16 bool bpf_token_capable(const struct bpf_token *token, int cap)  in bpf_token_capable()  argument
21 	userns = token ? token->userns : &init_user_ns;  in bpf_token_capable()
24 	if (token && security_bpf_token_capable(token, cap) < 0)  in bpf_token_capable()
29 void bpf_token_inc(struct bpf_token *token)  in bpf_token_inc()  argument
31 	atomic64_inc(&token->refcnt);  in bpf_token_inc()
34 static void bpf_token_free(struct bpf_token *token)  in bpf_token_free()  argument
36 	security_bpf_token_free(token);  in bpf_token_free()
37 	put_user_ns(token->userns);  in bpf_token_free()
38 	kfree(token);  in bpf_token_free()
43 	struct bpf_token *token = container_of(work, struct bpf_token, work);  in bpf_token_put_deferred()  local
45 	bpf_token_free(token);  in bpf_token_put_deferred()
48 void bpf_token_put(struct bpf_token *token)  in bpf_token_put()  argument
50 	if (!token)  in bpf_token_put()
53 	if (!atomic64_dec_and_test(&token->refcnt))  in bpf_token_put()
56 	INIT_WORK(&token->work, bpf_token_put_deferred);  in bpf_token_put()
57 	schedule_work(&token->work);  in bpf_token_put()
62 	struct bpf_token *token = filp->private_data;  in bpf_token_release()  local
64 	bpf_token_put(token);  in bpf_token_release()
70 	struct bpf_token *token = filp->private_data;  in bpf_token_show_fdinfo()  local
75 	if ((token->allowed_cmds & mask) == mask)  in bpf_token_show_fdinfo()
78 		seq_printf(m, "allowed_cmds:\t0x%llx\n", token->allowed_cmds);  in bpf_token_show_fdinfo()
82 	if ((token->allowed_maps & mask) == mask)  in bpf_token_show_fdinfo()
85 		seq_printf(m, "allowed_maps:\t0x%llx\n", token->allowed_maps);  in bpf_token_show_fdinfo()
89 	if ((token->allowed_progs & mask) == mask)  in bpf_token_show_fdinfo()
92 		seq_printf(m, "allowed_progs:\t0x%llx\n", token->allowed_progs);  in bpf_token_show_fdinfo()
96 	if ((token->allowed_attachs & mask) == mask)  in bpf_token_show_fdinfo()
99 		seq_printf(m, "allowed_attachs:\t0x%llx\n", token->allowed_attachs);  in bpf_token_show_fdinfo()
114 	struct bpf_token *token = NULL;  in bpf_token_create()  local
175 	token = kzalloc(sizeof(*token), GFP_USER);  in bpf_token_create()
176 	if (!token) {  in bpf_token_create()
181 	atomic64_set(&token->refcnt, 1);  in bpf_token_create()
184 	token->userns = get_user_ns(userns);  in bpf_token_create()
186 	token->allowed_cmds = mnt_opts->delegate_cmds;  in bpf_token_create()
187 	token->allowed_maps = mnt_opts->delegate_maps;  in bpf_token_create()
188 	token->allowed_progs = mnt_opts->delegate_progs;  in bpf_token_create()
189 	token->allowed_attachs = mnt_opts->delegate_attachs;  in bpf_token_create()
191 	err = security_bpf_token_create(token, attr, &path);  in bpf_token_create()
201 	file->private_data = token;  in bpf_token_create()
207 	bpf_token_free(token);  in bpf_token_create()
216 	struct bpf_token *token;  in bpf_token_get_from_fd()  local
223 	token = fd_file(f)->private_data;  in bpf_token_get_from_fd()
224 	bpf_token_inc(token);  in bpf_token_get_from_fd()
226 	return token;  in bpf_token_get_from_fd()
229 bool bpf_token_allow_cmd(const struct bpf_token *token, enum bpf_cmd cmd)  in bpf_token_allow_cmd()  argument
231 	if (!token)  in bpf_token_allow_cmd()
233 	if (!(token->allowed_cmds & BIT_ULL(cmd)))  in bpf_token_allow_cmd()
235 	return security_bpf_token_cmd(token, cmd) == 0;  in bpf_token_allow_cmd()
238 bool bpf_token_allow_map_type(const struct bpf_token *token, enum bpf_map_type type)  in bpf_token_allow_map_type()  argument
240 	if (!token || type >= __MAX_BPF_MAP_TYPE)  in bpf_token_allow_map_type()
243 	return token->allowed_maps & BIT_ULL(type);  in bpf_token_allow_map_type()
246 bool bpf_token_allow_prog_type(const struct bpf_token *token,  in bpf_token_allow_prog_type()  argument
250 	if (!token || prog_type >= __MAX_BPF_PROG_TYPE || attach_type >= __MAX_BPF_ATTACH_TYPE)  in bpf_token_allow_prog_type()
253 	return (token->allowed_progs & BIT_ULL(prog_type)) &&  in bpf_token_allow_prog_type()
254 	       (token->allowed_attachs & BIT_ULL(attach_type));  in bpf_token_allow_prog_type()