include/linux/bpf-cgroup-defs.h

   1 /* SPDX-License-Identifier: GPL-2.0 */
   2 #ifndef _BPF_CGROUP_DEFS_H
   3 #define _BPF_CGROUP_DEFS_H
   4
   5 #ifdef CONFIG_CGROUP_BPF
   6
   7 #include <linux/list.h>
   8 #include <linux/percpu-refcount.h>
   9 #include <linux/workqueue.h>
  10
  11 struct bpf_prog_array;
  12
  13 #ifdef CONFIG_BPF_LSM
  14 /* Maximum number of concurrently attachable per-cgroup LSM hooks. */
  15 #define CGROUP_LSM_NUM 10
  16 #else
  17 #define CGROUP_LSM_NUM 0
  18 #endif
  19
  20 enum cgroup_bpf_attach_type {
  21         CGROUP_BPF_ATTACH_TYPE_INVALID = -1,
  22         CGROUP_INET_INGRESS = 0,
  23         CGROUP_INET_EGRESS,
  24         CGROUP_INET_SOCK_CREATE,
  25         CGROUP_SOCK_OPS,
  26         CGROUP_DEVICE,
  27         CGROUP_INET4_BIND,
  28         CGROUP_INET6_BIND,
  29         CGROUP_INET4_CONNECT,
  30         CGROUP_INET6_CONNECT,
  31         CGROUP_UNIX_CONNECT,
  32         CGROUP_INET4_POST_BIND,
  33         CGROUP_INET6_POST_BIND,
  34         CGROUP_UDP4_SENDMSG,
  35         CGROUP_UDP6_SENDMSG,
  36         CGROUP_UNIX_SENDMSG,
  37         CGROUP_SYSCTL,
  38         CGROUP_UDP4_RECVMSG,
  39         CGROUP_UDP6_RECVMSG,
  40         CGROUP_UNIX_RECVMSG,
  41         CGROUP_GETSOCKOPT,
  42         CGROUP_SETSOCKOPT,
  43         CGROUP_INET4_GETPEERNAME,
  44         CGROUP_INET6_GETPEERNAME,
  45         CGROUP_UNIX_GETPEERNAME,
  46         CGROUP_INET4_GETSOCKNAME,
  47         CGROUP_INET6_GETSOCKNAME,
  48         CGROUP_UNIX_GETSOCKNAME,
  49         CGROUP_INET_SOCK_RELEASE,
  50         CGROUP_LSM_START,
  51         CGROUP_LSM_END = CGROUP_LSM_START + CGROUP_LSM_NUM - 1,
  52         MAX_CGROUP_BPF_ATTACH_TYPE
  53 };
  54
  55 struct cgroup_bpf {
  56         /* array of effective progs in this cgroup */
  57         struct bpf_prog_array __rcu *effective[MAX_CGROUP_BPF_ATTACH_TYPE];
  58
  59         /* attached progs to this cgroup and attach flags
  60          * when flags == 0 or BPF_F_ALLOW_OVERRIDE the progs list will
  61          * have either zero or one element
  62          * when BPF_F_ALLOW_MULTI the list can have up to BPF_CGROUP_MAX_PROGS
  63          */
  64         struct hlist_head progs[MAX_CGROUP_BPF_ATTACH_TYPE];
  65         u8 flags[MAX_CGROUP_BPF_ATTACH_TYPE];
  66
  67         /* list of cgroup shared storages */
  68         struct list_head storages;
  69
  70         /* temp storage for effective prog array used by prog_attach/detach */
  71         struct bpf_prog_array *inactive;
  72
  73         /* reference counter used to detach bpf programs after cgroup removal */
  74         struct percpu_ref refcnt;
  75
  76         /* cgroup_bpf is released using a work queue */
  77         struct work_struct release_work;
  78 };
  79
  80 #else /* CONFIG_CGROUP_BPF */
  81 struct cgroup_bpf {};
  82 #endif /* CONFIG_CGROUP_BPF */
  83
  84 #endif