1 // SPDX-License-Identifier: GPL-2.0-only
3 * Functions to manage eBPF programs attached to cgroups
5 * Copyright (c) 2016 Daniel Mack
8 #include <linux/kernel.h>
9 #include <linux/atomic.h>
10 #include <linux/cgroup.h>
11 #include <linux/filter.h>
12 #include <linux/slab.h>
13 #include <linux/sysctl.h>
14 #include <linux/string.h>
15 #include <linux/bpf.h>
16 #include <linux/bpf-cgroup.h>
18 #include <net/bpf_sk_storage.h>
20 #include "../cgroup/cgroup-internal.h"
22 DEFINE_STATIC_KEY_FALSE(cgroup_bpf_enabled_key);
23 EXPORT_SYMBOL(cgroup_bpf_enabled_key);
25 void cgroup_bpf_offline(struct cgroup *cgrp)
28 percpu_ref_kill(&cgrp->bpf.refcnt);
32 * cgroup_bpf_release() - put references of all bpf programs and
33 * release all cgroup bpf data
34 * @work: work structure embedded into the cgroup to modify
36 static void cgroup_bpf_release(struct work_struct *work)
38 struct cgroup *cgrp = container_of(work, struct cgroup,
40 enum bpf_cgroup_storage_type stype;
41 struct bpf_prog_array *old_array;
44 mutex_lock(&cgroup_mutex);
46 for (type = 0; type < ARRAY_SIZE(cgrp->bpf.progs); type++) {
47 struct list_head *progs = &cgrp->bpf.progs[type];
48 struct bpf_prog_list *pl, *tmp;
50 list_for_each_entry_safe(pl, tmp, progs, node) {
52 bpf_prog_put(pl->prog);
53 for_each_cgroup_storage_type(stype) {
54 bpf_cgroup_storage_unlink(pl->storage[stype]);
55 bpf_cgroup_storage_free(pl->storage[stype]);
58 static_branch_dec(&cgroup_bpf_enabled_key);
60 old_array = rcu_dereference_protected(
61 cgrp->bpf.effective[type],
62 lockdep_is_held(&cgroup_mutex));
63 bpf_prog_array_free(old_array);
66 mutex_unlock(&cgroup_mutex);
68 percpu_ref_exit(&cgrp->bpf.refcnt);
73 * cgroup_bpf_release_fn() - callback used to schedule releasing
75 * @ref: percpu ref counter structure
77 static void cgroup_bpf_release_fn(struct percpu_ref *ref)
79 struct cgroup *cgrp = container_of(ref, struct cgroup, bpf.refcnt);
81 INIT_WORK(&cgrp->bpf.release_work, cgroup_bpf_release);
82 queue_work(system_wq, &cgrp->bpf.release_work);
85 /* count number of elements in the list.
86 * it's slow but the list cannot be long
88 static u32 prog_list_length(struct list_head *head)
90 struct bpf_prog_list *pl;
93 list_for_each_entry(pl, head, node) {
101 /* if parent has non-overridable prog attached,
102 * disallow attaching new programs to the descendent cgroup.
103 * if parent has overridable or multi-prog, allow attaching
105 static bool hierarchy_allows_attach(struct cgroup *cgrp,
106 enum bpf_attach_type type)
110 p = cgroup_parent(cgrp);
114 u32 flags = p->bpf.flags[type];
117 if (flags & BPF_F_ALLOW_MULTI)
119 cnt = prog_list_length(&p->bpf.progs[type]);
120 WARN_ON_ONCE(cnt > 1);
122 return !!(flags & BPF_F_ALLOW_OVERRIDE);
123 p = cgroup_parent(p);
128 /* compute a chain of effective programs for a given cgroup:
129 * start from the list of programs in this cgroup and add
130 * all parent programs.
131 * Note that parent's F_ALLOW_OVERRIDE-type program is yielding
132 * to programs in this cgroup
134 static int compute_effective_progs(struct cgroup *cgrp,
135 enum bpf_attach_type type,
136 struct bpf_prog_array **array)
138 enum bpf_cgroup_storage_type stype;
139 struct bpf_prog_array *progs;
140 struct bpf_prog_list *pl;
141 struct cgroup *p = cgrp;
144 /* count number of effective programs by walking parents */
146 if (cnt == 0 || (p->bpf.flags[type] & BPF_F_ALLOW_MULTI))
147 cnt += prog_list_length(&p->bpf.progs[type]);
148 p = cgroup_parent(p);
151 progs = bpf_prog_array_alloc(cnt, GFP_KERNEL);
155 /* populate the array with effective progs */
159 if (cnt > 0 && !(p->bpf.flags[type] & BPF_F_ALLOW_MULTI))
162 list_for_each_entry(pl, &p->bpf.progs[type], node) {
166 progs->items[cnt].prog = pl->prog;
167 for_each_cgroup_storage_type(stype)
168 progs->items[cnt].cgroup_storage[stype] =
172 } while ((p = cgroup_parent(p)));
178 static void activate_effective_progs(struct cgroup *cgrp,
179 enum bpf_attach_type type,
180 struct bpf_prog_array *old_array)
182 old_array = rcu_replace_pointer(cgrp->bpf.effective[type], old_array,
183 lockdep_is_held(&cgroup_mutex));
184 /* free prog array after grace period, since __cgroup_bpf_run_*()
185 * might be still walking the array
187 bpf_prog_array_free(old_array);
191 * cgroup_bpf_inherit() - inherit effective programs from parent
192 * @cgrp: the cgroup to modify
194 int cgroup_bpf_inherit(struct cgroup *cgrp)
196 /* has to use marco instead of const int, since compiler thinks
197 * that array below is variable length
199 #define NR ARRAY_SIZE(cgrp->bpf.effective)
200 struct bpf_prog_array *arrays[NR] = {};
203 ret = percpu_ref_init(&cgrp->bpf.refcnt, cgroup_bpf_release_fn, 0,
208 for (i = 0; i < NR; i++)
209 INIT_LIST_HEAD(&cgrp->bpf.progs[i]);
211 for (i = 0; i < NR; i++)
212 if (compute_effective_progs(cgrp, i, &arrays[i]))
215 for (i = 0; i < NR; i++)
216 activate_effective_progs(cgrp, i, arrays[i]);
220 for (i = 0; i < NR; i++)
221 bpf_prog_array_free(arrays[i]);
223 percpu_ref_exit(&cgrp->bpf.refcnt);
228 static int update_effective_progs(struct cgroup *cgrp,
229 enum bpf_attach_type type)
231 struct cgroup_subsys_state *css;
234 /* allocate and recompute effective prog arrays */
235 css_for_each_descendant_pre(css, &cgrp->self) {
236 struct cgroup *desc = container_of(css, struct cgroup, self);
238 if (percpu_ref_is_zero(&desc->bpf.refcnt))
241 err = compute_effective_progs(desc, type, &desc->bpf.inactive);
246 /* all allocations were successful. Activate all prog arrays */
247 css_for_each_descendant_pre(css, &cgrp->self) {
248 struct cgroup *desc = container_of(css, struct cgroup, self);
250 if (percpu_ref_is_zero(&desc->bpf.refcnt)) {
251 if (unlikely(desc->bpf.inactive)) {
252 bpf_prog_array_free(desc->bpf.inactive);
253 desc->bpf.inactive = NULL;
258 activate_effective_progs(desc, type, desc->bpf.inactive);
259 desc->bpf.inactive = NULL;
265 /* oom while computing effective. Free all computed effective arrays
266 * since they were not activated
268 css_for_each_descendant_pre(css, &cgrp->self) {
269 struct cgroup *desc = container_of(css, struct cgroup, self);
271 bpf_prog_array_free(desc->bpf.inactive);
272 desc->bpf.inactive = NULL;
278 #define BPF_CGROUP_MAX_PROGS 64
281 * __cgroup_bpf_attach() - Attach the program to a cgroup, and
282 * propagate the change to descendants
283 * @cgrp: The cgroup which descendants to traverse
284 * @prog: A program to attach
285 * @type: Type of attach operation
286 * @flags: Option flags
288 * Must be called with cgroup_mutex held.
290 int __cgroup_bpf_attach(struct cgroup *cgrp, struct bpf_prog *prog,
291 enum bpf_attach_type type, u32 flags)
293 struct list_head *progs = &cgrp->bpf.progs[type];
294 struct bpf_prog *old_prog = NULL;
295 struct bpf_cgroup_storage *storage[MAX_BPF_CGROUP_STORAGE_TYPE],
296 *old_storage[MAX_BPF_CGROUP_STORAGE_TYPE] = {NULL};
297 struct bpf_prog_list *pl, *replace_pl = NULL;
298 enum bpf_cgroup_storage_type stype;
301 if ((flags & BPF_F_ALLOW_OVERRIDE) && (flags & BPF_F_ALLOW_MULTI))
302 /* invalid combination */
305 if (!hierarchy_allows_attach(cgrp, type))
308 if (!list_empty(progs) && cgrp->bpf.flags[type] != flags)
309 /* Disallow attaching non-overridable on top
310 * of existing overridable in this cgroup.
311 * Disallow attaching multi-prog if overridable or none
315 if (prog_list_length(progs) >= BPF_CGROUP_MAX_PROGS)
318 if (flags & BPF_F_ALLOW_MULTI) {
319 list_for_each_entry(pl, progs, node) {
320 if (pl->prog == prog)
321 /* disallow attaching the same prog twice */
324 } else if (!list_empty(progs)) {
325 replace_pl = list_first_entry(progs, typeof(*pl), node);
328 for_each_cgroup_storage_type(stype) {
329 storage[stype] = bpf_cgroup_storage_alloc(prog, stype);
330 if (IS_ERR(storage[stype])) {
331 storage[stype] = NULL;
332 for_each_cgroup_storage_type(stype)
333 bpf_cgroup_storage_free(storage[stype]);
341 for_each_cgroup_storage_type(stype) {
342 old_storage[stype] = pl->storage[stype];
343 bpf_cgroup_storage_unlink(old_storage[stype]);
346 pl = kmalloc(sizeof(*pl), GFP_KERNEL);
348 for_each_cgroup_storage_type(stype)
349 bpf_cgroup_storage_free(storage[stype]);
352 list_add_tail(&pl->node, progs);
356 for_each_cgroup_storage_type(stype)
357 pl->storage[stype] = storage[stype];
359 cgrp->bpf.flags[type] = flags;
361 err = update_effective_progs(cgrp, type);
365 static_branch_inc(&cgroup_bpf_enabled_key);
366 for_each_cgroup_storage_type(stype) {
367 if (!old_storage[stype])
369 bpf_cgroup_storage_free(old_storage[stype]);
372 bpf_prog_put(old_prog);
373 static_branch_dec(&cgroup_bpf_enabled_key);
375 for_each_cgroup_storage_type(stype)
376 bpf_cgroup_storage_link(storage[stype], cgrp, type);
380 /* and cleanup the prog list */
382 for_each_cgroup_storage_type(stype) {
383 bpf_cgroup_storage_free(pl->storage[stype]);
384 pl->storage[stype] = old_storage[stype];
385 bpf_cgroup_storage_link(old_storage[stype], cgrp, type);
395 * __cgroup_bpf_detach() - Detach the program from a cgroup, and
396 * propagate the change to descendants
397 * @cgrp: The cgroup which descendants to traverse
398 * @prog: A program to detach or NULL
399 * @type: Type of detach operation
401 * Must be called with cgroup_mutex held.
403 int __cgroup_bpf_detach(struct cgroup *cgrp, struct bpf_prog *prog,
404 enum bpf_attach_type type)
406 struct list_head *progs = &cgrp->bpf.progs[type];
407 enum bpf_cgroup_storage_type stype;
408 u32 flags = cgrp->bpf.flags[type];
409 struct bpf_prog *old_prog = NULL;
410 struct bpf_prog_list *pl;
413 if (flags & BPF_F_ALLOW_MULTI) {
415 /* to detach MULTI prog the user has to specify valid FD
416 * of the program to be detached
420 if (list_empty(progs))
421 /* report error when trying to detach and nothing is attached */
425 if (flags & BPF_F_ALLOW_MULTI) {
426 /* find the prog and detach it */
427 list_for_each_entry(pl, progs, node) {
428 if (pl->prog != prog)
431 /* mark it deleted, so it's ignored while
432 * recomputing effective
440 /* to maintain backward compatibility NONE and OVERRIDE cgroups
441 * allow detaching with invalid FD (prog==NULL)
443 pl = list_first_entry(progs, typeof(*pl), node);
448 err = update_effective_progs(cgrp, type);
452 /* now can actually delete it from this cgroup list */
454 for_each_cgroup_storage_type(stype) {
455 bpf_cgroup_storage_unlink(pl->storage[stype]);
456 bpf_cgroup_storage_free(pl->storage[stype]);
459 if (list_empty(progs))
460 /* last program was detached, reset flags to zero */
461 cgrp->bpf.flags[type] = 0;
463 bpf_prog_put(old_prog);
464 static_branch_dec(&cgroup_bpf_enabled_key);
468 /* and restore back old_prog */
473 /* Must be called with cgroup_mutex held to avoid races. */
474 int __cgroup_bpf_query(struct cgroup *cgrp, const union bpf_attr *attr,
475 union bpf_attr __user *uattr)
477 __u32 __user *prog_ids = u64_to_user_ptr(attr->query.prog_ids);
478 enum bpf_attach_type type = attr->query.attach_type;
479 struct list_head *progs = &cgrp->bpf.progs[type];
480 u32 flags = cgrp->bpf.flags[type];
481 struct bpf_prog_array *effective;
484 effective = rcu_dereference_protected(cgrp->bpf.effective[type],
485 lockdep_is_held(&cgroup_mutex));
487 if (attr->query.query_flags & BPF_F_QUERY_EFFECTIVE)
488 cnt = bpf_prog_array_length(effective);
490 cnt = prog_list_length(progs);
492 if (copy_to_user(&uattr->query.attach_flags, &flags, sizeof(flags)))
494 if (copy_to_user(&uattr->query.prog_cnt, &cnt, sizeof(cnt)))
496 if (attr->query.prog_cnt == 0 || !prog_ids || !cnt)
497 /* return early if user requested only program count + flags */
499 if (attr->query.prog_cnt < cnt) {
500 cnt = attr->query.prog_cnt;
504 if (attr->query.query_flags & BPF_F_QUERY_EFFECTIVE) {
505 return bpf_prog_array_copy_to_user(effective, prog_ids, cnt);
507 struct bpf_prog_list *pl;
511 list_for_each_entry(pl, progs, node) {
512 id = pl->prog->aux->id;
513 if (copy_to_user(prog_ids + i, &id, sizeof(id)))
522 int cgroup_bpf_prog_attach(const union bpf_attr *attr,
523 enum bpf_prog_type ptype, struct bpf_prog *prog)
528 cgrp = cgroup_get_from_fd(attr->target_fd);
530 return PTR_ERR(cgrp);
532 ret = cgroup_bpf_attach(cgrp, prog, attr->attach_type,
538 int cgroup_bpf_prog_detach(const union bpf_attr *attr, enum bpf_prog_type ptype)
540 struct bpf_prog *prog;
544 cgrp = cgroup_get_from_fd(attr->target_fd);
546 return PTR_ERR(cgrp);
548 prog = bpf_prog_get_type(attr->attach_bpf_fd, ptype);
552 ret = cgroup_bpf_detach(cgrp, prog, attr->attach_type, 0);
560 int cgroup_bpf_prog_query(const union bpf_attr *attr,
561 union bpf_attr __user *uattr)
566 cgrp = cgroup_get_from_fd(attr->query.target_fd);
568 return PTR_ERR(cgrp);
570 ret = cgroup_bpf_query(cgrp, attr, uattr);
577 * __cgroup_bpf_run_filter_skb() - Run a program for packet filtering
578 * @sk: The socket sending or receiving traffic
579 * @skb: The skb that is being sent or received
580 * @type: The type of program to be exectuted
582 * If no socket is passed, or the socket is not of type INET or INET6,
583 * this function does nothing and returns 0.
585 * The program type passed in via @type must be suitable for network
586 * filtering. No further check is performed to assert that.
588 * For egress packets, this function can return:
589 * NET_XMIT_SUCCESS (0) - continue with packet output
590 * NET_XMIT_DROP (1) - drop packet and notify TCP to call cwr
591 * NET_XMIT_CN (2) - continue with packet output and notify TCP
593 * -EPERM - drop packet
595 * For ingress packets, this function will return -EPERM if any
596 * attached program was found and if it returned != 1 during execution.
597 * Otherwise 0 is returned.
599 int __cgroup_bpf_run_filter_skb(struct sock *sk,
601 enum bpf_attach_type type)
603 unsigned int offset = skb->data - skb_network_header(skb);
604 struct sock *save_sk;
605 void *saved_data_end;
609 if (!sk || !sk_fullsock(sk))
612 if (sk->sk_family != AF_INET && sk->sk_family != AF_INET6)
615 cgrp = sock_cgroup_ptr(&sk->sk_cgrp_data);
618 __skb_push(skb, offset);
620 /* compute pointers for the bpf prog */
621 bpf_compute_and_save_data_end(skb, &saved_data_end);
623 if (type == BPF_CGROUP_INET_EGRESS) {
624 ret = BPF_PROG_CGROUP_INET_EGRESS_RUN_ARRAY(
625 cgrp->bpf.effective[type], skb, __bpf_prog_run_save_cb);
627 ret = BPF_PROG_RUN_ARRAY(cgrp->bpf.effective[type], skb,
628 __bpf_prog_run_save_cb);
629 ret = (ret == 1 ? 0 : -EPERM);
631 bpf_restore_data_end(skb, saved_data_end);
632 __skb_pull(skb, offset);
637 EXPORT_SYMBOL(__cgroup_bpf_run_filter_skb);
640 * __cgroup_bpf_run_filter_sk() - Run a program on a sock
641 * @sk: sock structure to manipulate
642 * @type: The type of program to be exectuted
644 * socket is passed is expected to be of type INET or INET6.
646 * The program type passed in via @type must be suitable for sock
647 * filtering. No further check is performed to assert that.
649 * This function will return %-EPERM if any if an attached program was found
650 * and if it returned != 1 during execution. In all other cases, 0 is returned.
652 int __cgroup_bpf_run_filter_sk(struct sock *sk,
653 enum bpf_attach_type type)
655 struct cgroup *cgrp = sock_cgroup_ptr(&sk->sk_cgrp_data);
658 ret = BPF_PROG_RUN_ARRAY(cgrp->bpf.effective[type], sk, BPF_PROG_RUN);
659 return ret == 1 ? 0 : -EPERM;
661 EXPORT_SYMBOL(__cgroup_bpf_run_filter_sk);
664 * __cgroup_bpf_run_filter_sock_addr() - Run a program on a sock and
665 * provided by user sockaddr
666 * @sk: sock struct that will use sockaddr
667 * @uaddr: sockaddr struct provided by user
668 * @type: The type of program to be exectuted
669 * @t_ctx: Pointer to attach type specific context
671 * socket is expected to be of type INET or INET6.
673 * This function will return %-EPERM if an attached program is found and
674 * returned value != 1 during execution. In all other cases, 0 is returned.
676 int __cgroup_bpf_run_filter_sock_addr(struct sock *sk,
677 struct sockaddr *uaddr,
678 enum bpf_attach_type type,
681 struct bpf_sock_addr_kern ctx = {
686 struct sockaddr_storage unspec;
690 /* Check socket family since not all sockets represent network
691 * endpoint (e.g. AF_UNIX).
693 if (sk->sk_family != AF_INET && sk->sk_family != AF_INET6)
697 memset(&unspec, 0, sizeof(unspec));
698 ctx.uaddr = (struct sockaddr *)&unspec;
701 cgrp = sock_cgroup_ptr(&sk->sk_cgrp_data);
702 ret = BPF_PROG_RUN_ARRAY(cgrp->bpf.effective[type], &ctx, BPF_PROG_RUN);
704 return ret == 1 ? 0 : -EPERM;
706 EXPORT_SYMBOL(__cgroup_bpf_run_filter_sock_addr);
709 * __cgroup_bpf_run_filter_sock_ops() - Run a program on a sock
710 * @sk: socket to get cgroup from
711 * @sock_ops: bpf_sock_ops_kern struct to pass to program. Contains
712 * sk with connection information (IP addresses, etc.) May not contain
713 * cgroup info if it is a req sock.
714 * @type: The type of program to be exectuted
716 * socket passed is expected to be of type INET or INET6.
718 * The program type passed in via @type must be suitable for sock_ops
719 * filtering. No further check is performed to assert that.
721 * This function will return %-EPERM if any if an attached program was found
722 * and if it returned != 1 during execution. In all other cases, 0 is returned.
724 int __cgroup_bpf_run_filter_sock_ops(struct sock *sk,
725 struct bpf_sock_ops_kern *sock_ops,
726 enum bpf_attach_type type)
728 struct cgroup *cgrp = sock_cgroup_ptr(&sk->sk_cgrp_data);
731 ret = BPF_PROG_RUN_ARRAY(cgrp->bpf.effective[type], sock_ops,
733 return ret == 1 ? 0 : -EPERM;
735 EXPORT_SYMBOL(__cgroup_bpf_run_filter_sock_ops);
737 int __cgroup_bpf_check_dev_permission(short dev_type, u32 major, u32 minor,
738 short access, enum bpf_attach_type type)
741 struct bpf_cgroup_dev_ctx ctx = {
742 .access_type = (access << 16) | dev_type,
749 cgrp = task_dfl_cgroup(current);
750 allow = BPF_PROG_RUN_ARRAY(cgrp->bpf.effective[type], &ctx,
756 EXPORT_SYMBOL(__cgroup_bpf_check_dev_permission);
758 static const struct bpf_func_proto *
759 cgroup_base_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog)
762 case BPF_FUNC_map_lookup_elem:
763 return &bpf_map_lookup_elem_proto;
764 case BPF_FUNC_map_update_elem:
765 return &bpf_map_update_elem_proto;
766 case BPF_FUNC_map_delete_elem:
767 return &bpf_map_delete_elem_proto;
768 case BPF_FUNC_map_push_elem:
769 return &bpf_map_push_elem_proto;
770 case BPF_FUNC_map_pop_elem:
771 return &bpf_map_pop_elem_proto;
772 case BPF_FUNC_map_peek_elem:
773 return &bpf_map_peek_elem_proto;
774 case BPF_FUNC_get_current_uid_gid:
775 return &bpf_get_current_uid_gid_proto;
776 case BPF_FUNC_get_local_storage:
777 return &bpf_get_local_storage_proto;
778 case BPF_FUNC_get_current_cgroup_id:
779 return &bpf_get_current_cgroup_id_proto;
780 case BPF_FUNC_trace_printk:
781 if (capable(CAP_SYS_ADMIN))
782 return bpf_get_trace_printk_proto();
789 static const struct bpf_func_proto *
790 cgroup_dev_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog)
792 return cgroup_base_func_proto(func_id, prog);
795 static bool cgroup_dev_is_valid_access(int off, int size,
796 enum bpf_access_type type,
797 const struct bpf_prog *prog,
798 struct bpf_insn_access_aux *info)
800 const int size_default = sizeof(__u32);
802 if (type == BPF_WRITE)
805 if (off < 0 || off + size > sizeof(struct bpf_cgroup_dev_ctx))
807 /* The verifier guarantees that size > 0. */
812 case bpf_ctx_range(struct bpf_cgroup_dev_ctx, access_type):
813 bpf_ctx_record_field_size(info, size_default);
814 if (!bpf_ctx_narrow_access_ok(off, size, size_default))
818 if (size != size_default)
825 const struct bpf_prog_ops cg_dev_prog_ops = {
828 const struct bpf_verifier_ops cg_dev_verifier_ops = {
829 .get_func_proto = cgroup_dev_func_proto,
830 .is_valid_access = cgroup_dev_is_valid_access,
834 * __cgroup_bpf_run_filter_sysctl - Run a program on sysctl
836 * @head: sysctl table header
837 * @table: sysctl table
838 * @write: sysctl is being read (= 0) or written (= 1)
839 * @buf: pointer to buffer passed by user space
840 * @pcount: value-result argument: value is size of buffer pointed to by @buf,
841 * result is size of @new_buf if program set new value, initial value
843 * @ppos: value-result argument: value is position at which read from or write
844 * to sysctl is happening, result is new position if program overrode it,
845 * initial value otherwise
846 * @new_buf: pointer to pointer to new buffer that will be allocated if program
847 * overrides new value provided by user space on sysctl write
848 * NOTE: it's caller responsibility to free *new_buf if it was set
849 * @type: type of program to be executed
851 * Program is run when sysctl is being accessed, either read or written, and
852 * can allow or deny such access.
854 * This function will return %-EPERM if an attached program is found and
855 * returned value != 1 during execution. In all other cases 0 is returned.
857 int __cgroup_bpf_run_filter_sysctl(struct ctl_table_header *head,
858 struct ctl_table *table, int write,
859 void __user *buf, size_t *pcount,
860 loff_t *ppos, void **new_buf,
861 enum bpf_attach_type type)
863 struct bpf_sysctl_kern ctx = {
869 .cur_len = PAGE_SIZE,
877 ctx.cur_val = kmalloc_track_caller(ctx.cur_len, GFP_KERNEL);
884 if (table->proc_handler(table, 0, (void __user *)ctx.cur_val,
885 &ctx.cur_len, &pos)) {
886 /* Let BPF program decide how to proceed. */
891 /* Let BPF program decide how to proceed. */
895 if (write && buf && *pcount) {
896 /* BPF program should be able to override new value with a
897 * buffer bigger than provided by user.
899 ctx.new_val = kmalloc_track_caller(PAGE_SIZE, GFP_KERNEL);
900 ctx.new_len = min_t(size_t, PAGE_SIZE, *pcount);
902 copy_from_user(ctx.new_val, buf, ctx.new_len))
903 /* Let BPF program decide how to proceed. */
908 cgrp = task_dfl_cgroup(current);
909 ret = BPF_PROG_RUN_ARRAY(cgrp->bpf.effective[type], &ctx, BPF_PROG_RUN);
914 if (ret == 1 && ctx.new_updated) {
915 *new_buf = ctx.new_val;
916 *pcount = ctx.new_len;
921 return ret == 1 ? 0 : -EPERM;
923 EXPORT_SYMBOL(__cgroup_bpf_run_filter_sysctl);
926 static bool __cgroup_bpf_prog_array_is_empty(struct cgroup *cgrp,
927 enum bpf_attach_type attach_type)
929 struct bpf_prog_array *prog_array;
933 prog_array = rcu_dereference(cgrp->bpf.effective[attach_type]);
934 empty = bpf_prog_array_is_empty(prog_array);
940 static int sockopt_alloc_buf(struct bpf_sockopt_kern *ctx, int max_optlen)
942 if (unlikely(max_optlen > PAGE_SIZE) || max_optlen < 0)
945 ctx->optval = kzalloc(max_optlen, GFP_USER);
949 ctx->optval_end = ctx->optval + max_optlen;
954 static void sockopt_free_buf(struct bpf_sockopt_kern *ctx)
959 int __cgroup_bpf_run_filter_setsockopt(struct sock *sk, int *level,
960 int *optname, char __user *optval,
961 int *optlen, char **kernel_optval)
963 struct cgroup *cgrp = sock_cgroup_ptr(&sk->sk_cgrp_data);
964 struct bpf_sockopt_kern ctx = {
971 /* Opportunistic check to see whether we have any BPF program
972 * attached to the hook so we don't waste time allocating
973 * memory and locking the socket.
975 if (!cgroup_bpf_enabled ||
976 __cgroup_bpf_prog_array_is_empty(cgrp, BPF_CGROUP_SETSOCKOPT))
979 /* Allocate a bit more than the initial user buffer for
980 * BPF program. The canonical use case is overriding
981 * TCP_CONGESTION(nv) to TCP_CONGESTION(cubic).
983 max_optlen = max_t(int, 16, *optlen);
985 ret = sockopt_alloc_buf(&ctx, max_optlen);
989 ctx.optlen = *optlen;
991 if (copy_from_user(ctx.optval, optval, *optlen) != 0) {
997 ret = BPF_PROG_RUN_ARRAY(cgrp->bpf.effective[BPF_CGROUP_SETSOCKOPT],
1006 if (ctx.optlen == -1) {
1007 /* optlen set to -1, bypass kernel */
1009 } else if (ctx.optlen > max_optlen || ctx.optlen < -1) {
1010 /* optlen is out of bounds */
1013 /* optlen within bounds, run kernel handler */
1016 /* export any potential modifications */
1018 *optname = ctx.optname;
1019 *optlen = ctx.optlen;
1020 *kernel_optval = ctx.optval;
1025 sockopt_free_buf(&ctx);
1028 EXPORT_SYMBOL(__cgroup_bpf_run_filter_setsockopt);
1030 int __cgroup_bpf_run_filter_getsockopt(struct sock *sk, int level,
1031 int optname, char __user *optval,
1032 int __user *optlen, int max_optlen,
1035 struct cgroup *cgrp = sock_cgroup_ptr(&sk->sk_cgrp_data);
1036 struct bpf_sockopt_kern ctx = {
1044 /* Opportunistic check to see whether we have any BPF program
1045 * attached to the hook so we don't waste time allocating
1046 * memory and locking the socket.
1048 if (!cgroup_bpf_enabled ||
1049 __cgroup_bpf_prog_array_is_empty(cgrp, BPF_CGROUP_GETSOCKOPT))
1052 ret = sockopt_alloc_buf(&ctx, max_optlen);
1056 ctx.optlen = max_optlen;
1059 /* If kernel getsockopt finished successfully,
1060 * copy whatever was returned to the user back
1061 * into our temporary buffer. Set optlen to the
1062 * one that kernel returned as well to let
1063 * BPF programs inspect the value.
1066 if (get_user(ctx.optlen, optlen)) {
1071 if (ctx.optlen > max_optlen)
1072 ctx.optlen = max_optlen;
1074 if (copy_from_user(ctx.optval, optval, ctx.optlen) != 0) {
1081 ret = BPF_PROG_RUN_ARRAY(cgrp->bpf.effective[BPF_CGROUP_GETSOCKOPT],
1082 &ctx, BPF_PROG_RUN);
1090 if (ctx.optlen > max_optlen) {
1095 /* BPF programs only allowed to set retval to 0, not some
1098 if (ctx.retval != 0 && ctx.retval != retval) {
1103 if (copy_to_user(optval, ctx.optval, ctx.optlen) ||
1104 put_user(ctx.optlen, optlen)) {
1112 sockopt_free_buf(&ctx);
1115 EXPORT_SYMBOL(__cgroup_bpf_run_filter_getsockopt);
1118 static ssize_t sysctl_cpy_dir(const struct ctl_dir *dir, char **bufp,
1121 ssize_t tmp_ret = 0, ret;
1123 if (dir->header.parent) {
1124 tmp_ret = sysctl_cpy_dir(dir->header.parent, bufp, lenp);
1129 ret = strscpy(*bufp, dir->header.ctl_table[0].procname, *lenp);
1136 /* Avoid leading slash. */
1140 tmp_ret = strscpy(*bufp, "/", *lenp);
1146 return ret + tmp_ret;
1149 BPF_CALL_4(bpf_sysctl_get_name, struct bpf_sysctl_kern *, ctx, char *, buf,
1150 size_t, buf_len, u64, flags)
1152 ssize_t tmp_ret = 0, ret;
1157 if (!(flags & BPF_F_SYSCTL_BASE_NAME)) {
1160 tmp_ret = sysctl_cpy_dir(ctx->head->parent, &buf, &buf_len);
1165 ret = strscpy(buf, ctx->table->procname, buf_len);
1167 return ret < 0 ? ret : tmp_ret + ret;
1170 static const struct bpf_func_proto bpf_sysctl_get_name_proto = {
1171 .func = bpf_sysctl_get_name,
1173 .ret_type = RET_INTEGER,
1174 .arg1_type = ARG_PTR_TO_CTX,
1175 .arg2_type = ARG_PTR_TO_MEM,
1176 .arg3_type = ARG_CONST_SIZE,
1177 .arg4_type = ARG_ANYTHING,
1180 static int copy_sysctl_value(char *dst, size_t dst_len, char *src,
1189 if (!src || !src_len) {
1190 memset(dst, 0, dst_len);
1194 memcpy(dst, src, min(dst_len, src_len));
1196 if (dst_len > src_len) {
1197 memset(dst + src_len, '\0', dst_len - src_len);
1201 dst[dst_len - 1] = '\0';
1206 BPF_CALL_3(bpf_sysctl_get_current_value, struct bpf_sysctl_kern *, ctx,
1207 char *, buf, size_t, buf_len)
1209 return copy_sysctl_value(buf, buf_len, ctx->cur_val, ctx->cur_len);
1212 static const struct bpf_func_proto bpf_sysctl_get_current_value_proto = {
1213 .func = bpf_sysctl_get_current_value,
1215 .ret_type = RET_INTEGER,
1216 .arg1_type = ARG_PTR_TO_CTX,
1217 .arg2_type = ARG_PTR_TO_UNINIT_MEM,
1218 .arg3_type = ARG_CONST_SIZE,
1221 BPF_CALL_3(bpf_sysctl_get_new_value, struct bpf_sysctl_kern *, ctx, char *, buf,
1226 memset(buf, '\0', buf_len);
1229 return copy_sysctl_value(buf, buf_len, ctx->new_val, ctx->new_len);
1232 static const struct bpf_func_proto bpf_sysctl_get_new_value_proto = {
1233 .func = bpf_sysctl_get_new_value,
1235 .ret_type = RET_INTEGER,
1236 .arg1_type = ARG_PTR_TO_CTX,
1237 .arg2_type = ARG_PTR_TO_UNINIT_MEM,
1238 .arg3_type = ARG_CONST_SIZE,
1241 BPF_CALL_3(bpf_sysctl_set_new_value, struct bpf_sysctl_kern *, ctx,
1242 const char *, buf, size_t, buf_len)
1244 if (!ctx->write || !ctx->new_val || !ctx->new_len || !buf || !buf_len)
1247 if (buf_len > PAGE_SIZE - 1)
1250 memcpy(ctx->new_val, buf, buf_len);
1251 ctx->new_len = buf_len;
1252 ctx->new_updated = 1;
1257 static const struct bpf_func_proto bpf_sysctl_set_new_value_proto = {
1258 .func = bpf_sysctl_set_new_value,
1260 .ret_type = RET_INTEGER,
1261 .arg1_type = ARG_PTR_TO_CTX,
1262 .arg2_type = ARG_PTR_TO_MEM,
1263 .arg3_type = ARG_CONST_SIZE,
1266 static const struct bpf_func_proto *
1267 sysctl_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog)
1270 case BPF_FUNC_strtol:
1271 return &bpf_strtol_proto;
1272 case BPF_FUNC_strtoul:
1273 return &bpf_strtoul_proto;
1274 case BPF_FUNC_sysctl_get_name:
1275 return &bpf_sysctl_get_name_proto;
1276 case BPF_FUNC_sysctl_get_current_value:
1277 return &bpf_sysctl_get_current_value_proto;
1278 case BPF_FUNC_sysctl_get_new_value:
1279 return &bpf_sysctl_get_new_value_proto;
1280 case BPF_FUNC_sysctl_set_new_value:
1281 return &bpf_sysctl_set_new_value_proto;
1283 return cgroup_base_func_proto(func_id, prog);
1287 static bool sysctl_is_valid_access(int off, int size, enum bpf_access_type type,
1288 const struct bpf_prog *prog,
1289 struct bpf_insn_access_aux *info)
1291 const int size_default = sizeof(__u32);
1293 if (off < 0 || off + size > sizeof(struct bpf_sysctl) || off % size)
1297 case bpf_ctx_range(struct bpf_sysctl, write):
1298 if (type != BPF_READ)
1300 bpf_ctx_record_field_size(info, size_default);
1301 return bpf_ctx_narrow_access_ok(off, size, size_default);
1302 case bpf_ctx_range(struct bpf_sysctl, file_pos):
1303 if (type == BPF_READ) {
1304 bpf_ctx_record_field_size(info, size_default);
1305 return bpf_ctx_narrow_access_ok(off, size, size_default);
1307 return size == size_default;
1314 static u32 sysctl_convert_ctx_access(enum bpf_access_type type,
1315 const struct bpf_insn *si,
1316 struct bpf_insn *insn_buf,
1317 struct bpf_prog *prog, u32 *target_size)
1319 struct bpf_insn *insn = insn_buf;
1323 case offsetof(struct bpf_sysctl, write):
1324 *insn++ = BPF_LDX_MEM(
1325 BPF_SIZE(si->code), si->dst_reg, si->src_reg,
1326 bpf_target_off(struct bpf_sysctl_kern, write,
1327 FIELD_SIZEOF(struct bpf_sysctl_kern,
1331 case offsetof(struct bpf_sysctl, file_pos):
1332 /* ppos is a pointer so it should be accessed via indirect
1333 * loads and stores. Also for stores additional temporary
1334 * register is used since neither src_reg nor dst_reg can be
1337 if (type == BPF_WRITE) {
1338 int treg = BPF_REG_9;
1340 if (si->src_reg == treg || si->dst_reg == treg)
1342 if (si->src_reg == treg || si->dst_reg == treg)
1344 *insn++ = BPF_STX_MEM(
1345 BPF_DW, si->dst_reg, treg,
1346 offsetof(struct bpf_sysctl_kern, tmp_reg));
1347 *insn++ = BPF_LDX_MEM(
1348 BPF_FIELD_SIZEOF(struct bpf_sysctl_kern, ppos),
1350 offsetof(struct bpf_sysctl_kern, ppos));
1351 *insn++ = BPF_STX_MEM(
1352 BPF_SIZEOF(u32), treg, si->src_reg,
1353 bpf_ctx_narrow_access_offset(
1354 0, sizeof(u32), sizeof(loff_t)));
1355 *insn++ = BPF_LDX_MEM(
1356 BPF_DW, treg, si->dst_reg,
1357 offsetof(struct bpf_sysctl_kern, tmp_reg));
1359 *insn++ = BPF_LDX_MEM(
1360 BPF_FIELD_SIZEOF(struct bpf_sysctl_kern, ppos),
1361 si->dst_reg, si->src_reg,
1362 offsetof(struct bpf_sysctl_kern, ppos));
1363 read_size = bpf_size_to_bytes(BPF_SIZE(si->code));
1364 *insn++ = BPF_LDX_MEM(
1365 BPF_SIZE(si->code), si->dst_reg, si->dst_reg,
1366 bpf_ctx_narrow_access_offset(
1367 0, read_size, sizeof(loff_t)));
1369 *target_size = sizeof(u32);
1373 return insn - insn_buf;
1376 const struct bpf_verifier_ops cg_sysctl_verifier_ops = {
1377 .get_func_proto = sysctl_func_proto,
1378 .is_valid_access = sysctl_is_valid_access,
1379 .convert_ctx_access = sysctl_convert_ctx_access,
1382 const struct bpf_prog_ops cg_sysctl_prog_ops = {
1385 static const struct bpf_func_proto *
1386 cg_sockopt_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog)
1390 case BPF_FUNC_sk_storage_get:
1391 return &bpf_sk_storage_get_proto;
1392 case BPF_FUNC_sk_storage_delete:
1393 return &bpf_sk_storage_delete_proto;
1396 case BPF_FUNC_tcp_sock:
1397 return &bpf_tcp_sock_proto;
1400 return cgroup_base_func_proto(func_id, prog);
1404 static bool cg_sockopt_is_valid_access(int off, int size,
1405 enum bpf_access_type type,
1406 const struct bpf_prog *prog,
1407 struct bpf_insn_access_aux *info)
1409 const int size_default = sizeof(__u32);
1411 if (off < 0 || off >= sizeof(struct bpf_sockopt))
1414 if (off % size != 0)
1417 if (type == BPF_WRITE) {
1419 case offsetof(struct bpf_sockopt, retval):
1420 if (size != size_default)
1422 return prog->expected_attach_type ==
1423 BPF_CGROUP_GETSOCKOPT;
1424 case offsetof(struct bpf_sockopt, optname):
1426 case offsetof(struct bpf_sockopt, level):
1427 if (size != size_default)
1429 return prog->expected_attach_type ==
1430 BPF_CGROUP_SETSOCKOPT;
1431 case offsetof(struct bpf_sockopt, optlen):
1432 return size == size_default;
1439 case offsetof(struct bpf_sockopt, sk):
1440 if (size != sizeof(__u64))
1442 info->reg_type = PTR_TO_SOCKET;
1444 case offsetof(struct bpf_sockopt, optval):
1445 if (size != sizeof(__u64))
1447 info->reg_type = PTR_TO_PACKET;
1449 case offsetof(struct bpf_sockopt, optval_end):
1450 if (size != sizeof(__u64))
1452 info->reg_type = PTR_TO_PACKET_END;
1454 case offsetof(struct bpf_sockopt, retval):
1455 if (size != size_default)
1457 return prog->expected_attach_type == BPF_CGROUP_GETSOCKOPT;
1459 if (size != size_default)
1466 #define CG_SOCKOPT_ACCESS_FIELD(T, F) \
1467 T(BPF_FIELD_SIZEOF(struct bpf_sockopt_kern, F), \
1468 si->dst_reg, si->src_reg, \
1469 offsetof(struct bpf_sockopt_kern, F))
1471 static u32 cg_sockopt_convert_ctx_access(enum bpf_access_type type,
1472 const struct bpf_insn *si,
1473 struct bpf_insn *insn_buf,
1474 struct bpf_prog *prog,
1477 struct bpf_insn *insn = insn_buf;
1480 case offsetof(struct bpf_sockopt, sk):
1481 *insn++ = CG_SOCKOPT_ACCESS_FIELD(BPF_LDX_MEM, sk);
1483 case offsetof(struct bpf_sockopt, level):
1484 if (type == BPF_WRITE)
1485 *insn++ = CG_SOCKOPT_ACCESS_FIELD(BPF_STX_MEM, level);
1487 *insn++ = CG_SOCKOPT_ACCESS_FIELD(BPF_LDX_MEM, level);
1489 case offsetof(struct bpf_sockopt, optname):
1490 if (type == BPF_WRITE)
1491 *insn++ = CG_SOCKOPT_ACCESS_FIELD(BPF_STX_MEM, optname);
1493 *insn++ = CG_SOCKOPT_ACCESS_FIELD(BPF_LDX_MEM, optname);
1495 case offsetof(struct bpf_sockopt, optlen):
1496 if (type == BPF_WRITE)
1497 *insn++ = CG_SOCKOPT_ACCESS_FIELD(BPF_STX_MEM, optlen);
1499 *insn++ = CG_SOCKOPT_ACCESS_FIELD(BPF_LDX_MEM, optlen);
1501 case offsetof(struct bpf_sockopt, retval):
1502 if (type == BPF_WRITE)
1503 *insn++ = CG_SOCKOPT_ACCESS_FIELD(BPF_STX_MEM, retval);
1505 *insn++ = CG_SOCKOPT_ACCESS_FIELD(BPF_LDX_MEM, retval);
1507 case offsetof(struct bpf_sockopt, optval):
1508 *insn++ = CG_SOCKOPT_ACCESS_FIELD(BPF_LDX_MEM, optval);
1510 case offsetof(struct bpf_sockopt, optval_end):
1511 *insn++ = CG_SOCKOPT_ACCESS_FIELD(BPF_LDX_MEM, optval_end);
1515 return insn - insn_buf;
1518 static int cg_sockopt_get_prologue(struct bpf_insn *insn_buf,
1520 const struct bpf_prog *prog)
1522 /* Nothing to do for sockopt argument. The data is kzalloc'ated.
1527 const struct bpf_verifier_ops cg_sockopt_verifier_ops = {
1528 .get_func_proto = cg_sockopt_func_proto,
1529 .is_valid_access = cg_sockopt_is_valid_access,
1530 .convert_ctx_access = cg_sockopt_convert_ctx_access,
1531 .gen_prologue = cg_sockopt_get_prologue,
1534 const struct bpf_prog_ops cg_sockopt_prog_ops = {