1 /* SPDX-License-Identifier: GPL-2.0-only */ 2 /* Copyright (c) 2011-2014 PLUMgrid, http://plumgrid.com 3 */ 4 #ifndef _LINUX_BPF_H 5 #define _LINUX_BPF_H 1 6 7 #include <uapi/linux/bpf.h> 8 #include <uapi/linux/filter.h> 9 10 #include <linux/workqueue.h> 11 #include <linux/file.h> 12 #include <linux/percpu.h> 13 #include <linux/err.h> 14 #include <linux/rbtree_latch.h> 15 #include <linux/numa.h> 16 #include <linux/mm_types.h> 17 #include <linux/wait.h> 18 #include <linux/refcount.h> 19 #include <linux/mutex.h> 20 #include <linux/module.h> 21 #include <linux/kallsyms.h> 22 #include <linux/capability.h> 23 #include <linux/sched/mm.h> 24 #include <linux/slab.h> 25 #include <linux/percpu-refcount.h> 26 #include <linux/stddef.h> 27 #include <linux/bpfptr.h> 28 #include <linux/btf.h> 29 #include <linux/rcupdate_trace.h> 30 31 struct bpf_verifier_env; 32 struct bpf_verifier_log; 33 struct perf_event; 34 struct bpf_prog; 35 struct bpf_prog_aux; 36 struct bpf_map; 37 struct sock; 38 struct seq_file; 39 struct btf; 40 struct btf_type; 41 struct exception_table_entry; 42 struct seq_operations; 43 struct bpf_iter_aux_info; 44 struct bpf_local_storage; 45 struct bpf_local_storage_map; 46 struct kobject; 47 struct mem_cgroup; 48 struct module; 49 struct bpf_func_state; 50 struct ftrace_ops; 51 struct cgroup; 52 53 extern struct idr btf_idr; 54 extern spinlock_t btf_idr_lock; 55 extern struct kobject *btf_kobj; 56 57 typedef u64 (*bpf_callback_t)(u64, u64, u64, u64, u64); 58 typedef int (*bpf_iter_init_seq_priv_t)(void *private_data, 59 struct bpf_iter_aux_info *aux); 60 typedef void (*bpf_iter_fini_seq_priv_t)(void *private_data); 61 typedef unsigned int (*bpf_func_t)(const void *, 62 const struct bpf_insn *); 63 struct bpf_iter_seq_info { 64 const struct seq_operations *seq_ops; 65 bpf_iter_init_seq_priv_t init_seq_private; 66 bpf_iter_fini_seq_priv_t fini_seq_private; 67 u32 seq_priv_size; 68 }; 69 70 /* map is generic key/value storage optionally accessible by eBPF programs */ 71 struct bpf_map_ops { 72 /* funcs callable from userspace (via syscall) */ 73 int (*map_alloc_check)(union bpf_attr *attr); 74 struct bpf_map *(*map_alloc)(union bpf_attr *attr); 75 void (*map_release)(struct bpf_map *map, struct file *map_file); 76 void (*map_free)(struct bpf_map *map); 77 int (*map_get_next_key)(struct bpf_map *map, void *key, void *next_key); 78 void (*map_release_uref)(struct bpf_map *map); 79 void *(*map_lookup_elem_sys_only)(struct bpf_map *map, void *key); 80 int (*map_lookup_batch)(struct bpf_map *map, const union bpf_attr *attr, 81 union bpf_attr __user *uattr); 82 int (*map_lookup_and_delete_elem)(struct bpf_map *map, void *key, 83 void *value, u64 flags); 84 int (*map_lookup_and_delete_batch)(struct bpf_map *map, 85 const union bpf_attr *attr, 86 union bpf_attr __user *uattr); 87 int (*map_update_batch)(struct bpf_map *map, const union bpf_attr *attr, 88 union bpf_attr __user *uattr); 89 int (*map_delete_batch)(struct bpf_map *map, const union bpf_attr *attr, 90 union bpf_attr __user *uattr); 91 92 /* funcs callable from userspace and from eBPF programs */ 93 void *(*map_lookup_elem)(struct bpf_map *map, void *key); 94 int (*map_update_elem)(struct bpf_map *map, void *key, void *value, u64 flags); 95 int (*map_delete_elem)(struct bpf_map *map, void *key); 96 int (*map_push_elem)(struct bpf_map *map, void *value, u64 flags); 97 int (*map_pop_elem)(struct bpf_map *map, void *value); 98 int (*map_peek_elem)(struct bpf_map *map, void *value); 99 void *(*map_lookup_percpu_elem)(struct bpf_map *map, void *key, u32 cpu); 100 101 /* funcs called by prog_array and perf_event_array map */ 102 void *(*map_fd_get_ptr)(struct bpf_map *map, struct file *map_file, 103 int fd); 104 void (*map_fd_put_ptr)(void *ptr); 105 int (*map_gen_lookup)(struct bpf_map *map, struct bpf_insn *insn_buf); 106 u32 (*map_fd_sys_lookup_elem)(void *ptr); 107 void (*map_seq_show_elem)(struct bpf_map *map, void *key, 108 struct seq_file *m); 109 int (*map_check_btf)(const struct bpf_map *map, 110 const struct btf *btf, 111 const struct btf_type *key_type, 112 const struct btf_type *value_type); 113 114 /* Prog poke tracking helpers. */ 115 int (*map_poke_track)(struct bpf_map *map, struct bpf_prog_aux *aux); 116 void (*map_poke_untrack)(struct bpf_map *map, struct bpf_prog_aux *aux); 117 void (*map_poke_run)(struct bpf_map *map, u32 key, struct bpf_prog *old, 118 struct bpf_prog *new); 119 120 /* Direct value access helpers. */ 121 int (*map_direct_value_addr)(const struct bpf_map *map, 122 u64 *imm, u32 off); 123 int (*map_direct_value_meta)(const struct bpf_map *map, 124 u64 imm, u32 *off); 125 int (*map_mmap)(struct bpf_map *map, struct vm_area_struct *vma); 126 __poll_t (*map_poll)(struct bpf_map *map, struct file *filp, 127 struct poll_table_struct *pts); 128 129 /* Functions called by bpf_local_storage maps */ 130 int (*map_local_storage_charge)(struct bpf_local_storage_map *smap, 131 void *owner, u32 size); 132 void (*map_local_storage_uncharge)(struct bpf_local_storage_map *smap, 133 void *owner, u32 size); 134 struct bpf_local_storage __rcu ** (*map_owner_storage_ptr)(void *owner); 135 136 /* Misc helpers.*/ 137 int (*map_redirect)(struct bpf_map *map, u32 ifindex, u64 flags); 138 139 /* map_meta_equal must be implemented for maps that can be 140 * used as an inner map. It is a runtime check to ensure 141 * an inner map can be inserted to an outer map. 142 * 143 * Some properties of the inner map has been used during the 144 * verification time. When inserting an inner map at the runtime, 145 * map_meta_equal has to ensure the inserting map has the same 146 * properties that the verifier has used earlier. 147 */ 148 bool (*map_meta_equal)(const struct bpf_map *meta0, 149 const struct bpf_map *meta1); 150 151 152 int (*map_set_for_each_callback_args)(struct bpf_verifier_env *env, 153 struct bpf_func_state *caller, 154 struct bpf_func_state *callee); 155 int (*map_for_each_callback)(struct bpf_map *map, 156 bpf_callback_t callback_fn, 157 void *callback_ctx, u64 flags); 158 159 /* BTF id of struct allocated by map_alloc */ 160 int *map_btf_id; 161 162 /* bpf_iter info used to open a seq_file */ 163 const struct bpf_iter_seq_info *iter_seq_info; 164 }; 165 166 enum { 167 /* Support at most 8 pointers in a BPF map value */ 168 BPF_MAP_VALUE_OFF_MAX = 8, 169 BPF_MAP_OFF_ARR_MAX = BPF_MAP_VALUE_OFF_MAX + 170 1 + /* for bpf_spin_lock */ 171 1, /* for bpf_timer */ 172 }; 173 174 enum bpf_kptr_type { 175 BPF_KPTR_UNREF, 176 BPF_KPTR_REF, 177 }; 178 179 struct bpf_map_value_off_desc { 180 u32 offset; 181 enum bpf_kptr_type type; 182 struct { 183 struct btf *btf; 184 struct module *module; 185 btf_dtor_kfunc_t dtor; 186 u32 btf_id; 187 } kptr; 188 }; 189 190 struct bpf_map_value_off { 191 u32 nr_off; 192 struct bpf_map_value_off_desc off[]; 193 }; 194 195 struct bpf_map_off_arr { 196 u32 cnt; 197 u32 field_off[BPF_MAP_OFF_ARR_MAX]; 198 u8 field_sz[BPF_MAP_OFF_ARR_MAX]; 199 }; 200 201 struct bpf_map { 202 /* The first two cachelines with read-mostly members of which some 203 * are also accessed in fast-path (e.g. ops, max_entries). 204 */ 205 const struct bpf_map_ops *ops ____cacheline_aligned; 206 struct bpf_map *inner_map_meta; 207 #ifdef CONFIG_SECURITY 208 void *security; 209 #endif 210 enum bpf_map_type map_type; 211 u32 key_size; 212 u32 value_size; 213 u32 max_entries; 214 u64 map_extra; /* any per-map-type extra fields */ 215 u32 map_flags; 216 int spin_lock_off; /* >=0 valid offset, <0 error */ 217 struct bpf_map_value_off *kptr_off_tab; 218 int timer_off; /* >=0 valid offset, <0 error */ 219 u32 id; 220 int numa_node; 221 u32 btf_key_type_id; 222 u32 btf_value_type_id; 223 u32 btf_vmlinux_value_type_id; 224 struct btf *btf; 225 #ifdef CONFIG_MEMCG_KMEM 226 struct obj_cgroup *objcg; 227 #endif 228 char name[BPF_OBJ_NAME_LEN]; 229 struct bpf_map_off_arr *off_arr; 230 /* The 3rd and 4th cacheline with misc members to avoid false sharing 231 * particularly with refcounting. 232 */ 233 atomic64_t refcnt ____cacheline_aligned; 234 atomic64_t usercnt; 235 struct work_struct work; 236 struct mutex freeze_mutex; 237 atomic64_t writecnt; 238 /* 'Ownership' of program-containing map is claimed by the first program 239 * that is going to use this map or by the first program which FD is 240 * stored in the map to make sure that all callers and callees have the 241 * same prog type, JITed flag and xdp_has_frags flag. 242 */ 243 struct { 244 spinlock_t lock; 245 enum bpf_prog_type type; 246 bool jited; 247 bool xdp_has_frags; 248 } owner; 249 bool bypass_spec_v1; 250 bool frozen; /* write-once; write-protected by freeze_mutex */ 251 }; 252 253 static inline bool map_value_has_spin_lock(const struct bpf_map *map) 254 { 255 return map->spin_lock_off >= 0; 256 } 257 258 static inline bool map_value_has_timer(const struct bpf_map *map) 259 { 260 return map->timer_off >= 0; 261 } 262 263 static inline bool map_value_has_kptrs(const struct bpf_map *map) 264 { 265 return !IS_ERR_OR_NULL(map->kptr_off_tab); 266 } 267 268 static inline void check_and_init_map_value(struct bpf_map *map, void *dst) 269 { 270 if (unlikely(map_value_has_spin_lock(map))) 271 memset(dst + map->spin_lock_off, 0, sizeof(struct bpf_spin_lock)); 272 if (unlikely(map_value_has_timer(map))) 273 memset(dst + map->timer_off, 0, sizeof(struct bpf_timer)); 274 if (unlikely(map_value_has_kptrs(map))) { 275 struct bpf_map_value_off *tab = map->kptr_off_tab; 276 int i; 277 278 for (i = 0; i < tab->nr_off; i++) 279 *(u64 *)(dst + tab->off[i].offset) = 0; 280 } 281 } 282 283 /* memcpy that is used with 8-byte aligned pointers, power-of-8 size and 284 * forced to use 'long' read/writes to try to atomically copy long counters. 285 * Best-effort only. No barriers here, since it _will_ race with concurrent 286 * updates from BPF programs. Called from bpf syscall and mostly used with 287 * size 8 or 16 bytes, so ask compiler to inline it. 288 */ 289 static inline void bpf_long_memcpy(void *dst, const void *src, u32 size) 290 { 291 const long *lsrc = src; 292 long *ldst = dst; 293 294 size /= sizeof(long); 295 while (size--) 296 *ldst++ = *lsrc++; 297 } 298 299 /* copy everything but bpf_spin_lock, bpf_timer, and kptrs. There could be one of each. */ 300 static inline void __copy_map_value(struct bpf_map *map, void *dst, void *src, bool long_memcpy) 301 { 302 u32 curr_off = 0; 303 int i; 304 305 if (likely(!map->off_arr)) { 306 if (long_memcpy) 307 bpf_long_memcpy(dst, src, round_up(map->value_size, 8)); 308 else 309 memcpy(dst, src, map->value_size); 310 return; 311 } 312 313 for (i = 0; i < map->off_arr->cnt; i++) { 314 u32 next_off = map->off_arr->field_off[i]; 315 316 memcpy(dst + curr_off, src + curr_off, next_off - curr_off); 317 curr_off += map->off_arr->field_sz[i]; 318 } 319 memcpy(dst + curr_off, src + curr_off, map->value_size - curr_off); 320 } 321 322 static inline void copy_map_value(struct bpf_map *map, void *dst, void *src) 323 { 324 __copy_map_value(map, dst, src, false); 325 } 326 327 static inline void copy_map_value_long(struct bpf_map *map, void *dst, void *src) 328 { 329 __copy_map_value(map, dst, src, true); 330 } 331 332 static inline void zero_map_value(struct bpf_map *map, void *dst) 333 { 334 u32 curr_off = 0; 335 int i; 336 337 if (likely(!map->off_arr)) { 338 memset(dst, 0, map->value_size); 339 return; 340 } 341 342 for (i = 0; i < map->off_arr->cnt; i++) { 343 u32 next_off = map->off_arr->field_off[i]; 344 345 memset(dst + curr_off, 0, next_off - curr_off); 346 curr_off += map->off_arr->field_sz[i]; 347 } 348 memset(dst + curr_off, 0, map->value_size - curr_off); 349 } 350 351 void copy_map_value_locked(struct bpf_map *map, void *dst, void *src, 352 bool lock_src); 353 void bpf_timer_cancel_and_free(void *timer); 354 int bpf_obj_name_cpy(char *dst, const char *src, unsigned int size); 355 356 struct bpf_offload_dev; 357 struct bpf_offloaded_map; 358 359 struct bpf_map_dev_ops { 360 int (*map_get_next_key)(struct bpf_offloaded_map *map, 361 void *key, void *next_key); 362 int (*map_lookup_elem)(struct bpf_offloaded_map *map, 363 void *key, void *value); 364 int (*map_update_elem)(struct bpf_offloaded_map *map, 365 void *key, void *value, u64 flags); 366 int (*map_delete_elem)(struct bpf_offloaded_map *map, void *key); 367 }; 368 369 struct bpf_offloaded_map { 370 struct bpf_map map; 371 struct net_device *netdev; 372 const struct bpf_map_dev_ops *dev_ops; 373 void *dev_priv; 374 struct list_head offloads; 375 }; 376 377 static inline struct bpf_offloaded_map *map_to_offmap(struct bpf_map *map) 378 { 379 return container_of(map, struct bpf_offloaded_map, map); 380 } 381 382 static inline bool bpf_map_offload_neutral(const struct bpf_map *map) 383 { 384 return map->map_type == BPF_MAP_TYPE_PERF_EVENT_ARRAY; 385 } 386 387 static inline bool bpf_map_support_seq_show(const struct bpf_map *map) 388 { 389 return (map->btf_value_type_id || map->btf_vmlinux_value_type_id) && 390 map->ops->map_seq_show_elem; 391 } 392 393 int map_check_no_btf(const struct bpf_map *map, 394 const struct btf *btf, 395 const struct btf_type *key_type, 396 const struct btf_type *value_type); 397 398 bool bpf_map_meta_equal(const struct bpf_map *meta0, 399 const struct bpf_map *meta1); 400 401 extern const struct bpf_map_ops bpf_map_offload_ops; 402 403 /* bpf_type_flag contains a set of flags that are applicable to the values of 404 * arg_type, ret_type and reg_type. For example, a pointer value may be null, 405 * or a memory is read-only. We classify types into two categories: base types 406 * and extended types. Extended types are base types combined with a type flag. 407 * 408 * Currently there are no more than 32 base types in arg_type, ret_type and 409 * reg_types. 410 */ 411 #define BPF_BASE_TYPE_BITS 8 412 413 enum bpf_type_flag { 414 /* PTR may be NULL. */ 415 PTR_MAYBE_NULL = BIT(0 + BPF_BASE_TYPE_BITS), 416 417 /* MEM is read-only. When applied on bpf_arg, it indicates the arg is 418 * compatible with both mutable and immutable memory. 419 */ 420 MEM_RDONLY = BIT(1 + BPF_BASE_TYPE_BITS), 421 422 /* MEM was "allocated" from a different helper, and cannot be mixed 423 * with regular non-MEM_ALLOC'ed MEM types. 424 */ 425 MEM_ALLOC = BIT(2 + BPF_BASE_TYPE_BITS), 426 427 /* MEM is in user address space. */ 428 MEM_USER = BIT(3 + BPF_BASE_TYPE_BITS), 429 430 /* MEM is a percpu memory. MEM_PERCPU tags PTR_TO_BTF_ID. When tagged 431 * with MEM_PERCPU, PTR_TO_BTF_ID _cannot_ be directly accessed. In 432 * order to drop this tag, it must be passed into bpf_per_cpu_ptr() 433 * or bpf_this_cpu_ptr(), which will return the pointer corresponding 434 * to the specified cpu. 435 */ 436 MEM_PERCPU = BIT(4 + BPF_BASE_TYPE_BITS), 437 438 /* Indicates that the argument will be released. */ 439 OBJ_RELEASE = BIT(5 + BPF_BASE_TYPE_BITS), 440 441 /* PTR is not trusted. This is only used with PTR_TO_BTF_ID, to mark 442 * unreferenced and referenced kptr loaded from map value using a load 443 * instruction, so that they can only be dereferenced but not escape the 444 * BPF program into the kernel (i.e. cannot be passed as arguments to 445 * kfunc or bpf helpers). 446 */ 447 PTR_UNTRUSTED = BIT(6 + BPF_BASE_TYPE_BITS), 448 449 MEM_UNINIT = BIT(7 + BPF_BASE_TYPE_BITS), 450 451 /* DYNPTR points to memory local to the bpf program. */ 452 DYNPTR_TYPE_LOCAL = BIT(8 + BPF_BASE_TYPE_BITS), 453 454 /* DYNPTR points to a kernel-produced ringbuf record. */ 455 DYNPTR_TYPE_RINGBUF = BIT(9 + BPF_BASE_TYPE_BITS), 456 457 /* Size is known at compile time. */ 458 MEM_FIXED_SIZE = BIT(10 + BPF_BASE_TYPE_BITS), 459 460 __BPF_TYPE_FLAG_MAX, 461 __BPF_TYPE_LAST_FLAG = __BPF_TYPE_FLAG_MAX - 1, 462 }; 463 464 #define DYNPTR_TYPE_FLAG_MASK (DYNPTR_TYPE_LOCAL | DYNPTR_TYPE_RINGBUF) 465 466 /* Max number of base types. */ 467 #define BPF_BASE_TYPE_LIMIT (1UL << BPF_BASE_TYPE_BITS) 468 469 /* Max number of all types. */ 470 #define BPF_TYPE_LIMIT (__BPF_TYPE_LAST_FLAG | (__BPF_TYPE_LAST_FLAG - 1)) 471 472 /* function argument constraints */ 473 enum bpf_arg_type { 474 ARG_DONTCARE = 0, /* unused argument in helper function */ 475 476 /* the following constraints used to prototype 477 * bpf_map_lookup/update/delete_elem() functions 478 */ 479 ARG_CONST_MAP_PTR, /* const argument used as pointer to bpf_map */ 480 ARG_PTR_TO_MAP_KEY, /* pointer to stack used as map key */ 481 ARG_PTR_TO_MAP_VALUE, /* pointer to stack used as map value */ 482 483 /* Used to prototype bpf_memcmp() and other functions that access data 484 * on eBPF program stack 485 */ 486 ARG_PTR_TO_MEM, /* pointer to valid memory (stack, packet, map value) */ 487 488 ARG_CONST_SIZE, /* number of bytes accessed from memory */ 489 ARG_CONST_SIZE_OR_ZERO, /* number of bytes accessed from memory or 0 */ 490 491 ARG_PTR_TO_CTX, /* pointer to context */ 492 ARG_ANYTHING, /* any (initialized) argument is ok */ 493 ARG_PTR_TO_SPIN_LOCK, /* pointer to bpf_spin_lock */ 494 ARG_PTR_TO_SOCK_COMMON, /* pointer to sock_common */ 495 ARG_PTR_TO_INT, /* pointer to int */ 496 ARG_PTR_TO_LONG, /* pointer to long */ 497 ARG_PTR_TO_SOCKET, /* pointer to bpf_sock (fullsock) */ 498 ARG_PTR_TO_BTF_ID, /* pointer to in-kernel struct */ 499 ARG_PTR_TO_ALLOC_MEM, /* pointer to dynamically allocated memory */ 500 ARG_CONST_ALLOC_SIZE_OR_ZERO, /* number of allocated bytes requested */ 501 ARG_PTR_TO_BTF_ID_SOCK_COMMON, /* pointer to in-kernel sock_common or bpf-mirrored bpf_sock */ 502 ARG_PTR_TO_PERCPU_BTF_ID, /* pointer to in-kernel percpu type */ 503 ARG_PTR_TO_FUNC, /* pointer to a bpf program function */ 504 ARG_PTR_TO_STACK, /* pointer to stack */ 505 ARG_PTR_TO_CONST_STR, /* pointer to a null terminated read-only string */ 506 ARG_PTR_TO_TIMER, /* pointer to bpf_timer */ 507 ARG_PTR_TO_KPTR, /* pointer to referenced kptr */ 508 ARG_PTR_TO_DYNPTR, /* pointer to bpf_dynptr. See bpf_type_flag for dynptr type */ 509 __BPF_ARG_TYPE_MAX, 510 511 /* Extended arg_types. */ 512 ARG_PTR_TO_MAP_VALUE_OR_NULL = PTR_MAYBE_NULL | ARG_PTR_TO_MAP_VALUE, 513 ARG_PTR_TO_MEM_OR_NULL = PTR_MAYBE_NULL | ARG_PTR_TO_MEM, 514 ARG_PTR_TO_CTX_OR_NULL = PTR_MAYBE_NULL | ARG_PTR_TO_CTX, 515 ARG_PTR_TO_SOCKET_OR_NULL = PTR_MAYBE_NULL | ARG_PTR_TO_SOCKET, 516 ARG_PTR_TO_ALLOC_MEM_OR_NULL = PTR_MAYBE_NULL | ARG_PTR_TO_ALLOC_MEM, 517 ARG_PTR_TO_STACK_OR_NULL = PTR_MAYBE_NULL | ARG_PTR_TO_STACK, 518 ARG_PTR_TO_BTF_ID_OR_NULL = PTR_MAYBE_NULL | ARG_PTR_TO_BTF_ID, 519 /* pointer to memory does not need to be initialized, helper function must fill 520 * all bytes or clear them in error case. 521 */ 522 ARG_PTR_TO_UNINIT_MEM = MEM_UNINIT | ARG_PTR_TO_MEM, 523 /* Pointer to valid memory of size known at compile time. */ 524 ARG_PTR_TO_FIXED_SIZE_MEM = MEM_FIXED_SIZE | ARG_PTR_TO_MEM, 525 526 /* This must be the last entry. Its purpose is to ensure the enum is 527 * wide enough to hold the higher bits reserved for bpf_type_flag. 528 */ 529 __BPF_ARG_TYPE_LIMIT = BPF_TYPE_LIMIT, 530 }; 531 static_assert(__BPF_ARG_TYPE_MAX <= BPF_BASE_TYPE_LIMIT); 532 533 /* type of values returned from helper functions */ 534 enum bpf_return_type { 535 RET_INTEGER, /* function returns integer */ 536 RET_VOID, /* function doesn't return anything */ 537 RET_PTR_TO_MAP_VALUE, /* returns a pointer to map elem value */ 538 RET_PTR_TO_SOCKET, /* returns a pointer to a socket */ 539 RET_PTR_TO_TCP_SOCK, /* returns a pointer to a tcp_sock */ 540 RET_PTR_TO_SOCK_COMMON, /* returns a pointer to a sock_common */ 541 RET_PTR_TO_ALLOC_MEM, /* returns a pointer to dynamically allocated memory */ 542 RET_PTR_TO_MEM_OR_BTF_ID, /* returns a pointer to a valid memory or a btf_id */ 543 RET_PTR_TO_BTF_ID, /* returns a pointer to a btf_id */ 544 __BPF_RET_TYPE_MAX, 545 546 /* Extended ret_types. */ 547 RET_PTR_TO_MAP_VALUE_OR_NULL = PTR_MAYBE_NULL | RET_PTR_TO_MAP_VALUE, 548 RET_PTR_TO_SOCKET_OR_NULL = PTR_MAYBE_NULL | RET_PTR_TO_SOCKET, 549 RET_PTR_TO_TCP_SOCK_OR_NULL = PTR_MAYBE_NULL | RET_PTR_TO_TCP_SOCK, 550 RET_PTR_TO_SOCK_COMMON_OR_NULL = PTR_MAYBE_NULL | RET_PTR_TO_SOCK_COMMON, 551 RET_PTR_TO_ALLOC_MEM_OR_NULL = PTR_MAYBE_NULL | MEM_ALLOC | RET_PTR_TO_ALLOC_MEM, 552 RET_PTR_TO_DYNPTR_MEM_OR_NULL = PTR_MAYBE_NULL | RET_PTR_TO_ALLOC_MEM, 553 RET_PTR_TO_BTF_ID_OR_NULL = PTR_MAYBE_NULL | RET_PTR_TO_BTF_ID, 554 555 /* This must be the last entry. Its purpose is to ensure the enum is 556 * wide enough to hold the higher bits reserved for bpf_type_flag. 557 */ 558 __BPF_RET_TYPE_LIMIT = BPF_TYPE_LIMIT, 559 }; 560 static_assert(__BPF_RET_TYPE_MAX <= BPF_BASE_TYPE_LIMIT); 561 562 /* eBPF function prototype used by verifier to allow BPF_CALLs from eBPF programs 563 * to in-kernel helper functions and for adjusting imm32 field in BPF_CALL 564 * instructions after verifying 565 */ 566 struct bpf_func_proto { 567 u64 (*func)(u64 r1, u64 r2, u64 r3, u64 r4, u64 r5); 568 bool gpl_only; 569 bool pkt_access; 570 enum bpf_return_type ret_type; 571 union { 572 struct { 573 enum bpf_arg_type arg1_type; 574 enum bpf_arg_type arg2_type; 575 enum bpf_arg_type arg3_type; 576 enum bpf_arg_type arg4_type; 577 enum bpf_arg_type arg5_type; 578 }; 579 enum bpf_arg_type arg_type[5]; 580 }; 581 union { 582 struct { 583 u32 *arg1_btf_id; 584 u32 *arg2_btf_id; 585 u32 *arg3_btf_id; 586 u32 *arg4_btf_id; 587 u32 *arg5_btf_id; 588 }; 589 u32 *arg_btf_id[5]; 590 struct { 591 size_t arg1_size; 592 size_t arg2_size; 593 size_t arg3_size; 594 size_t arg4_size; 595 size_t arg5_size; 596 }; 597 size_t arg_size[5]; 598 }; 599 int *ret_btf_id; /* return value btf_id */ 600 bool (*allowed)(const struct bpf_prog *prog); 601 }; 602 603 /* bpf_context is intentionally undefined structure. Pointer to bpf_context is 604 * the first argument to eBPF programs. 605 * For socket filters: 'struct bpf_context *' == 'struct sk_buff *' 606 */ 607 struct bpf_context; 608 609 enum bpf_access_type { 610 BPF_READ = 1, 611 BPF_WRITE = 2 612 }; 613 614 /* types of values stored in eBPF registers */ 615 /* Pointer types represent: 616 * pointer 617 * pointer + imm 618 * pointer + (u16) var 619 * pointer + (u16) var + imm 620 * if (range > 0) then [ptr, ptr + range - off) is safe to access 621 * if (id > 0) means that some 'var' was added 622 * if (off > 0) means that 'imm' was added 623 */ 624 enum bpf_reg_type { 625 NOT_INIT = 0, /* nothing was written into register */ 626 SCALAR_VALUE, /* reg doesn't contain a valid pointer */ 627 PTR_TO_CTX, /* reg points to bpf_context */ 628 CONST_PTR_TO_MAP, /* reg points to struct bpf_map */ 629 PTR_TO_MAP_VALUE, /* reg points to map element value */ 630 PTR_TO_MAP_KEY, /* reg points to a map element key */ 631 PTR_TO_STACK, /* reg == frame_pointer + offset */ 632 PTR_TO_PACKET_META, /* skb->data - meta_len */ 633 PTR_TO_PACKET, /* reg points to skb->data */ 634 PTR_TO_PACKET_END, /* skb->data + headlen */ 635 PTR_TO_FLOW_KEYS, /* reg points to bpf_flow_keys */ 636 PTR_TO_SOCKET, /* reg points to struct bpf_sock */ 637 PTR_TO_SOCK_COMMON, /* reg points to sock_common */ 638 PTR_TO_TCP_SOCK, /* reg points to struct tcp_sock */ 639 PTR_TO_TP_BUFFER, /* reg points to a writable raw tp's buffer */ 640 PTR_TO_XDP_SOCK, /* reg points to struct xdp_sock */ 641 /* PTR_TO_BTF_ID points to a kernel struct that does not need 642 * to be null checked by the BPF program. This does not imply the 643 * pointer is _not_ null and in practice this can easily be a null 644 * pointer when reading pointer chains. The assumption is program 645 * context will handle null pointer dereference typically via fault 646 * handling. The verifier must keep this in mind and can make no 647 * assumptions about null or non-null when doing branch analysis. 648 * Further, when passed into helpers the helpers can not, without 649 * additional context, assume the value is non-null. 650 */ 651 PTR_TO_BTF_ID, 652 /* PTR_TO_BTF_ID_OR_NULL points to a kernel struct that has not 653 * been checked for null. Used primarily to inform the verifier 654 * an explicit null check is required for this struct. 655 */ 656 PTR_TO_MEM, /* reg points to valid memory region */ 657 PTR_TO_BUF, /* reg points to a read/write buffer */ 658 PTR_TO_FUNC, /* reg points to a bpf program function */ 659 PTR_TO_DYNPTR, /* reg points to a dynptr */ 660 __BPF_REG_TYPE_MAX, 661 662 /* Extended reg_types. */ 663 PTR_TO_MAP_VALUE_OR_NULL = PTR_MAYBE_NULL | PTR_TO_MAP_VALUE, 664 PTR_TO_SOCKET_OR_NULL = PTR_MAYBE_NULL | PTR_TO_SOCKET, 665 PTR_TO_SOCK_COMMON_OR_NULL = PTR_MAYBE_NULL | PTR_TO_SOCK_COMMON, 666 PTR_TO_TCP_SOCK_OR_NULL = PTR_MAYBE_NULL | PTR_TO_TCP_SOCK, 667 PTR_TO_BTF_ID_OR_NULL = PTR_MAYBE_NULL | PTR_TO_BTF_ID, 668 669 /* This must be the last entry. Its purpose is to ensure the enum is 670 * wide enough to hold the higher bits reserved for bpf_type_flag. 671 */ 672 __BPF_REG_TYPE_LIMIT = BPF_TYPE_LIMIT, 673 }; 674 static_assert(__BPF_REG_TYPE_MAX <= BPF_BASE_TYPE_LIMIT); 675 676 /* The information passed from prog-specific *_is_valid_access 677 * back to the verifier. 678 */ 679 struct bpf_insn_access_aux { 680 enum bpf_reg_type reg_type; 681 union { 682 int ctx_field_size; 683 struct { 684 struct btf *btf; 685 u32 btf_id; 686 }; 687 }; 688 struct bpf_verifier_log *log; /* for verbose logs */ 689 }; 690 691 static inline void 692 bpf_ctx_record_field_size(struct bpf_insn_access_aux *aux, u32 size) 693 { 694 aux->ctx_field_size = size; 695 } 696 697 static inline bool bpf_pseudo_func(const struct bpf_insn *insn) 698 { 699 return insn->code == (BPF_LD | BPF_IMM | BPF_DW) && 700 insn->src_reg == BPF_PSEUDO_FUNC; 701 } 702 703 struct bpf_prog_ops { 704 int (*test_run)(struct bpf_prog *prog, const union bpf_attr *kattr, 705 union bpf_attr __user *uattr); 706 }; 707 708 struct bpf_verifier_ops { 709 /* return eBPF function prototype for verification */ 710 const struct bpf_func_proto * 711 (*get_func_proto)(enum bpf_func_id func_id, 712 const struct bpf_prog *prog); 713 714 /* return true if 'size' wide access at offset 'off' within bpf_context 715 * with 'type' (read or write) is allowed 716 */ 717 bool (*is_valid_access)(int off, int size, enum bpf_access_type type, 718 const struct bpf_prog *prog, 719 struct bpf_insn_access_aux *info); 720 int (*gen_prologue)(struct bpf_insn *insn, bool direct_write, 721 const struct bpf_prog *prog); 722 int (*gen_ld_abs)(const struct bpf_insn *orig, 723 struct bpf_insn *insn_buf); 724 u32 (*convert_ctx_access)(enum bpf_access_type type, 725 const struct bpf_insn *src, 726 struct bpf_insn *dst, 727 struct bpf_prog *prog, u32 *target_size); 728 int (*btf_struct_access)(struct bpf_verifier_log *log, 729 const struct btf *btf, 730 const struct btf_type *t, int off, int size, 731 enum bpf_access_type atype, 732 u32 *next_btf_id, enum bpf_type_flag *flag); 733 }; 734 735 struct bpf_prog_offload_ops { 736 /* verifier basic callbacks */ 737 int (*insn_hook)(struct bpf_verifier_env *env, 738 int insn_idx, int prev_insn_idx); 739 int (*finalize)(struct bpf_verifier_env *env); 740 /* verifier optimization callbacks (called after .finalize) */ 741 int (*replace_insn)(struct bpf_verifier_env *env, u32 off, 742 struct bpf_insn *insn); 743 int (*remove_insns)(struct bpf_verifier_env *env, u32 off, u32 cnt); 744 /* program management callbacks */ 745 int (*prepare)(struct bpf_prog *prog); 746 int (*translate)(struct bpf_prog *prog); 747 void (*destroy)(struct bpf_prog *prog); 748 }; 749 750 struct bpf_prog_offload { 751 struct bpf_prog *prog; 752 struct net_device *netdev; 753 struct bpf_offload_dev *offdev; 754 void *dev_priv; 755 struct list_head offloads; 756 bool dev_state; 757 bool opt_failed; 758 void *jited_image; 759 u32 jited_len; 760 }; 761 762 enum bpf_cgroup_storage_type { 763 BPF_CGROUP_STORAGE_SHARED, 764 BPF_CGROUP_STORAGE_PERCPU, 765 __BPF_CGROUP_STORAGE_MAX 766 }; 767 768 #define MAX_BPF_CGROUP_STORAGE_TYPE __BPF_CGROUP_STORAGE_MAX 769 770 /* The longest tracepoint has 12 args. 771 * See include/trace/bpf_probe.h 772 */ 773 #define MAX_BPF_FUNC_ARGS 12 774 775 /* The maximum number of arguments passed through registers 776 * a single function may have. 777 */ 778 #define MAX_BPF_FUNC_REG_ARGS 5 779 780 /* The argument is a structure. */ 781 #define BTF_FMODEL_STRUCT_ARG BIT(0) 782 783 struct btf_func_model { 784 u8 ret_size; 785 u8 nr_args; 786 u8 arg_size[MAX_BPF_FUNC_ARGS]; 787 u8 arg_flags[MAX_BPF_FUNC_ARGS]; 788 }; 789 790 /* Restore arguments before returning from trampoline to let original function 791 * continue executing. This flag is used for fentry progs when there are no 792 * fexit progs. 793 */ 794 #define BPF_TRAMP_F_RESTORE_REGS BIT(0) 795 /* Call original function after fentry progs, but before fexit progs. 796 * Makes sense for fentry/fexit, normal calls and indirect calls. 797 */ 798 #define BPF_TRAMP_F_CALL_ORIG BIT(1) 799 /* Skip current frame and return to parent. Makes sense for fentry/fexit 800 * programs only. Should not be used with normal calls and indirect calls. 801 */ 802 #define BPF_TRAMP_F_SKIP_FRAME BIT(2) 803 /* Store IP address of the caller on the trampoline stack, 804 * so it's available for trampoline's programs. 805 */ 806 #define BPF_TRAMP_F_IP_ARG BIT(3) 807 /* Return the return value of fentry prog. Only used by bpf_struct_ops. */ 808 #define BPF_TRAMP_F_RET_FENTRY_RET BIT(4) 809 810 /* Get original function from stack instead of from provided direct address. 811 * Makes sense for trampolines with fexit or fmod_ret programs. 812 */ 813 #define BPF_TRAMP_F_ORIG_STACK BIT(5) 814 815 /* This trampoline is on a function with another ftrace_ops with IPMODIFY, 816 * e.g., a live patch. This flag is set and cleared by ftrace call backs, 817 */ 818 #define BPF_TRAMP_F_SHARE_IPMODIFY BIT(6) 819 820 /* Each call __bpf_prog_enter + call bpf_func + call __bpf_prog_exit is ~50 821 * bytes on x86. 822 */ 823 #define BPF_MAX_TRAMP_LINKS 38 824 825 struct bpf_tramp_links { 826 struct bpf_tramp_link *links[BPF_MAX_TRAMP_LINKS]; 827 int nr_links; 828 }; 829 830 struct bpf_tramp_run_ctx; 831 832 /* Different use cases for BPF trampoline: 833 * 1. replace nop at the function entry (kprobe equivalent) 834 * flags = BPF_TRAMP_F_RESTORE_REGS 835 * fentry = a set of programs to run before returning from trampoline 836 * 837 * 2. replace nop at the function entry (kprobe + kretprobe equivalent) 838 * flags = BPF_TRAMP_F_CALL_ORIG | BPF_TRAMP_F_SKIP_FRAME 839 * orig_call = fentry_ip + MCOUNT_INSN_SIZE 840 * fentry = a set of program to run before calling original function 841 * fexit = a set of program to run after original function 842 * 843 * 3. replace direct call instruction anywhere in the function body 844 * or assign a function pointer for indirect call (like tcp_congestion_ops->cong_avoid) 845 * With flags = 0 846 * fentry = a set of programs to run before returning from trampoline 847 * With flags = BPF_TRAMP_F_CALL_ORIG 848 * orig_call = original callback addr or direct function addr 849 * fentry = a set of program to run before calling original function 850 * fexit = a set of program to run after original function 851 */ 852 struct bpf_tramp_image; 853 int arch_prepare_bpf_trampoline(struct bpf_tramp_image *tr, void *image, void *image_end, 854 const struct btf_func_model *m, u32 flags, 855 struct bpf_tramp_links *tlinks, 856 void *orig_call); 857 /* these two functions are called from generated trampoline */ 858 u64 notrace __bpf_prog_enter(struct bpf_prog *prog, struct bpf_tramp_run_ctx *run_ctx); 859 void notrace __bpf_prog_exit(struct bpf_prog *prog, u64 start, struct bpf_tramp_run_ctx *run_ctx); 860 u64 notrace __bpf_prog_enter_sleepable(struct bpf_prog *prog, struct bpf_tramp_run_ctx *run_ctx); 861 void notrace __bpf_prog_exit_sleepable(struct bpf_prog *prog, u64 start, 862 struct bpf_tramp_run_ctx *run_ctx); 863 u64 notrace __bpf_prog_enter_lsm_cgroup(struct bpf_prog *prog, 864 struct bpf_tramp_run_ctx *run_ctx); 865 void notrace __bpf_prog_exit_lsm_cgroup(struct bpf_prog *prog, u64 start, 866 struct bpf_tramp_run_ctx *run_ctx); 867 u64 notrace __bpf_prog_enter_struct_ops(struct bpf_prog *prog, 868 struct bpf_tramp_run_ctx *run_ctx); 869 void notrace __bpf_prog_exit_struct_ops(struct bpf_prog *prog, u64 start, 870 struct bpf_tramp_run_ctx *run_ctx); 871 void notrace __bpf_tramp_enter(struct bpf_tramp_image *tr); 872 void notrace __bpf_tramp_exit(struct bpf_tramp_image *tr); 873 874 struct bpf_ksym { 875 unsigned long start; 876 unsigned long end; 877 char name[KSYM_NAME_LEN]; 878 struct list_head lnode; 879 struct latch_tree_node tnode; 880 bool prog; 881 }; 882 883 enum bpf_tramp_prog_type { 884 BPF_TRAMP_FENTRY, 885 BPF_TRAMP_FEXIT, 886 BPF_TRAMP_MODIFY_RETURN, 887 BPF_TRAMP_MAX, 888 BPF_TRAMP_REPLACE, /* more than MAX */ 889 }; 890 891 struct bpf_tramp_image { 892 void *image; 893 struct bpf_ksym ksym; 894 struct percpu_ref pcref; 895 void *ip_after_call; 896 void *ip_epilogue; 897 union { 898 struct rcu_head rcu; 899 struct work_struct work; 900 }; 901 }; 902 903 struct bpf_trampoline { 904 /* hlist for trampoline_table */ 905 struct hlist_node hlist; 906 struct ftrace_ops *fops; 907 /* serializes access to fields of this trampoline */ 908 struct mutex mutex; 909 refcount_t refcnt; 910 u32 flags; 911 u64 key; 912 struct { 913 struct btf_func_model model; 914 void *addr; 915 bool ftrace_managed; 916 } func; 917 /* if !NULL this is BPF_PROG_TYPE_EXT program that extends another BPF 918 * program by replacing one of its functions. func.addr is the address 919 * of the function it replaced. 920 */ 921 struct bpf_prog *extension_prog; 922 /* list of BPF programs using this trampoline */ 923 struct hlist_head progs_hlist[BPF_TRAMP_MAX]; 924 /* Number of attached programs. A counter per kind. */ 925 int progs_cnt[BPF_TRAMP_MAX]; 926 /* Executable image of trampoline */ 927 struct bpf_tramp_image *cur_image; 928 u64 selector; 929 struct module *mod; 930 }; 931 932 struct bpf_attach_target_info { 933 struct btf_func_model fmodel; 934 long tgt_addr; 935 const char *tgt_name; 936 const struct btf_type *tgt_type; 937 }; 938 939 #define BPF_DISPATCHER_MAX 48 /* Fits in 2048B */ 940 941 struct bpf_dispatcher_prog { 942 struct bpf_prog *prog; 943 refcount_t users; 944 }; 945 946 struct bpf_dispatcher { 947 /* dispatcher mutex */ 948 struct mutex mutex; 949 void *func; 950 struct bpf_dispatcher_prog progs[BPF_DISPATCHER_MAX]; 951 int num_progs; 952 void *image; 953 void *rw_image; 954 u32 image_off; 955 struct bpf_ksym ksym; 956 }; 957 958 static __always_inline __nocfi unsigned int bpf_dispatcher_nop_func( 959 const void *ctx, 960 const struct bpf_insn *insnsi, 961 bpf_func_t bpf_func) 962 { 963 return bpf_func(ctx, insnsi); 964 } 965 966 #ifdef CONFIG_BPF_JIT 967 int bpf_trampoline_link_prog(struct bpf_tramp_link *link, struct bpf_trampoline *tr); 968 int bpf_trampoline_unlink_prog(struct bpf_tramp_link *link, struct bpf_trampoline *tr); 969 struct bpf_trampoline *bpf_trampoline_get(u64 key, 970 struct bpf_attach_target_info *tgt_info); 971 void bpf_trampoline_put(struct bpf_trampoline *tr); 972 int arch_prepare_bpf_dispatcher(void *image, void *buf, s64 *funcs, int num_funcs); 973 #define BPF_DISPATCHER_INIT(_name) { \ 974 .mutex = __MUTEX_INITIALIZER(_name.mutex), \ 975 .func = &_name##_func, \ 976 .progs = {}, \ 977 .num_progs = 0, \ 978 .image = NULL, \ 979 .image_off = 0, \ 980 .ksym = { \ 981 .name = #_name, \ 982 .lnode = LIST_HEAD_INIT(_name.ksym.lnode), \ 983 }, \ 984 } 985 986 #ifdef CONFIG_X86_64 987 #ifdef CONFIG_CALL_THUNKS 988 #define BPF_DISPATCHER_ATTRIBUTES __attribute__((patchable_function_entry(5+CONFIG_FUNCTION_PADDING_BYTES,CONFIG_FUNCTION_PADDING_BYTES))) 989 #else 990 #define BPF_DISPATCHER_ATTRIBUTES __attribute__((patchable_function_entry(5))) 991 #endif 992 #else 993 #define BPF_DISPATCHER_ATTRIBUTES 994 #endif 995 996 #define DEFINE_BPF_DISPATCHER(name) \ 997 notrace BPF_DISPATCHER_ATTRIBUTES \ 998 noinline __nocfi unsigned int bpf_dispatcher_##name##_func( \ 999 const void *ctx, \ 1000 const struct bpf_insn *insnsi, \ 1001 bpf_func_t bpf_func) \ 1002 { \ 1003 return bpf_func(ctx, insnsi); \ 1004 } \ 1005 EXPORT_SYMBOL(bpf_dispatcher_##name##_func); \ 1006 struct bpf_dispatcher bpf_dispatcher_##name = \ 1007 BPF_DISPATCHER_INIT(bpf_dispatcher_##name); 1008 #define DECLARE_BPF_DISPATCHER(name) \ 1009 unsigned int bpf_dispatcher_##name##_func( \ 1010 const void *ctx, \ 1011 const struct bpf_insn *insnsi, \ 1012 bpf_func_t bpf_func); \ 1013 extern struct bpf_dispatcher bpf_dispatcher_##name; 1014 #define BPF_DISPATCHER_FUNC(name) bpf_dispatcher_##name##_func 1015 #define BPF_DISPATCHER_PTR(name) (&bpf_dispatcher_##name) 1016 void bpf_dispatcher_change_prog(struct bpf_dispatcher *d, struct bpf_prog *from, 1017 struct bpf_prog *to); 1018 /* Called only from JIT-enabled code, so there's no need for stubs. */ 1019 void bpf_image_ksym_add(void *data, struct bpf_ksym *ksym); 1020 void bpf_image_ksym_del(struct bpf_ksym *ksym); 1021 void bpf_ksym_add(struct bpf_ksym *ksym); 1022 void bpf_ksym_del(struct bpf_ksym *ksym); 1023 int bpf_jit_charge_modmem(u32 size); 1024 void bpf_jit_uncharge_modmem(u32 size); 1025 bool bpf_prog_has_trampoline(const struct bpf_prog *prog); 1026 #else 1027 static inline int bpf_trampoline_link_prog(struct bpf_tramp_link *link, 1028 struct bpf_trampoline *tr) 1029 { 1030 return -ENOTSUPP; 1031 } 1032 static inline int bpf_trampoline_unlink_prog(struct bpf_tramp_link *link, 1033 struct bpf_trampoline *tr) 1034 { 1035 return -ENOTSUPP; 1036 } 1037 static inline struct bpf_trampoline *bpf_trampoline_get(u64 key, 1038 struct bpf_attach_target_info *tgt_info) 1039 { 1040 return ERR_PTR(-EOPNOTSUPP); 1041 } 1042 static inline void bpf_trampoline_put(struct bpf_trampoline *tr) {} 1043 #define DEFINE_BPF_DISPATCHER(name) 1044 #define DECLARE_BPF_DISPATCHER(name) 1045 #define BPF_DISPATCHER_FUNC(name) bpf_dispatcher_nop_func 1046 #define BPF_DISPATCHER_PTR(name) NULL 1047 static inline void bpf_dispatcher_change_prog(struct bpf_dispatcher *d, 1048 struct bpf_prog *from, 1049 struct bpf_prog *to) {} 1050 static inline bool is_bpf_image_address(unsigned long address) 1051 { 1052 return false; 1053 } 1054 static inline bool bpf_prog_has_trampoline(const struct bpf_prog *prog) 1055 { 1056 return false; 1057 } 1058 #endif 1059 1060 struct bpf_func_info_aux { 1061 u16 linkage; 1062 bool unreliable; 1063 }; 1064 1065 enum bpf_jit_poke_reason { 1066 BPF_POKE_REASON_TAIL_CALL, 1067 }; 1068 1069 /* Descriptor of pokes pointing /into/ the JITed image. */ 1070 struct bpf_jit_poke_descriptor { 1071 void *tailcall_target; 1072 void *tailcall_bypass; 1073 void *bypass_addr; 1074 void *aux; 1075 union { 1076 struct { 1077 struct bpf_map *map; 1078 u32 key; 1079 } tail_call; 1080 }; 1081 bool tailcall_target_stable; 1082 u8 adj_off; 1083 u16 reason; 1084 u32 insn_idx; 1085 }; 1086 1087 /* reg_type info for ctx arguments */ 1088 struct bpf_ctx_arg_aux { 1089 u32 offset; 1090 enum bpf_reg_type reg_type; 1091 u32 btf_id; 1092 }; 1093 1094 struct btf_mod_pair { 1095 struct btf *btf; 1096 struct module *module; 1097 }; 1098 1099 struct bpf_kfunc_desc_tab; 1100 1101 struct bpf_prog_aux { 1102 atomic64_t refcnt; 1103 u32 used_map_cnt; 1104 u32 used_btf_cnt; 1105 u32 max_ctx_offset; 1106 u32 max_pkt_offset; 1107 u32 max_tp_access; 1108 u32 stack_depth; 1109 u32 id; 1110 u32 func_cnt; /* used by non-func prog as the number of func progs */ 1111 u32 func_idx; /* 0 for non-func prog, the index in func array for func prog */ 1112 u32 attach_btf_id; /* in-kernel BTF type id to attach to */ 1113 u32 ctx_arg_info_size; 1114 u32 max_rdonly_access; 1115 u32 max_rdwr_access; 1116 struct btf *attach_btf; 1117 const struct bpf_ctx_arg_aux *ctx_arg_info; 1118 struct mutex dst_mutex; /* protects dst_* pointers below, *after* prog becomes visible */ 1119 struct bpf_prog *dst_prog; 1120 struct bpf_trampoline *dst_trampoline; 1121 enum bpf_prog_type saved_dst_prog_type; 1122 enum bpf_attach_type saved_dst_attach_type; 1123 bool verifier_zext; /* Zero extensions has been inserted by verifier. */ 1124 bool offload_requested; 1125 bool attach_btf_trace; /* true if attaching to BTF-enabled raw tp */ 1126 bool func_proto_unreliable; 1127 bool sleepable; 1128 bool tail_call_reachable; 1129 bool xdp_has_frags; 1130 /* BTF_KIND_FUNC_PROTO for valid attach_btf_id */ 1131 const struct btf_type *attach_func_proto; 1132 /* function name for valid attach_btf_id */ 1133 const char *attach_func_name; 1134 struct bpf_prog **func; 1135 void *jit_data; /* JIT specific data. arch dependent */ 1136 struct bpf_jit_poke_descriptor *poke_tab; 1137 struct bpf_kfunc_desc_tab *kfunc_tab; 1138 struct bpf_kfunc_btf_tab *kfunc_btf_tab; 1139 u32 size_poke_tab; 1140 struct bpf_ksym ksym; 1141 const struct bpf_prog_ops *ops; 1142 struct bpf_map **used_maps; 1143 struct mutex used_maps_mutex; /* mutex for used_maps and used_map_cnt */ 1144 struct btf_mod_pair *used_btfs; 1145 struct bpf_prog *prog; 1146 struct user_struct *user; 1147 u64 load_time; /* ns since boottime */ 1148 u32 verified_insns; 1149 int cgroup_atype; /* enum cgroup_bpf_attach_type */ 1150 struct bpf_map *cgroup_storage[MAX_BPF_CGROUP_STORAGE_TYPE]; 1151 char name[BPF_OBJ_NAME_LEN]; 1152 #ifdef CONFIG_SECURITY 1153 void *security; 1154 #endif 1155 struct bpf_prog_offload *offload; 1156 struct btf *btf; 1157 struct bpf_func_info *func_info; 1158 struct bpf_func_info_aux *func_info_aux; 1159 /* bpf_line_info loaded from userspace. linfo->insn_off 1160 * has the xlated insn offset. 1161 * Both the main and sub prog share the same linfo. 1162 * The subprog can access its first linfo by 1163 * using the linfo_idx. 1164 */ 1165 struct bpf_line_info *linfo; 1166 /* jited_linfo is the jited addr of the linfo. It has a 1167 * one to one mapping to linfo: 1168 * jited_linfo[i] is the jited addr for the linfo[i]->insn_off. 1169 * Both the main and sub prog share the same jited_linfo. 1170 * The subprog can access its first jited_linfo by 1171 * using the linfo_idx. 1172 */ 1173 void **jited_linfo; 1174 u32 func_info_cnt; 1175 u32 nr_linfo; 1176 /* subprog can use linfo_idx to access its first linfo and 1177 * jited_linfo. 1178 * main prog always has linfo_idx == 0 1179 */ 1180 u32 linfo_idx; 1181 u32 num_exentries; 1182 struct exception_table_entry *extable; 1183 union { 1184 struct work_struct work; 1185 struct rcu_head rcu; 1186 }; 1187 }; 1188 1189 struct bpf_prog { 1190 u16 pages; /* Number of allocated pages */ 1191 u16 jited:1, /* Is our filter JIT'ed? */ 1192 jit_requested:1,/* archs need to JIT the prog */ 1193 gpl_compatible:1, /* Is filter GPL compatible? */ 1194 cb_access:1, /* Is control block accessed? */ 1195 dst_needed:1, /* Do we need dst entry? */ 1196 blinding_requested:1, /* needs constant blinding */ 1197 blinded:1, /* Was blinded */ 1198 is_func:1, /* program is a bpf function */ 1199 kprobe_override:1, /* Do we override a kprobe? */ 1200 has_callchain_buf:1, /* callchain buffer allocated? */ 1201 enforce_expected_attach_type:1, /* Enforce expected_attach_type checking at attach time */ 1202 call_get_stack:1, /* Do we call bpf_get_stack() or bpf_get_stackid() */ 1203 call_get_func_ip:1, /* Do we call get_func_ip() */ 1204 tstamp_type_access:1; /* Accessed __sk_buff->tstamp_type */ 1205 enum bpf_prog_type type; /* Type of BPF program */ 1206 enum bpf_attach_type expected_attach_type; /* For some prog types */ 1207 u32 len; /* Number of filter blocks */ 1208 u32 jited_len; /* Size of jited insns in bytes */ 1209 u8 tag[BPF_TAG_SIZE]; 1210 struct bpf_prog_stats __percpu *stats; 1211 int __percpu *active; 1212 unsigned int (*bpf_func)(const void *ctx, 1213 const struct bpf_insn *insn); 1214 struct bpf_prog_aux *aux; /* Auxiliary fields */ 1215 struct sock_fprog_kern *orig_prog; /* Original BPF program */ 1216 /* Instructions for interpreter */ 1217 union { 1218 DECLARE_FLEX_ARRAY(struct sock_filter, insns); 1219 DECLARE_FLEX_ARRAY(struct bpf_insn, insnsi); 1220 }; 1221 }; 1222 1223 struct bpf_array_aux { 1224 /* Programs with direct jumps into programs part of this array. */ 1225 struct list_head poke_progs; 1226 struct bpf_map *map; 1227 struct mutex poke_mutex; 1228 struct work_struct work; 1229 }; 1230 1231 struct bpf_link { 1232 atomic64_t refcnt; 1233 u32 id; 1234 enum bpf_link_type type; 1235 const struct bpf_link_ops *ops; 1236 struct bpf_prog *prog; 1237 struct work_struct work; 1238 }; 1239 1240 struct bpf_link_ops { 1241 void (*release)(struct bpf_link *link); 1242 void (*dealloc)(struct bpf_link *link); 1243 int (*detach)(struct bpf_link *link); 1244 int (*update_prog)(struct bpf_link *link, struct bpf_prog *new_prog, 1245 struct bpf_prog *old_prog); 1246 void (*show_fdinfo)(const struct bpf_link *link, struct seq_file *seq); 1247 int (*fill_link_info)(const struct bpf_link *link, 1248 struct bpf_link_info *info); 1249 }; 1250 1251 struct bpf_tramp_link { 1252 struct bpf_link link; 1253 struct hlist_node tramp_hlist; 1254 u64 cookie; 1255 }; 1256 1257 struct bpf_shim_tramp_link { 1258 struct bpf_tramp_link link; 1259 struct bpf_trampoline *trampoline; 1260 }; 1261 1262 struct bpf_tracing_link { 1263 struct bpf_tramp_link link; 1264 enum bpf_attach_type attach_type; 1265 struct bpf_trampoline *trampoline; 1266 struct bpf_prog *tgt_prog; 1267 }; 1268 1269 struct bpf_link_primer { 1270 struct bpf_link *link; 1271 struct file *file; 1272 int fd; 1273 u32 id; 1274 }; 1275 1276 struct bpf_struct_ops_value; 1277 struct btf_member; 1278 1279 #define BPF_STRUCT_OPS_MAX_NR_MEMBERS 64 1280 struct bpf_struct_ops { 1281 const struct bpf_verifier_ops *verifier_ops; 1282 int (*init)(struct btf *btf); 1283 int (*check_member)(const struct btf_type *t, 1284 const struct btf_member *member); 1285 int (*init_member)(const struct btf_type *t, 1286 const struct btf_member *member, 1287 void *kdata, const void *udata); 1288 int (*reg)(void *kdata); 1289 void (*unreg)(void *kdata); 1290 const struct btf_type *type; 1291 const struct btf_type *value_type; 1292 const char *name; 1293 struct btf_func_model func_models[BPF_STRUCT_OPS_MAX_NR_MEMBERS]; 1294 u32 type_id; 1295 u32 value_id; 1296 }; 1297 1298 #if defined(CONFIG_BPF_JIT) && defined(CONFIG_BPF_SYSCALL) 1299 #define BPF_MODULE_OWNER ((void *)((0xeB9FUL << 2) + POISON_POINTER_DELTA)) 1300 const struct bpf_struct_ops *bpf_struct_ops_find(u32 type_id); 1301 void bpf_struct_ops_init(struct btf *btf, struct bpf_verifier_log *log); 1302 bool bpf_struct_ops_get(const void *kdata); 1303 void bpf_struct_ops_put(const void *kdata); 1304 int bpf_struct_ops_map_sys_lookup_elem(struct bpf_map *map, void *key, 1305 void *value); 1306 int bpf_struct_ops_prepare_trampoline(struct bpf_tramp_links *tlinks, 1307 struct bpf_tramp_link *link, 1308 const struct btf_func_model *model, 1309 void *image, void *image_end); 1310 static inline bool bpf_try_module_get(const void *data, struct module *owner) 1311 { 1312 if (owner == BPF_MODULE_OWNER) 1313 return bpf_struct_ops_get(data); 1314 else 1315 return try_module_get(owner); 1316 } 1317 static inline void bpf_module_put(const void *data, struct module *owner) 1318 { 1319 if (owner == BPF_MODULE_OWNER) 1320 bpf_struct_ops_put(data); 1321 else 1322 module_put(owner); 1323 } 1324 1325 #ifdef CONFIG_NET 1326 /* Define it here to avoid the use of forward declaration */ 1327 struct bpf_dummy_ops_state { 1328 int val; 1329 }; 1330 1331 struct bpf_dummy_ops { 1332 int (*test_1)(struct bpf_dummy_ops_state *cb); 1333 int (*test_2)(struct bpf_dummy_ops_state *cb, int a1, unsigned short a2, 1334 char a3, unsigned long a4); 1335 }; 1336 1337 int bpf_struct_ops_test_run(struct bpf_prog *prog, const union bpf_attr *kattr, 1338 union bpf_attr __user *uattr); 1339 #endif 1340 #else 1341 static inline const struct bpf_struct_ops *bpf_struct_ops_find(u32 type_id) 1342 { 1343 return NULL; 1344 } 1345 static inline void bpf_struct_ops_init(struct btf *btf, 1346 struct bpf_verifier_log *log) 1347 { 1348 } 1349 static inline bool bpf_try_module_get(const void *data, struct module *owner) 1350 { 1351 return try_module_get(owner); 1352 } 1353 static inline void bpf_module_put(const void *data, struct module *owner) 1354 { 1355 module_put(owner); 1356 } 1357 static inline int bpf_struct_ops_map_sys_lookup_elem(struct bpf_map *map, 1358 void *key, 1359 void *value) 1360 { 1361 return -EINVAL; 1362 } 1363 #endif 1364 1365 #if defined(CONFIG_CGROUP_BPF) && defined(CONFIG_BPF_LSM) 1366 int bpf_trampoline_link_cgroup_shim(struct bpf_prog *prog, 1367 int cgroup_atype); 1368 void bpf_trampoline_unlink_cgroup_shim(struct bpf_prog *prog); 1369 #else 1370 static inline int bpf_trampoline_link_cgroup_shim(struct bpf_prog *prog, 1371 int cgroup_atype) 1372 { 1373 return -EOPNOTSUPP; 1374 } 1375 static inline void bpf_trampoline_unlink_cgroup_shim(struct bpf_prog *prog) 1376 { 1377 } 1378 #endif 1379 1380 struct bpf_array { 1381 struct bpf_map map; 1382 u32 elem_size; 1383 u32 index_mask; 1384 struct bpf_array_aux *aux; 1385 union { 1386 char value[0] __aligned(8); 1387 void *ptrs[0] __aligned(8); 1388 void __percpu *pptrs[0] __aligned(8); 1389 }; 1390 }; 1391 1392 #define BPF_COMPLEXITY_LIMIT_INSNS 1000000 /* yes. 1M insns */ 1393 #define MAX_TAIL_CALL_CNT 33 1394 1395 /* Maximum number of loops for bpf_loop */ 1396 #define BPF_MAX_LOOPS BIT(23) 1397 1398 #define BPF_F_ACCESS_MASK (BPF_F_RDONLY | \ 1399 BPF_F_RDONLY_PROG | \ 1400 BPF_F_WRONLY | \ 1401 BPF_F_WRONLY_PROG) 1402 1403 #define BPF_MAP_CAN_READ BIT(0) 1404 #define BPF_MAP_CAN_WRITE BIT(1) 1405 1406 /* Maximum number of user-producer ring buffer samples that can be drained in 1407 * a call to bpf_user_ringbuf_drain(). 1408 */ 1409 #define BPF_MAX_USER_RINGBUF_SAMPLES (128 * 1024) 1410 1411 static inline u32 bpf_map_flags_to_cap(struct bpf_map *map) 1412 { 1413 u32 access_flags = map->map_flags & (BPF_F_RDONLY_PROG | BPF_F_WRONLY_PROG); 1414 1415 /* Combination of BPF_F_RDONLY_PROG | BPF_F_WRONLY_PROG is 1416 * not possible. 1417 */ 1418 if (access_flags & BPF_F_RDONLY_PROG) 1419 return BPF_MAP_CAN_READ; 1420 else if (access_flags & BPF_F_WRONLY_PROG) 1421 return BPF_MAP_CAN_WRITE; 1422 else 1423 return BPF_MAP_CAN_READ | BPF_MAP_CAN_WRITE; 1424 } 1425 1426 static inline bool bpf_map_flags_access_ok(u32 access_flags) 1427 { 1428 return (access_flags & (BPF_F_RDONLY_PROG | BPF_F_WRONLY_PROG)) != 1429 (BPF_F_RDONLY_PROG | BPF_F_WRONLY_PROG); 1430 } 1431 1432 struct bpf_event_entry { 1433 struct perf_event *event; 1434 struct file *perf_file; 1435 struct file *map_file; 1436 struct rcu_head rcu; 1437 }; 1438 1439 static inline bool map_type_contains_progs(struct bpf_map *map) 1440 { 1441 return map->map_type == BPF_MAP_TYPE_PROG_ARRAY || 1442 map->map_type == BPF_MAP_TYPE_DEVMAP || 1443 map->map_type == BPF_MAP_TYPE_CPUMAP; 1444 } 1445 1446 bool bpf_prog_map_compatible(struct bpf_map *map, const struct bpf_prog *fp); 1447 int bpf_prog_calc_tag(struct bpf_prog *fp); 1448 1449 const struct bpf_func_proto *bpf_get_trace_printk_proto(void); 1450 const struct bpf_func_proto *bpf_get_trace_vprintk_proto(void); 1451 1452 typedef unsigned long (*bpf_ctx_copy_t)(void *dst, const void *src, 1453 unsigned long off, unsigned long len); 1454 typedef u32 (*bpf_convert_ctx_access_t)(enum bpf_access_type type, 1455 const struct bpf_insn *src, 1456 struct bpf_insn *dst, 1457 struct bpf_prog *prog, 1458 u32 *target_size); 1459 1460 u64 bpf_event_output(struct bpf_map *map, u64 flags, void *meta, u64 meta_size, 1461 void *ctx, u64 ctx_size, bpf_ctx_copy_t ctx_copy); 1462 1463 /* an array of programs to be executed under rcu_lock. 1464 * 1465 * Typical usage: 1466 * ret = bpf_prog_run_array(rcu_dereference(&bpf_prog_array), ctx, bpf_prog_run); 1467 * 1468 * the structure returned by bpf_prog_array_alloc() should be populated 1469 * with program pointers and the last pointer must be NULL. 1470 * The user has to keep refcnt on the program and make sure the program 1471 * is removed from the array before bpf_prog_put(). 1472 * The 'struct bpf_prog_array *' should only be replaced with xchg() 1473 * since other cpus are walking the array of pointers in parallel. 1474 */ 1475 struct bpf_prog_array_item { 1476 struct bpf_prog *prog; 1477 union { 1478 struct bpf_cgroup_storage *cgroup_storage[MAX_BPF_CGROUP_STORAGE_TYPE]; 1479 u64 bpf_cookie; 1480 }; 1481 }; 1482 1483 struct bpf_prog_array { 1484 struct rcu_head rcu; 1485 struct bpf_prog_array_item items[]; 1486 }; 1487 1488 struct bpf_empty_prog_array { 1489 struct bpf_prog_array hdr; 1490 struct bpf_prog *null_prog; 1491 }; 1492 1493 /* to avoid allocating empty bpf_prog_array for cgroups that 1494 * don't have bpf program attached use one global 'bpf_empty_prog_array' 1495 * It will not be modified the caller of bpf_prog_array_alloc() 1496 * (since caller requested prog_cnt == 0) 1497 * that pointer should be 'freed' by bpf_prog_array_free() 1498 */ 1499 extern struct bpf_empty_prog_array bpf_empty_prog_array; 1500 1501 struct bpf_prog_array *bpf_prog_array_alloc(u32 prog_cnt, gfp_t flags); 1502 void bpf_prog_array_free(struct bpf_prog_array *progs); 1503 /* Use when traversal over the bpf_prog_array uses tasks_trace rcu */ 1504 void bpf_prog_array_free_sleepable(struct bpf_prog_array *progs); 1505 int bpf_prog_array_length(struct bpf_prog_array *progs); 1506 bool bpf_prog_array_is_empty(struct bpf_prog_array *array); 1507 int bpf_prog_array_copy_to_user(struct bpf_prog_array *progs, 1508 __u32 __user *prog_ids, u32 cnt); 1509 1510 void bpf_prog_array_delete_safe(struct bpf_prog_array *progs, 1511 struct bpf_prog *old_prog); 1512 int bpf_prog_array_delete_safe_at(struct bpf_prog_array *array, int index); 1513 int bpf_prog_array_update_at(struct bpf_prog_array *array, int index, 1514 struct bpf_prog *prog); 1515 int bpf_prog_array_copy_info(struct bpf_prog_array *array, 1516 u32 *prog_ids, u32 request_cnt, 1517 u32 *prog_cnt); 1518 int bpf_prog_array_copy(struct bpf_prog_array *old_array, 1519 struct bpf_prog *exclude_prog, 1520 struct bpf_prog *include_prog, 1521 u64 bpf_cookie, 1522 struct bpf_prog_array **new_array); 1523 1524 struct bpf_run_ctx {}; 1525 1526 struct bpf_cg_run_ctx { 1527 struct bpf_run_ctx run_ctx; 1528 const struct bpf_prog_array_item *prog_item; 1529 int retval; 1530 }; 1531 1532 struct bpf_trace_run_ctx { 1533 struct bpf_run_ctx run_ctx; 1534 u64 bpf_cookie; 1535 }; 1536 1537 struct bpf_tramp_run_ctx { 1538 struct bpf_run_ctx run_ctx; 1539 u64 bpf_cookie; 1540 struct bpf_run_ctx *saved_run_ctx; 1541 }; 1542 1543 static inline struct bpf_run_ctx *bpf_set_run_ctx(struct bpf_run_ctx *new_ctx) 1544 { 1545 struct bpf_run_ctx *old_ctx = NULL; 1546 1547 #ifdef CONFIG_BPF_SYSCALL 1548 old_ctx = current->bpf_ctx; 1549 current->bpf_ctx = new_ctx; 1550 #endif 1551 return old_ctx; 1552 } 1553 1554 static inline void bpf_reset_run_ctx(struct bpf_run_ctx *old_ctx) 1555 { 1556 #ifdef CONFIG_BPF_SYSCALL 1557 current->bpf_ctx = old_ctx; 1558 #endif 1559 } 1560 1561 /* BPF program asks to bypass CAP_NET_BIND_SERVICE in bind. */ 1562 #define BPF_RET_BIND_NO_CAP_NET_BIND_SERVICE (1 << 0) 1563 /* BPF program asks to set CN on the packet. */ 1564 #define BPF_RET_SET_CN (1 << 0) 1565 1566 typedef u32 (*bpf_prog_run_fn)(const struct bpf_prog *prog, const void *ctx); 1567 1568 static __always_inline u32 1569 bpf_prog_run_array(const struct bpf_prog_array *array, 1570 const void *ctx, bpf_prog_run_fn run_prog) 1571 { 1572 const struct bpf_prog_array_item *item; 1573 const struct bpf_prog *prog; 1574 struct bpf_run_ctx *old_run_ctx; 1575 struct bpf_trace_run_ctx run_ctx; 1576 u32 ret = 1; 1577 1578 RCU_LOCKDEP_WARN(!rcu_read_lock_held(), "no rcu lock held"); 1579 1580 if (unlikely(!array)) 1581 return ret; 1582 1583 migrate_disable(); 1584 old_run_ctx = bpf_set_run_ctx(&run_ctx.run_ctx); 1585 item = &array->items[0]; 1586 while ((prog = READ_ONCE(item->prog))) { 1587 run_ctx.bpf_cookie = item->bpf_cookie; 1588 ret &= run_prog(prog, ctx); 1589 item++; 1590 } 1591 bpf_reset_run_ctx(old_run_ctx); 1592 migrate_enable(); 1593 return ret; 1594 } 1595 1596 /* Notes on RCU design for bpf_prog_arrays containing sleepable programs: 1597 * 1598 * We use the tasks_trace rcu flavor read section to protect the bpf_prog_array 1599 * overall. As a result, we must use the bpf_prog_array_free_sleepable 1600 * in order to use the tasks_trace rcu grace period. 1601 * 1602 * When a non-sleepable program is inside the array, we take the rcu read 1603 * section and disable preemption for that program alone, so it can access 1604 * rcu-protected dynamically sized maps. 1605 */ 1606 static __always_inline u32 1607 bpf_prog_run_array_sleepable(const struct bpf_prog_array __rcu *array_rcu, 1608 const void *ctx, bpf_prog_run_fn run_prog) 1609 { 1610 const struct bpf_prog_array_item *item; 1611 const struct bpf_prog *prog; 1612 const struct bpf_prog_array *array; 1613 struct bpf_run_ctx *old_run_ctx; 1614 struct bpf_trace_run_ctx run_ctx; 1615 u32 ret = 1; 1616 1617 might_fault(); 1618 1619 rcu_read_lock_trace(); 1620 migrate_disable(); 1621 1622 array = rcu_dereference_check(array_rcu, rcu_read_lock_trace_held()); 1623 if (unlikely(!array)) 1624 goto out; 1625 old_run_ctx = bpf_set_run_ctx(&run_ctx.run_ctx); 1626 item = &array->items[0]; 1627 while ((prog = READ_ONCE(item->prog))) { 1628 if (!prog->aux->sleepable) 1629 rcu_read_lock(); 1630 1631 run_ctx.bpf_cookie = item->bpf_cookie; 1632 ret &= run_prog(prog, ctx); 1633 item++; 1634 1635 if (!prog->aux->sleepable) 1636 rcu_read_unlock(); 1637 } 1638 bpf_reset_run_ctx(old_run_ctx); 1639 out: 1640 migrate_enable(); 1641 rcu_read_unlock_trace(); 1642 return ret; 1643 } 1644 1645 #ifdef CONFIG_BPF_SYSCALL 1646 DECLARE_PER_CPU(int, bpf_prog_active); 1647 extern struct mutex bpf_stats_enabled_mutex; 1648 1649 /* 1650 * Block execution of BPF programs attached to instrumentation (perf, 1651 * kprobes, tracepoints) to prevent deadlocks on map operations as any of 1652 * these events can happen inside a region which holds a map bucket lock 1653 * and can deadlock on it. 1654 */ 1655 static inline void bpf_disable_instrumentation(void) 1656 { 1657 migrate_disable(); 1658 this_cpu_inc(bpf_prog_active); 1659 } 1660 1661 static inline void bpf_enable_instrumentation(void) 1662 { 1663 this_cpu_dec(bpf_prog_active); 1664 migrate_enable(); 1665 } 1666 1667 extern const struct file_operations bpf_map_fops; 1668 extern const struct file_operations bpf_prog_fops; 1669 extern const struct file_operations bpf_iter_fops; 1670 1671 #define BPF_PROG_TYPE(_id, _name, prog_ctx_type, kern_ctx_type) \ 1672 extern const struct bpf_prog_ops _name ## _prog_ops; \ 1673 extern const struct bpf_verifier_ops _name ## _verifier_ops; 1674 #define BPF_MAP_TYPE(_id, _ops) \ 1675 extern const struct bpf_map_ops _ops; 1676 #define BPF_LINK_TYPE(_id, _name) 1677 #include <linux/bpf_types.h> 1678 #undef BPF_PROG_TYPE 1679 #undef BPF_MAP_TYPE 1680 #undef BPF_LINK_TYPE 1681 1682 extern const struct bpf_prog_ops bpf_offload_prog_ops; 1683 extern const struct bpf_verifier_ops tc_cls_act_analyzer_ops; 1684 extern const struct bpf_verifier_ops xdp_analyzer_ops; 1685 1686 struct bpf_prog *bpf_prog_get(u32 ufd); 1687 struct bpf_prog *bpf_prog_get_type_dev(u32 ufd, enum bpf_prog_type type, 1688 bool attach_drv); 1689 void bpf_prog_add(struct bpf_prog *prog, int i); 1690 void bpf_prog_sub(struct bpf_prog *prog, int i); 1691 void bpf_prog_inc(struct bpf_prog *prog); 1692 struct bpf_prog * __must_check bpf_prog_inc_not_zero(struct bpf_prog *prog); 1693 void bpf_prog_put(struct bpf_prog *prog); 1694 1695 void bpf_prog_free_id(struct bpf_prog *prog, bool do_idr_lock); 1696 void bpf_map_free_id(struct bpf_map *map, bool do_idr_lock); 1697 1698 struct bpf_map_value_off_desc *bpf_map_kptr_off_contains(struct bpf_map *map, u32 offset); 1699 void bpf_map_free_kptr_off_tab(struct bpf_map *map); 1700 struct bpf_map_value_off *bpf_map_copy_kptr_off_tab(const struct bpf_map *map); 1701 bool bpf_map_equal_kptr_off_tab(const struct bpf_map *map_a, const struct bpf_map *map_b); 1702 void bpf_map_free_kptrs(struct bpf_map *map, void *map_value); 1703 1704 struct bpf_map *bpf_map_get(u32 ufd); 1705 struct bpf_map *bpf_map_get_with_uref(u32 ufd); 1706 struct bpf_map *__bpf_map_get(struct fd f); 1707 void bpf_map_inc(struct bpf_map *map); 1708 void bpf_map_inc_with_uref(struct bpf_map *map); 1709 struct bpf_map * __must_check bpf_map_inc_not_zero(struct bpf_map *map); 1710 void bpf_map_put_with_uref(struct bpf_map *map); 1711 void bpf_map_put(struct bpf_map *map); 1712 void *bpf_map_area_alloc(u64 size, int numa_node); 1713 void *bpf_map_area_mmapable_alloc(u64 size, int numa_node); 1714 void bpf_map_area_free(void *base); 1715 bool bpf_map_write_active(const struct bpf_map *map); 1716 void bpf_map_init_from_attr(struct bpf_map *map, union bpf_attr *attr); 1717 int generic_map_lookup_batch(struct bpf_map *map, 1718 const union bpf_attr *attr, 1719 union bpf_attr __user *uattr); 1720 int generic_map_update_batch(struct bpf_map *map, 1721 const union bpf_attr *attr, 1722 union bpf_attr __user *uattr); 1723 int generic_map_delete_batch(struct bpf_map *map, 1724 const union bpf_attr *attr, 1725 union bpf_attr __user *uattr); 1726 struct bpf_map *bpf_map_get_curr_or_next(u32 *id); 1727 struct bpf_prog *bpf_prog_get_curr_or_next(u32 *id); 1728 1729 #ifdef CONFIG_MEMCG_KMEM 1730 void *bpf_map_kmalloc_node(const struct bpf_map *map, size_t size, gfp_t flags, 1731 int node); 1732 void *bpf_map_kzalloc(const struct bpf_map *map, size_t size, gfp_t flags); 1733 void __percpu *bpf_map_alloc_percpu(const struct bpf_map *map, size_t size, 1734 size_t align, gfp_t flags); 1735 #else 1736 static inline void * 1737 bpf_map_kmalloc_node(const struct bpf_map *map, size_t size, gfp_t flags, 1738 int node) 1739 { 1740 return kmalloc_node(size, flags, node); 1741 } 1742 1743 static inline void * 1744 bpf_map_kzalloc(const struct bpf_map *map, size_t size, gfp_t flags) 1745 { 1746 return kzalloc(size, flags); 1747 } 1748 1749 static inline void __percpu * 1750 bpf_map_alloc_percpu(const struct bpf_map *map, size_t size, size_t align, 1751 gfp_t flags) 1752 { 1753 return __alloc_percpu_gfp(size, align, flags); 1754 } 1755 #endif 1756 1757 extern int sysctl_unprivileged_bpf_disabled; 1758 1759 static inline bool bpf_allow_ptr_leaks(void) 1760 { 1761 return perfmon_capable(); 1762 } 1763 1764 static inline bool bpf_allow_uninit_stack(void) 1765 { 1766 return perfmon_capable(); 1767 } 1768 1769 static inline bool bpf_allow_ptr_to_map_access(void) 1770 { 1771 return perfmon_capable(); 1772 } 1773 1774 static inline bool bpf_bypass_spec_v1(void) 1775 { 1776 return perfmon_capable(); 1777 } 1778 1779 static inline bool bpf_bypass_spec_v4(void) 1780 { 1781 return perfmon_capable(); 1782 } 1783 1784 int bpf_map_new_fd(struct bpf_map *map, int flags); 1785 int bpf_prog_new_fd(struct bpf_prog *prog); 1786 1787 void bpf_link_init(struct bpf_link *link, enum bpf_link_type type, 1788 const struct bpf_link_ops *ops, struct bpf_prog *prog); 1789 int bpf_link_prime(struct bpf_link *link, struct bpf_link_primer *primer); 1790 int bpf_link_settle(struct bpf_link_primer *primer); 1791 void bpf_link_cleanup(struct bpf_link_primer *primer); 1792 void bpf_link_inc(struct bpf_link *link); 1793 void bpf_link_put(struct bpf_link *link); 1794 int bpf_link_new_fd(struct bpf_link *link); 1795 struct file *bpf_link_new_file(struct bpf_link *link, int *reserved_fd); 1796 struct bpf_link *bpf_link_get_from_fd(u32 ufd); 1797 struct bpf_link *bpf_link_get_curr_or_next(u32 *id); 1798 1799 int bpf_obj_pin_user(u32 ufd, const char __user *pathname); 1800 int bpf_obj_get_user(const char __user *pathname, int flags); 1801 1802 #define BPF_ITER_FUNC_PREFIX "bpf_iter_" 1803 #define DEFINE_BPF_ITER_FUNC(target, args...) \ 1804 extern int bpf_iter_ ## target(args); \ 1805 int __init bpf_iter_ ## target(args) { return 0; } 1806 1807 /* 1808 * The task type of iterators. 1809 * 1810 * For BPF task iterators, they can be parameterized with various 1811 * parameters to visit only some of tasks. 1812 * 1813 * BPF_TASK_ITER_ALL (default) 1814 * Iterate over resources of every task. 1815 * 1816 * BPF_TASK_ITER_TID 1817 * Iterate over resources of a task/tid. 1818 * 1819 * BPF_TASK_ITER_TGID 1820 * Iterate over resources of every task of a process / task group. 1821 */ 1822 enum bpf_iter_task_type { 1823 BPF_TASK_ITER_ALL = 0, 1824 BPF_TASK_ITER_TID, 1825 BPF_TASK_ITER_TGID, 1826 }; 1827 1828 struct bpf_iter_aux_info { 1829 /* for map_elem iter */ 1830 struct bpf_map *map; 1831 1832 /* for cgroup iter */ 1833 struct { 1834 struct cgroup *start; /* starting cgroup */ 1835 enum bpf_cgroup_iter_order order; 1836 } cgroup; 1837 struct { 1838 enum bpf_iter_task_type type; 1839 u32 pid; 1840 } task; 1841 }; 1842 1843 typedef int (*bpf_iter_attach_target_t)(struct bpf_prog *prog, 1844 union bpf_iter_link_info *linfo, 1845 struct bpf_iter_aux_info *aux); 1846 typedef void (*bpf_iter_detach_target_t)(struct bpf_iter_aux_info *aux); 1847 typedef void (*bpf_iter_show_fdinfo_t) (const struct bpf_iter_aux_info *aux, 1848 struct seq_file *seq); 1849 typedef int (*bpf_iter_fill_link_info_t)(const struct bpf_iter_aux_info *aux, 1850 struct bpf_link_info *info); 1851 typedef const struct bpf_func_proto * 1852 (*bpf_iter_get_func_proto_t)(enum bpf_func_id func_id, 1853 const struct bpf_prog *prog); 1854 1855 enum bpf_iter_feature { 1856 BPF_ITER_RESCHED = BIT(0), 1857 }; 1858 1859 #define BPF_ITER_CTX_ARG_MAX 2 1860 struct bpf_iter_reg { 1861 const char *target; 1862 bpf_iter_attach_target_t attach_target; 1863 bpf_iter_detach_target_t detach_target; 1864 bpf_iter_show_fdinfo_t show_fdinfo; 1865 bpf_iter_fill_link_info_t fill_link_info; 1866 bpf_iter_get_func_proto_t get_func_proto; 1867 u32 ctx_arg_info_size; 1868 u32 feature; 1869 struct bpf_ctx_arg_aux ctx_arg_info[BPF_ITER_CTX_ARG_MAX]; 1870 const struct bpf_iter_seq_info *seq_info; 1871 }; 1872 1873 struct bpf_iter_meta { 1874 __bpf_md_ptr(struct seq_file *, seq); 1875 u64 session_id; 1876 u64 seq_num; 1877 }; 1878 1879 struct bpf_iter__bpf_map_elem { 1880 __bpf_md_ptr(struct bpf_iter_meta *, meta); 1881 __bpf_md_ptr(struct bpf_map *, map); 1882 __bpf_md_ptr(void *, key); 1883 __bpf_md_ptr(void *, value); 1884 }; 1885 1886 int bpf_iter_reg_target(const struct bpf_iter_reg *reg_info); 1887 void bpf_iter_unreg_target(const struct bpf_iter_reg *reg_info); 1888 bool bpf_iter_prog_supported(struct bpf_prog *prog); 1889 const struct bpf_func_proto * 1890 bpf_iter_get_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog); 1891 int bpf_iter_link_attach(const union bpf_attr *attr, bpfptr_t uattr, struct bpf_prog *prog); 1892 int bpf_iter_new_fd(struct bpf_link *link); 1893 bool bpf_link_is_iter(struct bpf_link *link); 1894 struct bpf_prog *bpf_iter_get_info(struct bpf_iter_meta *meta, bool in_stop); 1895 int bpf_iter_run_prog(struct bpf_prog *prog, void *ctx); 1896 void bpf_iter_map_show_fdinfo(const struct bpf_iter_aux_info *aux, 1897 struct seq_file *seq); 1898 int bpf_iter_map_fill_link_info(const struct bpf_iter_aux_info *aux, 1899 struct bpf_link_info *info); 1900 1901 int map_set_for_each_callback_args(struct bpf_verifier_env *env, 1902 struct bpf_func_state *caller, 1903 struct bpf_func_state *callee); 1904 1905 int bpf_percpu_hash_copy(struct bpf_map *map, void *key, void *value); 1906 int bpf_percpu_array_copy(struct bpf_map *map, void *key, void *value); 1907 int bpf_percpu_hash_update(struct bpf_map *map, void *key, void *value, 1908 u64 flags); 1909 int bpf_percpu_array_update(struct bpf_map *map, void *key, void *value, 1910 u64 flags); 1911 1912 int bpf_stackmap_copy(struct bpf_map *map, void *key, void *value); 1913 1914 int bpf_fd_array_map_update_elem(struct bpf_map *map, struct file *map_file, 1915 void *key, void *value, u64 map_flags); 1916 int bpf_fd_array_map_lookup_elem(struct bpf_map *map, void *key, u32 *value); 1917 int bpf_fd_htab_map_update_elem(struct bpf_map *map, struct file *map_file, 1918 void *key, void *value, u64 map_flags); 1919 int bpf_fd_htab_map_lookup_elem(struct bpf_map *map, void *key, u32 *value); 1920 1921 int bpf_get_file_flag(int flags); 1922 int bpf_check_uarg_tail_zero(bpfptr_t uaddr, size_t expected_size, 1923 size_t actual_size); 1924 1925 /* verify correctness of eBPF program */ 1926 int bpf_check(struct bpf_prog **fp, union bpf_attr *attr, bpfptr_t uattr); 1927 1928 #ifndef CONFIG_BPF_JIT_ALWAYS_ON 1929 void bpf_patch_call_args(struct bpf_insn *insn, u32 stack_depth); 1930 #endif 1931 1932 struct btf *bpf_get_btf_vmlinux(void); 1933 1934 /* Map specifics */ 1935 struct xdp_frame; 1936 struct sk_buff; 1937 struct bpf_dtab_netdev; 1938 struct bpf_cpu_map_entry; 1939 1940 void __dev_flush(void); 1941 int dev_xdp_enqueue(struct net_device *dev, struct xdp_frame *xdpf, 1942 struct net_device *dev_rx); 1943 int dev_map_enqueue(struct bpf_dtab_netdev *dst, struct xdp_frame *xdpf, 1944 struct net_device *dev_rx); 1945 int dev_map_enqueue_multi(struct xdp_frame *xdpf, struct net_device *dev_rx, 1946 struct bpf_map *map, bool exclude_ingress); 1947 int dev_map_generic_redirect(struct bpf_dtab_netdev *dst, struct sk_buff *skb, 1948 struct bpf_prog *xdp_prog); 1949 int dev_map_redirect_multi(struct net_device *dev, struct sk_buff *skb, 1950 struct bpf_prog *xdp_prog, struct bpf_map *map, 1951 bool exclude_ingress); 1952 1953 void __cpu_map_flush(void); 1954 int cpu_map_enqueue(struct bpf_cpu_map_entry *rcpu, struct xdp_frame *xdpf, 1955 struct net_device *dev_rx); 1956 int cpu_map_generic_redirect(struct bpf_cpu_map_entry *rcpu, 1957 struct sk_buff *skb); 1958 1959 /* Return map's numa specified by userspace */ 1960 static inline int bpf_map_attr_numa_node(const union bpf_attr *attr) 1961 { 1962 return (attr->map_flags & BPF_F_NUMA_NODE) ? 1963 attr->numa_node : NUMA_NO_NODE; 1964 } 1965 1966 struct bpf_prog *bpf_prog_get_type_path(const char *name, enum bpf_prog_type type); 1967 int array_map_alloc_check(union bpf_attr *attr); 1968 1969 int bpf_prog_test_run_xdp(struct bpf_prog *prog, const union bpf_attr *kattr, 1970 union bpf_attr __user *uattr); 1971 int bpf_prog_test_run_skb(struct bpf_prog *prog, const union bpf_attr *kattr, 1972 union bpf_attr __user *uattr); 1973 int bpf_prog_test_run_tracing(struct bpf_prog *prog, 1974 const union bpf_attr *kattr, 1975 union bpf_attr __user *uattr); 1976 int bpf_prog_test_run_flow_dissector(struct bpf_prog *prog, 1977 const union bpf_attr *kattr, 1978 union bpf_attr __user *uattr); 1979 int bpf_prog_test_run_raw_tp(struct bpf_prog *prog, 1980 const union bpf_attr *kattr, 1981 union bpf_attr __user *uattr); 1982 int bpf_prog_test_run_sk_lookup(struct bpf_prog *prog, 1983 const union bpf_attr *kattr, 1984 union bpf_attr __user *uattr); 1985 bool btf_ctx_access(int off, int size, enum bpf_access_type type, 1986 const struct bpf_prog *prog, 1987 struct bpf_insn_access_aux *info); 1988 1989 static inline bool bpf_tracing_ctx_access(int off, int size, 1990 enum bpf_access_type type) 1991 { 1992 if (off < 0 || off >= sizeof(__u64) * MAX_BPF_FUNC_ARGS) 1993 return false; 1994 if (type != BPF_READ) 1995 return false; 1996 if (off % size != 0) 1997 return false; 1998 return true; 1999 } 2000 2001 static inline bool bpf_tracing_btf_ctx_access(int off, int size, 2002 enum bpf_access_type type, 2003 const struct bpf_prog *prog, 2004 struct bpf_insn_access_aux *info) 2005 { 2006 if (!bpf_tracing_ctx_access(off, size, type)) 2007 return false; 2008 return btf_ctx_access(off, size, type, prog, info); 2009 } 2010 2011 int btf_struct_access(struct bpf_verifier_log *log, const struct btf *btf, 2012 const struct btf_type *t, int off, int size, 2013 enum bpf_access_type atype, 2014 u32 *next_btf_id, enum bpf_type_flag *flag); 2015 bool btf_struct_ids_match(struct bpf_verifier_log *log, 2016 const struct btf *btf, u32 id, int off, 2017 const struct btf *need_btf, u32 need_type_id, 2018 bool strict); 2019 2020 int btf_distill_func_proto(struct bpf_verifier_log *log, 2021 struct btf *btf, 2022 const struct btf_type *func_proto, 2023 const char *func_name, 2024 struct btf_func_model *m); 2025 2026 struct bpf_kfunc_arg_meta { 2027 u64 r0_size; 2028 bool r0_rdonly; 2029 int ref_obj_id; 2030 u32 flags; 2031 }; 2032 2033 struct bpf_reg_state; 2034 int btf_check_subprog_arg_match(struct bpf_verifier_env *env, int subprog, 2035 struct bpf_reg_state *regs); 2036 int btf_check_subprog_call(struct bpf_verifier_env *env, int subprog, 2037 struct bpf_reg_state *regs); 2038 int btf_check_kfunc_arg_match(struct bpf_verifier_env *env, 2039 const struct btf *btf, u32 func_id, 2040 struct bpf_reg_state *regs, 2041 struct bpf_kfunc_arg_meta *meta); 2042 int btf_prepare_func_args(struct bpf_verifier_env *env, int subprog, 2043 struct bpf_reg_state *reg); 2044 int btf_check_type_match(struct bpf_verifier_log *log, const struct bpf_prog *prog, 2045 struct btf *btf, const struct btf_type *t); 2046 2047 struct bpf_prog *bpf_prog_by_id(u32 id); 2048 struct bpf_link *bpf_link_by_id(u32 id); 2049 2050 const struct bpf_func_proto *bpf_base_func_proto(enum bpf_func_id func_id); 2051 void bpf_task_storage_free(struct task_struct *task); 2052 bool bpf_prog_has_kfunc_call(const struct bpf_prog *prog); 2053 const struct btf_func_model * 2054 bpf_jit_find_kfunc_model(const struct bpf_prog *prog, 2055 const struct bpf_insn *insn); 2056 struct bpf_core_ctx { 2057 struct bpf_verifier_log *log; 2058 const struct btf *btf; 2059 }; 2060 2061 int bpf_core_apply(struct bpf_core_ctx *ctx, const struct bpf_core_relo *relo, 2062 int relo_idx, void *insn); 2063 2064 static inline bool unprivileged_ebpf_enabled(void) 2065 { 2066 return !sysctl_unprivileged_bpf_disabled; 2067 } 2068 2069 /* Not all bpf prog type has the bpf_ctx. 2070 * For the bpf prog type that has initialized the bpf_ctx, 2071 * this function can be used to decide if a kernel function 2072 * is called by a bpf program. 2073 */ 2074 static inline bool has_current_bpf_ctx(void) 2075 { 2076 return !!current->bpf_ctx; 2077 } 2078 2079 void notrace bpf_prog_inc_misses_counter(struct bpf_prog *prog); 2080 #else /* !CONFIG_BPF_SYSCALL */ 2081 static inline struct bpf_prog *bpf_prog_get(u32 ufd) 2082 { 2083 return ERR_PTR(-EOPNOTSUPP); 2084 } 2085 2086 static inline struct bpf_prog *bpf_prog_get_type_dev(u32 ufd, 2087 enum bpf_prog_type type, 2088 bool attach_drv) 2089 { 2090 return ERR_PTR(-EOPNOTSUPP); 2091 } 2092 2093 static inline void bpf_prog_add(struct bpf_prog *prog, int i) 2094 { 2095 } 2096 2097 static inline void bpf_prog_sub(struct bpf_prog *prog, int i) 2098 { 2099 } 2100 2101 static inline void bpf_prog_put(struct bpf_prog *prog) 2102 { 2103 } 2104 2105 static inline void bpf_prog_inc(struct bpf_prog *prog) 2106 { 2107 } 2108 2109 static inline struct bpf_prog *__must_check 2110 bpf_prog_inc_not_zero(struct bpf_prog *prog) 2111 { 2112 return ERR_PTR(-EOPNOTSUPP); 2113 } 2114 2115 static inline void bpf_link_init(struct bpf_link *link, enum bpf_link_type type, 2116 const struct bpf_link_ops *ops, 2117 struct bpf_prog *prog) 2118 { 2119 } 2120 2121 static inline int bpf_link_prime(struct bpf_link *link, 2122 struct bpf_link_primer *primer) 2123 { 2124 return -EOPNOTSUPP; 2125 } 2126 2127 static inline int bpf_link_settle(struct bpf_link_primer *primer) 2128 { 2129 return -EOPNOTSUPP; 2130 } 2131 2132 static inline void bpf_link_cleanup(struct bpf_link_primer *primer) 2133 { 2134 } 2135 2136 static inline void bpf_link_inc(struct bpf_link *link) 2137 { 2138 } 2139 2140 static inline void bpf_link_put(struct bpf_link *link) 2141 { 2142 } 2143 2144 static inline int bpf_obj_get_user(const char __user *pathname, int flags) 2145 { 2146 return -EOPNOTSUPP; 2147 } 2148 2149 static inline void __dev_flush(void) 2150 { 2151 } 2152 2153 struct xdp_frame; 2154 struct bpf_dtab_netdev; 2155 struct bpf_cpu_map_entry; 2156 2157 static inline 2158 int dev_xdp_enqueue(struct net_device *dev, struct xdp_frame *xdpf, 2159 struct net_device *dev_rx) 2160 { 2161 return 0; 2162 } 2163 2164 static inline 2165 int dev_map_enqueue(struct bpf_dtab_netdev *dst, struct xdp_frame *xdpf, 2166 struct net_device *dev_rx) 2167 { 2168 return 0; 2169 } 2170 2171 static inline 2172 int dev_map_enqueue_multi(struct xdp_frame *xdpf, struct net_device *dev_rx, 2173 struct bpf_map *map, bool exclude_ingress) 2174 { 2175 return 0; 2176 } 2177 2178 struct sk_buff; 2179 2180 static inline int dev_map_generic_redirect(struct bpf_dtab_netdev *dst, 2181 struct sk_buff *skb, 2182 struct bpf_prog *xdp_prog) 2183 { 2184 return 0; 2185 } 2186 2187 static inline 2188 int dev_map_redirect_multi(struct net_device *dev, struct sk_buff *skb, 2189 struct bpf_prog *xdp_prog, struct bpf_map *map, 2190 bool exclude_ingress) 2191 { 2192 return 0; 2193 } 2194 2195 static inline void __cpu_map_flush(void) 2196 { 2197 } 2198 2199 static inline int cpu_map_enqueue(struct bpf_cpu_map_entry *rcpu, 2200 struct xdp_frame *xdpf, 2201 struct net_device *dev_rx) 2202 { 2203 return 0; 2204 } 2205 2206 static inline int cpu_map_generic_redirect(struct bpf_cpu_map_entry *rcpu, 2207 struct sk_buff *skb) 2208 { 2209 return -EOPNOTSUPP; 2210 } 2211 2212 static inline struct bpf_prog *bpf_prog_get_type_path(const char *name, 2213 enum bpf_prog_type type) 2214 { 2215 return ERR_PTR(-EOPNOTSUPP); 2216 } 2217 2218 static inline int bpf_prog_test_run_xdp(struct bpf_prog *prog, 2219 const union bpf_attr *kattr, 2220 union bpf_attr __user *uattr) 2221 { 2222 return -ENOTSUPP; 2223 } 2224 2225 static inline int bpf_prog_test_run_skb(struct bpf_prog *prog, 2226 const union bpf_attr *kattr, 2227 union bpf_attr __user *uattr) 2228 { 2229 return -ENOTSUPP; 2230 } 2231 2232 static inline int bpf_prog_test_run_tracing(struct bpf_prog *prog, 2233 const union bpf_attr *kattr, 2234 union bpf_attr __user *uattr) 2235 { 2236 return -ENOTSUPP; 2237 } 2238 2239 static inline int bpf_prog_test_run_flow_dissector(struct bpf_prog *prog, 2240 const union bpf_attr *kattr, 2241 union bpf_attr __user *uattr) 2242 { 2243 return -ENOTSUPP; 2244 } 2245 2246 static inline int bpf_prog_test_run_sk_lookup(struct bpf_prog *prog, 2247 const union bpf_attr *kattr, 2248 union bpf_attr __user *uattr) 2249 { 2250 return -ENOTSUPP; 2251 } 2252 2253 static inline void bpf_map_put(struct bpf_map *map) 2254 { 2255 } 2256 2257 static inline struct bpf_prog *bpf_prog_by_id(u32 id) 2258 { 2259 return ERR_PTR(-ENOTSUPP); 2260 } 2261 2262 static inline int btf_struct_access(struct bpf_verifier_log *log, 2263 const struct btf *btf, 2264 const struct btf_type *t, int off, int size, 2265 enum bpf_access_type atype, 2266 u32 *next_btf_id, enum bpf_type_flag *flag) 2267 { 2268 return -EACCES; 2269 } 2270 2271 static inline const struct bpf_func_proto * 2272 bpf_base_func_proto(enum bpf_func_id func_id) 2273 { 2274 return NULL; 2275 } 2276 2277 static inline void bpf_task_storage_free(struct task_struct *task) 2278 { 2279 } 2280 2281 static inline bool bpf_prog_has_kfunc_call(const struct bpf_prog *prog) 2282 { 2283 return false; 2284 } 2285 2286 static inline const struct btf_func_model * 2287 bpf_jit_find_kfunc_model(const struct bpf_prog *prog, 2288 const struct bpf_insn *insn) 2289 { 2290 return NULL; 2291 } 2292 2293 static inline bool unprivileged_ebpf_enabled(void) 2294 { 2295 return false; 2296 } 2297 2298 static inline bool has_current_bpf_ctx(void) 2299 { 2300 return false; 2301 } 2302 2303 static inline void bpf_prog_inc_misses_counter(struct bpf_prog *prog) 2304 { 2305 } 2306 #endif /* CONFIG_BPF_SYSCALL */ 2307 2308 void __bpf_free_used_btfs(struct bpf_prog_aux *aux, 2309 struct btf_mod_pair *used_btfs, u32 len); 2310 2311 static inline struct bpf_prog *bpf_prog_get_type(u32 ufd, 2312 enum bpf_prog_type type) 2313 { 2314 return bpf_prog_get_type_dev(ufd, type, false); 2315 } 2316 2317 void __bpf_free_used_maps(struct bpf_prog_aux *aux, 2318 struct bpf_map **used_maps, u32 len); 2319 2320 bool bpf_prog_get_ok(struct bpf_prog *, enum bpf_prog_type *, bool); 2321 2322 int bpf_prog_offload_compile(struct bpf_prog *prog); 2323 void bpf_prog_offload_destroy(struct bpf_prog *prog); 2324 int bpf_prog_offload_info_fill(struct bpf_prog_info *info, 2325 struct bpf_prog *prog); 2326 2327 int bpf_map_offload_info_fill(struct bpf_map_info *info, struct bpf_map *map); 2328 2329 int bpf_map_offload_lookup_elem(struct bpf_map *map, void *key, void *value); 2330 int bpf_map_offload_update_elem(struct bpf_map *map, 2331 void *key, void *value, u64 flags); 2332 int bpf_map_offload_delete_elem(struct bpf_map *map, void *key); 2333 int bpf_map_offload_get_next_key(struct bpf_map *map, 2334 void *key, void *next_key); 2335 2336 bool bpf_offload_prog_map_match(struct bpf_prog *prog, struct bpf_map *map); 2337 2338 struct bpf_offload_dev * 2339 bpf_offload_dev_create(const struct bpf_prog_offload_ops *ops, void *priv); 2340 void bpf_offload_dev_destroy(struct bpf_offload_dev *offdev); 2341 void *bpf_offload_dev_priv(struct bpf_offload_dev *offdev); 2342 int bpf_offload_dev_netdev_register(struct bpf_offload_dev *offdev, 2343 struct net_device *netdev); 2344 void bpf_offload_dev_netdev_unregister(struct bpf_offload_dev *offdev, 2345 struct net_device *netdev); 2346 bool bpf_offload_dev_match(struct bpf_prog *prog, struct net_device *netdev); 2347 2348 void unpriv_ebpf_notify(int new_state); 2349 2350 #if defined(CONFIG_NET) && defined(CONFIG_BPF_SYSCALL) 2351 int bpf_prog_offload_init(struct bpf_prog *prog, union bpf_attr *attr); 2352 2353 static inline bool bpf_prog_is_dev_bound(const struct bpf_prog_aux *aux) 2354 { 2355 return aux->offload_requested; 2356 } 2357 2358 static inline bool bpf_map_is_dev_bound(struct bpf_map *map) 2359 { 2360 return unlikely(map->ops == &bpf_map_offload_ops); 2361 } 2362 2363 struct bpf_map *bpf_map_offload_map_alloc(union bpf_attr *attr); 2364 void bpf_map_offload_map_free(struct bpf_map *map); 2365 int bpf_prog_test_run_syscall(struct bpf_prog *prog, 2366 const union bpf_attr *kattr, 2367 union bpf_attr __user *uattr); 2368 2369 int sock_map_get_from_fd(const union bpf_attr *attr, struct bpf_prog *prog); 2370 int sock_map_prog_detach(const union bpf_attr *attr, enum bpf_prog_type ptype); 2371 int sock_map_update_elem_sys(struct bpf_map *map, void *key, void *value, u64 flags); 2372 int sock_map_bpf_prog_query(const union bpf_attr *attr, 2373 union bpf_attr __user *uattr); 2374 2375 void sock_map_unhash(struct sock *sk); 2376 void sock_map_destroy(struct sock *sk); 2377 void sock_map_close(struct sock *sk, long timeout); 2378 #else 2379 static inline int bpf_prog_offload_init(struct bpf_prog *prog, 2380 union bpf_attr *attr) 2381 { 2382 return -EOPNOTSUPP; 2383 } 2384 2385 static inline bool bpf_prog_is_dev_bound(struct bpf_prog_aux *aux) 2386 { 2387 return false; 2388 } 2389 2390 static inline bool bpf_map_is_dev_bound(struct bpf_map *map) 2391 { 2392 return false; 2393 } 2394 2395 static inline struct bpf_map *bpf_map_offload_map_alloc(union bpf_attr *attr) 2396 { 2397 return ERR_PTR(-EOPNOTSUPP); 2398 } 2399 2400 static inline void bpf_map_offload_map_free(struct bpf_map *map) 2401 { 2402 } 2403 2404 static inline int bpf_prog_test_run_syscall(struct bpf_prog *prog, 2405 const union bpf_attr *kattr, 2406 union bpf_attr __user *uattr) 2407 { 2408 return -ENOTSUPP; 2409 } 2410 2411 #ifdef CONFIG_BPF_SYSCALL 2412 static inline int sock_map_get_from_fd(const union bpf_attr *attr, 2413 struct bpf_prog *prog) 2414 { 2415 return -EINVAL; 2416 } 2417 2418 static inline int sock_map_prog_detach(const union bpf_attr *attr, 2419 enum bpf_prog_type ptype) 2420 { 2421 return -EOPNOTSUPP; 2422 } 2423 2424 static inline int sock_map_update_elem_sys(struct bpf_map *map, void *key, void *value, 2425 u64 flags) 2426 { 2427 return -EOPNOTSUPP; 2428 } 2429 2430 static inline int sock_map_bpf_prog_query(const union bpf_attr *attr, 2431 union bpf_attr __user *uattr) 2432 { 2433 return -EINVAL; 2434 } 2435 #endif /* CONFIG_BPF_SYSCALL */ 2436 #endif /* CONFIG_NET && CONFIG_BPF_SYSCALL */ 2437 2438 #if defined(CONFIG_INET) && defined(CONFIG_BPF_SYSCALL) 2439 void bpf_sk_reuseport_detach(struct sock *sk); 2440 int bpf_fd_reuseport_array_lookup_elem(struct bpf_map *map, void *key, 2441 void *value); 2442 int bpf_fd_reuseport_array_update_elem(struct bpf_map *map, void *key, 2443 void *value, u64 map_flags); 2444 #else 2445 static inline void bpf_sk_reuseport_detach(struct sock *sk) 2446 { 2447 } 2448 2449 #ifdef CONFIG_BPF_SYSCALL 2450 static inline int bpf_fd_reuseport_array_lookup_elem(struct bpf_map *map, 2451 void *key, void *value) 2452 { 2453 return -EOPNOTSUPP; 2454 } 2455 2456 static inline int bpf_fd_reuseport_array_update_elem(struct bpf_map *map, 2457 void *key, void *value, 2458 u64 map_flags) 2459 { 2460 return -EOPNOTSUPP; 2461 } 2462 #endif /* CONFIG_BPF_SYSCALL */ 2463 #endif /* defined(CONFIG_INET) && defined(CONFIG_BPF_SYSCALL) */ 2464 2465 /* verifier prototypes for helper functions called from eBPF programs */ 2466 extern const struct bpf_func_proto bpf_map_lookup_elem_proto; 2467 extern const struct bpf_func_proto bpf_map_update_elem_proto; 2468 extern const struct bpf_func_proto bpf_map_delete_elem_proto; 2469 extern const struct bpf_func_proto bpf_map_push_elem_proto; 2470 extern const struct bpf_func_proto bpf_map_pop_elem_proto; 2471 extern const struct bpf_func_proto bpf_map_peek_elem_proto; 2472 extern const struct bpf_func_proto bpf_map_lookup_percpu_elem_proto; 2473 2474 extern const struct bpf_func_proto bpf_get_prandom_u32_proto; 2475 extern const struct bpf_func_proto bpf_get_smp_processor_id_proto; 2476 extern const struct bpf_func_proto bpf_get_numa_node_id_proto; 2477 extern const struct bpf_func_proto bpf_tail_call_proto; 2478 extern const struct bpf_func_proto bpf_ktime_get_ns_proto; 2479 extern const struct bpf_func_proto bpf_ktime_get_boot_ns_proto; 2480 extern const struct bpf_func_proto bpf_ktime_get_tai_ns_proto; 2481 extern const struct bpf_func_proto bpf_get_current_pid_tgid_proto; 2482 extern const struct bpf_func_proto bpf_get_current_uid_gid_proto; 2483 extern const struct bpf_func_proto bpf_get_current_comm_proto; 2484 extern const struct bpf_func_proto bpf_get_stackid_proto; 2485 extern const struct bpf_func_proto bpf_get_stack_proto; 2486 extern const struct bpf_func_proto bpf_get_task_stack_proto; 2487 extern const struct bpf_func_proto bpf_get_stackid_proto_pe; 2488 extern const struct bpf_func_proto bpf_get_stack_proto_pe; 2489 extern const struct bpf_func_proto bpf_sock_map_update_proto; 2490 extern const struct bpf_func_proto bpf_sock_hash_update_proto; 2491 extern const struct bpf_func_proto bpf_get_current_cgroup_id_proto; 2492 extern const struct bpf_func_proto bpf_get_current_ancestor_cgroup_id_proto; 2493 extern const struct bpf_func_proto bpf_get_cgroup_classid_curr_proto; 2494 extern const struct bpf_func_proto bpf_msg_redirect_hash_proto; 2495 extern const struct bpf_func_proto bpf_msg_redirect_map_proto; 2496 extern const struct bpf_func_proto bpf_sk_redirect_hash_proto; 2497 extern const struct bpf_func_proto bpf_sk_redirect_map_proto; 2498 extern const struct bpf_func_proto bpf_spin_lock_proto; 2499 extern const struct bpf_func_proto bpf_spin_unlock_proto; 2500 extern const struct bpf_func_proto bpf_get_local_storage_proto; 2501 extern const struct bpf_func_proto bpf_strtol_proto; 2502 extern const struct bpf_func_proto bpf_strtoul_proto; 2503 extern const struct bpf_func_proto bpf_tcp_sock_proto; 2504 extern const struct bpf_func_proto bpf_jiffies64_proto; 2505 extern const struct bpf_func_proto bpf_get_ns_current_pid_tgid_proto; 2506 extern const struct bpf_func_proto bpf_event_output_data_proto; 2507 extern const struct bpf_func_proto bpf_ringbuf_output_proto; 2508 extern const struct bpf_func_proto bpf_ringbuf_reserve_proto; 2509 extern const struct bpf_func_proto bpf_ringbuf_submit_proto; 2510 extern const struct bpf_func_proto bpf_ringbuf_discard_proto; 2511 extern const struct bpf_func_proto bpf_ringbuf_query_proto; 2512 extern const struct bpf_func_proto bpf_ringbuf_reserve_dynptr_proto; 2513 extern const struct bpf_func_proto bpf_ringbuf_submit_dynptr_proto; 2514 extern const struct bpf_func_proto bpf_ringbuf_discard_dynptr_proto; 2515 extern const struct bpf_func_proto bpf_skc_to_tcp6_sock_proto; 2516 extern const struct bpf_func_proto bpf_skc_to_tcp_sock_proto; 2517 extern const struct bpf_func_proto bpf_skc_to_tcp_timewait_sock_proto; 2518 extern const struct bpf_func_proto bpf_skc_to_tcp_request_sock_proto; 2519 extern const struct bpf_func_proto bpf_skc_to_udp6_sock_proto; 2520 extern const struct bpf_func_proto bpf_skc_to_unix_sock_proto; 2521 extern const struct bpf_func_proto bpf_skc_to_mptcp_sock_proto; 2522 extern const struct bpf_func_proto bpf_copy_from_user_proto; 2523 extern const struct bpf_func_proto bpf_snprintf_btf_proto; 2524 extern const struct bpf_func_proto bpf_snprintf_proto; 2525 extern const struct bpf_func_proto bpf_per_cpu_ptr_proto; 2526 extern const struct bpf_func_proto bpf_this_cpu_ptr_proto; 2527 extern const struct bpf_func_proto bpf_ktime_get_coarse_ns_proto; 2528 extern const struct bpf_func_proto bpf_sock_from_file_proto; 2529 extern const struct bpf_func_proto bpf_get_socket_ptr_cookie_proto; 2530 extern const struct bpf_func_proto bpf_task_storage_get_proto; 2531 extern const struct bpf_func_proto bpf_task_storage_delete_proto; 2532 extern const struct bpf_func_proto bpf_for_each_map_elem_proto; 2533 extern const struct bpf_func_proto bpf_btf_find_by_name_kind_proto; 2534 extern const struct bpf_func_proto bpf_sk_setsockopt_proto; 2535 extern const struct bpf_func_proto bpf_sk_getsockopt_proto; 2536 extern const struct bpf_func_proto bpf_unlocked_sk_setsockopt_proto; 2537 extern const struct bpf_func_proto bpf_unlocked_sk_getsockopt_proto; 2538 extern const struct bpf_func_proto bpf_find_vma_proto; 2539 extern const struct bpf_func_proto bpf_loop_proto; 2540 extern const struct bpf_func_proto bpf_copy_from_user_task_proto; 2541 extern const struct bpf_func_proto bpf_set_retval_proto; 2542 extern const struct bpf_func_proto bpf_get_retval_proto; 2543 extern const struct bpf_func_proto bpf_user_ringbuf_drain_proto; 2544 2545 const struct bpf_func_proto *tracing_prog_func_proto( 2546 enum bpf_func_id func_id, const struct bpf_prog *prog); 2547 2548 /* Shared helpers among cBPF and eBPF. */ 2549 void bpf_user_rnd_init_once(void); 2550 u64 bpf_user_rnd_u32(u64 r1, u64 r2, u64 r3, u64 r4, u64 r5); 2551 u64 bpf_get_raw_cpu_id(u64 r1, u64 r2, u64 r3, u64 r4, u64 r5); 2552 2553 #if defined(CONFIG_NET) 2554 bool bpf_sock_common_is_valid_access(int off, int size, 2555 enum bpf_access_type type, 2556 struct bpf_insn_access_aux *info); 2557 bool bpf_sock_is_valid_access(int off, int size, enum bpf_access_type type, 2558 struct bpf_insn_access_aux *info); 2559 u32 bpf_sock_convert_ctx_access(enum bpf_access_type type, 2560 const struct bpf_insn *si, 2561 struct bpf_insn *insn_buf, 2562 struct bpf_prog *prog, 2563 u32 *target_size); 2564 #else 2565 static inline bool bpf_sock_common_is_valid_access(int off, int size, 2566 enum bpf_access_type type, 2567 struct bpf_insn_access_aux *info) 2568 { 2569 return false; 2570 } 2571 static inline bool bpf_sock_is_valid_access(int off, int size, 2572 enum bpf_access_type type, 2573 struct bpf_insn_access_aux *info) 2574 { 2575 return false; 2576 } 2577 static inline u32 bpf_sock_convert_ctx_access(enum bpf_access_type type, 2578 const struct bpf_insn *si, 2579 struct bpf_insn *insn_buf, 2580 struct bpf_prog *prog, 2581 u32 *target_size) 2582 { 2583 return 0; 2584 } 2585 #endif 2586 2587 #ifdef CONFIG_INET 2588 struct sk_reuseport_kern { 2589 struct sk_buff *skb; 2590 struct sock *sk; 2591 struct sock *selected_sk; 2592 struct sock *migrating_sk; 2593 void *data_end; 2594 u32 hash; 2595 u32 reuseport_id; 2596 bool bind_inany; 2597 }; 2598 bool bpf_tcp_sock_is_valid_access(int off, int size, enum bpf_access_type type, 2599 struct bpf_insn_access_aux *info); 2600 2601 u32 bpf_tcp_sock_convert_ctx_access(enum bpf_access_type type, 2602 const struct bpf_insn *si, 2603 struct bpf_insn *insn_buf, 2604 struct bpf_prog *prog, 2605 u32 *target_size); 2606 2607 bool bpf_xdp_sock_is_valid_access(int off, int size, enum bpf_access_type type, 2608 struct bpf_insn_access_aux *info); 2609 2610 u32 bpf_xdp_sock_convert_ctx_access(enum bpf_access_type type, 2611 const struct bpf_insn *si, 2612 struct bpf_insn *insn_buf, 2613 struct bpf_prog *prog, 2614 u32 *target_size); 2615 #else 2616 static inline bool bpf_tcp_sock_is_valid_access(int off, int size, 2617 enum bpf_access_type type, 2618 struct bpf_insn_access_aux *info) 2619 { 2620 return false; 2621 } 2622 2623 static inline u32 bpf_tcp_sock_convert_ctx_access(enum bpf_access_type type, 2624 const struct bpf_insn *si, 2625 struct bpf_insn *insn_buf, 2626 struct bpf_prog *prog, 2627 u32 *target_size) 2628 { 2629 return 0; 2630 } 2631 static inline bool bpf_xdp_sock_is_valid_access(int off, int size, 2632 enum bpf_access_type type, 2633 struct bpf_insn_access_aux *info) 2634 { 2635 return false; 2636 } 2637 2638 static inline u32 bpf_xdp_sock_convert_ctx_access(enum bpf_access_type type, 2639 const struct bpf_insn *si, 2640 struct bpf_insn *insn_buf, 2641 struct bpf_prog *prog, 2642 u32 *target_size) 2643 { 2644 return 0; 2645 } 2646 #endif /* CONFIG_INET */ 2647 2648 enum bpf_text_poke_type { 2649 BPF_MOD_CALL, 2650 BPF_MOD_JUMP, 2651 }; 2652 2653 int bpf_arch_text_poke(void *ip, enum bpf_text_poke_type t, 2654 void *addr1, void *addr2); 2655 2656 void *bpf_arch_text_copy(void *dst, void *src, size_t len); 2657 int bpf_arch_text_invalidate(void *dst, size_t len); 2658 2659 struct btf_id_set; 2660 bool btf_id_set_contains(const struct btf_id_set *set, u32 id); 2661 2662 #define MAX_BPRINTF_VARARGS 12 2663 2664 int bpf_bprintf_prepare(char *fmt, u32 fmt_size, const u64 *raw_args, 2665 u32 **bin_buf, u32 num_args); 2666 void bpf_bprintf_cleanup(void); 2667 2668 /* the implementation of the opaque uapi struct bpf_dynptr */ 2669 struct bpf_dynptr_kern { 2670 void *data; 2671 /* Size represents the number of usable bytes of dynptr data. 2672 * If for example the offset is at 4 for a local dynptr whose data is 2673 * of type u64, the number of usable bytes is 4. 2674 * 2675 * The upper 8 bits are reserved. It is as follows: 2676 * Bits 0 - 23 = size 2677 * Bits 24 - 30 = dynptr type 2678 * Bit 31 = whether dynptr is read-only 2679 */ 2680 u32 size; 2681 u32 offset; 2682 } __aligned(8); 2683 2684 enum bpf_dynptr_type { 2685 BPF_DYNPTR_TYPE_INVALID, 2686 /* Points to memory that is local to the bpf program */ 2687 BPF_DYNPTR_TYPE_LOCAL, 2688 /* Underlying data is a kernel-produced ringbuf record */ 2689 BPF_DYNPTR_TYPE_RINGBUF, 2690 }; 2691 2692 void bpf_dynptr_init(struct bpf_dynptr_kern *ptr, void *data, 2693 enum bpf_dynptr_type type, u32 offset, u32 size); 2694 void bpf_dynptr_set_null(struct bpf_dynptr_kern *ptr); 2695 int bpf_dynptr_check_size(u32 size); 2696 u32 bpf_dynptr_get_size(struct bpf_dynptr_kern *ptr); 2697 2698 #ifdef CONFIG_BPF_LSM 2699 void bpf_cgroup_atype_get(u32 attach_btf_id, int cgroup_atype); 2700 void bpf_cgroup_atype_put(int cgroup_atype); 2701 #else 2702 static inline void bpf_cgroup_atype_get(u32 attach_btf_id, int cgroup_atype) {} 2703 static inline void bpf_cgroup_atype_put(int cgroup_atype) {} 2704 #endif /* CONFIG_BPF_LSM */ 2705 2706 struct key; 2707 2708 #ifdef CONFIG_KEYS 2709 struct bpf_key { 2710 struct key *key; 2711 bool has_ref; 2712 }; 2713 #endif /* CONFIG_KEYS */ 2714 #endif /* _LINUX_BPF_H */ 2715