xref: /linux/include/linux/bpf-cgroup-defs.h (revision 859051dd) 
1 /* SPDX-License-Identifier: GPL-2.0 */
2 #ifndef _BPF_CGROUP_DEFS_H
3 #define _BPF_CGROUP_DEFS_H
4 
5 #ifdef CONFIG_CGROUP_BPF
6 
7 #include <linux/list.h>
8 #include <linux/percpu-refcount.h>
9 #include <linux/workqueue.h>
10 
11 struct bpf_prog_array;
12 
13 #ifdef CONFIG_BPF_LSM
14 /* Maximum number of concurrently attachable per-cgroup LSM hooks. */
15 #define CGROUP_LSM_NUM 10
16 #else
17 #define CGROUP_LSM_NUM 0
18 #endif
19 
20 enum cgroup_bpf_attach_type {
21 	CGROUP_BPF_ATTACH_TYPE_INVALID = -1,
22 	CGROUP_INET_INGRESS = 0,
23 	CGROUP_INET_EGRESS,
24 	CGROUP_INET_SOCK_CREATE,
25 	CGROUP_SOCK_OPS,
26 	CGROUP_DEVICE,
27 	CGROUP_INET4_BIND,
28 	CGROUP_INET6_BIND,
29 	CGROUP_INET4_CONNECT,
30 	CGROUP_INET6_CONNECT,
31 	CGROUP_UNIX_CONNECT,
32 	CGROUP_INET4_POST_BIND,
33 	CGROUP_INET6_POST_BIND,
34 	CGROUP_UDP4_SENDMSG,
35 	CGROUP_UDP6_SENDMSG,
36 	CGROUP_UNIX_SENDMSG,
37 	CGROUP_SYSCTL,
38 	CGROUP_UDP4_RECVMSG,
39 	CGROUP_UDP6_RECVMSG,
40 	CGROUP_UNIX_RECVMSG,
41 	CGROUP_GETSOCKOPT,
42 	CGROUP_SETSOCKOPT,
43 	CGROUP_INET4_GETPEERNAME,
44 	CGROUP_INET6_GETPEERNAME,
45 	CGROUP_UNIX_GETPEERNAME,
46 	CGROUP_INET4_GETSOCKNAME,
47 	CGROUP_INET6_GETSOCKNAME,
48 	CGROUP_UNIX_GETSOCKNAME,
49 	CGROUP_INET_SOCK_RELEASE,
50 	CGROUP_LSM_START,
51 	CGROUP_LSM_END = CGROUP_LSM_START + CGROUP_LSM_NUM - 1,
52 	MAX_CGROUP_BPF_ATTACH_TYPE
53 };
54 
55 struct cgroup_bpf {
56 	/* array of effective progs in this cgroup */
57 	struct bpf_prog_array __rcu *effective[MAX_CGROUP_BPF_ATTACH_TYPE];
58 
59 	/* attached progs to this cgroup and attach flags
60 	 * when flags == 0 or BPF_F_ALLOW_OVERRIDE the progs list will
61 	 * have either zero or one element
62 	 * when BPF_F_ALLOW_MULTI the list can have up to BPF_CGROUP_MAX_PROGS
63 	 */
64 	struct hlist_head progs[MAX_CGROUP_BPF_ATTACH_TYPE];
65 	u8 flags[MAX_CGROUP_BPF_ATTACH_TYPE];
66 
67 	/* list of cgroup shared storages */
68 	struct list_head storages;
69 
70 	/* temp storage for effective prog array used by prog_attach/detach */
71 	struct bpf_prog_array *inactive;
72 
73 	/* reference counter used to detach bpf programs after cgroup removal */
74 	struct percpu_ref refcnt;
75 
76 	/* cgroup_bpf is released using a work queue */
77 	struct work_struct release_work;
78 };
79 
80 #else /* CONFIG_CGROUP_BPF */
81 struct cgroup_bpf {};
82 #endif /* CONFIG_CGROUP_BPF */
83 
84 #endif
85