1 /* SPDX-License-Identifier: GPL-2.0-only */ 2 /* Copyright (c) 2011-2014 PLUMgrid, http://plumgrid.com 3 */ 4 #ifndef _LINUX_BPF_H 5 #define _LINUX_BPF_H 1 6 7 #include <uapi/linux/bpf.h> 8 #include <uapi/linux/filter.h> 9 10 #include <crypto/sha2.h> 11 #include <linux/workqueue.h> 12 #include <linux/file.h> 13 #include <linux/percpu.h> 14 #include <linux/err.h> 15 #include <linux/rbtree_latch.h> 16 #include <linux/numa.h> 17 #include <linux/mm_types.h> 18 #include <linux/wait.h> 19 #include <linux/refcount.h> 20 #include <linux/mutex.h> 21 #include <linux/module.h> 22 #include <linux/kallsyms.h> 23 #include <linux/capability.h> 24 #include <linux/sched/mm.h> 25 #include <linux/slab.h> 26 #include <linux/percpu-refcount.h> 27 #include <linux/stddef.h> 28 #include <linux/bpfptr.h> 29 #include <linux/btf.h> 30 #include <linux/rcupdate_trace.h> 31 #include <linux/static_call.h> 32 #include <linux/memcontrol.h> 33 #include <linux/cfi.h> 34 #include <linux/xattr.h> 35 #include <asm/rqspinlock.h> 36 37 struct bpf_verifier_env; 38 struct bpf_verifier_log; 39 struct perf_event; 40 struct bpf_prog; 41 struct bpf_prog_aux; 42 struct bpf_map; 43 struct bpf_arena; 44 struct sock; 45 struct seq_file; 46 struct btf; 47 struct btf_type; 48 struct exception_table_entry; 49 struct seq_operations; 50 struct bpf_iter_aux_info; 51 struct bpf_local_storage; 52 struct bpf_local_storage_map; 53 struct kobject; 54 struct mem_cgroup; 55 struct module; 56 struct bpf_func_state; 57 struct ftrace_ops; 58 struct cgroup; 59 struct bpf_token; 60 struct user_namespace; 61 struct super_block; 62 struct inode; 63 64 extern struct idr btf_idr; 65 extern spinlock_t btf_idr_lock; 66 extern struct kobject *btf_kobj; 67 extern struct bpf_mem_alloc bpf_global_ma, bpf_global_percpu_ma; 68 extern bool bpf_global_ma_set; 69 70 typedef u64 (*bpf_callback_t)(u64, u64, u64, u64, u64); 71 typedef int (*bpf_iter_init_seq_priv_t)(void *private_data, 72 struct bpf_iter_aux_info *aux); 73 typedef void (*bpf_iter_fini_seq_priv_t)(void *private_data); 74 typedef unsigned int (*bpf_func_t)(const void *, 75 const struct bpf_insn *); 76 struct bpf_iter_seq_info { 77 const struct seq_operations *seq_ops; 78 bpf_iter_init_seq_priv_t init_seq_private; 79 bpf_iter_fini_seq_priv_t fini_seq_private; 80 u32 seq_priv_size; 81 }; 82 83 /* map is generic key/value storage optionally accessible by eBPF programs */ 84 struct bpf_map_ops { 85 /* funcs callable from userspace (via syscall) */ 86 int (*map_alloc_check)(union bpf_attr *attr); 87 struct bpf_map *(*map_alloc)(union bpf_attr *attr); 88 void (*map_release)(struct bpf_map *map, struct file *map_file); 89 void (*map_free)(struct bpf_map *map); 90 int (*map_get_next_key)(struct bpf_map *map, void *key, void *next_key); 91 void (*map_release_uref)(struct bpf_map *map); 92 void *(*map_lookup_elem_sys_only)(struct bpf_map *map, void *key); 93 int (*map_lookup_batch)(struct bpf_map *map, const union bpf_attr *attr, 94 union bpf_attr __user *uattr); 95 int (*map_lookup_and_delete_elem)(struct bpf_map *map, void *key, 96 void *value, u64 flags); 97 int (*map_lookup_and_delete_batch)(struct bpf_map *map, 98 const union bpf_attr *attr, 99 union bpf_attr __user *uattr); 100 int (*map_update_batch)(struct bpf_map *map, struct file *map_file, 101 const union bpf_attr *attr, 102 union bpf_attr __user *uattr); 103 int (*map_delete_batch)(struct bpf_map *map, const union bpf_attr *attr, 104 union bpf_attr __user *uattr); 105 106 /* funcs callable from userspace and from eBPF programs */ 107 void *(*map_lookup_elem)(struct bpf_map *map, void *key); 108 long (*map_update_elem)(struct bpf_map *map, void *key, void *value, u64 flags); 109 long (*map_delete_elem)(struct bpf_map *map, void *key); 110 long (*map_push_elem)(struct bpf_map *map, void *value, u64 flags); 111 long (*map_pop_elem)(struct bpf_map *map, void *value); 112 long (*map_peek_elem)(struct bpf_map *map, void *value); 113 void *(*map_lookup_percpu_elem)(struct bpf_map *map, void *key, u32 cpu); 114 int (*map_get_hash)(struct bpf_map *map, u32 hash_buf_size, void *hash_buf); 115 116 /* funcs called by prog_array and perf_event_array map */ 117 void *(*map_fd_get_ptr)(struct bpf_map *map, struct file *map_file, 118 int fd); 119 /* If need_defer is true, the implementation should guarantee that 120 * the to-be-put element is still alive before the bpf program, which 121 * may manipulate it, exists. 122 */ 123 void (*map_fd_put_ptr)(struct bpf_map *map, void *ptr, bool need_defer); 124 int (*map_gen_lookup)(struct bpf_map *map, struct bpf_insn *insn_buf); 125 u32 (*map_fd_sys_lookup_elem)(void *ptr); 126 void (*map_seq_show_elem)(struct bpf_map *map, void *key, 127 struct seq_file *m); 128 int (*map_check_btf)(struct bpf_map *map, 129 const struct btf *btf, 130 const struct btf_type *key_type, 131 const struct btf_type *value_type); 132 133 /* Prog poke tracking helpers. */ 134 int (*map_poke_track)(struct bpf_map *map, struct bpf_prog_aux *aux); 135 void (*map_poke_untrack)(struct bpf_map *map, struct bpf_prog_aux *aux); 136 void (*map_poke_run)(struct bpf_map *map, u32 key, struct bpf_prog *old, 137 struct bpf_prog *new); 138 139 /* Direct value access helpers. */ 140 int (*map_direct_value_addr)(const struct bpf_map *map, 141 u64 *imm, u32 off); 142 int (*map_direct_value_meta)(const struct bpf_map *map, 143 u64 imm, u32 *off); 144 int (*map_mmap)(struct bpf_map *map, struct vm_area_struct *vma); 145 __poll_t (*map_poll)(struct bpf_map *map, struct file *filp, 146 struct poll_table_struct *pts); 147 unsigned long (*map_get_unmapped_area)(struct file *filep, unsigned long addr, 148 unsigned long len, unsigned long pgoff, 149 unsigned long flags); 150 151 /* Functions called by bpf_local_storage maps */ 152 int (*map_local_storage_charge)(struct bpf_local_storage_map *smap, 153 void *owner, u32 size); 154 void (*map_local_storage_uncharge)(struct bpf_local_storage_map *smap, 155 void *owner, u32 size); 156 struct bpf_local_storage __rcu ** (*map_owner_storage_ptr)(void *owner); 157 158 /* Misc helpers.*/ 159 long (*map_redirect)(struct bpf_map *map, u64 key, u64 flags); 160 161 /* map_meta_equal must be implemented for maps that can be 162 * used as an inner map. It is a runtime check to ensure 163 * an inner map can be inserted to an outer map. 164 * 165 * Some properties of the inner map has been used during the 166 * verification time. When inserting an inner map at the runtime, 167 * map_meta_equal has to ensure the inserting map has the same 168 * properties that the verifier has used earlier. 169 */ 170 bool (*map_meta_equal)(const struct bpf_map *meta0, 171 const struct bpf_map *meta1); 172 173 174 int (*map_set_for_each_callback_args)(struct bpf_verifier_env *env, 175 struct bpf_func_state *caller, 176 struct bpf_func_state *callee); 177 long (*map_for_each_callback)(struct bpf_map *map, 178 bpf_callback_t callback_fn, 179 void *callback_ctx, u64 flags); 180 181 u64 (*map_mem_usage)(const struct bpf_map *map); 182 183 /* BTF id of struct allocated by map_alloc */ 184 int *map_btf_id; 185 186 /* bpf_iter info used to open a seq_file */ 187 const struct bpf_iter_seq_info *iter_seq_info; 188 }; 189 190 enum { 191 /* Support at most 11 fields in a BTF type */ 192 BTF_FIELDS_MAX = 11, 193 }; 194 195 enum btf_field_type { 196 BPF_SPIN_LOCK = (1 << 0), 197 BPF_TIMER = (1 << 1), 198 BPF_KPTR_UNREF = (1 << 2), 199 BPF_KPTR_REF = (1 << 3), 200 BPF_KPTR_PERCPU = (1 << 4), 201 BPF_KPTR = BPF_KPTR_UNREF | BPF_KPTR_REF | BPF_KPTR_PERCPU, 202 BPF_LIST_HEAD = (1 << 5), 203 BPF_LIST_NODE = (1 << 6), 204 BPF_RB_ROOT = (1 << 7), 205 BPF_RB_NODE = (1 << 8), 206 BPF_GRAPH_NODE = BPF_RB_NODE | BPF_LIST_NODE, 207 BPF_GRAPH_ROOT = BPF_RB_ROOT | BPF_LIST_HEAD, 208 BPF_REFCOUNT = (1 << 9), 209 BPF_WORKQUEUE = (1 << 10), 210 BPF_UPTR = (1 << 11), 211 BPF_RES_SPIN_LOCK = (1 << 12), 212 BPF_TASK_WORK = (1 << 13), 213 }; 214 215 enum bpf_cgroup_storage_type { 216 BPF_CGROUP_STORAGE_SHARED, 217 BPF_CGROUP_STORAGE_PERCPU, 218 __BPF_CGROUP_STORAGE_MAX 219 #define MAX_BPF_CGROUP_STORAGE_TYPE __BPF_CGROUP_STORAGE_MAX 220 }; 221 222 #ifdef CONFIG_CGROUP_BPF 223 # define for_each_cgroup_storage_type(stype) \ 224 for (stype = 0; stype < MAX_BPF_CGROUP_STORAGE_TYPE; stype++) 225 #else 226 # define for_each_cgroup_storage_type(stype) for (; false; ) 227 #endif /* CONFIG_CGROUP_BPF */ 228 229 typedef void (*btf_dtor_kfunc_t)(void *); 230 231 struct btf_field_kptr { 232 struct btf *btf; 233 struct module *module; 234 /* dtor used if btf_is_kernel(btf), otherwise the type is 235 * program-allocated, dtor is NULL, and __bpf_obj_drop_impl is used 236 */ 237 btf_dtor_kfunc_t dtor; 238 u32 btf_id; 239 }; 240 241 struct btf_field_graph_root { 242 struct btf *btf; 243 u32 value_btf_id; 244 u32 node_offset; 245 struct btf_record *value_rec; 246 }; 247 248 struct btf_field { 249 u32 offset; 250 u32 size; 251 enum btf_field_type type; 252 union { 253 struct btf_field_kptr kptr; 254 struct btf_field_graph_root graph_root; 255 }; 256 }; 257 258 struct btf_record { 259 u32 cnt; 260 u32 field_mask; 261 int spin_lock_off; 262 int res_spin_lock_off; 263 int timer_off; 264 int wq_off; 265 int refcount_off; 266 int task_work_off; 267 struct btf_field fields[]; 268 }; 269 270 /* Non-opaque version of bpf_rb_node in uapi/linux/bpf.h */ 271 struct bpf_rb_node_kern { 272 struct rb_node rb_node; 273 void *owner; 274 } __attribute__((aligned(8))); 275 276 /* Non-opaque version of bpf_list_node in uapi/linux/bpf.h */ 277 struct bpf_list_node_kern { 278 struct list_head list_head; 279 void *owner; 280 } __attribute__((aligned(8))); 281 282 /* 'Ownership' of program-containing map is claimed by the first program 283 * that is going to use this map or by the first program which FD is 284 * stored in the map to make sure that all callers and callees have the 285 * same prog type, JITed flag and xdp_has_frags flag. 286 */ 287 struct bpf_map_owner { 288 enum bpf_prog_type type; 289 bool jited; 290 bool xdp_has_frags; 291 bool sleepable; 292 u64 storage_cookie[MAX_BPF_CGROUP_STORAGE_TYPE]; 293 const struct btf_type *attach_func_proto; 294 enum bpf_attach_type expected_attach_type; 295 }; 296 297 struct bpf_map { 298 u8 sha[SHA256_DIGEST_SIZE]; 299 const struct bpf_map_ops *ops; 300 struct bpf_map *inner_map_meta; 301 #ifdef CONFIG_SECURITY 302 void *security; 303 #endif 304 enum bpf_map_type map_type; 305 u32 key_size; 306 u32 value_size; 307 u32 max_entries; 308 u64 map_extra; /* any per-map-type extra fields */ 309 u32 map_flags; 310 u32 id; 311 struct btf_record *record; 312 int numa_node; 313 u32 btf_key_type_id; 314 u32 btf_value_type_id; 315 u32 btf_vmlinux_value_type_id; 316 struct btf *btf; 317 #ifdef CONFIG_MEMCG 318 struct obj_cgroup *objcg; 319 #endif 320 char name[BPF_OBJ_NAME_LEN]; 321 struct mutex freeze_mutex; 322 atomic64_t refcnt; 323 atomic64_t usercnt; 324 /* rcu is used before freeing and work is only used during freeing */ 325 union { 326 struct work_struct work; 327 struct rcu_head rcu; 328 }; 329 atomic64_t writecnt; 330 spinlock_t owner_lock; 331 struct bpf_map_owner *owner; 332 bool bypass_spec_v1; 333 bool frozen; /* write-once; write-protected by freeze_mutex */ 334 bool free_after_mult_rcu_gp; 335 bool free_after_rcu_gp; 336 atomic64_t sleepable_refcnt; 337 s64 __percpu *elem_count; 338 u64 cookie; /* write-once */ 339 char *excl_prog_sha; 340 }; 341 342 static inline const char *btf_field_type_name(enum btf_field_type type) 343 { 344 switch (type) { 345 case BPF_SPIN_LOCK: 346 return "bpf_spin_lock"; 347 case BPF_RES_SPIN_LOCK: 348 return "bpf_res_spin_lock"; 349 case BPF_TIMER: 350 return "bpf_timer"; 351 case BPF_WORKQUEUE: 352 return "bpf_wq"; 353 case BPF_KPTR_UNREF: 354 case BPF_KPTR_REF: 355 return "kptr"; 356 case BPF_KPTR_PERCPU: 357 return "percpu_kptr"; 358 case BPF_UPTR: 359 return "uptr"; 360 case BPF_LIST_HEAD: 361 return "bpf_list_head"; 362 case BPF_LIST_NODE: 363 return "bpf_list_node"; 364 case BPF_RB_ROOT: 365 return "bpf_rb_root"; 366 case BPF_RB_NODE: 367 return "bpf_rb_node"; 368 case BPF_REFCOUNT: 369 return "bpf_refcount"; 370 case BPF_TASK_WORK: 371 return "bpf_task_work"; 372 default: 373 WARN_ON_ONCE(1); 374 return "unknown"; 375 } 376 } 377 378 #if IS_ENABLED(CONFIG_DEBUG_KERNEL) 379 #define BPF_WARN_ONCE(cond, format...) WARN_ONCE(cond, format) 380 #else 381 #define BPF_WARN_ONCE(cond, format...) BUILD_BUG_ON_INVALID(cond) 382 #endif 383 384 static inline u32 btf_field_type_size(enum btf_field_type type) 385 { 386 switch (type) { 387 case BPF_SPIN_LOCK: 388 return sizeof(struct bpf_spin_lock); 389 case BPF_RES_SPIN_LOCK: 390 return sizeof(struct bpf_res_spin_lock); 391 case BPF_TIMER: 392 return sizeof(struct bpf_timer); 393 case BPF_WORKQUEUE: 394 return sizeof(struct bpf_wq); 395 case BPF_KPTR_UNREF: 396 case BPF_KPTR_REF: 397 case BPF_KPTR_PERCPU: 398 case BPF_UPTR: 399 return sizeof(u64); 400 case BPF_LIST_HEAD: 401 return sizeof(struct bpf_list_head); 402 case BPF_LIST_NODE: 403 return sizeof(struct bpf_list_node); 404 case BPF_RB_ROOT: 405 return sizeof(struct bpf_rb_root); 406 case BPF_RB_NODE: 407 return sizeof(struct bpf_rb_node); 408 case BPF_REFCOUNT: 409 return sizeof(struct bpf_refcount); 410 case BPF_TASK_WORK: 411 return sizeof(struct bpf_task_work); 412 default: 413 WARN_ON_ONCE(1); 414 return 0; 415 } 416 } 417 418 static inline u32 btf_field_type_align(enum btf_field_type type) 419 { 420 switch (type) { 421 case BPF_SPIN_LOCK: 422 return __alignof__(struct bpf_spin_lock); 423 case BPF_RES_SPIN_LOCK: 424 return __alignof__(struct bpf_res_spin_lock); 425 case BPF_TIMER: 426 return __alignof__(struct bpf_timer); 427 case BPF_WORKQUEUE: 428 return __alignof__(struct bpf_wq); 429 case BPF_KPTR_UNREF: 430 case BPF_KPTR_REF: 431 case BPF_KPTR_PERCPU: 432 case BPF_UPTR: 433 return __alignof__(u64); 434 case BPF_LIST_HEAD: 435 return __alignof__(struct bpf_list_head); 436 case BPF_LIST_NODE: 437 return __alignof__(struct bpf_list_node); 438 case BPF_RB_ROOT: 439 return __alignof__(struct bpf_rb_root); 440 case BPF_RB_NODE: 441 return __alignof__(struct bpf_rb_node); 442 case BPF_REFCOUNT: 443 return __alignof__(struct bpf_refcount); 444 case BPF_TASK_WORK: 445 return __alignof__(struct bpf_task_work); 446 default: 447 WARN_ON_ONCE(1); 448 return 0; 449 } 450 } 451 452 static inline void bpf_obj_init_field(const struct btf_field *field, void *addr) 453 { 454 memset(addr, 0, field->size); 455 456 switch (field->type) { 457 case BPF_REFCOUNT: 458 refcount_set((refcount_t *)addr, 1); 459 break; 460 case BPF_RB_NODE: 461 RB_CLEAR_NODE((struct rb_node *)addr); 462 break; 463 case BPF_LIST_HEAD: 464 case BPF_LIST_NODE: 465 INIT_LIST_HEAD((struct list_head *)addr); 466 break; 467 case BPF_RB_ROOT: 468 /* RB_ROOT_CACHED 0-inits, no need to do anything after memset */ 469 case BPF_SPIN_LOCK: 470 case BPF_RES_SPIN_LOCK: 471 case BPF_TIMER: 472 case BPF_WORKQUEUE: 473 case BPF_KPTR_UNREF: 474 case BPF_KPTR_REF: 475 case BPF_KPTR_PERCPU: 476 case BPF_UPTR: 477 case BPF_TASK_WORK: 478 break; 479 default: 480 WARN_ON_ONCE(1); 481 return; 482 } 483 } 484 485 static inline bool btf_record_has_field(const struct btf_record *rec, enum btf_field_type type) 486 { 487 if (IS_ERR_OR_NULL(rec)) 488 return false; 489 return rec->field_mask & type; 490 } 491 492 static inline void bpf_obj_init(const struct btf_record *rec, void *obj) 493 { 494 int i; 495 496 if (IS_ERR_OR_NULL(rec)) 497 return; 498 for (i = 0; i < rec->cnt; i++) 499 bpf_obj_init_field(&rec->fields[i], obj + rec->fields[i].offset); 500 } 501 502 /* 'dst' must be a temporary buffer and should not point to memory that is being 503 * used in parallel by a bpf program or bpf syscall, otherwise the access from 504 * the bpf program or bpf syscall may be corrupted by the reinitialization, 505 * leading to weird problems. Even 'dst' is newly-allocated from bpf memory 506 * allocator, it is still possible for 'dst' to be used in parallel by a bpf 507 * program or bpf syscall. 508 */ 509 static inline void check_and_init_map_value(struct bpf_map *map, void *dst) 510 { 511 bpf_obj_init(map->record, dst); 512 } 513 514 /* memcpy that is used with 8-byte aligned pointers, power-of-8 size and 515 * forced to use 'long' read/writes to try to atomically copy long counters. 516 * Best-effort only. No barriers here, since it _will_ race with concurrent 517 * updates from BPF programs. Called from bpf syscall and mostly used with 518 * size 8 or 16 bytes, so ask compiler to inline it. 519 */ 520 static inline void bpf_long_memcpy(void *dst, const void *src, u32 size) 521 { 522 const long *lsrc = src; 523 long *ldst = dst; 524 525 size /= sizeof(long); 526 while (size--) 527 data_race(*ldst++ = *lsrc++); 528 } 529 530 /* copy everything but bpf_spin_lock, bpf_timer, and kptrs. There could be one of each. */ 531 static inline void bpf_obj_memcpy(struct btf_record *rec, 532 void *dst, void *src, u32 size, 533 bool long_memcpy) 534 { 535 u32 curr_off = 0; 536 int i; 537 538 if (IS_ERR_OR_NULL(rec)) { 539 if (long_memcpy) 540 bpf_long_memcpy(dst, src, round_up(size, 8)); 541 else 542 memcpy(dst, src, size); 543 return; 544 } 545 546 for (i = 0; i < rec->cnt; i++) { 547 u32 next_off = rec->fields[i].offset; 548 u32 sz = next_off - curr_off; 549 550 memcpy(dst + curr_off, src + curr_off, sz); 551 curr_off += rec->fields[i].size + sz; 552 } 553 memcpy(dst + curr_off, src + curr_off, size - curr_off); 554 } 555 556 static inline void copy_map_value(struct bpf_map *map, void *dst, void *src) 557 { 558 bpf_obj_memcpy(map->record, dst, src, map->value_size, false); 559 } 560 561 static inline void copy_map_value_long(struct bpf_map *map, void *dst, void *src) 562 { 563 bpf_obj_memcpy(map->record, dst, src, map->value_size, true); 564 } 565 566 static inline void bpf_obj_swap_uptrs(const struct btf_record *rec, void *dst, void *src) 567 { 568 unsigned long *src_uptr, *dst_uptr; 569 const struct btf_field *field; 570 int i; 571 572 if (!btf_record_has_field(rec, BPF_UPTR)) 573 return; 574 575 for (i = 0, field = rec->fields; i < rec->cnt; i++, field++) { 576 if (field->type != BPF_UPTR) 577 continue; 578 579 src_uptr = src + field->offset; 580 dst_uptr = dst + field->offset; 581 swap(*src_uptr, *dst_uptr); 582 } 583 } 584 585 static inline void bpf_obj_memzero(struct btf_record *rec, void *dst, u32 size) 586 { 587 u32 curr_off = 0; 588 int i; 589 590 if (IS_ERR_OR_NULL(rec)) { 591 memset(dst, 0, size); 592 return; 593 } 594 595 for (i = 0; i < rec->cnt; i++) { 596 u32 next_off = rec->fields[i].offset; 597 u32 sz = next_off - curr_off; 598 599 memset(dst + curr_off, 0, sz); 600 curr_off += rec->fields[i].size + sz; 601 } 602 memset(dst + curr_off, 0, size - curr_off); 603 } 604 605 static inline void zero_map_value(struct bpf_map *map, void *dst) 606 { 607 bpf_obj_memzero(map->record, dst, map->value_size); 608 } 609 610 void copy_map_value_locked(struct bpf_map *map, void *dst, void *src, 611 bool lock_src); 612 void bpf_timer_cancel_and_free(void *timer); 613 void bpf_wq_cancel_and_free(void *timer); 614 void bpf_task_work_cancel_and_free(void *timer); 615 void bpf_list_head_free(const struct btf_field *field, void *list_head, 616 struct bpf_spin_lock *spin_lock); 617 void bpf_rb_root_free(const struct btf_field *field, void *rb_root, 618 struct bpf_spin_lock *spin_lock); 619 u64 bpf_arena_get_kern_vm_start(struct bpf_arena *arena); 620 u64 bpf_arena_get_user_vm_start(struct bpf_arena *arena); 621 int bpf_obj_name_cpy(char *dst, const char *src, unsigned int size); 622 623 struct bpf_offload_dev; 624 struct bpf_offloaded_map; 625 626 struct bpf_map_dev_ops { 627 int (*map_get_next_key)(struct bpf_offloaded_map *map, 628 void *key, void *next_key); 629 int (*map_lookup_elem)(struct bpf_offloaded_map *map, 630 void *key, void *value); 631 int (*map_update_elem)(struct bpf_offloaded_map *map, 632 void *key, void *value, u64 flags); 633 int (*map_delete_elem)(struct bpf_offloaded_map *map, void *key); 634 }; 635 636 struct bpf_offloaded_map { 637 struct bpf_map map; 638 struct net_device *netdev; 639 const struct bpf_map_dev_ops *dev_ops; 640 void *dev_priv; 641 struct list_head offloads; 642 }; 643 644 static inline struct bpf_offloaded_map *map_to_offmap(struct bpf_map *map) 645 { 646 return container_of(map, struct bpf_offloaded_map, map); 647 } 648 649 static inline bool bpf_map_offload_neutral(const struct bpf_map *map) 650 { 651 return map->map_type == BPF_MAP_TYPE_PERF_EVENT_ARRAY; 652 } 653 654 static inline bool bpf_map_support_seq_show(const struct bpf_map *map) 655 { 656 return (map->btf_value_type_id || map->btf_vmlinux_value_type_id) && 657 map->ops->map_seq_show_elem; 658 } 659 660 int map_check_no_btf(struct bpf_map *map, 661 const struct btf *btf, 662 const struct btf_type *key_type, 663 const struct btf_type *value_type); 664 665 bool bpf_map_meta_equal(const struct bpf_map *meta0, 666 const struct bpf_map *meta1); 667 668 static inline bool bpf_map_has_internal_structs(struct bpf_map *map) 669 { 670 return btf_record_has_field(map->record, BPF_TIMER | BPF_WORKQUEUE | BPF_TASK_WORK); 671 } 672 673 void bpf_map_free_internal_structs(struct bpf_map *map, void *obj); 674 675 int bpf_dynptr_from_file_sleepable(struct file *file, u32 flags, 676 struct bpf_dynptr *ptr__uninit); 677 678 #if defined(CONFIG_MMU) && defined(CONFIG_64BIT) 679 void *bpf_arena_alloc_pages_non_sleepable(void *p__map, void *addr__ign, u32 page_cnt, int node_id, 680 u64 flags); 681 void bpf_arena_free_pages_non_sleepable(void *p__map, void *ptr__ign, u32 page_cnt); 682 #else 683 static inline void *bpf_arena_alloc_pages_non_sleepable(void *p__map, void *addr__ign, u32 page_cnt, 684 int node_id, u64 flags) 685 { 686 return NULL; 687 } 688 689 static inline void bpf_arena_free_pages_non_sleepable(void *p__map, void *ptr__ign, u32 page_cnt) 690 { 691 } 692 #endif 693 694 extern const struct bpf_map_ops bpf_map_offload_ops; 695 696 /* bpf_type_flag contains a set of flags that are applicable to the values of 697 * arg_type, ret_type and reg_type. For example, a pointer value may be null, 698 * or a memory is read-only. We classify types into two categories: base types 699 * and extended types. Extended types are base types combined with a type flag. 700 * 701 * Currently there are no more than 32 base types in arg_type, ret_type and 702 * reg_types. 703 */ 704 #define BPF_BASE_TYPE_BITS 8 705 706 enum bpf_type_flag { 707 /* PTR may be NULL. */ 708 PTR_MAYBE_NULL = BIT(0 + BPF_BASE_TYPE_BITS), 709 710 /* MEM is read-only. When applied on bpf_arg, it indicates the arg is 711 * compatible with both mutable and immutable memory. 712 */ 713 MEM_RDONLY = BIT(1 + BPF_BASE_TYPE_BITS), 714 715 /* MEM points to BPF ring buffer reservation. */ 716 MEM_RINGBUF = BIT(2 + BPF_BASE_TYPE_BITS), 717 718 /* MEM is in user address space. */ 719 MEM_USER = BIT(3 + BPF_BASE_TYPE_BITS), 720 721 /* MEM is a percpu memory. MEM_PERCPU tags PTR_TO_BTF_ID. When tagged 722 * with MEM_PERCPU, PTR_TO_BTF_ID _cannot_ be directly accessed. In 723 * order to drop this tag, it must be passed into bpf_per_cpu_ptr() 724 * or bpf_this_cpu_ptr(), which will return the pointer corresponding 725 * to the specified cpu. 726 */ 727 MEM_PERCPU = BIT(4 + BPF_BASE_TYPE_BITS), 728 729 /* Indicates that the argument will be released. */ 730 OBJ_RELEASE = BIT(5 + BPF_BASE_TYPE_BITS), 731 732 /* PTR is not trusted. This is only used with PTR_TO_BTF_ID, to mark 733 * unreferenced and referenced kptr loaded from map value using a load 734 * instruction, so that they can only be dereferenced but not escape the 735 * BPF program into the kernel (i.e. cannot be passed as arguments to 736 * kfunc or bpf helpers). 737 */ 738 PTR_UNTRUSTED = BIT(6 + BPF_BASE_TYPE_BITS), 739 740 /* MEM can be uninitialized. */ 741 MEM_UNINIT = BIT(7 + BPF_BASE_TYPE_BITS), 742 743 /* DYNPTR points to memory local to the bpf program. */ 744 DYNPTR_TYPE_LOCAL = BIT(8 + BPF_BASE_TYPE_BITS), 745 746 /* DYNPTR points to a kernel-produced ringbuf record. */ 747 DYNPTR_TYPE_RINGBUF = BIT(9 + BPF_BASE_TYPE_BITS), 748 749 /* Size is known at compile time. */ 750 MEM_FIXED_SIZE = BIT(10 + BPF_BASE_TYPE_BITS), 751 752 /* MEM is of an allocated object of type in program BTF. This is used to 753 * tag PTR_TO_BTF_ID allocated using bpf_obj_new. 754 */ 755 MEM_ALLOC = BIT(11 + BPF_BASE_TYPE_BITS), 756 757 /* PTR was passed from the kernel in a trusted context, and may be 758 * passed to kfuncs or BPF helper functions. 759 * Confusingly, this is _not_ the opposite of PTR_UNTRUSTED above. 760 * PTR_UNTRUSTED refers to a kptr that was read directly from a map 761 * without invoking bpf_kptr_xchg(). What we really need to know is 762 * whether a pointer is safe to pass to a kfunc or BPF helper function. 763 * While PTR_UNTRUSTED pointers are unsafe to pass to kfuncs and BPF 764 * helpers, they do not cover all possible instances of unsafe 765 * pointers. For example, a pointer that was obtained from walking a 766 * struct will _not_ get the PTR_UNTRUSTED type modifier, despite the 767 * fact that it may be NULL, invalid, etc. This is due to backwards 768 * compatibility requirements, as this was the behavior that was first 769 * introduced when kptrs were added. The behavior is now considered 770 * deprecated, and PTR_UNTRUSTED will eventually be removed. 771 * 772 * PTR_TRUSTED, on the other hand, is a pointer that the kernel 773 * guarantees to be valid and safe to pass to kfuncs and BPF helpers. 774 * For example, pointers passed to tracepoint arguments are considered 775 * PTR_TRUSTED, as are pointers that are passed to struct_ops 776 * callbacks. As alluded to above, pointers that are obtained from 777 * walking PTR_TRUSTED pointers are _not_ trusted. For example, if a 778 * struct task_struct *task is PTR_TRUSTED, then accessing 779 * task->last_wakee will lose the PTR_TRUSTED modifier when it's stored 780 * in a BPF register. Similarly, pointers passed to certain programs 781 * types such as kretprobes are not guaranteed to be valid, as they may 782 * for example contain an object that was recently freed. 783 */ 784 PTR_TRUSTED = BIT(12 + BPF_BASE_TYPE_BITS), 785 786 /* MEM is tagged with rcu and memory access needs rcu_read_lock protection. */ 787 MEM_RCU = BIT(13 + BPF_BASE_TYPE_BITS), 788 789 /* Used to tag PTR_TO_BTF_ID | MEM_ALLOC references which are non-owning. 790 * Currently only valid for linked-list and rbtree nodes. If the nodes 791 * have a bpf_refcount_field, they must be tagged MEM_RCU as well. 792 */ 793 NON_OWN_REF = BIT(14 + BPF_BASE_TYPE_BITS), 794 795 /* DYNPTR points to sk_buff */ 796 DYNPTR_TYPE_SKB = BIT(15 + BPF_BASE_TYPE_BITS), 797 798 /* DYNPTR points to xdp_buff */ 799 DYNPTR_TYPE_XDP = BIT(16 + BPF_BASE_TYPE_BITS), 800 801 /* Memory must be aligned on some architectures, used in combination with 802 * MEM_FIXED_SIZE. 803 */ 804 MEM_ALIGNED = BIT(17 + BPF_BASE_TYPE_BITS), 805 806 /* MEM is being written to, often combined with MEM_UNINIT. Non-presence 807 * of MEM_WRITE means that MEM is only being read. MEM_WRITE without the 808 * MEM_UNINIT means that memory needs to be initialized since it is also 809 * read. 810 */ 811 MEM_WRITE = BIT(18 + BPF_BASE_TYPE_BITS), 812 813 /* DYNPTR points to skb_metadata_end()-skb_metadata_len() */ 814 DYNPTR_TYPE_SKB_META = BIT(19 + BPF_BASE_TYPE_BITS), 815 816 /* DYNPTR points to file */ 817 DYNPTR_TYPE_FILE = BIT(20 + BPF_BASE_TYPE_BITS), 818 819 __BPF_TYPE_FLAG_MAX, 820 __BPF_TYPE_LAST_FLAG = __BPF_TYPE_FLAG_MAX - 1, 821 }; 822 823 #define DYNPTR_TYPE_FLAG_MASK (DYNPTR_TYPE_LOCAL | DYNPTR_TYPE_RINGBUF | DYNPTR_TYPE_SKB \ 824 | DYNPTR_TYPE_XDP | DYNPTR_TYPE_SKB_META | DYNPTR_TYPE_FILE) 825 826 /* Max number of base types. */ 827 #define BPF_BASE_TYPE_LIMIT (1UL << BPF_BASE_TYPE_BITS) 828 829 /* Max number of all types. */ 830 #define BPF_TYPE_LIMIT (__BPF_TYPE_LAST_FLAG | (__BPF_TYPE_LAST_FLAG - 1)) 831 832 /* function argument constraints */ 833 enum bpf_arg_type { 834 ARG_DONTCARE = 0, /* unused argument in helper function */ 835 836 /* the following constraints used to prototype 837 * bpf_map_lookup/update/delete_elem() functions 838 */ 839 ARG_CONST_MAP_PTR, /* const argument used as pointer to bpf_map */ 840 ARG_PTR_TO_MAP_KEY, /* pointer to stack used as map key */ 841 ARG_PTR_TO_MAP_VALUE, /* pointer to stack used as map value */ 842 843 /* Used to prototype bpf_memcmp() and other functions that access data 844 * on eBPF program stack 845 */ 846 ARG_PTR_TO_MEM, /* pointer to valid memory (stack, packet, map value) */ 847 ARG_PTR_TO_ARENA, 848 849 ARG_CONST_SIZE, /* number of bytes accessed from memory */ 850 ARG_CONST_SIZE_OR_ZERO, /* number of bytes accessed from memory or 0 */ 851 852 ARG_PTR_TO_CTX, /* pointer to context */ 853 ARG_ANYTHING, /* any (initialized) argument is ok */ 854 ARG_PTR_TO_SPIN_LOCK, /* pointer to bpf_spin_lock */ 855 ARG_PTR_TO_SOCK_COMMON, /* pointer to sock_common */ 856 ARG_PTR_TO_SOCKET, /* pointer to bpf_sock (fullsock) */ 857 ARG_PTR_TO_BTF_ID, /* pointer to in-kernel struct */ 858 ARG_PTR_TO_RINGBUF_MEM, /* pointer to dynamically reserved ringbuf memory */ 859 ARG_CONST_ALLOC_SIZE_OR_ZERO, /* number of allocated bytes requested */ 860 ARG_PTR_TO_BTF_ID_SOCK_COMMON, /* pointer to in-kernel sock_common or bpf-mirrored bpf_sock */ 861 ARG_PTR_TO_PERCPU_BTF_ID, /* pointer to in-kernel percpu type */ 862 ARG_PTR_TO_FUNC, /* pointer to a bpf program function */ 863 ARG_PTR_TO_STACK, /* pointer to stack */ 864 ARG_PTR_TO_CONST_STR, /* pointer to a null terminated read-only string */ 865 ARG_PTR_TO_TIMER, /* pointer to bpf_timer */ 866 ARG_KPTR_XCHG_DEST, /* pointer to destination that kptrs are bpf_kptr_xchg'd into */ 867 ARG_PTR_TO_DYNPTR, /* pointer to bpf_dynptr. See bpf_type_flag for dynptr type */ 868 __BPF_ARG_TYPE_MAX, 869 870 /* Extended arg_types. */ 871 ARG_PTR_TO_MAP_VALUE_OR_NULL = PTR_MAYBE_NULL | ARG_PTR_TO_MAP_VALUE, 872 ARG_PTR_TO_MEM_OR_NULL = PTR_MAYBE_NULL | ARG_PTR_TO_MEM, 873 ARG_PTR_TO_CTX_OR_NULL = PTR_MAYBE_NULL | ARG_PTR_TO_CTX, 874 ARG_PTR_TO_SOCKET_OR_NULL = PTR_MAYBE_NULL | ARG_PTR_TO_SOCKET, 875 ARG_PTR_TO_STACK_OR_NULL = PTR_MAYBE_NULL | ARG_PTR_TO_STACK, 876 ARG_PTR_TO_BTF_ID_OR_NULL = PTR_MAYBE_NULL | ARG_PTR_TO_BTF_ID, 877 /* Pointer to memory does not need to be initialized, since helper function 878 * fills all bytes or clears them in error case. 879 */ 880 ARG_PTR_TO_UNINIT_MEM = MEM_UNINIT | MEM_WRITE | ARG_PTR_TO_MEM, 881 /* Pointer to valid memory of size known at compile time. */ 882 ARG_PTR_TO_FIXED_SIZE_MEM = MEM_FIXED_SIZE | ARG_PTR_TO_MEM, 883 884 /* This must be the last entry. Its purpose is to ensure the enum is 885 * wide enough to hold the higher bits reserved for bpf_type_flag. 886 */ 887 __BPF_ARG_TYPE_LIMIT = BPF_TYPE_LIMIT, 888 }; 889 static_assert(__BPF_ARG_TYPE_MAX <= BPF_BASE_TYPE_LIMIT); 890 891 /* type of values returned from helper functions */ 892 enum bpf_return_type { 893 RET_INTEGER, /* function returns integer */ 894 RET_VOID, /* function doesn't return anything */ 895 RET_PTR_TO_MAP_VALUE, /* returns a pointer to map elem value */ 896 RET_PTR_TO_SOCKET, /* returns a pointer to a socket */ 897 RET_PTR_TO_TCP_SOCK, /* returns a pointer to a tcp_sock */ 898 RET_PTR_TO_SOCK_COMMON, /* returns a pointer to a sock_common */ 899 RET_PTR_TO_MEM, /* returns a pointer to memory */ 900 RET_PTR_TO_MEM_OR_BTF_ID, /* returns a pointer to a valid memory or a btf_id */ 901 RET_PTR_TO_BTF_ID, /* returns a pointer to a btf_id */ 902 __BPF_RET_TYPE_MAX, 903 904 /* Extended ret_types. */ 905 RET_PTR_TO_MAP_VALUE_OR_NULL = PTR_MAYBE_NULL | RET_PTR_TO_MAP_VALUE, 906 RET_PTR_TO_SOCKET_OR_NULL = PTR_MAYBE_NULL | RET_PTR_TO_SOCKET, 907 RET_PTR_TO_TCP_SOCK_OR_NULL = PTR_MAYBE_NULL | RET_PTR_TO_TCP_SOCK, 908 RET_PTR_TO_SOCK_COMMON_OR_NULL = PTR_MAYBE_NULL | RET_PTR_TO_SOCK_COMMON, 909 RET_PTR_TO_RINGBUF_MEM_OR_NULL = PTR_MAYBE_NULL | MEM_RINGBUF | RET_PTR_TO_MEM, 910 RET_PTR_TO_DYNPTR_MEM_OR_NULL = PTR_MAYBE_NULL | RET_PTR_TO_MEM, 911 RET_PTR_TO_BTF_ID_OR_NULL = PTR_MAYBE_NULL | RET_PTR_TO_BTF_ID, 912 RET_PTR_TO_BTF_ID_TRUSTED = PTR_TRUSTED | RET_PTR_TO_BTF_ID, 913 914 /* This must be the last entry. Its purpose is to ensure the enum is 915 * wide enough to hold the higher bits reserved for bpf_type_flag. 916 */ 917 __BPF_RET_TYPE_LIMIT = BPF_TYPE_LIMIT, 918 }; 919 static_assert(__BPF_RET_TYPE_MAX <= BPF_BASE_TYPE_LIMIT); 920 921 /* eBPF function prototype used by verifier to allow BPF_CALLs from eBPF programs 922 * to in-kernel helper functions and for adjusting imm32 field in BPF_CALL 923 * instructions after verifying 924 */ 925 struct bpf_func_proto { 926 u64 (*func)(u64 r1, u64 r2, u64 r3, u64 r4, u64 r5); 927 bool gpl_only; 928 bool pkt_access; 929 bool might_sleep; 930 /* set to true if helper follows contract for llvm 931 * attribute bpf_fastcall: 932 * - void functions do not scratch r0 933 * - functions taking N arguments scratch only registers r1-rN 934 */ 935 bool allow_fastcall; 936 enum bpf_return_type ret_type; 937 union { 938 struct { 939 enum bpf_arg_type arg1_type; 940 enum bpf_arg_type arg2_type; 941 enum bpf_arg_type arg3_type; 942 enum bpf_arg_type arg4_type; 943 enum bpf_arg_type arg5_type; 944 }; 945 enum bpf_arg_type arg_type[5]; 946 }; 947 union { 948 struct { 949 u32 *arg1_btf_id; 950 u32 *arg2_btf_id; 951 u32 *arg3_btf_id; 952 u32 *arg4_btf_id; 953 u32 *arg5_btf_id; 954 }; 955 u32 *arg_btf_id[5]; 956 struct { 957 size_t arg1_size; 958 size_t arg2_size; 959 size_t arg3_size; 960 size_t arg4_size; 961 size_t arg5_size; 962 }; 963 size_t arg_size[5]; 964 }; 965 int *ret_btf_id; /* return value btf_id */ 966 bool (*allowed)(const struct bpf_prog *prog); 967 }; 968 969 /* bpf_context is intentionally undefined structure. Pointer to bpf_context is 970 * the first argument to eBPF programs. 971 * For socket filters: 'struct bpf_context *' == 'struct sk_buff *' 972 */ 973 struct bpf_context; 974 975 enum bpf_access_type { 976 BPF_READ = 1, 977 BPF_WRITE = 2 978 }; 979 980 /* types of values stored in eBPF registers */ 981 /* Pointer types represent: 982 * pointer 983 * pointer + imm 984 * pointer + (u16) var 985 * pointer + (u16) var + imm 986 * if (range > 0) then [ptr, ptr + range - off) is safe to access 987 * if (id > 0) means that some 'var' was added 988 * if (off > 0) means that 'imm' was added 989 */ 990 enum bpf_reg_type { 991 NOT_INIT = 0, /* nothing was written into register */ 992 SCALAR_VALUE, /* reg doesn't contain a valid pointer */ 993 PTR_TO_CTX, /* reg points to bpf_context */ 994 CONST_PTR_TO_MAP, /* reg points to struct bpf_map */ 995 PTR_TO_MAP_VALUE, /* reg points to map element value */ 996 PTR_TO_MAP_KEY, /* reg points to a map element key */ 997 PTR_TO_STACK, /* reg == frame_pointer + offset */ 998 PTR_TO_PACKET_META, /* skb->data - meta_len */ 999 PTR_TO_PACKET, /* reg points to skb->data */ 1000 PTR_TO_PACKET_END, /* skb->data + headlen */ 1001 PTR_TO_FLOW_KEYS, /* reg points to bpf_flow_keys */ 1002 PTR_TO_SOCKET, /* reg points to struct bpf_sock */ 1003 PTR_TO_SOCK_COMMON, /* reg points to sock_common */ 1004 PTR_TO_TCP_SOCK, /* reg points to struct tcp_sock */ 1005 PTR_TO_TP_BUFFER, /* reg points to a writable raw tp's buffer */ 1006 PTR_TO_XDP_SOCK, /* reg points to struct xdp_sock */ 1007 /* PTR_TO_BTF_ID points to a kernel struct that does not need 1008 * to be null checked by the BPF program. This does not imply the 1009 * pointer is _not_ null and in practice this can easily be a null 1010 * pointer when reading pointer chains. The assumption is program 1011 * context will handle null pointer dereference typically via fault 1012 * handling. The verifier must keep this in mind and can make no 1013 * assumptions about null or non-null when doing branch analysis. 1014 * Further, when passed into helpers the helpers can not, without 1015 * additional context, assume the value is non-null. 1016 */ 1017 PTR_TO_BTF_ID, 1018 PTR_TO_MEM, /* reg points to valid memory region */ 1019 PTR_TO_ARENA, 1020 PTR_TO_BUF, /* reg points to a read/write buffer */ 1021 PTR_TO_FUNC, /* reg points to a bpf program function */ 1022 PTR_TO_INSN, /* reg points to a bpf program instruction */ 1023 CONST_PTR_TO_DYNPTR, /* reg points to a const struct bpf_dynptr */ 1024 __BPF_REG_TYPE_MAX, 1025 1026 /* Extended reg_types. */ 1027 PTR_TO_MAP_VALUE_OR_NULL = PTR_MAYBE_NULL | PTR_TO_MAP_VALUE, 1028 PTR_TO_SOCKET_OR_NULL = PTR_MAYBE_NULL | PTR_TO_SOCKET, 1029 PTR_TO_SOCK_COMMON_OR_NULL = PTR_MAYBE_NULL | PTR_TO_SOCK_COMMON, 1030 PTR_TO_TCP_SOCK_OR_NULL = PTR_MAYBE_NULL | PTR_TO_TCP_SOCK, 1031 /* PTR_TO_BTF_ID_OR_NULL points to a kernel struct that has not 1032 * been checked for null. Used primarily to inform the verifier 1033 * an explicit null check is required for this struct. 1034 */ 1035 PTR_TO_BTF_ID_OR_NULL = PTR_MAYBE_NULL | PTR_TO_BTF_ID, 1036 1037 /* This must be the last entry. Its purpose is to ensure the enum is 1038 * wide enough to hold the higher bits reserved for bpf_type_flag. 1039 */ 1040 __BPF_REG_TYPE_LIMIT = BPF_TYPE_LIMIT, 1041 }; 1042 static_assert(__BPF_REG_TYPE_MAX <= BPF_BASE_TYPE_LIMIT); 1043 1044 /* The information passed from prog-specific *_is_valid_access 1045 * back to the verifier. 1046 */ 1047 struct bpf_insn_access_aux { 1048 enum bpf_reg_type reg_type; 1049 bool is_ldsx; 1050 union { 1051 int ctx_field_size; 1052 struct { 1053 struct btf *btf; 1054 u32 btf_id; 1055 u32 ref_obj_id; 1056 }; 1057 }; 1058 struct bpf_verifier_log *log; /* for verbose logs */ 1059 bool is_retval; /* is accessing function return value ? */ 1060 }; 1061 1062 static inline void 1063 bpf_ctx_record_field_size(struct bpf_insn_access_aux *aux, u32 size) 1064 { 1065 aux->ctx_field_size = size; 1066 } 1067 1068 static bool bpf_is_ldimm64(const struct bpf_insn *insn) 1069 { 1070 return insn->code == (BPF_LD | BPF_IMM | BPF_DW); 1071 } 1072 1073 static inline bool bpf_pseudo_func(const struct bpf_insn *insn) 1074 { 1075 return bpf_is_ldimm64(insn) && insn->src_reg == BPF_PSEUDO_FUNC; 1076 } 1077 1078 /* Given a BPF_ATOMIC instruction @atomic_insn, return true if it is an 1079 * atomic load or store, and false if it is a read-modify-write instruction. 1080 */ 1081 static inline bool 1082 bpf_atomic_is_load_store(const struct bpf_insn *atomic_insn) 1083 { 1084 switch (atomic_insn->imm) { 1085 case BPF_LOAD_ACQ: 1086 case BPF_STORE_REL: 1087 return true; 1088 default: 1089 return false; 1090 } 1091 } 1092 1093 struct bpf_prog_ops { 1094 int (*test_run)(struct bpf_prog *prog, const union bpf_attr *kattr, 1095 union bpf_attr __user *uattr); 1096 }; 1097 1098 struct bpf_reg_state; 1099 struct bpf_verifier_ops { 1100 /* return eBPF function prototype for verification */ 1101 const struct bpf_func_proto * 1102 (*get_func_proto)(enum bpf_func_id func_id, 1103 const struct bpf_prog *prog); 1104 1105 /* return true if 'size' wide access at offset 'off' within bpf_context 1106 * with 'type' (read or write) is allowed 1107 */ 1108 bool (*is_valid_access)(int off, int size, enum bpf_access_type type, 1109 const struct bpf_prog *prog, 1110 struct bpf_insn_access_aux *info); 1111 int (*gen_prologue)(struct bpf_insn *insn, bool direct_write, 1112 const struct bpf_prog *prog); 1113 int (*gen_epilogue)(struct bpf_insn *insn, const struct bpf_prog *prog, 1114 s16 ctx_stack_off); 1115 int (*gen_ld_abs)(const struct bpf_insn *orig, 1116 struct bpf_insn *insn_buf); 1117 u32 (*convert_ctx_access)(enum bpf_access_type type, 1118 const struct bpf_insn *src, 1119 struct bpf_insn *dst, 1120 struct bpf_prog *prog, u32 *target_size); 1121 int (*btf_struct_access)(struct bpf_verifier_log *log, 1122 const struct bpf_reg_state *reg, 1123 int off, int size); 1124 }; 1125 1126 struct bpf_prog_offload_ops { 1127 /* verifier basic callbacks */ 1128 int (*insn_hook)(struct bpf_verifier_env *env, 1129 int insn_idx, int prev_insn_idx); 1130 int (*finalize)(struct bpf_verifier_env *env); 1131 /* verifier optimization callbacks (called after .finalize) */ 1132 int (*replace_insn)(struct bpf_verifier_env *env, u32 off, 1133 struct bpf_insn *insn); 1134 int (*remove_insns)(struct bpf_verifier_env *env, u32 off, u32 cnt); 1135 /* program management callbacks */ 1136 int (*prepare)(struct bpf_prog *prog); 1137 int (*translate)(struct bpf_prog *prog); 1138 void (*destroy)(struct bpf_prog *prog); 1139 }; 1140 1141 struct bpf_prog_offload { 1142 struct bpf_prog *prog; 1143 struct net_device *netdev; 1144 struct bpf_offload_dev *offdev; 1145 void *dev_priv; 1146 struct list_head offloads; 1147 bool dev_state; 1148 bool opt_failed; 1149 void *jited_image; 1150 u32 jited_len; 1151 }; 1152 1153 /* The longest tracepoint has 12 args. 1154 * See include/trace/bpf_probe.h 1155 */ 1156 #define MAX_BPF_FUNC_ARGS 12 1157 1158 /* The maximum number of arguments passed through registers 1159 * a single function may have. 1160 */ 1161 #define MAX_BPF_FUNC_REG_ARGS 5 1162 1163 /* The argument is a structure or a union. */ 1164 #define BTF_FMODEL_STRUCT_ARG BIT(0) 1165 1166 /* The argument is signed. */ 1167 #define BTF_FMODEL_SIGNED_ARG BIT(1) 1168 1169 struct btf_func_model { 1170 u8 ret_size; 1171 u8 ret_flags; 1172 u8 nr_args; 1173 u8 arg_size[MAX_BPF_FUNC_ARGS]; 1174 u8 arg_flags[MAX_BPF_FUNC_ARGS]; 1175 }; 1176 1177 /* Restore arguments before returning from trampoline to let original function 1178 * continue executing. This flag is used for fentry progs when there are no 1179 * fexit progs. 1180 */ 1181 #define BPF_TRAMP_F_RESTORE_REGS BIT(0) 1182 /* Call original function after fentry progs, but before fexit progs. 1183 * Makes sense for fentry/fexit, normal calls and indirect calls. 1184 */ 1185 #define BPF_TRAMP_F_CALL_ORIG BIT(1) 1186 /* Skip current frame and return to parent. Makes sense for fentry/fexit 1187 * programs only. Should not be used with normal calls and indirect calls. 1188 */ 1189 #define BPF_TRAMP_F_SKIP_FRAME BIT(2) 1190 /* Store IP address of the caller on the trampoline stack, 1191 * so it's available for trampoline's programs. 1192 */ 1193 #define BPF_TRAMP_F_IP_ARG BIT(3) 1194 /* Return the return value of fentry prog. Only used by bpf_struct_ops. */ 1195 #define BPF_TRAMP_F_RET_FENTRY_RET BIT(4) 1196 1197 /* Get original function from stack instead of from provided direct address. 1198 * Makes sense for trampolines with fexit or fmod_ret programs. 1199 */ 1200 #define BPF_TRAMP_F_ORIG_STACK BIT(5) 1201 1202 /* This trampoline is on a function with another ftrace_ops with IPMODIFY, 1203 * e.g., a live patch. This flag is set and cleared by ftrace call backs, 1204 */ 1205 #define BPF_TRAMP_F_SHARE_IPMODIFY BIT(6) 1206 1207 /* Indicate that current trampoline is in a tail call context. Then, it has to 1208 * cache and restore tail_call_cnt to avoid infinite tail call loop. 1209 */ 1210 #define BPF_TRAMP_F_TAIL_CALL_CTX BIT(7) 1211 1212 /* 1213 * Indicate the trampoline should be suitable to receive indirect calls; 1214 * without this indirectly calling the generated code can result in #UD/#CP, 1215 * depending on the CFI options. 1216 * 1217 * Used by bpf_struct_ops. 1218 * 1219 * Incompatible with FENTRY usage, overloads @func_addr argument. 1220 */ 1221 #define BPF_TRAMP_F_INDIRECT BIT(8) 1222 1223 /* Each call __bpf_prog_enter + call bpf_func + call __bpf_prog_exit is ~50 1224 * bytes on x86. 1225 */ 1226 enum { 1227 #if defined(__s390x__) 1228 BPF_MAX_TRAMP_LINKS = 27, 1229 #else 1230 BPF_MAX_TRAMP_LINKS = 38, 1231 #endif 1232 }; 1233 1234 #define BPF_TRAMP_COOKIE_INDEX_SHIFT 8 1235 #define BPF_TRAMP_IS_RETURN_SHIFT 63 1236 1237 struct bpf_tramp_links { 1238 struct bpf_tramp_link *links[BPF_MAX_TRAMP_LINKS]; 1239 int nr_links; 1240 }; 1241 1242 struct bpf_tramp_run_ctx; 1243 1244 /* Different use cases for BPF trampoline: 1245 * 1. replace nop at the function entry (kprobe equivalent) 1246 * flags = BPF_TRAMP_F_RESTORE_REGS 1247 * fentry = a set of programs to run before returning from trampoline 1248 * 1249 * 2. replace nop at the function entry (kprobe + kretprobe equivalent) 1250 * flags = BPF_TRAMP_F_CALL_ORIG | BPF_TRAMP_F_SKIP_FRAME 1251 * orig_call = fentry_ip + MCOUNT_INSN_SIZE 1252 * fentry = a set of program to run before calling original function 1253 * fexit = a set of program to run after original function 1254 * 1255 * 3. replace direct call instruction anywhere in the function body 1256 * or assign a function pointer for indirect call (like tcp_congestion_ops->cong_avoid) 1257 * With flags = 0 1258 * fentry = a set of programs to run before returning from trampoline 1259 * With flags = BPF_TRAMP_F_CALL_ORIG 1260 * orig_call = original callback addr or direct function addr 1261 * fentry = a set of program to run before calling original function 1262 * fexit = a set of program to run after original function 1263 */ 1264 struct bpf_tramp_image; 1265 int arch_prepare_bpf_trampoline(struct bpf_tramp_image *im, void *image, void *image_end, 1266 const struct btf_func_model *m, u32 flags, 1267 struct bpf_tramp_links *tlinks, 1268 void *func_addr); 1269 void *arch_alloc_bpf_trampoline(unsigned int size); 1270 void arch_free_bpf_trampoline(void *image, unsigned int size); 1271 int __must_check arch_protect_bpf_trampoline(void *image, unsigned int size); 1272 int arch_bpf_trampoline_size(const struct btf_func_model *m, u32 flags, 1273 struct bpf_tramp_links *tlinks, void *func_addr); 1274 1275 u64 notrace __bpf_prog_enter_sleepable_recur(struct bpf_prog *prog, 1276 struct bpf_tramp_run_ctx *run_ctx); 1277 void notrace __bpf_prog_exit_sleepable_recur(struct bpf_prog *prog, u64 start, 1278 struct bpf_tramp_run_ctx *run_ctx); 1279 void notrace __bpf_tramp_enter(struct bpf_tramp_image *tr); 1280 void notrace __bpf_tramp_exit(struct bpf_tramp_image *tr); 1281 typedef u64 (*bpf_trampoline_enter_t)(struct bpf_prog *prog, 1282 struct bpf_tramp_run_ctx *run_ctx); 1283 typedef void (*bpf_trampoline_exit_t)(struct bpf_prog *prog, u64 start, 1284 struct bpf_tramp_run_ctx *run_ctx); 1285 bpf_trampoline_enter_t bpf_trampoline_enter(const struct bpf_prog *prog); 1286 bpf_trampoline_exit_t bpf_trampoline_exit(const struct bpf_prog *prog); 1287 1288 #ifdef CONFIG_DYNAMIC_FTRACE_WITH_JMP 1289 static inline bool bpf_trampoline_use_jmp(u64 flags) 1290 { 1291 return flags & BPF_TRAMP_F_CALL_ORIG && !(flags & BPF_TRAMP_F_SKIP_FRAME); 1292 } 1293 #else 1294 static inline bool bpf_trampoline_use_jmp(u64 flags) 1295 { 1296 return false; 1297 } 1298 #endif 1299 1300 struct bpf_ksym { 1301 unsigned long start; 1302 unsigned long end; 1303 char name[KSYM_NAME_LEN]; 1304 struct list_head lnode; 1305 struct latch_tree_node tnode; 1306 bool prog; 1307 u32 fp_start; 1308 u32 fp_end; 1309 }; 1310 1311 enum bpf_tramp_prog_type { 1312 BPF_TRAMP_FENTRY, 1313 BPF_TRAMP_FEXIT, 1314 BPF_TRAMP_MODIFY_RETURN, 1315 BPF_TRAMP_MAX, 1316 BPF_TRAMP_REPLACE, /* more than MAX */ 1317 BPF_TRAMP_FSESSION, 1318 }; 1319 1320 struct bpf_tramp_image { 1321 void *image; 1322 int size; 1323 struct bpf_ksym ksym; 1324 struct percpu_ref pcref; 1325 void *ip_after_call; 1326 void *ip_epilogue; 1327 union { 1328 struct rcu_head rcu; 1329 struct work_struct work; 1330 }; 1331 }; 1332 1333 struct bpf_trampoline { 1334 /* hlist for trampoline_key_table */ 1335 struct hlist_node hlist_key; 1336 /* hlist for trampoline_ip_table */ 1337 struct hlist_node hlist_ip; 1338 struct ftrace_ops *fops; 1339 /* serializes access to fields of this trampoline */ 1340 struct mutex mutex; 1341 refcount_t refcnt; 1342 u32 flags; 1343 u64 key; 1344 unsigned long ip; 1345 struct { 1346 struct btf_func_model model; 1347 void *addr; 1348 bool ftrace_managed; 1349 } func; 1350 /* if !NULL this is BPF_PROG_TYPE_EXT program that extends another BPF 1351 * program by replacing one of its functions. func.addr is the address 1352 * of the function it replaced. 1353 */ 1354 struct bpf_prog *extension_prog; 1355 /* list of BPF programs using this trampoline */ 1356 struct hlist_head progs_hlist[BPF_TRAMP_MAX]; 1357 /* Number of attached programs. A counter per kind. */ 1358 int progs_cnt[BPF_TRAMP_MAX]; 1359 /* Executable image of trampoline */ 1360 struct bpf_tramp_image *cur_image; 1361 }; 1362 1363 struct bpf_attach_target_info { 1364 struct btf_func_model fmodel; 1365 long tgt_addr; 1366 struct module *tgt_mod; 1367 const char *tgt_name; 1368 const struct btf_type *tgt_type; 1369 }; 1370 1371 #define BPF_DISPATCHER_MAX 48 /* Fits in 2048B */ 1372 1373 struct bpf_dispatcher_prog { 1374 struct bpf_prog *prog; 1375 refcount_t users; 1376 }; 1377 1378 struct bpf_dispatcher { 1379 /* dispatcher mutex */ 1380 struct mutex mutex; 1381 void *func; 1382 struct bpf_dispatcher_prog progs[BPF_DISPATCHER_MAX]; 1383 int num_progs; 1384 void *image; 1385 void *rw_image; 1386 u32 image_off; 1387 struct bpf_ksym ksym; 1388 #ifdef CONFIG_HAVE_STATIC_CALL 1389 struct static_call_key *sc_key; 1390 void *sc_tramp; 1391 #endif 1392 }; 1393 1394 #ifndef __bpfcall 1395 #define __bpfcall __nocfi 1396 #endif 1397 1398 static __always_inline __bpfcall unsigned int bpf_dispatcher_nop_func( 1399 const void *ctx, 1400 const struct bpf_insn *insnsi, 1401 bpf_func_t bpf_func) 1402 { 1403 return bpf_func(ctx, insnsi); 1404 } 1405 1406 /* the implementation of the opaque uapi struct bpf_dynptr */ 1407 struct bpf_dynptr_kern { 1408 void *data; 1409 /* Size represents the number of usable bytes of dynptr data. 1410 * If for example the offset is at 4 for a local dynptr whose data is 1411 * of type u64, the number of usable bytes is 4. 1412 * 1413 * The upper 8 bits are reserved. It is as follows: 1414 * Bits 0 - 23 = size 1415 * Bits 24 - 30 = dynptr type 1416 * Bit 31 = whether dynptr is read-only 1417 */ 1418 u32 size; 1419 u32 offset; 1420 } __aligned(8); 1421 1422 enum bpf_dynptr_type { 1423 BPF_DYNPTR_TYPE_INVALID, 1424 /* Points to memory that is local to the bpf program */ 1425 BPF_DYNPTR_TYPE_LOCAL, 1426 /* Underlying data is a ringbuf record */ 1427 BPF_DYNPTR_TYPE_RINGBUF, 1428 /* Underlying data is a sk_buff */ 1429 BPF_DYNPTR_TYPE_SKB, 1430 /* Underlying data is a xdp_buff */ 1431 BPF_DYNPTR_TYPE_XDP, 1432 /* Points to skb_metadata_end()-skb_metadata_len() */ 1433 BPF_DYNPTR_TYPE_SKB_META, 1434 /* Underlying data is a file */ 1435 BPF_DYNPTR_TYPE_FILE, 1436 }; 1437 1438 int bpf_dynptr_check_size(u64 size); 1439 u64 __bpf_dynptr_size(const struct bpf_dynptr_kern *ptr); 1440 const void *__bpf_dynptr_data(const struct bpf_dynptr_kern *ptr, u64 len); 1441 void *__bpf_dynptr_data_rw(const struct bpf_dynptr_kern *ptr, u64 len); 1442 bool __bpf_dynptr_is_rdonly(const struct bpf_dynptr_kern *ptr); 1443 int __bpf_dynptr_write(const struct bpf_dynptr_kern *dst, u64 offset, 1444 void *src, u64 len, u64 flags); 1445 void *bpf_dynptr_slice_rdwr(const struct bpf_dynptr *p, u64 offset, 1446 void *buffer__nullable, u64 buffer__szk); 1447 1448 static inline int bpf_dynptr_check_off_len(const struct bpf_dynptr_kern *ptr, u64 offset, u64 len) 1449 { 1450 u64 size = __bpf_dynptr_size(ptr); 1451 1452 if (len > size || offset > size - len) 1453 return -E2BIG; 1454 1455 return 0; 1456 } 1457 1458 #ifdef CONFIG_BPF_JIT 1459 int bpf_trampoline_link_prog(struct bpf_tramp_link *link, 1460 struct bpf_trampoline *tr, 1461 struct bpf_prog *tgt_prog); 1462 int bpf_trampoline_unlink_prog(struct bpf_tramp_link *link, 1463 struct bpf_trampoline *tr, 1464 struct bpf_prog *tgt_prog); 1465 struct bpf_trampoline *bpf_trampoline_get(u64 key, 1466 struct bpf_attach_target_info *tgt_info); 1467 void bpf_trampoline_put(struct bpf_trampoline *tr); 1468 int arch_prepare_bpf_dispatcher(void *image, void *buf, s64 *funcs, int num_funcs); 1469 1470 /* 1471 * When the architecture supports STATIC_CALL replace the bpf_dispatcher_fn 1472 * indirection with a direct call to the bpf program. If the architecture does 1473 * not have STATIC_CALL, avoid a double-indirection. 1474 */ 1475 #ifdef CONFIG_HAVE_STATIC_CALL 1476 1477 #define __BPF_DISPATCHER_SC_INIT(_name) \ 1478 .sc_key = &STATIC_CALL_KEY(_name), \ 1479 .sc_tramp = STATIC_CALL_TRAMP_ADDR(_name), 1480 1481 #define __BPF_DISPATCHER_SC(name) \ 1482 DEFINE_STATIC_CALL(bpf_dispatcher_##name##_call, bpf_dispatcher_nop_func) 1483 1484 #define __BPF_DISPATCHER_CALL(name) \ 1485 static_call(bpf_dispatcher_##name##_call)(ctx, insnsi, bpf_func) 1486 1487 #define __BPF_DISPATCHER_UPDATE(_d, _new) \ 1488 __static_call_update((_d)->sc_key, (_d)->sc_tramp, (_new)) 1489 1490 #else 1491 #define __BPF_DISPATCHER_SC_INIT(name) 1492 #define __BPF_DISPATCHER_SC(name) 1493 #define __BPF_DISPATCHER_CALL(name) bpf_func(ctx, insnsi) 1494 #define __BPF_DISPATCHER_UPDATE(_d, _new) 1495 #endif 1496 1497 #define BPF_DISPATCHER_INIT(_name) { \ 1498 .mutex = __MUTEX_INITIALIZER(_name.mutex), \ 1499 .func = &_name##_func, \ 1500 .progs = {}, \ 1501 .num_progs = 0, \ 1502 .image = NULL, \ 1503 .image_off = 0, \ 1504 .ksym = { \ 1505 .name = #_name, \ 1506 .lnode = LIST_HEAD_INIT(_name.ksym.lnode), \ 1507 }, \ 1508 __BPF_DISPATCHER_SC_INIT(_name##_call) \ 1509 } 1510 1511 #define DEFINE_BPF_DISPATCHER(name) \ 1512 __BPF_DISPATCHER_SC(name); \ 1513 noinline __bpfcall unsigned int bpf_dispatcher_##name##_func( \ 1514 const void *ctx, \ 1515 const struct bpf_insn *insnsi, \ 1516 bpf_func_t bpf_func) \ 1517 { \ 1518 return __BPF_DISPATCHER_CALL(name); \ 1519 } \ 1520 EXPORT_SYMBOL(bpf_dispatcher_##name##_func); \ 1521 struct bpf_dispatcher bpf_dispatcher_##name = \ 1522 BPF_DISPATCHER_INIT(bpf_dispatcher_##name); 1523 1524 #define DECLARE_BPF_DISPATCHER(name) \ 1525 unsigned int bpf_dispatcher_##name##_func( \ 1526 const void *ctx, \ 1527 const struct bpf_insn *insnsi, \ 1528 bpf_func_t bpf_func); \ 1529 extern struct bpf_dispatcher bpf_dispatcher_##name; 1530 1531 #define BPF_DISPATCHER_FUNC(name) bpf_dispatcher_##name##_func 1532 #define BPF_DISPATCHER_PTR(name) (&bpf_dispatcher_##name) 1533 void bpf_dispatcher_change_prog(struct bpf_dispatcher *d, struct bpf_prog *from, 1534 struct bpf_prog *to); 1535 /* Called only from JIT-enabled code, so there's no need for stubs. */ 1536 void bpf_image_ksym_init(void *data, unsigned int size, struct bpf_ksym *ksym); 1537 void bpf_image_ksym_add(struct bpf_ksym *ksym); 1538 void bpf_image_ksym_del(struct bpf_ksym *ksym); 1539 void bpf_ksym_add(struct bpf_ksym *ksym); 1540 void bpf_ksym_del(struct bpf_ksym *ksym); 1541 bool bpf_has_frame_pointer(unsigned long ip); 1542 int bpf_jit_charge_modmem(u32 size); 1543 void bpf_jit_uncharge_modmem(u32 size); 1544 bool bpf_prog_has_trampoline(const struct bpf_prog *prog); 1545 bool bpf_insn_is_indirect_target(const struct bpf_verifier_env *env, const struct bpf_prog *prog, 1546 int insn_idx); 1547 #else 1548 static inline int bpf_trampoline_link_prog(struct bpf_tramp_link *link, 1549 struct bpf_trampoline *tr, 1550 struct bpf_prog *tgt_prog) 1551 { 1552 return -ENOTSUPP; 1553 } 1554 static inline int bpf_trampoline_unlink_prog(struct bpf_tramp_link *link, 1555 struct bpf_trampoline *tr, 1556 struct bpf_prog *tgt_prog) 1557 { 1558 return -ENOTSUPP; 1559 } 1560 static inline struct bpf_trampoline *bpf_trampoline_get(u64 key, 1561 struct bpf_attach_target_info *tgt_info) 1562 { 1563 return NULL; 1564 } 1565 static inline void bpf_trampoline_put(struct bpf_trampoline *tr) {} 1566 #define DEFINE_BPF_DISPATCHER(name) 1567 #define DECLARE_BPF_DISPATCHER(name) 1568 #define BPF_DISPATCHER_FUNC(name) bpf_dispatcher_nop_func 1569 #define BPF_DISPATCHER_PTR(name) NULL 1570 static inline void bpf_dispatcher_change_prog(struct bpf_dispatcher *d, 1571 struct bpf_prog *from, 1572 struct bpf_prog *to) {} 1573 static inline bool is_bpf_image_address(unsigned long address) 1574 { 1575 return false; 1576 } 1577 static inline bool bpf_prog_has_trampoline(const struct bpf_prog *prog) 1578 { 1579 return false; 1580 } 1581 #endif 1582 1583 struct bpf_func_info_aux { 1584 u16 linkage; 1585 bool unreliable; 1586 bool called : 1; 1587 bool verified : 1; 1588 }; 1589 1590 enum bpf_jit_poke_reason { 1591 BPF_POKE_REASON_TAIL_CALL, 1592 }; 1593 1594 /* Descriptor of pokes pointing /into/ the JITed image. */ 1595 struct bpf_jit_poke_descriptor { 1596 void *tailcall_target; 1597 void *tailcall_bypass; 1598 void *bypass_addr; 1599 void *aux; 1600 union { 1601 struct { 1602 struct bpf_map *map; 1603 u32 key; 1604 } tail_call; 1605 }; 1606 bool tailcall_target_stable; 1607 u8 adj_off; 1608 u16 reason; 1609 u32 insn_idx; 1610 }; 1611 1612 /* reg_type info for ctx arguments */ 1613 struct bpf_ctx_arg_aux { 1614 u32 offset; 1615 enum bpf_reg_type reg_type; 1616 struct btf *btf; 1617 u32 btf_id; 1618 u32 ref_obj_id; 1619 bool refcounted; 1620 }; 1621 1622 struct btf_mod_pair { 1623 struct btf *btf; 1624 struct module *module; 1625 }; 1626 1627 struct bpf_kfunc_desc_tab; 1628 1629 enum bpf_stream_id { 1630 BPF_STDOUT = 1, 1631 BPF_STDERR = 2, 1632 }; 1633 1634 struct bpf_stream_elem { 1635 struct llist_node node; 1636 int total_len; 1637 int consumed_len; 1638 char str[]; 1639 }; 1640 1641 enum { 1642 /* 100k bytes */ 1643 BPF_STREAM_MAX_CAPACITY = 100000ULL, 1644 }; 1645 1646 struct bpf_stream { 1647 atomic_t capacity; 1648 struct llist_head log; /* list of in-flight stream elements in LIFO order */ 1649 1650 struct mutex lock; /* lock protecting backlog_{head,tail} */ 1651 struct llist_node *backlog_head; /* list of in-flight stream elements in FIFO order */ 1652 struct llist_node *backlog_tail; /* tail of the list above */ 1653 }; 1654 1655 struct bpf_stream_stage { 1656 struct llist_head log; 1657 int len; 1658 }; 1659 1660 struct bpf_prog_aux { 1661 atomic64_t refcnt; 1662 u32 used_map_cnt; 1663 u32 used_btf_cnt; 1664 u32 max_ctx_offset; 1665 u32 max_pkt_offset; 1666 u32 max_tp_access; 1667 u32 stack_depth; 1668 u32 id; 1669 u32 func_cnt; /* used by non-func prog as the number of func progs */ 1670 u32 real_func_cnt; /* includes hidden progs, only used for JIT and freeing progs */ 1671 u32 func_idx; /* 0 for non-func prog, the index in func array for func prog */ 1672 u32 attach_btf_id; /* in-kernel BTF type id to attach to */ 1673 u32 attach_st_ops_member_off; 1674 u32 ctx_arg_info_size; 1675 u32 max_rdonly_access; 1676 u32 max_rdwr_access; 1677 u32 subprog_start; 1678 struct btf *attach_btf; 1679 struct bpf_ctx_arg_aux *ctx_arg_info; 1680 void __percpu *priv_stack_ptr; 1681 struct mutex dst_mutex; /* protects dst_* pointers below, *after* prog becomes visible */ 1682 struct bpf_prog *dst_prog; 1683 struct bpf_trampoline *dst_trampoline; 1684 enum bpf_prog_type saved_dst_prog_type; 1685 enum bpf_attach_type saved_dst_attach_type; 1686 bool verifier_zext; /* Zero extensions has been inserted by verifier. */ 1687 bool dev_bound; /* Program is bound to the netdev. */ 1688 bool offload_requested; /* Program is bound and offloaded to the netdev. */ 1689 bool attach_btf_trace; /* true if attaching to BTF-enabled raw tp */ 1690 bool attach_tracing_prog; /* true if tracing another tracing program */ 1691 bool func_proto_unreliable; 1692 bool tail_call_reachable; 1693 bool xdp_has_frags; 1694 bool exception_cb; 1695 bool exception_boundary; 1696 bool is_extended; /* true if extended by freplace program */ 1697 bool jits_use_priv_stack; 1698 bool priv_stack_requested; 1699 bool changes_pkt_data; 1700 bool might_sleep; 1701 bool kprobe_write_ctx; 1702 u64 prog_array_member_cnt; /* counts how many times as member of prog_array */ 1703 struct mutex ext_mutex; /* mutex for is_extended and prog_array_member_cnt */ 1704 struct bpf_arena *arena; 1705 void (*recursion_detected)(struct bpf_prog *prog); /* callback if recursion is detected */ 1706 /* BTF_KIND_FUNC_PROTO for valid attach_btf_id */ 1707 const struct btf_type *attach_func_proto; 1708 /* function name for valid attach_btf_id */ 1709 const char *attach_func_name; 1710 struct bpf_prog **func; 1711 struct bpf_prog_aux *main_prog_aux; 1712 void *jit_data; /* JIT specific data. arch dependent */ 1713 struct bpf_jit_poke_descriptor *poke_tab; 1714 struct bpf_kfunc_desc_tab *kfunc_tab; 1715 struct bpf_kfunc_btf_tab *kfunc_btf_tab; 1716 u32 size_poke_tab; 1717 #ifdef CONFIG_FINEIBT 1718 struct bpf_ksym ksym_prefix; 1719 #endif 1720 struct bpf_ksym ksym; 1721 const struct bpf_prog_ops *ops; 1722 const struct bpf_struct_ops *st_ops; 1723 struct bpf_map **used_maps; 1724 struct mutex used_maps_mutex; /* mutex for used_maps and used_map_cnt */ 1725 struct btf_mod_pair *used_btfs; 1726 struct bpf_prog *prog; 1727 struct user_struct *user; 1728 u64 load_time; /* ns since boottime */ 1729 u32 verified_insns; 1730 int cgroup_atype; /* enum cgroup_bpf_attach_type */ 1731 struct bpf_map *cgroup_storage[MAX_BPF_CGROUP_STORAGE_TYPE]; 1732 char name[BPF_OBJ_NAME_LEN]; 1733 u64 (*bpf_exception_cb)(u64 cookie, u64 sp, u64 bp, u64, u64); 1734 #ifdef CONFIG_SECURITY 1735 void *security; 1736 #endif 1737 struct bpf_token *token; 1738 struct bpf_prog_offload *offload; 1739 struct btf *btf; 1740 struct bpf_func_info *func_info; 1741 struct bpf_func_info_aux *func_info_aux; 1742 /* bpf_line_info loaded from userspace. linfo->insn_off 1743 * has the xlated insn offset. 1744 * Both the main and sub prog share the same linfo. 1745 * The subprog can access its first linfo by 1746 * using the linfo_idx. 1747 */ 1748 struct bpf_line_info *linfo; 1749 /* jited_linfo is the jited addr of the linfo. It has a 1750 * one to one mapping to linfo: 1751 * jited_linfo[i] is the jited addr for the linfo[i]->insn_off. 1752 * Both the main and sub prog share the same jited_linfo. 1753 * The subprog can access its first jited_linfo by 1754 * using the linfo_idx. 1755 */ 1756 void **jited_linfo; 1757 u32 func_info_cnt; 1758 u32 nr_linfo; 1759 /* subprog can use linfo_idx to access its first linfo and 1760 * jited_linfo. 1761 * main prog always has linfo_idx == 0 1762 */ 1763 u32 linfo_idx; 1764 struct module *mod; 1765 u32 num_exentries; 1766 struct exception_table_entry *extable; 1767 union { 1768 struct work_struct work; 1769 struct rcu_head rcu; 1770 }; 1771 struct bpf_stream stream[2]; 1772 struct mutex st_ops_assoc_mutex; 1773 struct bpf_map __rcu *st_ops_assoc; 1774 }; 1775 1776 #define BPF_NR_CONTEXTS 4 /* normal, softirq, hardirq, NMI */ 1777 1778 struct bpf_prog { 1779 u16 pages; /* Number of allocated pages */ 1780 u16 jited:1, /* Is our filter JIT'ed? */ 1781 jit_requested:1,/* archs need to JIT the prog */ 1782 gpl_compatible:1, /* Is filter GPL compatible? */ 1783 cb_access:1, /* Is control block accessed? */ 1784 dst_needed:1, /* Do we need dst entry? */ 1785 blinding_requested:1, /* needs constant blinding */ 1786 blinded:1, /* Was blinded */ 1787 is_func:1, /* program is a bpf function */ 1788 kprobe_override:1, /* Do we override a kprobe? */ 1789 has_callchain_buf:1, /* callchain buffer allocated? */ 1790 enforce_expected_attach_type:1, /* Enforce expected_attach_type checking at attach time */ 1791 call_get_stack:1, /* Do we call bpf_get_stack() or bpf_get_stackid() */ 1792 call_get_func_ip:1, /* Do we call get_func_ip() */ 1793 call_session_cookie:1, /* Do we call bpf_session_cookie() */ 1794 tstamp_type_access:1, /* Accessed __sk_buff->tstamp_type */ 1795 sleepable:1; /* BPF program is sleepable */ 1796 enum bpf_prog_type type; /* Type of BPF program */ 1797 enum bpf_attach_type expected_attach_type; /* For some prog types */ 1798 u32 len; /* Number of filter blocks */ 1799 u32 jited_len; /* Size of jited insns in bytes */ 1800 union { 1801 u8 digest[SHA256_DIGEST_SIZE]; 1802 u8 tag[BPF_TAG_SIZE]; 1803 }; 1804 struct bpf_prog_stats __percpu *stats; 1805 u8 __percpu *active; /* u8[BPF_NR_CONTEXTS] for recursion protection */ 1806 unsigned int (*bpf_func)(const void *ctx, 1807 const struct bpf_insn *insn); 1808 struct bpf_prog_aux *aux; /* Auxiliary fields */ 1809 struct sock_fprog_kern *orig_prog; /* Original BPF program */ 1810 /* Instructions for interpreter */ 1811 union { 1812 DECLARE_FLEX_ARRAY(struct sock_filter, insns); 1813 DECLARE_FLEX_ARRAY(struct bpf_insn, insnsi); 1814 }; 1815 }; 1816 1817 struct bpf_array_aux { 1818 /* Programs with direct jumps into programs part of this array. */ 1819 struct list_head poke_progs; 1820 struct bpf_map *map; 1821 struct mutex poke_mutex; 1822 struct work_struct work; 1823 }; 1824 1825 struct bpf_link { 1826 atomic64_t refcnt; 1827 u32 id; 1828 enum bpf_link_type type; 1829 const struct bpf_link_ops *ops; 1830 struct bpf_prog *prog; 1831 1832 u32 flags; 1833 enum bpf_attach_type attach_type; 1834 1835 /* rcu is used before freeing, work can be used to schedule that 1836 * RCU-based freeing before that, so they never overlap 1837 */ 1838 union { 1839 struct rcu_head rcu; 1840 struct work_struct work; 1841 }; 1842 /* whether BPF link itself has "sleepable" semantics, which can differ 1843 * from underlying BPF program having a "sleepable" semantics, as BPF 1844 * link's semantics is determined by target attach hook 1845 */ 1846 bool sleepable; 1847 }; 1848 1849 struct bpf_link_ops { 1850 void (*release)(struct bpf_link *link); 1851 /* deallocate link resources callback, called without RCU grace period 1852 * waiting 1853 */ 1854 void (*dealloc)(struct bpf_link *link); 1855 /* deallocate link resources callback, called after RCU grace period; 1856 * if either the underlying BPF program is sleepable or BPF link's 1857 * target hook is sleepable, we'll go through tasks trace RCU GP and 1858 * then "classic" RCU GP; this need for chaining tasks trace and 1859 * classic RCU GPs is designated by setting bpf_link->sleepable flag 1860 * 1861 * For non-sleepable tracepoint links we go through SRCU gp instead, 1862 * since RCU is not used in that case. Sleepable tracepoints still 1863 * follow the scheme above. 1864 */ 1865 void (*dealloc_deferred)(struct bpf_link *link); 1866 int (*detach)(struct bpf_link *link); 1867 int (*update_prog)(struct bpf_link *link, struct bpf_prog *new_prog, 1868 struct bpf_prog *old_prog); 1869 void (*show_fdinfo)(const struct bpf_link *link, struct seq_file *seq); 1870 int (*fill_link_info)(const struct bpf_link *link, 1871 struct bpf_link_info *info); 1872 int (*update_map)(struct bpf_link *link, struct bpf_map *new_map, 1873 struct bpf_map *old_map); 1874 __poll_t (*poll)(struct file *file, struct poll_table_struct *pts); 1875 }; 1876 1877 struct bpf_tramp_link { 1878 struct bpf_link link; 1879 struct hlist_node tramp_hlist; 1880 u64 cookie; 1881 }; 1882 1883 struct bpf_shim_tramp_link { 1884 struct bpf_tramp_link link; 1885 struct bpf_trampoline *trampoline; 1886 }; 1887 1888 struct bpf_tracing_link { 1889 struct bpf_tramp_link link; 1890 struct bpf_trampoline *trampoline; 1891 struct bpf_prog *tgt_prog; 1892 }; 1893 1894 struct bpf_fsession_link { 1895 struct bpf_tracing_link link; 1896 struct bpf_tramp_link fexit; 1897 }; 1898 1899 struct bpf_raw_tp_link { 1900 struct bpf_link link; 1901 struct bpf_raw_event_map *btp; 1902 u64 cookie; 1903 }; 1904 1905 struct bpf_link_primer { 1906 struct bpf_link *link; 1907 struct file *file; 1908 int fd; 1909 u32 id; 1910 }; 1911 1912 struct bpf_mount_opts { 1913 kuid_t uid; 1914 kgid_t gid; 1915 umode_t mode; 1916 1917 /* BPF token-related delegation options */ 1918 u64 delegate_cmds; 1919 u64 delegate_maps; 1920 u64 delegate_progs; 1921 u64 delegate_attachs; 1922 1923 struct simple_xattr_cache xa_cache; 1924 }; 1925 1926 struct bpf_token { 1927 struct work_struct work; 1928 atomic64_t refcnt; 1929 struct user_namespace *userns; 1930 u64 allowed_cmds; 1931 u64 allowed_maps; 1932 u64 allowed_progs; 1933 u64 allowed_attachs; 1934 #ifdef CONFIG_SECURITY 1935 void *security; 1936 #endif 1937 }; 1938 1939 struct bpf_struct_ops_value; 1940 struct btf_member; 1941 1942 #define BPF_STRUCT_OPS_MAX_NR_MEMBERS 64 1943 /** 1944 * struct bpf_struct_ops - A structure of callbacks allowing a subsystem to 1945 * define a BPF_MAP_TYPE_STRUCT_OPS map type composed 1946 * of BPF_PROG_TYPE_STRUCT_OPS progs. 1947 * @verifier_ops: A structure of callbacks that are invoked by the verifier 1948 * when determining whether the struct_ops progs in the 1949 * struct_ops map are valid. 1950 * @init: A callback that is invoked a single time, and before any other 1951 * callback, to initialize the structure. A nonzero return value means 1952 * the subsystem could not be initialized. 1953 * @check_member: When defined, a callback invoked by the verifier to allow 1954 * the subsystem to determine if an entry in the struct_ops map 1955 * is valid. A nonzero return value means that the map is 1956 * invalid and should be rejected by the verifier. 1957 * @init_member: A callback that is invoked for each member of the struct_ops 1958 * map to allow the subsystem to initialize the member. A nonzero 1959 * value means the member could not be initialized. This callback 1960 * is exclusive with the @type, @type_id, @value_type, and 1961 * @value_id fields. 1962 * @reg: A callback that is invoked when the struct_ops map has been 1963 * initialized and is being attached to. Zero means the struct_ops map 1964 * has been successfully registered and is live. A nonzero return value 1965 * means the struct_ops map could not be registered. 1966 * @unreg: A callback that is invoked when the struct_ops map should be 1967 * unregistered. 1968 * @update: A callback that is invoked when the live struct_ops map is being 1969 * updated to contain new values. This callback is only invoked when 1970 * the struct_ops map is loaded with BPF_F_LINK. If not defined, the 1971 * it is assumed that the struct_ops map cannot be updated. 1972 * @validate: A callback that is invoked after all of the members have been 1973 * initialized. This callback should perform static checks on the 1974 * map, meaning that it should either fail or succeed 1975 * deterministically. A struct_ops map that has been validated may 1976 * not necessarily succeed in being registered if the call to @reg 1977 * fails. For example, a valid struct_ops map may be loaded, but 1978 * then fail to be registered due to there being another active 1979 * struct_ops map on the system in the subsystem already. For this 1980 * reason, if this callback is not defined, the check is skipped as 1981 * the struct_ops map will have final verification performed in 1982 * @reg. 1983 * @cfi_stubs: Pointer to a structure of stub functions for CFI. These stubs 1984 * provide the correct Control Flow Integrity hashes for the 1985 * trampolines generated by BPF struct_ops. 1986 * @owner: The module that owns this struct_ops. Used for module reference 1987 * counting to ensure the module providing the struct_ops cannot be 1988 * unloaded while in use. 1989 * @name: The name of the struct bpf_struct_ops object. 1990 * @func_models: Func models 1991 */ 1992 struct bpf_struct_ops { 1993 const struct bpf_verifier_ops *verifier_ops; 1994 int (*init)(struct btf *btf); 1995 int (*check_member)(const struct btf_type *t, 1996 const struct btf_member *member, 1997 const struct bpf_prog *prog); 1998 int (*init_member)(const struct btf_type *t, 1999 const struct btf_member *member, 2000 void *kdata, const void *udata); 2001 int (*reg)(void *kdata, struct bpf_link *link); 2002 void (*unreg)(void *kdata, struct bpf_link *link); 2003 int (*update)(void *kdata, void *old_kdata, struct bpf_link *link); 2004 int (*validate)(void *kdata); 2005 void *cfi_stubs; 2006 struct module *owner; 2007 const char *name; 2008 struct btf_func_model func_models[BPF_STRUCT_OPS_MAX_NR_MEMBERS]; 2009 }; 2010 2011 /* Every member of a struct_ops type has an instance even a member is not 2012 * an operator (function pointer). The "info" field will be assigned to 2013 * prog->aux->ctx_arg_info of BPF struct_ops programs to provide the 2014 * argument information required by the verifier to verify the program. 2015 * 2016 * btf_ctx_access() will lookup prog->aux->ctx_arg_info to find the 2017 * corresponding entry for an given argument. 2018 */ 2019 struct bpf_struct_ops_arg_info { 2020 struct bpf_ctx_arg_aux *info; 2021 u32 cnt; 2022 }; 2023 2024 struct bpf_struct_ops_desc { 2025 struct bpf_struct_ops *st_ops; 2026 2027 const struct btf_type *type; 2028 const struct btf_type *value_type; 2029 u32 type_id; 2030 u32 value_id; 2031 2032 /* Collection of argument information for each member */ 2033 struct bpf_struct_ops_arg_info *arg_info; 2034 }; 2035 2036 enum bpf_struct_ops_state { 2037 BPF_STRUCT_OPS_STATE_INIT, 2038 BPF_STRUCT_OPS_STATE_INUSE, 2039 BPF_STRUCT_OPS_STATE_TOBEFREE, 2040 BPF_STRUCT_OPS_STATE_READY, 2041 }; 2042 2043 struct bpf_struct_ops_common_value { 2044 refcount_t refcnt; 2045 enum bpf_struct_ops_state state; 2046 }; 2047 2048 static inline bool bpf_prog_get_recursion_context(struct bpf_prog *prog) 2049 { 2050 #ifdef CONFIG_ARM64 2051 u8 rctx = interrupt_context_level(); 2052 u8 *active = this_cpu_ptr(prog->active); 2053 u32 val; 2054 2055 preempt_disable(); 2056 active[rctx]++; 2057 val = le32_to_cpu(*(__le32 *)active); 2058 preempt_enable(); 2059 if (val != BIT(rctx * 8)) 2060 return false; 2061 2062 return true; 2063 #else 2064 return this_cpu_inc_return(*(int __percpu *)(prog->active)) == 1; 2065 #endif 2066 } 2067 2068 static inline void bpf_prog_put_recursion_context(struct bpf_prog *prog) 2069 { 2070 #ifdef CONFIG_ARM64 2071 u8 rctx = interrupt_context_level(); 2072 u8 *active = this_cpu_ptr(prog->active); 2073 2074 preempt_disable(); 2075 active[rctx]--; 2076 preempt_enable(); 2077 #else 2078 this_cpu_dec(*(int __percpu *)(prog->active)); 2079 #endif 2080 } 2081 2082 #if defined(CONFIG_BPF_JIT) && defined(CONFIG_BPF_SYSCALL) 2083 /* This macro helps developer to register a struct_ops type and generate 2084 * type information correctly. Developers should use this macro to register 2085 * a struct_ops type instead of calling __register_bpf_struct_ops() directly. 2086 */ 2087 #define register_bpf_struct_ops(st_ops, type) \ 2088 ({ \ 2089 struct bpf_struct_ops_##type { \ 2090 struct bpf_struct_ops_common_value common; \ 2091 struct type data ____cacheline_aligned_in_smp; \ 2092 }; \ 2093 BTF_TYPE_EMIT(struct bpf_struct_ops_##type); \ 2094 __register_bpf_struct_ops(st_ops); \ 2095 }) 2096 #define BPF_MODULE_OWNER ((void *)((0xeB9FUL << 2) + POISON_POINTER_DELTA)) 2097 bool bpf_struct_ops_get(const void *kdata); 2098 void bpf_struct_ops_put(const void *kdata); 2099 int bpf_struct_ops_supported(const struct bpf_struct_ops *st_ops, u32 moff); 2100 int bpf_struct_ops_map_sys_lookup_elem(struct bpf_map *map, void *key, 2101 void *value); 2102 int bpf_struct_ops_prepare_trampoline(struct bpf_tramp_links *tlinks, 2103 struct bpf_tramp_link *link, 2104 const struct btf_func_model *model, 2105 void *stub_func, 2106 void **image, u32 *image_off, 2107 bool allow_alloc); 2108 void bpf_struct_ops_image_free(void *image); 2109 static inline bool bpf_try_module_get(const void *data, struct module *owner) 2110 { 2111 if (owner == BPF_MODULE_OWNER) 2112 return bpf_struct_ops_get(data); 2113 else 2114 return try_module_get(owner); 2115 } 2116 static inline void bpf_module_put(const void *data, struct module *owner) 2117 { 2118 if (owner == BPF_MODULE_OWNER) 2119 bpf_struct_ops_put(data); 2120 else 2121 module_put(owner); 2122 } 2123 int bpf_struct_ops_link_create(union bpf_attr *attr); 2124 int bpf_prog_assoc_struct_ops(struct bpf_prog *prog, struct bpf_map *map); 2125 void bpf_prog_disassoc_struct_ops(struct bpf_prog *prog); 2126 void *bpf_prog_get_assoc_struct_ops(const struct bpf_prog_aux *aux); 2127 u32 bpf_struct_ops_id(const void *kdata); 2128 2129 #ifdef CONFIG_NET 2130 /* Define it here to avoid the use of forward declaration */ 2131 struct bpf_dummy_ops_state { 2132 int val; 2133 }; 2134 2135 struct bpf_dummy_ops { 2136 int (*test_1)(struct bpf_dummy_ops_state *cb); 2137 int (*test_2)(struct bpf_dummy_ops_state *cb, int a1, unsigned short a2, 2138 char a3, unsigned long a4); 2139 int (*test_sleepable)(struct bpf_dummy_ops_state *cb); 2140 }; 2141 2142 int bpf_struct_ops_test_run(struct bpf_prog *prog, const union bpf_attr *kattr, 2143 union bpf_attr __user *uattr); 2144 #endif 2145 int bpf_struct_ops_desc_init(struct bpf_struct_ops_desc *st_ops_desc, 2146 struct btf *btf, 2147 struct bpf_verifier_log *log); 2148 void bpf_map_struct_ops_info_fill(struct bpf_map_info *info, struct bpf_map *map); 2149 void bpf_struct_ops_desc_release(struct bpf_struct_ops_desc *st_ops_desc); 2150 #else 2151 #define register_bpf_struct_ops(st_ops, type) ({ (void *)(st_ops); 0; }) 2152 static inline bool bpf_try_module_get(const void *data, struct module *owner) 2153 { 2154 return try_module_get(owner); 2155 } 2156 static inline void bpf_module_put(const void *data, struct module *owner) 2157 { 2158 module_put(owner); 2159 } 2160 static inline int bpf_struct_ops_supported(const struct bpf_struct_ops *st_ops, u32 moff) 2161 { 2162 return -ENOTSUPP; 2163 } 2164 static inline int bpf_struct_ops_map_sys_lookup_elem(struct bpf_map *map, 2165 void *key, 2166 void *value) 2167 { 2168 return -EINVAL; 2169 } 2170 static inline int bpf_struct_ops_link_create(union bpf_attr *attr) 2171 { 2172 return -EOPNOTSUPP; 2173 } 2174 static inline int bpf_prog_assoc_struct_ops(struct bpf_prog *prog, struct bpf_map *map) 2175 { 2176 return -EOPNOTSUPP; 2177 } 2178 static inline void bpf_prog_disassoc_struct_ops(struct bpf_prog *prog) 2179 { 2180 } 2181 static inline void *bpf_prog_get_assoc_struct_ops(const struct bpf_prog_aux *aux) 2182 { 2183 return NULL; 2184 } 2185 static inline void bpf_map_struct_ops_info_fill(struct bpf_map_info *info, struct bpf_map *map) 2186 { 2187 } 2188 2189 static inline void bpf_struct_ops_desc_release(struct bpf_struct_ops_desc *st_ops_desc) 2190 { 2191 } 2192 2193 #endif 2194 2195 static inline int bpf_fsession_cnt(struct bpf_tramp_links *links) 2196 { 2197 struct bpf_tramp_links fentries = links[BPF_TRAMP_FENTRY]; 2198 int cnt = 0; 2199 2200 for (int i = 0; i < links[BPF_TRAMP_FENTRY].nr_links; i++) { 2201 if (fentries.links[i]->link.prog->expected_attach_type == BPF_TRACE_FSESSION) 2202 cnt++; 2203 } 2204 2205 return cnt; 2206 } 2207 2208 static inline bool bpf_prog_calls_session_cookie(struct bpf_tramp_link *link) 2209 { 2210 return link->link.prog->call_session_cookie; 2211 } 2212 2213 static inline int bpf_fsession_cookie_cnt(struct bpf_tramp_links *links) 2214 { 2215 struct bpf_tramp_links fentries = links[BPF_TRAMP_FENTRY]; 2216 int cnt = 0; 2217 2218 for (int i = 0; i < links[BPF_TRAMP_FENTRY].nr_links; i++) { 2219 if (bpf_prog_calls_session_cookie(fentries.links[i])) 2220 cnt++; 2221 } 2222 2223 return cnt; 2224 } 2225 2226 int bpf_prog_ctx_arg_info_init(struct bpf_prog *prog, 2227 const struct bpf_ctx_arg_aux *info, u32 cnt); 2228 2229 #if defined(CONFIG_CGROUP_BPF) && defined(CONFIG_BPF_LSM) 2230 int bpf_trampoline_link_cgroup_shim(struct bpf_prog *prog, 2231 int cgroup_atype, 2232 enum bpf_attach_type attach_type); 2233 void bpf_trampoline_unlink_cgroup_shim(struct bpf_prog *prog); 2234 #else 2235 static inline int bpf_trampoline_link_cgroup_shim(struct bpf_prog *prog, 2236 int cgroup_atype, 2237 enum bpf_attach_type attach_type) 2238 { 2239 return -EOPNOTSUPP; 2240 } 2241 static inline void bpf_trampoline_unlink_cgroup_shim(struct bpf_prog *prog) 2242 { 2243 } 2244 #endif 2245 2246 struct bpf_array { 2247 struct bpf_map map; 2248 u32 elem_size; 2249 u32 index_mask; 2250 struct bpf_array_aux *aux; 2251 union { 2252 DECLARE_FLEX_ARRAY(char, value) __aligned(8); 2253 DECLARE_FLEX_ARRAY(void *, ptrs) __aligned(8); 2254 DECLARE_FLEX_ARRAY(void __percpu *, pptrs) __aligned(8); 2255 }; 2256 }; 2257 2258 /* 2259 * The bpf_array_get_next_key() function may be used for all array-like 2260 * maps, i.e., maps with u32 keys with range [0 ,..., max_entries) 2261 */ 2262 int bpf_array_get_next_key(struct bpf_map *map, void *key, void *next_key); 2263 2264 #define BPF_COMPLEXITY_LIMIT_INSNS 1000000 /* yes. 1M insns */ 2265 #define MAX_TAIL_CALL_CNT 33 2266 2267 /* Maximum number of loops for bpf_loop and bpf_iter_num. 2268 * It's enum to expose it (and thus make it discoverable) through BTF. 2269 */ 2270 enum { 2271 BPF_MAX_LOOPS = 8 * 1024 * 1024, 2272 BPF_MAX_TIMED_LOOPS = 0xffff, 2273 }; 2274 2275 #define BPF_F_ACCESS_MASK (BPF_F_RDONLY | \ 2276 BPF_F_RDONLY_PROG | \ 2277 BPF_F_WRONLY | \ 2278 BPF_F_WRONLY_PROG) 2279 2280 #define BPF_MAP_CAN_READ BIT(0) 2281 #define BPF_MAP_CAN_WRITE BIT(1) 2282 2283 /* Maximum number of user-producer ring buffer samples that can be drained in 2284 * a call to bpf_user_ringbuf_drain(). 2285 */ 2286 #define BPF_MAX_USER_RINGBUF_SAMPLES (128 * 1024) 2287 2288 static inline u32 bpf_map_flags_to_cap(struct bpf_map *map) 2289 { 2290 u32 access_flags = map->map_flags & (BPF_F_RDONLY_PROG | BPF_F_WRONLY_PROG); 2291 2292 /* Combination of BPF_F_RDONLY_PROG | BPF_F_WRONLY_PROG is 2293 * not possible. 2294 */ 2295 if (access_flags & BPF_F_RDONLY_PROG) 2296 return BPF_MAP_CAN_READ; 2297 else if (access_flags & BPF_F_WRONLY_PROG) 2298 return BPF_MAP_CAN_WRITE; 2299 else 2300 return BPF_MAP_CAN_READ | BPF_MAP_CAN_WRITE; 2301 } 2302 2303 static inline bool bpf_map_flags_access_ok(u32 access_flags) 2304 { 2305 return (access_flags & (BPF_F_RDONLY_PROG | BPF_F_WRONLY_PROG)) != 2306 (BPF_F_RDONLY_PROG | BPF_F_WRONLY_PROG); 2307 } 2308 2309 static inline struct bpf_map_owner *bpf_map_owner_alloc(struct bpf_map *map) 2310 { 2311 return kzalloc_obj(*map->owner, GFP_ATOMIC); 2312 } 2313 2314 static inline void bpf_map_owner_free(struct bpf_map *map) 2315 { 2316 kfree(map->owner); 2317 } 2318 2319 struct bpf_event_entry { 2320 struct perf_event *event; 2321 struct file *perf_file; 2322 struct file *map_file; 2323 struct rcu_head rcu; 2324 }; 2325 2326 static inline bool map_type_contains_progs(struct bpf_map *map) 2327 { 2328 return map->map_type == BPF_MAP_TYPE_PROG_ARRAY || 2329 map->map_type == BPF_MAP_TYPE_DEVMAP || 2330 map->map_type == BPF_MAP_TYPE_CPUMAP; 2331 } 2332 2333 bool bpf_prog_map_compatible(struct bpf_map *map, const struct bpf_prog *fp); 2334 int bpf_prog_calc_tag(struct bpf_prog *fp); 2335 2336 const struct bpf_func_proto *bpf_get_trace_printk_proto(void); 2337 const struct bpf_func_proto *bpf_get_trace_vprintk_proto(void); 2338 2339 const struct bpf_func_proto *bpf_get_perf_event_read_value_proto(void); 2340 2341 typedef unsigned long (*bpf_ctx_copy_t)(void *dst, const void *src, 2342 unsigned long off, unsigned long len); 2343 typedef u32 (*bpf_convert_ctx_access_t)(enum bpf_access_type type, 2344 const struct bpf_insn *src, 2345 struct bpf_insn *dst, 2346 struct bpf_prog *prog, 2347 u32 *target_size); 2348 2349 u64 bpf_event_output(struct bpf_map *map, u64 flags, void *meta, u64 meta_size, 2350 void *ctx, u64 ctx_size, bpf_ctx_copy_t ctx_copy); 2351 2352 /* an array of programs to be executed under rcu_lock. 2353 * 2354 * Typical usage: 2355 * ret = bpf_prog_run_array(rcu_dereference(&bpf_prog_array), ctx, bpf_prog_run); 2356 * 2357 * the structure returned by bpf_prog_array_alloc() should be populated 2358 * with program pointers and the last pointer must be NULL. 2359 * The user has to keep refcnt on the program and make sure the program 2360 * is removed from the array before bpf_prog_put(). 2361 * The 'struct bpf_prog_array *' should only be replaced with xchg() 2362 * since other cpus are walking the array of pointers in parallel. 2363 */ 2364 struct bpf_prog_array_item { 2365 struct bpf_prog *prog; 2366 union { 2367 struct bpf_cgroup_storage *cgroup_storage[MAX_BPF_CGROUP_STORAGE_TYPE]; 2368 u64 bpf_cookie; 2369 }; 2370 }; 2371 2372 struct bpf_prog_array { 2373 struct rcu_head rcu; 2374 struct bpf_prog_array_item items[]; 2375 }; 2376 2377 /* to avoid allocating empty bpf_prog_array for cgroups that 2378 * don't have bpf program attached use one global 'bpf_empty_prog_array' 2379 * It will not be modified the caller of bpf_prog_array_alloc() 2380 * (since caller requested prog_cnt == 0) 2381 * that pointer should be 'freed' by bpf_prog_array_free() 2382 */ 2383 extern struct bpf_prog_array bpf_empty_prog_array; 2384 2385 struct bpf_prog_array *bpf_prog_array_alloc(u32 prog_cnt, gfp_t flags); 2386 void bpf_prog_array_free(struct bpf_prog_array *progs); 2387 /* Use when traversal over the bpf_prog_array uses tasks_trace rcu */ 2388 void bpf_prog_array_free_sleepable(struct bpf_prog_array *progs); 2389 int bpf_prog_array_length(struct bpf_prog_array *progs); 2390 bool bpf_prog_array_is_empty(struct bpf_prog_array *array); 2391 int bpf_prog_array_copy_to_user(struct bpf_prog_array *progs, 2392 __u32 __user *prog_ids, u32 cnt); 2393 2394 void bpf_prog_array_delete_safe(struct bpf_prog_array *progs, 2395 struct bpf_prog *old_prog); 2396 int bpf_prog_array_delete_safe_at(struct bpf_prog_array *array, int index); 2397 int bpf_prog_array_update_at(struct bpf_prog_array *array, int index, 2398 struct bpf_prog *prog); 2399 int bpf_prog_array_copy_info(struct bpf_prog_array *array, 2400 u32 *prog_ids, u32 request_cnt, 2401 u32 *prog_cnt); 2402 int bpf_prog_array_copy(struct bpf_prog_array *old_array, 2403 struct bpf_prog *exclude_prog, 2404 struct bpf_prog *include_prog, 2405 u64 bpf_cookie, 2406 struct bpf_prog_array **new_array); 2407 2408 struct bpf_run_ctx {}; 2409 2410 struct bpf_cg_run_ctx { 2411 struct bpf_run_ctx run_ctx; 2412 const struct bpf_prog_array_item *prog_item; 2413 int retval; 2414 }; 2415 2416 struct bpf_trace_run_ctx { 2417 struct bpf_run_ctx run_ctx; 2418 u64 bpf_cookie; 2419 bool is_uprobe; 2420 }; 2421 2422 struct bpf_tramp_run_ctx { 2423 struct bpf_run_ctx run_ctx; 2424 u64 bpf_cookie; 2425 struct bpf_run_ctx *saved_run_ctx; 2426 }; 2427 2428 static inline struct bpf_run_ctx *bpf_set_run_ctx(struct bpf_run_ctx *new_ctx) 2429 { 2430 struct bpf_run_ctx *old_ctx = NULL; 2431 2432 #ifdef CONFIG_BPF_SYSCALL 2433 old_ctx = current->bpf_ctx; 2434 current->bpf_ctx = new_ctx; 2435 #endif 2436 return old_ctx; 2437 } 2438 2439 static inline void bpf_reset_run_ctx(struct bpf_run_ctx *old_ctx) 2440 { 2441 #ifdef CONFIG_BPF_SYSCALL 2442 current->bpf_ctx = old_ctx; 2443 #endif 2444 } 2445 2446 /* BPF program asks to bypass CAP_NET_BIND_SERVICE in bind. */ 2447 #define BPF_RET_BIND_NO_CAP_NET_BIND_SERVICE (1 << 0) 2448 /* BPF program asks to set CN on the packet. */ 2449 #define BPF_RET_SET_CN (1 << 0) 2450 2451 typedef u32 (*bpf_prog_run_fn)(const struct bpf_prog *prog, const void *ctx); 2452 2453 static __always_inline u32 2454 bpf_prog_run_array(const struct bpf_prog_array *array, 2455 const void *ctx, bpf_prog_run_fn run_prog) 2456 { 2457 const struct bpf_prog_array_item *item; 2458 const struct bpf_prog *prog; 2459 struct bpf_run_ctx *old_run_ctx; 2460 struct bpf_trace_run_ctx run_ctx; 2461 u32 ret = 1; 2462 2463 RCU_LOCKDEP_WARN(!rcu_read_lock_held(), "no rcu lock held"); 2464 2465 if (unlikely(!array)) 2466 return ret; 2467 2468 run_ctx.is_uprobe = false; 2469 2470 migrate_disable(); 2471 old_run_ctx = bpf_set_run_ctx(&run_ctx.run_ctx); 2472 item = &array->items[0]; 2473 while ((prog = READ_ONCE(item->prog))) { 2474 run_ctx.bpf_cookie = item->bpf_cookie; 2475 ret &= run_prog(prog, ctx); 2476 item++; 2477 } 2478 bpf_reset_run_ctx(old_run_ctx); 2479 migrate_enable(); 2480 return ret; 2481 } 2482 2483 /* Notes on RCU design for bpf_prog_arrays containing sleepable programs: 2484 * 2485 * We use the tasks_trace rcu flavor read section to protect the bpf_prog_array 2486 * overall. As a result, we must use the bpf_prog_array_free_sleepable 2487 * in order to use the tasks_trace rcu grace period. 2488 * 2489 * When a non-sleepable program is inside the array, we take the rcu read 2490 * section and disable preemption for that program alone, so it can access 2491 * rcu-protected dynamically sized maps. 2492 */ 2493 static __always_inline u32 2494 bpf_prog_run_array_uprobe(const struct bpf_prog_array *array, 2495 const void *ctx, bpf_prog_run_fn run_prog) 2496 { 2497 const struct bpf_prog_array_item *item; 2498 const struct bpf_prog *prog; 2499 struct bpf_run_ctx *old_run_ctx; 2500 struct bpf_trace_run_ctx run_ctx; 2501 u32 ret = 1; 2502 2503 might_fault(); 2504 RCU_LOCKDEP_WARN(!rcu_read_lock_trace_held(), "no rcu lock held"); 2505 2506 if (unlikely(!array)) 2507 return ret; 2508 2509 migrate_disable(); 2510 2511 run_ctx.is_uprobe = true; 2512 2513 old_run_ctx = bpf_set_run_ctx(&run_ctx.run_ctx); 2514 item = &array->items[0]; 2515 while ((prog = READ_ONCE(item->prog))) { 2516 if (!prog->sleepable) 2517 rcu_read_lock(); 2518 2519 run_ctx.bpf_cookie = item->bpf_cookie; 2520 ret &= run_prog(prog, ctx); 2521 item++; 2522 2523 if (!prog->sleepable) 2524 rcu_read_unlock(); 2525 } 2526 bpf_reset_run_ctx(old_run_ctx); 2527 migrate_enable(); 2528 return ret; 2529 } 2530 2531 bool bpf_jit_bypass_spec_v1(void); 2532 bool bpf_jit_bypass_spec_v4(void); 2533 2534 #define bpf_rcu_lock_held() \ 2535 (rcu_read_lock_held() || rcu_read_lock_trace_held() || rcu_read_lock_bh_held()) 2536 2537 #ifdef CONFIG_BPF_SYSCALL 2538 DECLARE_PER_CPU(int, bpf_prog_active); 2539 extern struct mutex bpf_stats_enabled_mutex; 2540 2541 /* 2542 * Block execution of BPF programs attached to instrumentation (perf, 2543 * kprobes, tracepoints) to prevent deadlocks on map operations as any of 2544 * these events can happen inside a region which holds a map bucket lock 2545 * and can deadlock on it. 2546 */ 2547 static inline void bpf_disable_instrumentation(void) 2548 { 2549 migrate_disable(); 2550 this_cpu_inc(bpf_prog_active); 2551 } 2552 2553 static inline void bpf_enable_instrumentation(void) 2554 { 2555 this_cpu_dec(bpf_prog_active); 2556 migrate_enable(); 2557 } 2558 2559 extern const struct super_operations bpf_super_ops; 2560 extern const struct file_operations bpf_map_fops; 2561 extern const struct file_operations bpf_prog_fops; 2562 extern const struct file_operations bpf_iter_fops; 2563 extern const struct file_operations bpf_token_fops; 2564 2565 #define BPF_PROG_TYPE(_id, _name, prog_ctx_type, kern_ctx_type) \ 2566 extern const struct bpf_prog_ops _name ## _prog_ops; \ 2567 extern const struct bpf_verifier_ops _name ## _verifier_ops; 2568 #define BPF_MAP_TYPE(_id, _ops) \ 2569 extern const struct bpf_map_ops _ops; 2570 #define BPF_LINK_TYPE(_id, _name) 2571 #include <linux/bpf_types.h> 2572 #undef BPF_PROG_TYPE 2573 #undef BPF_MAP_TYPE 2574 #undef BPF_LINK_TYPE 2575 2576 extern const struct bpf_prog_ops bpf_offload_prog_ops; 2577 extern const struct bpf_verifier_ops tc_cls_act_analyzer_ops; 2578 extern const struct bpf_verifier_ops xdp_analyzer_ops; 2579 2580 struct bpf_prog *bpf_prog_get(u32 ufd); 2581 struct bpf_prog *bpf_prog_get_type_dev(u32 ufd, enum bpf_prog_type type, 2582 bool attach_drv); 2583 void bpf_prog_add(struct bpf_prog *prog, int i); 2584 void bpf_prog_sub(struct bpf_prog *prog, int i); 2585 void bpf_prog_inc(struct bpf_prog *prog); 2586 struct bpf_prog * __must_check bpf_prog_inc_not_zero(struct bpf_prog *prog); 2587 void bpf_prog_put(struct bpf_prog *prog); 2588 2589 void bpf_prog_free_id(struct bpf_prog *prog); 2590 void bpf_map_free_id(struct bpf_map *map); 2591 2592 struct btf_field *btf_record_find(const struct btf_record *rec, 2593 u32 offset, u32 field_mask); 2594 void btf_record_free(struct btf_record *rec); 2595 void bpf_map_free_record(struct bpf_map *map); 2596 struct btf_record *btf_record_dup(const struct btf_record *rec); 2597 bool btf_record_equal(const struct btf_record *rec_a, const struct btf_record *rec_b); 2598 void bpf_obj_free_timer(const struct btf_record *rec, void *obj); 2599 void bpf_obj_free_workqueue(const struct btf_record *rec, void *obj); 2600 void bpf_obj_free_task_work(const struct btf_record *rec, void *obj); 2601 void bpf_obj_free_fields(const struct btf_record *rec, void *obj); 2602 void __bpf_obj_drop_impl(void *p, const struct btf_record *rec, bool percpu); 2603 2604 struct bpf_map *bpf_map_get(u32 ufd); 2605 struct bpf_map *bpf_map_get_with_uref(u32 ufd); 2606 2607 /* 2608 * The __bpf_map_get() and __btf_get_by_fd() functions parse a file 2609 * descriptor and return a corresponding map or btf object. 2610 * Their names are double underscored to emphasize the fact that they 2611 * do not increase refcnt. To also increase refcnt use corresponding 2612 * bpf_map_get() and btf_get_by_fd() functions. 2613 */ 2614 2615 static inline struct bpf_map *__bpf_map_get(struct fd f) 2616 { 2617 if (fd_empty(f)) 2618 return ERR_PTR(-EBADF); 2619 if (unlikely(fd_file(f)->f_op != &bpf_map_fops)) 2620 return ERR_PTR(-EINVAL); 2621 return fd_file(f)->private_data; 2622 } 2623 2624 static inline struct btf *__btf_get_by_fd(struct fd f) 2625 { 2626 if (fd_empty(f)) 2627 return ERR_PTR(-EBADF); 2628 if (unlikely(fd_file(f)->f_op != &btf_fops)) 2629 return ERR_PTR(-EINVAL); 2630 return fd_file(f)->private_data; 2631 } 2632 2633 void bpf_map_inc(struct bpf_map *map); 2634 void bpf_map_inc_with_uref(struct bpf_map *map); 2635 struct bpf_map *__bpf_map_inc_not_zero(struct bpf_map *map, bool uref); 2636 struct bpf_map * __must_check bpf_map_inc_not_zero(struct bpf_map *map); 2637 void bpf_map_put_with_uref(struct bpf_map *map); 2638 void bpf_map_put(struct bpf_map *map); 2639 void *bpf_map_area_alloc(u64 size, int numa_node); 2640 void *bpf_map_area_mmapable_alloc(u64 size, int numa_node); 2641 void bpf_map_area_free(void *base); 2642 bool bpf_map_write_active(const struct bpf_map *map); 2643 void bpf_map_init_from_attr(struct bpf_map *map, union bpf_attr *attr); 2644 int generic_map_lookup_batch(struct bpf_map *map, 2645 const union bpf_attr *attr, 2646 union bpf_attr __user *uattr); 2647 int generic_map_update_batch(struct bpf_map *map, struct file *map_file, 2648 const union bpf_attr *attr, 2649 union bpf_attr __user *uattr); 2650 int generic_map_delete_batch(struct bpf_map *map, 2651 const union bpf_attr *attr, 2652 union bpf_attr __user *uattr); 2653 struct bpf_map *bpf_map_get_curr_or_next(u32 *id); 2654 struct bpf_prog *bpf_prog_get_curr_or_next(u32 *id); 2655 2656 2657 int bpf_map_alloc_pages(const struct bpf_map *map, int nid, 2658 unsigned long nr_pages, struct page **page_array); 2659 #ifdef CONFIG_MEMCG 2660 void bpf_map_memcg_enter(const struct bpf_map *map, struct mem_cgroup **old_memcg, 2661 struct mem_cgroup **new_memcg); 2662 void bpf_map_memcg_exit(struct mem_cgroup *old_memcg, 2663 struct mem_cgroup *memcg); 2664 void *bpf_map_kmalloc_node(const struct bpf_map *map, size_t size, gfp_t flags, 2665 int node); 2666 void *bpf_map_kmalloc_nolock(const struct bpf_map *map, size_t size, gfp_t flags, 2667 int node); 2668 void *bpf_map_kzalloc(const struct bpf_map *map, size_t size, gfp_t flags); 2669 void *bpf_map_kvcalloc(struct bpf_map *map, size_t n, size_t size, 2670 gfp_t flags); 2671 void __percpu *bpf_map_alloc_percpu(const struct bpf_map *map, size_t size, 2672 size_t align, gfp_t flags); 2673 #else 2674 /* 2675 * These specialized allocators have to be macros for their allocations to be 2676 * accounted separately (to have separate alloc_tag). 2677 */ 2678 #define bpf_map_kmalloc_node(_map, _size, _flags, _node) \ 2679 kmalloc_node(_size, _flags, _node) 2680 #define bpf_map_kmalloc_nolock(_map, _size, _flags, _node) \ 2681 kmalloc_nolock(_size, _flags, _node) 2682 #define bpf_map_kzalloc(_map, _size, _flags) \ 2683 kzalloc(_size, _flags) 2684 #define bpf_map_kvcalloc(_map, _n, _size, _flags) \ 2685 kvcalloc(_n, _size, _flags) 2686 #define bpf_map_alloc_percpu(_map, _size, _align, _flags) \ 2687 __alloc_percpu_gfp(_size, _align, _flags) 2688 static inline void bpf_map_memcg_enter(const struct bpf_map *map, struct mem_cgroup **old_memcg, 2689 struct mem_cgroup **new_memcg) 2690 { 2691 *new_memcg = NULL; 2692 *old_memcg = NULL; 2693 } 2694 2695 static inline void bpf_map_memcg_exit(struct mem_cgroup *old_memcg, 2696 struct mem_cgroup *memcg) 2697 { 2698 } 2699 #endif 2700 2701 static inline int 2702 bpf_map_init_elem_count(struct bpf_map *map) 2703 { 2704 size_t size = sizeof(*map->elem_count), align = size; 2705 gfp_t flags = GFP_USER | __GFP_NOWARN; 2706 2707 map->elem_count = bpf_map_alloc_percpu(map, size, align, flags); 2708 if (!map->elem_count) 2709 return -ENOMEM; 2710 2711 return 0; 2712 } 2713 2714 static inline void 2715 bpf_map_free_elem_count(struct bpf_map *map) 2716 { 2717 free_percpu(map->elem_count); 2718 } 2719 2720 static inline void bpf_map_inc_elem_count(struct bpf_map *map) 2721 { 2722 this_cpu_inc(*map->elem_count); 2723 } 2724 2725 static inline void bpf_map_dec_elem_count(struct bpf_map *map) 2726 { 2727 this_cpu_dec(*map->elem_count); 2728 } 2729 2730 extern int sysctl_unprivileged_bpf_disabled; 2731 2732 bool bpf_token_capable(const struct bpf_token *token, int cap); 2733 2734 static inline bool bpf_allow_ptr_leaks(const struct bpf_token *token) 2735 { 2736 return bpf_token_capable(token, CAP_PERFMON); 2737 } 2738 2739 static inline bool bpf_allow_uninit_stack(const struct bpf_token *token) 2740 { 2741 return bpf_token_capable(token, CAP_PERFMON); 2742 } 2743 2744 static inline bool bpf_bypass_spec_v1(const struct bpf_token *token) 2745 { 2746 return bpf_jit_bypass_spec_v1() || 2747 cpu_mitigations_off() || 2748 bpf_token_capable(token, CAP_PERFMON); 2749 } 2750 2751 static inline bool bpf_bypass_spec_v4(const struct bpf_token *token) 2752 { 2753 return bpf_jit_bypass_spec_v4() || 2754 cpu_mitigations_off() || 2755 bpf_token_capable(token, CAP_PERFMON); 2756 } 2757 2758 int bpf_map_new_fd(struct bpf_map *map, int flags); 2759 int bpf_prog_new_fd(struct bpf_prog *prog); 2760 2761 void bpf_link_init(struct bpf_link *link, enum bpf_link_type type, 2762 const struct bpf_link_ops *ops, struct bpf_prog *prog, 2763 enum bpf_attach_type attach_type); 2764 void bpf_link_init_sleepable(struct bpf_link *link, enum bpf_link_type type, 2765 const struct bpf_link_ops *ops, struct bpf_prog *prog, 2766 enum bpf_attach_type attach_type, bool sleepable); 2767 int bpf_link_prime(struct bpf_link *link, struct bpf_link_primer *primer); 2768 int bpf_link_settle(struct bpf_link_primer *primer); 2769 void bpf_link_cleanup(struct bpf_link_primer *primer); 2770 void bpf_link_inc(struct bpf_link *link); 2771 struct bpf_link *bpf_link_inc_not_zero(struct bpf_link *link); 2772 void bpf_link_put(struct bpf_link *link); 2773 int bpf_link_new_fd(struct bpf_link *link); 2774 struct bpf_link *bpf_link_get_from_fd(u32 ufd); 2775 struct bpf_link *bpf_link_get_curr_or_next(u32 *id); 2776 2777 void bpf_token_inc(struct bpf_token *token); 2778 void bpf_token_put(struct bpf_token *token); 2779 int bpf_token_create(union bpf_attr *attr); 2780 struct bpf_token *bpf_token_get_from_fd(u32 ufd); 2781 int bpf_token_get_info_by_fd(struct bpf_token *token, 2782 const union bpf_attr *attr, 2783 union bpf_attr __user *uattr); 2784 2785 bool bpf_token_allow_cmd(const struct bpf_token *token, enum bpf_cmd cmd); 2786 bool bpf_token_allow_map_type(const struct bpf_token *token, enum bpf_map_type type); 2787 bool bpf_token_allow_prog_type(const struct bpf_token *token, 2788 enum bpf_prog_type prog_type, 2789 enum bpf_attach_type attach_type); 2790 2791 int bpf_obj_pin_user(u32 ufd, int path_fd, const char __user *pathname); 2792 int bpf_obj_get_user(int path_fd, const char __user *pathname, int flags); 2793 struct inode *bpf_get_inode(struct super_block *sb, const struct inode *dir, 2794 umode_t mode); 2795 2796 #define BPF_ITER_FUNC_PREFIX "bpf_iter_" 2797 #define DEFINE_BPF_ITER_FUNC(target, args...) \ 2798 extern int bpf_iter_ ## target(args); \ 2799 int __init bpf_iter_ ## target(args) { return 0; } 2800 2801 /* 2802 * The task type of iterators. 2803 * 2804 * For BPF task iterators, they can be parameterized with various 2805 * parameters to visit only some of tasks. 2806 * 2807 * BPF_TASK_ITER_ALL (default) 2808 * Iterate over resources of every task. 2809 * 2810 * BPF_TASK_ITER_TID 2811 * Iterate over resources of a task/tid. 2812 * 2813 * BPF_TASK_ITER_TGID 2814 * Iterate over resources of every task of a process / task group. 2815 */ 2816 enum bpf_iter_task_type { 2817 BPF_TASK_ITER_ALL = 0, 2818 BPF_TASK_ITER_TID, 2819 BPF_TASK_ITER_TGID, 2820 }; 2821 2822 struct bpf_iter_aux_info { 2823 /* for map_elem iter */ 2824 struct bpf_map *map; 2825 2826 /* for cgroup iter */ 2827 struct { 2828 struct cgroup *start; /* starting cgroup */ 2829 enum bpf_cgroup_iter_order order; 2830 } cgroup; 2831 struct { 2832 enum bpf_iter_task_type type; 2833 u32 pid; 2834 } task; 2835 }; 2836 2837 typedef int (*bpf_iter_attach_target_t)(struct bpf_prog *prog, 2838 union bpf_iter_link_info *linfo, 2839 struct bpf_iter_aux_info *aux); 2840 typedef void (*bpf_iter_detach_target_t)(struct bpf_iter_aux_info *aux); 2841 typedef void (*bpf_iter_show_fdinfo_t) (const struct bpf_iter_aux_info *aux, 2842 struct seq_file *seq); 2843 typedef int (*bpf_iter_fill_link_info_t)(const struct bpf_iter_aux_info *aux, 2844 struct bpf_link_info *info); 2845 typedef const struct bpf_func_proto * 2846 (*bpf_iter_get_func_proto_t)(enum bpf_func_id func_id, 2847 const struct bpf_prog *prog); 2848 2849 enum bpf_iter_feature { 2850 BPF_ITER_RESCHED = BIT(0), 2851 }; 2852 2853 #define BPF_ITER_CTX_ARG_MAX 2 2854 struct bpf_iter_reg { 2855 const char *target; 2856 bpf_iter_attach_target_t attach_target; 2857 bpf_iter_detach_target_t detach_target; 2858 bpf_iter_show_fdinfo_t show_fdinfo; 2859 bpf_iter_fill_link_info_t fill_link_info; 2860 bpf_iter_get_func_proto_t get_func_proto; 2861 u32 ctx_arg_info_size; 2862 u32 feature; 2863 struct bpf_ctx_arg_aux ctx_arg_info[BPF_ITER_CTX_ARG_MAX]; 2864 const struct bpf_iter_seq_info *seq_info; 2865 }; 2866 2867 struct bpf_iter_meta { 2868 __bpf_md_ptr(struct seq_file *, seq); 2869 u64 session_id; 2870 u64 seq_num; 2871 }; 2872 2873 struct bpf_iter__bpf_map_elem { 2874 __bpf_md_ptr(struct bpf_iter_meta *, meta); 2875 __bpf_md_ptr(struct bpf_map *, map); 2876 __bpf_md_ptr(void *, key); 2877 __bpf_md_ptr(void *, value); 2878 }; 2879 2880 int bpf_iter_reg_target(const struct bpf_iter_reg *reg_info); 2881 void bpf_iter_unreg_target(const struct bpf_iter_reg *reg_info); 2882 int bpf_iter_prog_supported(struct bpf_prog *prog); 2883 const struct bpf_func_proto * 2884 bpf_iter_get_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog); 2885 int bpf_iter_link_attach(const union bpf_attr *attr, bpfptr_t uattr, struct bpf_prog *prog); 2886 int bpf_iter_new_fd(struct bpf_link *link); 2887 bool bpf_link_is_iter(struct bpf_link *link); 2888 struct bpf_prog *bpf_iter_get_info(struct bpf_iter_meta *meta, bool in_stop); 2889 int bpf_iter_run_prog(struct bpf_prog *prog, void *ctx); 2890 void bpf_iter_map_show_fdinfo(const struct bpf_iter_aux_info *aux, 2891 struct seq_file *seq); 2892 int bpf_iter_map_fill_link_info(const struct bpf_iter_aux_info *aux, 2893 struct bpf_link_info *info); 2894 2895 int map_set_for_each_callback_args(struct bpf_verifier_env *env, 2896 struct bpf_func_state *caller, 2897 struct bpf_func_state *callee); 2898 2899 int bpf_percpu_hash_copy(struct bpf_map *map, void *key, void *value, u64 flags); 2900 int bpf_percpu_array_copy(struct bpf_map *map, void *key, void *value, u64 flags); 2901 int bpf_percpu_hash_update(struct bpf_map *map, void *key, void *value, 2902 u64 flags); 2903 int bpf_percpu_array_update(struct bpf_map *map, void *key, void *value, 2904 u64 flags); 2905 2906 int bpf_stackmap_extract(struct bpf_map *map, void *key, void *value, bool delete); 2907 2908 int bpf_fd_array_map_update_elem(struct bpf_map *map, struct file *map_file, 2909 void *key, void *value, u64 map_flags); 2910 int bpf_fd_array_map_lookup_elem(struct bpf_map *map, void *key, u32 *value); 2911 int bpf_fd_htab_map_update_elem(struct bpf_map *map, struct file *map_file, 2912 void *key, void *value, u64 map_flags); 2913 int bpf_fd_htab_map_lookup_elem(struct bpf_map *map, void *key, u32 *value); 2914 2915 int bpf_get_file_flag(int flags); 2916 int bpf_check_uarg_tail_zero(bpfptr_t uaddr, size_t expected_size, 2917 size_t actual_size); 2918 2919 /* verify correctness of eBPF program */ 2920 int bpf_check(struct bpf_prog **fp, union bpf_attr *attr, bpfptr_t uattr, u32 uattr_size); 2921 2922 #ifndef CONFIG_BPF_JIT_ALWAYS_ON 2923 int bpf_patch_call_args(struct bpf_insn *insn, u32 stack_depth); 2924 s32 bpf_call_args_imm(s16 idx); 2925 #else 2926 static inline s32 bpf_call_args_imm(s16 idx) 2927 { 2928 return 0; 2929 } 2930 #endif 2931 2932 struct btf *bpf_get_btf_vmlinux(void); 2933 2934 /* Map specifics */ 2935 struct xdp_frame; 2936 struct sk_buff; 2937 struct bpf_dtab_netdev; 2938 struct bpf_cpu_map_entry; 2939 2940 void __dev_flush(struct list_head *flush_list); 2941 int dev_xdp_enqueue(struct net_device *dev, struct xdp_frame *xdpf, 2942 struct net_device *dev_rx); 2943 int dev_map_enqueue(struct bpf_dtab_netdev *dst, struct xdp_frame *xdpf, 2944 struct net_device *dev_rx); 2945 int dev_map_enqueue_multi(struct xdp_frame *xdpf, struct net_device *dev_rx, 2946 struct bpf_map *map, bool exclude_ingress); 2947 int dev_map_generic_redirect(struct bpf_dtab_netdev *dst, struct sk_buff *skb, 2948 const struct bpf_prog *xdp_prog); 2949 int dev_map_redirect_multi(struct net_device *dev, struct sk_buff *skb, 2950 const struct bpf_prog *xdp_prog, 2951 struct bpf_map *map, bool exclude_ingress); 2952 2953 void __cpu_map_flush(struct list_head *flush_list); 2954 int cpu_map_enqueue(struct bpf_cpu_map_entry *rcpu, struct xdp_frame *xdpf, 2955 struct net_device *dev_rx); 2956 int cpu_map_generic_redirect(struct bpf_cpu_map_entry *rcpu, 2957 struct sk_buff *skb); 2958 2959 /* Return map's numa specified by userspace */ 2960 static inline int bpf_map_attr_numa_node(const union bpf_attr *attr) 2961 { 2962 return (attr->map_flags & BPF_F_NUMA_NODE) ? 2963 attr->numa_node : NUMA_NO_NODE; 2964 } 2965 2966 struct bpf_prog *bpf_prog_get_type_path(const char *name, enum bpf_prog_type type); 2967 int array_map_alloc_check(union bpf_attr *attr); 2968 2969 int bpf_prog_test_run_xdp(struct bpf_prog *prog, const union bpf_attr *kattr, 2970 union bpf_attr __user *uattr); 2971 int bpf_prog_test_run_skb(struct bpf_prog *prog, const union bpf_attr *kattr, 2972 union bpf_attr __user *uattr); 2973 int bpf_prog_test_run_tracing(struct bpf_prog *prog, 2974 const union bpf_attr *kattr, 2975 union bpf_attr __user *uattr); 2976 int bpf_prog_test_run_flow_dissector(struct bpf_prog *prog, 2977 const union bpf_attr *kattr, 2978 union bpf_attr __user *uattr); 2979 int bpf_prog_test_run_raw_tp(struct bpf_prog *prog, 2980 const union bpf_attr *kattr, 2981 union bpf_attr __user *uattr); 2982 int bpf_prog_test_run_sk_lookup(struct bpf_prog *prog, 2983 const union bpf_attr *kattr, 2984 union bpf_attr __user *uattr); 2985 int bpf_prog_test_run_nf(struct bpf_prog *prog, 2986 const union bpf_attr *kattr, 2987 union bpf_attr __user *uattr); 2988 bool btf_ctx_access(int off, int size, enum bpf_access_type type, 2989 const struct bpf_prog *prog, 2990 struct bpf_insn_access_aux *info); 2991 2992 static inline bool bpf_tracing_ctx_access(int off, int size, 2993 enum bpf_access_type type) 2994 { 2995 if (off < 0 || off >= sizeof(__u64) * MAX_BPF_FUNC_ARGS) 2996 return false; 2997 if (type != BPF_READ) 2998 return false; 2999 if (off % size != 0) 3000 return false; 3001 return true; 3002 } 3003 3004 static inline bool bpf_tracing_btf_ctx_access(int off, int size, 3005 enum bpf_access_type type, 3006 const struct bpf_prog *prog, 3007 struct bpf_insn_access_aux *info) 3008 { 3009 if (!bpf_tracing_ctx_access(off, size, type)) 3010 return false; 3011 return btf_ctx_access(off, size, type, prog, info); 3012 } 3013 3014 int btf_struct_access(struct bpf_verifier_log *log, 3015 const struct bpf_reg_state *reg, 3016 int off, int size, enum bpf_access_type atype, 3017 u32 *next_btf_id, enum bpf_type_flag *flag, const char **field_name); 3018 bool btf_struct_ids_match(struct bpf_verifier_log *log, 3019 const struct btf *btf, u32 id, int off, 3020 const struct btf *need_btf, u32 need_type_id, 3021 bool strict); 3022 3023 int btf_distill_func_proto(struct bpf_verifier_log *log, 3024 struct btf *btf, 3025 const struct btf_type *func_proto, 3026 const char *func_name, 3027 struct btf_func_model *m); 3028 3029 struct bpf_reg_state; 3030 int btf_prepare_func_args(struct bpf_verifier_env *env, int subprog); 3031 int btf_check_type_match(struct bpf_verifier_log *log, const struct bpf_prog *prog, 3032 struct btf *btf, const struct btf_type *t); 3033 const char *btf_find_decl_tag_value(const struct btf *btf, const struct btf_type *pt, 3034 int comp_idx, const char *tag_key); 3035 int btf_find_next_decl_tag(const struct btf *btf, const struct btf_type *pt, 3036 int comp_idx, const char *tag_key, int last_id); 3037 3038 struct bpf_prog *bpf_prog_by_id(u32 id); 3039 struct bpf_link *bpf_link_by_id(u32 id); 3040 3041 const struct bpf_func_proto *bpf_base_func_proto(enum bpf_func_id func_id, 3042 const struct bpf_prog *prog); 3043 void bpf_task_storage_free(struct task_struct *task); 3044 void bpf_cgrp_storage_free(struct cgroup *cgroup); 3045 bool bpf_prog_has_kfunc_call(const struct bpf_prog *prog); 3046 const struct btf_func_model * 3047 bpf_jit_find_kfunc_model(const struct bpf_prog *prog, 3048 const struct bpf_insn *insn); 3049 int bpf_get_kfunc_addr(const struct bpf_prog *prog, u32 func_id, 3050 u16 btf_fd_idx, u8 **func_addr); 3051 3052 struct bpf_core_ctx { 3053 struct bpf_verifier_log *log; 3054 const struct btf *btf; 3055 }; 3056 3057 bool btf_nested_type_is_trusted(struct bpf_verifier_log *log, 3058 const struct bpf_reg_state *reg, 3059 const char *field_name, u32 btf_id, const char *suffix); 3060 3061 bool btf_type_ids_nocast_alias(struct bpf_verifier_log *log, 3062 const struct btf *reg_btf, u32 reg_id, 3063 const struct btf *arg_btf, u32 arg_id); 3064 3065 int bpf_core_apply(struct bpf_core_ctx *ctx, const struct bpf_core_relo *relo, 3066 int relo_idx, void *insn); 3067 3068 static inline bool unprivileged_ebpf_enabled(void) 3069 { 3070 return !sysctl_unprivileged_bpf_disabled; 3071 } 3072 3073 /* Not all bpf prog type has the bpf_ctx. 3074 * For the bpf prog type that has initialized the bpf_ctx, 3075 * this function can be used to decide if a kernel function 3076 * is called by a bpf program. 3077 */ 3078 static inline bool has_current_bpf_ctx(void) 3079 { 3080 return !!current->bpf_ctx; 3081 } 3082 3083 void notrace bpf_prog_inc_misses_counter(struct bpf_prog *prog); 3084 3085 void bpf_dynptr_init(struct bpf_dynptr_kern *ptr, void *data, 3086 enum bpf_dynptr_type type, u32 offset, u32 size); 3087 void bpf_dynptr_set_null(struct bpf_dynptr_kern *ptr); 3088 void bpf_dynptr_set_rdonly(struct bpf_dynptr_kern *ptr); 3089 void bpf_prog_report_arena_violation(bool write, unsigned long addr, unsigned long fault_ip); 3090 3091 #else /* !CONFIG_BPF_SYSCALL */ 3092 static inline struct bpf_prog *bpf_prog_get(u32 ufd) 3093 { 3094 return ERR_PTR(-EOPNOTSUPP); 3095 } 3096 3097 static inline struct bpf_prog *bpf_prog_get_type_dev(u32 ufd, 3098 enum bpf_prog_type type, 3099 bool attach_drv) 3100 { 3101 return ERR_PTR(-EOPNOTSUPP); 3102 } 3103 3104 static inline void bpf_prog_add(struct bpf_prog *prog, int i) 3105 { 3106 } 3107 3108 static inline void bpf_prog_sub(struct bpf_prog *prog, int i) 3109 { 3110 } 3111 3112 static inline void bpf_prog_put(struct bpf_prog *prog) 3113 { 3114 } 3115 3116 static inline void bpf_prog_inc(struct bpf_prog *prog) 3117 { 3118 } 3119 3120 static inline struct bpf_prog *__must_check 3121 bpf_prog_inc_not_zero(struct bpf_prog *prog) 3122 { 3123 return ERR_PTR(-EOPNOTSUPP); 3124 } 3125 3126 static inline void bpf_link_init(struct bpf_link *link, enum bpf_link_type type, 3127 const struct bpf_link_ops *ops, 3128 struct bpf_prog *prog, enum bpf_attach_type attach_type) 3129 { 3130 } 3131 3132 static inline void bpf_link_init_sleepable(struct bpf_link *link, enum bpf_link_type type, 3133 const struct bpf_link_ops *ops, struct bpf_prog *prog, 3134 enum bpf_attach_type attach_type, bool sleepable) 3135 { 3136 } 3137 3138 static inline int bpf_link_prime(struct bpf_link *link, 3139 struct bpf_link_primer *primer) 3140 { 3141 return -EOPNOTSUPP; 3142 } 3143 3144 static inline int bpf_link_settle(struct bpf_link_primer *primer) 3145 { 3146 return -EOPNOTSUPP; 3147 } 3148 3149 static inline void bpf_link_cleanup(struct bpf_link_primer *primer) 3150 { 3151 } 3152 3153 static inline void bpf_link_inc(struct bpf_link *link) 3154 { 3155 } 3156 3157 static inline struct bpf_link *bpf_link_inc_not_zero(struct bpf_link *link) 3158 { 3159 return NULL; 3160 } 3161 3162 static inline void bpf_link_put(struct bpf_link *link) 3163 { 3164 } 3165 3166 static inline int bpf_obj_get_user(const char __user *pathname, int flags) 3167 { 3168 return -EOPNOTSUPP; 3169 } 3170 3171 static inline bool bpf_token_capable(const struct bpf_token *token, int cap) 3172 { 3173 return capable(cap) || (cap != CAP_SYS_ADMIN && capable(CAP_SYS_ADMIN)); 3174 } 3175 3176 static inline void bpf_token_inc(struct bpf_token *token) 3177 { 3178 } 3179 3180 static inline void bpf_token_put(struct bpf_token *token) 3181 { 3182 } 3183 3184 static inline struct bpf_token *bpf_token_get_from_fd(u32 ufd) 3185 { 3186 return ERR_PTR(-EOPNOTSUPP); 3187 } 3188 3189 static inline int bpf_token_get_info_by_fd(struct bpf_token *token, 3190 const union bpf_attr *attr, 3191 union bpf_attr __user *uattr) 3192 { 3193 return -EOPNOTSUPP; 3194 } 3195 3196 static inline void __dev_flush(struct list_head *flush_list) 3197 { 3198 } 3199 3200 struct xdp_frame; 3201 struct bpf_dtab_netdev; 3202 struct bpf_cpu_map_entry; 3203 3204 static inline 3205 int dev_xdp_enqueue(struct net_device *dev, struct xdp_frame *xdpf, 3206 struct net_device *dev_rx) 3207 { 3208 return 0; 3209 } 3210 3211 static inline 3212 int dev_map_enqueue(struct bpf_dtab_netdev *dst, struct xdp_frame *xdpf, 3213 struct net_device *dev_rx) 3214 { 3215 return 0; 3216 } 3217 3218 static inline 3219 int dev_map_enqueue_multi(struct xdp_frame *xdpf, struct net_device *dev_rx, 3220 struct bpf_map *map, bool exclude_ingress) 3221 { 3222 return 0; 3223 } 3224 3225 struct sk_buff; 3226 3227 static inline int dev_map_generic_redirect(struct bpf_dtab_netdev *dst, 3228 struct sk_buff *skb, 3229 const struct bpf_prog *xdp_prog) 3230 { 3231 return 0; 3232 } 3233 3234 static inline 3235 int dev_map_redirect_multi(struct net_device *dev, struct sk_buff *skb, 3236 const struct bpf_prog *xdp_prog, 3237 struct bpf_map *map, bool exclude_ingress) 3238 { 3239 return 0; 3240 } 3241 3242 static inline void __cpu_map_flush(struct list_head *flush_list) 3243 { 3244 } 3245 3246 static inline int cpu_map_enqueue(struct bpf_cpu_map_entry *rcpu, 3247 struct xdp_frame *xdpf, 3248 struct net_device *dev_rx) 3249 { 3250 return 0; 3251 } 3252 3253 static inline int cpu_map_generic_redirect(struct bpf_cpu_map_entry *rcpu, 3254 struct sk_buff *skb) 3255 { 3256 return -EOPNOTSUPP; 3257 } 3258 3259 static inline struct bpf_prog *bpf_prog_get_type_path(const char *name, 3260 enum bpf_prog_type type) 3261 { 3262 return ERR_PTR(-EOPNOTSUPP); 3263 } 3264 3265 static inline int bpf_prog_test_run_xdp(struct bpf_prog *prog, 3266 const union bpf_attr *kattr, 3267 union bpf_attr __user *uattr) 3268 { 3269 return -ENOTSUPP; 3270 } 3271 3272 static inline int bpf_prog_test_run_skb(struct bpf_prog *prog, 3273 const union bpf_attr *kattr, 3274 union bpf_attr __user *uattr) 3275 { 3276 return -ENOTSUPP; 3277 } 3278 3279 static inline int bpf_prog_test_run_tracing(struct bpf_prog *prog, 3280 const union bpf_attr *kattr, 3281 union bpf_attr __user *uattr) 3282 { 3283 return -ENOTSUPP; 3284 } 3285 3286 static inline int bpf_prog_test_run_flow_dissector(struct bpf_prog *prog, 3287 const union bpf_attr *kattr, 3288 union bpf_attr __user *uattr) 3289 { 3290 return -ENOTSUPP; 3291 } 3292 3293 static inline int bpf_prog_test_run_sk_lookup(struct bpf_prog *prog, 3294 const union bpf_attr *kattr, 3295 union bpf_attr __user *uattr) 3296 { 3297 return -ENOTSUPP; 3298 } 3299 3300 static inline void bpf_map_put(struct bpf_map *map) 3301 { 3302 } 3303 3304 static inline struct bpf_prog *bpf_prog_by_id(u32 id) 3305 { 3306 return ERR_PTR(-ENOTSUPP); 3307 } 3308 3309 static inline int btf_struct_access(struct bpf_verifier_log *log, 3310 const struct bpf_reg_state *reg, 3311 int off, int size, enum bpf_access_type atype, 3312 u32 *next_btf_id, enum bpf_type_flag *flag, 3313 const char **field_name) 3314 { 3315 return -EACCES; 3316 } 3317 3318 static inline const struct bpf_func_proto * 3319 bpf_base_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog) 3320 { 3321 return NULL; 3322 } 3323 3324 static inline void bpf_task_storage_free(struct task_struct *task) 3325 { 3326 } 3327 3328 static inline bool bpf_prog_has_kfunc_call(const struct bpf_prog *prog) 3329 { 3330 return false; 3331 } 3332 3333 static inline const struct btf_func_model * 3334 bpf_jit_find_kfunc_model(const struct bpf_prog *prog, 3335 const struct bpf_insn *insn) 3336 { 3337 return NULL; 3338 } 3339 3340 static inline int 3341 bpf_get_kfunc_addr(const struct bpf_prog *prog, u32 func_id, 3342 u16 btf_fd_idx, u8 **func_addr) 3343 { 3344 return -ENOTSUPP; 3345 } 3346 3347 static inline bool unprivileged_ebpf_enabled(void) 3348 { 3349 return false; 3350 } 3351 3352 static inline bool has_current_bpf_ctx(void) 3353 { 3354 return false; 3355 } 3356 3357 static inline void bpf_prog_inc_misses_counter(struct bpf_prog *prog) 3358 { 3359 } 3360 3361 static inline void bpf_cgrp_storage_free(struct cgroup *cgroup) 3362 { 3363 } 3364 3365 static inline void bpf_dynptr_init(struct bpf_dynptr_kern *ptr, void *data, 3366 enum bpf_dynptr_type type, u32 offset, u32 size) 3367 { 3368 } 3369 3370 static inline void bpf_dynptr_set_null(struct bpf_dynptr_kern *ptr) 3371 { 3372 } 3373 3374 static inline void bpf_dynptr_set_rdonly(struct bpf_dynptr_kern *ptr) 3375 { 3376 } 3377 3378 static inline void bpf_prog_report_arena_violation(bool write, unsigned long addr, 3379 unsigned long fault_ip) 3380 { 3381 } 3382 #endif /* CONFIG_BPF_SYSCALL */ 3383 3384 static inline bool bpf_net_capable(void) 3385 { 3386 return capable(CAP_NET_ADMIN) || capable(CAP_SYS_ADMIN); 3387 } 3388 3389 static __always_inline int 3390 bpf_probe_read_kernel_common(void *dst, u32 size, const void *unsafe_ptr) 3391 { 3392 int ret = -EFAULT; 3393 3394 if (IS_ENABLED(CONFIG_BPF_EVENTS)) 3395 ret = copy_from_kernel_nofault(dst, unsafe_ptr, size); 3396 if (unlikely(ret < 0)) 3397 memset(dst, 0, size); 3398 return ret; 3399 } 3400 3401 void __bpf_free_used_btfs(struct btf_mod_pair *used_btfs, u32 len); 3402 3403 static inline struct bpf_prog *bpf_prog_get_type(u32 ufd, 3404 enum bpf_prog_type type) 3405 { 3406 return bpf_prog_get_type_dev(ufd, type, false); 3407 } 3408 3409 void __bpf_free_used_maps(struct bpf_prog_aux *aux, 3410 struct bpf_map **used_maps, u32 len); 3411 3412 bool bpf_prog_get_ok(struct bpf_prog *, enum bpf_prog_type *, bool); 3413 3414 int bpf_prog_offload_compile(struct bpf_prog *prog); 3415 void bpf_prog_dev_bound_destroy(struct bpf_prog *prog); 3416 int bpf_prog_offload_info_fill(struct bpf_prog_info *info, 3417 struct bpf_prog *prog); 3418 3419 int bpf_map_offload_info_fill(struct bpf_map_info *info, struct bpf_map *map); 3420 3421 int bpf_map_offload_lookup_elem(struct bpf_map *map, void *key, void *value); 3422 int bpf_map_offload_update_elem(struct bpf_map *map, 3423 void *key, void *value, u64 flags); 3424 int bpf_map_offload_delete_elem(struct bpf_map *map, void *key); 3425 int bpf_map_offload_get_next_key(struct bpf_map *map, 3426 void *key, void *next_key); 3427 3428 bool bpf_offload_prog_map_match(struct bpf_prog *prog, struct bpf_map *map); 3429 3430 struct bpf_offload_dev * 3431 bpf_offload_dev_create(const struct bpf_prog_offload_ops *ops, void *priv); 3432 void bpf_offload_dev_destroy(struct bpf_offload_dev *offdev); 3433 void *bpf_offload_dev_priv(struct bpf_offload_dev *offdev); 3434 int bpf_offload_dev_netdev_register(struct bpf_offload_dev *offdev, 3435 struct net_device *netdev); 3436 void bpf_offload_dev_netdev_unregister(struct bpf_offload_dev *offdev, 3437 struct net_device *netdev); 3438 bool bpf_offload_dev_match(struct bpf_prog *prog, struct net_device *netdev); 3439 3440 void unpriv_ebpf_notify(int new_state); 3441 3442 #if defined(CONFIG_NET) && defined(CONFIG_BPF_SYSCALL) 3443 int bpf_dev_bound_kfunc_check(struct bpf_verifier_log *log, 3444 struct bpf_prog_aux *prog_aux); 3445 void *bpf_dev_bound_resolve_kfunc(struct bpf_prog *prog, u32 func_id); 3446 int bpf_prog_dev_bound_init(struct bpf_prog *prog, union bpf_attr *attr); 3447 int bpf_prog_dev_bound_inherit(struct bpf_prog *new_prog, struct bpf_prog *old_prog); 3448 void bpf_dev_bound_netdev_unregister(struct net_device *dev); 3449 3450 static inline bool bpf_prog_is_dev_bound(const struct bpf_prog_aux *aux) 3451 { 3452 return aux->dev_bound; 3453 } 3454 3455 static inline bool bpf_prog_is_offloaded(const struct bpf_prog_aux *aux) 3456 { 3457 return aux->offload_requested; 3458 } 3459 3460 bool bpf_prog_dev_bound_match(const struct bpf_prog *lhs, const struct bpf_prog *rhs); 3461 3462 static inline bool bpf_map_is_offloaded(struct bpf_map *map) 3463 { 3464 return unlikely(map->ops == &bpf_map_offload_ops); 3465 } 3466 3467 struct bpf_map *bpf_map_offload_map_alloc(union bpf_attr *attr); 3468 void bpf_map_offload_map_free(struct bpf_map *map); 3469 u64 bpf_map_offload_map_mem_usage(const struct bpf_map *map); 3470 int bpf_prog_test_run_syscall(struct bpf_prog *prog, 3471 const union bpf_attr *kattr, 3472 union bpf_attr __user *uattr); 3473 3474 int sock_map_get_from_fd(const union bpf_attr *attr, struct bpf_prog *prog); 3475 int sock_map_prog_detach(const union bpf_attr *attr, enum bpf_prog_type ptype); 3476 int sock_map_update_elem_sys(struct bpf_map *map, void *key, void *value, u64 flags); 3477 int sock_map_bpf_prog_query(const union bpf_attr *attr, 3478 union bpf_attr __user *uattr); 3479 int sock_map_link_create(const union bpf_attr *attr, struct bpf_prog *prog); 3480 3481 void sock_map_unhash(struct sock *sk); 3482 void sock_map_destroy(struct sock *sk); 3483 void sock_map_close(struct sock *sk, long timeout); 3484 #else 3485 static inline int bpf_dev_bound_kfunc_check(struct bpf_verifier_log *log, 3486 struct bpf_prog_aux *prog_aux) 3487 { 3488 return -EOPNOTSUPP; 3489 } 3490 3491 static inline void *bpf_dev_bound_resolve_kfunc(struct bpf_prog *prog, 3492 u32 func_id) 3493 { 3494 return NULL; 3495 } 3496 3497 static inline int bpf_prog_dev_bound_init(struct bpf_prog *prog, 3498 union bpf_attr *attr) 3499 { 3500 return -EOPNOTSUPP; 3501 } 3502 3503 static inline int bpf_prog_dev_bound_inherit(struct bpf_prog *new_prog, 3504 struct bpf_prog *old_prog) 3505 { 3506 return -EOPNOTSUPP; 3507 } 3508 3509 static inline void bpf_dev_bound_netdev_unregister(struct net_device *dev) 3510 { 3511 } 3512 3513 static inline bool bpf_prog_is_dev_bound(const struct bpf_prog_aux *aux) 3514 { 3515 return false; 3516 } 3517 3518 static inline bool bpf_prog_is_offloaded(struct bpf_prog_aux *aux) 3519 { 3520 return false; 3521 } 3522 3523 static inline bool bpf_prog_dev_bound_match(const struct bpf_prog *lhs, const struct bpf_prog *rhs) 3524 { 3525 return false; 3526 } 3527 3528 static inline bool bpf_map_is_offloaded(struct bpf_map *map) 3529 { 3530 return false; 3531 } 3532 3533 static inline struct bpf_map *bpf_map_offload_map_alloc(union bpf_attr *attr) 3534 { 3535 return ERR_PTR(-EOPNOTSUPP); 3536 } 3537 3538 static inline void bpf_map_offload_map_free(struct bpf_map *map) 3539 { 3540 } 3541 3542 static inline u64 bpf_map_offload_map_mem_usage(const struct bpf_map *map) 3543 { 3544 return 0; 3545 } 3546 3547 static inline int bpf_prog_test_run_syscall(struct bpf_prog *prog, 3548 const union bpf_attr *kattr, 3549 union bpf_attr __user *uattr) 3550 { 3551 return -ENOTSUPP; 3552 } 3553 3554 #ifdef CONFIG_BPF_SYSCALL 3555 static inline int sock_map_get_from_fd(const union bpf_attr *attr, 3556 struct bpf_prog *prog) 3557 { 3558 return -EINVAL; 3559 } 3560 3561 static inline int sock_map_prog_detach(const union bpf_attr *attr, 3562 enum bpf_prog_type ptype) 3563 { 3564 return -EOPNOTSUPP; 3565 } 3566 3567 static inline int sock_map_update_elem_sys(struct bpf_map *map, void *key, void *value, 3568 u64 flags) 3569 { 3570 return -EOPNOTSUPP; 3571 } 3572 3573 static inline int sock_map_bpf_prog_query(const union bpf_attr *attr, 3574 union bpf_attr __user *uattr) 3575 { 3576 return -EINVAL; 3577 } 3578 3579 static inline int sock_map_link_create(const union bpf_attr *attr, struct bpf_prog *prog) 3580 { 3581 return -EOPNOTSUPP; 3582 } 3583 #endif /* CONFIG_BPF_SYSCALL */ 3584 #endif /* CONFIG_NET && CONFIG_BPF_SYSCALL */ 3585 3586 static __always_inline void 3587 bpf_prog_inc_misses_counters(const struct bpf_prog_array *array) 3588 { 3589 const struct bpf_prog_array_item *item; 3590 struct bpf_prog *prog; 3591 3592 if (unlikely(!array)) 3593 return; 3594 3595 item = &array->items[0]; 3596 while ((prog = READ_ONCE(item->prog))) { 3597 bpf_prog_inc_misses_counter(prog); 3598 item++; 3599 } 3600 } 3601 3602 #if defined(CONFIG_INET) && defined(CONFIG_BPF_SYSCALL) 3603 void bpf_sk_reuseport_detach(struct sock *sk); 3604 int bpf_fd_reuseport_array_lookup_elem(struct bpf_map *map, void *key, 3605 void *value); 3606 int bpf_fd_reuseport_array_update_elem(struct bpf_map *map, void *key, 3607 void *value, u64 map_flags); 3608 #else 3609 static inline void bpf_sk_reuseport_detach(struct sock *sk) 3610 { 3611 } 3612 3613 #ifdef CONFIG_BPF_SYSCALL 3614 static inline int bpf_fd_reuseport_array_lookup_elem(struct bpf_map *map, 3615 void *key, void *value) 3616 { 3617 return -EOPNOTSUPP; 3618 } 3619 3620 static inline int bpf_fd_reuseport_array_update_elem(struct bpf_map *map, 3621 void *key, void *value, 3622 u64 map_flags) 3623 { 3624 return -EOPNOTSUPP; 3625 } 3626 #endif /* CONFIG_BPF_SYSCALL */ 3627 #endif /* defined(CONFIG_INET) && defined(CONFIG_BPF_SYSCALL) */ 3628 3629 #if defined(CONFIG_KEYS) && defined(CONFIG_BPF_SYSCALL) 3630 3631 struct bpf_key *bpf_lookup_user_key(s32 serial, u64 flags); 3632 struct bpf_key *bpf_lookup_system_key(u64 id); 3633 void bpf_key_put(struct bpf_key *bkey); 3634 int bpf_verify_pkcs7_signature(struct bpf_dynptr *data_p, 3635 struct bpf_dynptr *sig_p, 3636 struct bpf_key *trusted_keyring); 3637 3638 #else 3639 static inline struct bpf_key *bpf_lookup_user_key(u32 serial, u64 flags) 3640 { 3641 return NULL; 3642 } 3643 3644 static inline struct bpf_key *bpf_lookup_system_key(u64 id) 3645 { 3646 return NULL; 3647 } 3648 3649 static inline void bpf_key_put(struct bpf_key *bkey) 3650 { 3651 } 3652 3653 static inline int bpf_verify_pkcs7_signature(struct bpf_dynptr *data_p, 3654 struct bpf_dynptr *sig_p, 3655 struct bpf_key *trusted_keyring) 3656 { 3657 return -EOPNOTSUPP; 3658 } 3659 #endif /* defined(CONFIG_KEYS) && defined(CONFIG_BPF_SYSCALL) */ 3660 3661 /* verifier prototypes for helper functions called from eBPF programs */ 3662 extern const struct bpf_func_proto bpf_map_lookup_elem_proto; 3663 extern const struct bpf_func_proto bpf_map_update_elem_proto; 3664 extern const struct bpf_func_proto bpf_map_delete_elem_proto; 3665 extern const struct bpf_func_proto bpf_map_push_elem_proto; 3666 extern const struct bpf_func_proto bpf_map_pop_elem_proto; 3667 extern const struct bpf_func_proto bpf_map_peek_elem_proto; 3668 extern const struct bpf_func_proto bpf_map_lookup_percpu_elem_proto; 3669 3670 extern const struct bpf_func_proto bpf_get_prandom_u32_proto; 3671 extern const struct bpf_func_proto bpf_get_smp_processor_id_proto; 3672 extern const struct bpf_func_proto bpf_get_numa_node_id_proto; 3673 extern const struct bpf_func_proto bpf_tail_call_proto; 3674 extern const struct bpf_func_proto bpf_ktime_get_ns_proto; 3675 extern const struct bpf_func_proto bpf_ktime_get_boot_ns_proto; 3676 extern const struct bpf_func_proto bpf_ktime_get_tai_ns_proto; 3677 extern const struct bpf_func_proto bpf_get_current_pid_tgid_proto; 3678 extern const struct bpf_func_proto bpf_get_current_uid_gid_proto; 3679 extern const struct bpf_func_proto bpf_get_current_comm_proto; 3680 extern const struct bpf_func_proto bpf_get_stackid_proto; 3681 extern const struct bpf_func_proto bpf_get_stack_proto; 3682 extern const struct bpf_func_proto bpf_get_stack_sleepable_proto; 3683 extern const struct bpf_func_proto bpf_get_task_stack_proto; 3684 extern const struct bpf_func_proto bpf_get_task_stack_sleepable_proto; 3685 extern const struct bpf_func_proto bpf_get_stackid_proto_pe; 3686 extern const struct bpf_func_proto bpf_get_stack_proto_pe; 3687 extern const struct bpf_func_proto bpf_sock_map_update_proto; 3688 extern const struct bpf_func_proto bpf_sock_hash_update_proto; 3689 extern const struct bpf_func_proto bpf_get_current_cgroup_id_proto; 3690 extern const struct bpf_func_proto bpf_get_current_ancestor_cgroup_id_proto; 3691 extern const struct bpf_func_proto bpf_get_cgroup_classid_curr_proto; 3692 extern const struct bpf_func_proto bpf_current_task_under_cgroup_proto; 3693 extern const struct bpf_func_proto bpf_msg_redirect_hash_proto; 3694 extern const struct bpf_func_proto bpf_msg_redirect_map_proto; 3695 extern const struct bpf_func_proto bpf_sk_redirect_hash_proto; 3696 extern const struct bpf_func_proto bpf_sk_redirect_map_proto; 3697 extern const struct bpf_func_proto bpf_spin_lock_proto; 3698 extern const struct bpf_func_proto bpf_spin_unlock_proto; 3699 extern const struct bpf_func_proto bpf_get_local_storage_proto; 3700 extern const struct bpf_func_proto bpf_strtol_proto; 3701 extern const struct bpf_func_proto bpf_strtoul_proto; 3702 extern const struct bpf_func_proto bpf_tcp_sock_proto; 3703 extern const struct bpf_func_proto bpf_jiffies64_proto; 3704 extern const struct bpf_func_proto bpf_get_ns_current_pid_tgid_proto; 3705 extern const struct bpf_func_proto bpf_event_output_data_proto; 3706 extern const struct bpf_func_proto bpf_ringbuf_output_proto; 3707 extern const struct bpf_func_proto bpf_ringbuf_reserve_proto; 3708 extern const struct bpf_func_proto bpf_ringbuf_submit_proto; 3709 extern const struct bpf_func_proto bpf_ringbuf_discard_proto; 3710 extern const struct bpf_func_proto bpf_ringbuf_query_proto; 3711 extern const struct bpf_func_proto bpf_ringbuf_reserve_dynptr_proto; 3712 extern const struct bpf_func_proto bpf_ringbuf_submit_dynptr_proto; 3713 extern const struct bpf_func_proto bpf_ringbuf_discard_dynptr_proto; 3714 extern const struct bpf_func_proto bpf_skc_to_tcp6_sock_proto; 3715 extern const struct bpf_func_proto bpf_skc_to_tcp_sock_proto; 3716 extern const struct bpf_func_proto bpf_skc_to_tcp_timewait_sock_proto; 3717 extern const struct bpf_func_proto bpf_skc_to_tcp_request_sock_proto; 3718 extern const struct bpf_func_proto bpf_skc_to_udp6_sock_proto; 3719 extern const struct bpf_func_proto bpf_skc_to_unix_sock_proto; 3720 extern const struct bpf_func_proto bpf_skc_to_mptcp_sock_proto; 3721 extern const struct bpf_func_proto bpf_copy_from_user_proto; 3722 extern const struct bpf_func_proto bpf_snprintf_btf_proto; 3723 extern const struct bpf_func_proto bpf_snprintf_proto; 3724 extern const struct bpf_func_proto bpf_per_cpu_ptr_proto; 3725 extern const struct bpf_func_proto bpf_this_cpu_ptr_proto; 3726 extern const struct bpf_func_proto bpf_ktime_get_coarse_ns_proto; 3727 extern const struct bpf_func_proto bpf_sock_from_file_proto; 3728 extern const struct bpf_func_proto bpf_get_socket_ptr_cookie_proto; 3729 extern const struct bpf_func_proto bpf_task_storage_get_recur_proto; 3730 extern const struct bpf_func_proto bpf_task_storage_get_proto; 3731 extern const struct bpf_func_proto bpf_task_storage_delete_recur_proto; 3732 extern const struct bpf_func_proto bpf_task_storage_delete_proto; 3733 extern const struct bpf_func_proto bpf_for_each_map_elem_proto; 3734 extern const struct bpf_func_proto bpf_btf_find_by_name_kind_proto; 3735 extern const struct bpf_func_proto bpf_sk_setsockopt_proto; 3736 extern const struct bpf_func_proto bpf_sk_getsockopt_proto; 3737 extern const struct bpf_func_proto bpf_sk_setsockopt_nodelay_proto; 3738 extern const struct bpf_func_proto bpf_unlocked_sk_setsockopt_proto; 3739 extern const struct bpf_func_proto bpf_unlocked_sk_getsockopt_proto; 3740 extern const struct bpf_func_proto bpf_find_vma_proto; 3741 extern const struct bpf_func_proto bpf_loop_proto; 3742 extern const struct bpf_func_proto bpf_copy_from_user_task_proto; 3743 extern const struct bpf_func_proto bpf_set_retval_proto; 3744 extern const struct bpf_func_proto bpf_get_retval_proto; 3745 extern const struct bpf_func_proto bpf_user_ringbuf_drain_proto; 3746 extern const struct bpf_func_proto bpf_cgrp_storage_get_proto; 3747 extern const struct bpf_func_proto bpf_cgrp_storage_delete_proto; 3748 3749 const struct bpf_func_proto *tracing_prog_func_proto( 3750 enum bpf_func_id func_id, const struct bpf_prog *prog); 3751 3752 /* Shared helpers among cBPF and eBPF. */ 3753 void bpf_user_rnd_init_once(void); 3754 u64 bpf_user_rnd_u32(u64 r1, u64 r2, u64 r3, u64 r4, u64 r5); 3755 u64 bpf_get_raw_cpu_id(u64 r1, u64 r2, u64 r3, u64 r4, u64 r5); 3756 3757 #if defined(CONFIG_NET) 3758 bool bpf_sock_common_is_valid_access(int off, int size, 3759 enum bpf_access_type type, 3760 struct bpf_insn_access_aux *info); 3761 bool bpf_sock_is_valid_access(int off, int size, enum bpf_access_type type, 3762 struct bpf_insn_access_aux *info); 3763 u32 bpf_sock_convert_ctx_access(enum bpf_access_type type, 3764 const struct bpf_insn *si, 3765 struct bpf_insn *insn_buf, 3766 struct bpf_prog *prog, 3767 u32 *target_size); 3768 int bpf_dynptr_from_skb_rdonly(struct __sk_buff *skb, u64 flags, 3769 struct bpf_dynptr *ptr); 3770 #else 3771 static inline bool bpf_sock_common_is_valid_access(int off, int size, 3772 enum bpf_access_type type, 3773 struct bpf_insn_access_aux *info) 3774 { 3775 return false; 3776 } 3777 static inline bool bpf_sock_is_valid_access(int off, int size, 3778 enum bpf_access_type type, 3779 struct bpf_insn_access_aux *info) 3780 { 3781 return false; 3782 } 3783 static inline u32 bpf_sock_convert_ctx_access(enum bpf_access_type type, 3784 const struct bpf_insn *si, 3785 struct bpf_insn *insn_buf, 3786 struct bpf_prog *prog, 3787 u32 *target_size) 3788 { 3789 return 0; 3790 } 3791 static inline int bpf_dynptr_from_skb_rdonly(struct __sk_buff *skb, u64 flags, 3792 struct bpf_dynptr *ptr) 3793 { 3794 return -EOPNOTSUPP; 3795 } 3796 #endif 3797 3798 #ifdef CONFIG_INET 3799 struct sk_reuseport_kern { 3800 struct sk_buff *skb; 3801 struct sock *sk; 3802 struct sock *selected_sk; 3803 struct sock *migrating_sk; 3804 void *data_end; 3805 u32 hash; 3806 u32 reuseport_id; 3807 bool bind_inany; 3808 }; 3809 bool bpf_tcp_sock_is_valid_access(int off, int size, enum bpf_access_type type, 3810 struct bpf_insn_access_aux *info); 3811 3812 u32 bpf_tcp_sock_convert_ctx_access(enum bpf_access_type type, 3813 const struct bpf_insn *si, 3814 struct bpf_insn *insn_buf, 3815 struct bpf_prog *prog, 3816 u32 *target_size); 3817 3818 bool bpf_xdp_sock_is_valid_access(int off, int size, enum bpf_access_type type, 3819 struct bpf_insn_access_aux *info); 3820 3821 u32 bpf_xdp_sock_convert_ctx_access(enum bpf_access_type type, 3822 const struct bpf_insn *si, 3823 struct bpf_insn *insn_buf, 3824 struct bpf_prog *prog, 3825 u32 *target_size); 3826 #else 3827 static inline bool bpf_tcp_sock_is_valid_access(int off, int size, 3828 enum bpf_access_type type, 3829 struct bpf_insn_access_aux *info) 3830 { 3831 return false; 3832 } 3833 3834 static inline u32 bpf_tcp_sock_convert_ctx_access(enum bpf_access_type type, 3835 const struct bpf_insn *si, 3836 struct bpf_insn *insn_buf, 3837 struct bpf_prog *prog, 3838 u32 *target_size) 3839 { 3840 return 0; 3841 } 3842 static inline bool bpf_xdp_sock_is_valid_access(int off, int size, 3843 enum bpf_access_type type, 3844 struct bpf_insn_access_aux *info) 3845 { 3846 return false; 3847 } 3848 3849 static inline u32 bpf_xdp_sock_convert_ctx_access(enum bpf_access_type type, 3850 const struct bpf_insn *si, 3851 struct bpf_insn *insn_buf, 3852 struct bpf_prog *prog, 3853 u32 *target_size) 3854 { 3855 return 0; 3856 } 3857 #endif /* CONFIG_INET */ 3858 3859 enum bpf_text_poke_type { 3860 BPF_MOD_NOP, 3861 BPF_MOD_CALL, 3862 BPF_MOD_JUMP, 3863 }; 3864 3865 int bpf_arch_text_poke(void *ip, enum bpf_text_poke_type old_t, 3866 enum bpf_text_poke_type new_t, void *old_addr, 3867 void *new_addr); 3868 3869 void bpf_arch_poke_desc_update(struct bpf_jit_poke_descriptor *poke, 3870 struct bpf_prog *new, struct bpf_prog *old); 3871 3872 void *bpf_arch_text_copy(void *dst, void *src, size_t len); 3873 int bpf_arch_text_invalidate(void *dst, size_t len); 3874 3875 struct btf_id_set; 3876 bool btf_id_set_contains(const struct btf_id_set *set, u32 id); 3877 3878 #define MAX_BPRINTF_VARARGS 12 3879 #define MAX_BPRINTF_BUF 1024 3880 3881 /* Per-cpu temp buffers used by printf-like helpers to store the bprintf binary 3882 * arguments representation. 3883 */ 3884 #define MAX_BPRINTF_BIN_ARGS 512 3885 3886 struct bpf_bprintf_buffers { 3887 char bin_args[MAX_BPRINTF_BIN_ARGS]; 3888 char buf[MAX_BPRINTF_BUF]; 3889 }; 3890 3891 struct bpf_bprintf_data { 3892 u32 *bin_args; 3893 char *buf; 3894 bool get_bin_args; 3895 bool get_buf; 3896 }; 3897 3898 int bpf_bprintf_prepare(const char *fmt, u32 fmt_size, const u64 *raw_args, 3899 u32 num_args, struct bpf_bprintf_data *data); 3900 void bpf_bprintf_cleanup(struct bpf_bprintf_data *data); 3901 int bpf_try_get_buffers(struct bpf_bprintf_buffers **bufs); 3902 void bpf_put_buffers(void); 3903 3904 void bpf_prog_stream_init(struct bpf_prog *prog); 3905 void bpf_prog_stream_free(struct bpf_prog *prog); 3906 int bpf_prog_stream_read(struct bpf_prog *prog, enum bpf_stream_id stream_id, void __user *buf, int len); 3907 void bpf_stream_stage_init(struct bpf_stream_stage *ss); 3908 void bpf_stream_stage_free(struct bpf_stream_stage *ss); 3909 __printf(2, 3) 3910 int bpf_stream_stage_printk(struct bpf_stream_stage *ss, const char *fmt, ...); 3911 int bpf_stream_stage_commit(struct bpf_stream_stage *ss, struct bpf_prog *prog, 3912 enum bpf_stream_id stream_id); 3913 int bpf_stream_stage_dump_stack(struct bpf_stream_stage *ss); 3914 3915 #define bpf_stream_printk(ss, ...) bpf_stream_stage_printk(&ss, __VA_ARGS__) 3916 #define bpf_stream_dump_stack(ss) bpf_stream_stage_dump_stack(&ss) 3917 3918 #define bpf_stream_stage(ss, prog, stream_id, expr) \ 3919 ({ \ 3920 bpf_stream_stage_init(&ss); \ 3921 (expr); \ 3922 bpf_stream_stage_commit(&ss, prog, stream_id); \ 3923 bpf_stream_stage_free(&ss); \ 3924 }) 3925 3926 #ifdef CONFIG_BPF_LSM 3927 void bpf_cgroup_atype_get(u32 attach_btf_id, int cgroup_atype); 3928 void bpf_cgroup_atype_put(int cgroup_atype); 3929 #else 3930 static inline void bpf_cgroup_atype_get(u32 attach_btf_id, int cgroup_atype) {} 3931 static inline void bpf_cgroup_atype_put(int cgroup_atype) {} 3932 #endif /* CONFIG_BPF_LSM */ 3933 3934 struct key; 3935 3936 #ifdef CONFIG_KEYS 3937 struct bpf_key { 3938 struct key *key; 3939 bool has_ref; 3940 }; 3941 #endif /* CONFIG_KEYS */ 3942 3943 static inline bool type_is_alloc(u32 type) 3944 { 3945 return type & MEM_ALLOC; 3946 } 3947 3948 static inline gfp_t bpf_memcg_flags(gfp_t flags) 3949 { 3950 if (memcg_bpf_enabled()) 3951 return flags | __GFP_ACCOUNT; 3952 return flags; 3953 } 3954 3955 static inline bool bpf_is_subprog(const struct bpf_prog *prog) 3956 { 3957 return prog->aux->func_idx != 0; 3958 } 3959 3960 const struct bpf_line_info *bpf_find_linfo(const struct bpf_prog *prog, u32 insn_off); 3961 void bpf_get_linfo_file_line(struct btf *btf, const struct bpf_line_info *linfo, 3962 const char **filep, const char **linep, int *nump); 3963 int bpf_prog_get_file_line(struct bpf_prog *prog, unsigned long ip, const char **filep, 3964 const char **linep, int *nump); 3965 struct bpf_prog *bpf_prog_find_from_stack(void); 3966 3967 int bpf_insn_array_init(struct bpf_map *map, const struct bpf_prog *prog); 3968 int bpf_insn_array_ready(struct bpf_map *map); 3969 void bpf_insn_array_release(struct bpf_map *map); 3970 void bpf_insn_array_adjust(struct bpf_map *map, u32 off, u32 len); 3971 void bpf_insn_array_adjust_after_remove(struct bpf_map *map, u32 off, u32 len); 3972 3973 #ifdef CONFIG_BPF_SYSCALL 3974 void bpf_prog_update_insn_ptrs(struct bpf_prog *prog, u32 *offsets, void *image); 3975 #else 3976 static inline void 3977 bpf_prog_update_insn_ptrs(struct bpf_prog *prog, u32 *offsets, void *image) 3978 { 3979 } 3980 #endif 3981 3982 static inline bool bpf_map_supports_cpu_flags(enum bpf_map_type map_type) 3983 { 3984 switch (map_type) { 3985 case BPF_MAP_TYPE_PERCPU_ARRAY: 3986 case BPF_MAP_TYPE_PERCPU_HASH: 3987 case BPF_MAP_TYPE_LRU_PERCPU_HASH: 3988 case BPF_MAP_TYPE_PERCPU_CGROUP_STORAGE: 3989 return true; 3990 default: 3991 return false; 3992 } 3993 } 3994 3995 static inline int bpf_map_check_op_flags(struct bpf_map *map, u64 flags, u64 allowed_flags) 3996 { 3997 u32 cpu; 3998 3999 if ((u32)flags & ~allowed_flags) 4000 return -EINVAL; 4001 4002 if ((flags & BPF_F_LOCK) && !btf_record_has_field(map->record, BPF_SPIN_LOCK)) 4003 return -EINVAL; 4004 4005 if (!(flags & BPF_F_CPU) && flags >> 32) 4006 return -EINVAL; 4007 4008 if (flags & (BPF_F_CPU | BPF_F_ALL_CPUS)) { 4009 if (!bpf_map_supports_cpu_flags(map->map_type)) 4010 return -EINVAL; 4011 if ((flags & BPF_F_CPU) && (flags & BPF_F_ALL_CPUS)) 4012 return -EINVAL; 4013 4014 cpu = flags >> 32; 4015 if ((flags & BPF_F_CPU) && cpu >= num_possible_cpus()) 4016 return -ERANGE; 4017 } 4018 4019 return 0; 4020 } 4021 4022 #endif /* _LINUX_BPF_H */ 4023