1  /* SPDX-License-Identifier: GPL-2.0 */
2  #ifndef _BPF_CGROUP_DEFS_H
3  #define _BPF_CGROUP_DEFS_H
4  
5  #ifdef CONFIG_CGROUP_BPF
6  
7  #include <linux/list.h>
8  #include <linux/percpu-refcount.h>
9  #include <linux/workqueue.h>
10  
11  struct bpf_prog_array;
12  
13  #ifdef CONFIG_BPF_LSM
14  /* Maximum number of concurrently attachable per-cgroup LSM hooks. */
15  #define CGROUP_LSM_NUM 10
16  #else
17  #define CGROUP_LSM_NUM 0
18  #endif
19  
20  enum cgroup_bpf_attach_type {
21  	CGROUP_BPF_ATTACH_TYPE_INVALID = -1,
22  	CGROUP_INET_INGRESS = 0,
23  	CGROUP_INET_EGRESS,
24  	CGROUP_INET_SOCK_CREATE,
25  	CGROUP_SOCK_OPS,
26  	CGROUP_DEVICE,
27  	CGROUP_INET4_BIND,
28  	CGROUP_INET6_BIND,
29  	CGROUP_INET4_CONNECT,
30  	CGROUP_INET6_CONNECT,
31  	CGROUP_UNIX_CONNECT,
32  	CGROUP_INET4_POST_BIND,
33  	CGROUP_INET6_POST_BIND,
34  	CGROUP_UDP4_SENDMSG,
35  	CGROUP_UDP6_SENDMSG,
36  	CGROUP_UNIX_SENDMSG,
37  	CGROUP_SYSCTL,
38  	CGROUP_UDP4_RECVMSG,
39  	CGROUP_UDP6_RECVMSG,
40  	CGROUP_UNIX_RECVMSG,
41  	CGROUP_GETSOCKOPT,
42  	CGROUP_SETSOCKOPT,
43  	CGROUP_INET4_GETPEERNAME,
44  	CGROUP_INET6_GETPEERNAME,
45  	CGROUP_UNIX_GETPEERNAME,
46  	CGROUP_INET4_GETSOCKNAME,
47  	CGROUP_INET6_GETSOCKNAME,
48  	CGROUP_UNIX_GETSOCKNAME,
49  	CGROUP_INET_SOCK_RELEASE,
50  	CGROUP_LSM_START,
51  	CGROUP_LSM_END = CGROUP_LSM_START + CGROUP_LSM_NUM - 1,
52  	MAX_CGROUP_BPF_ATTACH_TYPE
53  };
54  
55  struct cgroup_bpf {
56  	/* array of effective progs in this cgroup */
57  	struct bpf_prog_array __rcu *effective[MAX_CGROUP_BPF_ATTACH_TYPE];
58  
59  	/* attached progs to this cgroup and attach flags
60  	 * when flags == 0 or BPF_F_ALLOW_OVERRIDE the progs list will
61  	 * have either zero or one element
62  	 * when BPF_F_ALLOW_MULTI the list can have up to BPF_CGROUP_MAX_PROGS
63  	 */
64  	struct hlist_head progs[MAX_CGROUP_BPF_ATTACH_TYPE];
65  	u8 flags[MAX_CGROUP_BPF_ATTACH_TYPE];
66  
67  	/* list of cgroup shared storages */
68  	struct list_head storages;
69  
70  	/* temp storage for effective prog array used by prog_attach/detach */
71  	struct bpf_prog_array *inactive;
72  
73  	/* reference counter used to detach bpf programs after cgroup removal */
74  	struct percpu_ref refcnt;
75  
76  	/* cgroup_bpf is released using a work queue */
77  	struct work_struct release_work;
78  };
79  
80  #else /* CONFIG_CGROUP_BPF */
81  struct cgroup_bpf {};
82  #endif /* CONFIG_CGROUP_BPF */
83  
84  #endif
85