| Jakub Kicinski | fd1740b | 2021-12-15 18:55:38 -0800 | [diff] [blame] | 1 | /* SPDX-License-Identifier: GPL-2.0 */ |
| 2 | #ifndef _BPF_CGROUP_DEFS_H |
| 3 | #define _BPF_CGROUP_DEFS_H |
| 4 | |
| 5 | #ifdef CONFIG_CGROUP_BPF |
| 6 | |
| 7 | #include <linux/list.h> |
| 8 | #include <linux/percpu-refcount.h> |
| 9 | #include <linux/workqueue.h> |
| 10 | |
| 11 | struct bpf_prog_array; |
| 12 | |
| Stanislav Fomichev | 69fd337 | 2022-06-28 10:43:06 -0700 | [diff] [blame^] | 13 | #ifdef CONFIG_BPF_LSM |
| 14 | #define CGROUP_LSM_NUM 211 /* will be addressed in the next patch */ |
| 15 | #else |
| 16 | #define CGROUP_LSM_NUM 0 |
| 17 | #endif |
| 18 | |
| Jakub Kicinski | fd1740b | 2021-12-15 18:55:38 -0800 | [diff] [blame] | 19 | enum cgroup_bpf_attach_type { |
| 20 | CGROUP_BPF_ATTACH_TYPE_INVALID = -1, |
| 21 | CGROUP_INET_INGRESS = 0, |
| 22 | CGROUP_INET_EGRESS, |
| 23 | CGROUP_INET_SOCK_CREATE, |
| 24 | CGROUP_SOCK_OPS, |
| 25 | CGROUP_DEVICE, |
| 26 | CGROUP_INET4_BIND, |
| 27 | CGROUP_INET6_BIND, |
| 28 | CGROUP_INET4_CONNECT, |
| 29 | CGROUP_INET6_CONNECT, |
| 30 | CGROUP_INET4_POST_BIND, |
| 31 | CGROUP_INET6_POST_BIND, |
| 32 | CGROUP_UDP4_SENDMSG, |
| 33 | CGROUP_UDP6_SENDMSG, |
| 34 | CGROUP_SYSCTL, |
| 35 | CGROUP_UDP4_RECVMSG, |
| 36 | CGROUP_UDP6_RECVMSG, |
| 37 | CGROUP_GETSOCKOPT, |
| 38 | CGROUP_SETSOCKOPT, |
| 39 | CGROUP_INET4_GETPEERNAME, |
| 40 | CGROUP_INET6_GETPEERNAME, |
| 41 | CGROUP_INET4_GETSOCKNAME, |
| 42 | CGROUP_INET6_GETSOCKNAME, |
| 43 | CGROUP_INET_SOCK_RELEASE, |
| Stanislav Fomichev | 69fd337 | 2022-06-28 10:43:06 -0700 | [diff] [blame^] | 44 | CGROUP_LSM_START, |
| 45 | CGROUP_LSM_END = CGROUP_LSM_START + CGROUP_LSM_NUM - 1, |
| Jakub Kicinski | fd1740b | 2021-12-15 18:55:38 -0800 | [diff] [blame] | 46 | MAX_CGROUP_BPF_ATTACH_TYPE |
| 47 | }; |
| 48 | |
| 49 | struct cgroup_bpf { |
| 50 | /* array of effective progs in this cgroup */ |
| 51 | struct bpf_prog_array __rcu *effective[MAX_CGROUP_BPF_ATTACH_TYPE]; |
| 52 | |
| 53 | /* attached progs to this cgroup and attach flags |
| 54 | * when flags == 0 or BPF_F_ALLOW_OVERRIDE the progs list will |
| 55 | * have either zero or one element |
| 56 | * when BPF_F_ALLOW_MULTI the list can have up to BPF_CGROUP_MAX_PROGS |
| 57 | */ |
| Stanislav Fomichev | 0044214 | 2022-06-28 10:43:05 -0700 | [diff] [blame] | 58 | struct hlist_head progs[MAX_CGROUP_BPF_ATTACH_TYPE]; |
| 59 | u8 flags[MAX_CGROUP_BPF_ATTACH_TYPE]; |
| Jakub Kicinski | fd1740b | 2021-12-15 18:55:38 -0800 | [diff] [blame] | 60 | |
| 61 | /* list of cgroup shared storages */ |
| 62 | struct list_head storages; |
| 63 | |
| 64 | /* temp storage for effective prog array used by prog_attach/detach */ |
| 65 | struct bpf_prog_array *inactive; |
| 66 | |
| 67 | /* reference counter used to detach bpf programs after cgroup removal */ |
| 68 | struct percpu_ref refcnt; |
| 69 | |
| 70 | /* cgroup_bpf is released using a work queue */ |
| 71 | struct work_struct release_work; |
| 72 | }; |
| 73 | |
| 74 | #else /* CONFIG_CGROUP_BPF */ |
| 75 | struct cgroup_bpf {}; |
| 76 | #endif /* CONFIG_CGROUP_BPF */ |
| 77 | |
| 78 | #endif |
