cgroup_bpf_run_filter_skb(struct sock *sk,
	39	struct sk_buff *skb,
	40	enum bpf_attach_type type);
	41
61023658 DA	42	int __cgroup_bpf_run_filter_sk(struct sock *sk,
	43	enum bpf_attach_type type);
	44
b2cd1257 DA	45	/* Wrappers for __cgroup_bpf_run_filter_skb() guarded by cgroup_bpf_enabled. */
	46	#define BPF_CGROUP_RUN_PROG_INET_INGRESS(sk, skb) \
	47	({ \
	48	int __ret = 0; \
	49	if (cgroup_bpf_enabled) \
	50	__ret = __cgroup_bpf_run_filter_skb(sk, skb, \
	51	BPF_CGROUP_INET_INGRESS); \
	52	\
	53	__ret; \
30070984 DM	54	})
30070984 DM	55
b2cd1257 DA	56	#define BPF_CGROUP_RUN_PROG_INET_EGRESS(sk, skb) \
	57	({ \
	58	int __ret = 0; \
	59	if (cgroup_bpf_enabled && sk && sk == skb->sk) { \
	60	typeof(sk) __sk = sk_to_full_sk(sk); \
	61	if (sk_fullsock(__sk)) \
	62	__ret = __cgroup_bpf_run_filter_skb(__sk, skb, \
	63	BPF_CGROUP_INET_EGRESS); \
	64	} \
	65	__ret; \
30070984 DM	66	})
30070984 DM	67
61023658 DA	68	#define BPF_CGROUP_RUN_PROG_INET_SOCK(sk) \
	69	({ \
	70	int __ret = 0; \
	71	if (cgroup_bpf_enabled && sk) { \
	72	__ret = __cgroup_bpf_run_filter_sk(sk, \
	73	BPF_CGROUP_INET_SOCK_CREATE); \
	74	} \
	75	__ret; \
	76	})
	77
30070984 DM	78	#else
	79
	80	struct cgroup_bpf {};
	81	static inline void cgroup_bpf_put(struct cgroup *cgrp) {}
	82	static inline void cgroup_bpf_inherit(struct cgroup *cgrp,
	83	struct cgroup *parent) {}
	84
	85	#define BPF_CGROUP_RUN_PROG_INET_INGRESS(sk,skb) ({ 0; })
	86	#define BPF_CGROUP_RUN_PROG_INET_EGRESS(sk,skb) ({ 0; })
61023658	87	#define BPF_CGROUP_RUN_PROG_INET_SOCK(sk) ({ 0; })
30070984 DM	88
	89	#endif /* CONFIG_CGROUP_BPF */
	90
	91	#endif /* _BPF_CGROUP_H */