1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20#include <linux/atomic.h>
21#include <linux/module.h>
22#include <linux/types.h>
23#include <linux/mm.h>
24#include <linux/fcntl.h>
25#include <linux/socket.h>
26#include <linux/sock_diag.h>
27#include <linux/in.h>
28#include <linux/inet.h>
29#include <linux/netdevice.h>
30#include <linux/if_packet.h>
31#include <linux/if_arp.h>
32#include <linux/gfp.h>
33#include <net/inet_common.h>
34#include <net/ip.h>
35#include <net/protocol.h>
36#include <net/netlink.h>
37#include <linux/skbuff.h>
38#include <linux/skmsg.h>
39#include <net/sock.h>
40#include <net/flow_dissector.h>
41#include <linux/errno.h>
42#include <linux/timer.h>
43#include <linux/uaccess.h>
44#include <asm/unaligned.h>
45#include <linux/filter.h>
46#include <linux/ratelimit.h>
47#include <linux/seccomp.h>
48#include <linux/if_vlan.h>
49#include <linux/bpf.h>
50#include <linux/btf.h>
51#include <net/sch_generic.h>
52#include <net/cls_cgroup.h>
53#include <net/dst_metadata.h>
54#include <net/dst.h>
55#include <net/sock_reuseport.h>
56#include <net/busy_poll.h>
57#include <net/tcp.h>
58#include <net/xfrm.h>
59#include <net/udp.h>
60#include <linux/bpf_trace.h>
61#include <net/xdp_sock.h>
62#include <linux/inetdevice.h>
63#include <net/inet_hashtables.h>
64#include <net/inet6_hashtables.h>
65#include <net/ip_fib.h>
66#include <net/nexthop.h>
67#include <net/flow.h>
68#include <net/arp.h>
69#include <net/ipv6.h>
70#include <net/net_namespace.h>
71#include <linux/seg6_local.h>
72#include <net/seg6.h>
73#include <net/seg6_local.h>
74#include <net/lwtunnel.h>
75#include <net/ipv6_stubs.h>
76#include <net/bpf_sk_storage.h>
77#include <net/transp_v6.h>
78#include <linux/btf_ids.h>
79#include <net/tls.h>
80#include <net/xdp.h>
81
82static const struct bpf_func_proto *
83bpf_sk_base_func_proto(enum bpf_func_id func_id);
84
85int copy_bpf_fprog_from_user(struct sock_fprog *dst, sockptr_t src, int len)
86{
87 if (in_compat_syscall()) {
88 struct compat_sock_fprog f32;
89
90 if (len != sizeof(f32))
91 return -EINVAL;
92 if (copy_from_sockptr(&f32, src, sizeof(f32)))
93 return -EFAULT;
94 memset(dst, 0, sizeof(*dst));
95 dst->len = f32.len;
96 dst->filter = compat_ptr(f32.filter);
97 } else {
98 if (len != sizeof(*dst))
99 return -EINVAL;
100 if (copy_from_sockptr(dst, src, sizeof(*dst)))
101 return -EFAULT;
102 }
103
104 return 0;
105}
106EXPORT_SYMBOL_GPL(copy_bpf_fprog_from_user);
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121int sk_filter_trim_cap(struct sock *sk, struct sk_buff *skb, unsigned int cap)
122{
123 int err;
124 struct sk_filter *filter;
125
126
127
128
129
130
131 if (skb_pfmemalloc(skb) && !sock_flag(sk, SOCK_MEMALLOC)) {
132 NET_INC_STATS(sock_net(sk), LINUX_MIB_PFMEMALLOCDROP);
133 return -ENOMEM;
134 }
135 err = BPF_CGROUP_RUN_PROG_INET_INGRESS(sk, skb);
136 if (err)
137 return err;
138
139 err = security_sock_rcv_skb(sk, skb);
140 if (err)
141 return err;
142
143 rcu_read_lock();
144 filter = rcu_dereference(sk->sk_filter);
145 if (filter) {
146 struct sock *save_sk = skb->sk;
147 unsigned int pkt_len;
148
149 skb->sk = sk;
150 pkt_len = bpf_prog_run_save_cb(filter->prog, skb);
151 skb->sk = save_sk;
152 err = pkt_len ? pskb_trim(skb, max(cap, pkt_len)) : -EPERM;
153 }
154 rcu_read_unlock();
155
156 return err;
157}
158EXPORT_SYMBOL(sk_filter_trim_cap);
159
160BPF_CALL_1(bpf_skb_get_pay_offset, struct sk_buff *, skb)
161{
162 return skb_get_poff(skb);
163}
164
165BPF_CALL_3(bpf_skb_get_nlattr, struct sk_buff *, skb, u32, a, u32, x)
166{
167 struct nlattr *nla;
168
169 if (skb_is_nonlinear(skb))
170 return 0;
171
172 if (skb->len < sizeof(struct nlattr))
173 return 0;
174
175 if (a > skb->len - sizeof(struct nlattr))
176 return 0;
177
178 nla = nla_find((struct nlattr *) &skb->data[a], skb->len - a, x);
179 if (nla)
180 return (void *) nla - (void *) skb->data;
181
182 return 0;
183}
184
185BPF_CALL_3(bpf_skb_get_nlattr_nest, struct sk_buff *, skb, u32, a, u32, x)
186{
187 struct nlattr *nla;
188
189 if (skb_is_nonlinear(skb))
190 return 0;
191
192 if (skb->len < sizeof(struct nlattr))
193 return 0;
194
195 if (a > skb->len - sizeof(struct nlattr))
196 return 0;
197
198 nla = (struct nlattr *) &skb->data[a];
199 if (nla->nla_len > skb->len - a)
200 return 0;
201
202 nla = nla_find_nested(nla, x);
203 if (nla)
204 return (void *) nla - (void *) skb->data;
205
206 return 0;
207}
208
209BPF_CALL_4(bpf_skb_load_helper_8, const struct sk_buff *, skb, const void *,
210 data, int, headlen, int, offset)
211{
212 u8 tmp, *ptr;
213 const int len = sizeof(tmp);
214
215 if (offset >= 0) {
216 if (headlen - offset >= len)
217 return *(u8 *)(data + offset);
218 if (!skb_copy_bits(skb, offset, &tmp, sizeof(tmp)))
219 return tmp;
220 } else {
221 ptr = bpf_internal_load_pointer_neg_helper(skb, offset, len);
222 if (likely(ptr))
223 return *(u8 *)ptr;
224 }
225
226 return -EFAULT;
227}
228
229BPF_CALL_2(bpf_skb_load_helper_8_no_cache, const struct sk_buff *, skb,
230 int, offset)
231{
232 return ____bpf_skb_load_helper_8(skb, skb->data, skb->len - skb->data_len,
233 offset);
234}
235
236BPF_CALL_4(bpf_skb_load_helper_16, const struct sk_buff *, skb, const void *,
237 data, int, headlen, int, offset)
238{
239 u16 tmp, *ptr;
240 const int len = sizeof(tmp);
241
242 if (offset >= 0) {
243 if (headlen - offset >= len)
244 return get_unaligned_be16(data + offset);
245 if (!skb_copy_bits(skb, offset, &tmp, sizeof(tmp)))
246 return be16_to_cpu(tmp);
247 } else {
248 ptr = bpf_internal_load_pointer_neg_helper(skb, offset, len);
249 if (likely(ptr))
250 return get_unaligned_be16(ptr);
251 }
252
253 return -EFAULT;
254}
255
256BPF_CALL_2(bpf_skb_load_helper_16_no_cache, const struct sk_buff *, skb,
257 int, offset)
258{
259 return ____bpf_skb_load_helper_16(skb, skb->data, skb->len - skb->data_len,
260 offset);
261}
262
263BPF_CALL_4(bpf_skb_load_helper_32, const struct sk_buff *, skb, const void *,
264 data, int, headlen, int, offset)
265{
266 u32 tmp, *ptr;
267 const int len = sizeof(tmp);
268
269 if (likely(offset >= 0)) {
270 if (headlen - offset >= len)
271 return get_unaligned_be32(data + offset);
272 if (!skb_copy_bits(skb, offset, &tmp, sizeof(tmp)))
273 return be32_to_cpu(tmp);
274 } else {
275 ptr = bpf_internal_load_pointer_neg_helper(skb, offset, len);
276 if (likely(ptr))
277 return get_unaligned_be32(ptr);
278 }
279
280 return -EFAULT;
281}
282
283BPF_CALL_2(bpf_skb_load_helper_32_no_cache, const struct sk_buff *, skb,
284 int, offset)
285{
286 return ____bpf_skb_load_helper_32(skb, skb->data, skb->len - skb->data_len,
287 offset);
288}
289
290static u32 convert_skb_access(int skb_field, int dst_reg, int src_reg,
291 struct bpf_insn *insn_buf)
292{
293 struct bpf_insn *insn = insn_buf;
294
295 switch (skb_field) {
296 case SKF_AD_MARK:
297 BUILD_BUG_ON(sizeof_field(struct sk_buff, mark) != 4);
298
299 *insn++ = BPF_LDX_MEM(BPF_W, dst_reg, src_reg,
300 offsetof(struct sk_buff, mark));
301 break;
302
303 case SKF_AD_PKTTYPE:
304 *insn++ = BPF_LDX_MEM(BPF_B, dst_reg, src_reg, PKT_TYPE_OFFSET);
305 *insn++ = BPF_ALU32_IMM(BPF_AND, dst_reg, PKT_TYPE_MAX);
306#ifdef __BIG_ENDIAN_BITFIELD
307 *insn++ = BPF_ALU32_IMM(BPF_RSH, dst_reg, 5);
308#endif
309 break;
310
311 case SKF_AD_QUEUE:
312 BUILD_BUG_ON(sizeof_field(struct sk_buff, queue_mapping) != 2);
313
314 *insn++ = BPF_LDX_MEM(BPF_H, dst_reg, src_reg,
315 offsetof(struct sk_buff, queue_mapping));
316 break;
317
318 case SKF_AD_VLAN_TAG:
319 BUILD_BUG_ON(sizeof_field(struct sk_buff, vlan_tci) != 2);
320
321
322 *insn++ = BPF_LDX_MEM(BPF_H, dst_reg, src_reg,
323 offsetof(struct sk_buff, vlan_tci));
324 break;
325 case SKF_AD_VLAN_TAG_PRESENT:
326 *insn++ = BPF_LDX_MEM(BPF_B, dst_reg, src_reg, PKT_VLAN_PRESENT_OFFSET);
327 if (PKT_VLAN_PRESENT_BIT)
328 *insn++ = BPF_ALU32_IMM(BPF_RSH, dst_reg, PKT_VLAN_PRESENT_BIT);
329 if (PKT_VLAN_PRESENT_BIT < 7)
330 *insn++ = BPF_ALU32_IMM(BPF_AND, dst_reg, 1);
331 break;
332 }
333
334 return insn - insn_buf;
335}
336
337static bool convert_bpf_extensions(struct sock_filter *fp,
338 struct bpf_insn **insnp)
339{
340 struct bpf_insn *insn = *insnp;
341 u32 cnt;
342
343 switch (fp->k) {
344 case SKF_AD_OFF + SKF_AD_PROTOCOL:
345 BUILD_BUG_ON(sizeof_field(struct sk_buff, protocol) != 2);
346
347
348 *insn++ = BPF_LDX_MEM(BPF_H, BPF_REG_A, BPF_REG_CTX,
349 offsetof(struct sk_buff, protocol));
350
351 *insn = BPF_ENDIAN(BPF_FROM_BE, BPF_REG_A, 16);
352 break;
353
354 case SKF_AD_OFF + SKF_AD_PKTTYPE:
355 cnt = convert_skb_access(SKF_AD_PKTTYPE, BPF_REG_A, BPF_REG_CTX, insn);
356 insn += cnt - 1;
357 break;
358
359 case SKF_AD_OFF + SKF_AD_IFINDEX:
360 case SKF_AD_OFF + SKF_AD_HATYPE:
361 BUILD_BUG_ON(sizeof_field(struct net_device, ifindex) != 4);
362 BUILD_BUG_ON(sizeof_field(struct net_device, type) != 2);
363
364 *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct sk_buff, dev),
365 BPF_REG_TMP, BPF_REG_CTX,
366 offsetof(struct sk_buff, dev));
367
368 *insn++ = BPF_JMP_IMM(BPF_JNE, BPF_REG_TMP, 0, 1);
369 *insn++ = BPF_EXIT_INSN();
370 if (fp->k == SKF_AD_OFF + SKF_AD_IFINDEX)
371 *insn = BPF_LDX_MEM(BPF_W, BPF_REG_A, BPF_REG_TMP,
372 offsetof(struct net_device, ifindex));
373 else
374 *insn = BPF_LDX_MEM(BPF_H, BPF_REG_A, BPF_REG_TMP,
375 offsetof(struct net_device, type));
376 break;
377
378 case SKF_AD_OFF + SKF_AD_MARK:
379 cnt = convert_skb_access(SKF_AD_MARK, BPF_REG_A, BPF_REG_CTX, insn);
380 insn += cnt - 1;
381 break;
382
383 case SKF_AD_OFF + SKF_AD_RXHASH:
384 BUILD_BUG_ON(sizeof_field(struct sk_buff, hash) != 4);
385
386 *insn = BPF_LDX_MEM(BPF_W, BPF_REG_A, BPF_REG_CTX,
387 offsetof(struct sk_buff, hash));
388 break;
389
390 case SKF_AD_OFF + SKF_AD_QUEUE:
391 cnt = convert_skb_access(SKF_AD_QUEUE, BPF_REG_A, BPF_REG_CTX, insn);
392 insn += cnt - 1;
393 break;
394
395 case SKF_AD_OFF + SKF_AD_VLAN_TAG:
396 cnt = convert_skb_access(SKF_AD_VLAN_TAG,
397 BPF_REG_A, BPF_REG_CTX, insn);
398 insn += cnt - 1;
399 break;
400
401 case SKF_AD_OFF + SKF_AD_VLAN_TAG_PRESENT:
402 cnt = convert_skb_access(SKF_AD_VLAN_TAG_PRESENT,
403 BPF_REG_A, BPF_REG_CTX, insn);
404 insn += cnt - 1;
405 break;
406
407 case SKF_AD_OFF + SKF_AD_VLAN_TPID:
408 BUILD_BUG_ON(sizeof_field(struct sk_buff, vlan_proto) != 2);
409
410
411 *insn++ = BPF_LDX_MEM(BPF_H, BPF_REG_A, BPF_REG_CTX,
412 offsetof(struct sk_buff, vlan_proto));
413
414 *insn = BPF_ENDIAN(BPF_FROM_BE, BPF_REG_A, 16);
415 break;
416
417 case SKF_AD_OFF + SKF_AD_PAY_OFFSET:
418 case SKF_AD_OFF + SKF_AD_NLATTR:
419 case SKF_AD_OFF + SKF_AD_NLATTR_NEST:
420 case SKF_AD_OFF + SKF_AD_CPU:
421 case SKF_AD_OFF + SKF_AD_RANDOM:
422
423 *insn++ = BPF_MOV64_REG(BPF_REG_ARG1, BPF_REG_CTX);
424
425 *insn++ = BPF_MOV64_REG(BPF_REG_ARG2, BPF_REG_A);
426
427 *insn++ = BPF_MOV64_REG(BPF_REG_ARG3, BPF_REG_X);
428
429 switch (fp->k) {
430 case SKF_AD_OFF + SKF_AD_PAY_OFFSET:
431 *insn = BPF_EMIT_CALL(bpf_skb_get_pay_offset);
432 break;
433 case SKF_AD_OFF + SKF_AD_NLATTR:
434 *insn = BPF_EMIT_CALL(bpf_skb_get_nlattr);
435 break;
436 case SKF_AD_OFF + SKF_AD_NLATTR_NEST:
437 *insn = BPF_EMIT_CALL(bpf_skb_get_nlattr_nest);
438 break;
439 case SKF_AD_OFF + SKF_AD_CPU:
440 *insn = BPF_EMIT_CALL(bpf_get_raw_cpu_id);
441 break;
442 case SKF_AD_OFF + SKF_AD_RANDOM:
443 *insn = BPF_EMIT_CALL(bpf_user_rnd_u32);
444 bpf_user_rnd_init_once();
445 break;
446 }
447 break;
448
449 case SKF_AD_OFF + SKF_AD_ALU_XOR_X:
450
451 *insn = BPF_ALU32_REG(BPF_XOR, BPF_REG_A, BPF_REG_X);
452 break;
453
454 default:
455
456
457
458
459 BUG_ON(__bpf_call_base(0, 0, 0, 0, 0) != 0);
460 return false;
461 }
462
463 *insnp = insn;
464 return true;
465}
466
467static bool convert_bpf_ld_abs(struct sock_filter *fp, struct bpf_insn **insnp)
468{
469 const bool unaligned_ok = IS_BUILTIN(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS);
470 int size = bpf_size_to_bytes(BPF_SIZE(fp->code));
471 bool endian = BPF_SIZE(fp->code) == BPF_H ||
472 BPF_SIZE(fp->code) == BPF_W;
473 bool indirect = BPF_MODE(fp->code) == BPF_IND;
474 const int ip_align = NET_IP_ALIGN;
475 struct bpf_insn *insn = *insnp;
476 int offset = fp->k;
477
478 if (!indirect &&
479 ((unaligned_ok && offset >= 0) ||
480 (!unaligned_ok && offset >= 0 &&
481 offset + ip_align >= 0 &&
482 offset + ip_align % size == 0))) {
483 bool ldx_off_ok = offset <= S16_MAX;
484
485 *insn++ = BPF_MOV64_REG(BPF_REG_TMP, BPF_REG_H);
486 if (offset)
487 *insn++ = BPF_ALU64_IMM(BPF_SUB, BPF_REG_TMP, offset);
488 *insn++ = BPF_JMP_IMM(BPF_JSLT, BPF_REG_TMP,
489 size, 2 + endian + (!ldx_off_ok * 2));
490 if (ldx_off_ok) {
491 *insn++ = BPF_LDX_MEM(BPF_SIZE(fp->code), BPF_REG_A,
492 BPF_REG_D, offset);
493 } else {
494 *insn++ = BPF_MOV64_REG(BPF_REG_TMP, BPF_REG_D);
495 *insn++ = BPF_ALU64_IMM(BPF_ADD, BPF_REG_TMP, offset);
496 *insn++ = BPF_LDX_MEM(BPF_SIZE(fp->code), BPF_REG_A,
497 BPF_REG_TMP, 0);
498 }
499 if (endian)
500 *insn++ = BPF_ENDIAN(BPF_FROM_BE, BPF_REG_A, size * 8);
501 *insn++ = BPF_JMP_A(8);
502 }
503
504 *insn++ = BPF_MOV64_REG(BPF_REG_ARG1, BPF_REG_CTX);
505 *insn++ = BPF_MOV64_REG(BPF_REG_ARG2, BPF_REG_D);
506 *insn++ = BPF_MOV64_REG(BPF_REG_ARG3, BPF_REG_H);
507 if (!indirect) {
508 *insn++ = BPF_MOV64_IMM(BPF_REG_ARG4, offset);
509 } else {
510 *insn++ = BPF_MOV64_REG(BPF_REG_ARG4, BPF_REG_X);
511 if (fp->k)
512 *insn++ = BPF_ALU64_IMM(BPF_ADD, BPF_REG_ARG4, offset);
513 }
514
515 switch (BPF_SIZE(fp->code)) {
516 case BPF_B:
517 *insn++ = BPF_EMIT_CALL(bpf_skb_load_helper_8);
518 break;
519 case BPF_H:
520 *insn++ = BPF_EMIT_CALL(bpf_skb_load_helper_16);
521 break;
522 case BPF_W:
523 *insn++ = BPF_EMIT_CALL(bpf_skb_load_helper_32);
524 break;
525 default:
526 return false;
527 }
528
529 *insn++ = BPF_JMP_IMM(BPF_JSGE, BPF_REG_A, 0, 2);
530 *insn++ = BPF_ALU32_REG(BPF_XOR, BPF_REG_A, BPF_REG_A);
531 *insn = BPF_EXIT_INSN();
532
533 *insnp = insn;
534 return true;
535}
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556static int bpf_convert_filter(struct sock_filter *prog, int len,
557 struct bpf_prog *new_prog, int *new_len,
558 bool *seen_ld_abs)
559{
560 int new_flen = 0, pass = 0, target, i, stack_off;
561 struct bpf_insn *new_insn, *first_insn = NULL;
562 struct sock_filter *fp;
563 int *addrs = NULL;
564 u8 bpf_src;
565
566 BUILD_BUG_ON(BPF_MEMWORDS * sizeof(u32) > MAX_BPF_STACK);
567 BUILD_BUG_ON(BPF_REG_FP + 1 != MAX_BPF_REG);
568
569 if (len <= 0 || len > BPF_MAXINSNS)
570 return -EINVAL;
571
572 if (new_prog) {
573 first_insn = new_prog->insnsi;
574 addrs = kcalloc(len, sizeof(*addrs),
575 GFP_KERNEL | __GFP_NOWARN);
576 if (!addrs)
577 return -ENOMEM;
578 }
579
580do_pass:
581 new_insn = first_insn;
582 fp = prog;
583
584
585 if (new_prog) {
586
587
588
589 *new_insn++ = BPF_ALU32_REG(BPF_XOR, BPF_REG_A, BPF_REG_A);
590 *new_insn++ = BPF_ALU32_REG(BPF_XOR, BPF_REG_X, BPF_REG_X);
591
592
593
594
595
596 *new_insn++ = BPF_MOV64_REG(BPF_REG_CTX, BPF_REG_ARG1);
597 if (*seen_ld_abs) {
598
599
600
601
602
603 *new_insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct sk_buff, data),
604 BPF_REG_D, BPF_REG_CTX,
605 offsetof(struct sk_buff, data));
606 *new_insn++ = BPF_LDX_MEM(BPF_W, BPF_REG_H, BPF_REG_CTX,
607 offsetof(struct sk_buff, len));
608 *new_insn++ = BPF_LDX_MEM(BPF_W, BPF_REG_TMP, BPF_REG_CTX,
609 offsetof(struct sk_buff, data_len));
610 *new_insn++ = BPF_ALU32_REG(BPF_SUB, BPF_REG_H, BPF_REG_TMP);
611 }
612 } else {
613 new_insn += 3;
614 }
615
616 for (i = 0; i < len; fp++, i++) {
617 struct bpf_insn tmp_insns[32] = { };
618 struct bpf_insn *insn = tmp_insns;
619
620 if (addrs)
621 addrs[i] = new_insn - first_insn;
622
623 switch (fp->code) {
624
625 case BPF_ALU | BPF_ADD | BPF_X:
626 case BPF_ALU | BPF_ADD | BPF_K:
627 case BPF_ALU | BPF_SUB | BPF_X:
628 case BPF_ALU | BPF_SUB | BPF_K:
629 case BPF_ALU | BPF_AND | BPF_X:
630 case BPF_ALU | BPF_AND | BPF_K:
631 case BPF_ALU | BPF_OR | BPF_X:
632 case BPF_ALU | BPF_OR | BPF_K:
633 case BPF_ALU | BPF_LSH | BPF_X:
634 case BPF_ALU | BPF_LSH | BPF_K:
635 case BPF_ALU | BPF_RSH | BPF_X:
636 case BPF_ALU | BPF_RSH | BPF_K:
637 case BPF_ALU | BPF_XOR | BPF_X:
638 case BPF_ALU | BPF_XOR | BPF_K:
639 case BPF_ALU | BPF_MUL | BPF_X:
640 case BPF_ALU | BPF_MUL | BPF_K:
641 case BPF_ALU | BPF_DIV | BPF_X:
642 case BPF_ALU | BPF_DIV | BPF_K:
643 case BPF_ALU | BPF_MOD | BPF_X:
644 case BPF_ALU | BPF_MOD | BPF_K:
645 case BPF_ALU | BPF_NEG:
646 case BPF_LD | BPF_ABS | BPF_W:
647 case BPF_LD | BPF_ABS | BPF_H:
648 case BPF_LD | BPF_ABS | BPF_B:
649 case BPF_LD | BPF_IND | BPF_W:
650 case BPF_LD | BPF_IND | BPF_H:
651 case BPF_LD | BPF_IND | BPF_B:
652
653
654
655
656 if (BPF_CLASS(fp->code) == BPF_LD &&
657 BPF_MODE(fp->code) == BPF_ABS &&
658 convert_bpf_extensions(fp, &insn))
659 break;
660 if (BPF_CLASS(fp->code) == BPF_LD &&
661 convert_bpf_ld_abs(fp, &insn)) {
662 *seen_ld_abs = true;
663 break;
664 }
665
666 if (fp->code == (BPF_ALU | BPF_DIV | BPF_X) ||
667 fp->code == (BPF_ALU | BPF_MOD | BPF_X)) {
668 *insn++ = BPF_MOV32_REG(BPF_REG_X, BPF_REG_X);
669
670
671
672 *insn++ = BPF_JMP_IMM(BPF_JNE, BPF_REG_X, 0, 2);
673 *insn++ = BPF_ALU32_REG(BPF_XOR, BPF_REG_A, BPF_REG_A);
674 *insn++ = BPF_EXIT_INSN();
675 }
676
677 *insn = BPF_RAW_INSN(fp->code, BPF_REG_A, BPF_REG_X, 0, fp->k);
678 break;
679
680
681
682
683
684
685
686#define BPF_EMIT_JMP \
687 do { \
688 const s32 off_min = S16_MIN, off_max = S16_MAX; \
689 s32 off; \
690 \
691 if (target >= len || target < 0) \
692 goto err; \
693 off = addrs ? addrs[target] - addrs[i] - 1 : 0; \
694 \
695 off -= insn - tmp_insns; \
696 \
697 if (off < off_min || off > off_max) \
698 goto err; \
699 insn->off = off; \
700 } while (0)
701
702 case BPF_JMP | BPF_JA:
703 target = i + fp->k + 1;
704 insn->code = fp->code;
705 BPF_EMIT_JMP;
706 break;
707
708 case BPF_JMP | BPF_JEQ | BPF_K:
709 case BPF_JMP | BPF_JEQ | BPF_X:
710 case BPF_JMP | BPF_JSET | BPF_K:
711 case BPF_JMP | BPF_JSET | BPF_X:
712 case BPF_JMP | BPF_JGT | BPF_K:
713 case BPF_JMP | BPF_JGT | BPF_X:
714 case BPF_JMP | BPF_JGE | BPF_K:
715 case BPF_JMP | BPF_JGE | BPF_X:
716 if (BPF_SRC(fp->code) == BPF_K && (int) fp->k < 0) {
717
718
719
720
721 *insn++ = BPF_MOV32_IMM(BPF_REG_TMP, fp->k);
722
723 insn->dst_reg = BPF_REG_A;
724 insn->src_reg = BPF_REG_TMP;
725 bpf_src = BPF_X;
726 } else {
727 insn->dst_reg = BPF_REG_A;
728 insn->imm = fp->k;
729 bpf_src = BPF_SRC(fp->code);
730 insn->src_reg = bpf_src == BPF_X ? BPF_REG_X : 0;
731 }
732
733
734 if (fp->jf == 0) {
735 insn->code = BPF_JMP | BPF_OP(fp->code) | bpf_src;
736 target = i + fp->jt + 1;
737 BPF_EMIT_JMP;
738 break;
739 }
740
741
742 if (fp->jt == 0) {
743 switch (BPF_OP(fp->code)) {
744 case BPF_JEQ:
745 insn->code = BPF_JMP | BPF_JNE | bpf_src;
746 break;
747 case BPF_JGT:
748 insn->code = BPF_JMP | BPF_JLE | bpf_src;
749 break;
750 case BPF_JGE:
751 insn->code = BPF_JMP | BPF_JLT | bpf_src;
752 break;
753 default:
754 goto jmp_rest;
755 }
756
757 target = i + fp->jf + 1;
758 BPF_EMIT_JMP;
759 break;
760 }
761jmp_rest:
762
763 target = i + fp->jt + 1;
764 insn->code = BPF_JMP | BPF_OP(fp->code) | bpf_src;
765 BPF_EMIT_JMP;
766 insn++;
767
768 insn->code = BPF_JMP | BPF_JA;
769 target = i + fp->jf + 1;
770 BPF_EMIT_JMP;
771 break;
772
773
774 case BPF_LDX | BPF_MSH | BPF_B: {
775 struct sock_filter tmp = {
776 .code = BPF_LD | BPF_ABS | BPF_B,
777 .k = fp->k,
778 };
779
780 *seen_ld_abs = true;
781
782
783 *insn++ = BPF_MOV64_REG(BPF_REG_X, BPF_REG_A);
784
785 convert_bpf_ld_abs(&tmp, &insn);
786 insn++;
787
788 *insn++ = BPF_ALU32_IMM(BPF_AND, BPF_REG_A, 0xf);
789
790 *insn++ = BPF_ALU32_IMM(BPF_LSH, BPF_REG_A, 2);
791
792 *insn++ = BPF_MOV64_REG(BPF_REG_TMP, BPF_REG_X);
793
794 *insn++ = BPF_MOV64_REG(BPF_REG_X, BPF_REG_A);
795
796 *insn = BPF_MOV64_REG(BPF_REG_A, BPF_REG_TMP);
797 break;
798 }
799
800
801
802 case BPF_RET | BPF_A:
803 case BPF_RET | BPF_K:
804 if (BPF_RVAL(fp->code) == BPF_K)
805 *insn++ = BPF_MOV32_RAW(BPF_K, BPF_REG_0,
806 0, fp->k);
807 *insn = BPF_EXIT_INSN();
808 break;
809
810
811 case BPF_ST:
812 case BPF_STX:
813 stack_off = fp->k * 4 + 4;
814 *insn = BPF_STX_MEM(BPF_W, BPF_REG_FP, BPF_CLASS(fp->code) ==
815 BPF_ST ? BPF_REG_A : BPF_REG_X,
816 -stack_off);
817
818
819
820
821 if (new_prog && new_prog->aux->stack_depth < stack_off)
822 new_prog->aux->stack_depth = stack_off;
823 break;
824
825
826 case BPF_LD | BPF_MEM:
827 case BPF_LDX | BPF_MEM:
828 stack_off = fp->k * 4 + 4;
829 *insn = BPF_LDX_MEM(BPF_W, BPF_CLASS(fp->code) == BPF_LD ?
830 BPF_REG_A : BPF_REG_X, BPF_REG_FP,
831 -stack_off);
832 break;
833
834
835 case BPF_LD | BPF_IMM:
836 case BPF_LDX | BPF_IMM:
837 *insn = BPF_MOV32_IMM(BPF_CLASS(fp->code) == BPF_LD ?
838 BPF_REG_A : BPF_REG_X, fp->k);
839 break;
840
841
842 case BPF_MISC | BPF_TAX:
843 *insn = BPF_MOV64_REG(BPF_REG_X, BPF_REG_A);
844 break;
845
846
847 case BPF_MISC | BPF_TXA:
848 *insn = BPF_MOV64_REG(BPF_REG_A, BPF_REG_X);
849 break;
850
851
852 case BPF_LD | BPF_W | BPF_LEN:
853 case BPF_LDX | BPF_W | BPF_LEN:
854 *insn = BPF_LDX_MEM(BPF_W, BPF_CLASS(fp->code) == BPF_LD ?
855 BPF_REG_A : BPF_REG_X, BPF_REG_CTX,
856 offsetof(struct sk_buff, len));
857 break;
858
859
860 case BPF_LDX | BPF_ABS | BPF_W:
861
862 *insn = BPF_LDX_MEM(BPF_W, BPF_REG_A, BPF_REG_CTX, fp->k);
863 break;
864
865
866 default:
867 goto err;
868 }
869
870 insn++;
871 if (new_prog)
872 memcpy(new_insn, tmp_insns,
873 sizeof(*insn) * (insn - tmp_insns));
874 new_insn += insn - tmp_insns;
875 }
876
877 if (!new_prog) {
878
879 *new_len = new_insn - first_insn;
880 if (*seen_ld_abs)
881 *new_len += 4;
882 return 0;
883 }
884
885 pass++;
886 if (new_flen != new_insn - first_insn) {
887 new_flen = new_insn - first_insn;
888 if (pass > 2)
889 goto err;
890 goto do_pass;
891 }
892
893 kfree(addrs);
894 BUG_ON(*new_len != new_flen);
895 return 0;
896err:
897 kfree(addrs);
898 return -EINVAL;
899}
900
901
902
903
904
905
906
907
908static int check_load_and_stores(const struct sock_filter *filter, int flen)
909{
910 u16 *masks, memvalid = 0;
911 int pc, ret = 0;
912
913 BUILD_BUG_ON(BPF_MEMWORDS > 16);
914
915 masks = kmalloc_array(flen, sizeof(*masks), GFP_KERNEL);
916 if (!masks)
917 return -ENOMEM;
918
919 memset(masks, 0xff, flen * sizeof(*masks));
920
921 for (pc = 0; pc < flen; pc++) {
922 memvalid &= masks[pc];
923
924 switch (filter[pc].code) {
925 case BPF_ST:
926 case BPF_STX:
927 memvalid |= (1 << filter[pc].k);
928 break;
929 case BPF_LD | BPF_MEM:
930 case BPF_LDX | BPF_MEM:
931 if (!(memvalid & (1 << filter[pc].k))) {
932 ret = -EINVAL;
933 goto error;
934 }
935 break;
936 case BPF_JMP | BPF_JA:
937
938 masks[pc + 1 + filter[pc].k] &= memvalid;
939 memvalid = ~0;
940 break;
941 case BPF_JMP | BPF_JEQ | BPF_K:
942 case BPF_JMP | BPF_JEQ | BPF_X:
943 case BPF_JMP | BPF_JGE | BPF_K:
944 case BPF_JMP | BPF_JGE | BPF_X:
945 case BPF_JMP | BPF_JGT | BPF_K:
946 case BPF_JMP | BPF_JGT | BPF_X:
947 case BPF_JMP | BPF_JSET | BPF_K:
948 case BPF_JMP | BPF_JSET | BPF_X:
949
950 masks[pc + 1 + filter[pc].jt] &= memvalid;
951 masks[pc + 1 + filter[pc].jf] &= memvalid;
952 memvalid = ~0;
953 break;
954 }
955 }
956error:
957 kfree(masks);
958 return ret;
959}
960
961static bool chk_code_allowed(u16 code_to_probe)
962{
963 static const bool codes[] = {
964
965 [BPF_ALU | BPF_ADD | BPF_K] = true,
966 [BPF_ALU | BPF_ADD | BPF_X] = true,
967 [BPF_ALU | BPF_SUB | BPF_K] = true,
968 [BPF_ALU | BPF_SUB | BPF_X] = true,
969 [BPF_ALU | BPF_MUL | BPF_K] = true,
970 [BPF_ALU | BPF_MUL | BPF_X] = true,
971 [BPF_ALU | BPF_DIV | BPF_K] = true,
972 [BPF_ALU | BPF_DIV | BPF_X] = true,
973 [BPF_ALU | BPF_MOD | BPF_K] = true,
974 [BPF_ALU | BPF_MOD | BPF_X] = true,
975 [BPF_ALU | BPF_AND | BPF_K] = true,
976 [BPF_ALU | BPF_AND | BPF_X] = true,
977 [BPF_ALU | BPF_OR | BPF_K] = true,
978 [BPF_ALU | BPF_OR | BPF_X] = true,
979 [BPF_ALU | BPF_XOR | BPF_K] = true,
980 [BPF_ALU | BPF_XOR | BPF_X] = true,
981 [BPF_ALU | BPF_LSH | BPF_K] = true,
982 [BPF_ALU | BPF_LSH | BPF_X] = true,
983 [BPF_ALU | BPF_RSH | BPF_K] = true,
984 [BPF_ALU | BPF_RSH | BPF_X] = true,
985 [BPF_ALU | BPF_NEG] = true,
986
987 [BPF_LD | BPF_W | BPF_ABS] = true,
988 [BPF_LD | BPF_H | BPF_ABS] = true,
989 [BPF_LD | BPF_B | BPF_ABS] = true,
990 [BPF_LD | BPF_W | BPF_LEN] = true,
991 [BPF_LD | BPF_W | BPF_IND] = true,
992 [BPF_LD | BPF_H | BPF_IND] = true,
993 [BPF_LD | BPF_B | BPF_IND] = true,
994 [BPF_LD | BPF_IMM] = true,
995 [BPF_LD | BPF_MEM] = true,
996 [BPF_LDX | BPF_W | BPF_LEN] = true,
997 [BPF_LDX | BPF_B | BPF_MSH] = true,
998 [BPF_LDX | BPF_IMM] = true,
999 [BPF_LDX | BPF_MEM] = true,
1000
1001 [BPF_ST] = true,
1002 [BPF_STX] = true,
1003
1004 [BPF_MISC | BPF_TAX] = true,
1005 [BPF_MISC | BPF_TXA] = true,
1006
1007 [BPF_RET | BPF_K] = true,
1008 [BPF_RET | BPF_A] = true,
1009
1010 [BPF_JMP | BPF_JA] = true,
1011 [BPF_JMP | BPF_JEQ | BPF_K] = true,
1012 [BPF_JMP | BPF_JEQ | BPF_X] = true,
1013 [BPF_JMP | BPF_JGE | BPF_K] = true,
1014 [BPF_JMP | BPF_JGE | BPF_X] = true,
1015 [BPF_JMP | BPF_JGT | BPF_K] = true,
1016 [BPF_JMP | BPF_JGT | BPF_X] = true,
1017 [BPF_JMP | BPF_JSET | BPF_K] = true,
1018 [BPF_JMP | BPF_JSET | BPF_X] = true,
1019 };
1020
1021 if (code_to_probe >= ARRAY_SIZE(codes))
1022 return false;
1023
1024 return codes[code_to_probe];
1025}
1026
1027static bool bpf_check_basics_ok(const struct sock_filter *filter,
1028 unsigned int flen)
1029{
1030 if (filter == NULL)
1031 return false;
1032 if (flen == 0 || flen > BPF_MAXINSNS)
1033 return false;
1034
1035 return true;
1036}
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052static int bpf_check_classic(const struct sock_filter *filter,
1053 unsigned int flen)
1054{
1055 bool anc_found;
1056 int pc;
1057
1058
1059 for (pc = 0; pc < flen; pc++) {
1060 const struct sock_filter *ftest = &filter[pc];
1061
1062
1063 if (!chk_code_allowed(ftest->code))
1064 return -EINVAL;
1065
1066
1067 switch (ftest->code) {
1068 case BPF_ALU | BPF_DIV | BPF_K:
1069 case BPF_ALU | BPF_MOD | BPF_K:
1070
1071 if (ftest->k == 0)
1072 return -EINVAL;
1073 break;
1074 case BPF_ALU | BPF_LSH | BPF_K:
1075 case BPF_ALU | BPF_RSH | BPF_K:
1076 if (ftest->k >= 32)
1077 return -EINVAL;
1078 break;
1079 case BPF_LD | BPF_MEM:
1080 case BPF_LDX | BPF_MEM:
1081 case BPF_ST:
1082 case BPF_STX:
1083
1084 if (ftest->k >= BPF_MEMWORDS)
1085 return -EINVAL;
1086 break;
1087 case BPF_JMP | BPF_JA:
1088
1089
1090
1091
1092 if (ftest->k >= (unsigned int)(flen - pc - 1))
1093 return -EINVAL;
1094 break;
1095 case BPF_JMP | BPF_JEQ | BPF_K:
1096 case BPF_JMP | BPF_JEQ | BPF_X:
1097 case BPF_JMP | BPF_JGE | BPF_K:
1098 case BPF_JMP | BPF_JGE | BPF_X:
1099 case BPF_JMP | BPF_JGT | BPF_K:
1100 case BPF_JMP | BPF_JGT | BPF_X:
1101 case BPF_JMP | BPF_JSET | BPF_K:
1102 case BPF_JMP | BPF_JSET | BPF_X:
1103
1104 if (pc + ftest->jt + 1 >= flen ||
1105 pc + ftest->jf + 1 >= flen)
1106 return -EINVAL;
1107 break;
1108 case BPF_LD | BPF_W | BPF_ABS:
1109 case BPF_LD | BPF_H | BPF_ABS:
1110 case BPF_LD | BPF_B | BPF_ABS:
1111 anc_found = false;
1112 if (bpf_anc_helper(ftest) & BPF_ANC)
1113 anc_found = true;
1114
1115 if (anc_found == false && ftest->k >= SKF_AD_OFF)
1116 return -EINVAL;
1117 }
1118 }
1119
1120
1121 switch (filter[flen - 1].code) {
1122 case BPF_RET | BPF_K:
1123 case BPF_RET | BPF_A:
1124 return check_load_and_stores(filter, flen);
1125 }
1126
1127 return -EINVAL;
1128}
1129
1130static int bpf_prog_store_orig_filter(struct bpf_prog *fp,
1131 const struct sock_fprog *fprog)
1132{
1133 unsigned int fsize = bpf_classic_proglen(fprog);
1134 struct sock_fprog_kern *fkprog;
1135
1136 fp->orig_prog = kmalloc(sizeof(*fkprog), GFP_KERNEL);
1137 if (!fp->orig_prog)
1138 return -ENOMEM;
1139
1140 fkprog = fp->orig_prog;
1141 fkprog->len = fprog->len;
1142
1143 fkprog->filter = kmemdup(fp->insns, fsize,
1144 GFP_KERNEL | __GFP_NOWARN);
1145 if (!fkprog->filter) {
1146 kfree(fp->orig_prog);
1147 return -ENOMEM;
1148 }
1149
1150 return 0;
1151}
1152
1153static void bpf_release_orig_filter(struct bpf_prog *fp)
1154{
1155 struct sock_fprog_kern *fprog = fp->orig_prog;
1156
1157 if (fprog) {
1158 kfree(fprog->filter);
1159 kfree(fprog);
1160 }
1161}
1162
1163static void __bpf_prog_release(struct bpf_prog *prog)
1164{
1165 if (prog->type == BPF_PROG_TYPE_SOCKET_FILTER) {
1166 bpf_prog_put(prog);
1167 } else {
1168 bpf_release_orig_filter(prog);
1169 bpf_prog_free(prog);
1170 }
1171}
1172
1173static void __sk_filter_release(struct sk_filter *fp)
1174{
1175 __bpf_prog_release(fp->prog);
1176 kfree(fp);
1177}
1178
1179
1180
1181
1182
1183static void sk_filter_release_rcu(struct rcu_head *rcu)
1184{
1185 struct sk_filter *fp = container_of(rcu, struct sk_filter, rcu);
1186
1187 __sk_filter_release(fp);
1188}
1189
1190
1191
1192
1193
1194
1195
1196static void sk_filter_release(struct sk_filter *fp)
1197{
1198 if (refcount_dec_and_test(&fp->refcnt))
1199 call_rcu(&fp->rcu, sk_filter_release_rcu);
1200}
1201
1202void sk_filter_uncharge(struct sock *sk, struct sk_filter *fp)
1203{
1204 u32 filter_size = bpf_prog_size(fp->prog->len);
1205
1206 atomic_sub(filter_size, &sk->sk_omem_alloc);
1207 sk_filter_release(fp);
1208}
1209
1210
1211
1212
1213static bool __sk_filter_charge(struct sock *sk, struct sk_filter *fp)
1214{
1215 u32 filter_size = bpf_prog_size(fp->prog->len);
1216
1217
1218 if (filter_size <= sysctl_optmem_max &&
1219 atomic_read(&sk->sk_omem_alloc) + filter_size < sysctl_optmem_max) {
1220 atomic_add(filter_size, &sk->sk_omem_alloc);
1221 return true;
1222 }
1223 return false;
1224}
1225
1226bool sk_filter_charge(struct sock *sk, struct sk_filter *fp)
1227{
1228 if (!refcount_inc_not_zero(&fp->refcnt))
1229 return false;
1230
1231 if (!__sk_filter_charge(sk, fp)) {
1232 sk_filter_release(fp);
1233 return false;
1234 }
1235 return true;
1236}
1237
1238static struct bpf_prog *bpf_migrate_filter(struct bpf_prog *fp)
1239{
1240 struct sock_filter *old_prog;
1241 struct bpf_prog *old_fp;
1242 int err, new_len, old_len = fp->len;
1243 bool seen_ld_abs = false;
1244
1245
1246
1247
1248
1249 BUILD_BUG_ON(sizeof(struct sock_filter) !=
1250 sizeof(struct bpf_insn));
1251
1252
1253
1254
1255
1256 old_prog = kmemdup(fp->insns, old_len * sizeof(struct sock_filter),
1257 GFP_KERNEL | __GFP_NOWARN);
1258 if (!old_prog) {
1259 err = -ENOMEM;
1260 goto out_err;
1261 }
1262
1263
1264 err = bpf_convert_filter(old_prog, old_len, NULL, &new_len,
1265 &seen_ld_abs);
1266 if (err)
1267 goto out_err_free;
1268
1269
1270 old_fp = fp;
1271 fp = bpf_prog_realloc(old_fp, bpf_prog_size(new_len), 0);
1272 if (!fp) {
1273
1274
1275
1276 fp = old_fp;
1277 err = -ENOMEM;
1278 goto out_err_free;
1279 }
1280
1281 fp->len = new_len;
1282
1283
1284 err = bpf_convert_filter(old_prog, old_len, fp, &new_len,
1285 &seen_ld_abs);
1286 if (err)
1287
1288
1289
1290
1291
1292 goto out_err_free;
1293
1294 fp = bpf_prog_select_runtime(fp, &err);
1295 if (err)
1296 goto out_err_free;
1297
1298 kfree(old_prog);
1299 return fp;
1300
1301out_err_free:
1302 kfree(old_prog);
1303out_err:
1304 __bpf_prog_release(fp);
1305 return ERR_PTR(err);
1306}
1307
1308static struct bpf_prog *bpf_prepare_filter(struct bpf_prog *fp,
1309 bpf_aux_classic_check_t trans)
1310{
1311 int err;
1312
1313 fp->bpf_func = NULL;
1314 fp->jited = 0;
1315
1316 err = bpf_check_classic(fp->insns, fp->len);
1317 if (err) {
1318 __bpf_prog_release(fp);
1319 return ERR_PTR(err);
1320 }
1321
1322
1323
1324
1325 if (trans) {
1326 err = trans(fp->insns, fp->len);
1327 if (err) {
1328 __bpf_prog_release(fp);
1329 return ERR_PTR(err);
1330 }
1331 }
1332
1333
1334
1335
1336 bpf_jit_compile(fp);
1337
1338
1339
1340
1341 if (!fp->jited)
1342 fp = bpf_migrate_filter(fp);
1343
1344 return fp;
1345}
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357int bpf_prog_create(struct bpf_prog **pfp, struct sock_fprog_kern *fprog)
1358{
1359 unsigned int fsize = bpf_classic_proglen(fprog);
1360 struct bpf_prog *fp;
1361
1362
1363 if (!bpf_check_basics_ok(fprog->filter, fprog->len))
1364 return -EINVAL;
1365
1366 fp = bpf_prog_alloc(bpf_prog_size(fprog->len), 0);
1367 if (!fp)
1368 return -ENOMEM;
1369
1370 memcpy(fp->insns, fprog->filter, fsize);
1371
1372 fp->len = fprog->len;
1373
1374
1375
1376
1377 fp->orig_prog = NULL;
1378
1379
1380
1381
1382 fp = bpf_prepare_filter(fp, NULL);
1383 if (IS_ERR(fp))
1384 return PTR_ERR(fp);
1385
1386 *pfp = fp;
1387 return 0;
1388}
1389EXPORT_SYMBOL_GPL(bpf_prog_create);
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402int bpf_prog_create_from_user(struct bpf_prog **pfp, struct sock_fprog *fprog,
1403 bpf_aux_classic_check_t trans, bool save_orig)
1404{
1405 unsigned int fsize = bpf_classic_proglen(fprog);
1406 struct bpf_prog *fp;
1407 int err;
1408
1409
1410 if (!bpf_check_basics_ok(fprog->filter, fprog->len))
1411 return -EINVAL;
1412
1413 fp = bpf_prog_alloc(bpf_prog_size(fprog->len), 0);
1414 if (!fp)
1415 return -ENOMEM;
1416
1417 if (copy_from_user(fp->insns, fprog->filter, fsize)) {
1418 __bpf_prog_free(fp);
1419 return -EFAULT;
1420 }
1421
1422 fp->len = fprog->len;
1423 fp->orig_prog = NULL;
1424
1425 if (save_orig) {
1426 err = bpf_prog_store_orig_filter(fp, fprog);
1427 if (err) {
1428 __bpf_prog_free(fp);
1429 return -ENOMEM;
1430 }
1431 }
1432
1433
1434
1435
1436 fp = bpf_prepare_filter(fp, trans);
1437 if (IS_ERR(fp))
1438 return PTR_ERR(fp);
1439
1440 *pfp = fp;
1441 return 0;
1442}
1443EXPORT_SYMBOL_GPL(bpf_prog_create_from_user);
1444
1445void bpf_prog_destroy(struct bpf_prog *fp)
1446{
1447 __bpf_prog_release(fp);
1448}
1449EXPORT_SYMBOL_GPL(bpf_prog_destroy);
1450
1451static int __sk_attach_prog(struct bpf_prog *prog, struct sock *sk)
1452{
1453 struct sk_filter *fp, *old_fp;
1454
1455 fp = kmalloc(sizeof(*fp), GFP_KERNEL);
1456 if (!fp)
1457 return -ENOMEM;
1458
1459 fp->prog = prog;
1460
1461 if (!__sk_filter_charge(sk, fp)) {
1462 kfree(fp);
1463 return -ENOMEM;
1464 }
1465 refcount_set(&fp->refcnt, 1);
1466
1467 old_fp = rcu_dereference_protected(sk->sk_filter,
1468 lockdep_sock_is_held(sk));
1469 rcu_assign_pointer(sk->sk_filter, fp);
1470
1471 if (old_fp)
1472 sk_filter_uncharge(sk, old_fp);
1473
1474 return 0;
1475}
1476
1477static
1478struct bpf_prog *__get_filter(struct sock_fprog *fprog, struct sock *sk)
1479{
1480 unsigned int fsize = bpf_classic_proglen(fprog);
1481 struct bpf_prog *prog;
1482 int err;
1483
1484 if (sock_flag(sk, SOCK_FILTER_LOCKED))
1485 return ERR_PTR(-EPERM);
1486
1487
1488 if (!bpf_check_basics_ok(fprog->filter, fprog->len))
1489 return ERR_PTR(-EINVAL);
1490
1491 prog = bpf_prog_alloc(bpf_prog_size(fprog->len), 0);
1492 if (!prog)
1493 return ERR_PTR(-ENOMEM);
1494
1495 if (copy_from_user(prog->insns, fprog->filter, fsize)) {
1496 __bpf_prog_free(prog);
1497 return ERR_PTR(-EFAULT);
1498 }
1499
1500 prog->len = fprog->len;
1501
1502 err = bpf_prog_store_orig_filter(prog, fprog);
1503 if (err) {
1504 __bpf_prog_free(prog);
1505 return ERR_PTR(-ENOMEM);
1506 }
1507
1508
1509
1510
1511 return bpf_prepare_filter(prog, NULL);
1512}
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524int sk_attach_filter(struct sock_fprog *fprog, struct sock *sk)
1525{
1526 struct bpf_prog *prog = __get_filter(fprog, sk);
1527 int err;
1528
1529 if (IS_ERR(prog))
1530 return PTR_ERR(prog);
1531
1532 err = __sk_attach_prog(prog, sk);
1533 if (err < 0) {
1534 __bpf_prog_release(prog);
1535 return err;
1536 }
1537
1538 return 0;
1539}
1540EXPORT_SYMBOL_GPL(sk_attach_filter);
1541
1542int sk_reuseport_attach_filter(struct sock_fprog *fprog, struct sock *sk)
1543{
1544 struct bpf_prog *prog = __get_filter(fprog, sk);
1545 int err;
1546
1547 if (IS_ERR(prog))
1548 return PTR_ERR(prog);
1549
1550 if (bpf_prog_size(prog->len) > sysctl_optmem_max)
1551 err = -ENOMEM;
1552 else
1553 err = reuseport_attach_prog(sk, prog);
1554
1555 if (err)
1556 __bpf_prog_release(prog);
1557
1558 return err;
1559}
1560
1561static struct bpf_prog *__get_bpf(u32 ufd, struct sock *sk)
1562{
1563 if (sock_flag(sk, SOCK_FILTER_LOCKED))
1564 return ERR_PTR(-EPERM);
1565
1566 return bpf_prog_get_type(ufd, BPF_PROG_TYPE_SOCKET_FILTER);
1567}
1568
1569int sk_attach_bpf(u32 ufd, struct sock *sk)
1570{
1571 struct bpf_prog *prog = __get_bpf(ufd, sk);
1572 int err;
1573
1574 if (IS_ERR(prog))
1575 return PTR_ERR(prog);
1576
1577 err = __sk_attach_prog(prog, sk);
1578 if (err < 0) {
1579 bpf_prog_put(prog);
1580 return err;
1581 }
1582
1583 return 0;
1584}
1585
1586int sk_reuseport_attach_bpf(u32 ufd, struct sock *sk)
1587{
1588 struct bpf_prog *prog;
1589 int err;
1590
1591 if (sock_flag(sk, SOCK_FILTER_LOCKED))
1592 return -EPERM;
1593
1594 prog = bpf_prog_get_type(ufd, BPF_PROG_TYPE_SOCKET_FILTER);
1595 if (PTR_ERR(prog) == -EINVAL)
1596 prog = bpf_prog_get_type(ufd, BPF_PROG_TYPE_SK_REUSEPORT);
1597 if (IS_ERR(prog))
1598 return PTR_ERR(prog);
1599
1600 if (prog->type == BPF_PROG_TYPE_SK_REUSEPORT) {
1601
1602
1603
1604
1605
1606 if ((sk->sk_type != SOCK_STREAM &&
1607 sk->sk_type != SOCK_DGRAM) ||
1608 (sk->sk_protocol != IPPROTO_UDP &&
1609 sk->sk_protocol != IPPROTO_TCP) ||
1610 (sk->sk_family != AF_INET &&
1611 sk->sk_family != AF_INET6)) {
1612 err = -ENOTSUPP;
1613 goto err_prog_put;
1614 }
1615 } else {
1616
1617 if (bpf_prog_size(prog->len) > sysctl_optmem_max) {
1618 err = -ENOMEM;
1619 goto err_prog_put;
1620 }
1621 }
1622
1623 err = reuseport_attach_prog(sk, prog);
1624err_prog_put:
1625 if (err)
1626 bpf_prog_put(prog);
1627
1628 return err;
1629}
1630
1631void sk_reuseport_prog_free(struct bpf_prog *prog)
1632{
1633 if (!prog)
1634 return;
1635
1636 if (prog->type == BPF_PROG_TYPE_SK_REUSEPORT)
1637 bpf_prog_put(prog);
1638 else
1639 bpf_prog_destroy(prog);
1640}
1641
1642struct bpf_scratchpad {
1643 union {
1644 __be32 diff[MAX_BPF_STACK / sizeof(__be32)];
1645 u8 buff[MAX_BPF_STACK];
1646 };
1647};
1648
1649static DEFINE_PER_CPU(struct bpf_scratchpad, bpf_sp);
1650
1651static inline int __bpf_try_make_writable(struct sk_buff *skb,
1652 unsigned int write_len)
1653{
1654 return skb_ensure_writable(skb, write_len);
1655}
1656
1657static inline int bpf_try_make_writable(struct sk_buff *skb,
1658 unsigned int write_len)
1659{
1660 int err = __bpf_try_make_writable(skb, write_len);
1661
1662 bpf_compute_data_pointers(skb);
1663 return err;
1664}
1665
1666static int bpf_try_make_head_writable(struct sk_buff *skb)
1667{
1668 return bpf_try_make_writable(skb, skb_headlen(skb));
1669}
1670
1671static inline void bpf_push_mac_rcsum(struct sk_buff *skb)
1672{
1673 if (skb_at_tc_ingress(skb))
1674 skb_postpush_rcsum(skb, skb_mac_header(skb), skb->mac_len);
1675}
1676
1677static inline void bpf_pull_mac_rcsum(struct sk_buff *skb)
1678{
1679 if (skb_at_tc_ingress(skb))
1680 skb_postpull_rcsum(skb, skb_mac_header(skb), skb->mac_len);
1681}
1682
1683BPF_CALL_5(bpf_skb_store_bytes, struct sk_buff *, skb, u32, offset,
1684 const void *, from, u32, len, u64, flags)
1685{
1686 void *ptr;
1687
1688 if (unlikely(flags & ~(BPF_F_RECOMPUTE_CSUM | BPF_F_INVALIDATE_HASH)))
1689 return -EINVAL;
1690 if (unlikely(offset > 0xffff))
1691 return -EFAULT;
1692 if (unlikely(bpf_try_make_writable(skb, offset + len)))
1693 return -EFAULT;
1694
1695 ptr = skb->data + offset;
1696 if (flags & BPF_F_RECOMPUTE_CSUM)
1697 __skb_postpull_rcsum(skb, ptr, len, offset);
1698
1699 memcpy(ptr, from, len);
1700
1701 if (flags & BPF_F_RECOMPUTE_CSUM)
1702 __skb_postpush_rcsum(skb, ptr, len, offset);
1703 if (flags & BPF_F_INVALIDATE_HASH)
1704 skb_clear_hash(skb);
1705
1706 return 0;
1707}
1708
1709static const struct bpf_func_proto bpf_skb_store_bytes_proto = {
1710 .func = bpf_skb_store_bytes,
1711 .gpl_only = false,
1712 .ret_type = RET_INTEGER,
1713 .arg1_type = ARG_PTR_TO_CTX,
1714 .arg2_type = ARG_ANYTHING,
1715 .arg3_type = ARG_PTR_TO_MEM | MEM_RDONLY,
1716 .arg4_type = ARG_CONST_SIZE,
1717 .arg5_type = ARG_ANYTHING,
1718};
1719
1720BPF_CALL_4(bpf_skb_load_bytes, const struct sk_buff *, skb, u32, offset,
1721 void *, to, u32, len)
1722{
1723 void *ptr;
1724
1725 if (unlikely(offset > 0xffff))
1726 goto err_clear;
1727
1728 ptr = skb_header_pointer(skb, offset, len, to);
1729 if (unlikely(!ptr))
1730 goto err_clear;
1731 if (ptr != to)
1732 memcpy(to, ptr, len);
1733
1734 return 0;
1735err_clear:
1736 memset(to, 0, len);
1737 return -EFAULT;
1738}
1739
1740static const struct bpf_func_proto bpf_skb_load_bytes_proto = {
1741 .func = bpf_skb_load_bytes,
1742 .gpl_only = false,
1743 .ret_type = RET_INTEGER,
1744 .arg1_type = ARG_PTR_TO_CTX,
1745 .arg2_type = ARG_ANYTHING,
1746 .arg3_type = ARG_PTR_TO_UNINIT_MEM,
1747 .arg4_type = ARG_CONST_SIZE,
1748};
1749
1750BPF_CALL_4(bpf_flow_dissector_load_bytes,
1751 const struct bpf_flow_dissector *, ctx, u32, offset,
1752 void *, to, u32, len)
1753{
1754 void *ptr;
1755
1756 if (unlikely(offset > 0xffff))
1757 goto err_clear;
1758
1759 if (unlikely(!ctx->skb))
1760 goto err_clear;
1761
1762 ptr = skb_header_pointer(ctx->skb, offset, len, to);
1763 if (unlikely(!ptr))
1764 goto err_clear;
1765 if (ptr != to)
1766 memcpy(to, ptr, len);
1767
1768 return 0;
1769err_clear:
1770 memset(to, 0, len);
1771 return -EFAULT;
1772}
1773
1774static const struct bpf_func_proto bpf_flow_dissector_load_bytes_proto = {
1775 .func = bpf_flow_dissector_load_bytes,
1776 .gpl_only = false,
1777 .ret_type = RET_INTEGER,
1778 .arg1_type = ARG_PTR_TO_CTX,
1779 .arg2_type = ARG_ANYTHING,
1780 .arg3_type = ARG_PTR_TO_UNINIT_MEM,
1781 .arg4_type = ARG_CONST_SIZE,
1782};
1783
1784BPF_CALL_5(bpf_skb_load_bytes_relative, const struct sk_buff *, skb,
1785 u32, offset, void *, to, u32, len, u32, start_header)
1786{
1787 u8 *end = skb_tail_pointer(skb);
1788 u8 *start, *ptr;
1789
1790 if (unlikely(offset > 0xffff))
1791 goto err_clear;
1792
1793 switch (start_header) {
1794 case BPF_HDR_START_MAC:
1795 if (unlikely(!skb_mac_header_was_set(skb)))
1796 goto err_clear;
1797 start = skb_mac_header(skb);
1798 break;
1799 case BPF_HDR_START_NET:
1800 start = skb_network_header(skb);
1801 break;
1802 default:
1803 goto err_clear;
1804 }
1805
1806 ptr = start + offset;
1807
1808 if (likely(ptr + len <= end)) {
1809 memcpy(to, ptr, len);
1810 return 0;
1811 }
1812
1813err_clear:
1814 memset(to, 0, len);
1815 return -EFAULT;
1816}
1817
1818static const struct bpf_func_proto bpf_skb_load_bytes_relative_proto = {
1819 .func = bpf_skb_load_bytes_relative,
1820 .gpl_only = false,
1821 .ret_type = RET_INTEGER,
1822 .arg1_type = ARG_PTR_TO_CTX,
1823 .arg2_type = ARG_ANYTHING,
1824 .arg3_type = ARG_PTR_TO_UNINIT_MEM,
1825 .arg4_type = ARG_CONST_SIZE,
1826 .arg5_type = ARG_ANYTHING,
1827};
1828
1829BPF_CALL_2(bpf_skb_pull_data, struct sk_buff *, skb, u32, len)
1830{
1831
1832
1833
1834
1835
1836
1837
1838
1839
1840 return bpf_try_make_writable(skb, len ? : skb_headlen(skb));
1841}
1842
1843static const struct bpf_func_proto bpf_skb_pull_data_proto = {
1844 .func = bpf_skb_pull_data,
1845 .gpl_only = false,
1846 .ret_type = RET_INTEGER,
1847 .arg1_type = ARG_PTR_TO_CTX,
1848 .arg2_type = ARG_ANYTHING,
1849};
1850
1851BPF_CALL_1(bpf_sk_fullsock, struct sock *, sk)
1852{
1853 return sk_fullsock(sk) ? (unsigned long)sk : (unsigned long)NULL;
1854}
1855
1856static const struct bpf_func_proto bpf_sk_fullsock_proto = {
1857 .func = bpf_sk_fullsock,
1858 .gpl_only = false,
1859 .ret_type = RET_PTR_TO_SOCKET_OR_NULL,
1860 .arg1_type = ARG_PTR_TO_SOCK_COMMON,
1861};
1862
1863static inline int sk_skb_try_make_writable(struct sk_buff *skb,
1864 unsigned int write_len)
1865{
1866 return __bpf_try_make_writable(skb, write_len);
1867}
1868
1869BPF_CALL_2(sk_skb_pull_data, struct sk_buff *, skb, u32, len)
1870{
1871
1872
1873
1874
1875
1876
1877
1878
1879
1880 return sk_skb_try_make_writable(skb, len ? : skb_headlen(skb));
1881}
1882
1883static const struct bpf_func_proto sk_skb_pull_data_proto = {
1884 .func = sk_skb_pull_data,
1885 .gpl_only = false,
1886 .ret_type = RET_INTEGER,
1887 .arg1_type = ARG_PTR_TO_CTX,
1888 .arg2_type = ARG_ANYTHING,
1889};
1890
1891BPF_CALL_5(bpf_l3_csum_replace, struct sk_buff *, skb, u32, offset,
1892 u64, from, u64, to, u64, flags)
1893{
1894 __sum16 *ptr;
1895
1896 if (unlikely(flags & ~(BPF_F_HDR_FIELD_MASK)))
1897 return -EINVAL;
1898 if (unlikely(offset > 0xffff || offset & 1))
1899 return -EFAULT;
1900 if (unlikely(bpf_try_make_writable(skb, offset + sizeof(*ptr))))
1901 return -EFAULT;
1902
1903 ptr = (__sum16 *)(skb->data + offset);
1904 switch (flags & BPF_F_HDR_FIELD_MASK) {
1905 case 0:
1906 if (unlikely(from != 0))
1907 return -EINVAL;
1908
1909 csum_replace_by_diff(ptr, to);
1910 break;
1911 case 2:
1912 csum_replace2(ptr, from, to);
1913 break;
1914 case 4:
1915 csum_replace4(ptr, from, to);
1916 break;
1917 default:
1918 return -EINVAL;
1919 }
1920
1921 return 0;
1922}
1923
1924static const struct bpf_func_proto bpf_l3_csum_replace_proto = {
1925 .func = bpf_l3_csum_replace,
1926 .gpl_only = false,
1927 .ret_type = RET_INTEGER,
1928 .arg1_type = ARG_PTR_TO_CTX,
1929 .arg2_type = ARG_ANYTHING,
1930 .arg3_type = ARG_ANYTHING,
1931 .arg4_type = ARG_ANYTHING,
1932 .arg5_type = ARG_ANYTHING,
1933};
1934
1935BPF_CALL_5(bpf_l4_csum_replace, struct sk_buff *, skb, u32, offset,
1936 u64, from, u64, to, u64, flags)
1937{
1938 bool is_pseudo = flags & BPF_F_PSEUDO_HDR;
1939 bool is_mmzero = flags & BPF_F_MARK_MANGLED_0;
1940 bool do_mforce = flags & BPF_F_MARK_ENFORCE;
1941 __sum16 *ptr;
1942
1943 if (unlikely(flags & ~(BPF_F_MARK_MANGLED_0 | BPF_F_MARK_ENFORCE |
1944 BPF_F_PSEUDO_HDR | BPF_F_HDR_FIELD_MASK)))
1945 return -EINVAL;
1946 if (unlikely(offset > 0xffff || offset & 1))
1947 return -EFAULT;
1948 if (unlikely(bpf_try_make_writable(skb, offset + sizeof(*ptr))))
1949 return -EFAULT;
1950
1951 ptr = (__sum16 *)(skb->data + offset);
1952 if (is_mmzero && !do_mforce && !*ptr)
1953 return 0;
1954
1955 switch (flags & BPF_F_HDR_FIELD_MASK) {
1956 case 0:
1957 if (unlikely(from != 0))
1958 return -EINVAL;
1959
1960 inet_proto_csum_replace_by_diff(ptr, skb, to, is_pseudo);
1961 break;
1962 case 2:
1963 inet_proto_csum_replace2(ptr, skb, from, to, is_pseudo);
1964 break;
1965 case 4:
1966 inet_proto_csum_replace4(ptr, skb, from, to, is_pseudo);
1967 break;
1968 default:
1969 return -EINVAL;
1970 }
1971
1972 if (is_mmzero && !*ptr)
1973 *ptr = CSUM_MANGLED_0;
1974 return 0;
1975}
1976
1977static const struct bpf_func_proto bpf_l4_csum_replace_proto = {
1978 .func = bpf_l4_csum_replace,
1979 .gpl_only = false,
1980 .ret_type = RET_INTEGER,
1981 .arg1_type = ARG_PTR_TO_CTX,
1982 .arg2_type = ARG_ANYTHING,
1983 .arg3_type = ARG_ANYTHING,
1984 .arg4_type = ARG_ANYTHING,
1985 .arg5_type = ARG_ANYTHING,
1986};
1987
1988BPF_CALL_5(bpf_csum_diff, __be32 *, from, u32, from_size,
1989 __be32 *, to, u32, to_size, __wsum, seed)
1990{
1991 struct bpf_scratchpad *sp = this_cpu_ptr(&bpf_sp);
1992 u32 diff_size = from_size + to_size;
1993 int i, j = 0;
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003 if (unlikely(((from_size | to_size) & (sizeof(__be32) - 1)) ||
2004 diff_size > sizeof(sp->diff)))
2005 return -EINVAL;
2006
2007 for (i = 0; i < from_size / sizeof(__be32); i++, j++)
2008 sp->diff[j] = ~from[i];
2009 for (i = 0; i < to_size / sizeof(__be32); i++, j++)
2010 sp->diff[j] = to[i];
2011
2012 return csum_partial(sp->diff, diff_size, seed);
2013}
2014
2015static const struct bpf_func_proto bpf_csum_diff_proto = {
2016 .func = bpf_csum_diff,
2017 .gpl_only = false,
2018 .pkt_access = true,
2019 .ret_type = RET_INTEGER,
2020 .arg1_type = ARG_PTR_TO_MEM | PTR_MAYBE_NULL | MEM_RDONLY,
2021 .arg2_type = ARG_CONST_SIZE_OR_ZERO,
2022 .arg3_type = ARG_PTR_TO_MEM | PTR_MAYBE_NULL | MEM_RDONLY,
2023 .arg4_type = ARG_CONST_SIZE_OR_ZERO,
2024 .arg5_type = ARG_ANYTHING,
2025};
2026
2027BPF_CALL_2(bpf_csum_update, struct sk_buff *, skb, __wsum, csum)
2028{
2029
2030
2031
2032
2033 if (skb->ip_summed == CHECKSUM_COMPLETE)
2034 return (skb->csum = csum_add(skb->csum, csum));
2035
2036 return -ENOTSUPP;
2037}
2038
2039static const struct bpf_func_proto bpf_csum_update_proto = {
2040 .func = bpf_csum_update,
2041 .gpl_only = false,
2042 .ret_type = RET_INTEGER,
2043 .arg1_type = ARG_PTR_TO_CTX,
2044 .arg2_type = ARG_ANYTHING,
2045};
2046
2047BPF_CALL_2(bpf_csum_level, struct sk_buff *, skb, u64, level)
2048{
2049
2050
2051
2052
2053 switch (level) {
2054 case BPF_CSUM_LEVEL_INC:
2055 __skb_incr_checksum_unnecessary(skb);
2056 break;
2057 case BPF_CSUM_LEVEL_DEC:
2058 __skb_decr_checksum_unnecessary(skb);
2059 break;
2060 case BPF_CSUM_LEVEL_RESET:
2061 __skb_reset_checksum_unnecessary(skb);
2062 break;
2063 case BPF_CSUM_LEVEL_QUERY:
2064 return skb->ip_summed == CHECKSUM_UNNECESSARY ?
2065 skb->csum_level : -EACCES;
2066 default:
2067 return -EINVAL;
2068 }
2069
2070 return 0;
2071}
2072
2073static const struct bpf_func_proto bpf_csum_level_proto = {
2074 .func = bpf_csum_level,
2075 .gpl_only = false,
2076 .ret_type = RET_INTEGER,
2077 .arg1_type = ARG_PTR_TO_CTX,
2078 .arg2_type = ARG_ANYTHING,
2079};
2080
2081static inline int __bpf_rx_skb(struct net_device *dev, struct sk_buff *skb)
2082{
2083 return dev_forward_skb_nomtu(dev, skb);
2084}
2085
2086static inline int __bpf_rx_skb_no_mac(struct net_device *dev,
2087 struct sk_buff *skb)
2088{
2089 int ret = ____dev_forward_skb(dev, skb, false);
2090
2091 if (likely(!ret)) {
2092 skb->dev = dev;
2093 ret = netif_rx(skb);
2094 }
2095
2096 return ret;
2097}
2098
2099static inline int __bpf_tx_skb(struct net_device *dev, struct sk_buff *skb)
2100{
2101 int ret;
2102
2103 if (dev_xmit_recursion()) {
2104 net_crit_ratelimited("bpf: recursion limit reached on datapath, buggy bpf program?\n");
2105 kfree_skb(skb);
2106 return -ENETDOWN;
2107 }
2108
2109 skb->dev = dev;
2110 skb_clear_tstamp(skb);
2111
2112 dev_xmit_recursion_inc();
2113 ret = dev_queue_xmit(skb);
2114 dev_xmit_recursion_dec();
2115
2116 return ret;
2117}
2118
2119static int __bpf_redirect_no_mac(struct sk_buff *skb, struct net_device *dev,
2120 u32 flags)
2121{
2122 unsigned int mlen = skb_network_offset(skb);
2123
2124 if (mlen) {
2125 __skb_pull(skb, mlen);
2126
2127
2128
2129
2130
2131
2132 if (!skb_at_tc_ingress(skb))
2133 skb_postpull_rcsum(skb, skb_mac_header(skb), mlen);
2134 }
2135 skb_pop_mac_header(skb);
2136 skb_reset_mac_len(skb);
2137 return flags & BPF_F_INGRESS ?
2138 __bpf_rx_skb_no_mac(dev, skb) : __bpf_tx_skb(dev, skb);
2139}
2140
2141static int __bpf_redirect_common(struct sk_buff *skb, struct net_device *dev,
2142 u32 flags)
2143{
2144
2145 if (unlikely(skb->mac_header >= skb->network_header)) {
2146 kfree_skb(skb);
2147 return -ERANGE;
2148 }
2149
2150 bpf_push_mac_rcsum(skb);
2151 return flags & BPF_F_INGRESS ?
2152 __bpf_rx_skb(dev, skb) : __bpf_tx_skb(dev, skb);
2153}
2154
2155static int __bpf_redirect(struct sk_buff *skb, struct net_device *dev,
2156 u32 flags)
2157{
2158 if (dev_is_mac_header_xmit(dev))
2159 return __bpf_redirect_common(skb, dev, flags);
2160 else
2161 return __bpf_redirect_no_mac(skb, dev, flags);
2162}
2163
2164#if IS_ENABLED(CONFIG_IPV6)
2165static int bpf_out_neigh_v6(struct net *net, struct sk_buff *skb,
2166 struct net_device *dev, struct bpf_nh_params *nh)
2167{
2168 u32 hh_len = LL_RESERVED_SPACE(dev);
2169 const struct in6_addr *nexthop;
2170 struct dst_entry *dst = NULL;
2171 struct neighbour *neigh;
2172
2173 if (dev_xmit_recursion()) {
2174 net_crit_ratelimited("bpf: recursion limit reached on datapath, buggy bpf program?\n");
2175 goto out_drop;
2176 }
2177
2178 skb->dev = dev;
2179 skb_clear_tstamp(skb);
2180
2181 if (unlikely(skb_headroom(skb) < hh_len && dev->header_ops)) {
2182 skb = skb_expand_head(skb, hh_len);
2183 if (!skb)
2184 return -ENOMEM;
2185 }
2186
2187 rcu_read_lock_bh();
2188 if (!nh) {
2189 dst = skb_dst(skb);
2190 nexthop = rt6_nexthop(container_of(dst, struct rt6_info, dst),
2191 &ipv6_hdr(skb)->daddr);
2192 } else {
2193 nexthop = &nh->ipv6_nh;
2194 }
2195 neigh = ip_neigh_gw6(dev, nexthop);
2196 if (likely(!IS_ERR(neigh))) {
2197 int ret;
2198
2199 sock_confirm_neigh(skb, neigh);
2200 dev_xmit_recursion_inc();
2201 ret = neigh_output(neigh, skb, false);
2202 dev_xmit_recursion_dec();
2203 rcu_read_unlock_bh();
2204 return ret;
2205 }
2206 rcu_read_unlock_bh();
2207 if (dst)
2208 IP6_INC_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTNOROUTES);
2209out_drop:
2210 kfree_skb(skb);
2211 return -ENETDOWN;
2212}
2213
2214static int __bpf_redirect_neigh_v6(struct sk_buff *skb, struct net_device *dev,
2215 struct bpf_nh_params *nh)
2216{
2217 const struct ipv6hdr *ip6h = ipv6_hdr(skb);
2218 struct net *net = dev_net(dev);
2219 int err, ret = NET_XMIT_DROP;
2220
2221 if (!nh) {
2222 struct dst_entry *dst;
2223 struct flowi6 fl6 = {
2224 .flowi6_flags = FLOWI_FLAG_ANYSRC,
2225 .flowi6_mark = skb->mark,
2226 .flowlabel = ip6_flowinfo(ip6h),
2227 .flowi6_oif = dev->ifindex,
2228 .flowi6_proto = ip6h->nexthdr,
2229 .daddr = ip6h->daddr,
2230 .saddr = ip6h->saddr,
2231 };
2232
2233 dst = ipv6_stub->ipv6_dst_lookup_flow(net, NULL, &fl6, NULL);
2234 if (IS_ERR(dst))
2235 goto out_drop;
2236
2237 skb_dst_set(skb, dst);
2238 } else if (nh->nh_family != AF_INET6) {
2239 goto out_drop;
2240 }
2241
2242 err = bpf_out_neigh_v6(net, skb, dev, nh);
2243 if (unlikely(net_xmit_eval(err)))
2244 dev->stats.tx_errors++;
2245 else
2246 ret = NET_XMIT_SUCCESS;
2247 goto out_xmit;
2248out_drop:
2249 dev->stats.tx_errors++;
2250 kfree_skb(skb);
2251out_xmit:
2252 return ret;
2253}
2254#else
2255static int __bpf_redirect_neigh_v6(struct sk_buff *skb, struct net_device *dev,
2256 struct bpf_nh_params *nh)
2257{
2258 kfree_skb(skb);
2259 return NET_XMIT_DROP;
2260}
2261#endif
2262
2263#if IS_ENABLED(CONFIG_INET)
2264static int bpf_out_neigh_v4(struct net *net, struct sk_buff *skb,
2265 struct net_device *dev, struct bpf_nh_params *nh)
2266{
2267 u32 hh_len = LL_RESERVED_SPACE(dev);
2268 struct neighbour *neigh;
2269 bool is_v6gw = false;
2270
2271 if (dev_xmit_recursion()) {
2272 net_crit_ratelimited("bpf: recursion limit reached on datapath, buggy bpf program?\n");
2273 goto out_drop;
2274 }
2275
2276 skb->dev = dev;
2277 skb_clear_tstamp(skb);
2278
2279 if (unlikely(skb_headroom(skb) < hh_len && dev->header_ops)) {
2280 skb = skb_expand_head(skb, hh_len);
2281 if (!skb)
2282 return -ENOMEM;
2283 }
2284
2285 rcu_read_lock_bh();
2286 if (!nh) {
2287 struct dst_entry *dst = skb_dst(skb);
2288 struct rtable *rt = container_of(dst, struct rtable, dst);
2289
2290 neigh = ip_neigh_for_gw(rt, skb, &is_v6gw);
2291 } else if (nh->nh_family == AF_INET6) {
2292 neigh = ip_neigh_gw6(dev, &nh->ipv6_nh);
2293 is_v6gw = true;
2294 } else if (nh->nh_family == AF_INET) {
2295 neigh = ip_neigh_gw4(dev, nh->ipv4_nh);
2296 } else {
2297 rcu_read_unlock_bh();
2298 goto out_drop;
2299 }
2300
2301 if (likely(!IS_ERR(neigh))) {
2302 int ret;
2303
2304 sock_confirm_neigh(skb, neigh);
2305 dev_xmit_recursion_inc();
2306 ret = neigh_output(neigh, skb, is_v6gw);
2307 dev_xmit_recursion_dec();
2308 rcu_read_unlock_bh();
2309 return ret;
2310 }
2311 rcu_read_unlock_bh();
2312out_drop:
2313 kfree_skb(skb);
2314 return -ENETDOWN;
2315}
2316
2317static int __bpf_redirect_neigh_v4(struct sk_buff *skb, struct net_device *dev,
2318 struct bpf_nh_params *nh)
2319{
2320 const struct iphdr *ip4h = ip_hdr(skb);
2321 struct net *net = dev_net(dev);
2322 int err, ret = NET_XMIT_DROP;
2323
2324 if (!nh) {
2325 struct flowi4 fl4 = {
2326 .flowi4_flags = FLOWI_FLAG_ANYSRC,
2327 .flowi4_mark = skb->mark,
2328 .flowi4_tos = RT_TOS(ip4h->tos),
2329 .flowi4_oif = dev->ifindex,
2330 .flowi4_proto = ip4h->protocol,
2331 .daddr = ip4h->daddr,
2332 .saddr = ip4h->saddr,
2333 };
2334 struct rtable *rt;
2335
2336 rt = ip_route_output_flow(net, &fl4, NULL);
2337 if (IS_ERR(rt))
2338 goto out_drop;
2339 if (rt->rt_type != RTN_UNICAST && rt->rt_type != RTN_LOCAL) {
2340 ip_rt_put(rt);
2341 goto out_drop;
2342 }
2343
2344 skb_dst_set(skb, &rt->dst);
2345 }
2346
2347 err = bpf_out_neigh_v4(net, skb, dev, nh);
2348 if (unlikely(net_xmit_eval(err)))
2349 dev->stats.tx_errors++;
2350 else
2351 ret = NET_XMIT_SUCCESS;
2352 goto out_xmit;
2353out_drop:
2354 dev->stats.tx_errors++;
2355 kfree_skb(skb);
2356out_xmit:
2357 return ret;
2358}
2359#else
2360static int __bpf_redirect_neigh_v4(struct sk_buff *skb, struct net_device *dev,
2361 struct bpf_nh_params *nh)
2362{
2363 kfree_skb(skb);
2364 return NET_XMIT_DROP;
2365}
2366#endif
2367
2368static int __bpf_redirect_neigh(struct sk_buff *skb, struct net_device *dev,
2369 struct bpf_nh_params *nh)
2370{
2371 struct ethhdr *ethh = eth_hdr(skb);
2372
2373 if (unlikely(skb->mac_header >= skb->network_header))
2374 goto out;
2375 bpf_push_mac_rcsum(skb);
2376 if (is_multicast_ether_addr(ethh->h_dest))
2377 goto out;
2378
2379 skb_pull(skb, sizeof(*ethh));
2380 skb_unset_mac_header(skb);
2381 skb_reset_network_header(skb);
2382
2383 if (skb->protocol == htons(ETH_P_IP))
2384 return __bpf_redirect_neigh_v4(skb, dev, nh);
2385 else if (skb->protocol == htons(ETH_P_IPV6))
2386 return __bpf_redirect_neigh_v6(skb, dev, nh);
2387out:
2388 kfree_skb(skb);
2389 return -ENOTSUPP;
2390}
2391
2392
2393enum {
2394 BPF_F_NEIGH = (1ULL << 1),
2395 BPF_F_PEER = (1ULL << 2),
2396 BPF_F_NEXTHOP = (1ULL << 3),
2397#define BPF_F_REDIRECT_INTERNAL (BPF_F_NEIGH | BPF_F_PEER | BPF_F_NEXTHOP)
2398};
2399
2400BPF_CALL_3(bpf_clone_redirect, struct sk_buff *, skb, u32, ifindex, u64, flags)
2401{
2402 struct net_device *dev;
2403 struct sk_buff *clone;
2404 int ret;
2405
2406 if (unlikely(flags & (~(BPF_F_INGRESS) | BPF_F_REDIRECT_INTERNAL)))
2407 return -EINVAL;
2408
2409 dev = dev_get_by_index_rcu(dev_net(skb->dev), ifindex);
2410 if (unlikely(!dev))
2411 return -EINVAL;
2412
2413 clone = skb_clone(skb, GFP_ATOMIC);
2414 if (unlikely(!clone))
2415 return -ENOMEM;
2416
2417
2418
2419
2420
2421
2422 ret = bpf_try_make_head_writable(skb);
2423 if (unlikely(ret)) {
2424 kfree_skb(clone);
2425 return -ENOMEM;
2426 }
2427
2428 return __bpf_redirect(clone, dev, flags);
2429}
2430
2431static const struct bpf_func_proto bpf_clone_redirect_proto = {
2432 .func = bpf_clone_redirect,
2433 .gpl_only = false,
2434 .ret_type = RET_INTEGER,
2435 .arg1_type = ARG_PTR_TO_CTX,
2436 .arg2_type = ARG_ANYTHING,
2437 .arg3_type = ARG_ANYTHING,
2438};
2439
2440DEFINE_PER_CPU(struct bpf_redirect_info, bpf_redirect_info);
2441EXPORT_PER_CPU_SYMBOL_GPL(bpf_redirect_info);
2442
2443int skb_do_redirect(struct sk_buff *skb)
2444{
2445 struct bpf_redirect_info *ri = this_cpu_ptr(&bpf_redirect_info);
2446 struct net *net = dev_net(skb->dev);
2447 struct net_device *dev;
2448 u32 flags = ri->flags;
2449
2450 dev = dev_get_by_index_rcu(net, ri->tgt_index);
2451 ri->tgt_index = 0;
2452 ri->flags = 0;
2453 if (unlikely(!dev))
2454 goto out_drop;
2455 if (flags & BPF_F_PEER) {
2456 const struct net_device_ops *ops = dev->netdev_ops;
2457
2458 if (unlikely(!ops->ndo_get_peer_dev ||
2459 !skb_at_tc_ingress(skb)))
2460 goto out_drop;
2461 dev = ops->ndo_get_peer_dev(dev);
2462 if (unlikely(!dev ||
2463 !(dev->flags & IFF_UP) ||
2464 net_eq(net, dev_net(dev))))
2465 goto out_drop;
2466 skb->dev = dev;
2467 return -EAGAIN;
2468 }
2469 return flags & BPF_F_NEIGH ?
2470 __bpf_redirect_neigh(skb, dev, flags & BPF_F_NEXTHOP ?
2471 &ri->nh : NULL) :
2472 __bpf_redirect(skb, dev, flags);
2473out_drop:
2474 kfree_skb(skb);
2475 return -EINVAL;
2476}
2477
2478BPF_CALL_2(bpf_redirect, u32, ifindex, u64, flags)
2479{
2480 struct bpf_redirect_info *ri = this_cpu_ptr(&bpf_redirect_info);
2481
2482 if (unlikely(flags & (~(BPF_F_INGRESS) | BPF_F_REDIRECT_INTERNAL)))
2483 return TC_ACT_SHOT;
2484
2485 ri->flags = flags;
2486 ri->tgt_index = ifindex;
2487
2488 return TC_ACT_REDIRECT;
2489}
2490
2491static const struct bpf_func_proto bpf_redirect_proto = {
2492 .func = bpf_redirect,
2493 .gpl_only = false,
2494 .ret_type = RET_INTEGER,
2495 .arg1_type = ARG_ANYTHING,
2496 .arg2_type = ARG_ANYTHING,
2497};
2498
2499BPF_CALL_2(bpf_redirect_peer, u32, ifindex, u64, flags)
2500{
2501 struct bpf_redirect_info *ri = this_cpu_ptr(&bpf_redirect_info);
2502
2503 if (unlikely(flags))
2504 return TC_ACT_SHOT;
2505
2506 ri->flags = BPF_F_PEER;
2507 ri->tgt_index = ifindex;
2508
2509 return TC_ACT_REDIRECT;
2510}
2511
2512static const struct bpf_func_proto bpf_redirect_peer_proto = {
2513 .func = bpf_redirect_peer,
2514 .gpl_only = false,
2515 .ret_type = RET_INTEGER,
2516 .arg1_type = ARG_ANYTHING,
2517 .arg2_type = ARG_ANYTHING,
2518};
2519
2520BPF_CALL_4(bpf_redirect_neigh, u32, ifindex, struct bpf_redir_neigh *, params,
2521 int, plen, u64, flags)
2522{
2523 struct bpf_redirect_info *ri = this_cpu_ptr(&bpf_redirect_info);
2524
2525 if (unlikely((plen && plen < sizeof(*params)) || flags))
2526 return TC_ACT_SHOT;
2527
2528 ri->flags = BPF_F_NEIGH | (plen ? BPF_F_NEXTHOP : 0);
2529 ri->tgt_index = ifindex;
2530
2531 BUILD_BUG_ON(sizeof(struct bpf_redir_neigh) != sizeof(struct bpf_nh_params));
2532 if (plen)
2533 memcpy(&ri->nh, params, sizeof(ri->nh));
2534
2535 return TC_ACT_REDIRECT;
2536}
2537
2538static const struct bpf_func_proto bpf_redirect_neigh_proto = {
2539 .func = bpf_redirect_neigh,
2540 .gpl_only = false,
2541 .ret_type = RET_INTEGER,
2542 .arg1_type = ARG_ANYTHING,
2543 .arg2_type = ARG_PTR_TO_MEM | PTR_MAYBE_NULL | MEM_RDONLY,
2544 .arg3_type = ARG_CONST_SIZE_OR_ZERO,
2545 .arg4_type = ARG_ANYTHING,
2546};
2547
2548BPF_CALL_2(bpf_msg_apply_bytes, struct sk_msg *, msg, u32, bytes)
2549{
2550 msg->apply_bytes = bytes;
2551 return 0;
2552}
2553
2554static const struct bpf_func_proto bpf_msg_apply_bytes_proto = {
2555 .func = bpf_msg_apply_bytes,
2556 .gpl_only = false,
2557 .ret_type = RET_INTEGER,
2558 .arg1_type = ARG_PTR_TO_CTX,
2559 .arg2_type = ARG_ANYTHING,
2560};
2561
2562BPF_CALL_2(bpf_msg_cork_bytes, struct sk_msg *, msg, u32, bytes)
2563{
2564 msg->cork_bytes = bytes;
2565 return 0;
2566}
2567
2568static const struct bpf_func_proto bpf_msg_cork_bytes_proto = {
2569 .func = bpf_msg_cork_bytes,
2570 .gpl_only = false,
2571 .ret_type = RET_INTEGER,
2572 .arg1_type = ARG_PTR_TO_CTX,
2573 .arg2_type = ARG_ANYTHING,
2574};
2575
2576BPF_CALL_4(bpf_msg_pull_data, struct sk_msg *, msg, u32, start,
2577 u32, end, u64, flags)
2578{
2579 u32 len = 0, offset = 0, copy = 0, poffset = 0, bytes = end - start;
2580 u32 first_sge, last_sge, i, shift, bytes_sg_total;
2581 struct scatterlist *sge;
2582 u8 *raw, *to, *from;
2583 struct page *page;
2584
2585 if (unlikely(flags || end <= start))
2586 return -EINVAL;
2587
2588
2589 i = msg->sg.start;
2590 do {
2591 offset += len;
2592 len = sk_msg_elem(msg, i)->length;
2593 if (start < offset + len)
2594 break;
2595 sk_msg_iter_var_next(i);
2596 } while (i != msg->sg.end);
2597
2598 if (unlikely(start >= offset + len))
2599 return -EINVAL;
2600
2601 first_sge = i;
2602
2603
2604
2605 bytes_sg_total = start - offset + bytes;
2606 if (!test_bit(i, msg->sg.copy) && bytes_sg_total <= len)
2607 goto out;
2608
2609
2610
2611
2612
2613
2614
2615
2616
2617
2618
2619 do {
2620 copy += sk_msg_elem(msg, i)->length;
2621 sk_msg_iter_var_next(i);
2622 if (bytes_sg_total <= copy)
2623 break;
2624 } while (i != msg->sg.end);
2625 last_sge = i;
2626
2627 if (unlikely(bytes_sg_total > copy))
2628 return -EINVAL;
2629
2630 page = alloc_pages(__GFP_NOWARN | GFP_ATOMIC | __GFP_COMP,
2631 get_order(copy));
2632 if (unlikely(!page))
2633 return -ENOMEM;
2634
2635 raw = page_address(page);
2636 i = first_sge;
2637 do {
2638 sge = sk_msg_elem(msg, i);
2639 from = sg_virt(sge);
2640 len = sge->length;
2641 to = raw + poffset;
2642
2643 memcpy(to, from, len);
2644 poffset += len;
2645 sge->length = 0;
2646 put_page(sg_page(sge));
2647
2648 sk_msg_iter_var_next(i);
2649 } while (i != last_sge);
2650
2651 sg_set_page(&msg->sg.data[first_sge], page, copy, 0);
2652
2653
2654
2655
2656
2657 WARN_ON_ONCE(last_sge == first_sge);
2658 shift = last_sge > first_sge ?
2659 last_sge - first_sge - 1 :
2660 NR_MSG_FRAG_IDS - first_sge + last_sge - 1;
2661 if (!shift)
2662 goto out;
2663
2664 i = first_sge;
2665 sk_msg_iter_var_next(i);
2666 do {
2667 u32 move_from;
2668
2669 if (i + shift >= NR_MSG_FRAG_IDS)
2670 move_from = i + shift - NR_MSG_FRAG_IDS;
2671 else
2672 move_from = i + shift;
2673 if (move_from == msg->sg.end)
2674 break;
2675
2676 msg->sg.data[i] = msg->sg.data[move_from];
2677 msg->sg.data[move_from].length = 0;
2678 msg->sg.data[move_from].page_link = 0;
2679 msg->sg.data[move_from].offset = 0;
2680 sk_msg_iter_var_next(i);
2681 } while (1);
2682
2683 msg->sg.end = msg->sg.end - shift > msg->sg.end ?
2684 msg->sg.end - shift + NR_MSG_FRAG_IDS :
2685 msg->sg.end - shift;
2686out:
2687 msg->data = sg_virt(&msg->sg.data[first_sge]) + start - offset;
2688 msg->data_end = msg->data + bytes;
2689 return 0;
2690}
2691
2692static const struct bpf_func_proto bpf_msg_pull_data_proto = {
2693 .func = bpf_msg_pull_data,
2694 .gpl_only = false,
2695 .ret_type = RET_INTEGER,
2696 .arg1_type = ARG_PTR_TO_CTX,
2697 .arg2_type = ARG_ANYTHING,
2698 .arg3_type = ARG_ANYTHING,
2699 .arg4_type = ARG_ANYTHING,
2700};
2701
2702BPF_CALL_4(bpf_msg_push_data, struct sk_msg *, msg, u32, start,
2703 u32, len, u64, flags)
2704{
2705 struct scatterlist sge, nsge, nnsge, rsge = {0}, *psge;
2706 u32 new, i = 0, l = 0, space, copy = 0, offset = 0;
2707 u8 *raw, *to, *from;
2708 struct page *page;
2709
2710 if (unlikely(flags))
2711 return -EINVAL;
2712
2713 if (unlikely(len == 0))
2714 return 0;
2715
2716
2717 i = msg->sg.start;
2718 do {
2719 offset += l;
2720 l = sk_msg_elem(msg, i)->length;
2721
2722 if (start < offset + l)
2723 break;
2724 sk_msg_iter_var_next(i);
2725 } while (i != msg->sg.end);
2726
2727 if (start >= offset + l)
2728 return -EINVAL;
2729
2730 space = MAX_MSG_FRAGS - sk_msg_elem_used(msg);
2731
2732
2733
2734
2735
2736
2737
2738
2739 if (!space || (space == 1 && start != offset))
2740 copy = msg->sg.data[i].length;
2741
2742 page = alloc_pages(__GFP_NOWARN | GFP_ATOMIC | __GFP_COMP,
2743 get_order(copy + len));
2744 if (unlikely(!page))
2745 return -ENOMEM;
2746
2747 if (copy) {
2748 int front, back;
2749
2750 raw = page_address(page);
2751
2752 psge = sk_msg_elem(msg, i);
2753 front = start - offset;
2754 back = psge->length - front;
2755 from = sg_virt(psge);
2756
2757 if (front)
2758 memcpy(raw, from, front);
2759
2760 if (back) {
2761 from += front;
2762 to = raw + front + len;
2763
2764 memcpy(to, from, back);
2765 }
2766
2767 put_page(sg_page(psge));
2768 } else if (start - offset) {
2769 psge = sk_msg_elem(msg, i);
2770 rsge = sk_msg_elem_cpy(msg, i);
2771
2772 psge->length = start - offset;
2773 rsge.length -= psge->length;
2774 rsge.offset += start;
2775
2776 sk_msg_iter_var_next(i);
2777 sg_unmark_end(psge);
2778 sg_unmark_end(&rsge);
2779 sk_msg_iter_next(msg, end);
2780 }
2781
2782
2783 new = i;
2784
2785
2786 if (!copy) {
2787 sge = sk_msg_elem_cpy(msg, i);
2788
2789 sk_msg_iter_var_next(i);
2790 sg_unmark_end(&sge);
2791 sk_msg_iter_next(msg, end);
2792
2793 nsge = sk_msg_elem_cpy(msg, i);
2794 if (rsge.length) {
2795 sk_msg_iter_var_next(i);
2796 nnsge = sk_msg_elem_cpy(msg, i);
2797 }
2798
2799 while (i != msg->sg.end) {
2800 msg->sg.data[i] = sge;
2801 sge = nsge;
2802 sk_msg_iter_var_next(i);
2803 if (rsge.length) {
2804 nsge = nnsge;
2805 nnsge = sk_msg_elem_cpy(msg, i);
2806 } else {
2807 nsge = sk_msg_elem_cpy(msg, i);
2808 }
2809 }
2810 }
2811
2812
2813 sk_mem_charge(msg->sk, len);
2814 msg->sg.size += len;
2815 __clear_bit(new, msg->sg.copy);
2816 sg_set_page(&msg->sg.data[new], page, len + copy, 0);
2817 if (rsge.length) {
2818 get_page(sg_page(&rsge));
2819 sk_msg_iter_var_next(new);
2820 msg->sg.data[new] = rsge;
2821 }
2822
2823 sk_msg_compute_data_pointers(msg);
2824 return 0;
2825}
2826
2827static const struct bpf_func_proto bpf_msg_push_data_proto = {
2828 .func = bpf_msg_push_data,
2829 .gpl_only = false,
2830 .ret_type = RET_INTEGER,
2831 .arg1_type = ARG_PTR_TO_CTX,
2832 .arg2_type = ARG_ANYTHING,
2833 .arg3_type = ARG_ANYTHING,
2834 .arg4_type = ARG_ANYTHING,
2835};
2836
2837static void sk_msg_shift_left(struct sk_msg *msg, int i)
2838{
2839 int prev;
2840
2841 do {
2842 prev = i;
2843 sk_msg_iter_var_next(i);
2844 msg->sg.data[prev] = msg->sg.data[i];
2845 } while (i != msg->sg.end);
2846
2847 sk_msg_iter_prev(msg, end);
2848}
2849
2850static void sk_msg_shift_right(struct sk_msg *msg, int i)
2851{
2852 struct scatterlist tmp, sge;
2853
2854 sk_msg_iter_next(msg, end);
2855 sge = sk_msg_elem_cpy(msg, i);
2856 sk_msg_iter_var_next(i);
2857 tmp = sk_msg_elem_cpy(msg, i);
2858
2859 while (i != msg->sg.end) {
2860 msg->sg.data[i] = sge;
2861 sk_msg_iter_var_next(i);
2862 sge = tmp;
2863 tmp = sk_msg_elem_cpy(msg, i);
2864 }
2865}
2866
2867BPF_CALL_4(bpf_msg_pop_data, struct sk_msg *, msg, u32, start,
2868 u32, len, u64, flags)
2869{
2870 u32 i = 0, l = 0, space, offset = 0;
2871 u64 last = start + len;
2872 int pop;
2873
2874 if (unlikely(flags))
2875 return -EINVAL;
2876
2877
2878 i = msg->sg.start;
2879 do {
2880 offset += l;
2881 l = sk_msg_elem(msg, i)->length;
2882
2883 if (start < offset + l)
2884 break;
2885 sk_msg_iter_var_next(i);
2886 } while (i != msg->sg.end);
2887
2888
2889 if (start >= offset + l || last >= msg->sg.size)
2890 return -EINVAL;
2891
2892 space = MAX_MSG_FRAGS - sk_msg_elem_used(msg);
2893
2894 pop = len;
2895
2896
2897
2898
2899
2900
2901
2902
2903
2904
2905
2906
2907
2908
2909
2910
2911
2912
2913
2914
2915
2916 if (start != offset) {
2917 struct scatterlist *nsge, *sge = sk_msg_elem(msg, i);
2918 int a = start;
2919 int b = sge->length - pop - a;
2920
2921 sk_msg_iter_var_next(i);
2922
2923 if (pop < sge->length - a) {
2924 if (space) {
2925 sge->length = a;
2926 sk_msg_shift_right(msg, i);
2927 nsge = sk_msg_elem(msg, i);
2928 get_page(sg_page(sge));
2929 sg_set_page(nsge,
2930 sg_page(sge),
2931 b, sge->offset + pop + a);
2932 } else {
2933 struct page *page, *orig;
2934 u8 *to, *from;
2935
2936 page = alloc_pages(__GFP_NOWARN |
2937 __GFP_COMP | GFP_ATOMIC,
2938 get_order(a + b));
2939 if (unlikely(!page))
2940 return -ENOMEM;
2941
2942 sge->length = a;
2943 orig = sg_page(sge);
2944 from = sg_virt(sge);
2945 to = page_address(page);
2946 memcpy(to, from, a);
2947 memcpy(to + a, from + a + pop, b);
2948 sg_set_page(sge, page, a + b, 0);
2949 put_page(orig);
2950 }
2951 pop = 0;
2952 } else if (pop >= sge->length - a) {
2953 pop -= (sge->length - a);
2954 sge->length = a;
2955 }
2956 }
2957
2958
2959
2960
2961
2962
2963
2964
2965
2966
2967
2968
2969
2970
2971
2972
2973
2974
2975 while (pop) {
2976 struct scatterlist *sge = sk_msg_elem(msg, i);
2977
2978 if (pop < sge->length) {
2979 sge->length -= pop;
2980 sge->offset += pop;
2981 pop = 0;
2982 } else {
2983 pop -= sge->length;
2984 sk_msg_shift_left(msg, i);
2985 }
2986 sk_msg_iter_var_next(i);
2987 }
2988
2989 sk_mem_uncharge(msg->sk, len - pop);
2990 msg->sg.size -= (len - pop);
2991 sk_msg_compute_data_pointers(msg);
2992 return 0;
2993}
2994
2995static const struct bpf_func_proto bpf_msg_pop_data_proto = {
2996 .func = bpf_msg_pop_data,
2997 .gpl_only = false,
2998 .ret_type = RET_INTEGER,
2999 .arg1_type = ARG_PTR_TO_CTX,
3000 .arg2_type = ARG_ANYTHING,
3001 .arg3_type = ARG_ANYTHING,
3002 .arg4_type = ARG_ANYTHING,
3003};
3004
3005#ifdef CONFIG_CGROUP_NET_CLASSID
3006BPF_CALL_0(bpf_get_cgroup_classid_curr)
3007{
3008 return __task_get_classid(current);
3009}
3010
3011static const struct bpf_func_proto bpf_get_cgroup_classid_curr_proto = {
3012 .func = bpf_get_cgroup_classid_curr,
3013 .gpl_only = false,
3014 .ret_type = RET_INTEGER,
3015};
3016
3017BPF_CALL_1(bpf_skb_cgroup_classid, const struct sk_buff *, skb)
3018{
3019 struct sock *sk = skb_to_full_sk(skb);
3020
3021 if (!sk || !sk_fullsock(sk))
3022 return 0;
3023
3024 return sock_cgroup_classid(&sk->sk_cgrp_data);
3025}
3026
3027static const struct bpf_func_proto bpf_skb_cgroup_classid_proto = {
3028 .func = bpf_skb_cgroup_classid,
3029 .gpl_only = false,
3030 .ret_type = RET_INTEGER,
3031 .arg1_type = ARG_PTR_TO_CTX,
3032};
3033#endif
3034
3035BPF_CALL_1(bpf_get_cgroup_classid, const struct sk_buff *, skb)
3036{
3037 return task_get_classid(skb);
3038}
3039
3040static const struct bpf_func_proto bpf_get_cgroup_classid_proto = {
3041 .func = bpf_get_cgroup_classid,
3042 .gpl_only = false,
3043 .ret_type = RET_INTEGER,
3044 .arg1_type = ARG_PTR_TO_CTX,
3045};
3046
3047BPF_CALL_1(bpf_get_route_realm, const struct sk_buff *, skb)
3048{
3049 return dst_tclassid(skb);
3050}
3051
3052static const struct bpf_func_proto bpf_get_route_realm_proto = {
3053 .func = bpf_get_route_realm,
3054 .gpl_only = false,
3055 .ret_type = RET_INTEGER,
3056 .arg1_type = ARG_PTR_TO_CTX,
3057};
3058
3059BPF_CALL_1(bpf_get_hash_recalc, struct sk_buff *, skb)
3060{
3061
3062
3063
3064
3065
3066 return skb_get_hash(skb);
3067}
3068
3069static const struct bpf_func_proto bpf_get_hash_recalc_proto = {
3070 .func = bpf_get_hash_recalc,
3071 .gpl_only = false,
3072 .ret_type = RET_INTEGER,
3073 .arg1_type = ARG_PTR_TO_CTX,
3074};
3075
3076BPF_CALL_1(bpf_set_hash_invalid, struct sk_buff *, skb)
3077{
3078
3079
3080
3081 skb_clear_hash(skb);
3082 return 0;
3083}
3084
3085static const struct bpf_func_proto bpf_set_hash_invalid_proto = {
3086 .func = bpf_set_hash_invalid,
3087 .gpl_only = false,
3088 .ret_type = RET_INTEGER,
3089 .arg1_type = ARG_PTR_TO_CTX,
3090};
3091
3092BPF_CALL_2(bpf_set_hash, struct sk_buff *, skb, u32, hash)
3093{
3094
3095
3096
3097
3098 __skb_set_sw_hash(skb, hash, true);
3099 return 0;
3100}
3101
3102static const struct bpf_func_proto bpf_set_hash_proto = {
3103 .func = bpf_set_hash,
3104 .gpl_only = false,
3105 .ret_type = RET_INTEGER,
3106 .arg1_type = ARG_PTR_TO_CTX,
3107 .arg2_type = ARG_ANYTHING,
3108};
3109
3110BPF_CALL_3(bpf_skb_vlan_push, struct sk_buff *, skb, __be16, vlan_proto,
3111 u16, vlan_tci)
3112{
3113 int ret;
3114
3115 if (unlikely(vlan_proto != htons(ETH_P_8021Q) &&
3116 vlan_proto != htons(ETH_P_8021AD)))
3117 vlan_proto = htons(ETH_P_8021Q);
3118
3119 bpf_push_mac_rcsum(skb);
3120 ret = skb_vlan_push(skb, vlan_proto, vlan_tci);
3121 bpf_pull_mac_rcsum(skb);
3122
3123 bpf_compute_data_pointers(skb);
3124 return ret;
3125}
3126
3127static const struct bpf_func_proto bpf_skb_vlan_push_proto = {
3128 .func = bpf_skb_vlan_push,
3129 .gpl_only = false,
3130 .ret_type = RET_INTEGER,
3131 .arg1_type = ARG_PTR_TO_CTX,
3132 .arg2_type = ARG_ANYTHING,
3133 .arg3_type = ARG_ANYTHING,
3134};
3135
3136BPF_CALL_1(bpf_skb_vlan_pop, struct sk_buff *, skb)
3137{
3138 int ret;
3139
3140 bpf_push_mac_rcsum(skb);
3141 ret = skb_vlan_pop(skb);
3142 bpf_pull_mac_rcsum(skb);
3143
3144 bpf_compute_data_pointers(skb);
3145 return ret;
3146}
3147
3148static const struct bpf_func_proto bpf_skb_vlan_pop_proto = {
3149 .func = bpf_skb_vlan_pop,
3150 .gpl_only = false,
3151 .ret_type = RET_INTEGER,
3152 .arg1_type = ARG_PTR_TO_CTX,
3153};
3154
3155static int bpf_skb_generic_push(struct sk_buff *skb, u32 off, u32 len)
3156{
3157
3158
3159
3160 skb_push(skb, len);
3161 memmove(skb->data, skb->data + len, off);
3162 memset(skb->data + off, 0, len);
3163
3164
3165
3166
3167
3168
3169 return 0;
3170}
3171
3172static int bpf_skb_generic_pop(struct sk_buff *skb, u32 off, u32 len)
3173{
3174
3175
3176
3177 if (unlikely(!pskb_may_pull(skb, off + len)))
3178 return -ENOMEM;
3179
3180 skb_postpull_rcsum(skb, skb->data + off, len);
3181 memmove(skb->data + len, skb->data, off);
3182 __skb_pull(skb, len);
3183
3184 return 0;
3185}
3186
3187static int bpf_skb_net_hdr_push(struct sk_buff *skb, u32 off, u32 len)
3188{
3189 bool trans_same = skb->transport_header == skb->network_header;
3190 int ret;
3191
3192
3193
3194
3195
3196 ret = bpf_skb_generic_push(skb, off, len);
3197 if (likely(!ret)) {
3198 skb->mac_header -= len;
3199 skb->network_header -= len;
3200 if (trans_same)
3201 skb->transport_header = skb->network_header;
3202 }
3203
3204 return ret;
3205}
3206
3207static int bpf_skb_net_hdr_pop(struct sk_buff *skb, u32 off, u32 len)
3208{
3209 bool trans_same = skb->transport_header == skb->network_header;
3210 int ret;
3211
3212
3213 ret = bpf_skb_generic_pop(skb, off, len);
3214 if (likely(!ret)) {
3215 skb->mac_header += len;
3216 skb->network_header += len;
3217 if (trans_same)
3218 skb->transport_header = skb->network_header;
3219 }
3220
3221 return ret;
3222}
3223
3224static int bpf_skb_proto_4_to_6(struct sk_buff *skb)
3225{
3226 const u32 len_diff = sizeof(struct ipv6hdr) - sizeof(struct iphdr);
3227 u32 off = skb_mac_header_len(skb);
3228 int ret;
3229
3230 ret = skb_cow(skb, len_diff);
3231 if (unlikely(ret < 0))
3232 return ret;
3233
3234 ret = bpf_skb_net_hdr_push(skb, off, len_diff);
3235 if (unlikely(ret < 0))
3236 return ret;
3237
3238 if (skb_is_gso(skb)) {
3239 struct skb_shared_info *shinfo = skb_shinfo(skb);
3240
3241
3242 if (shinfo->gso_type & SKB_GSO_TCPV4) {
3243 shinfo->gso_type &= ~SKB_GSO_TCPV4;
3244 shinfo->gso_type |= SKB_GSO_TCPV6;
3245 }
3246 }
3247
3248 skb->protocol = htons(ETH_P_IPV6);
3249 skb_clear_hash(skb);
3250
3251 return 0;
3252}
3253
3254static int bpf_skb_proto_6_to_4(struct sk_buff *skb)
3255{
3256 const u32 len_diff = sizeof(struct ipv6hdr) - sizeof(struct iphdr);
3257 u32 off = skb_mac_header_len(skb);
3258 int ret;
3259
3260 ret = skb_unclone(skb, GFP_ATOMIC);
3261 if (unlikely(ret < 0))
3262 return ret;
3263
3264 ret = bpf_skb_net_hdr_pop(skb, off, len_diff);
3265 if (unlikely(ret < 0))
3266 return ret;
3267
3268 if (skb_is_gso(skb)) {
3269 struct skb_shared_info *shinfo = skb_shinfo(skb);
3270
3271
3272 if (shinfo->gso_type & SKB_GSO_TCPV6) {
3273 shinfo->gso_type &= ~SKB_GSO_TCPV6;
3274 shinfo->gso_type |= SKB_GSO_TCPV4;
3275 }
3276 }
3277
3278 skb->protocol = htons(ETH_P_IP);
3279 skb_clear_hash(skb);
3280
3281 return 0;
3282}
3283
3284static int bpf_skb_proto_xlat(struct sk_buff *skb, __be16 to_proto)
3285{
3286 __be16 from_proto = skb->protocol;
3287
3288 if (from_proto == htons(ETH_P_IP) &&
3289 to_proto == htons(ETH_P_IPV6))
3290 return bpf_skb_proto_4_to_6(skb);
3291
3292 if (from_proto == htons(ETH_P_IPV6) &&
3293 to_proto == htons(ETH_P_IP))
3294 return bpf_skb_proto_6_to_4(skb);
3295
3296 return -ENOTSUPP;
3297}
3298
3299BPF_CALL_3(bpf_skb_change_proto, struct sk_buff *, skb, __be16, proto,
3300 u64, flags)
3301{
3302 int ret;
3303
3304 if (unlikely(flags))
3305 return -EINVAL;
3306
3307
3308
3309
3310
3311
3312
3313
3314
3315
3316
3317
3318
3319
3320
3321
3322
3323
3324 ret = bpf_skb_proto_xlat(skb, proto);
3325 bpf_compute_data_pointers(skb);
3326 return ret;
3327}
3328
3329static const struct bpf_func_proto bpf_skb_change_proto_proto = {
3330 .func = bpf_skb_change_proto,
3331 .gpl_only = false,
3332 .ret_type = RET_INTEGER,
3333 .arg1_type = ARG_PTR_TO_CTX,
3334 .arg2_type = ARG_ANYTHING,
3335 .arg3_type = ARG_ANYTHING,
3336};
3337
3338BPF_CALL_2(bpf_skb_change_type, struct sk_buff *, skb, u32, pkt_type)
3339{
3340
3341 if (unlikely(!skb_pkt_type_ok(skb->pkt_type) ||
3342 !skb_pkt_type_ok(pkt_type)))
3343 return -EINVAL;
3344
3345 skb->pkt_type = pkt_type;
3346 return 0;
3347}
3348
3349static const struct bpf_func_proto bpf_skb_change_type_proto = {
3350 .func = bpf_skb_change_type,
3351 .gpl_only = false,
3352 .ret_type = RET_INTEGER,
3353 .arg1_type = ARG_PTR_TO_CTX,
3354 .arg2_type = ARG_ANYTHING,
3355};
3356
3357static u32 bpf_skb_net_base_len(const struct sk_buff *skb)
3358{
3359 switch (skb->protocol) {
3360 case htons(ETH_P_IP):
3361 return sizeof(struct iphdr);
3362 case htons(ETH_P_IPV6):
3363 return sizeof(struct ipv6hdr);
3364 default:
3365 return ~0U;
3366 }
3367}
3368
3369#define BPF_F_ADJ_ROOM_ENCAP_L3_MASK (BPF_F_ADJ_ROOM_ENCAP_L3_IPV4 | \
3370 BPF_F_ADJ_ROOM_ENCAP_L3_IPV6)
3371
3372#define BPF_F_ADJ_ROOM_MASK (BPF_F_ADJ_ROOM_FIXED_GSO | \
3373 BPF_F_ADJ_ROOM_ENCAP_L3_MASK | \
3374 BPF_F_ADJ_ROOM_ENCAP_L4_GRE | \
3375 BPF_F_ADJ_ROOM_ENCAP_L4_UDP | \
3376 BPF_F_ADJ_ROOM_ENCAP_L2_ETH | \
3377 BPF_F_ADJ_ROOM_ENCAP_L2( \
3378 BPF_ADJ_ROOM_ENCAP_L2_MASK))
3379
3380static int bpf_skb_net_grow(struct sk_buff *skb, u32 off, u32 len_diff,
3381 u64 flags)
3382{
3383 u8 inner_mac_len = flags >> BPF_ADJ_ROOM_ENCAP_L2_SHIFT;
3384 bool encap = flags & BPF_F_ADJ_ROOM_ENCAP_L3_MASK;
3385 u16 mac_len = 0, inner_net = 0, inner_trans = 0;
3386 unsigned int gso_type = SKB_GSO_DODGY;
3387 int ret;
3388
3389 if (skb_is_gso(skb) && !skb_is_gso_tcp(skb)) {
3390
3391 if (!(skb_shinfo(skb)->gso_type & SKB_GSO_UDP_L4) ||
3392 !(flags & BPF_F_ADJ_ROOM_FIXED_GSO))
3393 return -ENOTSUPP;
3394 }
3395
3396 ret = skb_cow_head(skb, len_diff);
3397 if (unlikely(ret < 0))
3398 return ret;
3399
3400 if (encap) {
3401 if (skb->protocol != htons(ETH_P_IP) &&
3402 skb->protocol != htons(ETH_P_IPV6))
3403 return -ENOTSUPP;
3404
3405 if (flags & BPF_F_ADJ_ROOM_ENCAP_L3_IPV4 &&
3406 flags & BPF_F_ADJ_ROOM_ENCAP_L3_IPV6)
3407 return -EINVAL;
3408
3409 if (flags & BPF_F_ADJ_ROOM_ENCAP_L4_GRE &&
3410 flags & BPF_F_ADJ_ROOM_ENCAP_L4_UDP)
3411 return -EINVAL;
3412
3413 if (flags & BPF_F_ADJ_ROOM_ENCAP_L2_ETH &&
3414 inner_mac_len < ETH_HLEN)
3415 return -EINVAL;
3416
3417 if (skb->encapsulation)
3418 return -EALREADY;
3419
3420 mac_len = skb->network_header - skb->mac_header;
3421 inner_net = skb->network_header;
3422 if (inner_mac_len > len_diff)
3423 return -EINVAL;
3424 inner_trans = skb->transport_header;
3425 }
3426
3427 ret = bpf_skb_net_hdr_push(skb, off, len_diff);
3428 if (unlikely(ret < 0))
3429 return ret;
3430
3431 if (encap) {
3432 skb->inner_mac_header = inner_net - inner_mac_len;
3433 skb->inner_network_header = inner_net;
3434 skb->inner_transport_header = inner_trans;
3435
3436 if (flags & BPF_F_ADJ_ROOM_ENCAP_L2_ETH)
3437 skb_set_inner_protocol(skb, htons(ETH_P_TEB));
3438 else
3439 skb_set_inner_protocol(skb, skb->protocol);
3440
3441 skb->encapsulation = 1;
3442 skb_set_network_header(skb, mac_len);
3443
3444 if (flags & BPF_F_ADJ_ROOM_ENCAP_L4_UDP)
3445 gso_type |= SKB_GSO_UDP_TUNNEL;
3446 else if (flags & BPF_F_ADJ_ROOM_ENCAP_L4_GRE)
3447 gso_type |= SKB_GSO_GRE;
3448 else if (flags & BPF_F_ADJ_ROOM_ENCAP_L3_IPV6)
3449 gso_type |= SKB_GSO_IPXIP6;
3450 else if (flags & BPF_F_ADJ_ROOM_ENCAP_L3_IPV4)
3451 gso_type |= SKB_GSO_IPXIP4;
3452
3453 if (flags & BPF_F_ADJ_ROOM_ENCAP_L4_GRE ||
3454 flags & BPF_F_ADJ_ROOM_ENCAP_L4_UDP) {
3455 int nh_len = flags & BPF_F_ADJ_ROOM_ENCAP_L3_IPV6 ?
3456 sizeof(struct ipv6hdr) :
3457 sizeof(struct iphdr);
3458
3459 skb_set_transport_header(skb, mac_len + nh_len);
3460 }
3461
3462
3463 if (skb->protocol == htons(ETH_P_IP) &&
3464 flags & BPF_F_ADJ_ROOM_ENCAP_L3_IPV6)
3465 skb->protocol = htons(ETH_P_IPV6);
3466 else if (skb->protocol == htons(ETH_P_IPV6) &&
3467 flags & BPF_F_ADJ_ROOM_ENCAP_L3_IPV4)
3468 skb->protocol = htons(ETH_P_IP);
3469 }
3470
3471 if (skb_is_gso(skb)) {
3472 struct skb_shared_info *shinfo = skb_shinfo(skb);
3473
3474
3475 if (!(flags & BPF_F_ADJ_ROOM_FIXED_GSO))
3476 skb_decrease_gso_size(shinfo, len_diff);
3477
3478
3479 shinfo->gso_type |= gso_type;
3480 shinfo->gso_segs = 0;
3481 }
3482
3483 return 0;
3484}
3485
3486static int bpf_skb_net_shrink(struct sk_buff *skb, u32 off, u32 len_diff,
3487 u64 flags)
3488{
3489 int ret;
3490
3491 if (unlikely(flags & ~(BPF_F_ADJ_ROOM_FIXED_GSO |
3492 BPF_F_ADJ_ROOM_NO_CSUM_RESET)))
3493 return -EINVAL;
3494
3495 if (skb_is_gso(skb) && !skb_is_gso_tcp(skb)) {
3496
3497 if (!(skb_shinfo(skb)->gso_type & SKB_GSO_UDP_L4) ||
3498 !(flags & BPF_F_ADJ_ROOM_FIXED_GSO))
3499 return -ENOTSUPP;
3500 }
3501
3502 ret = skb_unclone(skb, GFP_ATOMIC);
3503 if (unlikely(ret < 0))
3504 return ret;
3505
3506 ret = bpf_skb_net_hdr_pop(skb, off, len_diff);
3507 if (unlikely(ret < 0))
3508 return ret;
3509
3510 if (skb_is_gso(skb)) {
3511 struct skb_shared_info *shinfo = skb_shinfo(skb);
3512
3513
3514 if (!(flags & BPF_F_ADJ_ROOM_FIXED_GSO))
3515 skb_increase_gso_size(shinfo, len_diff);
3516
3517
3518 shinfo->gso_type |= SKB_GSO_DODGY;
3519 shinfo->gso_segs = 0;
3520 }
3521
3522 return 0;
3523}
3524
3525#define BPF_SKB_MAX_LEN SKB_MAX_ALLOC
3526
3527BPF_CALL_4(sk_skb_adjust_room, struct sk_buff *, skb, s32, len_diff,
3528 u32, mode, u64, flags)
3529{
3530 u32 len_diff_abs = abs(len_diff);
3531 bool shrink = len_diff < 0;
3532 int ret = 0;
3533
3534 if (unlikely(flags || mode))
3535 return -EINVAL;
3536 if (unlikely(len_diff_abs > 0xfffU))
3537 return -EFAULT;
3538
3539 if (!shrink) {
3540 ret = skb_cow(skb, len_diff);
3541 if (unlikely(ret < 0))
3542 return ret;
3543 __skb_push(skb, len_diff_abs);
3544 memset(skb->data, 0, len_diff_abs);
3545 } else {
3546 if (unlikely(!pskb_may_pull(skb, len_diff_abs)))
3547 return -ENOMEM;
3548 __skb_pull(skb, len_diff_abs);
3549 }
3550 if (tls_sw_has_ctx_rx(skb->sk)) {
3551 struct strp_msg *rxm = strp_msg(skb);
3552
3553 rxm->full_len += len_diff;
3554 }
3555 return ret;
3556}
3557
3558static const struct bpf_func_proto sk_skb_adjust_room_proto = {
3559 .func = sk_skb_adjust_room,
3560 .gpl_only = false,
3561 .ret_type = RET_INTEGER,
3562 .arg1_type = ARG_PTR_TO_CTX,
3563 .arg2_type = ARG_ANYTHING,
3564 .arg3_type = ARG_ANYTHING,
3565 .arg4_type = ARG_ANYTHING,
3566};
3567
3568BPF_CALL_4(bpf_skb_adjust_room, struct sk_buff *, skb, s32, len_diff,
3569 u32, mode, u64, flags)
3570{
3571 u32 len_cur, len_diff_abs = abs(len_diff);
3572 u32 len_min = bpf_skb_net_base_len(skb);
3573 u32 len_max = BPF_SKB_MAX_LEN;
3574 __be16 proto = skb->protocol;
3575 bool shrink = len_diff < 0;
3576 u32 off;
3577 int ret;
3578
3579 if (unlikely(flags & ~(BPF_F_ADJ_ROOM_MASK |
3580 BPF_F_ADJ_ROOM_NO_CSUM_RESET)))
3581 return -EINVAL;
3582 if (unlikely(len_diff_abs > 0xfffU))
3583 return -EFAULT;
3584 if (unlikely(proto != htons(ETH_P_IP) &&
3585 proto != htons(ETH_P_IPV6)))
3586 return -ENOTSUPP;
3587
3588 off = skb_mac_header_len(skb);
3589 switch (mode) {
3590 case BPF_ADJ_ROOM_NET:
3591 off += bpf_skb_net_base_len(skb);
3592 break;
3593 case BPF_ADJ_ROOM_MAC:
3594 break;
3595 default:
3596 return -ENOTSUPP;
3597 }
3598
3599 len_cur = skb->len - skb_network_offset(skb);
3600 if ((shrink && (len_diff_abs >= len_cur ||
3601 len_cur - len_diff_abs < len_min)) ||
3602 (!shrink && (skb->len + len_diff_abs > len_max &&
3603 !skb_is_gso(skb))))
3604 return -ENOTSUPP;
3605
3606 ret = shrink ? bpf_skb_net_shrink(skb, off, len_diff_abs, flags) :
3607 bpf_skb_net_grow(skb, off, len_diff_abs, flags);
3608 if (!ret && !(flags & BPF_F_ADJ_ROOM_NO_CSUM_RESET))
3609 __skb_reset_checksum_unnecessary(skb);
3610
3611 bpf_compute_data_pointers(skb);
3612 return ret;
3613}
3614
3615static const struct bpf_func_proto bpf_skb_adjust_room_proto = {
3616 .func = bpf_skb_adjust_room,
3617 .gpl_only = false,
3618 .ret_type = RET_INTEGER,
3619 .arg1_type = ARG_PTR_TO_CTX,
3620 .arg2_type = ARG_ANYTHING,
3621 .arg3_type = ARG_ANYTHING,
3622 .arg4_type = ARG_ANYTHING,
3623};
3624
3625static u32 __bpf_skb_min_len(const struct sk_buff *skb)
3626{
3627 u32 min_len = skb_network_offset(skb);
3628
3629 if (skb_transport_header_was_set(skb))
3630 min_len = skb_transport_offset(skb);
3631 if (skb->ip_summed == CHECKSUM_PARTIAL)
3632 min_len = skb_checksum_start_offset(skb) +
3633 skb->csum_offset + sizeof(__sum16);
3634 return min_len;
3635}
3636
3637static int bpf_skb_grow_rcsum(struct sk_buff *skb, unsigned int new_len)
3638{
3639 unsigned int old_len = skb->len;
3640 int ret;
3641
3642 ret = __skb_grow_rcsum(skb, new_len);
3643 if (!ret)
3644 memset(skb->data + old_len, 0, new_len - old_len);
3645 return ret;
3646}
3647
3648static int bpf_skb_trim_rcsum(struct sk_buff *skb, unsigned int new_len)
3649{
3650 return __skb_trim_rcsum(skb, new_len);
3651}
3652
3653static inline int __bpf_skb_change_tail(struct sk_buff *skb, u32 new_len,
3654 u64 flags)
3655{
3656 u32 max_len = BPF_SKB_MAX_LEN;
3657 u32 min_len = __bpf_skb_min_len(skb);
3658 int ret;
3659
3660 if (unlikely(flags || new_len > max_len || new_len < min_len))
3661 return -EINVAL;
3662 if (skb->encapsulation)
3663 return -ENOTSUPP;
3664
3665
3666
3667
3668
3669
3670
3671
3672
3673
3674
3675
3676
3677
3678
3679
3680
3681 ret = __bpf_try_make_writable(skb, skb->len);
3682 if (!ret) {
3683 if (new_len > skb->len)
3684 ret = bpf_skb_grow_rcsum(skb, new_len);
3685 else if (new_len < skb->len)
3686 ret = bpf_skb_trim_rcsum(skb, new_len);
3687 if (!ret && skb_is_gso(skb))
3688 skb_gso_reset(skb);
3689 }
3690 return ret;
3691}
3692
3693BPF_CALL_3(bpf_skb_change_tail, struct sk_buff *, skb, u32, new_len,
3694 u64, flags)
3695{
3696 int ret = __bpf_skb_change_tail(skb, new_len, flags);
3697
3698 bpf_compute_data_pointers(skb);
3699 return ret;
3700}
3701
3702static const struct bpf_func_proto bpf_skb_change_tail_proto = {
3703 .func = bpf_skb_change_tail,
3704 .gpl_only = false,
3705 .ret_type = RET_INTEGER,
3706 .arg1_type = ARG_PTR_TO_CTX,
3707 .arg2_type = ARG_ANYTHING,
3708 .arg3_type = ARG_ANYTHING,
3709};
3710
3711BPF_CALL_3(sk_skb_change_tail, struct sk_buff *, skb, u32, new_len,
3712 u64, flags)
3713{
3714 return __bpf_skb_change_tail(skb, new_len, flags);
3715}
3716
3717static const struct bpf_func_proto sk_skb_change_tail_proto = {
3718 .func = sk_skb_change_tail,
3719 .gpl_only = false,
3720 .ret_type = RET_INTEGER,
3721 .arg1_type = ARG_PTR_TO_CTX,
3722 .arg2_type = ARG_ANYTHING,
3723 .arg3_type = ARG_ANYTHING,
3724};
3725
3726static inline int __bpf_skb_change_head(struct sk_buff *skb, u32 head_room,
3727 u64 flags)
3728{
3729 u32 max_len = BPF_SKB_MAX_LEN;
3730 u32 new_len = skb->len + head_room;
3731 int ret;
3732
3733 if (unlikely(flags || (!skb_is_gso(skb) && new_len > max_len) ||
3734 new_len < skb->len))
3735 return -EINVAL;
3736
3737 ret = skb_cow(skb, head_room);
3738 if (likely(!ret)) {
3739
3740
3741
3742
3743
3744
3745
3746
3747
3748 __skb_push(skb, head_room);
3749 memset(skb->data, 0, head_room);
3750 skb_reset_mac_header(skb);
3751 skb_reset_mac_len(skb);
3752 }
3753
3754 return ret;
3755}
3756
3757BPF_CALL_3(bpf_skb_change_head, struct sk_buff *, skb, u32, head_room,
3758 u64, flags)
3759{
3760 int ret = __bpf_skb_change_head(skb, head_room, flags);
3761
3762 bpf_compute_data_pointers(skb);
3763 return ret;
3764}
3765
3766static const struct bpf_func_proto bpf_skb_change_head_proto = {
3767 .func = bpf_skb_change_head,
3768 .gpl_only = false,
3769 .ret_type = RET_INTEGER,
3770 .arg1_type = ARG_PTR_TO_CTX,
3771 .arg2_type = ARG_ANYTHING,
3772 .arg3_type = ARG_ANYTHING,
3773};
3774
3775BPF_CALL_3(sk_skb_change_head, struct sk_buff *, skb, u32, head_room,
3776 u64, flags)
3777{
3778 return __bpf_skb_change_head(skb, head_room, flags);
3779}
3780
3781static const struct bpf_func_proto sk_skb_change_head_proto = {
3782 .func = sk_skb_change_head,
3783 .gpl_only = false,
3784 .ret_type = RET_INTEGER,
3785 .arg1_type = ARG_PTR_TO_CTX,
3786 .arg2_type = ARG_ANYTHING,
3787 .arg3_type = ARG_ANYTHING,
3788};
3789
3790BPF_CALL_1(bpf_xdp_get_buff_len, struct xdp_buff*, xdp)
3791{
3792 return xdp_get_buff_len(xdp);
3793}
3794
3795static const struct bpf_func_proto bpf_xdp_get_buff_len_proto = {
3796 .func = bpf_xdp_get_buff_len,
3797 .gpl_only = false,
3798 .ret_type = RET_INTEGER,
3799 .arg1_type = ARG_PTR_TO_CTX,
3800};
3801
3802BTF_ID_LIST_SINGLE(bpf_xdp_get_buff_len_bpf_ids, struct, xdp_buff)
3803
3804const struct bpf_func_proto bpf_xdp_get_buff_len_trace_proto = {
3805 .func = bpf_xdp_get_buff_len,
3806 .gpl_only = false,
3807 .arg1_type = ARG_PTR_TO_BTF_ID,
3808 .arg1_btf_id = &bpf_xdp_get_buff_len_bpf_ids[0],
3809};
3810
3811static unsigned long xdp_get_metalen(const struct xdp_buff *xdp)
3812{
3813 return xdp_data_meta_unsupported(xdp) ? 0 :
3814 xdp->data - xdp->data_meta;
3815}
3816
3817BPF_CALL_2(bpf_xdp_adjust_head, struct xdp_buff *, xdp, int, offset)
3818{
3819 void *xdp_frame_end = xdp->data_hard_start + sizeof(struct xdp_frame);
3820 unsigned long metalen = xdp_get_metalen(xdp);
3821 void *data_start = xdp_frame_end + metalen;
3822 void *data = xdp->data + offset;
3823
3824 if (unlikely(data < data_start ||
3825 data > xdp->data_end - ETH_HLEN))
3826 return -EINVAL;
3827
3828 if (metalen)
3829 memmove(xdp->data_meta + offset,
3830 xdp->data_meta, metalen);
3831 xdp->data_meta += offset;
3832 xdp->data = data;
3833
3834 return 0;
3835}
3836
3837static const struct bpf_func_proto bpf_xdp_adjust_head_proto = {
3838 .func = bpf_xdp_adjust_head,
3839 .gpl_only = false,
3840 .ret_type = RET_INTEGER,
3841 .arg1_type = ARG_PTR_TO_CTX,
3842 .arg2_type = ARG_ANYTHING,
3843};
3844
3845static void bpf_xdp_copy_buf(struct xdp_buff *xdp, unsigned long off,
3846 void *buf, unsigned long len, bool flush)
3847{
3848 unsigned long ptr_len, ptr_off = 0;
3849 skb_frag_t *next_frag, *end_frag;
3850 struct skb_shared_info *sinfo;
3851 void *src, *dst;
3852 u8 *ptr_buf;
3853
3854 if (likely(xdp->data_end - xdp->data >= off + len)) {
3855 src = flush ? buf : xdp->data + off;
3856 dst = flush ? xdp->data + off : buf;
3857 memcpy(dst, src, len);
3858 return;
3859 }
3860
3861 sinfo = xdp_get_shared_info_from_buff(xdp);
3862 end_frag = &sinfo->frags[sinfo->nr_frags];
3863 next_frag = &sinfo->frags[0];
3864
3865 ptr_len = xdp->data_end - xdp->data;
3866 ptr_buf = xdp->data;
3867
3868 while (true) {
3869 if (off < ptr_off + ptr_len) {
3870 unsigned long copy_off = off - ptr_off;
3871 unsigned long copy_len = min(len, ptr_len - copy_off);
3872
3873 src = flush ? buf : ptr_buf + copy_off;
3874 dst = flush ? ptr_buf + copy_off : buf;
3875 memcpy(dst, src, copy_len);
3876
3877 off += copy_len;
3878 len -= copy_len;
3879 buf += copy_len;
3880 }
3881
3882 if (!len || next_frag == end_frag)
3883 break;
3884
3885 ptr_off += ptr_len;
3886 ptr_buf = skb_frag_address(next_frag);
3887 ptr_len = skb_frag_size(next_frag);
3888 next_frag++;
3889 }
3890}
3891
3892static void *bpf_xdp_pointer(struct xdp_buff *xdp, u32 offset, u32 len)
3893{
3894 struct skb_shared_info *sinfo = xdp_get_shared_info_from_buff(xdp);
3895 u32 size = xdp->data_end - xdp->data;
3896 void *addr = xdp->data;
3897 int i;
3898
3899 if (unlikely(offset > 0xffff || len > 0xffff))
3900 return ERR_PTR(-EFAULT);
3901
3902 if (offset + len > xdp_get_buff_len(xdp))
3903 return ERR_PTR(-EINVAL);
3904
3905 if (offset < size)
3906 goto out;
3907
3908 offset -= size;
3909 for (i = 0; i < sinfo->nr_frags; i++) {
3910 u32 frag_size = skb_frag_size(&sinfo->frags[i]);
3911
3912 if (offset < frag_size) {
3913 addr = skb_frag_address(&sinfo->frags[i]);
3914 size = frag_size;
3915 break;
3916 }
3917 offset -= frag_size;
3918 }
3919out:
3920 return offset + len < size ? addr + offset : NULL;
3921}
3922
3923BPF_CALL_4(bpf_xdp_load_bytes, struct xdp_buff *, xdp, u32, offset,
3924 void *, buf, u32, len)
3925{
3926 void *ptr;
3927
3928 ptr = bpf_xdp_pointer(xdp, offset, len);
3929 if (IS_ERR(ptr))
3930 return PTR_ERR(ptr);
3931
3932 if (!ptr)
3933 bpf_xdp_copy_buf(xdp, offset, buf, len, false);
3934 else
3935 memcpy(buf, ptr, len);
3936
3937 return 0;
3938}
3939
3940static const struct bpf_func_proto bpf_xdp_load_bytes_proto = {
3941 .func = bpf_xdp_load_bytes,
3942 .gpl_only = false,
3943 .ret_type = RET_INTEGER,
3944 .arg1_type = ARG_PTR_TO_CTX,
3945 .arg2_type = ARG_ANYTHING,
3946 .arg3_type = ARG_PTR_TO_UNINIT_MEM,
3947 .arg4_type = ARG_CONST_SIZE,
3948};
3949
3950BPF_CALL_4(bpf_xdp_store_bytes, struct xdp_buff *, xdp, u32, offset,
3951 void *, buf, u32, len)
3952{
3953 void *ptr;
3954
3955 ptr = bpf_xdp_pointer(xdp, offset, len);
3956 if (IS_ERR(ptr))
3957 return PTR_ERR(ptr);
3958
3959 if (!ptr)
3960 bpf_xdp_copy_buf(xdp, offset, buf, len, true);
3961 else
3962 memcpy(ptr, buf, len);
3963
3964 return 0;
3965}
3966
3967static const struct bpf_func_proto bpf_xdp_store_bytes_proto = {
3968 .func = bpf_xdp_store_bytes,
3969 .gpl_only = false,
3970 .ret_type = RET_INTEGER,
3971 .arg1_type = ARG_PTR_TO_CTX,
3972 .arg2_type = ARG_ANYTHING,
3973 .arg3_type = ARG_PTR_TO_UNINIT_MEM,
3974 .arg4_type = ARG_CONST_SIZE,
3975};
3976
3977static int bpf_xdp_frags_increase_tail(struct xdp_buff *xdp, int offset)
3978{
3979 struct skb_shared_info *sinfo = xdp_get_shared_info_from_buff(xdp);
3980 skb_frag_t *frag = &sinfo->frags[sinfo->nr_frags - 1];
3981 struct xdp_rxq_info *rxq = xdp->rxq;
3982 unsigned int tailroom;
3983
3984 if (!rxq->frag_size || rxq->frag_size > xdp->frame_sz)
3985 return -EOPNOTSUPP;
3986
3987 tailroom = rxq->frag_size - skb_frag_size(frag) - skb_frag_off(frag);
3988 if (unlikely(offset > tailroom))
3989 return -EINVAL;
3990
3991 memset(skb_frag_address(frag) + skb_frag_size(frag), 0, offset);
3992 skb_frag_size_add(frag, offset);
3993 sinfo->xdp_frags_size += offset;
3994
3995 return 0;
3996}
3997
3998static int bpf_xdp_frags_shrink_tail(struct xdp_buff *xdp, int offset)
3999{
4000 struct skb_shared_info *sinfo = xdp_get_shared_info_from_buff(xdp);
4001 int i, n_frags_free = 0, len_free = 0;
4002
4003 if (unlikely(offset > (int)xdp_get_buff_len(xdp) - ETH_HLEN))
4004 return -EINVAL;
4005
4006 for (i = sinfo->nr_frags - 1; i >= 0 && offset > 0; i--) {
4007 skb_frag_t *frag = &sinfo->frags[i];
4008 int shrink = min_t(int, offset, skb_frag_size(frag));
4009
4010 len_free += shrink;
4011 offset -= shrink;
4012
4013 if (skb_frag_size(frag) == shrink) {
4014 struct page *page = skb_frag_page(frag);
4015
4016 __xdp_return(page_address(page), &xdp->rxq->mem,
4017 false, NULL);
4018 n_frags_free++;
4019 } else {
4020 skb_frag_size_sub(frag, shrink);
4021 break;
4022 }
4023 }
4024 sinfo->nr_frags -= n_frags_free;
4025 sinfo->xdp_frags_size -= len_free;
4026
4027 if (unlikely(!sinfo->nr_frags)) {
4028 xdp_buff_clear_frags_flag(xdp);
4029 xdp->data_end -= offset;
4030 }
4031
4032 return 0;
4033}
4034
4035BPF_CALL_2(bpf_xdp_adjust_tail, struct xdp_buff *, xdp, int, offset)
4036{
4037 void *data_hard_end = xdp_data_hard_end(xdp);
4038 void *data_end = xdp->data_end + offset;
4039
4040 if (unlikely(xdp_buff_has_frags(xdp))) {
4041 if (offset < 0)
4042 return bpf_xdp_frags_shrink_tail(xdp, -offset);
4043
4044 return bpf_xdp_frags_increase_tail(xdp, offset);
4045 }
4046
4047
4048 if (unlikely(data_end > data_hard_end))
4049 return -EINVAL;
4050
4051
4052 if (unlikely(xdp->frame_sz > PAGE_SIZE)) {
4053 WARN_ONCE(1, "Too BIG xdp->frame_sz = %d\n", xdp->frame_sz);
4054 return -EINVAL;
4055 }
4056
4057 if (unlikely(data_end < xdp->data + ETH_HLEN))
4058 return -EINVAL;
4059
4060
4061 if (offset > 0)
4062 memset(xdp->data_end, 0, offset);
4063
4064 xdp->data_end = data_end;
4065
4066 return 0;
4067}
4068
4069static const struct bpf_func_proto bpf_xdp_adjust_tail_proto = {
4070 .func = bpf_xdp_adjust_tail,
4071 .gpl_only = false,
4072 .ret_type = RET_INTEGER,
4073 .arg1_type = ARG_PTR_TO_CTX,
4074 .arg2_type = ARG_ANYTHING,
4075};
4076
4077BPF_CALL_2(bpf_xdp_adjust_meta, struct xdp_buff *, xdp, int, offset)
4078{
4079 void *xdp_frame_end = xdp->data_hard_start + sizeof(struct xdp_frame);
4080 void *meta = xdp->data_meta + offset;
4081 unsigned long metalen = xdp->data - meta;
4082
4083 if (xdp_data_meta_unsupported(xdp))
4084 return -ENOTSUPP;
4085 if (unlikely(meta < xdp_frame_end ||
4086 meta > xdp->data))
4087 return -EINVAL;
4088 if (unlikely(xdp_metalen_invalid(metalen)))
4089 return -EACCES;
4090
4091 xdp->data_meta = meta;
4092
4093 return 0;
4094}
4095
4096static const struct bpf_func_proto bpf_xdp_adjust_meta_proto = {
4097 .func = bpf_xdp_adjust_meta,
4098 .gpl_only = false,
4099 .ret_type = RET_INTEGER,
4100 .arg1_type = ARG_PTR_TO_CTX,
4101 .arg2_type = ARG_ANYTHING,
4102};
4103
4104
4105
4106
4107
4108
4109
4110
4111
4112
4113
4114
4115
4116
4117
4118
4119
4120
4121
4122
4123
4124
4125
4126
4127
4128
4129
4130
4131
4132void xdp_do_flush(void)
4133{
4134 __dev_flush();
4135 __cpu_map_flush();
4136 __xsk_map_flush();
4137}
4138EXPORT_SYMBOL_GPL(xdp_do_flush);
4139
4140void bpf_clear_redirect_map(struct bpf_map *map)
4141{
4142 struct bpf_redirect_info *ri;
4143 int cpu;
4144
4145 for_each_possible_cpu(cpu) {
4146 ri = per_cpu_ptr(&bpf_redirect_info, cpu);
4147
4148
4149
4150
4151
4152 if (unlikely(READ_ONCE(ri->map) == map))
4153 cmpxchg(&ri->map, map, NULL);
4154 }
4155}
4156
4157DEFINE_STATIC_KEY_FALSE(bpf_master_redirect_enabled_key);
4158EXPORT_SYMBOL_GPL(bpf_master_redirect_enabled_key);
4159
4160u32 xdp_master_redirect(struct xdp_buff *xdp)
4161{
4162 struct net_device *master, *slave;
4163 struct bpf_redirect_info *ri = this_cpu_ptr(&bpf_redirect_info);
4164
4165 master = netdev_master_upper_dev_get_rcu(xdp->rxq->dev);
4166 slave = master->netdev_ops->ndo_xdp_get_xmit_slave(master, xdp);
4167 if (slave && slave != xdp->rxq->dev) {
4168
4169
4170
4171
4172
4173 ri->tgt_index = slave->ifindex;
4174 ri->map_id = INT_MAX;
4175 ri->map_type = BPF_MAP_TYPE_UNSPEC;
4176 return XDP_REDIRECT;
4177 }
4178 return XDP_TX;
4179}
4180EXPORT_SYMBOL_GPL(xdp_master_redirect);
4181
4182static inline int __xdp_do_redirect_xsk(struct bpf_redirect_info *ri,
4183 struct net_device *dev,
4184 struct xdp_buff *xdp,
4185 struct bpf_prog *xdp_prog)
4186{
4187 enum bpf_map_type map_type = ri->map_type;
4188 void *fwd = ri->tgt_value;
4189 u32 map_id = ri->map_id;
4190 int err;
4191
4192 ri->map_id = 0;
4193 ri->map_type = BPF_MAP_TYPE_UNSPEC;
4194
4195 err = __xsk_map_redirect(fwd, xdp);
4196 if (unlikely(err))
4197 goto err;
4198
4199 _trace_xdp_redirect_map(dev, xdp_prog, fwd, map_type, map_id, ri->tgt_index);
4200 return 0;
4201err:
4202 _trace_xdp_redirect_map_err(dev, xdp_prog, fwd, map_type, map_id, ri->tgt_index, err);
4203 return err;
4204}
4205
4206static __always_inline int __xdp_do_redirect_frame(struct bpf_redirect_info *ri,
4207 struct net_device *dev,
4208 struct xdp_frame *xdpf,
4209 struct bpf_prog *xdp_prog)
4210{
4211 enum bpf_map_type map_type = ri->map_type;
4212 void *fwd = ri->tgt_value;
4213 u32 map_id = ri->map_id;
4214 struct bpf_map *map;
4215 int err;
4216
4217 ri->map_id = 0;
4218 ri->map_type = BPF_MAP_TYPE_UNSPEC;
4219
4220 if (unlikely(!xdpf)) {
4221 err = -EOVERFLOW;
4222 goto err;
4223 }
4224
4225 switch (map_type) {
4226 case BPF_MAP_TYPE_DEVMAP:
4227 fallthrough;
4228 case BPF_MAP_TYPE_DEVMAP_HASH:
4229 map = READ_ONCE(ri->map);
4230 if (unlikely(map)) {
4231 WRITE_ONCE(ri->map, NULL);
4232 err = dev_map_enqueue_multi(xdpf, dev, map,
4233 ri->flags & BPF_F_EXCLUDE_INGRESS);
4234 } else {
4235 err = dev_map_enqueue(fwd, xdpf, dev);
4236 }
4237 break;
4238 case BPF_MAP_TYPE_CPUMAP:
4239 err = cpu_map_enqueue(fwd, xdpf, dev);
4240 break;
4241 case BPF_MAP_TYPE_UNSPEC:
4242 if (map_id == INT_MAX) {
4243 fwd = dev_get_by_index_rcu(dev_net(dev), ri->tgt_index);
4244 if (unlikely(!fwd)) {
4245 err = -EINVAL;
4246 break;
4247 }
4248 err = dev_xdp_enqueue(fwd, xdpf, dev);
4249 break;
4250 }
4251 fallthrough;
4252 default:
4253 err = -EBADRQC;
4254 }
4255
4256 if (unlikely(err))
4257 goto err;
4258
4259 _trace_xdp_redirect_map(dev, xdp_prog, fwd, map_type, map_id, ri->tgt_index);
4260 return 0;
4261err:
4262 _trace_xdp_redirect_map_err(dev, xdp_prog, fwd, map_type, map_id, ri->tgt_index, err);
4263 return err;
4264}
4265
4266int xdp_do_redirect(struct net_device *dev, struct xdp_buff *xdp,
4267 struct bpf_prog *xdp_prog)
4268{
4269 struct bpf_redirect_info *ri = this_cpu_ptr(&bpf_redirect_info);
4270 enum bpf_map_type map_type = ri->map_type;
4271
4272
4273
4274
4275
4276 if (unlikely(xdp_buff_has_frags(xdp) &&
4277 map_type != BPF_MAP_TYPE_CPUMAP))
4278 return -EOPNOTSUPP;
4279
4280 if (map_type == BPF_MAP_TYPE_XSKMAP)
4281 return __xdp_do_redirect_xsk(ri, dev, xdp, xdp_prog);
4282
4283 return __xdp_do_redirect_frame(ri, dev, xdp_convert_buff_to_frame(xdp),
4284 xdp_prog);
4285}
4286EXPORT_SYMBOL_GPL(xdp_do_redirect);
4287
4288int xdp_do_redirect_frame(struct net_device *dev, struct xdp_buff *xdp,
4289 struct xdp_frame *xdpf, struct bpf_prog *xdp_prog)
4290{
4291 struct bpf_redirect_info *ri = this_cpu_ptr(&bpf_redirect_info);
4292 enum bpf_map_type map_type = ri->map_type;
4293
4294 if (map_type == BPF_MAP_TYPE_XSKMAP)
4295 return __xdp_do_redirect_xsk(ri, dev, xdp, xdp_prog);
4296
4297 return __xdp_do_redirect_frame(ri, dev, xdpf, xdp_prog);
4298}
4299EXPORT_SYMBOL_GPL(xdp_do_redirect_frame);
4300
4301static int xdp_do_generic_redirect_map(struct net_device *dev,
4302 struct sk_buff *skb,
4303 struct xdp_buff *xdp,
4304 struct bpf_prog *xdp_prog,
4305 void *fwd,
4306 enum bpf_map_type map_type, u32 map_id)
4307{
4308 struct bpf_redirect_info *ri = this_cpu_ptr(&bpf_redirect_info);
4309 struct bpf_map *map;
4310 int err;
4311
4312 switch (map_type) {
4313 case BPF_MAP_TYPE_DEVMAP:
4314 fallthrough;
4315 case BPF_MAP_TYPE_DEVMAP_HASH:
4316 map = READ_ONCE(ri->map);
4317 if (unlikely(map)) {
4318 WRITE_ONCE(ri->map, NULL);
4319 err = dev_map_redirect_multi(dev, skb, xdp_prog, map,
4320 ri->flags & BPF_F_EXCLUDE_INGRESS);
4321 } else {
4322 err = dev_map_generic_redirect(fwd, skb, xdp_prog);
4323 }
4324 if (unlikely(err))
4325 goto err;
4326 break;
4327 case BPF_MAP_TYPE_XSKMAP:
4328 err = xsk_generic_rcv(fwd, xdp);
4329 if (err)
4330 goto err;
4331 consume_skb(skb);
4332 break;
4333 case BPF_MAP_TYPE_CPUMAP:
4334 err = cpu_map_generic_redirect(fwd, skb);
4335 if (unlikely(err))
4336 goto err;
4337 break;
4338 default:
4339 err = -EBADRQC;
4340 goto err;
4341 }
4342
4343 _trace_xdp_redirect_map(dev, xdp_prog, fwd, map_type, map_id, ri->tgt_index);
4344 return 0;
4345err:
4346 _trace_xdp_redirect_map_err(dev, xdp_prog, fwd, map_type, map_id, ri->tgt_index, err);
4347 return err;
4348}
4349
4350int xdp_do_generic_redirect(struct net_device *dev, struct sk_buff *skb,
4351 struct xdp_buff *xdp, struct bpf_prog *xdp_prog)
4352{
4353 struct bpf_redirect_info *ri = this_cpu_ptr(&bpf_redirect_info);
4354 enum bpf_map_type map_type = ri->map_type;
4355 void *fwd = ri->tgt_value;
4356 u32 map_id = ri->map_id;
4357 int err;
4358
4359 ri->map_id = 0;
4360 ri->map_type = BPF_MAP_TYPE_UNSPEC;
4361
4362 if (map_type == BPF_MAP_TYPE_UNSPEC && map_id == INT_MAX) {
4363 fwd = dev_get_by_index_rcu(dev_net(dev), ri->tgt_index);
4364 if (unlikely(!fwd)) {
4365 err = -EINVAL;
4366 goto err;
4367 }
4368
4369 err = xdp_ok_fwd_dev(fwd, skb->len);
4370 if (unlikely(err))
4371 goto err;
4372
4373 skb->dev = fwd;
4374 _trace_xdp_redirect(dev, xdp_prog, ri->tgt_index);
4375 generic_xdp_tx(skb, xdp_prog);
4376 return 0;
4377 }
4378
4379 return xdp_do_generic_redirect_map(dev, skb, xdp, xdp_prog, fwd, map_type, map_id);
4380err:
4381 _trace_xdp_redirect_err(dev, xdp_prog, ri->tgt_index, err);
4382 return err;
4383}
4384
4385BPF_CALL_2(bpf_xdp_redirect, u32, ifindex, u64, flags)
4386{
4387 struct bpf_redirect_info *ri = this_cpu_ptr(&bpf_redirect_info);
4388
4389 if (unlikely(flags))
4390 return XDP_ABORTED;
4391
4392
4393
4394
4395 ri->tgt_index = ifindex;
4396 ri->map_id = INT_MAX;
4397 ri->map_type = BPF_MAP_TYPE_UNSPEC;
4398
4399 return XDP_REDIRECT;
4400}
4401
4402static const struct bpf_func_proto bpf_xdp_redirect_proto = {
4403 .func = bpf_xdp_redirect,
4404 .gpl_only = false,
4405 .ret_type = RET_INTEGER,
4406 .arg1_type = ARG_ANYTHING,
4407 .arg2_type = ARG_ANYTHING,
4408};
4409
4410BPF_CALL_3(bpf_xdp_redirect_map, struct bpf_map *, map, u32, ifindex,
4411 u64, flags)
4412{
4413 return map->ops->map_redirect(map, ifindex, flags);
4414}
4415
4416static const struct bpf_func_proto bpf_xdp_redirect_map_proto = {
4417 .func = bpf_xdp_redirect_map,
4418 .gpl_only = false,
4419 .ret_type = RET_INTEGER,
4420 .arg1_type = ARG_CONST_MAP_PTR,
4421 .arg2_type = ARG_ANYTHING,
4422 .arg3_type = ARG_ANYTHING,
4423};
4424
4425static unsigned long bpf_skb_copy(void *dst_buff, const void *skb,
4426 unsigned long off, unsigned long len)
4427{
4428 void *ptr = skb_header_pointer(skb, off, len, dst_buff);
4429
4430 if (unlikely(!ptr))
4431 return len;
4432 if (ptr != dst_buff)
4433 memcpy(dst_buff, ptr, len);
4434
4435 return 0;
4436}
4437
4438BPF_CALL_5(bpf_skb_event_output, struct sk_buff *, skb, struct bpf_map *, map,
4439 u64, flags, void *, meta, u64, meta_size)
4440{
4441 u64 skb_size = (flags & BPF_F_CTXLEN_MASK) >> 32;
4442
4443 if (unlikely(flags & ~(BPF_F_CTXLEN_MASK | BPF_F_INDEX_MASK)))
4444 return -EINVAL;
4445 if (unlikely(!skb || skb_size > skb->len))
4446 return -EFAULT;
4447
4448 return bpf_event_output(map, flags, meta, meta_size, skb, skb_size,
4449 bpf_skb_copy);
4450}
4451
4452static const struct bpf_func_proto bpf_skb_event_output_proto = {
4453 .func = bpf_skb_event_output,
4454 .gpl_only = true,
4455 .ret_type = RET_INTEGER,
4456 .arg1_type = ARG_PTR_TO_CTX,
4457 .arg2_type = ARG_CONST_MAP_PTR,
4458 .arg3_type = ARG_ANYTHING,
4459 .arg4_type = ARG_PTR_TO_MEM | MEM_RDONLY,
4460 .arg5_type = ARG_CONST_SIZE_OR_ZERO,
4461};
4462
4463BTF_ID_LIST_SINGLE(bpf_skb_output_btf_ids, struct, sk_buff)
4464
4465const struct bpf_func_proto bpf_skb_output_proto = {
4466 .func = bpf_skb_event_output,
4467 .gpl_only = true,
4468 .ret_type = RET_INTEGER,
4469 .arg1_type = ARG_PTR_TO_BTF_ID,
4470 .arg1_btf_id = &bpf_skb_output_btf_ids[0],
4471 .arg2_type = ARG_CONST_MAP_PTR,
4472 .arg3_type = ARG_ANYTHING,
4473 .arg4_type = ARG_PTR_TO_MEM | MEM_RDONLY,
4474 .arg5_type = ARG_CONST_SIZE_OR_ZERO,
4475};
4476
4477static unsigned short bpf_tunnel_key_af(u64 flags)
4478{
4479 return flags & BPF_F_TUNINFO_IPV6 ? AF_INET6 : AF_INET;
4480}
4481
4482BPF_CALL_4(bpf_skb_get_tunnel_key, struct sk_buff *, skb, struct bpf_tunnel_key *, to,
4483 u32, size, u64, flags)
4484{
4485 const struct ip_tunnel_info *info = skb_tunnel_info(skb);
4486 u8 compat[sizeof(struct bpf_tunnel_key)];
4487 void *to_orig = to;
4488 int err;
4489
4490 if (unlikely(!info || (flags & ~(BPF_F_TUNINFO_IPV6)))) {
4491 err = -EINVAL;
4492 goto err_clear;
4493 }
4494 if (ip_tunnel_info_af(info) != bpf_tunnel_key_af(flags)) {
4495 err = -EPROTO;
4496 goto err_clear;
4497 }
4498 if (unlikely(size != sizeof(struct bpf_tunnel_key))) {
4499 err = -EINVAL;
4500 switch (size) {
4501 case offsetof(struct bpf_tunnel_key, tunnel_label):
4502 case offsetof(struct bpf_tunnel_key, tunnel_ext):
4503 goto set_compat;
4504 case offsetof(struct bpf_tunnel_key, remote_ipv6[1]):
4505
4506
4507
4508 if (ip_tunnel_info_af(info) != AF_INET)
4509 goto err_clear;
4510set_compat:
4511 to = (struct bpf_tunnel_key *)compat;
4512 break;
4513 default:
4514 goto err_clear;
4515 }
4516 }
4517
4518 to->tunnel_id = be64_to_cpu(info->key.tun_id);
4519 to->tunnel_tos = info->key.tos;
4520 to->tunnel_ttl = info->key.ttl;
4521 to->tunnel_ext = 0;
4522
4523 if (flags & BPF_F_TUNINFO_IPV6) {
4524 memcpy(to->remote_ipv6, &info->key.u.ipv6.src,
4525 sizeof(to->remote_ipv6));
4526 to->tunnel_label = be32_to_cpu(info->key.label);
4527 } else {
4528 to->remote_ipv4 = be32_to_cpu(info->key.u.ipv4.src);
4529 memset(&to->remote_ipv6[1], 0, sizeof(__u32) * 3);
4530 to->tunnel_label = 0;
4531 }
4532
4533 if (unlikely(size != sizeof(struct bpf_tunnel_key)))
4534 memcpy(to_orig, to, size);
4535
4536 return 0;
4537err_clear:
4538 memset(to_orig, 0, size);
4539 return err;
4540}
4541
4542static const struct bpf_func_proto bpf_skb_get_tunnel_key_proto = {
4543 .func = bpf_skb_get_tunnel_key,
4544 .gpl_only = false,
4545 .ret_type = RET_INTEGER,
4546 .arg1_type = ARG_PTR_TO_CTX,
4547 .arg2_type = ARG_PTR_TO_UNINIT_MEM,
4548 .arg3_type = ARG_CONST_SIZE,
4549 .arg4_type = ARG_ANYTHING,
4550};
4551
4552BPF_CALL_3(bpf_skb_get_tunnel_opt, struct sk_buff *, skb, u8 *, to, u32, size)
4553{
4554 const struct ip_tunnel_info *info = skb_tunnel_info(skb);
4555 int err;
4556
4557 if (unlikely(!info ||
4558 !(info->key.tun_flags & TUNNEL_OPTIONS_PRESENT))) {
4559 err = -ENOENT;
4560 goto err_clear;
4561 }
4562 if (unlikely(size < info->options_len)) {
4563 err = -ENOMEM;
4564 goto err_clear;
4565 }
4566
4567 ip_tunnel_info_opts_get(to, info);
4568 if (size > info->options_len)
4569 memset(to + info->options_len, 0, size - info->options_len);
4570
4571 return info->options_len;
4572err_clear:
4573 memset(to, 0, size);
4574 return err;
4575}
4576
4577static const struct bpf_func_proto bpf_skb_get_tunnel_opt_proto = {
4578 .func = bpf_skb_get_tunnel_opt,
4579 .gpl_only = false,
4580 .ret_type = RET_INTEGER,
4581 .arg1_type = ARG_PTR_TO_CTX,
4582 .arg2_type = ARG_PTR_TO_UNINIT_MEM,
4583 .arg3_type = ARG_CONST_SIZE,
4584};
4585
4586static struct metadata_dst __percpu *md_dst;
4587
4588BPF_CALL_4(bpf_skb_set_tunnel_key, struct sk_buff *, skb,
4589 const struct bpf_tunnel_key *, from, u32, size, u64, flags)
4590{
4591 struct metadata_dst *md = this_cpu_ptr(md_dst);
4592 u8 compat[sizeof(struct bpf_tunnel_key)];
4593 struct ip_tunnel_info *info;
4594
4595 if (unlikely(flags & ~(BPF_F_TUNINFO_IPV6 | BPF_F_ZERO_CSUM_TX |
4596 BPF_F_DONT_FRAGMENT | BPF_F_SEQ_NUMBER)))
4597 return -EINVAL;
4598 if (unlikely(size != sizeof(struct bpf_tunnel_key))) {
4599 switch (size) {
4600 case offsetof(struct bpf_tunnel_key, tunnel_label):
4601 case offsetof(struct bpf_tunnel_key, tunnel_ext):
4602 case offsetof(struct bpf_tunnel_key, remote_ipv6[1]):
4603
4604
4605
4606 memcpy(compat, from, size);
4607 memset(compat + size, 0, sizeof(compat) - size);
4608 from = (const struct bpf_tunnel_key *) compat;
4609 break;
4610 default:
4611 return -EINVAL;
4612 }
4613 }
4614 if (unlikely((!(flags & BPF_F_TUNINFO_IPV6) && from->tunnel_label) ||
4615 from->tunnel_ext))
4616 return -EINVAL;
4617
4618 skb_dst_drop(skb);
4619 dst_hold((struct dst_entry *) md);
4620 skb_dst_set(skb, (struct dst_entry *) md);
4621
4622 info = &md->u.tun_info;
4623 memset(info, 0, sizeof(*info));
4624 info->mode = IP_TUNNEL_INFO_TX;
4625
4626 info->key.tun_flags = TUNNEL_KEY | TUNNEL_CSUM | TUNNEL_NOCACHE;
4627 if (flags & BPF_F_DONT_FRAGMENT)
4628 info->key.tun_flags |= TUNNEL_DONT_FRAGMENT;
4629 if (flags & BPF_F_ZERO_CSUM_TX)
4630 info->key.tun_flags &= ~TUNNEL_CSUM;
4631 if (flags & BPF_F_SEQ_NUMBER)
4632 info->key.tun_flags |= TUNNEL_SEQ;
4633
4634 info->key.tun_id = cpu_to_be64(from->tunnel_id);
4635 info->key.tos = from->tunnel_tos;
4636 info->key.ttl = from->tunnel_ttl;
4637
4638 if (flags & BPF_F_TUNINFO_IPV6) {
4639 info->mode |= IP_TUNNEL_INFO_IPV6;
4640 memcpy(&info->key.u.ipv6.dst, from->remote_ipv6,
4641 sizeof(from->remote_ipv6));
4642 info->key.label = cpu_to_be32(from->tunnel_label) &
4643 IPV6_FLOWLABEL_MASK;
4644 } else {
4645 info->key.u.ipv4.dst = cpu_to_be32(from->remote_ipv4);
4646 }
4647
4648 return 0;
4649}
4650
4651static const struct bpf_func_proto bpf_skb_set_tunnel_key_proto = {
4652 .func = bpf_skb_set_tunnel_key,
4653 .gpl_only = false,
4654 .ret_type = RET_INTEGER,
4655 .arg1_type = ARG_PTR_TO_CTX,
4656 .arg2_type = ARG_PTR_TO_MEM | MEM_RDONLY,
4657 .arg3_type = ARG_CONST_SIZE,
4658 .arg4_type = ARG_ANYTHING,
4659};
4660
4661BPF_CALL_3(bpf_skb_set_tunnel_opt, struct sk_buff *, skb,
4662 const u8 *, from, u32, size)
4663{
4664 struct ip_tunnel_info *info = skb_tunnel_info(skb);
4665 const struct metadata_dst *md = this_cpu_ptr(md_dst);
4666
4667 if (unlikely(info != &md->u.tun_info || (size & (sizeof(u32) - 1))))
4668 return -EINVAL;
4669 if (unlikely(size > IP_TUNNEL_OPTS_MAX))
4670 return -ENOMEM;
4671
4672 ip_tunnel_info_opts_set(info, from, size, TUNNEL_OPTIONS_PRESENT);
4673
4674 return 0;
4675}
4676
4677static const struct bpf_func_proto bpf_skb_set_tunnel_opt_proto = {
4678 .func = bpf_skb_set_tunnel_opt,
4679 .gpl_only = false,
4680 .ret_type = RET_INTEGER,
4681 .arg1_type = ARG_PTR_TO_CTX,
4682 .arg2_type = ARG_PTR_TO_MEM | MEM_RDONLY,
4683 .arg3_type = ARG_CONST_SIZE,
4684};
4685
4686static const struct bpf_func_proto *
4687bpf_get_skb_set_tunnel_proto(enum bpf_func_id which)
4688{
4689 if (!md_dst) {
4690 struct metadata_dst __percpu *tmp;
4691
4692 tmp = metadata_dst_alloc_percpu(IP_TUNNEL_OPTS_MAX,
4693 METADATA_IP_TUNNEL,
4694 GFP_KERNEL);
4695 if (!tmp)
4696 return NULL;
4697 if (cmpxchg(&md_dst, NULL, tmp))
4698 metadata_dst_free_percpu(tmp);
4699 }
4700
4701 switch (which) {
4702 case BPF_FUNC_skb_set_tunnel_key:
4703 return &bpf_skb_set_tunnel_key_proto;
4704 case BPF_FUNC_skb_set_tunnel_opt:
4705 return &bpf_skb_set_tunnel_opt_proto;
4706 default:
4707 return NULL;
4708 }
4709}
4710
4711BPF_CALL_3(bpf_skb_under_cgroup, struct sk_buff *, skb, struct bpf_map *, map,
4712 u32, idx)
4713{
4714 struct bpf_array *array = container_of(map, struct bpf_array, map);
4715 struct cgroup *cgrp;
4716 struct sock *sk;
4717
4718 sk = skb_to_full_sk(skb);
4719 if (!sk || !sk_fullsock(sk))
4720 return -ENOENT;
4721 if (unlikely(idx >= array->map.max_entries))
4722 return -E2BIG;
4723
4724 cgrp = READ_ONCE(array->ptrs[idx]);
4725 if (unlikely(!cgrp))
4726 return -EAGAIN;
4727
4728 return sk_under_cgroup_hierarchy(sk, cgrp);
4729}
4730
4731static const struct bpf_func_proto bpf_skb_under_cgroup_proto = {
4732 .func = bpf_skb_under_cgroup,
4733 .gpl_only = false,
4734 .ret_type = RET_INTEGER,
4735 .arg1_type = ARG_PTR_TO_CTX,
4736 .arg2_type = ARG_CONST_MAP_PTR,
4737 .arg3_type = ARG_ANYTHING,
4738};
4739
4740#ifdef CONFIG_SOCK_CGROUP_DATA
4741static inline u64 __bpf_sk_cgroup_id(struct sock *sk)
4742{
4743 struct cgroup *cgrp;
4744
4745 sk = sk_to_full_sk(sk);
4746 if (!sk || !sk_fullsock(sk))
4747 return 0;
4748
4749 cgrp = sock_cgroup_ptr(&sk->sk_cgrp_data);
4750 return cgroup_id(cgrp);
4751}
4752
4753BPF_CALL_1(bpf_skb_cgroup_id, const struct sk_buff *, skb)
4754{
4755 return __bpf_sk_cgroup_id(skb->sk);
4756}
4757
4758static const struct bpf_func_proto bpf_skb_cgroup_id_proto = {
4759 .func = bpf_skb_cgroup_id,
4760 .gpl_only = false,
4761 .ret_type = RET_INTEGER,
4762 .arg1_type = ARG_PTR_TO_CTX,
4763};
4764
4765static inline u64 __bpf_sk_ancestor_cgroup_id(struct sock *sk,
4766 int ancestor_level)
4767{
4768 struct cgroup *ancestor;
4769 struct cgroup *cgrp;
4770
4771 sk = sk_to_full_sk(sk);
4772 if (!sk || !sk_fullsock(sk))
4773 return 0;
4774
4775 cgrp = sock_cgroup_ptr(&sk->sk_cgrp_data);
4776 ancestor = cgroup_ancestor(cgrp, ancestor_level);
4777 if (!ancestor)
4778 return 0;
4779
4780 return cgroup_id(ancestor);
4781}
4782
4783BPF_CALL_2(bpf_skb_ancestor_cgroup_id, const struct sk_buff *, skb, int,
4784 ancestor_level)
4785{
4786 return __bpf_sk_ancestor_cgroup_id(skb->sk, ancestor_level);
4787}
4788
4789static const struct bpf_func_proto bpf_skb_ancestor_cgroup_id_proto = {
4790 .func = bpf_skb_ancestor_cgroup_id,
4791 .gpl_only = false,
4792 .ret_type = RET_INTEGER,
4793 .arg1_type = ARG_PTR_TO_CTX,
4794 .arg2_type = ARG_ANYTHING,
4795};
4796
4797BPF_CALL_1(bpf_sk_cgroup_id, struct sock *, sk)
4798{
4799 return __bpf_sk_cgroup_id(sk);
4800}
4801
4802static const struct bpf_func_proto bpf_sk_cgroup_id_proto = {
4803 .func = bpf_sk_cgroup_id,
4804 .gpl_only = false,
4805 .ret_type = RET_INTEGER,
4806 .arg1_type = ARG_PTR_TO_BTF_ID_SOCK_COMMON,
4807};
4808
4809BPF_CALL_2(bpf_sk_ancestor_cgroup_id, struct sock *, sk, int, ancestor_level)
4810{
4811 return __bpf_sk_ancestor_cgroup_id(sk, ancestor_level);
4812}
4813
4814static const struct bpf_func_proto bpf_sk_ancestor_cgroup_id_proto = {
4815 .func = bpf_sk_ancestor_cgroup_id,
4816 .gpl_only = false,
4817 .ret_type = RET_INTEGER,
4818 .arg1_type = ARG_PTR_TO_BTF_ID_SOCK_COMMON,
4819 .arg2_type = ARG_ANYTHING,
4820};
4821#endif
4822
4823static unsigned long bpf_xdp_copy(void *dst, const void *ctx,
4824 unsigned long off, unsigned long len)
4825{
4826 struct xdp_buff *xdp = (struct xdp_buff *)ctx;
4827
4828 bpf_xdp_copy_buf(xdp, off, dst, len, false);
4829 return 0;
4830}
4831
4832BPF_CALL_5(bpf_xdp_event_output, struct xdp_buff *, xdp, struct bpf_map *, map,
4833 u64, flags, void *, meta, u64, meta_size)
4834{
4835 u64 xdp_size = (flags & BPF_F_CTXLEN_MASK) >> 32;
4836
4837 if (unlikely(flags & ~(BPF_F_CTXLEN_MASK | BPF_F_INDEX_MASK)))
4838 return -EINVAL;
4839
4840 if (unlikely(!xdp || xdp_size > xdp_get_buff_len(xdp)))
4841 return -EFAULT;
4842
4843 return bpf_event_output(map, flags, meta, meta_size, xdp,
4844 xdp_size, bpf_xdp_copy);
4845}
4846
4847static const struct bpf_func_proto bpf_xdp_event_output_proto = {
4848 .func = bpf_xdp_event_output,
4849 .gpl_only = true,
4850 .ret_type = RET_INTEGER,
4851 .arg1_type = ARG_PTR_TO_CTX,
4852 .arg2_type = ARG_CONST_MAP_PTR,
4853 .arg3_type = ARG_ANYTHING,
4854 .arg4_type = ARG_PTR_TO_MEM | MEM_RDONLY,
4855 .arg5_type = ARG_CONST_SIZE_OR_ZERO,
4856};
4857
4858BTF_ID_LIST_SINGLE(bpf_xdp_output_btf_ids, struct, xdp_buff)
4859
4860const struct bpf_func_proto bpf_xdp_output_proto = {
4861 .func = bpf_xdp_event_output,
4862 .gpl_only = true,
4863 .ret_type = RET_INTEGER,
4864 .arg1_type = ARG_PTR_TO_BTF_ID,
4865 .arg1_btf_id = &bpf_xdp_output_btf_ids[0],
4866 .arg2_type = ARG_CONST_MAP_PTR,
4867 .arg3_type = ARG_ANYTHING,
4868 .arg4_type = ARG_PTR_TO_MEM | MEM_RDONLY,
4869 .arg5_type = ARG_CONST_SIZE_OR_ZERO,
4870};
4871
4872BPF_CALL_1(bpf_get_socket_cookie, struct sk_buff *, skb)
4873{
4874 return skb->sk ? __sock_gen_cookie(skb->sk) : 0;
4875}
4876
4877static const struct bpf_func_proto bpf_get_socket_cookie_proto = {
4878 .func = bpf_get_socket_cookie,
4879 .gpl_only = false,
4880 .ret_type = RET_INTEGER,
4881 .arg1_type = ARG_PTR_TO_CTX,
4882};
4883
4884BPF_CALL_1(bpf_get_socket_cookie_sock_addr, struct bpf_sock_addr_kern *, ctx)
4885{
4886 return __sock_gen_cookie(ctx->sk);
4887}
4888
4889static const struct bpf_func_proto bpf_get_socket_cookie_sock_addr_proto = {
4890 .func = bpf_get_socket_cookie_sock_addr,
4891 .gpl_only = false,
4892 .ret_type = RET_INTEGER,
4893 .arg1_type = ARG_PTR_TO_CTX,
4894};
4895
4896BPF_CALL_1(bpf_get_socket_cookie_sock, struct sock *, ctx)
4897{
4898 return __sock_gen_cookie(ctx);
4899}
4900
4901static const struct bpf_func_proto bpf_get_socket_cookie_sock_proto = {
4902 .func = bpf_get_socket_cookie_sock,
4903 .gpl_only = false,
4904 .ret_type = RET_INTEGER,
4905 .arg1_type = ARG_PTR_TO_CTX,
4906};
4907
4908BPF_CALL_1(bpf_get_socket_ptr_cookie, struct sock *, sk)
4909{
4910 return sk ? sock_gen_cookie(sk) : 0;
4911}
4912
4913const struct bpf_func_proto bpf_get_socket_ptr_cookie_proto = {
4914 .func = bpf_get_socket_ptr_cookie,
4915 .gpl_only = false,
4916 .ret_type = RET_INTEGER,
4917 .arg1_type = ARG_PTR_TO_BTF_ID_SOCK_COMMON,
4918};
4919
4920BPF_CALL_1(bpf_get_socket_cookie_sock_ops, struct bpf_sock_ops_kern *, ctx)
4921{
4922 return __sock_gen_cookie(ctx->sk);
4923}
4924
4925static const struct bpf_func_proto bpf_get_socket_cookie_sock_ops_proto = {
4926 .func = bpf_get_socket_cookie_sock_ops,
4927 .gpl_only = false,
4928 .ret_type = RET_INTEGER,
4929 .arg1_type = ARG_PTR_TO_CTX,
4930};
4931
4932static u64 __bpf_get_netns_cookie(struct sock *sk)
4933{
4934 const struct net *net = sk ? sock_net(sk) : &init_net;
4935
4936 return net->net_cookie;
4937}
4938
4939BPF_CALL_1(bpf_get_netns_cookie_sock, struct sock *, ctx)
4940{
4941 return __bpf_get_netns_cookie(ctx);
4942}
4943
4944static const struct bpf_func_proto bpf_get_netns_cookie_sock_proto = {
4945 .func = bpf_get_netns_cookie_sock,
4946 .gpl_only = false,
4947 .ret_type = RET_INTEGER,
4948 .arg1_type = ARG_PTR_TO_CTX_OR_NULL,
4949};
4950
4951BPF_CALL_1(bpf_get_netns_cookie_sock_addr, struct bpf_sock_addr_kern *, ctx)
4952{
4953 return __bpf_get_netns_cookie(ctx ? ctx->sk : NULL);
4954}
4955
4956static const struct bpf_func_proto bpf_get_netns_cookie_sock_addr_proto = {
4957 .func = bpf_get_netns_cookie_sock_addr,
4958 .gpl_only = false,
4959 .ret_type = RET_INTEGER,
4960 .arg1_type = ARG_PTR_TO_CTX_OR_NULL,
4961};
4962
4963BPF_CALL_1(bpf_get_netns_cookie_sock_ops, struct bpf_sock_ops_kern *, ctx)
4964{
4965 return __bpf_get_netns_cookie(ctx ? ctx->sk : NULL);
4966}
4967
4968static const struct bpf_func_proto bpf_get_netns_cookie_sock_ops_proto = {
4969 .func = bpf_get_netns_cookie_sock_ops,
4970 .gpl_only = false,
4971 .ret_type = RET_INTEGER,
4972 .arg1_type = ARG_PTR_TO_CTX_OR_NULL,
4973};
4974
4975BPF_CALL_1(bpf_get_netns_cookie_sk_msg, struct sk_msg *, ctx)
4976{
4977 return __bpf_get_netns_cookie(ctx ? ctx->sk : NULL);
4978}
4979
4980static const struct bpf_func_proto bpf_get_netns_cookie_sk_msg_proto = {
4981 .func = bpf_get_netns_cookie_sk_msg,
4982 .gpl_only = false,
4983 .ret_type = RET_INTEGER,
4984 .arg1_type = ARG_PTR_TO_CTX_OR_NULL,
4985};
4986
4987BPF_CALL_1(bpf_get_socket_uid, struct sk_buff *, skb)
4988{
4989 struct sock *sk = sk_to_full_sk(skb->sk);
4990 kuid_t kuid;
4991
4992 if (!sk || !sk_fullsock(sk))
4993 return overflowuid;
4994 kuid = sock_net_uid(sock_net(sk), sk);
4995 return from_kuid_munged(sock_net(sk)->user_ns, kuid);
4996}
4997
4998static const struct bpf_func_proto bpf_get_socket_uid_proto = {
4999 .func = bpf_get_socket_uid,
5000 .gpl_only = false,
5001 .ret_type = RET_INTEGER,
5002 .arg1_type = ARG_PTR_TO_CTX,
5003};
5004
5005static int _bpf_setsockopt(struct sock *sk, int level, int optname,
5006 char *optval, int optlen)
5007{
5008 char devname[IFNAMSIZ];
5009 int val, valbool;
5010 struct net *net;
5011 int ifindex;
5012 int ret = 0;
5013
5014 if (!sk_fullsock(sk))
5015 return -EINVAL;
5016
5017 sock_owned_by_me(sk);
5018
5019 if (level == SOL_SOCKET) {
5020 if (optlen != sizeof(int) && optname != SO_BINDTODEVICE)
5021 return -EINVAL;
5022 val = *((int *)optval);
5023 valbool = val ? 1 : 0;
5024
5025
5026 switch (optname) {
5027 case SO_RCVBUF:
5028 val = min_t(u32, val, sysctl_rmem_max);
5029 val = min_t(int, val, INT_MAX / 2);
5030 sk->sk_userlocks |= SOCK_RCVBUF_LOCK;
5031 WRITE_ONCE(sk->sk_rcvbuf,
5032 max_t(int, val * 2, SOCK_MIN_RCVBUF));
5033 break;
5034 case SO_SNDBUF:
5035 val = min_t(u32, val, sysctl_wmem_max);
5036 val = min_t(int, val, INT_MAX / 2);
5037 sk->sk_userlocks |= SOCK_SNDBUF_LOCK;
5038 WRITE_ONCE(sk->sk_sndbuf,
5039 max_t(int, val * 2, SOCK_MIN_SNDBUF));
5040 break;
5041 case SO_MAX_PACING_RATE:
5042 if (val != ~0U)
5043 cmpxchg(&sk->sk_pacing_status,
5044 SK_PACING_NONE,
5045 SK_PACING_NEEDED);
5046 sk->sk_max_pacing_rate = (val == ~0U) ?
5047 ~0UL : (unsigned int)val;
5048 sk->sk_pacing_rate = min(sk->sk_pacing_rate,
5049 sk->sk_max_pacing_rate);
5050 break;
5051 case SO_PRIORITY:
5052 sk->sk_priority = val;
5053 break;
5054 case SO_RCVLOWAT:
5055 if (val < 0)
5056 val = INT_MAX;
5057 WRITE_ONCE(sk->sk_rcvlowat, val ? : 1);
5058 break;
5059 case SO_MARK:
5060 if (sk->sk_mark != val) {
5061 sk->sk_mark = val;
5062 sk_dst_reset(sk);
5063 }
5064 break;
5065 case SO_BINDTODEVICE:
5066 optlen = min_t(long, optlen, IFNAMSIZ - 1);
5067 strncpy(devname, optval, optlen);
5068 devname[optlen] = 0;
5069
5070 ifindex = 0;
5071 if (devname[0] != '\0') {
5072 struct net_device *dev;
5073
5074 ret = -ENODEV;
5075
5076 net = sock_net(sk);
5077 dev = dev_get_by_name(net, devname);
5078 if (!dev)
5079 break;
5080 ifindex = dev->ifindex;
5081 dev_put(dev);
5082 }
5083 fallthrough;
5084 case SO_BINDTOIFINDEX:
5085 if (optname == SO_BINDTOIFINDEX)
5086 ifindex = val;
5087 ret = sock_bindtoindex(sk, ifindex, false);
5088 break;
5089 case SO_KEEPALIVE:
5090 if (sk->sk_prot->keepalive)
5091 sk->sk_prot->keepalive(sk, valbool);
5092 sock_valbool_flag(sk, SOCK_KEEPOPEN, valbool);
5093 break;
5094 case SO_REUSEPORT:
5095 sk->sk_reuseport = valbool;
5096 break;
5097 case SO_TXREHASH:
5098 if (val < -1 || val > 1) {
5099 ret = -EINVAL;
5100 break;
5101 }
5102 sk->sk_txrehash = (u8)val;
5103 break;
5104 default:
5105 ret = -EINVAL;
5106 }
5107#ifdef CONFIG_INET
5108 } else if (level == SOL_IP) {
5109 if (optlen != sizeof(int) || sk->sk_family != AF_INET)
5110 return -EINVAL;
5111
5112 val = *((int *)optval);
5113
5114 switch (optname) {
5115 case IP_TOS:
5116 if (val < -1 || val > 0xff) {
5117 ret = -EINVAL;
5118 } else {
5119 struct inet_sock *inet = inet_sk(sk);
5120
5121 if (val == -1)
5122 val = 0;
5123 inet->tos = val;
5124 }
5125 break;
5126 default:
5127 ret = -EINVAL;
5128 }
5129#if IS_ENABLED(CONFIG_IPV6)
5130 } else if (level == SOL_IPV6) {
5131 if (optlen != sizeof(int) || sk->sk_family != AF_INET6)
5132 return -EINVAL;
5133
5134 val = *((int *)optval);
5135
5136 switch (optname) {
5137 case IPV6_TCLASS:
5138 if (val < -1 || val > 0xff) {
5139 ret = -EINVAL;
5140 } else {
5141 struct ipv6_pinfo *np = inet6_sk(sk);
5142
5143 if (val == -1)
5144 val = 0;
5145 np->tclass = val;
5146 }
5147 break;
5148 default:
5149 ret = -EINVAL;
5150 }
5151#endif
5152 } else if (level == SOL_TCP &&
5153 sk->sk_prot->setsockopt == tcp_setsockopt) {
5154 if (optname == TCP_CONGESTION) {
5155 char name[TCP_CA_NAME_MAX];
5156
5157 strncpy(name, optval, min_t(long, optlen,
5158 TCP_CA_NAME_MAX-1));
5159 name[TCP_CA_NAME_MAX-1] = 0;
5160 ret = tcp_set_congestion_control(sk, name, false, true);
5161 } else {
5162 struct inet_connection_sock *icsk = inet_csk(sk);
5163 struct tcp_sock *tp = tcp_sk(sk);
5164 unsigned long timeout;
5165
5166 if (optlen != sizeof(int))
5167 return -EINVAL;
5168
5169 val = *((int *)optval);
5170
5171 switch (optname) {
5172 case TCP_BPF_IW:
5173 if (val <= 0 || tp->data_segs_out > tp->syn_data)
5174 ret = -EINVAL;
5175 else
5176 tp->snd_cwnd = val;
5177 break;
5178 case TCP_BPF_SNDCWND_CLAMP:
5179 if (val <= 0) {
5180 ret = -EINVAL;
5181 } else {
5182 tp->snd_cwnd_clamp = val;
5183 tp->snd_ssthresh = val;
5184 }
5185 break;
5186 case TCP_BPF_DELACK_MAX:
5187 timeout = usecs_to_jiffies(val);
5188 if (timeout > TCP_DELACK_MAX ||
5189 timeout < TCP_TIMEOUT_MIN)
5190 return -EINVAL;
5191 inet_csk(sk)->icsk_delack_max = timeout;
5192 break;
5193 case TCP_BPF_RTO_MIN:
5194 timeout = usecs_to_jiffies(val);
5195 if (timeout > TCP_RTO_MIN ||
5196 timeout < TCP_TIMEOUT_MIN)
5197 return -EINVAL;
5198 inet_csk(sk)->icsk_rto_min = timeout;
5199 break;
5200 case TCP_SAVE_SYN:
5201 if (val < 0 || val > 1)
5202 ret = -EINVAL;
5203 else
5204 tp->save_syn = val;
5205 break;
5206 case TCP_KEEPIDLE:
5207 ret = tcp_sock_set_keepidle_locked(sk, val);
5208 break;
5209 case TCP_KEEPINTVL:
5210 if (val < 1 || val > MAX_TCP_KEEPINTVL)
5211 ret = -EINVAL;
5212 else
5213 tp->keepalive_intvl = val * HZ;
5214 break;
5215 case TCP_KEEPCNT:
5216 if (val < 1 || val > MAX_TCP_KEEPCNT)
5217 ret = -EINVAL;
5218 else
5219 tp->keepalive_probes = val;
5220 break;
5221 case TCP_SYNCNT:
5222 if (val < 1 || val > MAX_TCP_SYNCNT)
5223 ret = -EINVAL;
5224 else
5225 icsk->icsk_syn_retries = val;
5226 break;
5227 case TCP_USER_TIMEOUT:
5228 if (val < 0)
5229 ret = -EINVAL;
5230 else
5231 icsk->icsk_user_timeout = val;
5232 break;
5233 case TCP_NOTSENT_LOWAT:
5234 tp->notsent_lowat = val;
5235 sk->sk_write_space(sk);
5236 break;
5237 case TCP_WINDOW_CLAMP:
5238 ret = tcp_set_window_clamp(sk, val);
5239 break;
5240 default:
5241 ret = -EINVAL;
5242 }
5243 }
5244#endif
5245 } else {
5246 ret = -EINVAL;
5247 }
5248 return ret;
5249}
5250
5251static int _bpf_getsockopt(struct sock *sk, int level, int optname,
5252 char *optval, int optlen)
5253{
5254 if (!sk_fullsock(sk))
5255 goto err_clear;
5256
5257 sock_owned_by_me(sk);
5258
5259 if (level == SOL_SOCKET) {
5260 if (optlen != sizeof(int))
5261 goto err_clear;
5262
5263 switch (optname) {
5264 case SO_RCVBUF:
5265 *((int *)optval) = sk->sk_rcvbuf;
5266 break;
5267 case SO_SNDBUF:
5268 *((int *)optval) = sk->sk_sndbuf;
5269 break;
5270 case SO_MARK:
5271 *((int *)optval) = sk->sk_mark;
5272 break;
5273 case SO_PRIORITY:
5274 *((int *)optval) = sk->sk_priority;
5275 break;
5276 case SO_BINDTOIFINDEX:
5277 *((int *)optval) = sk->sk_bound_dev_if;
5278 break;
5279 case SO_REUSEPORT:
5280 *((int *)optval) = sk->sk_reuseport;
5281 break;
5282 case SO_TXREHASH:
5283 *((int *)optval) = sk->sk_txrehash;
5284 break;
5285 default:
5286 goto err_clear;
5287 }
5288#ifdef CONFIG_INET
5289 } else if (level == SOL_TCP && sk->sk_prot->getsockopt == tcp_getsockopt) {
5290 struct inet_connection_sock *icsk;
5291 struct tcp_sock *tp;
5292
5293 switch (optname) {
5294 case TCP_CONGESTION:
5295 icsk = inet_csk(sk);
5296
5297 if (!icsk->icsk_ca_ops || optlen <= 1)
5298 goto err_clear;
5299 strncpy(optval, icsk->icsk_ca_ops->name, optlen);
5300 optval[optlen - 1] = 0;
5301 break;
5302 case TCP_SAVED_SYN:
5303 tp = tcp_sk(sk);
5304
5305 if (optlen <= 0 || !tp->saved_syn ||
5306 optlen > tcp_saved_syn_len(tp->saved_syn))
5307 goto err_clear;
5308 memcpy(optval, tp->saved_syn->data, optlen);
5309 break;
5310 default:
5311 goto err_clear;
5312 }
5313 } else if (level == SOL_IP) {
5314 struct inet_sock *inet = inet_sk(sk);
5315
5316 if (optlen != sizeof(int) || sk->sk_family != AF_INET)
5317 goto err_clear;
5318
5319
5320 switch (optname) {
5321 case IP_TOS:
5322 *((int *)optval) = (int)inet->tos;
5323 break;
5324 default:
5325 goto err_clear;
5326 }
5327#if IS_ENABLED(CONFIG_IPV6)
5328 } else if (level == SOL_IPV6) {
5329 struct ipv6_pinfo *np = inet6_sk(sk);
5330
5331 if (optlen != sizeof(int) || sk->sk_family != AF_INET6)
5332 goto err_clear;
5333
5334
5335 switch (optname) {
5336 case IPV6_TCLASS:
5337 *((int *)optval) = (int)np->tclass;
5338 break;
5339 default:
5340 goto err_clear;
5341 }
5342#endif
5343#endif
5344 } else {
5345 goto err_clear;
5346 }
5347 return 0;
5348err_clear:
5349 memset(optval, 0, optlen);
5350 return -EINVAL;
5351}
5352
5353BPF_CALL_5(bpf_sk_setsockopt, struct sock *, sk, int, level,
5354 int, optname, char *, optval, int, optlen)
5355{
5356 if (level == SOL_TCP && optname == TCP_CONGESTION) {
5357 if (optlen >= sizeof("cdg") - 1 &&
5358 !strncmp("cdg", optval, optlen))
5359 return -ENOTSUPP;
5360 }
5361
5362 return _bpf_setsockopt(sk, level, optname, optval, optlen);
5363}
5364
5365const struct bpf_func_proto bpf_sk_setsockopt_proto = {
5366 .func = bpf_sk_setsockopt,
5367 .gpl_only = false,
5368 .ret_type = RET_INTEGER,
5369 .arg1_type = ARG_PTR_TO_BTF_ID_SOCK_COMMON,
5370 .arg2_type = ARG_ANYTHING,
5371 .arg3_type = ARG_ANYTHING,
5372 .arg4_type = ARG_PTR_TO_MEM | MEM_RDONLY,
5373 .arg5_type = ARG_CONST_SIZE,
5374};
5375
5376BPF_CALL_5(bpf_sk_getsockopt, struct sock *, sk, int, level,
5377 int, optname, char *, optval, int, optlen)
5378{
5379 return _bpf_getsockopt(sk, level, optname, optval, optlen);
5380}
5381
5382const struct bpf_func_proto bpf_sk_getsockopt_proto = {
5383 .func = bpf_sk_getsockopt,
5384 .gpl_only = false,
5385 .ret_type = RET_INTEGER,
5386 .arg1_type = ARG_PTR_TO_BTF_ID_SOCK_COMMON,
5387 .arg2_type = ARG_ANYTHING,
5388 .arg3_type = ARG_ANYTHING,
5389 .arg4_type = ARG_PTR_TO_UNINIT_MEM,
5390 .arg5_type = ARG_CONST_SIZE,
5391};
5392
5393BPF_CALL_5(bpf_sock_addr_setsockopt, struct bpf_sock_addr_kern *, ctx,
5394 int, level, int, optname, char *, optval, int, optlen)
5395{
5396 return _bpf_setsockopt(ctx->sk, level, optname, optval, optlen);
5397}
5398
5399static const struct bpf_func_proto bpf_sock_addr_setsockopt_proto = {
5400 .func = bpf_sock_addr_setsockopt,
5401 .gpl_only = false,
5402 .ret_type = RET_INTEGER,
5403 .arg1_type = ARG_PTR_TO_CTX,
5404 .arg2_type = ARG_ANYTHING,
5405 .arg3_type = ARG_ANYTHING,
5406 .arg4_type = ARG_PTR_TO_MEM | MEM_RDONLY,
5407 .arg5_type = ARG_CONST_SIZE,
5408};
5409
5410BPF_CALL_5(bpf_sock_addr_getsockopt, struct bpf_sock_addr_kern *, ctx,
5411 int, level, int, optname, char *, optval, int, optlen)
5412{
5413 return _bpf_getsockopt(ctx->sk, level, optname, optval, optlen);
5414}
5415
5416static const struct bpf_func_proto bpf_sock_addr_getsockopt_proto = {
5417 .func = bpf_sock_addr_getsockopt,
5418 .gpl_only = false,
5419 .ret_type = RET_INTEGER,
5420 .arg1_type = ARG_PTR_TO_CTX,
5421 .arg2_type = ARG_ANYTHING,
5422 .arg3_type = ARG_ANYTHING,
5423 .arg4_type = ARG_PTR_TO_UNINIT_MEM,
5424 .arg5_type = ARG_CONST_SIZE,
5425};
5426
5427BPF_CALL_5(bpf_sock_ops_setsockopt, struct bpf_sock_ops_kern *, bpf_sock,
5428 int, level, int, optname, char *, optval, int, optlen)
5429{
5430 return _bpf_setsockopt(bpf_sock->sk, level, optname, optval, optlen);
5431}
5432
5433static const struct bpf_func_proto bpf_sock_ops_setsockopt_proto = {
5434 .func = bpf_sock_ops_setsockopt,
5435 .gpl_only = false,
5436 .ret_type = RET_INTEGER,
5437 .arg1_type = ARG_PTR_TO_CTX,
5438 .arg2_type = ARG_ANYTHING,
5439 .arg3_type = ARG_ANYTHING,
5440 .arg4_type = ARG_PTR_TO_MEM | MEM_RDONLY,
5441 .arg5_type = ARG_CONST_SIZE,
5442};
5443
5444static int bpf_sock_ops_get_syn(struct bpf_sock_ops_kern *bpf_sock,
5445 int optname, const u8 **start)
5446{
5447 struct sk_buff *syn_skb = bpf_sock->syn_skb;
5448 const u8 *hdr_start;
5449 int ret;
5450
5451 if (syn_skb) {
5452
5453
5454 if (optname == TCP_BPF_SYN) {
5455 hdr_start = syn_skb->data;
5456 ret = tcp_hdrlen(syn_skb);
5457 } else if (optname == TCP_BPF_SYN_IP) {
5458 hdr_start = skb_network_header(syn_skb);
5459 ret = skb_network_header_len(syn_skb) +
5460 tcp_hdrlen(syn_skb);
5461 } else {
5462
5463 hdr_start = skb_mac_header(syn_skb);
5464 ret = skb_mac_header_len(syn_skb) +
5465 skb_network_header_len(syn_skb) +
5466 tcp_hdrlen(syn_skb);
5467 }
5468 } else {
5469 struct sock *sk = bpf_sock->sk;
5470 struct saved_syn *saved_syn;
5471
5472 if (sk->sk_state == TCP_NEW_SYN_RECV)
5473
5474
5475
5476
5477 saved_syn = inet_reqsk(sk)->saved_syn;
5478 else
5479 saved_syn = tcp_sk(sk)->saved_syn;
5480
5481 if (!saved_syn)
5482 return -ENOENT;
5483
5484 if (optname == TCP_BPF_SYN) {
5485 hdr_start = saved_syn->data +
5486 saved_syn->mac_hdrlen +
5487 saved_syn->network_hdrlen;
5488 ret = saved_syn->tcp_hdrlen;
5489 } else if (optname == TCP_BPF_SYN_IP) {
5490 hdr_start = saved_syn->data +
5491 saved_syn->mac_hdrlen;
5492 ret = saved_syn->network_hdrlen +
5493 saved_syn->tcp_hdrlen;
5494 } else {
5495
5496
5497
5498 if (!saved_syn->mac_hdrlen)
5499 return -ENOENT;
5500
5501 hdr_start = saved_syn->data;
5502 ret = saved_syn->mac_hdrlen +
5503 saved_syn->network_hdrlen +
5504 saved_syn->tcp_hdrlen;
5505 }
5506 }
5507
5508 *start = hdr_start;
5509 return ret;
5510}
5511
5512BPF_CALL_5(bpf_sock_ops_getsockopt, struct bpf_sock_ops_kern *, bpf_sock,
5513 int, level, int, optname, char *, optval, int, optlen)
5514{
5515 if (IS_ENABLED(CONFIG_INET) && level == SOL_TCP &&
5516 optname >= TCP_BPF_SYN && optname <= TCP_BPF_SYN_MAC) {
5517 int ret, copy_len = 0;
5518 const u8 *start;
5519
5520 ret = bpf_sock_ops_get_syn(bpf_sock, optname, &start);
5521 if (ret > 0) {
5522 copy_len = ret;
5523 if (optlen < copy_len) {
5524 copy_len = optlen;
5525 ret = -ENOSPC;
5526 }
5527
5528 memcpy(optval, start, copy_len);
5529 }
5530
5531
5532 memset(optval + copy_len, 0, optlen - copy_len);
5533
5534 return ret;
5535 }
5536
5537 return _bpf_getsockopt(bpf_sock->sk, level, optname, optval, optlen);
5538}
5539
5540static const struct bpf_func_proto bpf_sock_ops_getsockopt_proto = {
5541 .func = bpf_sock_ops_getsockopt,
5542 .gpl_only = false,
5543 .ret_type = RET_INTEGER,
5544 .arg1_type = ARG_PTR_TO_CTX,
5545 .arg2_type = ARG_ANYTHING,
5546 .arg3_type = ARG_ANYTHING,
5547 .arg4_type = ARG_PTR_TO_UNINIT_MEM,
5548 .arg5_type = ARG_CONST_SIZE,
5549};
5550
5551BPF_CALL_2(bpf_sock_ops_cb_flags_set, struct bpf_sock_ops_kern *, bpf_sock,
5552 int, argval)
5553{
5554 struct sock *sk = bpf_sock->sk;
5555 int val = argval & BPF_SOCK_OPS_ALL_CB_FLAGS;
5556
5557 if (!IS_ENABLED(CONFIG_INET) || !sk_fullsock(sk))
5558 return -EINVAL;
5559
5560 tcp_sk(sk)->bpf_sock_ops_cb_flags = val;
5561
5562 return argval & (~BPF_SOCK_OPS_ALL_CB_FLAGS);
5563}
5564
5565static const struct bpf_func_proto bpf_sock_ops_cb_flags_set_proto = {
5566 .func = bpf_sock_ops_cb_flags_set,
5567 .gpl_only = false,
5568 .ret_type = RET_INTEGER,
5569 .arg1_type = ARG_PTR_TO_CTX,
5570 .arg2_type = ARG_ANYTHING,
5571};
5572
5573const struct ipv6_bpf_stub *ipv6_bpf_stub __read_mostly;
5574EXPORT_SYMBOL_GPL(ipv6_bpf_stub);
5575
5576BPF_CALL_3(bpf_bind, struct bpf_sock_addr_kern *, ctx, struct sockaddr *, addr,
5577 int, addr_len)
5578{
5579#ifdef CONFIG_INET
5580 struct sock *sk = ctx->sk;
5581 u32 flags = BIND_FROM_BPF;
5582 int err;
5583
5584 err = -EINVAL;
5585 if (addr_len < offsetofend(struct sockaddr, sa_family))
5586 return err;
5587 if (addr->sa_family == AF_INET) {
5588 if (addr_len < sizeof(struct sockaddr_in))
5589 return err;
5590 if (((struct sockaddr_in *)addr)->sin_port == htons(0))
5591 flags |= BIND_FORCE_ADDRESS_NO_PORT;
5592 return __inet_bind(sk, addr, addr_len, flags);
5593#if IS_ENABLED(CONFIG_IPV6)
5594 } else if (addr->sa_family == AF_INET6) {
5595 if (addr_len < SIN6_LEN_RFC2133)
5596 return err;
5597 if (((struct sockaddr_in6 *)addr)->sin6_port == htons(0))
5598 flags |= BIND_FORCE_ADDRESS_NO_PORT;
5599
5600
5601
5602 return ipv6_bpf_stub->inet6_bind(sk, addr, addr_len, flags);
5603#endif
5604 }
5605#endif
5606
5607 return -EAFNOSUPPORT;
5608}
5609
5610static const struct bpf_func_proto bpf_bind_proto = {
5611 .func = bpf_bind,
5612 .gpl_only = false,
5613 .ret_type = RET_INTEGER,
5614 .arg1_type = ARG_PTR_TO_CTX,
5615 .arg2_type = ARG_PTR_TO_MEM | MEM_RDONLY,
5616 .arg3_type = ARG_CONST_SIZE,
5617};
5618
5619#ifdef CONFIG_XFRM
5620BPF_CALL_5(bpf_skb_get_xfrm_state, struct sk_buff *, skb, u32, index,
5621 struct bpf_xfrm_state *, to, u32, size, u64, flags)
5622{
5623 const struct sec_path *sp = skb_sec_path(skb);
5624 const struct xfrm_state *x;
5625
5626 if (!sp || unlikely(index >= sp->len || flags))
5627 goto err_clear;
5628
5629 x = sp->xvec[index];
5630
5631 if (unlikely(size != sizeof(struct bpf_xfrm_state)))
5632 goto err_clear;
5633
5634 to->reqid = x->props.reqid;
5635 to->spi = x->id.spi;
5636 to->family = x->props.family;
5637 to->ext = 0;
5638
5639 if (to->family == AF_INET6) {
5640 memcpy(to->remote_ipv6, x->props.saddr.a6,
5641 sizeof(to->remote_ipv6));
5642 } else {
5643 to->remote_ipv4 = x->props.saddr.a4;
5644 memset(&to->remote_ipv6[1], 0, sizeof(__u32) * 3);
5645 }
5646
5647 return 0;
5648err_clear:
5649 memset(to, 0, size);
5650 return -EINVAL;
5651}
5652
5653static const struct bpf_func_proto bpf_skb_get_xfrm_state_proto = {
5654 .func = bpf_skb_get_xfrm_state,
5655 .gpl_only = false,
5656 .ret_type = RET_INTEGER,
5657 .arg1_type = ARG_PTR_TO_CTX,
5658 .arg2_type = ARG_ANYTHING,
5659 .arg3_type = ARG_PTR_TO_UNINIT_MEM,
5660 .arg4_type = ARG_CONST_SIZE,
5661 .arg5_type = ARG_ANYTHING,
5662};
5663#endif
5664
5665#if IS_ENABLED(CONFIG_INET) || IS_ENABLED(CONFIG_IPV6)
5666static int bpf_fib_set_fwd_params(struct bpf_fib_lookup *params,
5667 const struct neighbour *neigh,
5668 const struct net_device *dev, u32 mtu)
5669{
5670 memcpy(params->dmac, neigh->ha, ETH_ALEN);
5671 memcpy(params->smac, dev->dev_addr, ETH_ALEN);
5672 params->h_vlan_TCI = 0;
5673 params->h_vlan_proto = 0;
5674 if (mtu)
5675 params->mtu_result = mtu;
5676
5677 return 0;
5678}
5679#endif
5680
5681#if IS_ENABLED(CONFIG_INET)
5682static int bpf_ipv4_fib_lookup(struct net *net, struct bpf_fib_lookup *params,
5683 u32 flags, bool check_mtu)
5684{
5685 struct fib_nh_common *nhc;
5686 struct in_device *in_dev;
5687 struct neighbour *neigh;
5688 struct net_device *dev;
5689 struct fib_result res;
5690 struct flowi4 fl4;
5691 u32 mtu = 0;
5692 int err;
5693
5694 dev = dev_get_by_index_rcu(net, params->ifindex);
5695 if (unlikely(!dev))
5696 return -ENODEV;
5697
5698
5699 in_dev = __in_dev_get_rcu(dev);
5700 if (unlikely(!in_dev || !IN_DEV_FORWARD(in_dev)))
5701 return BPF_FIB_LKUP_RET_FWD_DISABLED;
5702
5703 if (flags & BPF_FIB_LOOKUP_OUTPUT) {
5704 fl4.flowi4_iif = 1;
5705 fl4.flowi4_oif = params->ifindex;
5706 } else {
5707 fl4.flowi4_iif = params->ifindex;
5708 fl4.flowi4_oif = 0;
5709 }
5710 fl4.flowi4_tos = params->tos & IPTOS_RT_MASK;
5711 fl4.flowi4_scope = RT_SCOPE_UNIVERSE;
5712 fl4.flowi4_flags = 0;
5713
5714 fl4.flowi4_proto = params->l4_protocol;
5715 fl4.daddr = params->ipv4_dst;
5716 fl4.saddr = params->ipv4_src;
5717 fl4.fl4_sport = params->sport;
5718 fl4.fl4_dport = params->dport;
5719 fl4.flowi4_multipath_hash = 0;
5720
5721 if (flags & BPF_FIB_LOOKUP_DIRECT) {
5722 u32 tbid = l3mdev_fib_table_rcu(dev) ? : RT_TABLE_MAIN;
5723 struct fib_table *tb;
5724
5725 tb = fib_get_table(net, tbid);
5726 if (unlikely(!tb))
5727 return BPF_FIB_LKUP_RET_NOT_FWDED;
5728
5729 err = fib_table_lookup(tb, &fl4, &res, FIB_LOOKUP_NOREF);
5730 } else {
5731 fl4.flowi4_mark = 0;
5732 fl4.flowi4_secid = 0;
5733 fl4.flowi4_tun_key.tun_id = 0;
5734 fl4.flowi4_uid = sock_net_uid(net, NULL);
5735
5736 err = fib_lookup(net, &fl4, &res, FIB_LOOKUP_NOREF);
5737 }
5738
5739 if (err) {
5740
5741 if (err == -EINVAL)
5742 return BPF_FIB_LKUP_RET_BLACKHOLE;
5743 if (err == -EHOSTUNREACH)
5744 return BPF_FIB_LKUP_RET_UNREACHABLE;
5745 if (err == -EACCES)
5746 return BPF_FIB_LKUP_RET_PROHIBIT;
5747
5748 return BPF_FIB_LKUP_RET_NOT_FWDED;
5749 }
5750
5751 if (res.type != RTN_UNICAST)
5752 return BPF_FIB_LKUP_RET_NOT_FWDED;
5753
5754 if (fib_info_num_path(res.fi) > 1)
5755 fib_select_path(net, &res, &fl4, NULL);
5756
5757 if (check_mtu) {
5758 mtu = ip_mtu_from_fib_result(&res, params->ipv4_dst);
5759 if (params->tot_len > mtu) {
5760 params->mtu_result = mtu;
5761 return BPF_FIB_LKUP_RET_FRAG_NEEDED;
5762 }
5763 }
5764
5765 nhc = res.nhc;
5766
5767
5768 if (nhc->nhc_lwtstate)
5769 return BPF_FIB_LKUP_RET_UNSUPP_LWT;
5770
5771 dev = nhc->nhc_dev;
5772
5773 params->rt_metric = res.fi->fib_priority;
5774 params->ifindex = dev->ifindex;
5775
5776
5777
5778
5779 if (likely(nhc->nhc_gw_family != AF_INET6)) {
5780 if (nhc->nhc_gw_family)
5781 params->ipv4_dst = nhc->nhc_gw.ipv4;
5782
5783 neigh = __ipv4_neigh_lookup_noref(dev,
5784 (__force u32)params->ipv4_dst);
5785 } else {
5786 struct in6_addr *dst = (struct in6_addr *)params->ipv6_dst;
5787
5788 params->family = AF_INET6;
5789 *dst = nhc->nhc_gw.ipv6;
5790 neigh = __ipv6_neigh_lookup_noref_stub(dev, dst);
5791 }
5792
5793 if (!neigh)
5794 return BPF_FIB_LKUP_RET_NO_NEIGH;
5795
5796 return bpf_fib_set_fwd_params(params, neigh, dev, mtu);
5797}
5798#endif
5799
5800#if IS_ENABLED(CONFIG_IPV6)
5801static int bpf_ipv6_fib_lookup(struct net *net, struct bpf_fib_lookup *params,
5802 u32 flags, bool check_mtu)
5803{
5804 struct in6_addr *src = (struct in6_addr *) params->ipv6_src;
5805 struct in6_addr *dst = (struct in6_addr *) params->ipv6_dst;
5806 struct fib6_result res = {};
5807 struct neighbour *neigh;
5808 struct net_device *dev;
5809 struct inet6_dev *idev;
5810 struct flowi6 fl6;
5811 int strict = 0;
5812 int oif, err;
5813 u32 mtu = 0;
5814
5815
5816 if (rt6_need_strict(dst) || rt6_need_strict(src))
5817 return BPF_FIB_LKUP_RET_NOT_FWDED;
5818
5819 dev = dev_get_by_index_rcu(net, params->ifindex);
5820 if (unlikely(!dev))
5821 return -ENODEV;
5822
5823 idev = __in6_dev_get_safely(dev);
5824 if (unlikely(!idev || !idev->cnf.forwarding))
5825 return BPF_FIB_LKUP_RET_FWD_DISABLED;
5826
5827 if (flags & BPF_FIB_LOOKUP_OUTPUT) {
5828 fl6.flowi6_iif = 1;
5829 oif = fl6.flowi6_oif = params->ifindex;
5830 } else {
5831 oif = fl6.flowi6_iif = params->ifindex;
5832 fl6.flowi6_oif = 0;
5833 strict = RT6_LOOKUP_F_HAS_SADDR;
5834 }
5835 fl6.flowlabel = params->flowinfo;
5836 fl6.flowi6_scope = 0;
5837 fl6.flowi6_flags = 0;
5838 fl6.mp_hash = 0;
5839
5840 fl6.flowi6_proto = params->l4_protocol;
5841 fl6.daddr = *dst;
5842 fl6.saddr = *src;
5843 fl6.fl6_sport = params->sport;
5844 fl6.fl6_dport = params->dport;
5845
5846 if (flags & BPF_FIB_LOOKUP_DIRECT) {
5847 u32 tbid = l3mdev_fib_table_rcu(dev) ? : RT_TABLE_MAIN;
5848 struct fib6_table *tb;
5849
5850 tb = ipv6_stub->fib6_get_table(net, tbid);
5851 if (unlikely(!tb))
5852 return BPF_FIB_LKUP_RET_NOT_FWDED;
5853
5854 err = ipv6_stub->fib6_table_lookup(net, tb, oif, &fl6, &res,
5855 strict);
5856 } else {
5857 fl6.flowi6_mark = 0;
5858 fl6.flowi6_secid = 0;
5859 fl6.flowi6_tun_key.tun_id = 0;
5860 fl6.flowi6_uid = sock_net_uid(net, NULL);
5861
5862 err = ipv6_stub->fib6_lookup(net, oif, &fl6, &res, strict);
5863 }
5864
5865 if (unlikely(err || IS_ERR_OR_NULL(res.f6i) ||
5866 res.f6i == net->ipv6.fib6_null_entry))
5867 return BPF_FIB_LKUP_RET_NOT_FWDED;
5868
5869 switch (res.fib6_type) {
5870
5871 case RTN_UNICAST:
5872 break;
5873 case RTN_BLACKHOLE:
5874 return BPF_FIB_LKUP_RET_BLACKHOLE;
5875 case RTN_UNREACHABLE:
5876 return BPF_FIB_LKUP_RET_UNREACHABLE;
5877 case RTN_PROHIBIT:
5878 return BPF_FIB_LKUP_RET_PROHIBIT;
5879 default:
5880 return BPF_FIB_LKUP_RET_NOT_FWDED;
5881 }
5882
5883 ipv6_stub->fib6_select_path(net, &res, &fl6, fl6.flowi6_oif,
5884 fl6.flowi6_oif != 0, NULL, strict);
5885
5886 if (check_mtu) {
5887 mtu = ipv6_stub->ip6_mtu_from_fib6(&res, dst, src);
5888 if (params->tot_len > mtu) {
5889 params->mtu_result = mtu;
5890 return BPF_FIB_LKUP_RET_FRAG_NEEDED;
5891 }
5892 }
5893
5894 if (res.nh->fib_nh_lws)
5895 return BPF_FIB_LKUP_RET_UNSUPP_LWT;
5896
5897 if (res.nh->fib_nh_gw_family)
5898 *dst = res.nh->fib_nh_gw6;
5899
5900 dev = res.nh->fib_nh_dev;
5901 params->rt_metric = res.f6i->fib6_metric;
5902 params->ifindex = dev->ifindex;
5903
5904
5905
5906
5907 neigh = __ipv6_neigh_lookup_noref_stub(dev, dst);
5908 if (!neigh)
5909 return BPF_FIB_LKUP_RET_NO_NEIGH;
5910
5911 return bpf_fib_set_fwd_params(params, neigh, dev, mtu);
5912}
5913#endif
5914
5915BPF_CALL_4(bpf_xdp_fib_lookup, struct xdp_buff *, ctx,
5916 struct bpf_fib_lookup *, params, int, plen, u32, flags)
5917{
5918 if (plen < sizeof(*params))
5919 return -EINVAL;
5920
5921 if (flags & ~(BPF_FIB_LOOKUP_DIRECT | BPF_FIB_LOOKUP_OUTPUT))
5922 return -EINVAL;
5923
5924 switch (params->family) {
5925#if IS_ENABLED(CONFIG_INET)
5926 case AF_INET:
5927 return bpf_ipv4_fib_lookup(dev_net(ctx->rxq->dev), params,
5928 flags, true);
5929#endif
5930#if IS_ENABLED(CONFIG_IPV6)
5931 case AF_INET6:
5932 return bpf_ipv6_fib_lookup(dev_net(ctx->rxq->dev), params,
5933 flags, true);
5934#endif
5935 }
5936 return -EAFNOSUPPORT;
5937}
5938
5939static const struct bpf_func_proto bpf_xdp_fib_lookup_proto = {
5940 .func = bpf_xdp_fib_lookup,
5941 .gpl_only = true,
5942 .ret_type = RET_INTEGER,
5943 .arg1_type = ARG_PTR_TO_CTX,
5944 .arg2_type = ARG_PTR_TO_MEM,
5945 .arg3_type = ARG_CONST_SIZE,
5946 .arg4_type = ARG_ANYTHING,
5947};
5948
5949BPF_CALL_4(bpf_skb_fib_lookup, struct sk_buff *, skb,
5950 struct bpf_fib_lookup *, params, int, plen, u32, flags)
5951{
5952 struct net *net = dev_net(skb->dev);
5953 int rc = -EAFNOSUPPORT;
5954 bool check_mtu = false;
5955
5956 if (plen < sizeof(*params))
5957 return -EINVAL;
5958
5959 if (flags & ~(BPF_FIB_LOOKUP_DIRECT | BPF_FIB_LOOKUP_OUTPUT))
5960 return -EINVAL;
5961
5962 if (params->tot_len)
5963 check_mtu = true;
5964
5965 switch (params->family) {
5966#if IS_ENABLED(CONFIG_INET)
5967 case AF_INET:
5968 rc = bpf_ipv4_fib_lookup(net, params, flags, check_mtu);
5969 break;
5970#endif
5971#if IS_ENABLED(CONFIG_IPV6)
5972 case AF_INET6:
5973 rc = bpf_ipv6_fib_lookup(net, params, flags, check_mtu);
5974 break;
5975#endif
5976 }
5977
5978 if (rc == BPF_FIB_LKUP_RET_SUCCESS && !check_mtu) {
5979 struct net_device *dev;
5980
5981
5982
5983
5984 dev = dev_get_by_index_rcu(net, params->ifindex);
5985 if (!is_skb_forwardable(dev, skb))
5986 rc = BPF_FIB_LKUP_RET_FRAG_NEEDED;
5987
5988 params->mtu_result = dev->mtu;
5989 }
5990
5991 return rc;
5992}
5993
5994static const struct bpf_func_proto bpf_skb_fib_lookup_proto = {
5995 .func = bpf_skb_fib_lookup,
5996 .gpl_only = true,
5997 .ret_type = RET_INTEGER,
5998 .arg1_type = ARG_PTR_TO_CTX,
5999 .arg2_type = ARG_PTR_TO_MEM,
6000 .arg3_type = ARG_CONST_SIZE,
6001 .arg4_type = ARG_ANYTHING,
6002};
6003
6004static struct net_device *__dev_via_ifindex(struct net_device *dev_curr,
6005 u32 ifindex)
6006{
6007 struct net *netns = dev_net(dev_curr);
6008
6009
6010 if (ifindex == 0)
6011 return dev_curr;
6012
6013 return dev_get_by_index_rcu(netns, ifindex);
6014}
6015
6016BPF_CALL_5(bpf_skb_check_mtu, struct sk_buff *, skb,
6017 u32, ifindex, u32 *, mtu_len, s32, len_diff, u64, flags)
6018{
6019 int ret = BPF_MTU_CHK_RET_FRAG_NEEDED;
6020 struct net_device *dev = skb->dev;
6021 int skb_len, dev_len;
6022 int mtu;
6023
6024 if (unlikely(flags & ~(BPF_MTU_CHK_SEGS)))
6025 return -EINVAL;
6026
6027 if (unlikely(flags & BPF_MTU_CHK_SEGS && (len_diff || *mtu_len)))
6028 return -EINVAL;
6029
6030 dev = __dev_via_ifindex(dev, ifindex);
6031 if (unlikely(!dev))
6032 return -ENODEV;
6033
6034 mtu = READ_ONCE(dev->mtu);
6035
6036 dev_len = mtu + dev->hard_header_len;
6037
6038
6039 skb_len = *mtu_len ? *mtu_len + dev->hard_header_len : skb->len;
6040
6041 skb_len += len_diff;
6042 if (skb_len <= dev_len) {
6043 ret = BPF_MTU_CHK_RET_SUCCESS;
6044 goto out;
6045 }
6046
6047
6048
6049
6050
6051 if (skb_is_gso(skb)) {
6052 ret = BPF_MTU_CHK_RET_SUCCESS;
6053
6054 if (flags & BPF_MTU_CHK_SEGS &&
6055 !skb_gso_validate_network_len(skb, mtu))
6056 ret = BPF_MTU_CHK_RET_SEGS_TOOBIG;
6057 }
6058out:
6059
6060 *mtu_len = mtu;
6061
6062 return ret;
6063}
6064
6065BPF_CALL_5(bpf_xdp_check_mtu, struct xdp_buff *, xdp,
6066 u32, ifindex, u32 *, mtu_len, s32, len_diff, u64, flags)
6067{
6068 struct net_device *dev = xdp->rxq->dev;
6069 int xdp_len = xdp->data_end - xdp->data;
6070 int ret = BPF_MTU_CHK_RET_SUCCESS;
6071 int mtu, dev_len;
6072
6073
6074 if (unlikely(flags))
6075 return -EINVAL;
6076
6077 dev = __dev_via_ifindex(dev, ifindex);
6078 if (unlikely(!dev))
6079 return -ENODEV;
6080
6081 mtu = READ_ONCE(dev->mtu);
6082
6083
6084 dev_len = mtu + dev->hard_header_len;
6085
6086
6087 if (*mtu_len)
6088 xdp_len = *mtu_len + dev->hard_header_len;
6089
6090 xdp_len += len_diff;
6091 if (xdp_len > dev_len)
6092 ret = BPF_MTU_CHK_RET_FRAG_NEEDED;
6093
6094
6095 *mtu_len = mtu;
6096
6097 return ret;
6098}
6099
6100static const struct bpf_func_proto bpf_skb_check_mtu_proto = {
6101 .func = bpf_skb_check_mtu,
6102 .gpl_only = true,
6103 .ret_type = RET_INTEGER,
6104 .arg1_type = ARG_PTR_TO_CTX,
6105 .arg2_type = ARG_ANYTHING,
6106 .arg3_type = ARG_PTR_TO_INT,
6107 .arg4_type = ARG_ANYTHING,
6108 .arg5_type = ARG_ANYTHING,
6109};
6110
6111static const struct bpf_func_proto bpf_xdp_check_mtu_proto = {
6112 .func = bpf_xdp_check_mtu,
6113 .gpl_only = true,
6114 .ret_type = RET_INTEGER,
6115 .arg1_type = ARG_PTR_TO_CTX,
6116 .arg2_type = ARG_ANYTHING,
6117 .arg3_type = ARG_PTR_TO_INT,
6118 .arg4_type = ARG_ANYTHING,
6119 .arg5_type = ARG_ANYTHING,
6120};
6121
6122#if IS_ENABLED(CONFIG_IPV6_SEG6_BPF)
6123static int bpf_push_seg6_encap(struct sk_buff *skb, u32 type, void *hdr, u32 len)
6124{
6125 int err;
6126 struct ipv6_sr_hdr *srh = (struct ipv6_sr_hdr *)hdr;
6127
6128 if (!seg6_validate_srh(srh, len, false))
6129 return -EINVAL;
6130
6131 switch (type) {
6132 case BPF_LWT_ENCAP_SEG6_INLINE:
6133 if (skb->protocol != htons(ETH_P_IPV6))
6134 return -EBADMSG;
6135
6136 err = seg6_do_srh_inline(skb, srh);
6137 break;
6138 case BPF_LWT_ENCAP_SEG6:
6139 skb_reset_inner_headers(skb);
6140 skb->encapsulation = 1;
6141 err = seg6_do_srh_encap(skb, srh, IPPROTO_IPV6);
6142 break;
6143 default:
6144 return -EINVAL;
6145 }
6146
6147 bpf_compute_data_pointers(skb);
6148 if (err)
6149 return err;
6150
6151 ipv6_hdr(skb)->payload_len = htons(skb->len - sizeof(struct ipv6hdr));
6152 skb_set_transport_header(skb, sizeof(struct ipv6hdr));
6153
6154 return seg6_lookup_nexthop(skb, NULL, 0);
6155}
6156#endif
6157
6158#if IS_ENABLED(CONFIG_LWTUNNEL_BPF)
6159static int bpf_push_ip_encap(struct sk_buff *skb, void *hdr, u32 len,
6160 bool ingress)
6161{
6162 return bpf_lwt_push_ip_encap(skb, hdr, len, ingress);
6163}
6164#endif
6165
6166BPF_CALL_4(bpf_lwt_in_push_encap, struct sk_buff *, skb, u32, type, void *, hdr,
6167 u32, len)
6168{
6169 switch (type) {
6170#if IS_ENABLED(CONFIG_IPV6_SEG6_BPF)
6171 case BPF_LWT_ENCAP_SEG6:
6172 case BPF_LWT_ENCAP_SEG6_INLINE:
6173 return bpf_push_seg6_encap(skb, type, hdr, len);
6174#endif
6175#if IS_ENABLED(CONFIG_LWTUNNEL_BPF)
6176 case BPF_LWT_ENCAP_IP:
6177 return bpf_push_ip_encap(skb, hdr, len, true );
6178#endif
6179 default:
6180 return -EINVAL;
6181 }
6182}
6183
6184BPF_CALL_4(bpf_lwt_xmit_push_encap, struct sk_buff *, skb, u32, type,
6185 void *, hdr, u32, len)
6186{
6187 switch (type) {
6188#if IS_ENABLED(CONFIG_LWTUNNEL_BPF)
6189 case BPF_LWT_ENCAP_IP:
6190 return bpf_push_ip_encap(skb, hdr, len, false );
6191#endif
6192 default:
6193 return -EINVAL;
6194 }
6195}
6196
6197static const struct bpf_func_proto bpf_lwt_in_push_encap_proto = {
6198 .func = bpf_lwt_in_push_encap,
6199 .gpl_only = false,
6200 .ret_type = RET_INTEGER,
6201 .arg1_type = ARG_PTR_TO_CTX,
6202 .arg2_type = ARG_ANYTHING,
6203 .arg3_type = ARG_PTR_TO_MEM | MEM_RDONLY,
6204 .arg4_type = ARG_CONST_SIZE
6205};
6206
6207static const struct bpf_func_proto bpf_lwt_xmit_push_encap_proto = {
6208 .func = bpf_lwt_xmit_push_encap,
6209 .gpl_only = false,
6210 .ret_type = RET_INTEGER,
6211 .arg1_type = ARG_PTR_TO_CTX,
6212 .arg2_type = ARG_ANYTHING,
6213 .arg3_type = ARG_PTR_TO_MEM | MEM_RDONLY,
6214 .arg4_type = ARG_CONST_SIZE
6215};
6216
6217#if IS_ENABLED(CONFIG_IPV6_SEG6_BPF)
6218BPF_CALL_4(bpf_lwt_seg6_store_bytes, struct sk_buff *, skb, u32, offset,
6219 const void *, from, u32, len)
6220{
6221 struct seg6_bpf_srh_state *srh_state =
6222 this_cpu_ptr(&seg6_bpf_srh_states);
6223 struct ipv6_sr_hdr *srh = srh_state->srh;
6224 void *srh_tlvs, *srh_end, *ptr;
6225 int srhoff = 0;
6226
6227 if (srh == NULL)
6228 return -EINVAL;
6229
6230 srh_tlvs = (void *)((char *)srh + ((srh->first_segment + 1) << 4));
6231 srh_end = (void *)((char *)srh + sizeof(*srh) + srh_state->hdrlen);
6232
6233 ptr = skb->data + offset;
6234 if (ptr >= srh_tlvs && ptr + len <= srh_end)
6235 srh_state->valid = false;
6236 else if (ptr < (void *)&srh->flags ||
6237 ptr + len > (void *)&srh->segments)
6238 return -EFAULT;
6239
6240 if (unlikely(bpf_try_make_writable(skb, offset + len)))
6241 return -EFAULT;
6242 if (ipv6_find_hdr(skb, &srhoff, IPPROTO_ROUTING, NULL, NULL) < 0)
6243 return -EINVAL;
6244 srh_state->srh = (struct ipv6_sr_hdr *)(skb->data + srhoff);
6245
6246 memcpy(skb->data + offset, from, len);
6247 return 0;
6248}
6249
6250static const struct bpf_func_proto bpf_lwt_seg6_store_bytes_proto = {
6251 .func = bpf_lwt_seg6_store_bytes,
6252 .gpl_only = false,
6253 .ret_type = RET_INTEGER,
6254 .arg1_type = ARG_PTR_TO_CTX,
6255 .arg2_type = ARG_ANYTHING,
6256 .arg3_type = ARG_PTR_TO_MEM | MEM_RDONLY,
6257 .arg4_type = ARG_CONST_SIZE
6258};
6259
6260static void bpf_update_srh_state(struct sk_buff *skb)
6261{
6262 struct seg6_bpf_srh_state *srh_state =
6263 this_cpu_ptr(&seg6_bpf_srh_states);
6264 int srhoff = 0;
6265
6266 if (ipv6_find_hdr(skb, &srhoff, IPPROTO_ROUTING, NULL, NULL) < 0) {
6267 srh_state->srh = NULL;
6268 } else {
6269 srh_state->srh = (struct ipv6_sr_hdr *)(skb->data + srhoff);
6270 srh_state->hdrlen = srh_state->srh->hdrlen << 3;
6271 srh_state->valid = true;
6272 }
6273}
6274
6275BPF_CALL_4(bpf_lwt_seg6_action, struct sk_buff *, skb,
6276 u32, action, void *, param, u32, param_len)
6277{
6278 struct seg6_bpf_srh_state *srh_state =
6279 this_cpu_ptr(&seg6_bpf_srh_states);
6280 int hdroff = 0;
6281 int err;
6282
6283 switch (action) {
6284 case SEG6_LOCAL_ACTION_END_X:
6285 if (!seg6_bpf_has_valid_srh(skb))
6286 return -EBADMSG;
6287 if (param_len != sizeof(struct in6_addr))
6288 return -EINVAL;
6289 return seg6_lookup_nexthop(skb, (struct in6_addr *)param, 0);
6290 case SEG6_LOCAL_ACTION_END_T:
6291 if (!seg6_bpf_has_valid_srh(skb))
6292 return -EBADMSG;
6293 if (param_len != sizeof(int))
6294 return -EINVAL;
6295 return seg6_lookup_nexthop(skb, NULL, *(int *)param);
6296 case SEG6_LOCAL_ACTION_END_DT6:
6297 if (!seg6_bpf_has_valid_srh(skb))
6298 return -EBADMSG;
6299 if (param_len != sizeof(int))
6300 return -EINVAL;
6301
6302 if (ipv6_find_hdr(skb, &hdroff, IPPROTO_IPV6, NULL, NULL) < 0)
6303 return -EBADMSG;
6304 if (!pskb_pull(skb, hdroff))
6305 return -EBADMSG;
6306
6307 skb_postpull_rcsum(skb, skb_network_header(skb), hdroff);
6308 skb_reset_network_header(skb);
6309 skb_reset_transport_header(skb);
6310 skb->encapsulation = 0;
6311
6312 bpf_compute_data_pointers(skb);
6313 bpf_update_srh_state(skb);
6314 return seg6_lookup_nexthop(skb, NULL, *(int *)param);
6315 case SEG6_LOCAL_ACTION_END_B6:
6316 if (srh_state->srh && !seg6_bpf_has_valid_srh(skb))
6317 return -EBADMSG;
6318 err = bpf_push_seg6_encap(skb, BPF_LWT_ENCAP_SEG6_INLINE,
6319 param, param_len);
6320 if (!err)
6321 bpf_update_srh_state(skb);
6322
6323 return err;
6324 case SEG6_LOCAL_ACTION_END_B6_ENCAP:
6325 if (srh_state->srh && !seg6_bpf_has_valid_srh(skb))
6326 return -EBADMSG;
6327 err = bpf_push_seg6_encap(skb, BPF_LWT_ENCAP_SEG6,
6328 param, param_len);
6329 if (!err)
6330 bpf_update_srh_state(skb);
6331
6332 return err;
6333 default:
6334 return -EINVAL;
6335 }
6336}
6337
6338static const struct bpf_func_proto bpf_lwt_seg6_action_proto = {
6339 .func = bpf_lwt_seg6_action,
6340 .gpl_only = false,
6341 .ret_type = RET_INTEGER,
6342 .arg1_type = ARG_PTR_TO_CTX,
6343 .arg2_type = ARG_ANYTHING,
6344 .arg3_type = ARG_PTR_TO_MEM | MEM_RDONLY,
6345 .arg4_type = ARG_CONST_SIZE
6346};
6347
6348BPF_CALL_3(bpf_lwt_seg6_adjust_srh, struct sk_buff *, skb, u32, offset,
6349 s32, len)
6350{
6351 struct seg6_bpf_srh_state *srh_state =
6352 this_cpu_ptr(&seg6_bpf_srh_states);
6353 struct ipv6_sr_hdr *srh = srh_state->srh;
6354 void *srh_end, *srh_tlvs, *ptr;
6355 struct ipv6hdr *hdr;
6356 int srhoff = 0;
6357 int ret;
6358
6359 if (unlikely(srh == NULL))
6360 return -EINVAL;
6361
6362 srh_tlvs = (void *)((unsigned char *)srh + sizeof(*srh) +
6363 ((srh->first_segment + 1) << 4));
6364 srh_end = (void *)((unsigned char *)srh + sizeof(*srh) +
6365 srh_state->hdrlen);
6366 ptr = skb->data + offset;
6367
6368 if (unlikely(ptr < srh_tlvs || ptr > srh_end))
6369 return -EFAULT;
6370 if (unlikely(len < 0 && (void *)((char *)ptr - len) > srh_end))
6371 return -EFAULT;
6372
6373 if (len > 0) {
6374 ret = skb_cow_head(skb, len);
6375 if (unlikely(ret < 0))
6376 return ret;
6377
6378 ret = bpf_skb_net_hdr_push(skb, offset, len);
6379 } else {
6380 ret = bpf_skb_net_hdr_pop(skb, offset, -1 * len);
6381 }
6382
6383 bpf_compute_data_pointers(skb);
6384 if (unlikely(ret < 0))
6385 return ret;
6386
6387 hdr = (struct ipv6hdr *)skb->data;
6388 hdr->payload_len = htons(skb->len - sizeof(struct ipv6hdr));
6389
6390 if (ipv6_find_hdr(skb, &srhoff, IPPROTO_ROUTING, NULL, NULL) < 0)
6391 return -EINVAL;
6392 srh_state->srh = (struct ipv6_sr_hdr *)(skb->data + srhoff);
6393 srh_state->hdrlen += len;
6394 srh_state->valid = false;
6395 return 0;
6396}
6397
6398static const struct bpf_func_proto bpf_lwt_seg6_adjust_srh_proto = {
6399 .func = bpf_lwt_seg6_adjust_srh,
6400 .gpl_only = false,
6401 .ret_type = RET_INTEGER,
6402 .arg1_type = ARG_PTR_TO_CTX,
6403 .arg2_type = ARG_ANYTHING,
6404 .arg3_type = ARG_ANYTHING,
6405};
6406#endif
6407
6408#ifdef CONFIG_INET
6409static struct sock *sk_lookup(struct net *net, struct bpf_sock_tuple *tuple,
6410 int dif, int sdif, u8 family, u8 proto)
6411{
6412 bool refcounted = false;
6413 struct sock *sk = NULL;
6414
6415 if (family == AF_INET) {
6416 __be32 src4 = tuple->ipv4.saddr;
6417 __be32 dst4 = tuple->ipv4.daddr;
6418
6419 if (proto == IPPROTO_TCP)
6420 sk = __inet_lookup(net, &tcp_hashinfo, NULL, 0,
6421 src4, tuple->ipv4.sport,
6422 dst4, tuple->ipv4.dport,
6423 dif, sdif, &refcounted);
6424 else
6425 sk = __udp4_lib_lookup(net, src4, tuple->ipv4.sport,
6426 dst4, tuple->ipv4.dport,
6427 dif, sdif, &udp_table, NULL);
6428#if IS_ENABLED(CONFIG_IPV6)
6429 } else {
6430 struct in6_addr *src6 = (struct in6_addr *)&tuple->ipv6.saddr;
6431 struct in6_addr *dst6 = (struct in6_addr *)&tuple->ipv6.daddr;
6432
6433 if (proto == IPPROTO_TCP)
6434 sk = __inet6_lookup(net, &tcp_hashinfo, NULL, 0,
6435 src6, tuple->ipv6.sport,
6436 dst6, ntohs(tuple->ipv6.dport),
6437 dif, sdif, &refcounted);
6438 else if (likely(ipv6_bpf_stub))
6439 sk = ipv6_bpf_stub->udp6_lib_lookup(net,
6440 src6, tuple->ipv6.sport,
6441 dst6, tuple->ipv6.dport,
6442 dif, sdif,
6443 &udp_table, NULL);
6444#endif
6445 }
6446
6447 if (unlikely(sk && !refcounted && !sock_flag(sk, SOCK_RCU_FREE))) {
6448 WARN_ONCE(1, "Found non-RCU, unreferenced socket!");
6449 sk = NULL;
6450 }
6451 return sk;
6452}
6453
6454
6455
6456
6457
6458
6459static struct sock *
6460__bpf_skc_lookup(struct sk_buff *skb, struct bpf_sock_tuple *tuple, u32 len,
6461 struct net *caller_net, u32 ifindex, u8 proto, u64 netns_id,
6462 u64 flags)
6463{
6464 struct sock *sk = NULL;
6465 u8 family = AF_UNSPEC;
6466 struct net *net;
6467 int sdif;
6468
6469 if (len == sizeof(tuple->ipv4))
6470 family = AF_INET;
6471 else if (len == sizeof(tuple->ipv6))
6472 family = AF_INET6;
6473 else
6474 return NULL;
6475
6476 if (unlikely(family == AF_UNSPEC || flags ||
6477 !((s32)netns_id < 0 || netns_id <= S32_MAX)))
6478 goto out;
6479
6480 if (family == AF_INET)
6481 sdif = inet_sdif(skb);
6482 else
6483 sdif = inet6_sdif(skb);
6484
6485 if ((s32)netns_id < 0) {
6486 net = caller_net;
6487 sk = sk_lookup(net, tuple, ifindex, sdif, family, proto);
6488 } else {
6489 net = get_net_ns_by_id(caller_net, netns_id);
6490 if (unlikely(!net))
6491 goto out;
6492 sk = sk_lookup(net, tuple, ifindex, sdif, family, proto);
6493 put_net(net);
6494 }
6495
6496out:
6497 return sk;
6498}
6499
6500static struct sock *
6501__bpf_sk_lookup(struct sk_buff *skb, struct bpf_sock_tuple *tuple, u32 len,
6502 struct net *caller_net, u32 ifindex, u8 proto, u64 netns_id,
6503 u64 flags)
6504{
6505 struct sock *sk = __bpf_skc_lookup(skb, tuple, len, caller_net,
6506 ifindex, proto, netns_id, flags);
6507
6508 if (sk) {
6509 sk = sk_to_full_sk(sk);
6510 if (!sk_fullsock(sk)) {
6511 sock_gen_put(sk);
6512 return NULL;
6513 }
6514 }
6515
6516 return sk;
6517}
6518
6519static struct sock *
6520bpf_skc_lookup(struct sk_buff *skb, struct bpf_sock_tuple *tuple, u32 len,
6521 u8 proto, u64 netns_id, u64 flags)
6522{
6523 struct net *caller_net;
6524 int ifindex;
6525
6526 if (skb->dev) {
6527 caller_net = dev_net(skb->dev);
6528 ifindex = skb->dev->ifindex;
6529 } else {
6530 caller_net = sock_net(skb->sk);
6531 ifindex = 0;
6532 }
6533
6534 return __bpf_skc_lookup(skb, tuple, len, caller_net, ifindex, proto,
6535 netns_id, flags);
6536}
6537
6538static struct sock *
6539bpf_sk_lookup(struct sk_buff *skb, struct bpf_sock_tuple *tuple, u32 len,
6540 u8 proto, u64 netns_id, u64 flags)
6541{
6542 struct sock *sk = bpf_skc_lookup(skb, tuple, len, proto, netns_id,
6543 flags);
6544
6545 if (sk) {
6546 sk = sk_to_full_sk(sk);
6547 if (!sk_fullsock(sk)) {
6548 sock_gen_put(sk);
6549 return NULL;
6550 }
6551 }
6552
6553 return sk;
6554}
6555
6556BPF_CALL_5(bpf_skc_lookup_tcp, struct sk_buff *, skb,
6557 struct bpf_sock_tuple *, tuple, u32, len, u64, netns_id, u64, flags)
6558{
6559 return (unsigned long)bpf_skc_lookup(skb, tuple, len, IPPROTO_TCP,
6560 netns_id, flags);
6561}
6562
6563static const struct bpf_func_proto bpf_skc_lookup_tcp_proto = {
6564 .func = bpf_skc_lookup_tcp,
6565 .gpl_only = false,
6566 .pkt_access = true,
6567 .ret_type = RET_PTR_TO_SOCK_COMMON_OR_NULL,
6568 .arg1_type = ARG_PTR_TO_CTX,
6569 .arg2_type = ARG_PTR_TO_MEM | MEM_RDONLY,
6570 .arg3_type = ARG_CONST_SIZE,
6571 .arg4_type = ARG_ANYTHING,
6572 .arg5_type = ARG_ANYTHING,
6573};
6574
6575BPF_CALL_5(bpf_sk_lookup_tcp, struct sk_buff *, skb,
6576 struct bpf_sock_tuple *, tuple, u32, len, u64, netns_id, u64, flags)
6577{
6578 return (unsigned long)bpf_sk_lookup(skb, tuple, len, IPPROTO_TCP,
6579 netns_id, flags);
6580}
6581
6582static const struct bpf_func_proto bpf_sk_lookup_tcp_proto = {
6583 .func = bpf_sk_lookup_tcp,
6584 .gpl_only = false,
6585 .pkt_access = true,
6586 .ret_type = RET_PTR_TO_SOCKET_OR_NULL,
6587 .arg1_type = ARG_PTR_TO_CTX,
6588 .arg2_type = ARG_PTR_TO_MEM | MEM_RDONLY,
6589 .arg3_type = ARG_CONST_SIZE,
6590 .arg4_type = ARG_ANYTHING,
6591 .arg5_type = ARG_ANYTHING,
6592};
6593
6594BPF_CALL_5(bpf_sk_lookup_udp, struct sk_buff *, skb,
6595 struct bpf_sock_tuple *, tuple, u32, len, u64, netns_id, u64, flags)
6596{
6597 return (unsigned long)bpf_sk_lookup(skb, tuple, len, IPPROTO_UDP,
6598 netns_id, flags);
6599}
6600
6601static const struct bpf_func_proto bpf_sk_lookup_udp_proto = {
6602 .func = bpf_sk_lookup_udp,
6603 .gpl_only = false,
6604 .pkt_access = true,
6605 .ret_type = RET_PTR_TO_SOCKET_OR_NULL,
6606 .arg1_type = ARG_PTR_TO_CTX,
6607 .arg2_type = ARG_PTR_TO_MEM | MEM_RDONLY,
6608 .arg3_type = ARG_CONST_SIZE,
6609 .arg4_type = ARG_ANYTHING,
6610 .arg5_type = ARG_ANYTHING,
6611};
6612
6613BPF_CALL_1(bpf_sk_release, struct sock *, sk)
6614{
6615 if (sk && sk_is_refcounted(sk))
6616 sock_gen_put(sk);
6617 return 0;
6618}
6619
6620static const struct bpf_func_proto bpf_sk_release_proto = {
6621 .func = bpf_sk_release,
6622 .gpl_only = false,
6623 .ret_type = RET_INTEGER,
6624 .arg1_type = ARG_PTR_TO_BTF_ID_SOCK_COMMON,
6625};
6626
6627BPF_CALL_5(bpf_xdp_sk_lookup_udp, struct xdp_buff *, ctx,
6628 struct bpf_sock_tuple *, tuple, u32, len, u32, netns_id, u64, flags)
6629{
6630 struct net *caller_net = dev_net(ctx->rxq->dev);
6631 int ifindex = ctx->rxq->dev->ifindex;
6632
6633 return (unsigned long)__bpf_sk_lookup(NULL, tuple, len, caller_net,
6634 ifindex, IPPROTO_UDP, netns_id,
6635 flags);
6636}
6637
6638static const struct bpf_func_proto bpf_xdp_sk_lookup_udp_proto = {
6639 .func = bpf_xdp_sk_lookup_udp,
6640 .gpl_only = false,
6641 .pkt_access = true,
6642 .ret_type = RET_PTR_TO_SOCKET_OR_NULL,
6643 .arg1_type = ARG_PTR_TO_CTX,
6644 .arg2_type = ARG_PTR_TO_MEM | MEM_RDONLY,
6645 .arg3_type = ARG_CONST_SIZE,
6646 .arg4_type = ARG_ANYTHING,
6647 .arg5_type = ARG_ANYTHING,
6648};
6649
6650BPF_CALL_5(bpf_xdp_skc_lookup_tcp, struct xdp_buff *, ctx,
6651 struct bpf_sock_tuple *, tuple, u32, len, u32, netns_id, u64, flags)
6652{
6653 struct net *caller_net = dev_net(ctx->rxq->dev);
6654 int ifindex = ctx->rxq->dev->ifindex;
6655
6656 return (unsigned long)__bpf_skc_lookup(NULL, tuple, len, caller_net,
6657 ifindex, IPPROTO_TCP, netns_id,
6658 flags);
6659}
6660
6661static const struct bpf_func_proto bpf_xdp_skc_lookup_tcp_proto = {
6662 .func = bpf_xdp_skc_lookup_tcp,
6663 .gpl_only = false,
6664 .pkt_access = true,
6665 .ret_type = RET_PTR_TO_SOCK_COMMON_OR_NULL,
6666 .arg1_type = ARG_PTR_TO_CTX,
6667 .arg2_type = ARG_PTR_TO_MEM | MEM_RDONLY,
6668 .arg3_type = ARG_CONST_SIZE,
6669 .arg4_type = ARG_ANYTHING,
6670 .arg5_type = ARG_ANYTHING,
6671};
6672
6673BPF_CALL_5(bpf_xdp_sk_lookup_tcp, struct xdp_buff *, ctx,
6674 struct bpf_sock_tuple *, tuple, u32, len, u32, netns_id, u64, flags)
6675{
6676 struct net *caller_net = dev_net(ctx->rxq->dev);
6677 int ifindex = ctx->rxq->dev->ifindex;
6678
6679 return (unsigned long)__bpf_sk_lookup(NULL, tuple, len, caller_net,
6680 ifindex, IPPROTO_TCP, netns_id,
6681 flags);
6682}
6683
6684static const struct bpf_func_proto bpf_xdp_sk_lookup_tcp_proto = {
6685 .func = bpf_xdp_sk_lookup_tcp,
6686 .gpl_only = false,
6687 .pkt_access = true,
6688 .ret_type = RET_PTR_TO_SOCKET_OR_NULL,
6689 .arg1_type = ARG_PTR_TO_CTX,
6690 .arg2_type = ARG_PTR_TO_MEM | MEM_RDONLY,
6691 .arg3_type = ARG_CONST_SIZE,
6692 .arg4_type = ARG_ANYTHING,
6693 .arg5_type = ARG_ANYTHING,
6694};
6695
6696BPF_CALL_5(bpf_sock_addr_skc_lookup_tcp, struct bpf_sock_addr_kern *, ctx,
6697 struct bpf_sock_tuple *, tuple, u32, len, u64, netns_id, u64, flags)
6698{
6699 return (unsigned long)__bpf_skc_lookup(NULL, tuple, len,
6700 sock_net(ctx->sk), 0,
6701 IPPROTO_TCP, netns_id, flags);
6702}
6703
6704static const struct bpf_func_proto bpf_sock_addr_skc_lookup_tcp_proto = {
6705 .func = bpf_sock_addr_skc_lookup_tcp,
6706 .gpl_only = false,
6707 .ret_type = RET_PTR_TO_SOCK_COMMON_OR_NULL,
6708 .arg1_type = ARG_PTR_TO_CTX,
6709 .arg2_type = ARG_PTR_TO_MEM | MEM_RDONLY,
6710 .arg3_type = ARG_CONST_SIZE,
6711 .arg4_type = ARG_ANYTHING,
6712 .arg5_type = ARG_ANYTHING,
6713};
6714
6715BPF_CALL_5(bpf_sock_addr_sk_lookup_tcp, struct bpf_sock_addr_kern *, ctx,
6716 struct bpf_sock_tuple *, tuple, u32, len, u64, netns_id, u64, flags)
6717{
6718 return (unsigned long)__bpf_sk_lookup(NULL, tuple, len,
6719 sock_net(ctx->sk), 0, IPPROTO_TCP,
6720 netns_id, flags);
6721}
6722
6723static const struct bpf_func_proto bpf_sock_addr_sk_lookup_tcp_proto = {
6724 .func = bpf_sock_addr_sk_lookup_tcp,
6725 .gpl_only = false,
6726 .ret_type = RET_PTR_TO_SOCKET_OR_NULL,
6727 .arg1_type = ARG_PTR_TO_CTX,
6728 .arg2_type = ARG_PTR_TO_MEM | MEM_RDONLY,
6729 .arg3_type = ARG_CONST_SIZE,
6730 .arg4_type = ARG_ANYTHING,
6731 .arg5_type = ARG_ANYTHING,
6732};
6733
6734BPF_CALL_5(bpf_sock_addr_sk_lookup_udp, struct bpf_sock_addr_kern *, ctx,
6735 struct bpf_sock_tuple *, tuple, u32, len, u64, netns_id, u64, flags)
6736{
6737 return (unsigned long)__bpf_sk_lookup(NULL, tuple, len,
6738 sock_net(ctx->sk), 0, IPPROTO_UDP,
6739 netns_id, flags);
6740}
6741
6742static const struct bpf_func_proto bpf_sock_addr_sk_lookup_udp_proto = {
6743 .func = bpf_sock_addr_sk_lookup_udp,
6744 .gpl_only = false,
6745 .ret_type = RET_PTR_TO_SOCKET_OR_NULL,
6746 .arg1_type = ARG_PTR_TO_CTX,
6747 .arg2_type = ARG_PTR_TO_MEM | MEM_RDONLY,
6748 .arg3_type = ARG_CONST_SIZE,
6749 .arg4_type = ARG_ANYTHING,
6750 .arg5_type = ARG_ANYTHING,
6751};
6752
6753bool bpf_tcp_sock_is_valid_access(int off, int size, enum bpf_access_type type,
6754 struct bpf_insn_access_aux *info)
6755{
6756 if (off < 0 || off >= offsetofend(struct bpf_tcp_sock,
6757 icsk_retransmits))
6758 return false;
6759
6760 if (off % size != 0)
6761 return false;
6762
6763 switch (off) {
6764 case offsetof(struct bpf_tcp_sock, bytes_received):
6765 case offsetof(struct bpf_tcp_sock, bytes_acked):
6766 return size == sizeof(__u64);
6767 default:
6768 return size == sizeof(__u32);
6769 }
6770}
6771
6772u32 bpf_tcp_sock_convert_ctx_access(enum bpf_access_type type,
6773 const struct bpf_insn *si,
6774 struct bpf_insn *insn_buf,
6775 struct bpf_prog *prog, u32 *target_size)
6776{
6777 struct bpf_insn *insn = insn_buf;
6778
6779#define BPF_TCP_SOCK_GET_COMMON(FIELD) \
6780 do { \
6781 BUILD_BUG_ON(sizeof_field(struct tcp_sock, FIELD) > \
6782 sizeof_field(struct bpf_tcp_sock, FIELD)); \
6783 *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct tcp_sock, FIELD),\
6784 si->dst_reg, si->src_reg, \
6785 offsetof(struct tcp_sock, FIELD)); \
6786 } while (0)
6787
6788#define BPF_INET_SOCK_GET_COMMON(FIELD) \
6789 do { \
6790 BUILD_BUG_ON(sizeof_field(struct inet_connection_sock, \
6791 FIELD) > \
6792 sizeof_field(struct bpf_tcp_sock, FIELD)); \
6793 *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF( \
6794 struct inet_connection_sock, \
6795 FIELD), \
6796 si->dst_reg, si->src_reg, \
6797 offsetof( \
6798 struct inet_connection_sock, \
6799 FIELD)); \
6800 } while (0)
6801
6802 if (insn > insn_buf)
6803 return insn - insn_buf;
6804
6805 switch (si->off) {
6806 case offsetof(struct bpf_tcp_sock, rtt_min):
6807 BUILD_BUG_ON(sizeof_field(struct tcp_sock, rtt_min) !=
6808 sizeof(struct minmax));
6809 BUILD_BUG_ON(sizeof(struct minmax) <
6810 sizeof(struct minmax_sample));
6811
6812 *insn++ = BPF_LDX_MEM(BPF_W, si->dst_reg, si->src_reg,
6813 offsetof(struct tcp_sock, rtt_min) +
6814 offsetof(struct minmax_sample, v));
6815 break;
6816 case offsetof(struct bpf_tcp_sock, snd_cwnd):
6817 BPF_TCP_SOCK_GET_COMMON(snd_cwnd);
6818 break;
6819 case offsetof(struct bpf_tcp_sock, srtt_us):
6820 BPF_TCP_SOCK_GET_COMMON(srtt_us);
6821 break;
6822 case offsetof(struct bpf_tcp_sock, snd_ssthresh):
6823 BPF_TCP_SOCK_GET_COMMON(snd_ssthresh);
6824 break;
6825 case offsetof(struct bpf_tcp_sock, rcv_nxt):
6826 BPF_TCP_SOCK_GET_COMMON(rcv_nxt);
6827 break;
6828 case offsetof(struct bpf_tcp_sock, snd_nxt):
6829 BPF_TCP_SOCK_GET_COMMON(snd_nxt);
6830 break;
6831 case offsetof(struct bpf_tcp_sock, snd_una):
6832 BPF_TCP_SOCK_GET_COMMON(snd_una);
6833 break;
6834 case offsetof(struct bpf_tcp_sock, mss_cache):
6835 BPF_TCP_SOCK_GET_COMMON(mss_cache);
6836 break;
6837 case offsetof(struct bpf_tcp_sock, ecn_flags):
6838 BPF_TCP_SOCK_GET_COMMON(ecn_flags);
6839 break;
6840 case offsetof(struct bpf_tcp_sock, rate_delivered):
6841 BPF_TCP_SOCK_GET_COMMON(rate_delivered);
6842 break;
6843 case offsetof(struct bpf_tcp_sock, rate_interval_us):
6844 BPF_TCP_SOCK_GET_COMMON(rate_interval_us);
6845 break;
6846 case offsetof(struct bpf_tcp_sock, packets_out):
6847 BPF_TCP_SOCK_GET_COMMON(packets_out);
6848 break;
6849 case offsetof(struct bpf_tcp_sock, retrans_out):
6850 BPF_TCP_SOCK_GET_COMMON(retrans_out);
6851 break;
6852 case offsetof(struct bpf_tcp_sock, total_retrans):
6853 BPF_TCP_SOCK_GET_COMMON(total_retrans);
6854 break;
6855 case offsetof(struct bpf_tcp_sock, segs_in):
6856 BPF_TCP_SOCK_GET_COMMON(segs_in);
6857 break;
6858 case offsetof(struct bpf_tcp_sock, data_segs_in):
6859 BPF_TCP_SOCK_GET_COMMON(data_segs_in);
6860 break;
6861 case offsetof(struct bpf_tcp_sock, segs_out):
6862 BPF_TCP_SOCK_GET_COMMON(segs_out);
6863 break;
6864 case offsetof(struct bpf_tcp_sock, data_segs_out):
6865 BPF_TCP_SOCK_GET_COMMON(data_segs_out);
6866 break;
6867 case offsetof(struct bpf_tcp_sock, lost_out):
6868 BPF_TCP_SOCK_GET_COMMON(lost_out);
6869 break;
6870 case offsetof(struct bpf_tcp_sock, sacked_out):
6871 BPF_TCP_SOCK_GET_COMMON(sacked_out);
6872 break;
6873 case offsetof(struct bpf_tcp_sock, bytes_received):
6874 BPF_TCP_SOCK_GET_COMMON(bytes_received);
6875 break;
6876 case offsetof(struct bpf_tcp_sock, bytes_acked):
6877 BPF_TCP_SOCK_GET_COMMON(bytes_acked);
6878 break;
6879 case offsetof(struct bpf_tcp_sock, dsack_dups):
6880 BPF_TCP_SOCK_GET_COMMON(dsack_dups);
6881 break;
6882 case offsetof(struct bpf_tcp_sock, delivered):
6883 BPF_TCP_SOCK_GET_COMMON(delivered);
6884 break;
6885 case offsetof(struct bpf_tcp_sock, delivered_ce):
6886 BPF_TCP_SOCK_GET_COMMON(delivered_ce);
6887 break;
6888 case offsetof(struct bpf_tcp_sock, icsk_retransmits):
6889 BPF_INET_SOCK_GET_COMMON(icsk_retransmits);
6890 break;
6891 }
6892
6893 return insn - insn_buf;
6894}
6895
6896BPF_CALL_1(bpf_tcp_sock, struct sock *, sk)
6897{
6898 if (sk_fullsock(sk) && sk->sk_protocol == IPPROTO_TCP)
6899 return (unsigned long)sk;
6900
6901 return (unsigned long)NULL;
6902}
6903
6904const struct bpf_func_proto bpf_tcp_sock_proto = {
6905 .func = bpf_tcp_sock,
6906 .gpl_only = false,
6907 .ret_type = RET_PTR_TO_TCP_SOCK_OR_NULL,
6908 .arg1_type = ARG_PTR_TO_SOCK_COMMON,
6909};
6910
6911BPF_CALL_1(bpf_get_listener_sock, struct sock *, sk)
6912{
6913 sk = sk_to_full_sk(sk);
6914
6915 if (sk->sk_state == TCP_LISTEN && sock_flag(sk, SOCK_RCU_FREE))
6916 return (unsigned long)sk;
6917
6918 return (unsigned long)NULL;
6919}
6920
6921static const struct bpf_func_proto bpf_get_listener_sock_proto = {
6922 .func = bpf_get_listener_sock,
6923 .gpl_only = false,
6924 .ret_type = RET_PTR_TO_SOCKET_OR_NULL,
6925 .arg1_type = ARG_PTR_TO_SOCK_COMMON,
6926};
6927
6928BPF_CALL_1(bpf_skb_ecn_set_ce, struct sk_buff *, skb)
6929{
6930 unsigned int iphdr_len;
6931
6932 switch (skb_protocol(skb, true)) {
6933 case cpu_to_be16(ETH_P_IP):
6934 iphdr_len = sizeof(struct iphdr);
6935 break;
6936 case cpu_to_be16(ETH_P_IPV6):
6937 iphdr_len = sizeof(struct ipv6hdr);
6938 break;
6939 default:
6940 return 0;
6941 }
6942
6943 if (skb_headlen(skb) < iphdr_len)
6944 return 0;
6945
6946 if (skb_cloned(skb) && !skb_clone_writable(skb, iphdr_len))
6947 return 0;
6948
6949 return INET_ECN_set_ce(skb);
6950}
6951
6952bool bpf_xdp_sock_is_valid_access(int off, int size, enum bpf_access_type type,
6953 struct bpf_insn_access_aux *info)
6954{
6955 if (off < 0 || off >= offsetofend(struct bpf_xdp_sock, queue_id))
6956 return false;
6957
6958 if (off % size != 0)
6959 return false;
6960
6961 switch (off) {
6962 default:
6963 return size == sizeof(__u32);
6964 }
6965}
6966
6967u32 bpf_xdp_sock_convert_ctx_access(enum bpf_access_type type,
6968 const struct bpf_insn *si,
6969 struct bpf_insn *insn_buf,
6970 struct bpf_prog *prog, u32 *target_size)
6971{
6972 struct bpf_insn *insn = insn_buf;
6973
6974#define BPF_XDP_SOCK_GET(FIELD) \
6975 do { \
6976 BUILD_BUG_ON(sizeof_field(struct xdp_sock, FIELD) > \
6977 sizeof_field(struct bpf_xdp_sock, FIELD)); \
6978 *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct xdp_sock, FIELD),\
6979 si->dst_reg, si->src_reg, \
6980 offsetof(struct xdp_sock, FIELD)); \
6981 } while (0)
6982
6983 switch (si->off) {
6984 case offsetof(struct bpf_xdp_sock, queue_id):
6985 BPF_XDP_SOCK_GET(queue_id);
6986 break;
6987 }
6988
6989 return insn - insn_buf;
6990}
6991
6992static const struct bpf_func_proto bpf_skb_ecn_set_ce_proto = {
6993 .func = bpf_skb_ecn_set_ce,
6994 .gpl_only = false,
6995 .ret_type = RET_INTEGER,
6996 .arg1_type = ARG_PTR_TO_CTX,
6997};
6998
6999BPF_CALL_5(bpf_tcp_check_syncookie, struct sock *, sk, void *, iph, u32, iph_len,
7000 struct tcphdr *, th, u32, th_len)
7001{
7002#ifdef CONFIG_SYN_COOKIES
7003 u32 cookie;
7004 int ret;
7005
7006 if (unlikely(!sk || th_len < sizeof(*th)))
7007 return -EINVAL;
7008
7009
7010 if (sk->sk_protocol != IPPROTO_TCP || sk->sk_state != TCP_LISTEN)
7011 return -EINVAL;
7012
7013 if (!sock_net(sk)->ipv4.sysctl_tcp_syncookies)
7014 return -EINVAL;
7015
7016 if (!th->ack || th->rst || th->syn)
7017 return -ENOENT;
7018
7019 if (unlikely(iph_len < sizeof(struct iphdr)))
7020 return -EINVAL;
7021
7022 if (tcp_synq_no_recent_overflow(sk))
7023 return -ENOENT;
7024
7025 cookie = ntohl(th->ack_seq) - 1;
7026
7027
7028
7029
7030 switch (((struct iphdr *)iph)->version) {
7031 case 4:
7032 if (sk->sk_family == AF_INET6 && ipv6_only_sock(sk))
7033 return -EINVAL;
7034
7035 ret = __cookie_v4_check((struct iphdr *)iph, th, cookie);
7036 break;
7037
7038#if IS_BUILTIN(CONFIG_IPV6)
7039 case 6:
7040 if (unlikely(iph_len < sizeof(struct ipv6hdr)))
7041 return -EINVAL;
7042
7043 if (sk->sk_family != AF_INET6)
7044 return -EINVAL;
7045
7046 ret = __cookie_v6_check((struct ipv6hdr *)iph, th, cookie);
7047 break;
7048#endif
7049
7050 default:
7051 return -EPROTONOSUPPORT;
7052 }
7053
7054 if (ret > 0)
7055 return 0;
7056
7057 return -ENOENT;
7058#else
7059 return -ENOTSUPP;
7060#endif
7061}
7062
7063static const struct bpf_func_proto bpf_tcp_check_syncookie_proto = {
7064 .func = bpf_tcp_check_syncookie,
7065 .gpl_only = true,
7066 .pkt_access = true,
7067 .ret_type = RET_INTEGER,
7068 .arg1_type = ARG_PTR_TO_BTF_ID_SOCK_COMMON,
7069 .arg2_type = ARG_PTR_TO_MEM | MEM_RDONLY,
7070 .arg3_type = ARG_CONST_SIZE,
7071 .arg4_type = ARG_PTR_TO_MEM | MEM_RDONLY,
7072 .arg5_type = ARG_CONST_SIZE,
7073};
7074
7075BPF_CALL_5(bpf_tcp_gen_syncookie, struct sock *, sk, void *, iph, u32, iph_len,
7076 struct tcphdr *, th, u32, th_len)
7077{
7078#ifdef CONFIG_SYN_COOKIES
7079 u32 cookie;
7080 u16 mss;
7081
7082 if (unlikely(!sk || th_len < sizeof(*th) || th_len != th->doff * 4))
7083 return -EINVAL;
7084
7085 if (sk->sk_protocol != IPPROTO_TCP || sk->sk_state != TCP_LISTEN)
7086 return -EINVAL;
7087
7088 if (!sock_net(sk)->ipv4.sysctl_tcp_syncookies)
7089 return -ENOENT;
7090
7091 if (!th->syn || th->ack || th->fin || th->rst)
7092 return -EINVAL;
7093
7094 if (unlikely(iph_len < sizeof(struct iphdr)))
7095 return -EINVAL;
7096
7097
7098
7099
7100 switch (((struct iphdr *)iph)->version) {
7101 case 4:
7102 if (sk->sk_family == AF_INET6 && sk->sk_ipv6only)
7103 return -EINVAL;
7104
7105 mss = tcp_v4_get_syncookie(sk, iph, th, &cookie);
7106 break;
7107
7108#if IS_BUILTIN(CONFIG_IPV6)
7109 case 6:
7110 if (unlikely(iph_len < sizeof(struct ipv6hdr)))
7111 return -EINVAL;
7112
7113 if (sk->sk_family != AF_INET6)
7114 return -EINVAL;
7115
7116 mss = tcp_v6_get_syncookie(sk, iph, th, &cookie);
7117 break;
7118#endif
7119
7120 default:
7121 return -EPROTONOSUPPORT;
7122 }
7123 if (mss == 0)
7124 return -ENOENT;
7125
7126 return cookie | ((u64)mss << 32);
7127#else
7128 return -EOPNOTSUPP;
7129#endif
7130}
7131
7132static const struct bpf_func_proto bpf_tcp_gen_syncookie_proto = {
7133 .func = bpf_tcp_gen_syncookie,
7134 .gpl_only = true,
7135 .pkt_access = true,
7136 .ret_type = RET_INTEGER,
7137 .arg1_type = ARG_PTR_TO_BTF_ID_SOCK_COMMON,
7138 .arg2_type = ARG_PTR_TO_MEM | MEM_RDONLY,
7139 .arg3_type = ARG_CONST_SIZE,
7140 .arg4_type = ARG_PTR_TO_MEM | MEM_RDONLY,
7141 .arg5_type = ARG_CONST_SIZE,
7142};
7143
7144BPF_CALL_3(bpf_sk_assign, struct sk_buff *, skb, struct sock *, sk, u64, flags)
7145{
7146 if (!sk || flags != 0)
7147 return -EINVAL;
7148 if (!skb_at_tc_ingress(skb))
7149 return -EOPNOTSUPP;
7150 if (unlikely(dev_net(skb->dev) != sock_net(sk)))
7151 return -ENETUNREACH;
7152 if (unlikely(sk_fullsock(sk) && sk->sk_reuseport))
7153 return -ESOCKTNOSUPPORT;
7154 if (sk_is_refcounted(sk) &&
7155 unlikely(!refcount_inc_not_zero(&sk->sk_refcnt)))
7156 return -ENOENT;
7157
7158 skb_orphan(skb);
7159 skb->sk = sk;
7160 skb->destructor = sock_pfree;
7161
7162 return 0;
7163}
7164
7165static const struct bpf_func_proto bpf_sk_assign_proto = {
7166 .func = bpf_sk_assign,
7167 .gpl_only = false,
7168 .ret_type = RET_INTEGER,
7169 .arg1_type = ARG_PTR_TO_CTX,
7170 .arg2_type = ARG_PTR_TO_BTF_ID_SOCK_COMMON,
7171 .arg3_type = ARG_ANYTHING,
7172};
7173
7174static const u8 *bpf_search_tcp_opt(const u8 *op, const u8 *opend,
7175 u8 search_kind, const u8 *magic,
7176 u8 magic_len, bool *eol)
7177{
7178 u8 kind, kind_len;
7179
7180 *eol = false;
7181
7182 while (op < opend) {
7183 kind = op[0];
7184
7185 if (kind == TCPOPT_EOL) {
7186 *eol = true;
7187 return ERR_PTR(-ENOMSG);
7188 } else if (kind == TCPOPT_NOP) {
7189 op++;
7190 continue;
7191 }
7192
7193 if (opend - op < 2 || opend - op < op[1] || op[1] < 2)
7194
7195
7196
7197
7198 return ERR_PTR(-EFAULT);
7199
7200 kind_len = op[1];
7201 if (search_kind == kind) {
7202 if (!magic_len)
7203 return op;
7204
7205 if (magic_len > kind_len - 2)
7206 return ERR_PTR(-ENOMSG);
7207
7208 if (!memcmp(&op[2], magic, magic_len))
7209 return op;
7210 }
7211
7212 op += kind_len;
7213 }
7214
7215 return ERR_PTR(-ENOMSG);
7216}
7217
7218BPF_CALL_4(bpf_sock_ops_load_hdr_opt, struct bpf_sock_ops_kern *, bpf_sock,
7219 void *, search_res, u32, len, u64, flags)
7220{
7221 bool eol, load_syn = flags & BPF_LOAD_HDR_OPT_TCP_SYN;
7222 const u8 *op, *opend, *magic, *search = search_res;
7223 u8 search_kind, search_len, copy_len, magic_len;
7224 int ret;
7225
7226
7227
7228
7229
7230 if (len < 2 || flags & ~BPF_LOAD_HDR_OPT_TCP_SYN)
7231 return -EINVAL;
7232
7233 search_kind = search[0];
7234 search_len = search[1];
7235
7236 if (search_len > len || search_kind == TCPOPT_NOP ||
7237 search_kind == TCPOPT_EOL)
7238 return -EINVAL;
7239
7240 if (search_kind == TCPOPT_EXP || search_kind == 253) {
7241
7242 if (search_len != 4 && search_len != 6)
7243 return -EINVAL;
7244 magic = &search[2];
7245 magic_len = search_len - 2;
7246 } else {
7247 if (search_len)
7248 return -EINVAL;
7249 magic = NULL;
7250 magic_len = 0;
7251 }
7252
7253 if (load_syn) {
7254 ret = bpf_sock_ops_get_syn(bpf_sock, TCP_BPF_SYN, &op);
7255 if (ret < 0)
7256 return ret;
7257
7258 opend = op + ret;
7259 op += sizeof(struct tcphdr);
7260 } else {
7261 if (!bpf_sock->skb ||
7262 bpf_sock->op == BPF_SOCK_OPS_HDR_OPT_LEN_CB)
7263
7264 return -EPERM;
7265
7266 opend = bpf_sock->skb_data_end;
7267 op = bpf_sock->skb->data + sizeof(struct tcphdr);
7268 }
7269
7270 op = bpf_search_tcp_opt(op, opend, search_kind, magic, magic_len,
7271 &eol);
7272 if (IS_ERR(op))
7273 return PTR_ERR(op);
7274
7275 copy_len = op[1];
7276 ret = copy_len;
7277 if (copy_len > len) {
7278 ret = -ENOSPC;
7279 copy_len = len;
7280 }
7281
7282 memcpy(search_res, op, copy_len);
7283 return ret;
7284}
7285
7286static const struct bpf_func_proto bpf_sock_ops_load_hdr_opt_proto = {
7287 .func = bpf_sock_ops_load_hdr_opt,
7288 .gpl_only = false,
7289 .ret_type = RET_INTEGER,
7290 .arg1_type = ARG_PTR_TO_CTX,
7291 .arg2_type = ARG_PTR_TO_MEM,
7292 .arg3_type = ARG_CONST_SIZE,
7293 .arg4_type = ARG_ANYTHING,
7294};
7295
7296BPF_CALL_4(bpf_sock_ops_store_hdr_opt, struct bpf_sock_ops_kern *, bpf_sock,
7297 const void *, from, u32, len, u64, flags)
7298{
7299 u8 new_kind, new_kind_len, magic_len = 0, *opend;
7300 const u8 *op, *new_op, *magic = NULL;
7301 struct sk_buff *skb;
7302 bool eol;
7303
7304 if (bpf_sock->op != BPF_SOCK_OPS_WRITE_HDR_OPT_CB)
7305 return -EPERM;
7306
7307 if (len < 2 || flags)
7308 return -EINVAL;
7309
7310 new_op = from;
7311 new_kind = new_op[0];
7312 new_kind_len = new_op[1];
7313
7314 if (new_kind_len > len || new_kind == TCPOPT_NOP ||
7315 new_kind == TCPOPT_EOL)
7316 return -EINVAL;
7317
7318 if (new_kind_len > bpf_sock->remaining_opt_len)
7319 return -ENOSPC;
7320
7321
7322 if (new_kind == TCPOPT_EXP || new_kind == 253) {
7323 if (new_kind_len < 4)
7324 return -EINVAL;
7325
7326
7327
7328
7329
7330
7331
7332 magic = &new_op[2];
7333 magic_len = 2;
7334 }
7335
7336
7337 skb = bpf_sock->skb;
7338 op = skb->data + sizeof(struct tcphdr);
7339 opend = bpf_sock->skb_data_end;
7340
7341 op = bpf_search_tcp_opt(op, opend, new_kind, magic, magic_len,
7342 &eol);
7343 if (!IS_ERR(op))
7344 return -EEXIST;
7345
7346 if (PTR_ERR(op) != -ENOMSG)
7347 return PTR_ERR(op);
7348
7349 if (eol)
7350
7351
7352
7353 return -ENOSPC;
7354
7355
7356 memcpy(opend, from, new_kind_len);
7357
7358 bpf_sock->remaining_opt_len -= new_kind_len;
7359 bpf_sock->skb_data_end += new_kind_len;
7360
7361 return 0;
7362}
7363
7364static const struct bpf_func_proto bpf_sock_ops_store_hdr_opt_proto = {
7365 .func = bpf_sock_ops_store_hdr_opt,
7366 .gpl_only = false,
7367 .ret_type = RET_INTEGER,
7368 .arg1_type = ARG_PTR_TO_CTX,
7369 .arg2_type = ARG_PTR_TO_MEM | MEM_RDONLY,
7370 .arg3_type = ARG_CONST_SIZE,
7371 .arg4_type = ARG_ANYTHING,
7372};
7373
7374BPF_CALL_3(bpf_sock_ops_reserve_hdr_opt, struct bpf_sock_ops_kern *, bpf_sock,
7375 u32, len, u64, flags)
7376{
7377 if (bpf_sock->op != BPF_SOCK_OPS_HDR_OPT_LEN_CB)
7378 return -EPERM;
7379
7380 if (flags || len < 2)
7381 return -EINVAL;
7382
7383 if (len > bpf_sock->remaining_opt_len)
7384 return -ENOSPC;
7385
7386 bpf_sock->remaining_opt_len -= len;
7387
7388 return 0;
7389}
7390
7391static const struct bpf_func_proto bpf_sock_ops_reserve_hdr_opt_proto = {
7392 .func = bpf_sock_ops_reserve_hdr_opt,
7393 .gpl_only = false,
7394 .ret_type = RET_INTEGER,
7395 .arg1_type = ARG_PTR_TO_CTX,
7396 .arg2_type = ARG_ANYTHING,
7397 .arg3_type = ARG_ANYTHING,
7398};
7399
7400BPF_CALL_3(bpf_skb_set_tstamp, struct sk_buff *, skb,
7401 u64, tstamp, u32, tstamp_type)
7402{
7403
7404 if (skb->protocol != htons(ETH_P_IP) &&
7405 skb->protocol != htons(ETH_P_IPV6))
7406 return -EOPNOTSUPP;
7407
7408 switch (tstamp_type) {
7409 case BPF_SKB_TSTAMP_DELIVERY_MONO:
7410 if (!tstamp)
7411 return -EINVAL;
7412 skb->tstamp = tstamp;
7413 skb->mono_delivery_time = 1;
7414 break;
7415 case BPF_SKB_TSTAMP_UNSPEC:
7416 if (tstamp)
7417 return -EINVAL;
7418 skb->tstamp = 0;
7419 skb->mono_delivery_time = 0;
7420 break;
7421 default:
7422 return -EINVAL;
7423 }
7424
7425 return 0;
7426}
7427
7428static const struct bpf_func_proto bpf_skb_set_tstamp_proto = {
7429 .func = bpf_skb_set_tstamp,
7430 .gpl_only = false,
7431 .ret_type = RET_INTEGER,
7432 .arg1_type = ARG_PTR_TO_CTX,
7433 .arg2_type = ARG_ANYTHING,
7434 .arg3_type = ARG_ANYTHING,
7435};
7436
7437#endif
7438
7439bool bpf_helper_changes_pkt_data(void *func)
7440{
7441 if (func == bpf_skb_vlan_push ||
7442 func == bpf_skb_vlan_pop ||
7443 func == bpf_skb_store_bytes ||
7444 func == bpf_skb_change_proto ||
7445 func == bpf_skb_change_head ||
7446 func == sk_skb_change_head ||
7447 func == bpf_skb_change_tail ||
7448 func == sk_skb_change_tail ||
7449 func == bpf_skb_adjust_room ||
7450 func == sk_skb_adjust_room ||
7451 func == bpf_skb_pull_data ||
7452 func == sk_skb_pull_data ||
7453 func == bpf_clone_redirect ||
7454 func == bpf_l3_csum_replace ||
7455 func == bpf_l4_csum_replace ||
7456 func == bpf_xdp_adjust_head ||
7457 func == bpf_xdp_adjust_meta ||
7458 func == bpf_msg_pull_data ||
7459 func == bpf_msg_push_data ||
7460 func == bpf_msg_pop_data ||
7461 func == bpf_xdp_adjust_tail ||
7462#if IS_ENABLED(CONFIG_IPV6_SEG6_BPF)
7463 func == bpf_lwt_seg6_store_bytes ||
7464 func == bpf_lwt_seg6_adjust_srh ||
7465 func == bpf_lwt_seg6_action ||
7466#endif
7467#ifdef CONFIG_INET
7468 func == bpf_sock_ops_store_hdr_opt ||
7469#endif
7470 func == bpf_lwt_in_push_encap ||
7471 func == bpf_lwt_xmit_push_encap)
7472 return true;
7473
7474 return false;
7475}
7476
7477const struct bpf_func_proto bpf_event_output_data_proto __weak;
7478const struct bpf_func_proto bpf_sk_storage_get_cg_sock_proto __weak;
7479
7480static const struct bpf_func_proto *
7481sock_filter_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog)
7482{
7483 switch (func_id) {
7484
7485
7486
7487 case BPF_FUNC_get_current_uid_gid:
7488 return &bpf_get_current_uid_gid_proto;
7489 case BPF_FUNC_get_local_storage:
7490 return &bpf_get_local_storage_proto;
7491 case BPF_FUNC_get_socket_cookie:
7492 return &bpf_get_socket_cookie_sock_proto;
7493 case BPF_FUNC_get_netns_cookie:
7494 return &bpf_get_netns_cookie_sock_proto;
7495 case BPF_FUNC_perf_event_output:
7496 return &bpf_event_output_data_proto;
7497 case BPF_FUNC_get_current_pid_tgid:
7498 return &bpf_get_current_pid_tgid_proto;
7499 case BPF_FUNC_get_current_comm:
7500 return &bpf_get_current_comm_proto;
7501#ifdef CONFIG_CGROUPS
7502 case BPF_FUNC_get_current_cgroup_id:
7503 return &bpf_get_current_cgroup_id_proto;
7504 case BPF_FUNC_get_current_ancestor_cgroup_id:
7505 return &bpf_get_current_ancestor_cgroup_id_proto;
7506#endif
7507#ifdef CONFIG_CGROUP_NET_CLASSID
7508 case BPF_FUNC_get_cgroup_classid:
7509 return &bpf_get_cgroup_classid_curr_proto;
7510#endif
7511 case BPF_FUNC_sk_storage_get:
7512 return &bpf_sk_storage_get_cg_sock_proto;
7513 case BPF_FUNC_ktime_get_coarse_ns:
7514 return &bpf_ktime_get_coarse_ns_proto;
7515 default:
7516 return bpf_base_func_proto(func_id);
7517 }
7518}
7519
7520static const struct bpf_func_proto *
7521sock_addr_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog)
7522{
7523 switch (func_id) {
7524
7525
7526
7527 case BPF_FUNC_get_current_uid_gid:
7528 return &bpf_get_current_uid_gid_proto;
7529 case BPF_FUNC_bind:
7530 switch (prog->expected_attach_type) {
7531 case BPF_CGROUP_INET4_CONNECT:
7532 case BPF_CGROUP_INET6_CONNECT:
7533 return &bpf_bind_proto;
7534 default:
7535 return NULL;
7536 }
7537 case BPF_FUNC_get_socket_cookie:
7538 return &bpf_get_socket_cookie_sock_addr_proto;
7539 case BPF_FUNC_get_netns_cookie:
7540 return &bpf_get_netns_cookie_sock_addr_proto;
7541 case BPF_FUNC_get_local_storage:
7542 return &bpf_get_local_storage_proto;
7543 case BPF_FUNC_perf_event_output:
7544 return &bpf_event_output_data_proto;
7545 case BPF_FUNC_get_current_pid_tgid:
7546 return &bpf_get_current_pid_tgid_proto;
7547 case BPF_FUNC_get_current_comm:
7548 return &bpf_get_current_comm_proto;
7549#ifdef CONFIG_CGROUPS
7550 case BPF_FUNC_get_current_cgroup_id:
7551 return &bpf_get_current_cgroup_id_proto;
7552 case BPF_FUNC_get_current_ancestor_cgroup_id:
7553 return &bpf_get_current_ancestor_cgroup_id_proto;
7554#endif
7555#ifdef CONFIG_CGROUP_NET_CLASSID
7556 case BPF_FUNC_get_cgroup_classid:
7557 return &bpf_get_cgroup_classid_curr_proto;
7558#endif
7559#ifdef CONFIG_INET
7560 case BPF_FUNC_sk_lookup_tcp:
7561 return &bpf_sock_addr_sk_lookup_tcp_proto;
7562 case BPF_FUNC_sk_lookup_udp:
7563 return &bpf_sock_addr_sk_lookup_udp_proto;
7564 case BPF_FUNC_sk_release:
7565 return &bpf_sk_release_proto;
7566 case BPF_FUNC_skc_lookup_tcp:
7567 return &bpf_sock_addr_skc_lookup_tcp_proto;
7568#endif
7569 case BPF_FUNC_sk_storage_get:
7570 return &bpf_sk_storage_get_proto;
7571 case BPF_FUNC_sk_storage_delete:
7572 return &bpf_sk_storage_delete_proto;
7573 case BPF_FUNC_setsockopt:
7574 switch (prog->expected_attach_type) {
7575 case BPF_CGROUP_INET4_BIND:
7576 case BPF_CGROUP_INET6_BIND:
7577 case BPF_CGROUP_INET4_CONNECT:
7578 case BPF_CGROUP_INET6_CONNECT:
7579 case BPF_CGROUP_UDP4_RECVMSG:
7580 case BPF_CGROUP_UDP6_RECVMSG:
7581 case BPF_CGROUP_UDP4_SENDMSG:
7582 case BPF_CGROUP_UDP6_SENDMSG:
7583 case BPF_CGROUP_INET4_GETPEERNAME:
7584 case BPF_CGROUP_INET6_GETPEERNAME:
7585 case BPF_CGROUP_INET4_GETSOCKNAME:
7586 case BPF_CGROUP_INET6_GETSOCKNAME:
7587 return &bpf_sock_addr_setsockopt_proto;
7588 default:
7589 return NULL;
7590 }
7591 case BPF_FUNC_getsockopt:
7592 switch (prog->expected_attach_type) {
7593 case BPF_CGROUP_INET4_BIND:
7594 case BPF_CGROUP_INET6_BIND:
7595 case BPF_CGROUP_INET4_CONNECT:
7596 case BPF_CGROUP_INET6_CONNECT:
7597 case BPF_CGROUP_UDP4_RECVMSG:
7598 case BPF_CGROUP_UDP6_RECVMSG:
7599 case BPF_CGROUP_UDP4_SENDMSG:
7600 case BPF_CGROUP_UDP6_SENDMSG:
7601 case BPF_CGROUP_INET4_GETPEERNAME:
7602 case BPF_CGROUP_INET6_GETPEERNAME:
7603 case BPF_CGROUP_INET4_GETSOCKNAME:
7604 case BPF_CGROUP_INET6_GETSOCKNAME:
7605 return &bpf_sock_addr_getsockopt_proto;
7606 default:
7607 return NULL;
7608 }
7609 default:
7610 return bpf_sk_base_func_proto(func_id);
7611 }
7612}
7613
7614static const struct bpf_func_proto *
7615sk_filter_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog)
7616{
7617 switch (func_id) {
7618 case BPF_FUNC_skb_load_bytes:
7619 return &bpf_skb_load_bytes_proto;
7620 case BPF_FUNC_skb_load_bytes_relative:
7621 return &bpf_skb_load_bytes_relative_proto;
7622 case BPF_FUNC_get_socket_cookie:
7623 return &bpf_get_socket_cookie_proto;
7624 case BPF_FUNC_get_socket_uid:
7625 return &bpf_get_socket_uid_proto;
7626 case BPF_FUNC_perf_event_output:
7627 return &bpf_skb_event_output_proto;
7628 default:
7629 return bpf_sk_base_func_proto(func_id);
7630 }
7631}
7632
7633const struct bpf_func_proto bpf_sk_storage_get_proto __weak;
7634const struct bpf_func_proto bpf_sk_storage_delete_proto __weak;
7635
7636static const struct bpf_func_proto *
7637cg_skb_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog)
7638{
7639 switch (func_id) {
7640 case BPF_FUNC_get_local_storage:
7641 return &bpf_get_local_storage_proto;
7642 case BPF_FUNC_sk_fullsock:
7643 return &bpf_sk_fullsock_proto;
7644 case BPF_FUNC_sk_storage_get:
7645 return &bpf_sk_storage_get_proto;
7646 case BPF_FUNC_sk_storage_delete:
7647 return &bpf_sk_storage_delete_proto;
7648 case BPF_FUNC_perf_event_output:
7649 return &bpf_skb_event_output_proto;
7650#ifdef CONFIG_SOCK_CGROUP_DATA
7651 case BPF_FUNC_skb_cgroup_id:
7652 return &bpf_skb_cgroup_id_proto;
7653 case BPF_FUNC_skb_ancestor_cgroup_id:
7654 return &bpf_skb_ancestor_cgroup_id_proto;
7655 case BPF_FUNC_sk_cgroup_id:
7656 return &bpf_sk_cgroup_id_proto;
7657 case BPF_FUNC_sk_ancestor_cgroup_id:
7658 return &bpf_sk_ancestor_cgroup_id_proto;
7659#endif
7660#ifdef CONFIG_INET
7661 case BPF_FUNC_sk_lookup_tcp:
7662 return &bpf_sk_lookup_tcp_proto;
7663 case BPF_FUNC_sk_lookup_udp:
7664 return &bpf_sk_lookup_udp_proto;
7665 case BPF_FUNC_sk_release:
7666 return &bpf_sk_release_proto;
7667 case BPF_FUNC_skc_lookup_tcp:
7668 return &bpf_skc_lookup_tcp_proto;
7669 case BPF_FUNC_tcp_sock:
7670 return &bpf_tcp_sock_proto;
7671 case BPF_FUNC_get_listener_sock:
7672 return &bpf_get_listener_sock_proto;
7673 case BPF_FUNC_skb_ecn_set_ce:
7674 return &bpf_skb_ecn_set_ce_proto;
7675#endif
7676 default:
7677 return sk_filter_func_proto(func_id, prog);
7678 }
7679}
7680
7681static const struct bpf_func_proto *
7682tc_cls_act_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog)
7683{
7684 switch (func_id) {
7685 case BPF_FUNC_skb_store_bytes:
7686 return &bpf_skb_store_bytes_proto;
7687 case BPF_FUNC_skb_load_bytes:
7688 return &bpf_skb_load_bytes_proto;
7689 case BPF_FUNC_skb_load_bytes_relative:
7690 return &bpf_skb_load_bytes_relative_proto;
7691 case BPF_FUNC_skb_pull_data:
7692 return &bpf_skb_pull_data_proto;
7693 case BPF_FUNC_csum_diff:
7694 return &bpf_csum_diff_proto;
7695 case BPF_FUNC_csum_update:
7696 return &bpf_csum_update_proto;
7697 case BPF_FUNC_csum_level:
7698 return &bpf_csum_level_proto;
7699 case BPF_FUNC_l3_csum_replace:
7700 return &bpf_l3_csum_replace_proto;
7701 case BPF_FUNC_l4_csum_replace:
7702 return &bpf_l4_csum_replace_proto;
7703 case BPF_FUNC_clone_redirect:
7704 return &bpf_clone_redirect_proto;
7705 case BPF_FUNC_get_cgroup_classid:
7706 return &bpf_get_cgroup_classid_proto;
7707 case BPF_FUNC_skb_vlan_push:
7708 return &bpf_skb_vlan_push_proto;
7709 case BPF_FUNC_skb_vlan_pop:
7710 return &bpf_skb_vlan_pop_proto;
7711 case BPF_FUNC_skb_change_proto:
7712 return &bpf_skb_change_proto_proto;
7713 case BPF_FUNC_skb_change_type:
7714 return &bpf_skb_change_type_proto;
7715 case BPF_FUNC_skb_adjust_room:
7716 return &bpf_skb_adjust_room_proto;
7717 case BPF_FUNC_skb_change_tail:
7718 return &bpf_skb_change_tail_proto;
7719 case BPF_FUNC_skb_change_head:
7720 return &bpf_skb_change_head_proto;
7721 case BPF_FUNC_skb_get_tunnel_key:
7722 return &bpf_skb_get_tunnel_key_proto;
7723 case BPF_FUNC_skb_set_tunnel_key:
7724 return bpf_get_skb_set_tunnel_proto(func_id);
7725 case BPF_FUNC_skb_get_tunnel_opt:
7726 return &bpf_skb_get_tunnel_opt_proto;
7727 case BPF_FUNC_skb_set_tunnel_opt:
7728 return bpf_get_skb_set_tunnel_proto(func_id);
7729 case BPF_FUNC_redirect:
7730 return &bpf_redirect_proto;
7731 case BPF_FUNC_redirect_neigh:
7732 return &bpf_redirect_neigh_proto;
7733 case BPF_FUNC_redirect_peer:
7734 return &bpf_redirect_peer_proto;
7735 case BPF_FUNC_get_route_realm:
7736 return &bpf_get_route_realm_proto;
7737 case BPF_FUNC_get_hash_recalc:
7738 return &bpf_get_hash_recalc_proto;
7739 case BPF_FUNC_set_hash_invalid:
7740 return &bpf_set_hash_invalid_proto;
7741 case BPF_FUNC_set_hash:
7742 return &bpf_set_hash_proto;
7743 case BPF_FUNC_perf_event_output:
7744 return &bpf_skb_event_output_proto;
7745 case BPF_FUNC_get_smp_processor_id:
7746 return &bpf_get_smp_processor_id_proto;
7747 case BPF_FUNC_skb_under_cgroup:
7748 return &bpf_skb_under_cgroup_proto;
7749 case BPF_FUNC_get_socket_cookie:
7750 return &bpf_get_socket_cookie_proto;
7751 case BPF_FUNC_get_socket_uid:
7752 return &bpf_get_socket_uid_proto;
7753 case BPF_FUNC_fib_lookup:
7754 return &bpf_skb_fib_lookup_proto;
7755 case BPF_FUNC_check_mtu:
7756 return &bpf_skb_check_mtu_proto;
7757 case BPF_FUNC_sk_fullsock:
7758 return &bpf_sk_fullsock_proto;
7759 case BPF_FUNC_sk_storage_get:
7760 return &bpf_sk_storage_get_proto;
7761 case BPF_FUNC_sk_storage_delete:
7762 return &bpf_sk_storage_delete_proto;
7763#ifdef CONFIG_XFRM
7764 case BPF_FUNC_skb_get_xfrm_state:
7765 return &bpf_skb_get_xfrm_state_proto;
7766#endif
7767#ifdef CONFIG_CGROUP_NET_CLASSID
7768 case BPF_FUNC_skb_cgroup_classid:
7769 return &bpf_skb_cgroup_classid_proto;
7770#endif
7771#ifdef CONFIG_SOCK_CGROUP_DATA
7772 case BPF_FUNC_skb_cgroup_id:
7773 return &bpf_skb_cgroup_id_proto;
7774 case BPF_FUNC_skb_ancestor_cgroup_id:
7775 return &bpf_skb_ancestor_cgroup_id_proto;
7776#endif
7777#ifdef CONFIG_INET
7778 case BPF_FUNC_sk_lookup_tcp:
7779 return &bpf_sk_lookup_tcp_proto;
7780 case BPF_FUNC_sk_lookup_udp:
7781 return &bpf_sk_lookup_udp_proto;
7782 case BPF_FUNC_sk_release:
7783 return &bpf_sk_release_proto;
7784 case BPF_FUNC_tcp_sock:
7785 return &bpf_tcp_sock_proto;
7786 case BPF_FUNC_get_listener_sock:
7787 return &bpf_get_listener_sock_proto;
7788 case BPF_FUNC_skc_lookup_tcp:
7789 return &bpf_skc_lookup_tcp_proto;
7790 case BPF_FUNC_tcp_check_syncookie:
7791 return &bpf_tcp_check_syncookie_proto;
7792 case BPF_FUNC_skb_ecn_set_ce:
7793 return &bpf_skb_ecn_set_ce_proto;
7794 case BPF_FUNC_tcp_gen_syncookie:
7795 return &bpf_tcp_gen_syncookie_proto;
7796 case BPF_FUNC_sk_assign:
7797 return &bpf_sk_assign_proto;
7798 case BPF_FUNC_skb_set_tstamp:
7799 return &bpf_skb_set_tstamp_proto;
7800#endif
7801 default:
7802 return bpf_sk_base_func_proto(func_id);
7803 }
7804}
7805
7806static const struct bpf_func_proto *
7807xdp_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog)
7808{
7809 switch (func_id) {
7810 case BPF_FUNC_perf_event_output:
7811 return &bpf_xdp_event_output_proto;
7812 case BPF_FUNC_get_smp_processor_id:
7813 return &bpf_get_smp_processor_id_proto;
7814 case BPF_FUNC_csum_diff:
7815 return &bpf_csum_diff_proto;
7816 case BPF_FUNC_xdp_adjust_head:
7817 return &bpf_xdp_adjust_head_proto;
7818 case BPF_FUNC_xdp_adjust_meta:
7819 return &bpf_xdp_adjust_meta_proto;
7820 case BPF_FUNC_redirect:
7821 return &bpf_xdp_redirect_proto;
7822 case BPF_FUNC_redirect_map:
7823 return &bpf_xdp_redirect_map_proto;
7824 case BPF_FUNC_xdp_adjust_tail:
7825 return &bpf_xdp_adjust_tail_proto;
7826 case BPF_FUNC_xdp_get_buff_len:
7827 return &bpf_xdp_get_buff_len_proto;
7828 case BPF_FUNC_xdp_load_bytes:
7829 return &bpf_xdp_load_bytes_proto;
7830 case BPF_FUNC_xdp_store_bytes:
7831 return &bpf_xdp_store_bytes_proto;
7832 case BPF_FUNC_fib_lookup:
7833 return &bpf_xdp_fib_lookup_proto;
7834 case BPF_FUNC_check_mtu:
7835 return &bpf_xdp_check_mtu_proto;
7836#ifdef CONFIG_INET
7837 case BPF_FUNC_sk_lookup_udp:
7838 return &bpf_xdp_sk_lookup_udp_proto;
7839 case BPF_FUNC_sk_lookup_tcp:
7840 return &bpf_xdp_sk_lookup_tcp_proto;
7841 case BPF_FUNC_sk_release:
7842 return &bpf_sk_release_proto;
7843 case BPF_FUNC_skc_lookup_tcp:
7844 return &bpf_xdp_skc_lookup_tcp_proto;
7845 case BPF_FUNC_tcp_check_syncookie:
7846 return &bpf_tcp_check_syncookie_proto;
7847 case BPF_FUNC_tcp_gen_syncookie:
7848 return &bpf_tcp_gen_syncookie_proto;
7849#endif
7850 default:
7851 return bpf_sk_base_func_proto(func_id);
7852 }
7853}
7854
7855const struct bpf_func_proto bpf_sock_map_update_proto __weak;
7856const struct bpf_func_proto bpf_sock_hash_update_proto __weak;
7857
7858static const struct bpf_func_proto *
7859sock_ops_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog)
7860{
7861 switch (func_id) {
7862 case BPF_FUNC_setsockopt:
7863 return &bpf_sock_ops_setsockopt_proto;
7864 case BPF_FUNC_getsockopt:
7865 return &bpf_sock_ops_getsockopt_proto;
7866 case BPF_FUNC_sock_ops_cb_flags_set:
7867 return &bpf_sock_ops_cb_flags_set_proto;
7868 case BPF_FUNC_sock_map_update:
7869 return &bpf_sock_map_update_proto;
7870 case BPF_FUNC_sock_hash_update:
7871 return &bpf_sock_hash_update_proto;
7872 case BPF_FUNC_get_socket_cookie:
7873 return &bpf_get_socket_cookie_sock_ops_proto;
7874 case BPF_FUNC_get_local_storage:
7875 return &bpf_get_local_storage_proto;
7876 case BPF_FUNC_perf_event_output:
7877 return &bpf_event_output_data_proto;
7878 case BPF_FUNC_sk_storage_get:
7879 return &bpf_sk_storage_get_proto;
7880 case BPF_FUNC_sk_storage_delete:
7881 return &bpf_sk_storage_delete_proto;
7882 case BPF_FUNC_get_netns_cookie:
7883 return &bpf_get_netns_cookie_sock_ops_proto;
7884#ifdef CONFIG_INET
7885 case BPF_FUNC_load_hdr_opt:
7886 return &bpf_sock_ops_load_hdr_opt_proto;
7887 case BPF_FUNC_store_hdr_opt:
7888 return &bpf_sock_ops_store_hdr_opt_proto;
7889 case BPF_FUNC_reserve_hdr_opt:
7890 return &bpf_sock_ops_reserve_hdr_opt_proto;
7891 case BPF_FUNC_tcp_sock:
7892 return &bpf_tcp_sock_proto;
7893#endif
7894 default:
7895 return bpf_sk_base_func_proto(func_id);
7896 }
7897}
7898
7899const struct bpf_func_proto bpf_msg_redirect_map_proto __weak;
7900const struct bpf_func_proto bpf_msg_redirect_hash_proto __weak;
7901
7902static const struct bpf_func_proto *
7903sk_msg_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog)
7904{
7905 switch (func_id) {
7906 case BPF_FUNC_msg_redirect_map:
7907 return &bpf_msg_redirect_map_proto;
7908 case BPF_FUNC_msg_redirect_hash:
7909 return &bpf_msg_redirect_hash_proto;
7910 case BPF_FUNC_msg_apply_bytes:
7911 return &bpf_msg_apply_bytes_proto;
7912 case BPF_FUNC_msg_cork_bytes:
7913 return &bpf_msg_cork_bytes_proto;
7914 case BPF_FUNC_msg_pull_data:
7915 return &bpf_msg_pull_data_proto;
7916 case BPF_FUNC_msg_push_data:
7917 return &bpf_msg_push_data_proto;
7918 case BPF_FUNC_msg_pop_data:
7919 return &bpf_msg_pop_data_proto;
7920 case BPF_FUNC_perf_event_output:
7921 return &bpf_event_output_data_proto;
7922 case BPF_FUNC_get_current_uid_gid:
7923 return &bpf_get_current_uid_gid_proto;
7924 case BPF_FUNC_get_current_pid_tgid:
7925 return &bpf_get_current_pid_tgid_proto;
7926 case BPF_FUNC_sk_storage_get:
7927 return &bpf_sk_storage_get_proto;
7928 case BPF_FUNC_sk_storage_delete:
7929 return &bpf_sk_storage_delete_proto;
7930 case BPF_FUNC_get_netns_cookie:
7931 return &bpf_get_netns_cookie_sk_msg_proto;
7932#ifdef CONFIG_CGROUPS
7933 case BPF_FUNC_get_current_cgroup_id:
7934 return &bpf_get_current_cgroup_id_proto;
7935 case BPF_FUNC_get_current_ancestor_cgroup_id:
7936 return &bpf_get_current_ancestor_cgroup_id_proto;
7937#endif
7938#ifdef CONFIG_CGROUP_NET_CLASSID
7939 case BPF_FUNC_get_cgroup_classid:
7940 return &bpf_get_cgroup_classid_curr_proto;
7941#endif
7942 default:
7943 return bpf_sk_base_func_proto(func_id);
7944 }
7945}
7946
7947const struct bpf_func_proto bpf_sk_redirect_map_proto __weak;
7948const struct bpf_func_proto bpf_sk_redirect_hash_proto __weak;
7949
7950static const struct bpf_func_proto *
7951sk_skb_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog)
7952{
7953 switch (func_id) {
7954 case BPF_FUNC_skb_store_bytes:
7955 return &bpf_skb_store_bytes_proto;
7956 case BPF_FUNC_skb_load_bytes:
7957 return &bpf_skb_load_bytes_proto;
7958 case BPF_FUNC_skb_pull_data:
7959 return &sk_skb_pull_data_proto;
7960 case BPF_FUNC_skb_change_tail:
7961 return &sk_skb_change_tail_proto;
7962 case BPF_FUNC_skb_change_head:
7963 return &sk_skb_change_head_proto;
7964 case BPF_FUNC_skb_adjust_room:
7965 return &sk_skb_adjust_room_proto;
7966 case BPF_FUNC_get_socket_cookie:
7967 return &bpf_get_socket_cookie_proto;
7968 case BPF_FUNC_get_socket_uid:
7969 return &bpf_get_socket_uid_proto;
7970 case BPF_FUNC_sk_redirect_map:
7971 return &bpf_sk_redirect_map_proto;
7972 case BPF_FUNC_sk_redirect_hash:
7973 return &bpf_sk_redirect_hash_proto;
7974 case BPF_FUNC_perf_event_output:
7975 return &bpf_skb_event_output_proto;
7976#ifdef CONFIG_INET
7977 case BPF_FUNC_sk_lookup_tcp:
7978 return &bpf_sk_lookup_tcp_proto;
7979 case BPF_FUNC_sk_lookup_udp:
7980 return &bpf_sk_lookup_udp_proto;
7981 case BPF_FUNC_sk_release:
7982 return &bpf_sk_release_proto;
7983 case BPF_FUNC_skc_lookup_tcp:
7984 return &bpf_skc_lookup_tcp_proto;
7985#endif
7986 default:
7987 return bpf_sk_base_func_proto(func_id);
7988 }
7989}
7990
7991static const struct bpf_func_proto *
7992flow_dissector_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog)
7993{
7994 switch (func_id) {
7995 case BPF_FUNC_skb_load_bytes:
7996 return &bpf_flow_dissector_load_bytes_proto;
7997 default:
7998 return bpf_sk_base_func_proto(func_id);
7999 }
8000}
8001
8002static const struct bpf_func_proto *
8003lwt_out_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog)
8004{
8005 switch (func_id) {
8006 case BPF_FUNC_skb_load_bytes:
8007 return &bpf_skb_load_bytes_proto;
8008 case BPF_FUNC_skb_pull_data:
8009 return &bpf_skb_pull_data_proto;
8010 case BPF_FUNC_csum_diff:
8011 return &bpf_csum_diff_proto;
8012 case BPF_FUNC_get_cgroup_classid:
8013 return &bpf_get_cgroup_classid_proto;
8014 case BPF_FUNC_get_route_realm:
8015 return &bpf_get_route_realm_proto;
8016 case BPF_FUNC_get_hash_recalc:
8017 return &bpf_get_hash_recalc_proto;
8018 case BPF_FUNC_perf_event_output:
8019 return &bpf_skb_event_output_proto;
8020 case BPF_FUNC_get_smp_processor_id:
8021 return &bpf_get_smp_processor_id_proto;
8022 case BPF_FUNC_skb_under_cgroup:
8023 return &bpf_skb_under_cgroup_proto;
8024 default:
8025 return bpf_sk_base_func_proto(func_id);
8026 }
8027}
8028
8029static const struct bpf_func_proto *
8030lwt_in_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog)
8031{
8032 switch (func_id) {
8033 case BPF_FUNC_lwt_push_encap:
8034 return &bpf_lwt_in_push_encap_proto;
8035 default:
8036 return lwt_out_func_proto(func_id, prog);
8037 }
8038}
8039
8040static const struct bpf_func_proto *
8041lwt_xmit_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog)
8042{
8043 switch (func_id) {
8044 case BPF_FUNC_skb_get_tunnel_key:
8045 return &bpf_skb_get_tunnel_key_proto;
8046 case BPF_FUNC_skb_set_tunnel_key:
8047 return bpf_get_skb_set_tunnel_proto(func_id);
8048 case BPF_FUNC_skb_get_tunnel_opt:
8049 return &bpf_skb_get_tunnel_opt_proto;
8050 case BPF_FUNC_skb_set_tunnel_opt:
8051 return bpf_get_skb_set_tunnel_proto(func_id);
8052 case BPF_FUNC_redirect:
8053 return &bpf_redirect_proto;
8054 case BPF_FUNC_clone_redirect:
8055 return &bpf_clone_redirect_proto;
8056 case BPF_FUNC_skb_change_tail:
8057 return &bpf_skb_change_tail_proto;
8058 case BPF_FUNC_skb_change_head:
8059 return &bpf_skb_change_head_proto;
8060 case BPF_FUNC_skb_store_bytes:
8061 return &bpf_skb_store_bytes_proto;
8062 case BPF_FUNC_csum_update:
8063 return &bpf_csum_update_proto;
8064 case BPF_FUNC_csum_level:
8065 return &bpf_csum_level_proto;
8066 case BPF_FUNC_l3_csum_replace:
8067 return &bpf_l3_csum_replace_proto;
8068 case BPF_FUNC_l4_csum_replace:
8069 return &bpf_l4_csum_replace_proto;
8070 case BPF_FUNC_set_hash_invalid:
8071 return &bpf_set_hash_invalid_proto;
8072 case BPF_FUNC_lwt_push_encap:
8073 return &bpf_lwt_xmit_push_encap_proto;
8074 default:
8075 return lwt_out_func_proto(func_id, prog);
8076 }
8077}
8078
8079static const struct bpf_func_proto *
8080lwt_seg6local_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog)
8081{
8082 switch (func_id) {
8083#if IS_ENABLED(CONFIG_IPV6_SEG6_BPF)
8084 case BPF_FUNC_lwt_seg6_store_bytes:
8085 return &bpf_lwt_seg6_store_bytes_proto;
8086 case BPF_FUNC_lwt_seg6_action:
8087 return &bpf_lwt_seg6_action_proto;
8088 case BPF_FUNC_lwt_seg6_adjust_srh:
8089 return &bpf_lwt_seg6_adjust_srh_proto;
8090#endif
8091 default:
8092 return lwt_out_func_proto(func_id, prog);
8093 }
8094}
8095
8096static bool bpf_skb_is_valid_access(int off, int size, enum bpf_access_type type,
8097 const struct bpf_prog *prog,
8098 struct bpf_insn_access_aux *info)
8099{
8100 const int size_default = sizeof(__u32);
8101
8102 if (off < 0 || off >= sizeof(struct __sk_buff))
8103 return false;
8104
8105
8106 if (off % size != 0)
8107 return false;
8108
8109 switch (off) {
8110 case bpf_ctx_range_till(struct __sk_buff, cb[0], cb[4]):
8111 if (off + size > offsetofend(struct __sk_buff, cb[4]))
8112 return false;
8113 break;
8114 case bpf_ctx_range_till(struct __sk_buff, remote_ip6[0], remote_ip6[3]):
8115 case bpf_ctx_range_till(struct __sk_buff, local_ip6[0], local_ip6[3]):
8116 case bpf_ctx_range_till(struct __sk_buff, remote_ip4, remote_ip4):
8117 case bpf_ctx_range_till(struct __sk_buff, local_ip4, local_ip4):
8118 case bpf_ctx_range(struct __sk_buff, data):
8119 case bpf_ctx_range(struct __sk_buff, data_meta):
8120 case bpf_ctx_range(struct __sk_buff, data_end):
8121 if (size != size_default)
8122 return false;
8123 break;
8124 case bpf_ctx_range_ptr(struct __sk_buff, flow_keys):
8125 return false;
8126 case bpf_ctx_range(struct __sk_buff, hwtstamp):
8127 if (type == BPF_WRITE || size != sizeof(__u64))
8128 return false;
8129 break;
8130 case bpf_ctx_range(struct __sk_buff, tstamp):
8131 if (size != sizeof(__u64))
8132 return false;
8133 break;
8134 case offsetof(struct __sk_buff, sk):
8135 if (type == BPF_WRITE || size != sizeof(__u64))
8136 return false;
8137 info->reg_type = PTR_TO_SOCK_COMMON_OR_NULL;
8138 break;
8139 case offsetof(struct __sk_buff, tstamp_type):
8140 return false;
8141 case offsetofend(struct __sk_buff, tstamp_type) ... offsetof(struct __sk_buff, hwtstamp) - 1:
8142
8143 return false;
8144 default:
8145
8146 if (type == BPF_WRITE) {
8147 if (size != size_default)
8148 return false;
8149 } else {
8150 bpf_ctx_record_field_size(info, size_default);
8151 if (!bpf_ctx_narrow_access_ok(off, size, size_default))
8152 return false;
8153 }
8154 }
8155
8156 return true;
8157}
8158
8159static bool sk_filter_is_valid_access(int off, int size,
8160 enum bpf_access_type type,
8161 const struct bpf_prog *prog,
8162 struct bpf_insn_access_aux *info)
8163{
8164 switch (off) {
8165 case bpf_ctx_range(struct __sk_buff, tc_classid):
8166 case bpf_ctx_range(struct __sk_buff, data):
8167 case bpf_ctx_range(struct __sk_buff, data_meta):
8168 case bpf_ctx_range(struct __sk_buff, data_end):
8169 case bpf_ctx_range_till(struct __sk_buff, family, local_port):
8170 case bpf_ctx_range(struct __sk_buff, tstamp):
8171 case bpf_ctx_range(struct __sk_buff, wire_len):
8172 case bpf_ctx_range(struct __sk_buff, hwtstamp):
8173 return false;
8174 }
8175
8176 if (type == BPF_WRITE) {
8177 switch (off) {
8178 case bpf_ctx_range_till(struct __sk_buff, cb[0], cb[4]):
8179 break;
8180 default:
8181 return false;
8182 }
8183 }
8184
8185 return bpf_skb_is_valid_access(off, size, type, prog, info);
8186}
8187
8188static bool cg_skb_is_valid_access(int off, int size,
8189 enum bpf_access_type type,
8190 const struct bpf_prog *prog,
8191 struct bpf_insn_access_aux *info)
8192{
8193 switch (off) {
8194 case bpf_ctx_range(struct __sk_buff, tc_classid):
8195 case bpf_ctx_range(struct __sk_buff, data_meta):
8196 case bpf_ctx_range(struct __sk_buff, wire_len):
8197 return false;
8198 case bpf_ctx_range(struct __sk_buff, data):
8199 case bpf_ctx_range(struct __sk_buff, data_end):
8200 if (!bpf_capable())
8201 return false;
8202 break;
8203 }
8204
8205 if (type == BPF_WRITE) {
8206 switch (off) {
8207 case bpf_ctx_range(struct __sk_buff, mark):
8208 case bpf_ctx_range(struct __sk_buff, priority):
8209 case bpf_ctx_range_till(struct __sk_buff, cb[0], cb[4]):
8210 break;
8211 case bpf_ctx_range(struct __sk_buff, tstamp):
8212 if (!bpf_capable())
8213 return false;
8214 break;
8215 default:
8216 return false;
8217 }
8218 }
8219
8220 switch (off) {
8221 case bpf_ctx_range(struct __sk_buff, data):
8222 info->reg_type = PTR_TO_PACKET;
8223 break;
8224 case bpf_ctx_range(struct __sk_buff, data_end):
8225 info->reg_type = PTR_TO_PACKET_END;
8226 break;
8227 }
8228
8229 return bpf_skb_is_valid_access(off, size, type, prog, info);
8230}
8231
8232static bool lwt_is_valid_access(int off, int size,
8233 enum bpf_access_type type,
8234 const struct bpf_prog *prog,
8235 struct bpf_insn_access_aux *info)
8236{
8237 switch (off) {
8238 case bpf_ctx_range(struct __sk_buff, tc_classid):
8239 case bpf_ctx_range_till(struct __sk_buff, family, local_port):
8240 case bpf_ctx_range(struct __sk_buff, data_meta):
8241 case bpf_ctx_range(struct __sk_buff, tstamp):
8242 case bpf_ctx_range(struct __sk_buff, wire_len):
8243 case bpf_ctx_range(struct __sk_buff, hwtstamp):
8244 return false;
8245 }
8246
8247 if (type == BPF_WRITE) {
8248 switch (off) {
8249 case bpf_ctx_range(struct __sk_buff, mark):
8250 case bpf_ctx_range(struct __sk_buff, priority):
8251 case bpf_ctx_range_till(struct __sk_buff, cb[0], cb[4]):
8252 break;
8253 default:
8254 return false;
8255 }
8256 }
8257
8258 switch (off) {
8259 case bpf_ctx_range(struct __sk_buff, data):
8260 info->reg_type = PTR_TO_PACKET;
8261 break;
8262 case bpf_ctx_range(struct __sk_buff, data_end):
8263 info->reg_type = PTR_TO_PACKET_END;
8264 break;
8265 }
8266
8267 return bpf_skb_is_valid_access(off, size, type, prog, info);
8268}
8269
8270
8271static bool __sock_filter_check_attach_type(int off,
8272 enum bpf_access_type access_type,
8273 enum bpf_attach_type attach_type)
8274{
8275 switch (off) {
8276 case offsetof(struct bpf_sock, bound_dev_if):
8277 case offsetof(struct bpf_sock, mark):
8278 case offsetof(struct bpf_sock, priority):
8279 switch (attach_type) {
8280 case BPF_CGROUP_INET_SOCK_CREATE:
8281 case BPF_CGROUP_INET_SOCK_RELEASE:
8282 goto full_access;
8283 default:
8284 return false;
8285 }
8286 case bpf_ctx_range(struct bpf_sock, src_ip4):
8287 switch (attach_type) {
8288 case BPF_CGROUP_INET4_POST_BIND:
8289 goto read_only;
8290 default:
8291 return false;
8292 }
8293 case bpf_ctx_range_till(struct bpf_sock, src_ip6[0], src_ip6[3]):
8294 switch (attach_type) {
8295 case BPF_CGROUP_INET6_POST_BIND:
8296 goto read_only;
8297 default:
8298 return false;
8299 }
8300 case bpf_ctx_range(struct bpf_sock, src_port):
8301 switch (attach_type) {
8302 case BPF_CGROUP_INET4_POST_BIND:
8303 case BPF_CGROUP_INET6_POST_BIND:
8304 goto read_only;
8305 default:
8306 return false;
8307 }
8308 }
8309read_only:
8310 return access_type == BPF_READ;
8311full_access:
8312 return true;
8313}
8314
8315bool bpf_sock_common_is_valid_access(int off, int size,
8316 enum bpf_access_type type,
8317 struct bpf_insn_access_aux *info)
8318{
8319 switch (off) {
8320 case bpf_ctx_range_till(struct bpf_sock, type, priority):
8321 return false;
8322 default:
8323 return bpf_sock_is_valid_access(off, size, type, info);
8324 }
8325}
8326
8327bool bpf_sock_is_valid_access(int off, int size, enum bpf_access_type type,
8328 struct bpf_insn_access_aux *info)
8329{
8330 const int size_default = sizeof(__u32);
8331 int field_size;
8332
8333 if (off < 0 || off >= sizeof(struct bpf_sock))
8334 return false;
8335 if (off % size != 0)
8336 return false;
8337
8338 switch (off) {
8339 case offsetof(struct bpf_sock, state):
8340 case offsetof(struct bpf_sock, family):
8341 case offsetof(struct bpf_sock, type):
8342 case offsetof(struct bpf_sock, protocol):
8343 case offsetof(struct bpf_sock, src_port):
8344 case offsetof(struct bpf_sock, rx_queue_mapping):
8345 case bpf_ctx_range(struct bpf_sock, src_ip4):
8346 case bpf_ctx_range_till(struct bpf_sock, src_ip6[0], src_ip6[3]):
8347 case bpf_ctx_range(struct bpf_sock, dst_ip4):
8348 case bpf_ctx_range_till(struct bpf_sock, dst_ip6[0], dst_ip6[3]):
8349 bpf_ctx_record_field_size(info, size_default);
8350 return bpf_ctx_narrow_access_ok(off, size, size_default);
8351 case bpf_ctx_range(struct bpf_sock, dst_port):
8352 field_size = size == size_default ?
8353 size_default : sizeof_field(struct bpf_sock, dst_port);
8354 bpf_ctx_record_field_size(info, field_size);
8355 return bpf_ctx_narrow_access_ok(off, size, field_size);
8356 case offsetofend(struct bpf_sock, dst_port) ...
8357 offsetof(struct bpf_sock, dst_ip4) - 1:
8358 return false;
8359 }
8360
8361 return size == size_default;
8362}
8363
8364static bool sock_filter_is_valid_access(int off, int size,
8365 enum bpf_access_type type,
8366 const struct bpf_prog *prog,
8367 struct bpf_insn_access_aux *info)
8368{
8369 if (!bpf_sock_is_valid_access(off, size, type, info))
8370 return false;
8371 return __sock_filter_check_attach_type(off, type,
8372 prog->expected_attach_type);
8373}
8374
8375static int bpf_noop_prologue(struct bpf_insn *insn_buf, bool direct_write,
8376 const struct bpf_prog *prog)
8377{
8378
8379
8380
8381 return 0;
8382}
8383
8384static int bpf_unclone_prologue(struct bpf_insn *insn_buf, bool direct_write,
8385 const struct bpf_prog *prog, int drop_verdict)
8386{
8387 struct bpf_insn *insn = insn_buf;
8388
8389 if (!direct_write)
8390 return 0;
8391
8392
8393
8394
8395
8396
8397
8398 *insn++ = BPF_LDX_MEM(BPF_B, BPF_REG_6, BPF_REG_1, CLONED_OFFSET);
8399 *insn++ = BPF_ALU32_IMM(BPF_AND, BPF_REG_6, CLONED_MASK);
8400 *insn++ = BPF_JMP_IMM(BPF_JEQ, BPF_REG_6, 0, 7);
8401
8402
8403 *insn++ = BPF_MOV64_REG(BPF_REG_6, BPF_REG_1);
8404 *insn++ = BPF_ALU64_REG(BPF_XOR, BPF_REG_2, BPF_REG_2);
8405 *insn++ = BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0,
8406 BPF_FUNC_skb_pull_data);
8407
8408
8409
8410
8411 *insn++ = BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 2);
8412 *insn++ = BPF_ALU32_IMM(BPF_MOV, BPF_REG_0, drop_verdict);
8413 *insn++ = BPF_EXIT_INSN();
8414
8415
8416 *insn++ = BPF_MOV64_REG(BPF_REG_1, BPF_REG_6);
8417
8418 *insn++ = prog->insnsi[0];
8419
8420 return insn - insn_buf;
8421}
8422
8423static int bpf_gen_ld_abs(const struct bpf_insn *orig,
8424 struct bpf_insn *insn_buf)
8425{
8426 bool indirect = BPF_MODE(orig->code) == BPF_IND;
8427 struct bpf_insn *insn = insn_buf;
8428
8429 if (!indirect) {
8430 *insn++ = BPF_MOV64_IMM(BPF_REG_2, orig->imm);
8431 } else {
8432 *insn++ = BPF_MOV64_REG(BPF_REG_2, orig->src_reg);
8433 if (orig->imm)
8434 *insn++ = BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, orig->imm);
8435 }
8436
8437 *insn++ = BPF_MOV64_REG(BPF_REG_1, BPF_REG_CTX);
8438
8439 switch (BPF_SIZE(orig->code)) {
8440 case BPF_B:
8441 *insn++ = BPF_EMIT_CALL(bpf_skb_load_helper_8_no_cache);
8442 break;
8443 case BPF_H:
8444 *insn++ = BPF_EMIT_CALL(bpf_skb_load_helper_16_no_cache);
8445 break;
8446 case BPF_W:
8447 *insn++ = BPF_EMIT_CALL(bpf_skb_load_helper_32_no_cache);
8448 break;
8449 }
8450
8451 *insn++ = BPF_JMP_IMM(BPF_JSGE, BPF_REG_0, 0, 2);
8452 *insn++ = BPF_ALU32_REG(BPF_XOR, BPF_REG_0, BPF_REG_0);
8453 *insn++ = BPF_EXIT_INSN();
8454
8455 return insn - insn_buf;
8456}
8457
8458static int tc_cls_act_prologue(struct bpf_insn *insn_buf, bool direct_write,
8459 const struct bpf_prog *prog)
8460{
8461 return bpf_unclone_prologue(insn_buf, direct_write, prog, TC_ACT_SHOT);
8462}
8463
8464static bool tc_cls_act_is_valid_access(int off, int size,
8465 enum bpf_access_type type,
8466 const struct bpf_prog *prog,
8467 struct bpf_insn_access_aux *info)
8468{
8469 if (type == BPF_WRITE) {
8470 switch (off) {
8471 case bpf_ctx_range(struct __sk_buff, mark):
8472 case bpf_ctx_range(struct __sk_buff, tc_index):
8473 case bpf_ctx_range(struct __sk_buff, priority):
8474 case bpf_ctx_range(struct __sk_buff, tc_classid):
8475 case bpf_ctx_range_till(struct __sk_buff, cb[0], cb[4]):
8476 case bpf_ctx_range(struct __sk_buff, tstamp):
8477 case bpf_ctx_range(struct __sk_buff, queue_mapping):
8478 break;
8479 default:
8480 return false;
8481 }
8482 }
8483
8484 switch (off) {
8485 case bpf_ctx_range(struct __sk_buff, data):
8486 info->reg_type = PTR_TO_PACKET;
8487 break;
8488 case bpf_ctx_range(struct __sk_buff, data_meta):
8489 info->reg_type = PTR_TO_PACKET_META;
8490 break;
8491 case bpf_ctx_range(struct __sk_buff, data_end):
8492 info->reg_type = PTR_TO_PACKET_END;
8493 break;
8494 case bpf_ctx_range_till(struct __sk_buff, family, local_port):
8495 return false;
8496 case offsetof(struct __sk_buff, tstamp_type):
8497
8498
8499
8500
8501
8502
8503 ((struct bpf_prog *)prog)->tstamp_type_access = 1;
8504 return size == sizeof(__u8);
8505 }
8506
8507 return bpf_skb_is_valid_access(off, size, type, prog, info);
8508}
8509
8510static bool __is_valid_xdp_access(int off, int size)
8511{
8512 if (off < 0 || off >= sizeof(struct xdp_md))
8513 return false;
8514 if (off % size != 0)
8515 return false;
8516 if (size != sizeof(__u32))
8517 return false;
8518
8519 return true;
8520}
8521
8522static bool xdp_is_valid_access(int off, int size,
8523 enum bpf_access_type type,
8524 const struct bpf_prog *prog,
8525 struct bpf_insn_access_aux *info)
8526{
8527 if (prog->expected_attach_type != BPF_XDP_DEVMAP) {
8528 switch (off) {
8529 case offsetof(struct xdp_md, egress_ifindex):
8530 return false;
8531 }
8532 }
8533
8534 if (type == BPF_WRITE) {
8535 if (bpf_prog_is_dev_bound(prog->aux)) {
8536 switch (off) {
8537 case offsetof(struct xdp_md, rx_queue_index):
8538 return __is_valid_xdp_access(off, size);
8539 }
8540 }
8541 return false;
8542 }
8543
8544 switch (off) {
8545 case offsetof(struct xdp_md, data):
8546 info->reg_type = PTR_TO_PACKET;
8547 break;
8548 case offsetof(struct xdp_md, data_meta):
8549 info->reg_type = PTR_TO_PACKET_META;
8550 break;
8551 case offsetof(struct xdp_md, data_end):
8552 info->reg_type = PTR_TO_PACKET_END;
8553 break;
8554 }
8555
8556 return __is_valid_xdp_access(off, size);
8557}
8558
8559void bpf_warn_invalid_xdp_action(struct net_device *dev, struct bpf_prog *prog, u32 act)
8560{
8561 const u32 act_max = XDP_REDIRECT;
8562
8563 pr_warn_once("%s XDP return value %u on prog %s (id %d) dev %s, expect packet loss!\n",
8564 act > act_max ? "Illegal" : "Driver unsupported",
8565 act, prog->aux->name, prog->aux->id, dev ? dev->name : "N/A");
8566}
8567EXPORT_SYMBOL_GPL(bpf_warn_invalid_xdp_action);
8568
8569static bool sock_addr_is_valid_access(int off, int size,
8570 enum bpf_access_type type,
8571 const struct bpf_prog *prog,
8572 struct bpf_insn_access_aux *info)
8573{
8574 const int size_default = sizeof(__u32);
8575
8576 if (off < 0 || off >= sizeof(struct bpf_sock_addr))
8577 return false;
8578 if (off % size != 0)
8579 return false;
8580
8581
8582
8583
8584 switch (off) {
8585 case bpf_ctx_range(struct bpf_sock_addr, user_ip4):
8586 switch (prog->expected_attach_type) {
8587 case BPF_CGROUP_INET4_BIND:
8588 case BPF_CGROUP_INET4_CONNECT:
8589 case BPF_CGROUP_INET4_GETPEERNAME:
8590 case BPF_CGROUP_INET4_GETSOCKNAME:
8591 case BPF_CGROUP_UDP4_SENDMSG:
8592 case BPF_CGROUP_UDP4_RECVMSG:
8593 break;
8594 default:
8595 return false;
8596 }
8597 break;
8598 case bpf_ctx_range_till(struct bpf_sock_addr, user_ip6[0], user_ip6[3]):
8599 switch (prog->expected_attach_type) {
8600 case BPF_CGROUP_INET6_BIND:
8601 case BPF_CGROUP_INET6_CONNECT:
8602 case BPF_CGROUP_INET6_GETPEERNAME:
8603 case BPF_CGROUP_INET6_GETSOCKNAME:
8604 case BPF_CGROUP_UDP6_SENDMSG:
8605 case BPF_CGROUP_UDP6_RECVMSG:
8606 break;
8607 default:
8608 return false;
8609 }
8610 break;
8611 case bpf_ctx_range(struct bpf_sock_addr, msg_src_ip4):
8612 switch (prog->expected_attach_type) {
8613 case BPF_CGROUP_UDP4_SENDMSG:
8614 break;
8615 default:
8616 return false;
8617 }
8618 break;
8619 case bpf_ctx_range_till(struct bpf_sock_addr, msg_src_ip6[0],
8620 msg_src_ip6[3]):
8621 switch (prog->expected_attach_type) {
8622 case BPF_CGROUP_UDP6_SENDMSG:
8623 break;
8624 default:
8625 return false;
8626 }
8627 break;
8628 }
8629
8630 switch (off) {
8631 case bpf_ctx_range(struct bpf_sock_addr, user_ip4):
8632 case bpf_ctx_range_till(struct bpf_sock_addr, user_ip6[0], user_ip6[3]):
8633 case bpf_ctx_range(struct bpf_sock_addr, msg_src_ip4):
8634 case bpf_ctx_range_till(struct bpf_sock_addr, msg_src_ip6[0],
8635 msg_src_ip6[3]):
8636 case bpf_ctx_range(struct bpf_sock_addr, user_port):
8637 if (type == BPF_READ) {
8638 bpf_ctx_record_field_size(info, size_default);
8639
8640 if (bpf_ctx_wide_access_ok(off, size,
8641 struct bpf_sock_addr,
8642 user_ip6))
8643 return true;
8644
8645 if (bpf_ctx_wide_access_ok(off, size,
8646 struct bpf_sock_addr,
8647 msg_src_ip6))
8648 return true;
8649
8650 if (!bpf_ctx_narrow_access_ok(off, size, size_default))
8651 return false;
8652 } else {
8653 if (bpf_ctx_wide_access_ok(off, size,
8654 struct bpf_sock_addr,
8655 user_ip6))
8656 return true;
8657
8658 if (bpf_ctx_wide_access_ok(off, size,
8659 struct bpf_sock_addr,
8660 msg_src_ip6))
8661 return true;
8662
8663 if (size != size_default)
8664 return false;
8665 }
8666 break;
8667 case offsetof(struct bpf_sock_addr, sk):
8668 if (type != BPF_READ)
8669 return false;
8670 if (size != sizeof(__u64))
8671 return false;
8672 info->reg_type = PTR_TO_SOCKET;
8673 break;
8674 default:
8675 if (type == BPF_READ) {
8676 if (size != size_default)
8677 return false;
8678 } else {
8679 return false;
8680 }
8681 }
8682
8683 return true;
8684}
8685
8686static bool sock_ops_is_valid_access(int off, int size,
8687 enum bpf_access_type type,
8688 const struct bpf_prog *prog,
8689 struct bpf_insn_access_aux *info)
8690{
8691 const int size_default = sizeof(__u32);
8692
8693 if (off < 0 || off >= sizeof(struct bpf_sock_ops))
8694 return false;
8695
8696
8697 if (off % size != 0)
8698 return false;
8699
8700 if (type == BPF_WRITE) {
8701 switch (off) {
8702 case offsetof(struct bpf_sock_ops, reply):
8703 case offsetof(struct bpf_sock_ops, sk_txhash):
8704 if (size != size_default)
8705 return false;
8706 break;
8707 default:
8708 return false;
8709 }
8710 } else {
8711 switch (off) {
8712 case bpf_ctx_range_till(struct bpf_sock_ops, bytes_received,
8713 bytes_acked):
8714 if (size != sizeof(__u64))
8715 return false;
8716 break;
8717 case offsetof(struct bpf_sock_ops, sk):
8718 if (size != sizeof(__u64))
8719 return false;
8720 info->reg_type = PTR_TO_SOCKET_OR_NULL;
8721 break;
8722 case offsetof(struct bpf_sock_ops, skb_data):
8723 if (size != sizeof(__u64))
8724 return false;
8725 info->reg_type = PTR_TO_PACKET;
8726 break;
8727 case offsetof(struct bpf_sock_ops, skb_data_end):
8728 if (size != sizeof(__u64))
8729 return false;
8730 info->reg_type = PTR_TO_PACKET_END;
8731 break;
8732 case offsetof(struct bpf_sock_ops, skb_tcp_flags):
8733 bpf_ctx_record_field_size(info, size_default);
8734 return bpf_ctx_narrow_access_ok(off, size,
8735 size_default);
8736 default:
8737 if (size != size_default)
8738 return false;
8739 break;
8740 }
8741 }
8742
8743 return true;
8744}
8745
8746static int sk_skb_prologue(struct bpf_insn *insn_buf, bool direct_write,
8747 const struct bpf_prog *prog)
8748{
8749 return bpf_unclone_prologue(insn_buf, direct_write, prog, SK_DROP);
8750}
8751
8752static bool sk_skb_is_valid_access(int off, int size,
8753 enum bpf_access_type type,
8754 const struct bpf_prog *prog,
8755 struct bpf_insn_access_aux *info)
8756{
8757 switch (off) {
8758 case bpf_ctx_range(struct __sk_buff, tc_classid):
8759 case bpf_ctx_range(struct __sk_buff, data_meta):
8760 case bpf_ctx_range(struct __sk_buff, tstamp):
8761 case bpf_ctx_range(struct __sk_buff, wire_len):
8762 case bpf_ctx_range(struct __sk_buff, hwtstamp):
8763 return false;
8764 }
8765
8766 if (type == BPF_WRITE) {
8767 switch (off) {
8768 case bpf_ctx_range(struct __sk_buff, tc_index):
8769 case bpf_ctx_range(struct __sk_buff, priority):
8770 break;
8771 default:
8772 return false;
8773 }
8774 }
8775
8776 switch (off) {
8777 case bpf_ctx_range(struct __sk_buff, mark):
8778 return false;
8779 case bpf_ctx_range(struct __sk_buff, data):
8780 info->reg_type = PTR_TO_PACKET;
8781 break;
8782 case bpf_ctx_range(struct __sk_buff, data_end):
8783 info->reg_type = PTR_TO_PACKET_END;
8784 break;
8785 }
8786
8787 return bpf_skb_is_valid_access(off, size, type, prog, info);
8788}
8789
8790static bool sk_msg_is_valid_access(int off, int size,
8791 enum bpf_access_type type,
8792 const struct bpf_prog *prog,
8793 struct bpf_insn_access_aux *info)
8794{
8795 if (type == BPF_WRITE)
8796 return false;
8797
8798 if (off % size != 0)
8799 return false;
8800
8801 switch (off) {
8802 case offsetof(struct sk_msg_md, data):
8803 info->reg_type = PTR_TO_PACKET;
8804 if (size != sizeof(__u64))
8805 return false;
8806 break;
8807 case offsetof(struct sk_msg_md, data_end):
8808 info->reg_type = PTR_TO_PACKET_END;
8809 if (size != sizeof(__u64))
8810 return false;
8811 break;
8812 case offsetof(struct sk_msg_md, sk):
8813 if (size != sizeof(__u64))
8814 return false;
8815 info->reg_type = PTR_TO_SOCKET;
8816 break;
8817 case bpf_ctx_range(struct sk_msg_md, family):
8818 case bpf_ctx_range(struct sk_msg_md, remote_ip4):
8819 case bpf_ctx_range(struct sk_msg_md, local_ip4):
8820 case bpf_ctx_range_till(struct sk_msg_md, remote_ip6[0], remote_ip6[3]):
8821 case bpf_ctx_range_till(struct sk_msg_md, local_ip6[0], local_ip6[3]):
8822 case bpf_ctx_range(struct sk_msg_md, remote_port):
8823 case bpf_ctx_range(struct sk_msg_md, local_port):
8824 case bpf_ctx_range(struct sk_msg_md, size):
8825 if (size != sizeof(__u32))
8826 return false;
8827 break;
8828 default:
8829 return false;
8830 }
8831 return true;
8832}
8833
8834static bool flow_dissector_is_valid_access(int off, int size,
8835 enum bpf_access_type type,
8836 const struct bpf_prog *prog,
8837 struct bpf_insn_access_aux *info)
8838{
8839 const int size_default = sizeof(__u32);
8840
8841 if (off < 0 || off >= sizeof(struct __sk_buff))
8842 return false;
8843
8844 if (type == BPF_WRITE)
8845 return false;
8846
8847 switch (off) {
8848 case bpf_ctx_range(struct __sk_buff, data):
8849 if (size != size_default)
8850 return false;
8851 info->reg_type = PTR_TO_PACKET;
8852 return true;
8853 case bpf_ctx_range(struct __sk_buff, data_end):
8854 if (size != size_default)
8855 return false;
8856 info->reg_type = PTR_TO_PACKET_END;
8857 return true;
8858 case bpf_ctx_range_ptr(struct __sk_buff, flow_keys):
8859 if (size != sizeof(__u64))
8860 return false;
8861 info->reg_type = PTR_TO_FLOW_KEYS;
8862 return true;
8863 default:
8864 return false;
8865 }
8866}
8867
8868static u32 flow_dissector_convert_ctx_access(enum bpf_access_type type,
8869 const struct bpf_insn *si,
8870 struct bpf_insn *insn_buf,
8871 struct bpf_prog *prog,
8872 u32 *target_size)
8873
8874{
8875 struct bpf_insn *insn = insn_buf;
8876
8877 switch (si->off) {
8878 case offsetof(struct __sk_buff, data):
8879 *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct bpf_flow_dissector, data),
8880 si->dst_reg, si->src_reg,
8881 offsetof(struct bpf_flow_dissector, data));
8882 break;
8883
8884 case offsetof(struct __sk_buff, data_end):
8885 *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct bpf_flow_dissector, data_end),
8886 si->dst_reg, si->src_reg,
8887 offsetof(struct bpf_flow_dissector, data_end));
8888 break;
8889
8890 case offsetof(struct __sk_buff, flow_keys):
8891 *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct bpf_flow_dissector, flow_keys),
8892 si->dst_reg, si->src_reg,
8893 offsetof(struct bpf_flow_dissector, flow_keys));
8894 break;
8895 }
8896
8897 return insn - insn_buf;
8898}
8899
8900static struct bpf_insn *bpf_convert_tstamp_type_read(const struct bpf_insn *si,
8901 struct bpf_insn *insn)
8902{
8903 __u8 value_reg = si->dst_reg;
8904 __u8 skb_reg = si->src_reg;
8905
8906 __u8 tmp_reg = BPF_REG_AX;
8907
8908 *insn++ = BPF_LDX_MEM(BPF_B, tmp_reg, skb_reg,
8909 PKT_VLAN_PRESENT_OFFSET);
8910 *insn++ = BPF_JMP32_IMM(BPF_JSET, tmp_reg,
8911 SKB_MONO_DELIVERY_TIME_MASK, 2);
8912 *insn++ = BPF_MOV32_IMM(value_reg, BPF_SKB_TSTAMP_UNSPEC);
8913 *insn++ = BPF_JMP_A(1);
8914 *insn++ = BPF_MOV32_IMM(value_reg, BPF_SKB_TSTAMP_DELIVERY_MONO);
8915
8916 return insn;
8917}
8918
8919static struct bpf_insn *bpf_convert_shinfo_access(const struct bpf_insn *si,
8920 struct bpf_insn *insn)
8921{
8922
8923#ifdef NET_SKBUFF_DATA_USES_OFFSET
8924 *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct sk_buff, end),
8925 BPF_REG_AX, si->src_reg,
8926 offsetof(struct sk_buff, end));
8927 *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct sk_buff, head),
8928 si->dst_reg, si->src_reg,
8929 offsetof(struct sk_buff, head));
8930 *insn++ = BPF_ALU64_REG(BPF_ADD, si->dst_reg, BPF_REG_AX);
8931#else
8932 *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct sk_buff, end),
8933 si->dst_reg, si->src_reg,
8934 offsetof(struct sk_buff, end));
8935#endif
8936
8937 return insn;
8938}
8939
8940static struct bpf_insn *bpf_convert_tstamp_read(const struct bpf_prog *prog,
8941 const struct bpf_insn *si,
8942 struct bpf_insn *insn)
8943{
8944 __u8 value_reg = si->dst_reg;
8945 __u8 skb_reg = si->src_reg;
8946
8947#ifdef CONFIG_NET_CLS_ACT
8948
8949
8950
8951
8952 if (!prog->tstamp_type_access) {
8953
8954 __u8 tmp_reg = BPF_REG_AX;
8955
8956 *insn++ = BPF_LDX_MEM(BPF_B, tmp_reg, skb_reg, PKT_VLAN_PRESENT_OFFSET);
8957 *insn++ = BPF_ALU32_IMM(BPF_AND, tmp_reg,
8958 TC_AT_INGRESS_MASK | SKB_MONO_DELIVERY_TIME_MASK);
8959 *insn++ = BPF_JMP32_IMM(BPF_JNE, tmp_reg,
8960 TC_AT_INGRESS_MASK | SKB_MONO_DELIVERY_TIME_MASK, 2);
8961
8962
8963
8964 *insn++ = BPF_MOV64_IMM(value_reg, 0);
8965 *insn++ = BPF_JMP_A(1);
8966 }
8967#endif
8968
8969 *insn++ = BPF_LDX_MEM(BPF_DW, value_reg, skb_reg,
8970 offsetof(struct sk_buff, tstamp));
8971 return insn;
8972}
8973
8974static struct bpf_insn *bpf_convert_tstamp_write(const struct bpf_prog *prog,
8975 const struct bpf_insn *si,
8976 struct bpf_insn *insn)
8977{
8978 __u8 value_reg = si->src_reg;
8979 __u8 skb_reg = si->dst_reg;
8980
8981#ifdef CONFIG_NET_CLS_ACT
8982
8983
8984
8985
8986
8987
8988 if (!prog->tstamp_type_access) {
8989 __u8 tmp_reg = BPF_REG_AX;
8990
8991 *insn++ = BPF_LDX_MEM(BPF_B, tmp_reg, skb_reg, PKT_VLAN_PRESENT_OFFSET);
8992
8993 *insn++ = BPF_JMP32_IMM(BPF_JSET, tmp_reg, TC_AT_INGRESS_MASK, 1);
8994
8995 *insn++ = BPF_JMP_A(2);
8996
8997 *insn++ = BPF_ALU32_IMM(BPF_AND, tmp_reg, ~SKB_MONO_DELIVERY_TIME_MASK);
8998 *insn++ = BPF_STX_MEM(BPF_B, skb_reg, tmp_reg, PKT_VLAN_PRESENT_OFFSET);
8999 }
9000#endif
9001
9002
9003 *insn++ = BPF_STX_MEM(BPF_DW, skb_reg, value_reg,
9004 offsetof(struct sk_buff, tstamp));
9005 return insn;
9006}
9007
9008static u32 bpf_convert_ctx_access(enum bpf_access_type type,
9009 const struct bpf_insn *si,
9010 struct bpf_insn *insn_buf,
9011 struct bpf_prog *prog, u32 *target_size)
9012{
9013 struct bpf_insn *insn = insn_buf;
9014 int off;
9015
9016 switch (si->off) {
9017 case offsetof(struct __sk_buff, len):
9018 *insn++ = BPF_LDX_MEM(BPF_W, si->dst_reg, si->src_reg,
9019 bpf_target_off(struct sk_buff, len, 4,
9020 target_size));
9021 break;
9022
9023 case offsetof(struct __sk_buff, protocol):
9024 *insn++ = BPF_LDX_MEM(BPF_H, si->dst_reg, si->src_reg,
9025 bpf_target_off(struct sk_buff, protocol, 2,
9026 target_size));
9027 break;
9028
9029 case offsetof(struct __sk_buff, vlan_proto):
9030 *insn++ = BPF_LDX_MEM(BPF_H, si->dst_reg, si->src_reg,
9031 bpf_target_off(struct sk_buff, vlan_proto, 2,
9032 target_size));
9033 break;
9034
9035 case offsetof(struct __sk_buff, priority):
9036 if (type == BPF_WRITE)
9037 *insn++ = BPF_STX_MEM(BPF_W, si->dst_reg, si->src_reg,
9038 bpf_target_off(struct sk_buff, priority, 4,
9039 target_size));
9040 else
9041 *insn++ = BPF_LDX_MEM(BPF_W, si->dst_reg, si->src_reg,
9042 bpf_target_off(struct sk_buff, priority, 4,
9043 target_size));
9044 break;
9045
9046 case offsetof(struct __sk_buff, ingress_ifindex):
9047 *insn++ = BPF_LDX_MEM(BPF_W, si->dst_reg, si->src_reg,
9048 bpf_target_off(struct sk_buff, skb_iif, 4,
9049 target_size));
9050 break;
9051
9052 case offsetof(struct __sk_buff, ifindex):
9053 *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct sk_buff, dev),
9054 si->dst_reg, si->src_reg,
9055 offsetof(struct sk_buff, dev));
9056 *insn++ = BPF_JMP_IMM(BPF_JEQ, si->dst_reg, 0, 1);
9057 *insn++ = BPF_LDX_MEM(BPF_W, si->dst_reg, si->dst_reg,
9058 bpf_target_off(struct net_device, ifindex, 4,
9059 target_size));
9060 break;
9061
9062 case offsetof(struct __sk_buff, hash):
9063 *insn++ = BPF_LDX_MEM(BPF_W, si->dst_reg, si->src_reg,
9064 bpf_target_off(struct sk_buff, hash, 4,
9065 target_size));
9066 break;
9067
9068 case offsetof(struct __sk_buff, mark):
9069 if (type == BPF_WRITE)
9070 *insn++ = BPF_STX_MEM(BPF_W, si->dst_reg, si->src_reg,
9071 bpf_target_off(struct sk_buff, mark, 4,
9072 target_size));
9073 else
9074 *insn++ = BPF_LDX_MEM(BPF_W, si->dst_reg, si->src_reg,
9075 bpf_target_off(struct sk_buff, mark, 4,
9076 target_size));
9077 break;
9078
9079 case offsetof(struct __sk_buff, pkt_type):
9080 *target_size = 1;
9081 *insn++ = BPF_LDX_MEM(BPF_B, si->dst_reg, si->src_reg,
9082 PKT_TYPE_OFFSET);
9083 *insn++ = BPF_ALU32_IMM(BPF_AND, si->dst_reg, PKT_TYPE_MAX);
9084#ifdef __BIG_ENDIAN_BITFIELD
9085 *insn++ = BPF_ALU32_IMM(BPF_RSH, si->dst_reg, 5);
9086#endif
9087 break;
9088
9089 case offsetof(struct __sk_buff, queue_mapping):
9090 if (type == BPF_WRITE) {
9091 *insn++ = BPF_JMP_IMM(BPF_JGE, si->src_reg, NO_QUEUE_MAPPING, 1);
9092 *insn++ = BPF_STX_MEM(BPF_H, si->dst_reg, si->src_reg,
9093 bpf_target_off(struct sk_buff,
9094 queue_mapping,
9095 2, target_size));
9096 } else {
9097 *insn++ = BPF_LDX_MEM(BPF_H, si->dst_reg, si->src_reg,
9098 bpf_target_off(struct sk_buff,
9099 queue_mapping,
9100 2, target_size));
9101 }
9102 break;
9103
9104 case offsetof(struct __sk_buff, vlan_present):
9105 *target_size = 1;
9106 *insn++ = BPF_LDX_MEM(BPF_B, si->dst_reg, si->src_reg,
9107 PKT_VLAN_PRESENT_OFFSET);
9108 if (PKT_VLAN_PRESENT_BIT)
9109 *insn++ = BPF_ALU32_IMM(BPF_RSH, si->dst_reg, PKT_VLAN_PRESENT_BIT);
9110 if (PKT_VLAN_PRESENT_BIT < 7)
9111 *insn++ = BPF_ALU32_IMM(BPF_AND, si->dst_reg, 1);
9112 break;
9113
9114 case offsetof(struct __sk_buff, vlan_tci):
9115 *insn++ = BPF_LDX_MEM(BPF_H, si->dst_reg, si->src_reg,
9116 bpf_target_off(struct sk_buff, vlan_tci, 2,
9117 target_size));
9118 break;
9119
9120 case offsetof(struct __sk_buff, cb[0]) ...
9121 offsetofend(struct __sk_buff, cb[4]) - 1:
9122 BUILD_BUG_ON(sizeof_field(struct qdisc_skb_cb, data) < 20);
9123 BUILD_BUG_ON((offsetof(struct sk_buff, cb) +
9124 offsetof(struct qdisc_skb_cb, data)) %
9125 sizeof(__u64));
9126
9127 prog->cb_access = 1;
9128 off = si->off;
9129 off -= offsetof(struct __sk_buff, cb[0]);
9130 off += offsetof(struct sk_buff, cb);
9131 off += offsetof(struct qdisc_skb_cb, data);
9132 if (type == BPF_WRITE)
9133 *insn++ = BPF_STX_MEM(BPF_SIZE(si->code), si->dst_reg,
9134 si->src_reg, off);
9135 else
9136 *insn++ = BPF_LDX_MEM(BPF_SIZE(si->code), si->dst_reg,
9137 si->src_reg, off);
9138 break;
9139
9140 case offsetof(struct __sk_buff, tc_classid):
9141 BUILD_BUG_ON(sizeof_field(struct qdisc_skb_cb, tc_classid) != 2);
9142
9143 off = si->off;
9144 off -= offsetof(struct __sk_buff, tc_classid);
9145 off += offsetof(struct sk_buff, cb);
9146 off += offsetof(struct qdisc_skb_cb, tc_classid);
9147 *target_size = 2;
9148 if (type == BPF_WRITE)
9149 *insn++ = BPF_STX_MEM(BPF_H, si->dst_reg,
9150 si->src_reg, off);
9151 else
9152 *insn++ = BPF_LDX_MEM(BPF_H, si->dst_reg,
9153 si->src_reg, off);
9154 break;
9155
9156 case offsetof(struct __sk_buff, data):
9157 *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct sk_buff, data),
9158 si->dst_reg, si->src_reg,
9159 offsetof(struct sk_buff, data));
9160 break;
9161
9162 case offsetof(struct __sk_buff, data_meta):
9163 off = si->off;
9164 off -= offsetof(struct __sk_buff, data_meta);
9165 off += offsetof(struct sk_buff, cb);
9166 off += offsetof(struct bpf_skb_data_end, data_meta);
9167 *insn++ = BPF_LDX_MEM(BPF_SIZEOF(void *), si->dst_reg,
9168 si->src_reg, off);
9169 break;
9170
9171 case offsetof(struct __sk_buff, data_end):
9172 off = si->off;
9173 off -= offsetof(struct __sk_buff, data_end);
9174 off += offsetof(struct sk_buff, cb);
9175 off += offsetof(struct bpf_skb_data_end, data_end);
9176 *insn++ = BPF_LDX_MEM(BPF_SIZEOF(void *), si->dst_reg,
9177 si->src_reg, off);
9178 break;
9179
9180 case offsetof(struct __sk_buff, tc_index):
9181#ifdef CONFIG_NET_SCHED
9182 if (type == BPF_WRITE)
9183 *insn++ = BPF_STX_MEM(BPF_H, si->dst_reg, si->src_reg,
9184 bpf_target_off(struct sk_buff, tc_index, 2,
9185 target_size));
9186 else
9187 *insn++ = BPF_LDX_MEM(BPF_H, si->dst_reg, si->src_reg,
9188 bpf_target_off(struct sk_buff, tc_index, 2,
9189 target_size));
9190#else
9191 *target_size = 2;
9192 if (type == BPF_WRITE)
9193 *insn++ = BPF_MOV64_REG(si->dst_reg, si->dst_reg);
9194 else
9195 *insn++ = BPF_MOV64_IMM(si->dst_reg, 0);
9196#endif
9197 break;
9198
9199 case offsetof(struct __sk_buff, napi_id):
9200#if defined(CONFIG_NET_RX_BUSY_POLL)
9201 *insn++ = BPF_LDX_MEM(BPF_W, si->dst_reg, si->src_reg,
9202 bpf_target_off(struct sk_buff, napi_id, 4,
9203 target_size));
9204 *insn++ = BPF_JMP_IMM(BPF_JGE, si->dst_reg, MIN_NAPI_ID, 1);
9205 *insn++ = BPF_MOV64_IMM(si->dst_reg, 0);
9206#else
9207 *target_size = 4;
9208 *insn++ = BPF_MOV64_IMM(si->dst_reg, 0);
9209#endif
9210 break;
9211 case offsetof(struct __sk_buff, family):
9212 BUILD_BUG_ON(sizeof_field(struct sock_common, skc_family) != 2);
9213
9214 *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct sk_buff, sk),
9215 si->dst_reg, si->src_reg,
9216 offsetof(struct sk_buff, sk));
9217 *insn++ = BPF_LDX_MEM(BPF_H, si->dst_reg, si->dst_reg,
9218 bpf_target_off(struct sock_common,
9219 skc_family,
9220 2, target_size));
9221 break;
9222 case offsetof(struct __sk_buff, remote_ip4):
9223 BUILD_BUG_ON(sizeof_field(struct sock_common, skc_daddr) != 4);
9224
9225 *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct sk_buff, sk),
9226 si->dst_reg, si->src_reg,
9227 offsetof(struct sk_buff, sk));
9228 *insn++ = BPF_LDX_MEM(BPF_W, si->dst_reg, si->dst_reg,
9229 bpf_target_off(struct sock_common,
9230 skc_daddr,
9231 4, target_size));
9232 break;
9233 case offsetof(struct __sk_buff, local_ip4):
9234 BUILD_BUG_ON(sizeof_field(struct sock_common,
9235 skc_rcv_saddr) != 4);
9236
9237 *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct sk_buff, sk),
9238 si->dst_reg, si->src_reg,
9239 offsetof(struct sk_buff, sk));
9240 *insn++ = BPF_LDX_MEM(BPF_W, si->dst_reg, si->dst_reg,
9241 bpf_target_off(struct sock_common,
9242 skc_rcv_saddr,
9243 4, target_size));
9244 break;
9245 case offsetof(struct __sk_buff, remote_ip6[0]) ...
9246 offsetof(struct __sk_buff, remote_ip6[3]):
9247#if IS_ENABLED(CONFIG_IPV6)
9248 BUILD_BUG_ON(sizeof_field(struct sock_common,
9249 skc_v6_daddr.s6_addr32[0]) != 4);
9250
9251 off = si->off;
9252 off -= offsetof(struct __sk_buff, remote_ip6[0]);
9253
9254 *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct sk_buff, sk),
9255 si->dst_reg, si->src_reg,
9256 offsetof(struct sk_buff, sk));
9257 *insn++ = BPF_LDX_MEM(BPF_W, si->dst_reg, si->dst_reg,
9258 offsetof(struct sock_common,
9259 skc_v6_daddr.s6_addr32[0]) +
9260 off);
9261#else
9262 *insn++ = BPF_MOV32_IMM(si->dst_reg, 0);
9263#endif
9264 break;
9265 case offsetof(struct __sk_buff, local_ip6[0]) ...
9266 offsetof(struct __sk_buff, local_ip6[3]):
9267#if IS_ENABLED(CONFIG_IPV6)
9268 BUILD_BUG_ON(sizeof_field(struct sock_common,
9269 skc_v6_rcv_saddr.s6_addr32[0]) != 4);
9270
9271 off = si->off;
9272 off -= offsetof(struct __sk_buff, local_ip6[0]);
9273
9274 *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct sk_buff, sk),
9275 si->dst_reg, si->src_reg,
9276 offsetof(struct sk_buff, sk));
9277 *insn++ = BPF_LDX_MEM(BPF_W, si->dst_reg, si->dst_reg,
9278 offsetof(struct sock_common,
9279 skc_v6_rcv_saddr.s6_addr32[0]) +
9280 off);
9281#else
9282 *insn++ = BPF_MOV32_IMM(si->dst_reg, 0);
9283#endif
9284 break;
9285
9286 case offsetof(struct __sk_buff, remote_port):
9287 BUILD_BUG_ON(sizeof_field(struct sock_common, skc_dport) != 2);
9288
9289 *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct sk_buff, sk),
9290 si->dst_reg, si->src_reg,
9291 offsetof(struct sk_buff, sk));
9292 *insn++ = BPF_LDX_MEM(BPF_H, si->dst_reg, si->dst_reg,
9293 bpf_target_off(struct sock_common,
9294 skc_dport,
9295 2, target_size));
9296#ifndef __BIG_ENDIAN_BITFIELD
9297 *insn++ = BPF_ALU32_IMM(BPF_LSH, si->dst_reg, 16);
9298#endif
9299 break;
9300
9301 case offsetof(struct __sk_buff, local_port):
9302 BUILD_BUG_ON(sizeof_field(struct sock_common, skc_num) != 2);
9303
9304 *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct sk_buff, sk),
9305 si->dst_reg, si->src_reg,
9306 offsetof(struct sk_buff, sk));
9307 *insn++ = BPF_LDX_MEM(BPF_H, si->dst_reg, si->dst_reg,
9308 bpf_target_off(struct sock_common,
9309 skc_num, 2, target_size));
9310 break;
9311
9312 case offsetof(struct __sk_buff, tstamp):
9313 BUILD_BUG_ON(sizeof_field(struct sk_buff, tstamp) != 8);
9314
9315 if (type == BPF_WRITE)
9316 insn = bpf_convert_tstamp_write(prog, si, insn);
9317 else
9318 insn = bpf_convert_tstamp_read(prog, si, insn);
9319 break;
9320
9321 case offsetof(struct __sk_buff, tstamp_type):
9322 insn = bpf_convert_tstamp_type_read(si, insn);
9323 break;
9324
9325 case offsetof(struct __sk_buff, gso_segs):
9326 insn = bpf_convert_shinfo_access(si, insn);
9327 *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct skb_shared_info, gso_segs),
9328 si->dst_reg, si->dst_reg,
9329 bpf_target_off(struct skb_shared_info,
9330 gso_segs, 2,
9331 target_size));
9332 break;
9333 case offsetof(struct __sk_buff, gso_size):
9334 insn = bpf_convert_shinfo_access(si, insn);
9335 *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct skb_shared_info, gso_size),
9336 si->dst_reg, si->dst_reg,
9337 bpf_target_off(struct skb_shared_info,
9338 gso_size, 2,
9339 target_size));
9340 break;
9341 case offsetof(struct __sk_buff, wire_len):
9342 BUILD_BUG_ON(sizeof_field(struct qdisc_skb_cb, pkt_len) != 4);
9343
9344 off = si->off;
9345 off -= offsetof(struct __sk_buff, wire_len);
9346 off += offsetof(struct sk_buff, cb);
9347 off += offsetof(struct qdisc_skb_cb, pkt_len);
9348 *target_size = 4;
9349 *insn++ = BPF_LDX_MEM(BPF_W, si->dst_reg, si->src_reg, off);
9350 break;
9351
9352 case offsetof(struct __sk_buff, sk):
9353 *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct sk_buff, sk),
9354 si->dst_reg, si->src_reg,
9355 offsetof(struct sk_buff, sk));
9356 break;
9357 case offsetof(struct __sk_buff, hwtstamp):
9358 BUILD_BUG_ON(sizeof_field(struct skb_shared_hwtstamps, hwtstamp) != 8);
9359 BUILD_BUG_ON(offsetof(struct skb_shared_hwtstamps, hwtstamp) != 0);
9360
9361 insn = bpf_convert_shinfo_access(si, insn);
9362 *insn++ = BPF_LDX_MEM(BPF_DW,
9363 si->dst_reg, si->dst_reg,
9364 bpf_target_off(struct skb_shared_info,
9365 hwtstamps, 8,
9366 target_size));
9367 break;
9368 }
9369
9370 return insn - insn_buf;
9371}
9372
9373u32 bpf_sock_convert_ctx_access(enum bpf_access_type type,
9374 const struct bpf_insn *si,
9375 struct bpf_insn *insn_buf,
9376 struct bpf_prog *prog, u32 *target_size)
9377{
9378 struct bpf_insn *insn = insn_buf;
9379 int off;
9380
9381 switch (si->off) {
9382 case offsetof(struct bpf_sock, bound_dev_if):
9383 BUILD_BUG_ON(sizeof_field(struct sock, sk_bound_dev_if) != 4);
9384
9385 if (type == BPF_WRITE)
9386 *insn++ = BPF_STX_MEM(BPF_W, si->dst_reg, si->src_reg,
9387 offsetof(struct sock, sk_bound_dev_if));
9388 else
9389 *insn++ = BPF_LDX_MEM(BPF_W, si->dst_reg, si->src_reg,
9390 offsetof(struct sock, sk_bound_dev_if));
9391 break;
9392
9393 case offsetof(struct bpf_sock, mark):
9394 BUILD_BUG_ON(sizeof_field(struct sock, sk_mark) != 4);
9395
9396 if (type == BPF_WRITE)
9397 *insn++ = BPF_STX_MEM(BPF_W, si->dst_reg, si->src_reg,
9398 offsetof(struct sock, sk_mark));
9399 else
9400 *insn++ = BPF_LDX_MEM(BPF_W, si->dst_reg, si->src_reg,
9401 offsetof(struct sock, sk_mark));
9402 break;
9403
9404 case offsetof(struct bpf_sock, priority):
9405 BUILD_BUG_ON(sizeof_field(struct sock, sk_priority) != 4);
9406
9407 if (type == BPF_WRITE)
9408 *insn++ = BPF_STX_MEM(BPF_W, si->dst_reg, si->src_reg,
9409 offsetof(struct sock, sk_priority));
9410 else
9411 *insn++ = BPF_LDX_MEM(BPF_W, si->dst_reg, si->src_reg,
9412 offsetof(struct sock, sk_priority));
9413 break;
9414
9415 case offsetof(struct bpf_sock, family):
9416 *insn++ = BPF_LDX_MEM(
9417 BPF_FIELD_SIZEOF(struct sock_common, skc_family),
9418 si->dst_reg, si->src_reg,
9419 bpf_target_off(struct sock_common,
9420 skc_family,
9421 sizeof_field(struct sock_common,
9422 skc_family),
9423 target_size));
9424 break;
9425
9426 case offsetof(struct bpf_sock, type):
9427 *insn++ = BPF_LDX_MEM(
9428 BPF_FIELD_SIZEOF(struct sock, sk_type),
9429 si->dst_reg, si->src_reg,
9430 bpf_target_off(struct sock, sk_type,
9431 sizeof_field(struct sock, sk_type),
9432 target_size));
9433 break;
9434
9435 case offsetof(struct bpf_sock, protocol):
9436 *insn++ = BPF_LDX_MEM(
9437 BPF_FIELD_SIZEOF(struct sock, sk_protocol),
9438 si->dst_reg, si->src_reg,
9439 bpf_target_off(struct sock, sk_protocol,
9440 sizeof_field(struct sock, sk_protocol),
9441 target_size));
9442 break;
9443
9444 case offsetof(struct bpf_sock, src_ip4):
9445 *insn++ = BPF_LDX_MEM(
9446 BPF_SIZE(si->code), si->dst_reg, si->src_reg,
9447 bpf_target_off(struct sock_common, skc_rcv_saddr,
9448 sizeof_field(struct sock_common,
9449 skc_rcv_saddr),
9450 target_size));
9451 break;
9452
9453 case offsetof(struct bpf_sock, dst_ip4):
9454 *insn++ = BPF_LDX_MEM(
9455 BPF_SIZE(si->code), si->dst_reg, si->src_reg,
9456 bpf_target_off(struct sock_common, skc_daddr,
9457 sizeof_field(struct sock_common,
9458 skc_daddr),
9459 target_size));
9460 break;
9461
9462 case bpf_ctx_range_till(struct bpf_sock, src_ip6[0], src_ip6[3]):
9463#if IS_ENABLED(CONFIG_IPV6)
9464 off = si->off;
9465 off -= offsetof(struct bpf_sock, src_ip6[0]);
9466 *insn++ = BPF_LDX_MEM(
9467 BPF_SIZE(si->code), si->dst_reg, si->src_reg,
9468 bpf_target_off(
9469 struct sock_common,
9470 skc_v6_rcv_saddr.s6_addr32[0],
9471 sizeof_field(struct sock_common,
9472 skc_v6_rcv_saddr.s6_addr32[0]),
9473 target_size) + off);
9474#else
9475 (void)off;
9476 *insn++ = BPF_MOV32_IMM(si->dst_reg, 0);
9477#endif
9478 break;
9479
9480 case bpf_ctx_range_till(struct bpf_sock, dst_ip6[0], dst_ip6[3]):
9481#if IS_ENABLED(CONFIG_IPV6)
9482 off = si->off;
9483 off -= offsetof(struct bpf_sock, dst_ip6[0]);
9484 *insn++ = BPF_LDX_MEM(
9485 BPF_SIZE(si->code), si->dst_reg, si->src_reg,
9486 bpf_target_off(struct sock_common,
9487 skc_v6_daddr.s6_addr32[0],
9488 sizeof_field(struct sock_common,
9489 skc_v6_daddr.s6_addr32[0]),
9490 target_size) + off);
9491#else
9492 *insn++ = BPF_MOV32_IMM(si->dst_reg, 0);
9493 *target_size = 4;
9494#endif
9495 break;
9496
9497 case offsetof(struct bpf_sock, src_port):
9498 *insn++ = BPF_LDX_MEM(
9499 BPF_FIELD_SIZEOF(struct sock_common, skc_num),
9500 si->dst_reg, si->src_reg,
9501 bpf_target_off(struct sock_common, skc_num,
9502 sizeof_field(struct sock_common,
9503 skc_num),
9504 target_size));
9505 break;
9506
9507 case offsetof(struct bpf_sock, dst_port):
9508 *insn++ = BPF_LDX_MEM(
9509 BPF_FIELD_SIZEOF(struct sock_common, skc_dport),
9510 si->dst_reg, si->src_reg,
9511 bpf_target_off(struct sock_common, skc_dport,
9512 sizeof_field(struct sock_common,
9513 skc_dport),
9514 target_size));
9515 break;
9516
9517 case offsetof(struct bpf_sock, state):
9518 *insn++ = BPF_LDX_MEM(
9519 BPF_FIELD_SIZEOF(struct sock_common, skc_state),
9520 si->dst_reg, si->src_reg,
9521 bpf_target_off(struct sock_common, skc_state,
9522 sizeof_field(struct sock_common,
9523 skc_state),
9524 target_size));
9525 break;
9526 case offsetof(struct bpf_sock, rx_queue_mapping):
9527#ifdef CONFIG_SOCK_RX_QUEUE_MAPPING
9528 *insn++ = BPF_LDX_MEM(
9529 BPF_FIELD_SIZEOF(struct sock, sk_rx_queue_mapping),
9530 si->dst_reg, si->src_reg,
9531 bpf_target_off(struct sock, sk_rx_queue_mapping,
9532 sizeof_field(struct sock,
9533 sk_rx_queue_mapping),
9534 target_size));
9535 *insn++ = BPF_JMP_IMM(BPF_JNE, si->dst_reg, NO_QUEUE_MAPPING,
9536 1);
9537 *insn++ = BPF_MOV64_IMM(si->dst_reg, -1);
9538#else
9539 *insn++ = BPF_MOV64_IMM(si->dst_reg, -1);
9540 *target_size = 2;
9541#endif
9542 break;
9543 }
9544
9545 return insn - insn_buf;
9546}
9547
9548static u32 tc_cls_act_convert_ctx_access(enum bpf_access_type type,
9549 const struct bpf_insn *si,
9550 struct bpf_insn *insn_buf,
9551 struct bpf_prog *prog, u32 *target_size)
9552{
9553 struct bpf_insn *insn = insn_buf;
9554
9555 switch (si->off) {
9556 case offsetof(struct __sk_buff, ifindex):
9557 *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct sk_buff, dev),
9558 si->dst_reg, si->src_reg,
9559 offsetof(struct sk_buff, dev));
9560 *insn++ = BPF_LDX_MEM(BPF_W, si->dst_reg, si->dst_reg,
9561 bpf_target_off(struct net_device, ifindex, 4,
9562 target_size));
9563 break;
9564 default:
9565 return bpf_convert_ctx_access(type, si, insn_buf, prog,
9566 target_size);
9567 }
9568
9569 return insn - insn_buf;
9570}
9571
9572static u32 xdp_convert_ctx_access(enum bpf_access_type type,
9573 const struct bpf_insn *si,
9574 struct bpf_insn *insn_buf,
9575 struct bpf_prog *prog, u32 *target_size)
9576{
9577 struct bpf_insn *insn = insn_buf;
9578
9579 switch (si->off) {
9580 case offsetof(struct xdp_md, data):
9581 *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct xdp_buff, data),
9582 si->dst_reg, si->src_reg,
9583 offsetof(struct xdp_buff, data));
9584 break;
9585 case offsetof(struct xdp_md, data_meta):
9586 *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct xdp_buff, data_meta),
9587 si->dst_reg, si->src_reg,
9588 offsetof(struct xdp_buff, data_meta));
9589 break;
9590 case offsetof(struct xdp_md, data_end):
9591 *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct xdp_buff, data_end),
9592 si->dst_reg, si->src_reg,
9593 offsetof(struct xdp_buff, data_end));
9594 break;
9595 case offsetof(struct xdp_md, ingress_ifindex):
9596 *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct xdp_buff, rxq),
9597 si->dst_reg, si->src_reg,
9598 offsetof(struct xdp_buff, rxq));
9599 *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct xdp_rxq_info, dev),
9600 si->dst_reg, si->dst_reg,
9601 offsetof(struct xdp_rxq_info, dev));
9602 *insn++ = BPF_LDX_MEM(BPF_W, si->dst_reg, si->dst_reg,
9603 offsetof(struct net_device, ifindex));
9604 break;
9605 case offsetof(struct xdp_md, rx_queue_index):
9606 *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct xdp_buff, rxq),
9607 si->dst_reg, si->src_reg,
9608 offsetof(struct xdp_buff, rxq));
9609 *insn++ = BPF_LDX_MEM(BPF_W, si->dst_reg, si->dst_reg,
9610 offsetof(struct xdp_rxq_info,
9611 queue_index));
9612 break;
9613 case offsetof(struct xdp_md, egress_ifindex):
9614 *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct xdp_buff, txq),
9615 si->dst_reg, si->src_reg,
9616 offsetof(struct xdp_buff, txq));
9617 *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct xdp_txq_info, dev),
9618 si->dst_reg, si->dst_reg,
9619 offsetof(struct xdp_txq_info, dev));
9620 *insn++ = BPF_LDX_MEM(BPF_W, si->dst_reg, si->dst_reg,
9621 offsetof(struct net_device, ifindex));
9622 break;
9623 }
9624
9625 return insn - insn_buf;
9626}
9627
9628
9629
9630
9631
9632
9633
9634
9635
9636
9637
9638#define SOCK_ADDR_LOAD_NESTED_FIELD_SIZE_OFF(S, NS, F, NF, SIZE, OFF) \
9639 do { \
9640 *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(S, F), si->dst_reg, \
9641 si->src_reg, offsetof(S, F)); \
9642 *insn++ = BPF_LDX_MEM( \
9643 SIZE, si->dst_reg, si->dst_reg, \
9644 bpf_target_off(NS, NF, sizeof_field(NS, NF), \
9645 target_size) \
9646 + OFF); \
9647 } while (0)
9648
9649#define SOCK_ADDR_LOAD_NESTED_FIELD(S, NS, F, NF) \
9650 SOCK_ADDR_LOAD_NESTED_FIELD_SIZE_OFF(S, NS, F, NF, \
9651 BPF_FIELD_SIZEOF(NS, NF), 0)
9652
9653
9654
9655
9656
9657
9658
9659
9660
9661
9662
9663#define SOCK_ADDR_STORE_NESTED_FIELD_OFF(S, NS, F, NF, SIZE, OFF, TF) \
9664 do { \
9665 int tmp_reg = BPF_REG_9; \
9666 if (si->src_reg == tmp_reg || si->dst_reg == tmp_reg) \
9667 --tmp_reg; \
9668 if (si->src_reg == tmp_reg || si->dst_reg == tmp_reg) \
9669 --tmp_reg; \
9670 *insn++ = BPF_STX_MEM(BPF_DW, si->dst_reg, tmp_reg, \
9671 offsetof(S, TF)); \
9672 *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(S, F), tmp_reg, \
9673 si->dst_reg, offsetof(S, F)); \
9674 *insn++ = BPF_STX_MEM(SIZE, tmp_reg, si->src_reg, \
9675 bpf_target_off(NS, NF, sizeof_field(NS, NF), \
9676 target_size) \
9677 + OFF); \
9678 *insn++ = BPF_LDX_MEM(BPF_DW, tmp_reg, si->dst_reg, \
9679 offsetof(S, TF)); \
9680 } while (0)
9681
9682#define SOCK_ADDR_LOAD_OR_STORE_NESTED_FIELD_SIZE_OFF(S, NS, F, NF, SIZE, OFF, \
9683 TF) \
9684 do { \
9685 if (type == BPF_WRITE) { \
9686 SOCK_ADDR_STORE_NESTED_FIELD_OFF(S, NS, F, NF, SIZE, \
9687 OFF, TF); \
9688 } else { \
9689 SOCK_ADDR_LOAD_NESTED_FIELD_SIZE_OFF( \
9690 S, NS, F, NF, SIZE, OFF); \
9691 } \
9692 } while (0)
9693
9694#define SOCK_ADDR_LOAD_OR_STORE_NESTED_FIELD(S, NS, F, NF, TF) \
9695 SOCK_ADDR_LOAD_OR_STORE_NESTED_FIELD_SIZE_OFF( \
9696 S, NS, F, NF, BPF_FIELD_SIZEOF(NS, NF), 0, TF)
9697
9698static u32 sock_addr_convert_ctx_access(enum bpf_access_type type,
9699 const struct bpf_insn *si,
9700 struct bpf_insn *insn_buf,
9701 struct bpf_prog *prog, u32 *target_size)
9702{
9703 int off, port_size = sizeof_field(struct sockaddr_in6, sin6_port);
9704 struct bpf_insn *insn = insn_buf;
9705
9706 switch (si->off) {
9707 case offsetof(struct bpf_sock_addr, user_family):
9708 SOCK_ADDR_LOAD_NESTED_FIELD(struct bpf_sock_addr_kern,
9709 struct sockaddr, uaddr, sa_family);
9710 break;
9711
9712 case offsetof(struct bpf_sock_addr, user_ip4):
9713 SOCK_ADDR_LOAD_OR_STORE_NESTED_FIELD_SIZE_OFF(
9714 struct bpf_sock_addr_kern, struct sockaddr_in, uaddr,
9715 sin_addr, BPF_SIZE(si->code), 0, tmp_reg);
9716 break;
9717
9718 case bpf_ctx_range_till(struct bpf_sock_addr, user_ip6[0], user_ip6[3]):
9719 off = si->off;
9720 off -= offsetof(struct bpf_sock_addr, user_ip6[0]);
9721 SOCK_ADDR_LOAD_OR_STORE_NESTED_FIELD_SIZE_OFF(
9722 struct bpf_sock_addr_kern, struct sockaddr_in6, uaddr,
9723 sin6_addr.s6_addr32[0], BPF_SIZE(si->code), off,
9724 tmp_reg);
9725 break;
9726
9727 case offsetof(struct bpf_sock_addr, user_port):
9728
9729
9730
9731
9732
9733
9734
9735 BUILD_BUG_ON(offsetof(struct sockaddr_in, sin_port) !=
9736 offsetof(struct sockaddr_in6, sin6_port));
9737 BUILD_BUG_ON(sizeof_field(struct sockaddr_in, sin_port) !=
9738 sizeof_field(struct sockaddr_in6, sin6_port));
9739
9740 port_size = min(port_size, BPF_LDST_BYTES(si));
9741 SOCK_ADDR_LOAD_OR_STORE_NESTED_FIELD_SIZE_OFF(
9742 struct bpf_sock_addr_kern, struct sockaddr_in6, uaddr,
9743 sin6_port, bytes_to_bpf_size(port_size), 0, tmp_reg);
9744 break;
9745
9746 case offsetof(struct bpf_sock_addr, family):
9747 SOCK_ADDR_LOAD_NESTED_FIELD(struct bpf_sock_addr_kern,
9748 struct sock, sk, sk_family);
9749 break;
9750
9751 case offsetof(struct bpf_sock_addr, type):
9752 SOCK_ADDR_LOAD_NESTED_FIELD(struct bpf_sock_addr_kern,
9753 struct sock, sk, sk_type);
9754 break;
9755
9756 case offsetof(struct bpf_sock_addr, protocol):
9757 SOCK_ADDR_LOAD_NESTED_FIELD(struct bpf_sock_addr_kern,
9758 struct sock, sk, sk_protocol);
9759 break;
9760
9761 case offsetof(struct bpf_sock_addr, msg_src_ip4):
9762
9763 SOCK_ADDR_LOAD_OR_STORE_NESTED_FIELD_SIZE_OFF(
9764 struct bpf_sock_addr_kern, struct in_addr, t_ctx,
9765 s_addr, BPF_SIZE(si->code), 0, tmp_reg);
9766 break;
9767
9768 case bpf_ctx_range_till(struct bpf_sock_addr, msg_src_ip6[0],
9769 msg_src_ip6[3]):
9770 off = si->off;
9771 off -= offsetof(struct bpf_sock_addr, msg_src_ip6[0]);
9772
9773 SOCK_ADDR_LOAD_OR_STORE_NESTED_FIELD_SIZE_OFF(
9774 struct bpf_sock_addr_kern, struct in6_addr, t_ctx,
9775 s6_addr32[0], BPF_SIZE(si->code), off, tmp_reg);
9776 break;
9777 case offsetof(struct bpf_sock_addr, sk):
9778 *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct bpf_sock_addr_kern, sk),
9779 si->dst_reg, si->src_reg,
9780 offsetof(struct bpf_sock_addr_kern, sk));
9781 break;
9782 }
9783
9784 return insn - insn_buf;
9785}
9786
9787static u32 sock_ops_convert_ctx_access(enum bpf_access_type type,
9788 const struct bpf_insn *si,
9789 struct bpf_insn *insn_buf,
9790 struct bpf_prog *prog,
9791 u32 *target_size)
9792{
9793 struct bpf_insn *insn = insn_buf;
9794 int off;
9795
9796
9797#define SOCK_OPS_GET_FIELD(BPF_FIELD, OBJ_FIELD, OBJ) \
9798 do { \
9799 int fullsock_reg = si->dst_reg, reg = BPF_REG_9, jmp = 2; \
9800 BUILD_BUG_ON(sizeof_field(OBJ, OBJ_FIELD) > \
9801 sizeof_field(struct bpf_sock_ops, BPF_FIELD)); \
9802 if (si->dst_reg == reg || si->src_reg == reg) \
9803 reg--; \
9804 if (si->dst_reg == reg || si->src_reg == reg) \
9805 reg--; \
9806 if (si->dst_reg == si->src_reg) { \
9807 *insn++ = BPF_STX_MEM(BPF_DW, si->src_reg, reg, \
9808 offsetof(struct bpf_sock_ops_kern, \
9809 temp)); \
9810 fullsock_reg = reg; \
9811 jmp += 2; \
9812 } \
9813 *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF( \
9814 struct bpf_sock_ops_kern, \
9815 is_fullsock), \
9816 fullsock_reg, si->src_reg, \
9817 offsetof(struct bpf_sock_ops_kern, \
9818 is_fullsock)); \
9819 *insn++ = BPF_JMP_IMM(BPF_JEQ, fullsock_reg, 0, jmp); \
9820 if (si->dst_reg == si->src_reg) \
9821 *insn++ = BPF_LDX_MEM(BPF_DW, reg, si->src_reg, \
9822 offsetof(struct bpf_sock_ops_kern, \
9823 temp)); \
9824 *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF( \
9825 struct bpf_sock_ops_kern, sk),\
9826 si->dst_reg, si->src_reg, \
9827 offsetof(struct bpf_sock_ops_kern, sk));\
9828 *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(OBJ, \
9829 OBJ_FIELD), \
9830 si->dst_reg, si->dst_reg, \
9831 offsetof(OBJ, OBJ_FIELD)); \
9832 if (si->dst_reg == si->src_reg) { \
9833 *insn++ = BPF_JMP_A(1); \
9834 *insn++ = BPF_LDX_MEM(BPF_DW, reg, si->src_reg, \
9835 offsetof(struct bpf_sock_ops_kern, \
9836 temp)); \
9837 } \
9838 } while (0)
9839
9840#define SOCK_OPS_GET_SK() \
9841 do { \
9842 int fullsock_reg = si->dst_reg, reg = BPF_REG_9, jmp = 1; \
9843 if (si->dst_reg == reg || si->src_reg == reg) \
9844 reg--; \
9845 if (si->dst_reg == reg || si->src_reg == reg) \
9846 reg--; \
9847 if (si->dst_reg == si->src_reg) { \
9848 *insn++ = BPF_STX_MEM(BPF_DW, si->src_reg, reg, \
9849 offsetof(struct bpf_sock_ops_kern, \
9850 temp)); \
9851 fullsock_reg = reg; \
9852 jmp += 2; \
9853 } \
9854 *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF( \
9855 struct bpf_sock_ops_kern, \
9856 is_fullsock), \
9857 fullsock_reg, si->src_reg, \
9858 offsetof(struct bpf_sock_ops_kern, \
9859 is_fullsock)); \
9860 *insn++ = BPF_JMP_IMM(BPF_JEQ, fullsock_reg, 0, jmp); \
9861 if (si->dst_reg == si->src_reg) \
9862 *insn++ = BPF_LDX_MEM(BPF_DW, reg, si->src_reg, \
9863 offsetof(struct bpf_sock_ops_kern, \
9864 temp)); \
9865 *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF( \
9866 struct bpf_sock_ops_kern, sk),\
9867 si->dst_reg, si->src_reg, \
9868 offsetof(struct bpf_sock_ops_kern, sk));\
9869 if (si->dst_reg == si->src_reg) { \
9870 *insn++ = BPF_JMP_A(1); \
9871 *insn++ = BPF_LDX_MEM(BPF_DW, reg, si->src_reg, \
9872 offsetof(struct bpf_sock_ops_kern, \
9873 temp)); \
9874 } \
9875 } while (0)
9876
9877#define SOCK_OPS_GET_TCP_SOCK_FIELD(FIELD) \
9878 SOCK_OPS_GET_FIELD(FIELD, FIELD, struct tcp_sock)
9879
9880
9881
9882
9883
9884
9885
9886
9887
9888
9889#define SOCK_OPS_SET_FIELD(BPF_FIELD, OBJ_FIELD, OBJ) \
9890 do { \
9891 int reg = BPF_REG_9; \
9892 BUILD_BUG_ON(sizeof_field(OBJ, OBJ_FIELD) > \
9893 sizeof_field(struct bpf_sock_ops, BPF_FIELD)); \
9894 if (si->dst_reg == reg || si->src_reg == reg) \
9895 reg--; \
9896 if (si->dst_reg == reg || si->src_reg == reg) \
9897 reg--; \
9898 *insn++ = BPF_STX_MEM(BPF_DW, si->dst_reg, reg, \
9899 offsetof(struct bpf_sock_ops_kern, \
9900 temp)); \
9901 *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF( \
9902 struct bpf_sock_ops_kern, \
9903 is_fullsock), \
9904 reg, si->dst_reg, \
9905 offsetof(struct bpf_sock_ops_kern, \
9906 is_fullsock)); \
9907 *insn++ = BPF_JMP_IMM(BPF_JEQ, reg, 0, 2); \
9908 *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF( \
9909 struct bpf_sock_ops_kern, sk),\
9910 reg, si->dst_reg, \
9911 offsetof(struct bpf_sock_ops_kern, sk));\
9912 *insn++ = BPF_STX_MEM(BPF_FIELD_SIZEOF(OBJ, OBJ_FIELD), \
9913 reg, si->src_reg, \
9914 offsetof(OBJ, OBJ_FIELD)); \
9915 *insn++ = BPF_LDX_MEM(BPF_DW, reg, si->dst_reg, \
9916 offsetof(struct bpf_sock_ops_kern, \
9917 temp)); \
9918 } while (0)
9919
9920#define SOCK_OPS_GET_OR_SET_FIELD(BPF_FIELD, OBJ_FIELD, OBJ, TYPE) \
9921 do { \
9922 if (TYPE == BPF_WRITE) \
9923 SOCK_OPS_SET_FIELD(BPF_FIELD, OBJ_FIELD, OBJ); \
9924 else \
9925 SOCK_OPS_GET_FIELD(BPF_FIELD, OBJ_FIELD, OBJ); \
9926 } while (0)
9927
9928 if (insn > insn_buf)
9929 return insn - insn_buf;
9930
9931 switch (si->off) {
9932 case offsetof(struct bpf_sock_ops, op):
9933 *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct bpf_sock_ops_kern,
9934 op),
9935 si->dst_reg, si->src_reg,
9936 offsetof(struct bpf_sock_ops_kern, op));
9937 break;
9938
9939 case offsetof(struct bpf_sock_ops, replylong[0]) ...
9940 offsetof(struct bpf_sock_ops, replylong[3]):
9941 BUILD_BUG_ON(sizeof_field(struct bpf_sock_ops, reply) !=
9942 sizeof_field(struct bpf_sock_ops_kern, reply));
9943 BUILD_BUG_ON(sizeof_field(struct bpf_sock_ops, replylong) !=
9944 sizeof_field(struct bpf_sock_ops_kern, replylong));
9945 off = si->off;
9946 off -= offsetof(struct bpf_sock_ops, replylong[0]);
9947 off += offsetof(struct bpf_sock_ops_kern, replylong[0]);
9948 if (type == BPF_WRITE)
9949 *insn++ = BPF_STX_MEM(BPF_W, si->dst_reg, si->src_reg,
9950 off);
9951 else
9952 *insn++ = BPF_LDX_MEM(BPF_W, si->dst_reg, si->src_reg,
9953 off);
9954 break;
9955
9956 case offsetof(struct bpf_sock_ops, family):
9957 BUILD_BUG_ON(sizeof_field(struct sock_common, skc_family) != 2);
9958
9959 *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(
9960 struct bpf_sock_ops_kern, sk),
9961 si->dst_reg, si->src_reg,
9962 offsetof(struct bpf_sock_ops_kern, sk));
9963 *insn++ = BPF_LDX_MEM(BPF_H, si->dst_reg, si->dst_reg,
9964 offsetof(struct sock_common, skc_family));
9965 break;
9966
9967 case offsetof(struct bpf_sock_ops, remote_ip4):
9968 BUILD_BUG_ON(sizeof_field(struct sock_common, skc_daddr) != 4);
9969
9970 *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(
9971 struct bpf_sock_ops_kern, sk),
9972 si->dst_reg, si->src_reg,
9973 offsetof(struct bpf_sock_ops_kern, sk));
9974 *insn++ = BPF_LDX_MEM(BPF_W, si->dst_reg, si->dst_reg,
9975 offsetof(struct sock_common, skc_daddr));
9976 break;
9977
9978 case offsetof(struct bpf_sock_ops, local_ip4):
9979 BUILD_BUG_ON(sizeof_field(struct sock_common,
9980 skc_rcv_saddr) != 4);
9981
9982 *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(
9983 struct bpf_sock_ops_kern, sk),
9984 si->dst_reg, si->src_reg,
9985 offsetof(struct bpf_sock_ops_kern, sk));
9986 *insn++ = BPF_LDX_MEM(BPF_W, si->dst_reg, si->dst_reg,
9987 offsetof(struct sock_common,
9988 skc_rcv_saddr));
9989 break;
9990
9991 case offsetof(struct bpf_sock_ops, remote_ip6[0]) ...
9992 offsetof(struct bpf_sock_ops, remote_ip6[3]):
9993#if IS_ENABLED(CONFIG_IPV6)
9994 BUILD_BUG_ON(sizeof_field(struct sock_common,
9995 skc_v6_daddr.s6_addr32[0]) != 4);
9996
9997 off = si->off;
9998 off -= offsetof(struct bpf_sock_ops, remote_ip6[0]);
9999 *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(
10000 struct bpf_sock_ops_kern, sk),
10001 si->dst_reg, si->src_reg,
10002 offsetof(struct bpf_sock_ops_kern, sk));
10003 *insn++ = BPF_LDX_MEM(BPF_W, si->dst_reg, si->dst_reg,
10004 offsetof(struct sock_common,
10005 skc_v6_daddr.s6_addr32[0]) +
10006 off);
10007#else
10008 *insn++ = BPF_MOV32_IMM(si->dst_reg, 0);
10009#endif
10010 break;
10011
10012 case offsetof(struct bpf_sock_ops, local_ip6[0]) ...
10013 offsetof(struct bpf_sock_ops, local_ip6[3]):
10014#if IS_ENABLED(CONFIG_IPV6)
10015 BUILD_BUG_ON(sizeof_field(struct sock_common,
10016 skc_v6_rcv_saddr.s6_addr32[0]) != 4);
10017
10018 off = si->off;
10019 off -= offsetof(struct bpf_sock_ops, local_ip6[0]);
10020 *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(
10021 struct bpf_sock_ops_kern, sk),
10022 si->dst_reg, si->src_reg,
10023 offsetof(struct bpf_sock_ops_kern, sk));
10024 *insn++ = BPF_LDX_MEM(BPF_W, si->dst_reg, si->dst_reg,
10025 offsetof(struct sock_common,
10026 skc_v6_rcv_saddr.s6_addr32[0]) +
10027 off);
10028#else
10029 *insn++ = BPF_MOV32_IMM(si->dst_reg, 0);
10030#endif
10031 break;
10032
10033 case offsetof(struct bpf_sock_ops, remote_port):
10034 BUILD_BUG_ON(sizeof_field(struct sock_common, skc_dport) != 2);
10035
10036 *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(
10037 struct bpf_sock_ops_kern, sk),
10038 si->dst_reg, si->src_reg,
10039 offsetof(struct bpf_sock_ops_kern, sk));
10040 *insn++ = BPF_LDX_MEM(BPF_H, si->dst_reg, si->dst_reg,
10041 offsetof(struct sock_common, skc_dport));
10042#ifndef __BIG_ENDIAN_BITFIELD
10043 *insn++ = BPF_ALU32_IMM(BPF_LSH, si->dst_reg, 16);
10044#endif
10045 break;
10046
10047 case offsetof(struct bpf_sock_ops, local_port):
10048 BUILD_BUG_ON(sizeof_field(struct sock_common, skc_num) != 2);
10049
10050 *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(
10051 struct bpf_sock_ops_kern, sk),
10052 si->dst_reg, si->src_reg,
10053 offsetof(struct bpf_sock_ops_kern, sk));
10054 *insn++ = BPF_LDX_MEM(BPF_H, si->dst_reg, si->dst_reg,
10055 offsetof(struct sock_common, skc_num));
10056 break;
10057
10058 case offsetof(struct bpf_sock_ops, is_fullsock):
10059 *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(
10060 struct bpf_sock_ops_kern,
10061 is_fullsock),
10062 si->dst_reg, si->src_reg,
10063 offsetof(struct bpf_sock_ops_kern,
10064 is_fullsock));
10065 break;
10066
10067 case offsetof(struct bpf_sock_ops, state):
10068 BUILD_BUG_ON(sizeof_field(struct sock_common, skc_state) != 1);
10069
10070 *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(
10071 struct bpf_sock_ops_kern, sk),
10072 si->dst_reg, si->src_reg,
10073 offsetof(struct bpf_sock_ops_kern, sk));
10074 *insn++ = BPF_LDX_MEM(BPF_B, si->dst_reg, si->dst_reg,
10075 offsetof(struct sock_common, skc_state));
10076 break;
10077
10078 case offsetof(struct bpf_sock_ops, rtt_min):
10079 BUILD_BUG_ON(sizeof_field(struct tcp_sock, rtt_min) !=
10080 sizeof(struct minmax));
10081 BUILD_BUG_ON(sizeof(struct minmax) <
10082 sizeof(struct minmax_sample));
10083
10084 *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(
10085 struct bpf_sock_ops_kern, sk),
10086 si->dst_reg, si->src_reg,
10087 offsetof(struct bpf_sock_ops_kern, sk));
10088 *insn++ = BPF_LDX_MEM(BPF_W, si->dst_reg, si->dst_reg,
10089 offsetof(struct tcp_sock, rtt_min) +
10090 sizeof_field(struct minmax_sample, t));
10091 break;
10092
10093 case offsetof(struct bpf_sock_ops, bpf_sock_ops_cb_flags):
10094 SOCK_OPS_GET_FIELD(bpf_sock_ops_cb_flags, bpf_sock_ops_cb_flags,
10095 struct tcp_sock);
10096 break;
10097
10098 case offsetof(struct bpf_sock_ops, sk_txhash):
10099 SOCK_OPS_GET_OR_SET_FIELD(sk_txhash, sk_txhash,
10100 struct sock, type);
10101 break;
10102 case offsetof(struct bpf_sock_ops, snd_cwnd):
10103 SOCK_OPS_GET_TCP_SOCK_FIELD(snd_cwnd);
10104 break;
10105 case offsetof(struct bpf_sock_ops, srtt_us):
10106 SOCK_OPS_GET_TCP_SOCK_FIELD(srtt_us);
10107 break;
10108 case offsetof(struct bpf_sock_ops, snd_ssthresh):
10109 SOCK_OPS_GET_TCP_SOCK_FIELD(snd_ssthresh);
10110 break;
10111 case offsetof(struct bpf_sock_ops, rcv_nxt):
10112 SOCK_OPS_GET_TCP_SOCK_FIELD(rcv_nxt);
10113 break;
10114 case offsetof(struct bpf_sock_ops, snd_nxt):
10115 SOCK_OPS_GET_TCP_SOCK_FIELD(snd_nxt);
10116 break;
10117 case offsetof(struct bpf_sock_ops, snd_una):
10118 SOCK_OPS_GET_TCP_SOCK_FIELD(snd_una);
10119 break;
10120 case offsetof(struct bpf_sock_ops, mss_cache):
10121 SOCK_OPS_GET_TCP_SOCK_FIELD(mss_cache);
10122 break;
10123 case offsetof(struct bpf_sock_ops, ecn_flags):
10124 SOCK_OPS_GET_TCP_SOCK_FIELD(ecn_flags);
10125 break;
10126 case offsetof(struct bpf_sock_ops, rate_delivered):
10127 SOCK_OPS_GET_TCP_SOCK_FIELD(rate_delivered);
10128 break;
10129 case offsetof(struct bpf_sock_ops, rate_interval_us):
10130 SOCK_OPS_GET_TCP_SOCK_FIELD(rate_interval_us);
10131 break;
10132 case offsetof(struct bpf_sock_ops, packets_out):
10133 SOCK_OPS_GET_TCP_SOCK_FIELD(packets_out);
10134 break;
10135 case offsetof(struct bpf_sock_ops, retrans_out):
10136 SOCK_OPS_GET_TCP_SOCK_FIELD(retrans_out);
10137 break;
10138 case offsetof(struct bpf_sock_ops, total_retrans):
10139 SOCK_OPS_GET_TCP_SOCK_FIELD(total_retrans);
10140 break;
10141 case offsetof(struct bpf_sock_ops, segs_in):
10142 SOCK_OPS_GET_TCP_SOCK_FIELD(segs_in);
10143 break;
10144 case offsetof(struct bpf_sock_ops, data_segs_in):
10145 SOCK_OPS_GET_TCP_SOCK_FIELD(data_segs_in);
10146 break;
10147 case offsetof(struct bpf_sock_ops, segs_out):
10148 SOCK_OPS_GET_TCP_SOCK_FIELD(segs_out);
10149 break;
10150 case offsetof(struct bpf_sock_ops, data_segs_out):
10151 SOCK_OPS_GET_TCP_SOCK_FIELD(data_segs_out);
10152 break;
10153 case offsetof(struct bpf_sock_ops, lost_out):
10154 SOCK_OPS_GET_TCP_SOCK_FIELD(lost_out);
10155 break;
10156 case offsetof(struct bpf_sock_ops, sacked_out):
10157 SOCK_OPS_GET_TCP_SOCK_FIELD(sacked_out);
10158 break;
10159 case offsetof(struct bpf_sock_ops, bytes_received):
10160 SOCK_OPS_GET_TCP_SOCK_FIELD(bytes_received);
10161 break;
10162 case offsetof(struct bpf_sock_ops, bytes_acked):
10163 SOCK_OPS_GET_TCP_SOCK_FIELD(bytes_acked);
10164 break;
10165 case offsetof(struct bpf_sock_ops, sk):
10166 SOCK_OPS_GET_SK();
10167 break;
10168 case offsetof(struct bpf_sock_ops, skb_data_end):
10169 *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct bpf_sock_ops_kern,
10170 skb_data_end),
10171 si->dst_reg, si->src_reg,
10172 offsetof(struct bpf_sock_ops_kern,
10173 skb_data_end));
10174 break;
10175 case offsetof(struct bpf_sock_ops, skb_data):
10176 *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct bpf_sock_ops_kern,
10177 skb),
10178 si->dst_reg, si->src_reg,
10179 offsetof(struct bpf_sock_ops_kern,
10180 skb));
10181 *insn++ = BPF_JMP_IMM(BPF_JEQ, si->dst_reg, 0, 1);
10182 *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct sk_buff, data),
10183 si->dst_reg, si->dst_reg,
10184 offsetof(struct sk_buff, data));
10185 break;
10186 case offsetof(struct bpf_sock_ops, skb_len):
10187 *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct bpf_sock_ops_kern,
10188 skb),
10189 si->dst_reg, si->src_reg,
10190 offsetof(struct bpf_sock_ops_kern,
10191 skb));
10192 *insn++ = BPF_JMP_IMM(BPF_JEQ, si->dst_reg, 0, 1);
10193 *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct sk_buff, len),
10194 si->dst_reg, si->dst_reg,
10195 offsetof(struct sk_buff, len));
10196 break;
10197 case offsetof(struct bpf_sock_ops, skb_tcp_flags):
10198 off = offsetof(struct sk_buff, cb);
10199 off += offsetof(struct tcp_skb_cb, tcp_flags);
10200 *target_size = sizeof_field(struct tcp_skb_cb, tcp_flags);
10201 *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct bpf_sock_ops_kern,
10202 skb),
10203 si->dst_reg, si->src_reg,
10204 offsetof(struct bpf_sock_ops_kern,
10205 skb));
10206 *insn++ = BPF_JMP_IMM(BPF_JEQ, si->dst_reg, 0, 1);
10207 *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct tcp_skb_cb,
10208 tcp_flags),
10209 si->dst_reg, si->dst_reg, off);
10210 break;
10211 }
10212 return insn - insn_buf;
10213}
10214
10215
10216static struct bpf_insn *bpf_convert_data_end_access(const struct bpf_insn *si,
10217 struct bpf_insn *insn)
10218{
10219 int reg;
10220 int temp_reg_off = offsetof(struct sk_buff, cb) +
10221 offsetof(struct sk_skb_cb, temp_reg);
10222
10223 if (si->src_reg == si->dst_reg) {
10224
10225 reg = BPF_REG_9;
10226 if (si->src_reg == reg || si->dst_reg == reg)
10227 reg--;
10228 if (si->src_reg == reg || si->dst_reg == reg)
10229 reg--;
10230 *insn++ = BPF_STX_MEM(BPF_DW, si->src_reg, reg, temp_reg_off);
10231 } else {
10232 reg = si->dst_reg;
10233 }
10234
10235
10236 *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct sk_buff, data),
10237 reg, si->src_reg,
10238 offsetof(struct sk_buff, data));
10239
10240 *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct sk_buff, len),
10241 BPF_REG_AX, si->src_reg,
10242 offsetof(struct sk_buff, len));
10243
10244 *insn++ = BPF_ALU64_REG(BPF_ADD, reg, BPF_REG_AX);
10245
10246 *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct sk_buff, data_len),
10247 BPF_REG_AX, si->src_reg,
10248 offsetof(struct sk_buff, data_len));
10249
10250
10251 *insn++ = BPF_ALU64_REG(BPF_SUB, reg, BPF_REG_AX);
10252
10253 if (si->src_reg == si->dst_reg) {
10254
10255 *insn++ = BPF_MOV64_REG(BPF_REG_AX, si->src_reg);
10256 *insn++ = BPF_MOV64_REG(si->dst_reg, reg);
10257 *insn++ = BPF_LDX_MEM(BPF_DW, reg, BPF_REG_AX, temp_reg_off);
10258 }
10259
10260 return insn;
10261}
10262
10263static u32 sk_skb_convert_ctx_access(enum bpf_access_type type,
10264 const struct bpf_insn *si,
10265 struct bpf_insn *insn_buf,
10266 struct bpf_prog *prog, u32 *target_size)
10267{
10268 struct bpf_insn *insn = insn_buf;
10269 int off;
10270
10271 switch (si->off) {
10272 case offsetof(struct __sk_buff, data_end):
10273 insn = bpf_convert_data_end_access(si, insn);
10274 break;
10275 case offsetof(struct __sk_buff, cb[0]) ...
10276 offsetofend(struct __sk_buff, cb[4]) - 1:
10277 BUILD_BUG_ON(sizeof_field(struct sk_skb_cb, data) < 20);
10278 BUILD_BUG_ON((offsetof(struct sk_buff, cb) +
10279 offsetof(struct sk_skb_cb, data)) %
10280 sizeof(__u64));
10281
10282 prog->cb_access = 1;
10283 off = si->off;
10284 off -= offsetof(struct __sk_buff, cb[0]);
10285 off += offsetof(struct sk_buff, cb);
10286 off += offsetof(struct sk_skb_cb, data);
10287 if (type == BPF_WRITE)
10288 *insn++ = BPF_STX_MEM(BPF_SIZE(si->code), si->dst_reg,
10289 si->src_reg, off);
10290 else
10291 *insn++ = BPF_LDX_MEM(BPF_SIZE(si->code), si->dst_reg,
10292 si->src_reg, off);
10293 break;
10294
10295
10296 default:
10297 return bpf_convert_ctx_access(type, si, insn_buf, prog,
10298 target_size);
10299 }
10300
10301 return insn - insn_buf;
10302}
10303
10304static u32 sk_msg_convert_ctx_access(enum bpf_access_type type,
10305 const struct bpf_insn *si,
10306 struct bpf_insn *insn_buf,
10307 struct bpf_prog *prog, u32 *target_size)
10308{
10309 struct bpf_insn *insn = insn_buf;
10310#if IS_ENABLED(CONFIG_IPV6)
10311 int off;
10312#endif
10313
10314
10315 BUILD_BUG_ON(offsetof(struct sk_msg, sg) != 0);
10316
10317 switch (si->off) {
10318 case offsetof(struct sk_msg_md, data):
10319 *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct sk_msg, data),
10320 si->dst_reg, si->src_reg,
10321 offsetof(struct sk_msg, data));
10322 break;
10323 case offsetof(struct sk_msg_md, data_end):
10324 *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct sk_msg, data_end),
10325 si->dst_reg, si->src_reg,
10326 offsetof(struct sk_msg, data_end));
10327 break;
10328 case offsetof(struct sk_msg_md, family):
10329 BUILD_BUG_ON(sizeof_field(struct sock_common, skc_family) != 2);
10330
10331 *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(
10332 struct sk_msg, sk),
10333 si->dst_reg, si->src_reg,
10334 offsetof(struct sk_msg, sk));
10335 *insn++ = BPF_LDX_MEM(BPF_H, si->dst_reg, si->dst_reg,
10336 offsetof(struct sock_common, skc_family));
10337 break;
10338
10339 case offsetof(struct sk_msg_md, remote_ip4):
10340 BUILD_BUG_ON(sizeof_field(struct sock_common, skc_daddr) != 4);
10341
10342 *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(
10343 struct sk_msg, sk),
10344 si->dst_reg, si->src_reg,
10345 offsetof(struct sk_msg, sk));
10346 *insn++ = BPF_LDX_MEM(BPF_W, si->dst_reg, si->dst_reg,
10347 offsetof(struct sock_common, skc_daddr));
10348 break;
10349
10350 case offsetof(struct sk_msg_md, local_ip4):
10351 BUILD_BUG_ON(sizeof_field(struct sock_common,
10352 skc_rcv_saddr) != 4);
10353
10354 *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(
10355 struct sk_msg, sk),
10356 si->dst_reg, si->src_reg,
10357 offsetof(struct sk_msg, sk));
10358 *insn++ = BPF_LDX_MEM(BPF_W, si->dst_reg, si->dst_reg,
10359 offsetof(struct sock_common,
10360 skc_rcv_saddr));
10361 break;
10362
10363 case offsetof(struct sk_msg_md, remote_ip6[0]) ...
10364 offsetof(struct sk_msg_md, remote_ip6[3]):
10365#if IS_ENABLED(CONFIG_IPV6)
10366 BUILD_BUG_ON(sizeof_field(struct sock_common,
10367 skc_v6_daddr.s6_addr32[0]) != 4);
10368
10369 off = si->off;
10370 off -= offsetof(struct sk_msg_md, remote_ip6[0]);
10371 *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(
10372 struct sk_msg, sk),
10373 si->dst_reg, si->src_reg,
10374 offsetof(struct sk_msg, sk));
10375 *insn++ = BPF_LDX_MEM(BPF_W, si->dst_reg, si->dst_reg,
10376 offsetof(struct sock_common,
10377 skc_v6_daddr.s6_addr32[0]) +
10378 off);
10379#else
10380 *insn++ = BPF_MOV32_IMM(si->dst_reg, 0);
10381#endif
10382 break;
10383
10384 case offsetof(struct sk_msg_md, local_ip6[0]) ...
10385 offsetof(struct sk_msg_md, local_ip6[3]):
10386#if IS_ENABLED(CONFIG_IPV6)
10387 BUILD_BUG_ON(sizeof_field(struct sock_common,
10388 skc_v6_rcv_saddr.s6_addr32[0]) != 4);
10389
10390 off = si->off;
10391 off -= offsetof(struct sk_msg_md, local_ip6[0]);
10392 *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(
10393 struct sk_msg, sk),
10394 si->dst_reg, si->src_reg,
10395 offsetof(struct sk_msg, sk));
10396 *insn++ = BPF_LDX_MEM(BPF_W, si->dst_reg, si->dst_reg,
10397 offsetof(struct sock_common,
10398 skc_v6_rcv_saddr.s6_addr32[0]) +
10399 off);
10400#else
10401 *insn++ = BPF_MOV32_IMM(si->dst_reg, 0);
10402#endif
10403 break;
10404
10405 case offsetof(struct sk_msg_md, remote_port):
10406 BUILD_BUG_ON(sizeof_field(struct sock_common, skc_dport) != 2);
10407
10408 *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(
10409 struct sk_msg, sk),
10410 si->dst_reg, si->src_reg,
10411 offsetof(struct sk_msg, sk));
10412 *insn++ = BPF_LDX_MEM(BPF_H, si->dst_reg, si->dst_reg,
10413 offsetof(struct sock_common, skc_dport));
10414#ifndef __BIG_ENDIAN_BITFIELD
10415 *insn++ = BPF_ALU32_IMM(BPF_LSH, si->dst_reg, 16);
10416#endif
10417 break;
10418
10419 case offsetof(struct sk_msg_md, local_port):
10420 BUILD_BUG_ON(sizeof_field(struct sock_common, skc_num) != 2);
10421
10422 *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(
10423 struct sk_msg, sk),
10424 si->dst_reg, si->src_reg,
10425 offsetof(struct sk_msg, sk));
10426 *insn++ = BPF_LDX_MEM(BPF_H, si->dst_reg, si->dst_reg,
10427 offsetof(struct sock_common, skc_num));
10428 break;
10429
10430 case offsetof(struct sk_msg_md, size):
10431 *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct sk_msg_sg, size),
10432 si->dst_reg, si->src_reg,
10433 offsetof(struct sk_msg_sg, size));
10434 break;
10435
10436 case offsetof(struct sk_msg_md, sk):
10437 *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct sk_msg, sk),
10438 si->dst_reg, si->src_reg,
10439 offsetof(struct sk_msg, sk));
10440 break;
10441 }
10442
10443 return insn - insn_buf;
10444}
10445
10446const struct bpf_verifier_ops sk_filter_verifier_ops = {
10447 .get_func_proto = sk_filter_func_proto,
10448 .is_valid_access = sk_filter_is_valid_access,
10449 .convert_ctx_access = bpf_convert_ctx_access,
10450 .gen_ld_abs = bpf_gen_ld_abs,
10451};
10452
10453const struct bpf_prog_ops sk_filter_prog_ops = {
10454 .test_run = bpf_prog_test_run_skb,
10455};
10456
10457const struct bpf_verifier_ops tc_cls_act_verifier_ops = {
10458 .get_func_proto = tc_cls_act_func_proto,
10459 .is_valid_access = tc_cls_act_is_valid_access,
10460 .convert_ctx_access = tc_cls_act_convert_ctx_access,
10461 .gen_prologue = tc_cls_act_prologue,
10462 .gen_ld_abs = bpf_gen_ld_abs,
10463};
10464
10465const struct bpf_prog_ops tc_cls_act_prog_ops = {
10466 .test_run = bpf_prog_test_run_skb,
10467};
10468
10469const struct bpf_verifier_ops xdp_verifier_ops = {
10470 .get_func_proto = xdp_func_proto,
10471 .is_valid_access = xdp_is_valid_access,
10472 .convert_ctx_access = xdp_convert_ctx_access,
10473 .gen_prologue = bpf_noop_prologue,
10474};
10475
10476const struct bpf_prog_ops xdp_prog_ops = {
10477 .test_run = bpf_prog_test_run_xdp,
10478};
10479
10480const struct bpf_verifier_ops cg_skb_verifier_ops = {
10481 .get_func_proto = cg_skb_func_proto,
10482 .is_valid_access = cg_skb_is_valid_access,
10483 .convert_ctx_access = bpf_convert_ctx_access,
10484};
10485
10486const struct bpf_prog_ops cg_skb_prog_ops = {
10487 .test_run = bpf_prog_test_run_skb,
10488};
10489
10490const struct bpf_verifier_ops lwt_in_verifier_ops = {
10491 .get_func_proto = lwt_in_func_proto,
10492 .is_valid_access = lwt_is_valid_access,
10493 .convert_ctx_access = bpf_convert_ctx_access,
10494};
10495
10496const struct bpf_prog_ops lwt_in_prog_ops = {
10497 .test_run = bpf_prog_test_run_skb,
10498};
10499
10500const struct bpf_verifier_ops lwt_out_verifier_ops = {
10501 .get_func_proto = lwt_out_func_proto,
10502 .is_valid_access = lwt_is_valid_access,
10503 .convert_ctx_access = bpf_convert_ctx_access,
10504};
10505
10506const struct bpf_prog_ops lwt_out_prog_ops = {
10507 .test_run = bpf_prog_test_run_skb,
10508};
10509
10510const struct bpf_verifier_ops lwt_xmit_verifier_ops = {
10511 .get_func_proto = lwt_xmit_func_proto,
10512 .is_valid_access = lwt_is_valid_access,
10513 .convert_ctx_access = bpf_convert_ctx_access,
10514 .gen_prologue = tc_cls_act_prologue,
10515};
10516
10517const struct bpf_prog_ops lwt_xmit_prog_ops = {
10518 .test_run = bpf_prog_test_run_skb,
10519};
10520
10521const struct bpf_verifier_ops lwt_seg6local_verifier_ops = {
10522 .get_func_proto = lwt_seg6local_func_proto,
10523 .is_valid_access = lwt_is_valid_access,
10524 .convert_ctx_access = bpf_convert_ctx_access,
10525};
10526
10527const struct bpf_prog_ops lwt_seg6local_prog_ops = {
10528 .test_run = bpf_prog_test_run_skb,
10529};
10530
10531const struct bpf_verifier_ops cg_sock_verifier_ops = {
10532 .get_func_proto = sock_filter_func_proto,
10533 .is_valid_access = sock_filter_is_valid_access,
10534 .convert_ctx_access = bpf_sock_convert_ctx_access,
10535};
10536
10537const struct bpf_prog_ops cg_sock_prog_ops = {
10538};
10539
10540const struct bpf_verifier_ops cg_sock_addr_verifier_ops = {
10541 .get_func_proto = sock_addr_func_proto,
10542 .is_valid_access = sock_addr_is_valid_access,
10543 .convert_ctx_access = sock_addr_convert_ctx_access,
10544};
10545
10546const struct bpf_prog_ops cg_sock_addr_prog_ops = {
10547};
10548
10549const struct bpf_verifier_ops sock_ops_verifier_ops = {
10550 .get_func_proto = sock_ops_func_proto,
10551 .is_valid_access = sock_ops_is_valid_access,
10552 .convert_ctx_access = sock_ops_convert_ctx_access,
10553};
10554
10555const struct bpf_prog_ops sock_ops_prog_ops = {
10556};
10557
10558const struct bpf_verifier_ops sk_skb_verifier_ops = {
10559 .get_func_proto = sk_skb_func_proto,
10560 .is_valid_access = sk_skb_is_valid_access,
10561 .convert_ctx_access = sk_skb_convert_ctx_access,
10562 .gen_prologue = sk_skb_prologue,
10563};
10564
10565const struct bpf_prog_ops sk_skb_prog_ops = {
10566};
10567
10568const struct bpf_verifier_ops sk_msg_verifier_ops = {
10569 .get_func_proto = sk_msg_func_proto,
10570 .is_valid_access = sk_msg_is_valid_access,
10571 .convert_ctx_access = sk_msg_convert_ctx_access,
10572 .gen_prologue = bpf_noop_prologue,
10573};
10574
10575const struct bpf_prog_ops sk_msg_prog_ops = {
10576};
10577
10578const struct bpf_verifier_ops flow_dissector_verifier_ops = {
10579 .get_func_proto = flow_dissector_func_proto,
10580 .is_valid_access = flow_dissector_is_valid_access,
10581 .convert_ctx_access = flow_dissector_convert_ctx_access,
10582};
10583
10584const struct bpf_prog_ops flow_dissector_prog_ops = {
10585 .test_run = bpf_prog_test_run_flow_dissector,
10586};
10587
10588int sk_detach_filter(struct sock *sk)
10589{
10590 int ret = -ENOENT;
10591 struct sk_filter *filter;
10592
10593 if (sock_flag(sk, SOCK_FILTER_LOCKED))
10594 return -EPERM;
10595
10596 filter = rcu_dereference_protected(sk->sk_filter,
10597 lockdep_sock_is_held(sk));
10598 if (filter) {
10599 RCU_INIT_POINTER(sk->sk_filter, NULL);
10600 sk_filter_uncharge(sk, filter);
10601 ret = 0;
10602 }
10603
10604 return ret;
10605}
10606EXPORT_SYMBOL_GPL(sk_detach_filter);
10607
10608int sk_get_filter(struct sock *sk, struct sock_filter __user *ubuf,
10609 unsigned int len)
10610{
10611 struct sock_fprog_kern *fprog;
10612 struct sk_filter *filter;
10613 int ret = 0;
10614
10615 lock_sock(sk);
10616 filter = rcu_dereference_protected(sk->sk_filter,
10617 lockdep_sock_is_held(sk));
10618 if (!filter)
10619 goto out;
10620
10621
10622
10623
10624
10625 ret = -EACCES;
10626 fprog = filter->prog->orig_prog;
10627 if (!fprog)
10628 goto out;
10629
10630 ret = fprog->len;
10631 if (!len)
10632
10633 goto out;
10634
10635 ret = -EINVAL;
10636 if (len < fprog->len)
10637 goto out;
10638
10639 ret = -EFAULT;
10640 if (copy_to_user(ubuf, fprog->filter, bpf_classic_proglen(fprog)))
10641 goto out;
10642
10643
10644
10645
10646 ret = fprog->len;
10647out:
10648 release_sock(sk);
10649 return ret;
10650}
10651
10652#ifdef CONFIG_INET
10653static void bpf_init_reuseport_kern(struct sk_reuseport_kern *reuse_kern,
10654 struct sock_reuseport *reuse,
10655 struct sock *sk, struct sk_buff *skb,
10656 struct sock *migrating_sk,
10657 u32 hash)
10658{
10659 reuse_kern->skb = skb;
10660 reuse_kern->sk = sk;
10661 reuse_kern->selected_sk = NULL;
10662 reuse_kern->migrating_sk = migrating_sk;
10663 reuse_kern->data_end = skb->data + skb_headlen(skb);
10664 reuse_kern->hash = hash;
10665 reuse_kern->reuseport_id = reuse->reuseport_id;
10666 reuse_kern->bind_inany = reuse->bind_inany;
10667}
10668
10669struct sock *bpf_run_sk_reuseport(struct sock_reuseport *reuse, struct sock *sk,
10670 struct bpf_prog *prog, struct sk_buff *skb,
10671 struct sock *migrating_sk,
10672 u32 hash)
10673{
10674 struct sk_reuseport_kern reuse_kern;
10675 enum sk_action action;
10676
10677 bpf_init_reuseport_kern(&reuse_kern, reuse, sk, skb, migrating_sk, hash);
10678 action = bpf_prog_run(prog, &reuse_kern);
10679
10680 if (action == SK_PASS)
10681 return reuse_kern.selected_sk;
10682 else
10683 return ERR_PTR(-ECONNREFUSED);
10684}
10685
10686BPF_CALL_4(sk_select_reuseport, struct sk_reuseport_kern *, reuse_kern,
10687 struct bpf_map *, map, void *, key, u32, flags)
10688{
10689 bool is_sockarray = map->map_type == BPF_MAP_TYPE_REUSEPORT_SOCKARRAY;
10690 struct sock_reuseport *reuse;
10691 struct sock *selected_sk;
10692
10693 selected_sk = map->ops->map_lookup_elem(map, key);
10694 if (!selected_sk)
10695 return -ENOENT;
10696
10697 reuse = rcu_dereference(selected_sk->sk_reuseport_cb);
10698 if (!reuse) {
10699
10700 if (sk_is_refcounted(selected_sk))
10701 sock_put(selected_sk);
10702
10703
10704
10705
10706
10707
10708
10709
10710 return is_sockarray ? -ENOENT : -EINVAL;
10711 }
10712
10713 if (unlikely(reuse->reuseport_id != reuse_kern->reuseport_id)) {
10714 struct sock *sk = reuse_kern->sk;
10715
10716 if (sk->sk_protocol != selected_sk->sk_protocol)
10717 return -EPROTOTYPE;
10718 else if (sk->sk_family != selected_sk->sk_family)
10719 return -EAFNOSUPPORT;
10720
10721
10722 return -EBADFD;
10723 }
10724
10725 reuse_kern->selected_sk = selected_sk;
10726
10727 return 0;
10728}
10729
10730static const struct bpf_func_proto sk_select_reuseport_proto = {
10731 .func = sk_select_reuseport,
10732 .gpl_only = false,
10733 .ret_type = RET_INTEGER,
10734 .arg1_type = ARG_PTR_TO_CTX,
10735 .arg2_type = ARG_CONST_MAP_PTR,
10736 .arg3_type = ARG_PTR_TO_MAP_KEY,
10737 .arg4_type = ARG_ANYTHING,
10738};
10739
10740BPF_CALL_4(sk_reuseport_load_bytes,
10741 const struct sk_reuseport_kern *, reuse_kern, u32, offset,
10742 void *, to, u32, len)
10743{
10744 return ____bpf_skb_load_bytes(reuse_kern->skb, offset, to, len);
10745}
10746
10747static const struct bpf_func_proto sk_reuseport_load_bytes_proto = {
10748 .func = sk_reuseport_load_bytes,
10749 .gpl_only = false,
10750 .ret_type = RET_INTEGER,
10751 .arg1_type = ARG_PTR_TO_CTX,
10752 .arg2_type = ARG_ANYTHING,
10753 .arg3_type = ARG_PTR_TO_UNINIT_MEM,
10754 .arg4_type = ARG_CONST_SIZE,
10755};
10756
10757BPF_CALL_5(sk_reuseport_load_bytes_relative,
10758 const struct sk_reuseport_kern *, reuse_kern, u32, offset,
10759 void *, to, u32, len, u32, start_header)
10760{
10761 return ____bpf_skb_load_bytes_relative(reuse_kern->skb, offset, to,
10762 len, start_header);
10763}
10764
10765static const struct bpf_func_proto sk_reuseport_load_bytes_relative_proto = {
10766 .func = sk_reuseport_load_bytes_relative,
10767 .gpl_only = false,
10768 .ret_type = RET_INTEGER,
10769 .arg1_type = ARG_PTR_TO_CTX,
10770 .arg2_type = ARG_ANYTHING,
10771 .arg3_type = ARG_PTR_TO_UNINIT_MEM,
10772 .arg4_type = ARG_CONST_SIZE,
10773 .arg5_type = ARG_ANYTHING,
10774};
10775
10776static const struct bpf_func_proto *
10777sk_reuseport_func_proto(enum bpf_func_id func_id,
10778 const struct bpf_prog *prog)
10779{
10780 switch (func_id) {
10781 case BPF_FUNC_sk_select_reuseport:
10782 return &sk_select_reuseport_proto;
10783 case BPF_FUNC_skb_load_bytes:
10784 return &sk_reuseport_load_bytes_proto;
10785 case BPF_FUNC_skb_load_bytes_relative:
10786 return &sk_reuseport_load_bytes_relative_proto;
10787 case BPF_FUNC_get_socket_cookie:
10788 return &bpf_get_socket_ptr_cookie_proto;
10789 case BPF_FUNC_ktime_get_coarse_ns:
10790 return &bpf_ktime_get_coarse_ns_proto;
10791 default:
10792 return bpf_base_func_proto(func_id);
10793 }
10794}
10795
10796static bool
10797sk_reuseport_is_valid_access(int off, int size,
10798 enum bpf_access_type type,
10799 const struct bpf_prog *prog,
10800 struct bpf_insn_access_aux *info)
10801{
10802 const u32 size_default = sizeof(__u32);
10803
10804 if (off < 0 || off >= sizeof(struct sk_reuseport_md) ||
10805 off % size || type != BPF_READ)
10806 return false;
10807
10808 switch (off) {
10809 case offsetof(struct sk_reuseport_md, data):
10810 info->reg_type = PTR_TO_PACKET;
10811 return size == sizeof(__u64);
10812
10813 case offsetof(struct sk_reuseport_md, data_end):
10814 info->reg_type = PTR_TO_PACKET_END;
10815 return size == sizeof(__u64);
10816
10817 case offsetof(struct sk_reuseport_md, hash):
10818 return size == size_default;
10819
10820 case offsetof(struct sk_reuseport_md, sk):
10821 info->reg_type = PTR_TO_SOCKET;
10822 return size == sizeof(__u64);
10823
10824 case offsetof(struct sk_reuseport_md, migrating_sk):
10825 info->reg_type = PTR_TO_SOCK_COMMON_OR_NULL;
10826 return size == sizeof(__u64);
10827
10828
10829 case bpf_ctx_range(struct sk_reuseport_md, eth_protocol):
10830 if (size < sizeof_field(struct sk_buff, protocol))
10831 return false;
10832 fallthrough;
10833 case bpf_ctx_range(struct sk_reuseport_md, ip_protocol):
10834 case bpf_ctx_range(struct sk_reuseport_md, bind_inany):
10835 case bpf_ctx_range(struct sk_reuseport_md, len):
10836 bpf_ctx_record_field_size(info, size_default);
10837 return bpf_ctx_narrow_access_ok(off, size, size_default);
10838
10839 default:
10840 return false;
10841 }
10842}
10843
10844#define SK_REUSEPORT_LOAD_FIELD(F) ({ \
10845 *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct sk_reuseport_kern, F), \
10846 si->dst_reg, si->src_reg, \
10847 bpf_target_off(struct sk_reuseport_kern, F, \
10848 sizeof_field(struct sk_reuseport_kern, F), \
10849 target_size)); \
10850 })
10851
10852#define SK_REUSEPORT_LOAD_SKB_FIELD(SKB_FIELD) \
10853 SOCK_ADDR_LOAD_NESTED_FIELD(struct sk_reuseport_kern, \
10854 struct sk_buff, \
10855 skb, \
10856 SKB_FIELD)
10857
10858#define SK_REUSEPORT_LOAD_SK_FIELD(SK_FIELD) \
10859 SOCK_ADDR_LOAD_NESTED_FIELD(struct sk_reuseport_kern, \
10860 struct sock, \
10861 sk, \
10862 SK_FIELD)
10863
10864static u32 sk_reuseport_convert_ctx_access(enum bpf_access_type type,
10865 const struct bpf_insn *si,
10866 struct bpf_insn *insn_buf,
10867 struct bpf_prog *prog,
10868 u32 *target_size)
10869{
10870 struct bpf_insn *insn = insn_buf;
10871
10872 switch (si->off) {
10873 case offsetof(struct sk_reuseport_md, data):
10874 SK_REUSEPORT_LOAD_SKB_FIELD(data);
10875 break;
10876
10877 case offsetof(struct sk_reuseport_md, len):
10878 SK_REUSEPORT_LOAD_SKB_FIELD(len);
10879 break;
10880
10881 case offsetof(struct sk_reuseport_md, eth_protocol):
10882 SK_REUSEPORT_LOAD_SKB_FIELD(protocol);
10883 break;
10884
10885 case offsetof(struct sk_reuseport_md, ip_protocol):
10886 SK_REUSEPORT_LOAD_SK_FIELD(sk_protocol);
10887 break;
10888
10889 case offsetof(struct sk_reuseport_md, data_end):
10890 SK_REUSEPORT_LOAD_FIELD(data_end);
10891 break;
10892
10893 case offsetof(struct sk_reuseport_md, hash):
10894 SK_REUSEPORT_LOAD_FIELD(hash);
10895 break;
10896
10897 case offsetof(struct sk_reuseport_md, bind_inany):
10898 SK_REUSEPORT_LOAD_FIELD(bind_inany);
10899 break;
10900
10901 case offsetof(struct sk_reuseport_md, sk):
10902 SK_REUSEPORT_LOAD_FIELD(sk);
10903 break;
10904
10905 case offsetof(struct sk_reuseport_md, migrating_sk):
10906 SK_REUSEPORT_LOAD_FIELD(migrating_sk);
10907 break;
10908 }
10909
10910 return insn - insn_buf;
10911}
10912
10913const struct bpf_verifier_ops sk_reuseport_verifier_ops = {
10914 .get_func_proto = sk_reuseport_func_proto,
10915 .is_valid_access = sk_reuseport_is_valid_access,
10916 .convert_ctx_access = sk_reuseport_convert_ctx_access,
10917};
10918
10919const struct bpf_prog_ops sk_reuseport_prog_ops = {
10920};
10921
10922DEFINE_STATIC_KEY_FALSE(bpf_sk_lookup_enabled);
10923EXPORT_SYMBOL(bpf_sk_lookup_enabled);
10924
10925BPF_CALL_3(bpf_sk_lookup_assign, struct bpf_sk_lookup_kern *, ctx,
10926 struct sock *, sk, u64, flags)
10927{
10928 if (unlikely(flags & ~(BPF_SK_LOOKUP_F_REPLACE |
10929 BPF_SK_LOOKUP_F_NO_REUSEPORT)))
10930 return -EINVAL;
10931 if (unlikely(sk && sk_is_refcounted(sk)))
10932 return -ESOCKTNOSUPPORT;
10933 if (unlikely(sk && sk_is_tcp(sk) && sk->sk_state != TCP_LISTEN))
10934 return -ESOCKTNOSUPPORT;
10935 if (unlikely(sk && sk_is_udp(sk) && sk->sk_state != TCP_CLOSE))
10936 return -ESOCKTNOSUPPORT;
10937
10938
10939 if (sk && sk->sk_protocol != ctx->protocol)
10940 return -EPROTOTYPE;
10941 if (sk && sk->sk_family != ctx->family &&
10942 (sk->sk_family == AF_INET || ipv6_only_sock(sk)))
10943 return -EAFNOSUPPORT;
10944
10945 if (ctx->selected_sk && !(flags & BPF_SK_LOOKUP_F_REPLACE))
10946 return -EEXIST;
10947
10948
10949 ctx->selected_sk = sk;
10950 ctx->no_reuseport = flags & BPF_SK_LOOKUP_F_NO_REUSEPORT;
10951 return 0;
10952}
10953
10954static const struct bpf_func_proto bpf_sk_lookup_assign_proto = {
10955 .func = bpf_sk_lookup_assign,
10956 .gpl_only = false,
10957 .ret_type = RET_INTEGER,
10958 .arg1_type = ARG_PTR_TO_CTX,
10959 .arg2_type = ARG_PTR_TO_SOCKET_OR_NULL,
10960 .arg3_type = ARG_ANYTHING,
10961};
10962
10963static const struct bpf_func_proto *
10964sk_lookup_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog)
10965{
10966 switch (func_id) {
10967 case BPF_FUNC_perf_event_output:
10968 return &bpf_event_output_data_proto;
10969 case BPF_FUNC_sk_assign:
10970 return &bpf_sk_lookup_assign_proto;
10971 case BPF_FUNC_sk_release:
10972 return &bpf_sk_release_proto;
10973 default:
10974 return bpf_sk_base_func_proto(func_id);
10975 }
10976}
10977
10978static bool sk_lookup_is_valid_access(int off, int size,
10979 enum bpf_access_type type,
10980 const struct bpf_prog *prog,
10981 struct bpf_insn_access_aux *info)
10982{
10983 if (off < 0 || off >= sizeof(struct bpf_sk_lookup))
10984 return false;
10985 if (off % size != 0)
10986 return false;
10987 if (type != BPF_READ)
10988 return false;
10989
10990 switch (off) {
10991 case offsetof(struct bpf_sk_lookup, sk):
10992 info->reg_type = PTR_TO_SOCKET_OR_NULL;
10993 return size == sizeof(__u64);
10994
10995 case bpf_ctx_range(struct bpf_sk_lookup, family):
10996 case bpf_ctx_range(struct bpf_sk_lookup, protocol):
10997 case bpf_ctx_range(struct bpf_sk_lookup, remote_ip4):
10998 case bpf_ctx_range(struct bpf_sk_lookup, local_ip4):
10999 case bpf_ctx_range_till(struct bpf_sk_lookup, remote_ip6[0], remote_ip6[3]):
11000 case bpf_ctx_range_till(struct bpf_sk_lookup, local_ip6[0], local_ip6[3]):
11001 case bpf_ctx_range(struct bpf_sk_lookup, local_port):
11002 case bpf_ctx_range(struct bpf_sk_lookup, ingress_ifindex):
11003 bpf_ctx_record_field_size(info, sizeof(__u32));
11004 return bpf_ctx_narrow_access_ok(off, size, sizeof(__u32));
11005
11006 case bpf_ctx_range(struct bpf_sk_lookup, remote_port):
11007
11008 if (size == sizeof(__u32))
11009 return true;
11010 bpf_ctx_record_field_size(info, sizeof(__be16));
11011 return bpf_ctx_narrow_access_ok(off, size, sizeof(__be16));
11012
11013 case offsetofend(struct bpf_sk_lookup, remote_port) ...
11014 offsetof(struct bpf_sk_lookup, local_ip4) - 1:
11015
11016 bpf_ctx_record_field_size(info, sizeof(__u16));
11017 return bpf_ctx_narrow_access_ok(off, size, sizeof(__u16));
11018
11019 default:
11020 return false;
11021 }
11022}
11023
11024static u32 sk_lookup_convert_ctx_access(enum bpf_access_type type,
11025 const struct bpf_insn *si,
11026 struct bpf_insn *insn_buf,
11027 struct bpf_prog *prog,
11028 u32 *target_size)
11029{
11030 struct bpf_insn *insn = insn_buf;
11031
11032 switch (si->off) {
11033 case offsetof(struct bpf_sk_lookup, sk):
11034 *insn++ = BPF_LDX_MEM(BPF_SIZEOF(void *), si->dst_reg, si->src_reg,
11035 offsetof(struct bpf_sk_lookup_kern, selected_sk));
11036 break;
11037
11038 case offsetof(struct bpf_sk_lookup, family):
11039 *insn++ = BPF_LDX_MEM(BPF_H, si->dst_reg, si->src_reg,
11040 bpf_target_off(struct bpf_sk_lookup_kern,
11041 family, 2, target_size));
11042 break;
11043
11044 case offsetof(struct bpf_sk_lookup, protocol):
11045 *insn++ = BPF_LDX_MEM(BPF_H, si->dst_reg, si->src_reg,
11046 bpf_target_off(struct bpf_sk_lookup_kern,
11047 protocol, 2, target_size));
11048 break;
11049
11050 case offsetof(struct bpf_sk_lookup, remote_ip4):
11051 *insn++ = BPF_LDX_MEM(BPF_W, si->dst_reg, si->src_reg,
11052 bpf_target_off(struct bpf_sk_lookup_kern,
11053 v4.saddr, 4, target_size));
11054 break;
11055
11056 case offsetof(struct bpf_sk_lookup, local_ip4):
11057 *insn++ = BPF_LDX_MEM(BPF_W, si->dst_reg, si->src_reg,
11058 bpf_target_off(struct bpf_sk_lookup_kern,
11059 v4.daddr, 4, target_size));
11060 break;
11061
11062 case bpf_ctx_range_till(struct bpf_sk_lookup,
11063 remote_ip6[0], remote_ip6[3]): {
11064#if IS_ENABLED(CONFIG_IPV6)
11065 int off = si->off;
11066
11067 off -= offsetof(struct bpf_sk_lookup, remote_ip6[0]);
11068 off += bpf_target_off(struct in6_addr, s6_addr32[0], 4, target_size);
11069 *insn++ = BPF_LDX_MEM(BPF_SIZEOF(void *), si->dst_reg, si->src_reg,
11070 offsetof(struct bpf_sk_lookup_kern, v6.saddr));
11071 *insn++ = BPF_JMP_IMM(BPF_JEQ, si->dst_reg, 0, 1);
11072 *insn++ = BPF_LDX_MEM(BPF_W, si->dst_reg, si->dst_reg, off);
11073#else
11074 *insn++ = BPF_MOV32_IMM(si->dst_reg, 0);
11075#endif
11076 break;
11077 }
11078 case bpf_ctx_range_till(struct bpf_sk_lookup,
11079 local_ip6[0], local_ip6[3]): {
11080#if IS_ENABLED(CONFIG_IPV6)
11081 int off = si->off;
11082
11083 off -= offsetof(struct bpf_sk_lookup, local_ip6[0]);
11084 off += bpf_target_off(struct in6_addr, s6_addr32[0], 4, target_size);
11085 *insn++ = BPF_LDX_MEM(BPF_SIZEOF(void *), si->dst_reg, si->src_reg,
11086 offsetof(struct bpf_sk_lookup_kern, v6.daddr));
11087 *insn++ = BPF_JMP_IMM(BPF_JEQ, si->dst_reg, 0, 1);
11088 *insn++ = BPF_LDX_MEM(BPF_W, si->dst_reg, si->dst_reg, off);
11089#else
11090 *insn++ = BPF_MOV32_IMM(si->dst_reg, 0);
11091#endif
11092 break;
11093 }
11094 case offsetof(struct bpf_sk_lookup, remote_port):
11095 *insn++ = BPF_LDX_MEM(BPF_H, si->dst_reg, si->src_reg,
11096 bpf_target_off(struct bpf_sk_lookup_kern,
11097 sport, 2, target_size));
11098 break;
11099
11100 case offsetofend(struct bpf_sk_lookup, remote_port):
11101 *target_size = 2;
11102 *insn++ = BPF_MOV32_IMM(si->dst_reg, 0);
11103 break;
11104
11105 case offsetof(struct bpf_sk_lookup, local_port):
11106 *insn++ = BPF_LDX_MEM(BPF_H, si->dst_reg, si->src_reg,
11107 bpf_target_off(struct bpf_sk_lookup_kern,
11108 dport, 2, target_size));
11109 break;
11110
11111 case offsetof(struct bpf_sk_lookup, ingress_ifindex):
11112 *insn++ = BPF_LDX_MEM(BPF_W, si->dst_reg, si->src_reg,
11113 bpf_target_off(struct bpf_sk_lookup_kern,
11114 ingress_ifindex, 4, target_size));
11115 break;
11116 }
11117
11118 return insn - insn_buf;
11119}
11120
11121const struct bpf_prog_ops sk_lookup_prog_ops = {
11122 .test_run = bpf_prog_test_run_sk_lookup,
11123};
11124
11125const struct bpf_verifier_ops sk_lookup_verifier_ops = {
11126 .get_func_proto = sk_lookup_func_proto,
11127 .is_valid_access = sk_lookup_is_valid_access,
11128 .convert_ctx_access = sk_lookup_convert_ctx_access,
11129};
11130
11131#endif
11132
11133DEFINE_BPF_DISPATCHER(xdp)
11134
11135void bpf_prog_change_xdp(struct bpf_prog *prev_prog, struct bpf_prog *prog)
11136{
11137 bpf_dispatcher_change_prog(BPF_DISPATCHER_PTR(xdp), prev_prog, prog);
11138}
11139
11140BTF_ID_LIST_GLOBAL(btf_sock_ids, MAX_BTF_SOCK_TYPE)
11141#define BTF_SOCK_TYPE(name, type) BTF_ID(struct, type)
11142BTF_SOCK_TYPE_xxx
11143#undef BTF_SOCK_TYPE
11144
11145BPF_CALL_1(bpf_skc_to_tcp6_sock, struct sock *, sk)
11146{
11147
11148
11149
11150 BTF_TYPE_EMIT(struct tcp6_sock);
11151 if (sk && sk_fullsock(sk) && sk->sk_protocol == IPPROTO_TCP &&
11152 sk->sk_family == AF_INET6)
11153 return (unsigned long)sk;
11154
11155 return (unsigned long)NULL;
11156}
11157
11158const struct bpf_func_proto bpf_skc_to_tcp6_sock_proto = {
11159 .func = bpf_skc_to_tcp6_sock,
11160 .gpl_only = false,
11161 .ret_type = RET_PTR_TO_BTF_ID_OR_NULL,
11162 .arg1_type = ARG_PTR_TO_BTF_ID_SOCK_COMMON,
11163 .ret_btf_id = &btf_sock_ids[BTF_SOCK_TYPE_TCP6],
11164};
11165
11166BPF_CALL_1(bpf_skc_to_tcp_sock, struct sock *, sk)
11167{
11168 if (sk && sk_fullsock(sk) && sk->sk_protocol == IPPROTO_TCP)
11169 return (unsigned long)sk;
11170
11171 return (unsigned long)NULL;
11172}
11173
11174const struct bpf_func_proto bpf_skc_to_tcp_sock_proto = {
11175 .func = bpf_skc_to_tcp_sock,
11176 .gpl_only = false,
11177 .ret_type = RET_PTR_TO_BTF_ID_OR_NULL,
11178 .arg1_type = ARG_PTR_TO_BTF_ID_SOCK_COMMON,
11179 .ret_btf_id = &btf_sock_ids[BTF_SOCK_TYPE_TCP],
11180};
11181
11182BPF_CALL_1(bpf_skc_to_tcp_timewait_sock, struct sock *, sk)
11183{
11184
11185
11186
11187 BTF_TYPE_EMIT(struct inet_timewait_sock);
11188 BTF_TYPE_EMIT(struct tcp_timewait_sock);
11189
11190#ifdef CONFIG_INET
11191 if (sk && sk->sk_prot == &tcp_prot && sk->sk_state == TCP_TIME_WAIT)
11192 return (unsigned long)sk;
11193#endif
11194
11195#if IS_BUILTIN(CONFIG_IPV6)
11196 if (sk && sk->sk_prot == &tcpv6_prot && sk->sk_state == TCP_TIME_WAIT)
11197 return (unsigned long)sk;
11198#endif
11199
11200 return (unsigned long)NULL;
11201}
11202
11203const struct bpf_func_proto bpf_skc_to_tcp_timewait_sock_proto = {
11204 .func = bpf_skc_to_tcp_timewait_sock,
11205 .gpl_only = false,
11206 .ret_type = RET_PTR_TO_BTF_ID_OR_NULL,
11207 .arg1_type = ARG_PTR_TO_BTF_ID_SOCK_COMMON,
11208 .ret_btf_id = &btf_sock_ids[BTF_SOCK_TYPE_TCP_TW],
11209};
11210
11211BPF_CALL_1(bpf_skc_to_tcp_request_sock, struct sock *, sk)
11212{
11213#ifdef CONFIG_INET
11214 if (sk && sk->sk_prot == &tcp_prot && sk->sk_state == TCP_NEW_SYN_RECV)
11215 return (unsigned long)sk;
11216#endif
11217
11218#if IS_BUILTIN(CONFIG_IPV6)
11219 if (sk && sk->sk_prot == &tcpv6_prot && sk->sk_state == TCP_NEW_SYN_RECV)
11220 return (unsigned long)sk;
11221#endif
11222
11223 return (unsigned long)NULL;
11224}
11225
11226const struct bpf_func_proto bpf_skc_to_tcp_request_sock_proto = {
11227 .func = bpf_skc_to_tcp_request_sock,
11228 .gpl_only = false,
11229 .ret_type = RET_PTR_TO_BTF_ID_OR_NULL,
11230 .arg1_type = ARG_PTR_TO_BTF_ID_SOCK_COMMON,
11231 .ret_btf_id = &btf_sock_ids[BTF_SOCK_TYPE_TCP_REQ],
11232};
11233
11234BPF_CALL_1(bpf_skc_to_udp6_sock, struct sock *, sk)
11235{
11236
11237
11238
11239 BTF_TYPE_EMIT(struct udp6_sock);
11240 if (sk && sk_fullsock(sk) && sk->sk_protocol == IPPROTO_UDP &&
11241 sk->sk_type == SOCK_DGRAM && sk->sk_family == AF_INET6)
11242 return (unsigned long)sk;
11243
11244 return (unsigned long)NULL;
11245}
11246
11247const struct bpf_func_proto bpf_skc_to_udp6_sock_proto = {
11248 .func = bpf_skc_to_udp6_sock,
11249 .gpl_only = false,
11250 .ret_type = RET_PTR_TO_BTF_ID_OR_NULL,
11251 .arg1_type = ARG_PTR_TO_BTF_ID_SOCK_COMMON,
11252 .ret_btf_id = &btf_sock_ids[BTF_SOCK_TYPE_UDP6],
11253};
11254
11255BPF_CALL_1(bpf_skc_to_unix_sock, struct sock *, sk)
11256{
11257
11258
11259
11260 BTF_TYPE_EMIT(struct unix_sock);
11261 if (sk && sk_fullsock(sk) && sk->sk_family == AF_UNIX)
11262 return (unsigned long)sk;
11263
11264 return (unsigned long)NULL;
11265}
11266
11267const struct bpf_func_proto bpf_skc_to_unix_sock_proto = {
11268 .func = bpf_skc_to_unix_sock,
11269 .gpl_only = false,
11270 .ret_type = RET_PTR_TO_BTF_ID_OR_NULL,
11271 .arg1_type = ARG_PTR_TO_BTF_ID_SOCK_COMMON,
11272 .ret_btf_id = &btf_sock_ids[BTF_SOCK_TYPE_UNIX],
11273};
11274
11275BPF_CALL_1(bpf_sock_from_file, struct file *, file)
11276{
11277 return (unsigned long)sock_from_file(file);
11278}
11279
11280BTF_ID_LIST(bpf_sock_from_file_btf_ids)
11281BTF_ID(struct, socket)
11282BTF_ID(struct, file)
11283
11284const struct bpf_func_proto bpf_sock_from_file_proto = {
11285 .func = bpf_sock_from_file,
11286 .gpl_only = false,
11287 .ret_type = RET_PTR_TO_BTF_ID_OR_NULL,
11288 .ret_btf_id = &bpf_sock_from_file_btf_ids[0],
11289 .arg1_type = ARG_PTR_TO_BTF_ID,
11290 .arg1_btf_id = &bpf_sock_from_file_btf_ids[1],
11291};
11292
11293static const struct bpf_func_proto *
11294bpf_sk_base_func_proto(enum bpf_func_id func_id)
11295{
11296 const struct bpf_func_proto *func;
11297
11298 switch (func_id) {
11299 case BPF_FUNC_skc_to_tcp6_sock:
11300 func = &bpf_skc_to_tcp6_sock_proto;
11301 break;
11302 case BPF_FUNC_skc_to_tcp_sock:
11303 func = &bpf_skc_to_tcp_sock_proto;
11304 break;
11305 case BPF_FUNC_skc_to_tcp_timewait_sock:
11306 func = &bpf_skc_to_tcp_timewait_sock_proto;
11307 break;
11308 case BPF_FUNC_skc_to_tcp_request_sock:
11309 func = &bpf_skc_to_tcp_request_sock_proto;
11310 break;
11311 case BPF_FUNC_skc_to_udp6_sock:
11312 func = &bpf_skc_to_udp6_sock_proto;
11313 break;
11314 case BPF_FUNC_skc_to_unix_sock:
11315 func = &bpf_skc_to_unix_sock_proto;
11316 break;
11317 case BPF_FUNC_ktime_get_coarse_ns:
11318 return &bpf_ktime_get_coarse_ns_proto;
11319 default:
11320 return bpf_base_func_proto(func_id);
11321 }
11322
11323 if (!perfmon_capable())
11324 return NULL;
11325
11326 return func;
11327}
11328
