1/* SPDX-License-Identifier: GPL-2.0 */ 2#ifndef _BPF_CGROUP_DEFS_H 3#define _BPF_CGROUP_DEFS_H 4 5#ifdef CONFIG_CGROUP_BPF 6 7#include <linux/list.h> 8#include <linux/percpu-refcount.h> 9#include <linux/workqueue.h> 10 11struct bpf_prog_array; 12 13#ifdef CONFIG_BPF_LSM 14/* Maximum number of concurrently attachable per-cgroup LSM hooks. */ 15#define CGROUP_LSM_NUM 10 16#else 17#define CGROUP_LSM_NUM 0 18#endif 19 20enum cgroup_bpf_attach_type { 21 CGROUP_BPF_ATTACH_TYPE_INVALID = -1, 22 CGROUP_INET_INGRESS = 0, 23 CGROUP_INET_EGRESS, 24 CGROUP_INET_SOCK_CREATE, 25 CGROUP_SOCK_OPS, 26 CGROUP_DEVICE, 27 CGROUP_INET4_BIND, 28 CGROUP_INET6_BIND, 29 CGROUP_INET4_CONNECT, 30 CGROUP_INET6_CONNECT, 31 CGROUP_UNIX_CONNECT, 32 CGROUP_INET4_POST_BIND, 33 CGROUP_INET6_POST_BIND, 34 CGROUP_UDP4_SENDMSG, 35 CGROUP_UDP6_SENDMSG, 36 CGROUP_UNIX_SENDMSG, 37 CGROUP_SYSCTL, 38 CGROUP_UDP4_RECVMSG, 39 CGROUP_UDP6_RECVMSG, 40 CGROUP_UNIX_RECVMSG, 41 CGROUP_GETSOCKOPT, 42 CGROUP_SETSOCKOPT, 43 CGROUP_INET4_GETPEERNAME, 44 CGROUP_INET6_GETPEERNAME, 45 CGROUP_UNIX_GETPEERNAME, 46 CGROUP_INET4_GETSOCKNAME, 47 CGROUP_INET6_GETSOCKNAME, 48 CGROUP_UNIX_GETSOCKNAME, 49 CGROUP_INET_SOCK_RELEASE, 50 CGROUP_LSM_START, 51 CGROUP_LSM_END = CGROUP_LSM_START + CGROUP_LSM_NUM - 1, 52 MAX_CGROUP_BPF_ATTACH_TYPE 53}; 54 55struct cgroup_bpf { 56 /* array of effective progs in this cgroup */ 57 struct bpf_prog_array __rcu *effective[MAX_CGROUP_BPF_ATTACH_TYPE]; 58 59 /* attached progs to this cgroup and attach flags 60 * when flags == 0 or BPF_F_ALLOW_OVERRIDE the progs list will 61 * have either zero or one element 62 * when BPF_F_ALLOW_MULTI the list can have up to BPF_CGROUP_MAX_PROGS 63 */ 64 struct hlist_head progs[MAX_CGROUP_BPF_ATTACH_TYPE]; 65 u8 flags[MAX_CGROUP_BPF_ATTACH_TYPE]; 66 67 /* list of cgroup shared storages */ 68 struct list_head storages; 69 70 /* temp storage for effective prog array used by prog_attach/detach */ 71 struct bpf_prog_array *inactive; 72 73 /* reference counter used to detach bpf programs after cgroup removal */ 74 struct percpu_ref refcnt; 75 76 /* cgroup_bpf is released using a work queue */ 77 struct work_struct release_work; 78}; 79 80#else /* CONFIG_CGROUP_BPF */ 81struct cgroup_bpf {}; 82#endif /* CONFIG_CGROUP_BPF */ 83 84#endif 85