1
2
3
4#ifndef __LINUX_FILTER_H__
5#define __LINUX_FILTER_H__
6
7#include <stdarg.h>
8
9#include <linux/atomic.h>
10#include <linux/refcount.h>
11#include <linux/compat.h>
12#include <linux/skbuff.h>
13#include <linux/linkage.h>
14#include <linux/printk.h>
15#include <linux/workqueue.h>
16#include <linux/sched.h>
17#include <linux/capability.h>
18#include <linux/cryptohash.h>
19#include <linux/set_memory.h>
20
21#include <net/sch_generic.h>
22
23#include <uapi/linux/filter.h>
24#include <uapi/linux/bpf.h>
25
26struct sk_buff;
27struct sock;
28struct seccomp_data;
29struct bpf_prog_aux;
30
31
32
33
34
35#define BPF_REG_ARG1 BPF_REG_1
36#define BPF_REG_ARG2 BPF_REG_2
37#define BPF_REG_ARG3 BPF_REG_3
38#define BPF_REG_ARG4 BPF_REG_4
39#define BPF_REG_ARG5 BPF_REG_5
40#define BPF_REG_CTX BPF_REG_6
41#define BPF_REG_FP BPF_REG_10
42
43
44#define BPF_REG_A BPF_REG_0
45#define BPF_REG_X BPF_REG_7
46#define BPF_REG_TMP BPF_REG_8
47
48
49
50
51
52
53
54#define BPF_REG_AX MAX_BPF_REG
55#define MAX_BPF_JIT_REG (MAX_BPF_REG + 1)
56
57
58#define BPF_TAIL_CALL 0xf0
59
60
61
62
63
64#define BPF_SYM_ELF_TYPE 't'
65
66
67#define MAX_BPF_STACK 512
68
69
70
71
72
73#define BPF_ALU64_REG(OP, DST, SRC) \
74 ((struct bpf_insn) { \
75 .code = BPF_ALU64 | BPF_OP(OP) | BPF_X, \
76 .dst_reg = DST, \
77 .src_reg = SRC, \
78 .off = 0, \
79 .imm = 0 })
80
81#define BPF_ALU32_REG(OP, DST, SRC) \
82 ((struct bpf_insn) { \
83 .code = BPF_ALU | BPF_OP(OP) | BPF_X, \
84 .dst_reg = DST, \
85 .src_reg = SRC, \
86 .off = 0, \
87 .imm = 0 })
88
89
90
91#define BPF_ALU64_IMM(OP, DST, IMM) \
92 ((struct bpf_insn) { \
93 .code = BPF_ALU64 | BPF_OP(OP) | BPF_K, \
94 .dst_reg = DST, \
95 .src_reg = 0, \
96 .off = 0, \
97 .imm = IMM })
98
99#define BPF_ALU32_IMM(OP, DST, IMM) \
100 ((struct bpf_insn) { \
101 .code = BPF_ALU | BPF_OP(OP) | BPF_K, \
102 .dst_reg = DST, \
103 .src_reg = 0, \
104 .off = 0, \
105 .imm = IMM })
106
107
108
109#define BPF_ENDIAN(TYPE, DST, LEN) \
110 ((struct bpf_insn) { \
111 .code = BPF_ALU | BPF_END | BPF_SRC(TYPE), \
112 .dst_reg = DST, \
113 .src_reg = 0, \
114 .off = 0, \
115 .imm = LEN })
116
117
118
119#define BPF_MOV64_REG(DST, SRC) \
120 ((struct bpf_insn) { \
121 .code = BPF_ALU64 | BPF_MOV | BPF_X, \
122 .dst_reg = DST, \
123 .src_reg = SRC, \
124 .off = 0, \
125 .imm = 0 })
126
127#define BPF_MOV32_REG(DST, SRC) \
128 ((struct bpf_insn) { \
129 .code = BPF_ALU | BPF_MOV | BPF_X, \
130 .dst_reg = DST, \
131 .src_reg = SRC, \
132 .off = 0, \
133 .imm = 0 })
134
135
136
137#define BPF_MOV64_IMM(DST, IMM) \
138 ((struct bpf_insn) { \
139 .code = BPF_ALU64 | BPF_MOV | BPF_K, \
140 .dst_reg = DST, \
141 .src_reg = 0, \
142 .off = 0, \
143 .imm = IMM })
144
145#define BPF_MOV32_IMM(DST, IMM) \
146 ((struct bpf_insn) { \
147 .code = BPF_ALU | BPF_MOV | BPF_K, \
148 .dst_reg = DST, \
149 .src_reg = 0, \
150 .off = 0, \
151 .imm = IMM })
152
153
154#define BPF_LD_IMM64(DST, IMM) \
155 BPF_LD_IMM64_RAW(DST, 0, IMM)
156
157#define BPF_LD_IMM64_RAW(DST, SRC, IMM) \
158 ((struct bpf_insn) { \
159 .code = BPF_LD | BPF_DW | BPF_IMM, \
160 .dst_reg = DST, \
161 .src_reg = SRC, \
162 .off = 0, \
163 .imm = (__u32) (IMM) }), \
164 ((struct bpf_insn) { \
165 .code = 0, \
166 .dst_reg = 0, \
167 .src_reg = 0, \
168 .off = 0, \
169 .imm = ((__u64) (IMM)) >> 32 })
170
171
172#define BPF_LD_MAP_FD(DST, MAP_FD) \
173 BPF_LD_IMM64_RAW(DST, BPF_PSEUDO_MAP_FD, MAP_FD)
174
175
176
177#define BPF_MOV64_RAW(TYPE, DST, SRC, IMM) \
178 ((struct bpf_insn) { \
179 .code = BPF_ALU64 | BPF_MOV | BPF_SRC(TYPE), \
180 .dst_reg = DST, \
181 .src_reg = SRC, \
182 .off = 0, \
183 .imm = IMM })
184
185#define BPF_MOV32_RAW(TYPE, DST, SRC, IMM) \
186 ((struct bpf_insn) { \
187 .code = BPF_ALU | BPF_MOV | BPF_SRC(TYPE), \
188 .dst_reg = DST, \
189 .src_reg = SRC, \
190 .off = 0, \
191 .imm = IMM })
192
193
194
195#define BPF_LD_ABS(SIZE, IMM) \
196 ((struct bpf_insn) { \
197 .code = BPF_LD | BPF_SIZE(SIZE) | BPF_ABS, \
198 .dst_reg = 0, \
199 .src_reg = 0, \
200 .off = 0, \
201 .imm = IMM })
202
203
204
205#define BPF_LD_IND(SIZE, SRC, IMM) \
206 ((struct bpf_insn) { \
207 .code = BPF_LD | BPF_SIZE(SIZE) | BPF_IND, \
208 .dst_reg = 0, \
209 .src_reg = SRC, \
210 .off = 0, \
211 .imm = IMM })
212
213
214
215#define BPF_LDX_MEM(SIZE, DST, SRC, OFF) \
216 ((struct bpf_insn) { \
217 .code = BPF_LDX | BPF_SIZE(SIZE) | BPF_MEM, \
218 .dst_reg = DST, \
219 .src_reg = SRC, \
220 .off = OFF, \
221 .imm = 0 })
222
223
224
225#define BPF_STX_MEM(SIZE, DST, SRC, OFF) \
226 ((struct bpf_insn) { \
227 .code = BPF_STX | BPF_SIZE(SIZE) | BPF_MEM, \
228 .dst_reg = DST, \
229 .src_reg = SRC, \
230 .off = OFF, \
231 .imm = 0 })
232
233
234
235#define BPF_STX_XADD(SIZE, DST, SRC, OFF) \
236 ((struct bpf_insn) { \
237 .code = BPF_STX | BPF_SIZE(SIZE) | BPF_XADD, \
238 .dst_reg = DST, \
239 .src_reg = SRC, \
240 .off = OFF, \
241 .imm = 0 })
242
243
244
245#define BPF_ST_MEM(SIZE, DST, OFF, IMM) \
246 ((struct bpf_insn) { \
247 .code = BPF_ST | BPF_SIZE(SIZE) | BPF_MEM, \
248 .dst_reg = DST, \
249 .src_reg = 0, \
250 .off = OFF, \
251 .imm = IMM })
252
253
254
255#define BPF_JMP_REG(OP, DST, SRC, OFF) \
256 ((struct bpf_insn) { \
257 .code = BPF_JMP | BPF_OP(OP) | BPF_X, \
258 .dst_reg = DST, \
259 .src_reg = SRC, \
260 .off = OFF, \
261 .imm = 0 })
262
263
264
265#define BPF_JMP_IMM(OP, DST, IMM, OFF) \
266 ((struct bpf_insn) { \
267 .code = BPF_JMP | BPF_OP(OP) | BPF_K, \
268 .dst_reg = DST, \
269 .src_reg = 0, \
270 .off = OFF, \
271 .imm = IMM })
272
273
274
275#define BPF_JMP_A(OFF) \
276 ((struct bpf_insn) { \
277 .code = BPF_JMP | BPF_JA, \
278 .dst_reg = 0, \
279 .src_reg = 0, \
280 .off = OFF, \
281 .imm = 0 })
282
283
284
285#define BPF_EMIT_CALL(FUNC) \
286 ((struct bpf_insn) { \
287 .code = BPF_JMP | BPF_CALL, \
288 .dst_reg = 0, \
289 .src_reg = 0, \
290 .off = 0, \
291 .imm = ((FUNC) - __bpf_call_base) })
292
293
294
295#define BPF_RAW_INSN(CODE, DST, SRC, OFF, IMM) \
296 ((struct bpf_insn) { \
297 .code = CODE, \
298 .dst_reg = DST, \
299 .src_reg = SRC, \
300 .off = OFF, \
301 .imm = IMM })
302
303
304
305#define BPF_EXIT_INSN() \
306 ((struct bpf_insn) { \
307 .code = BPF_JMP | BPF_EXIT, \
308 .dst_reg = 0, \
309 .src_reg = 0, \
310 .off = 0, \
311 .imm = 0 })
312
313
314
315#define __BPF_STMT(CODE, K) \
316 ((struct sock_filter) BPF_STMT(CODE, K))
317
318#define __BPF_JUMP(CODE, K, JT, JF) \
319 ((struct sock_filter) BPF_JUMP(CODE, K, JT, JF))
320
321#define bytes_to_bpf_size(bytes) \
322({ \
323 int bpf_size = -EINVAL; \
324 \
325 if (bytes == sizeof(u8)) \
326 bpf_size = BPF_B; \
327 else if (bytes == sizeof(u16)) \
328 bpf_size = BPF_H; \
329 else if (bytes == sizeof(u32)) \
330 bpf_size = BPF_W; \
331 else if (bytes == sizeof(u64)) \
332 bpf_size = BPF_DW; \
333 \
334 bpf_size; \
335})
336
337#define bpf_size_to_bytes(bpf_size) \
338({ \
339 int bytes = -EINVAL; \
340 \
341 if (bpf_size == BPF_B) \
342 bytes = sizeof(u8); \
343 else if (bpf_size == BPF_H) \
344 bytes = sizeof(u16); \
345 else if (bpf_size == BPF_W) \
346 bytes = sizeof(u32); \
347 else if (bpf_size == BPF_DW) \
348 bytes = sizeof(u64); \
349 \
350 bytes; \
351})
352
353#define BPF_SIZEOF(type) \
354 ({ \
355 const int __size = bytes_to_bpf_size(sizeof(type)); \
356 BUILD_BUG_ON(__size < 0); \
357 __size; \
358 })
359
360#define BPF_FIELD_SIZEOF(type, field) \
361 ({ \
362 const int __size = bytes_to_bpf_size(FIELD_SIZEOF(type, field)); \
363 BUILD_BUG_ON(__size < 0); \
364 __size; \
365 })
366
367#define BPF_LDST_BYTES(insn) \
368 ({ \
369 const int __size = bpf_size_to_bytes(BPF_SIZE(insn->code)); \
370 WARN_ON(__size < 0); \
371 __size; \
372 })
373
374#define __BPF_MAP_0(m, v, ...) v
375#define __BPF_MAP_1(m, v, t, a, ...) m(t, a)
376#define __BPF_MAP_2(m, v, t, a, ...) m(t, a), __BPF_MAP_1(m, v, __VA_ARGS__)
377#define __BPF_MAP_3(m, v, t, a, ...) m(t, a), __BPF_MAP_2(m, v, __VA_ARGS__)
378#define __BPF_MAP_4(m, v, t, a, ...) m(t, a), __BPF_MAP_3(m, v, __VA_ARGS__)
379#define __BPF_MAP_5(m, v, t, a, ...) m(t, a), __BPF_MAP_4(m, v, __VA_ARGS__)
380
381#define __BPF_REG_0(...) __BPF_PAD(5)
382#define __BPF_REG_1(...) __BPF_MAP(1, __VA_ARGS__), __BPF_PAD(4)
383#define __BPF_REG_2(...) __BPF_MAP(2, __VA_ARGS__), __BPF_PAD(3)
384#define __BPF_REG_3(...) __BPF_MAP(3, __VA_ARGS__), __BPF_PAD(2)
385#define __BPF_REG_4(...) __BPF_MAP(4, __VA_ARGS__), __BPF_PAD(1)
386#define __BPF_REG_5(...) __BPF_MAP(5, __VA_ARGS__)
387
388#define __BPF_MAP(n, ...) __BPF_MAP_##n(__VA_ARGS__)
389#define __BPF_REG(n, ...) __BPF_REG_##n(__VA_ARGS__)
390
391#define __BPF_CAST(t, a) \
392 (__force t) \
393 (__force \
394 typeof(__builtin_choose_expr(sizeof(t) == sizeof(unsigned long), \
395 (unsigned long)0, (t)0))) a
396#define __BPF_V void
397#define __BPF_N
398
399#define __BPF_DECL_ARGS(t, a) t a
400#define __BPF_DECL_REGS(t, a) u64 a
401
402#define __BPF_PAD(n) \
403 __BPF_MAP(n, __BPF_DECL_ARGS, __BPF_N, u64, __ur_1, u64, __ur_2, \
404 u64, __ur_3, u64, __ur_4, u64, __ur_5)
405
406#define BPF_CALL_x(x, name, ...) \
407 static __always_inline \
408 u64 ____##name(__BPF_MAP(x, __BPF_DECL_ARGS, __BPF_V, __VA_ARGS__)); \
409 u64 name(__BPF_REG(x, __BPF_DECL_REGS, __BPF_N, __VA_ARGS__)); \
410 u64 name(__BPF_REG(x, __BPF_DECL_REGS, __BPF_N, __VA_ARGS__)) \
411 { \
412 return ____##name(__BPF_MAP(x,__BPF_CAST,__BPF_N,__VA_ARGS__));\
413 } \
414 static __always_inline \
415 u64 ____##name(__BPF_MAP(x, __BPF_DECL_ARGS, __BPF_V, __VA_ARGS__))
416
417#define BPF_CALL_0(name, ...) BPF_CALL_x(0, name, __VA_ARGS__)
418#define BPF_CALL_1(name, ...) BPF_CALL_x(1, name, __VA_ARGS__)
419#define BPF_CALL_2(name, ...) BPF_CALL_x(2, name, __VA_ARGS__)
420#define BPF_CALL_3(name, ...) BPF_CALL_x(3, name, __VA_ARGS__)
421#define BPF_CALL_4(name, ...) BPF_CALL_x(4, name, __VA_ARGS__)
422#define BPF_CALL_5(name, ...) BPF_CALL_x(5, name, __VA_ARGS__)
423
424#define bpf_ctx_range(TYPE, MEMBER) \
425 offsetof(TYPE, MEMBER) ... offsetofend(TYPE, MEMBER) - 1
426#define bpf_ctx_range_till(TYPE, MEMBER1, MEMBER2) \
427 offsetof(TYPE, MEMBER1) ... offsetofend(TYPE, MEMBER2) - 1
428
429#define bpf_target_off(TYPE, MEMBER, SIZE, PTR_SIZE) \
430 ({ \
431 BUILD_BUG_ON(FIELD_SIZEOF(TYPE, MEMBER) != (SIZE)); \
432 *(PTR_SIZE) = (SIZE); \
433 offsetof(TYPE, MEMBER); \
434 })
435
436#ifdef CONFIG_COMPAT
437
438struct compat_sock_fprog {
439 u16 len;
440 compat_uptr_t filter;
441};
442#endif
443
444struct sock_fprog_kern {
445 u16 len;
446 struct sock_filter *filter;
447};
448
449struct bpf_binary_header {
450 unsigned int pages;
451 u8 image[];
452};
453
454struct bpf_prog {
455 u16 pages;
456 kmemcheck_bitfield_begin(meta);
457 u16 jited:1,
458 locked:1,
459 gpl_compatible:1,
460 cb_access:1,
461 dst_needed:1;
462 kmemcheck_bitfield_end(meta);
463 enum bpf_prog_type type;
464 u32 len;
465 u32 jited_len;
466 u8 tag[BPF_TAG_SIZE];
467 struct bpf_prog_aux *aux;
468 struct sock_fprog_kern *orig_prog;
469 unsigned int (*bpf_func)(const void *ctx,
470 const struct bpf_insn *insn);
471
472 union {
473 struct sock_filter insns[0];
474 struct bpf_insn insnsi[0];
475 };
476};
477
478struct sk_filter {
479 refcount_t refcnt;
480 struct rcu_head rcu;
481 struct bpf_prog *prog;
482};
483
484#define BPF_PROG_RUN(filter, ctx) (*filter->bpf_func)(ctx, filter->insnsi)
485
486#define BPF_SKB_CB_LEN QDISC_CB_PRIV_LEN
487
488struct bpf_skb_data_end {
489 struct qdisc_skb_cb qdisc_cb;
490 void *data_end;
491};
492
493struct xdp_buff {
494 void *data;
495 void *data_end;
496 void *data_hard_start;
497};
498
499
500
501
502static inline void bpf_compute_data_end(struct sk_buff *skb)
503{
504 struct bpf_skb_data_end *cb = (struct bpf_skb_data_end *)skb->cb;
505
506 BUILD_BUG_ON(sizeof(*cb) > FIELD_SIZEOF(struct sk_buff, cb));
507 cb->data_end = skb->data + skb_headlen(skb);
508}
509
510static inline u8 *bpf_skb_cb(struct sk_buff *skb)
511{
512
513
514
515
516
517
518
519
520
521
522 BUILD_BUG_ON(FIELD_SIZEOF(struct __sk_buff, cb) != BPF_SKB_CB_LEN);
523 BUILD_BUG_ON(FIELD_SIZEOF(struct __sk_buff, cb) !=
524 FIELD_SIZEOF(struct qdisc_skb_cb, data));
525
526 return qdisc_skb_cb(skb)->data;
527}
528
529static inline u32 bpf_prog_run_save_cb(const struct bpf_prog *prog,
530 struct sk_buff *skb)
531{
532 u8 *cb_data = bpf_skb_cb(skb);
533 u8 cb_saved[BPF_SKB_CB_LEN];
534 u32 res;
535
536 if (unlikely(prog->cb_access)) {
537 memcpy(cb_saved, cb_data, sizeof(cb_saved));
538 memset(cb_data, 0, sizeof(cb_saved));
539 }
540
541 res = BPF_PROG_RUN(prog, skb);
542
543 if (unlikely(prog->cb_access))
544 memcpy(cb_data, cb_saved, sizeof(cb_saved));
545
546 return res;
547}
548
549static inline u32 bpf_prog_run_clear_cb(const struct bpf_prog *prog,
550 struct sk_buff *skb)
551{
552 u8 *cb_data = bpf_skb_cb(skb);
553
554 if (unlikely(prog->cb_access))
555 memset(cb_data, 0, BPF_SKB_CB_LEN);
556
557 return BPF_PROG_RUN(prog, skb);
558}
559
560static __always_inline u32 bpf_prog_run_xdp(const struct bpf_prog *prog,
561 struct xdp_buff *xdp)
562{
563
564
565
566
567
568
569 return BPF_PROG_RUN(prog, xdp);
570}
571
572static inline u32 bpf_prog_insn_size(const struct bpf_prog *prog)
573{
574 return prog->len * sizeof(struct bpf_insn);
575}
576
577static inline u32 bpf_prog_tag_scratch_size(const struct bpf_prog *prog)
578{
579 return round_up(bpf_prog_insn_size(prog) +
580 sizeof(__be64) + 1, SHA_MESSAGE_BYTES);
581}
582
583static inline unsigned int bpf_prog_size(unsigned int proglen)
584{
585 return max(sizeof(struct bpf_prog),
586 offsetof(struct bpf_prog, insns[proglen]));
587}
588
589static inline bool bpf_prog_was_classic(const struct bpf_prog *prog)
590{
591
592
593
594
595
596 return prog->type == BPF_PROG_TYPE_UNSPEC;
597}
598
599static inline bool
600bpf_ctx_narrow_access_ok(u32 off, u32 size, const u32 size_default)
601{
602 bool off_ok;
603#ifdef __LITTLE_ENDIAN
604 off_ok = (off & (size_default - 1)) == 0;
605#else
606 off_ok = (off & (size_default - 1)) + size == size_default;
607#endif
608 return off_ok && size <= size_default && (size & (size - 1)) == 0;
609}
610
611#define bpf_classic_proglen(fprog) (fprog->len * sizeof(fprog->filter[0]))
612
613#ifdef CONFIG_ARCH_HAS_SET_MEMORY
614static inline void bpf_prog_lock_ro(struct bpf_prog *fp)
615{
616 fp->locked = 1;
617 WARN_ON_ONCE(set_memory_ro((unsigned long)fp, fp->pages));
618}
619
620static inline void bpf_prog_unlock_ro(struct bpf_prog *fp)
621{
622 if (fp->locked) {
623 WARN_ON_ONCE(set_memory_rw((unsigned long)fp, fp->pages));
624
625
626
627 fp->locked = 0;
628 }
629}
630
631static inline void bpf_jit_binary_lock_ro(struct bpf_binary_header *hdr)
632{
633 WARN_ON_ONCE(set_memory_ro((unsigned long)hdr, hdr->pages));
634}
635
636static inline void bpf_jit_binary_unlock_ro(struct bpf_binary_header *hdr)
637{
638 WARN_ON_ONCE(set_memory_rw((unsigned long)hdr, hdr->pages));
639}
640#else
641static inline void bpf_prog_lock_ro(struct bpf_prog *fp)
642{
643}
644
645static inline void bpf_prog_unlock_ro(struct bpf_prog *fp)
646{
647}
648
649static inline void bpf_jit_binary_lock_ro(struct bpf_binary_header *hdr)
650{
651}
652
653static inline void bpf_jit_binary_unlock_ro(struct bpf_binary_header *hdr)
654{
655}
656#endif
657
658static inline struct bpf_binary_header *
659bpf_jit_binary_hdr(const struct bpf_prog *fp)
660{
661 unsigned long real_start = (unsigned long)fp->bpf_func;
662 unsigned long addr = real_start & PAGE_MASK;
663
664 return (void *)addr;
665}
666
667int sk_filter_trim_cap(struct sock *sk, struct sk_buff *skb, unsigned int cap);
668static inline int sk_filter(struct sock *sk, struct sk_buff *skb)
669{
670 return sk_filter_trim_cap(sk, skb, 1);
671}
672
673struct bpf_prog *bpf_prog_select_runtime(struct bpf_prog *fp, int *err);
674void bpf_prog_free(struct bpf_prog *fp);
675
676struct bpf_prog *bpf_prog_alloc(unsigned int size, gfp_t gfp_extra_flags);
677struct bpf_prog *bpf_prog_realloc(struct bpf_prog *fp_old, unsigned int size,
678 gfp_t gfp_extra_flags);
679void __bpf_prog_free(struct bpf_prog *fp);
680
681static inline void bpf_prog_unlock_free(struct bpf_prog *fp)
682{
683 bpf_prog_unlock_ro(fp);
684 __bpf_prog_free(fp);
685}
686
687typedef int (*bpf_aux_classic_check_t)(struct sock_filter *filter,
688 unsigned int flen);
689
690int bpf_prog_create(struct bpf_prog **pfp, struct sock_fprog_kern *fprog);
691int bpf_prog_create_from_user(struct bpf_prog **pfp, struct sock_fprog *fprog,
692 bpf_aux_classic_check_t trans, bool save_orig);
693void bpf_prog_destroy(struct bpf_prog *fp);
694
695int sk_attach_filter(struct sock_fprog *fprog, struct sock *sk);
696int sk_attach_bpf(u32 ufd, struct sock *sk);
697int sk_reuseport_attach_filter(struct sock_fprog *fprog, struct sock *sk);
698int sk_reuseport_attach_bpf(u32 ufd, struct sock *sk);
699int sk_detach_filter(struct sock *sk);
700int sk_get_filter(struct sock *sk, struct sock_filter __user *filter,
701 unsigned int len);
702
703bool sk_filter_charge(struct sock *sk, struct sk_filter *fp);
704void sk_filter_uncharge(struct sock *sk, struct sk_filter *fp);
705
706u64 __bpf_call_base(u64 r1, u64 r2, u64 r3, u64 r4, u64 r5);
707
708struct bpf_prog *bpf_int_jit_compile(struct bpf_prog *prog);
709void bpf_jit_compile(struct bpf_prog *prog);
710bool bpf_helper_changes_pkt_data(void *func);
711
712struct bpf_prog *bpf_patch_insn_single(struct bpf_prog *prog, u32 off,
713 const struct bpf_insn *patch, u32 len);
714void bpf_warn_invalid_xdp_action(u32 act);
715
716#ifdef CONFIG_BPF_JIT
717extern int bpf_jit_enable;
718extern int bpf_jit_harden;
719extern int bpf_jit_kallsyms;
720
721typedef void (*bpf_jit_fill_hole_t)(void *area, unsigned int size);
722
723struct bpf_binary_header *
724bpf_jit_binary_alloc(unsigned int proglen, u8 **image_ptr,
725 unsigned int alignment,
726 bpf_jit_fill_hole_t bpf_fill_ill_insns);
727void bpf_jit_binary_free(struct bpf_binary_header *hdr);
728
729void bpf_jit_free(struct bpf_prog *fp);
730
731struct bpf_prog *bpf_jit_blind_constants(struct bpf_prog *fp);
732void bpf_jit_prog_release_other(struct bpf_prog *fp, struct bpf_prog *fp_other);
733
734static inline void bpf_jit_dump(unsigned int flen, unsigned int proglen,
735 u32 pass, void *image)
736{
737 pr_err("flen=%u proglen=%u pass=%u image=%pK from=%s pid=%d\n", flen,
738 proglen, pass, image, current->comm, task_pid_nr(current));
739
740 if (image)
741 print_hex_dump(KERN_ERR, "JIT code: ", DUMP_PREFIX_OFFSET,
742 16, 1, image, proglen, false);
743}
744
745static inline bool bpf_jit_is_ebpf(void)
746{
747# ifdef CONFIG_HAVE_EBPF_JIT
748 return true;
749# else
750 return false;
751# endif
752}
753
754static inline bool ebpf_jit_enabled(void)
755{
756 return bpf_jit_enable && bpf_jit_is_ebpf();
757}
758
759static inline bool bpf_prog_ebpf_jited(const struct bpf_prog *fp)
760{
761 return fp->jited && bpf_jit_is_ebpf();
762}
763
764static inline bool bpf_jit_blinding_enabled(void)
765{
766
767
768
769
770 if (!bpf_jit_is_ebpf())
771 return false;
772 if (!bpf_jit_enable)
773 return false;
774 if (!bpf_jit_harden)
775 return false;
776 if (bpf_jit_harden == 1 && capable(CAP_SYS_ADMIN))
777 return false;
778
779 return true;
780}
781
782static inline bool bpf_jit_kallsyms_enabled(void)
783{
784
785
786
787 if (bpf_jit_harden)
788 return false;
789 if (!bpf_jit_kallsyms)
790 return false;
791 if (bpf_jit_kallsyms == 1)
792 return true;
793
794 return false;
795}
796
797const char *__bpf_address_lookup(unsigned long addr, unsigned long *size,
798 unsigned long *off, char *sym);
799bool is_bpf_text_address(unsigned long addr);
800int bpf_get_kallsym(unsigned int symnum, unsigned long *value, char *type,
801 char *sym);
802
803static inline const char *
804bpf_address_lookup(unsigned long addr, unsigned long *size,
805 unsigned long *off, char **modname, char *sym)
806{
807 const char *ret = __bpf_address_lookup(addr, size, off, sym);
808
809 if (ret && modname)
810 *modname = NULL;
811 return ret;
812}
813
814void bpf_prog_kallsyms_add(struct bpf_prog *fp);
815void bpf_prog_kallsyms_del(struct bpf_prog *fp);
816
817#else
818
819static inline bool ebpf_jit_enabled(void)
820{
821 return false;
822}
823
824static inline bool bpf_prog_ebpf_jited(const struct bpf_prog *fp)
825{
826 return false;
827}
828
829static inline void bpf_jit_free(struct bpf_prog *fp)
830{
831 bpf_prog_unlock_free(fp);
832}
833
834static inline bool bpf_jit_kallsyms_enabled(void)
835{
836 return false;
837}
838
839static inline const char *
840__bpf_address_lookup(unsigned long addr, unsigned long *size,
841 unsigned long *off, char *sym)
842{
843 return NULL;
844}
845
846static inline bool is_bpf_text_address(unsigned long addr)
847{
848 return false;
849}
850
851static inline int bpf_get_kallsym(unsigned int symnum, unsigned long *value,
852 char *type, char *sym)
853{
854 return -ERANGE;
855}
856
857static inline const char *
858bpf_address_lookup(unsigned long addr, unsigned long *size,
859 unsigned long *off, char **modname, char *sym)
860{
861 return NULL;
862}
863
864static inline void bpf_prog_kallsyms_add(struct bpf_prog *fp)
865{
866}
867
868static inline void bpf_prog_kallsyms_del(struct bpf_prog *fp)
869{
870}
871#endif
872
873#define BPF_ANC BIT(15)
874
875static inline bool bpf_needs_clear_a(const struct sock_filter *first)
876{
877 switch (first->code) {
878 case BPF_RET | BPF_K:
879 case BPF_LD | BPF_W | BPF_LEN:
880 return false;
881
882 case BPF_LD | BPF_W | BPF_ABS:
883 case BPF_LD | BPF_H | BPF_ABS:
884 case BPF_LD | BPF_B | BPF_ABS:
885 if (first->k == SKF_AD_OFF + SKF_AD_ALU_XOR_X)
886 return true;
887 return false;
888
889 default:
890 return true;
891 }
892}
893
894static inline u16 bpf_anc_helper(const struct sock_filter *ftest)
895{
896 BUG_ON(ftest->code & BPF_ANC);
897
898 switch (ftest->code) {
899 case BPF_LD | BPF_W | BPF_ABS:
900 case BPF_LD | BPF_H | BPF_ABS:
901 case BPF_LD | BPF_B | BPF_ABS:
902#define BPF_ANCILLARY(CODE) case SKF_AD_OFF + SKF_AD_##CODE: \
903 return BPF_ANC | SKF_AD_##CODE
904 switch (ftest->k) {
905 BPF_ANCILLARY(PROTOCOL);
906 BPF_ANCILLARY(PKTTYPE);
907 BPF_ANCILLARY(IFINDEX);
908 BPF_ANCILLARY(NLATTR);
909 BPF_ANCILLARY(NLATTR_NEST);
910 BPF_ANCILLARY(MARK);
911 BPF_ANCILLARY(QUEUE);
912 BPF_ANCILLARY(HATYPE);
913 BPF_ANCILLARY(RXHASH);
914 BPF_ANCILLARY(CPU);
915 BPF_ANCILLARY(ALU_XOR_X);
916 BPF_ANCILLARY(VLAN_TAG);
917 BPF_ANCILLARY(VLAN_TAG_PRESENT);
918 BPF_ANCILLARY(PAY_OFFSET);
919 BPF_ANCILLARY(RANDOM);
920 BPF_ANCILLARY(VLAN_TPID);
921 }
922
923 default:
924 return ftest->code;
925 }
926}
927
928void *bpf_internal_load_pointer_neg_helper(const struct sk_buff *skb,
929 int k, unsigned int size);
930
931static inline void *bpf_load_pointer(const struct sk_buff *skb, int k,
932 unsigned int size, void *buffer)
933{
934 if (k >= 0)
935 return skb_header_pointer(skb, k, size, buffer);
936
937 return bpf_internal_load_pointer_neg_helper(skb, k, size);
938}
939
940static inline int bpf_tell_extensions(void)
941{
942 return SKF_AD_MAX;
943}
944
945struct bpf_sock_ops_kern {
946 struct sock *sk;
947 u32 op;
948 union {
949 u32 reply;
950 u32 replylong[4];
951 };
952};
953
954#endif
955
