1 /* SPDX-License-Identifier: GPL-2.0 */
2 #ifndef _BPF_CGROUP_DEFS_H
3 #define _BPF_CGROUP_DEFS_H
4 
5 #ifdef CONFIG_CGROUP_BPF
6 
7 #include <linux/list.h>
8 #include <linux/percpu-refcount.h>
9 #include <linux/workqueue.h>
10 
11 struct bpf_prog_array;
12 
13 #ifdef CONFIG_BPF_LSM
14 /* Maximum number of concurrently attachable per-cgroup LSM hooks. */
15 #define CGROUP_LSM_NUM 10
16 #else
17 #define CGROUP_LSM_NUM 0
18 #endif
19 
20 enum cgroup_bpf_attach_type {
21 	CGROUP_BPF_ATTACH_TYPE_INVALID = -1,
22 	CGROUP_INET_INGRESS = 0,
23 	CGROUP_INET_EGRESS,
24 	CGROUP_INET_SOCK_CREATE,
25 	CGROUP_SOCK_OPS,
26 	CGROUP_DEVICE,
27 	CGROUP_INET4_BIND,
28 	CGROUP_INET6_BIND,
29 	CGROUP_INET4_CONNECT,
30 	CGROUP_INET6_CONNECT,
31 	CGROUP_INET4_POST_BIND,
32 	CGROUP_INET6_POST_BIND,
33 	CGROUP_UDP4_SENDMSG,
34 	CGROUP_UDP6_SENDMSG,
35 	CGROUP_SYSCTL,
36 	CGROUP_UDP4_RECVMSG,
37 	CGROUP_UDP6_RECVMSG,
38 	CGROUP_GETSOCKOPT,
39 	CGROUP_SETSOCKOPT,
40 	CGROUP_INET4_GETPEERNAME,
41 	CGROUP_INET6_GETPEERNAME,
42 	CGROUP_INET4_GETSOCKNAME,
43 	CGROUP_INET6_GETSOCKNAME,
44 	CGROUP_INET_SOCK_RELEASE,
45 	CGROUP_LSM_START,
46 	CGROUP_LSM_END = CGROUP_LSM_START + CGROUP_LSM_NUM - 1,
47 	MAX_CGROUP_BPF_ATTACH_TYPE
48 };
49 
50 struct cgroup_bpf {
51 	/* array of effective progs in this cgroup */
52 	struct bpf_prog_array __rcu *effective[MAX_CGROUP_BPF_ATTACH_TYPE];
53 
54 	/* attached progs to this cgroup and attach flags
55 	 * when flags == 0 or BPF_F_ALLOW_OVERRIDE the progs list will
56 	 * have either zero or one element
57 	 * when BPF_F_ALLOW_MULTI the list can have up to BPF_CGROUP_MAX_PROGS
58 	 */
59 	struct hlist_head progs[MAX_CGROUP_BPF_ATTACH_TYPE];
60 	u8 flags[MAX_CGROUP_BPF_ATTACH_TYPE];
61 
62 	/* list of cgroup shared storages */
63 	struct list_head storages;
64 
65 	/* temp storage for effective prog array used by prog_attach/detach */
66 	struct bpf_prog_array *inactive;
67 
68 	/* reference counter used to detach bpf programs after cgroup removal */
69 	struct percpu_ref refcnt;
70 
71 	/* cgroup_bpf is released using a work queue */
72 	struct work_struct release_work;
73 };
74 
75 #else /* CONFIG_CGROUP_BPF */
76 struct cgroup_bpf {};
77 #endif /* CONFIG_CGROUP_BPF */
78 
79 #endif
80