1 /* Copyright (c) 2011-2014 PLUMgrid, http://plumgrid.com
3 * This program is free software; you can redistribute it and/or
4 * modify it under the terms of version 2 of the GNU General Public
5 * License as published by the Free Software Foundation.
7 * This program is distributed in the hope that it will be useful, but
8 * WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
10 * General Public License for more details.
12 #include <linux/bpf.h>
13 #include <linux/bpf_trace.h>
14 #include <linux/syscalls.h>
15 #include <linux/slab.h>
16 #include <linux/sched/signal.h>
17 #include <linux/vmalloc.h>
18 #include <linux/mmzone.h>
19 #include <linux/anon_inodes.h>
20 #include <linux/file.h>
21 #include <linux/license.h>
22 #include <linux/filter.h>
23 #include <linux/version.h>
24 #include <linux/kernel.h>
25 #include <linux/idr.h>
27 #define IS_FD_ARRAY(map) ((map)->map_type == BPF_MAP_TYPE_PROG_ARRAY || \
28 (map)->map_type == BPF_MAP_TYPE_PERF_EVENT_ARRAY || \
29 (map)->map_type == BPF_MAP_TYPE_CGROUP_ARRAY || \
30 (map)->map_type == BPF_MAP_TYPE_ARRAY_OF_MAPS)
31 #define IS_FD_HASH(map) ((map)->map_type == BPF_MAP_TYPE_HASH_OF_MAPS)
32 #define IS_FD_MAP(map) (IS_FD_ARRAY(map) || IS_FD_HASH(map))
34 DEFINE_PER_CPU(int, bpf_prog_active);
35 static DEFINE_IDR(prog_idr);
36 static DEFINE_SPINLOCK(prog_idr_lock);
37 static DEFINE_IDR(map_idr);
38 static DEFINE_SPINLOCK(map_idr_lock);
40 int sysctl_unprivileged_bpf_disabled __read_mostly;
42 static const struct bpf_map_ops * const bpf_map_types[] = {
43 #define BPF_PROG_TYPE(_id, _ops)
44 #define BPF_MAP_TYPE(_id, _ops) \
46 #include <linux/bpf_types.h>
51 static struct bpf_map *find_and_alloc_map(union bpf_attr *attr)
55 if (attr->map_type >= ARRAY_SIZE(bpf_map_types) ||
56 !bpf_map_types[attr->map_type])
57 return ERR_PTR(-EINVAL);
59 map = bpf_map_types[attr->map_type]->map_alloc(attr);
62 map->ops = bpf_map_types[attr->map_type];
63 map->map_type = attr->map_type;
67 void *bpf_map_area_alloc(size_t size)
69 /* We definitely need __GFP_NORETRY, so OOM killer doesn't
70 * trigger under memory pressure as we really just want to
73 const gfp_t flags = __GFP_NOWARN | __GFP_NORETRY | __GFP_ZERO;
76 if (size <= (PAGE_SIZE << PAGE_ALLOC_COSTLY_ORDER)) {
77 area = kmalloc(size, GFP_USER | flags);
82 return __vmalloc(size, GFP_KERNEL | flags, PAGE_KERNEL);
85 void bpf_map_area_free(void *area)
90 int bpf_map_precharge_memlock(u32 pages)
92 struct user_struct *user = get_current_user();
93 unsigned long memlock_limit, cur;
95 memlock_limit = rlimit(RLIMIT_MEMLOCK) >> PAGE_SHIFT;
96 cur = atomic_long_read(&user->locked_vm);
98 if (cur + pages > memlock_limit)
103 static int bpf_map_charge_memlock(struct bpf_map *map)
105 struct user_struct *user = get_current_user();
106 unsigned long memlock_limit;
108 memlock_limit = rlimit(RLIMIT_MEMLOCK) >> PAGE_SHIFT;
110 atomic_long_add(map->pages, &user->locked_vm);
112 if (atomic_long_read(&user->locked_vm) > memlock_limit) {
113 atomic_long_sub(map->pages, &user->locked_vm);
121 static void bpf_map_uncharge_memlock(struct bpf_map *map)
123 struct user_struct *user = map->user;
125 atomic_long_sub(map->pages, &user->locked_vm);
129 static int bpf_map_alloc_id(struct bpf_map *map)
133 spin_lock_bh(&map_idr_lock);
134 id = idr_alloc_cyclic(&map_idr, map, 1, INT_MAX, GFP_ATOMIC);
137 spin_unlock_bh(&map_idr_lock);
139 if (WARN_ON_ONCE(!id))
142 return id > 0 ? 0 : id;
145 static void bpf_map_free_id(struct bpf_map *map, bool do_idr_lock)
148 spin_lock_bh(&map_idr_lock);
150 __acquire(&map_idr_lock);
152 idr_remove(&map_idr, map->id);
155 spin_unlock_bh(&map_idr_lock);
157 __release(&map_idr_lock);
160 /* called from workqueue */
161 static void bpf_map_free_deferred(struct work_struct *work)
163 struct bpf_map *map = container_of(work, struct bpf_map, work);
165 bpf_map_uncharge_memlock(map);
166 /* implementation dependent freeing */
167 map->ops->map_free(map);
170 static void bpf_map_put_uref(struct bpf_map *map)
172 if (atomic_dec_and_test(&map->usercnt)) {
173 if (map->map_type == BPF_MAP_TYPE_PROG_ARRAY)
174 bpf_fd_array_map_clear(map);
178 /* decrement map refcnt and schedule it for freeing via workqueue
179 * (unrelying map implementation ops->map_free() might sleep)
181 static void __bpf_map_put(struct bpf_map *map, bool do_idr_lock)
183 if (atomic_dec_and_test(&map->refcnt)) {
184 /* bpf_map_free_id() must be called first */
185 bpf_map_free_id(map, do_idr_lock);
186 INIT_WORK(&map->work, bpf_map_free_deferred);
187 schedule_work(&map->work);
191 void bpf_map_put(struct bpf_map *map)
193 __bpf_map_put(map, true);
196 void bpf_map_put_with_uref(struct bpf_map *map)
198 bpf_map_put_uref(map);
202 static int bpf_map_release(struct inode *inode, struct file *filp)
204 struct bpf_map *map = filp->private_data;
206 if (map->ops->map_release)
207 map->ops->map_release(map, filp);
209 bpf_map_put_with_uref(map);
213 #ifdef CONFIG_PROC_FS
214 static void bpf_map_show_fdinfo(struct seq_file *m, struct file *filp)
216 const struct bpf_map *map = filp->private_data;
217 const struct bpf_array *array;
218 u32 owner_prog_type = 0;
221 if (map->map_type == BPF_MAP_TYPE_PROG_ARRAY) {
222 array = container_of(map, struct bpf_array, map);
223 owner_prog_type = array->owner_prog_type;
224 owner_jited = array->owner_jited;
239 map->pages * 1ULL << PAGE_SHIFT);
241 if (owner_prog_type) {
242 seq_printf(m, "owner_prog_type:\t%u\n",
244 seq_printf(m, "owner_jited:\t%u\n",
250 static const struct file_operations bpf_map_fops = {
251 #ifdef CONFIG_PROC_FS
252 .show_fdinfo = bpf_map_show_fdinfo,
254 .release = bpf_map_release,
257 int bpf_map_new_fd(struct bpf_map *map)
259 return anon_inode_getfd("bpf-map", &bpf_map_fops, map,
263 /* helper macro to check that unused fields 'union bpf_attr' are zero */
264 #define CHECK_ATTR(CMD) \
265 memchr_inv((void *) &attr->CMD##_LAST_FIELD + \
266 sizeof(attr->CMD##_LAST_FIELD), 0, \
268 offsetof(union bpf_attr, CMD##_LAST_FIELD) - \
269 sizeof(attr->CMD##_LAST_FIELD)) != NULL
271 #define BPF_MAP_CREATE_LAST_FIELD inner_map_fd
272 /* called via syscall */
273 static int map_create(union bpf_attr *attr)
278 err = CHECK_ATTR(BPF_MAP_CREATE);
282 /* find map type and init map: hashtable vs rbtree vs bloom vs ... */
283 map = find_and_alloc_map(attr);
287 atomic_set(&map->refcnt, 1);
288 atomic_set(&map->usercnt, 1);
290 err = bpf_map_charge_memlock(map);
292 goto free_map_nouncharge;
294 err = bpf_map_alloc_id(map);
298 err = bpf_map_new_fd(map);
300 /* failed to allocate fd.
301 * bpf_map_put() is needed because the above
302 * bpf_map_alloc_id() has published the map
303 * to the userspace and the userspace may
304 * have refcnt-ed it through BPF_MAP_GET_FD_BY_ID.
310 trace_bpf_map_create(map, err);
314 bpf_map_uncharge_memlock(map);
316 map->ops->map_free(map);
320 /* if error is returned, fd is released.
321 * On success caller should complete fd access with matching fdput()
323 struct bpf_map *__bpf_map_get(struct fd f)
326 return ERR_PTR(-EBADF);
327 if (f.file->f_op != &bpf_map_fops) {
329 return ERR_PTR(-EINVAL);
332 return f.file->private_data;
335 /* prog's and map's refcnt limit */
336 #define BPF_MAX_REFCNT 32768
338 struct bpf_map *bpf_map_inc(struct bpf_map *map, bool uref)
340 if (atomic_inc_return(&map->refcnt) > BPF_MAX_REFCNT) {
341 atomic_dec(&map->refcnt);
342 return ERR_PTR(-EBUSY);
345 atomic_inc(&map->usercnt);
349 struct bpf_map *bpf_map_get_with_uref(u32 ufd)
351 struct fd f = fdget(ufd);
354 map = __bpf_map_get(f);
358 map = bpf_map_inc(map, true);
364 /* map_idr_lock should have been held */
365 static struct bpf_map *bpf_map_inc_not_zero(struct bpf_map *map,
370 refold = __atomic_add_unless(&map->refcnt, 1, 0);
372 if (refold >= BPF_MAX_REFCNT) {
373 __bpf_map_put(map, false);
374 return ERR_PTR(-EBUSY);
378 return ERR_PTR(-ENOENT);
381 atomic_inc(&map->usercnt);
386 int __weak bpf_stackmap_copy(struct bpf_map *map, void *key, void *value)
391 /* last field in 'union bpf_attr' used by this command */
392 #define BPF_MAP_LOOKUP_ELEM_LAST_FIELD value
394 static int map_lookup_elem(union bpf_attr *attr)
396 void __user *ukey = u64_to_user_ptr(attr->key);
397 void __user *uvalue = u64_to_user_ptr(attr->value);
398 int ufd = attr->map_fd;
400 void *key, *value, *ptr;
405 if (CHECK_ATTR(BPF_MAP_LOOKUP_ELEM))
409 map = __bpf_map_get(f);
413 key = memdup_user(ukey, map->key_size);
419 if (map->map_type == BPF_MAP_TYPE_PERCPU_HASH ||
420 map->map_type == BPF_MAP_TYPE_LRU_PERCPU_HASH ||
421 map->map_type == BPF_MAP_TYPE_PERCPU_ARRAY)
422 value_size = round_up(map->value_size, 8) * num_possible_cpus();
423 else if (IS_FD_MAP(map))
424 value_size = sizeof(u32);
426 value_size = map->value_size;
429 value = kmalloc(value_size, GFP_USER | __GFP_NOWARN);
433 if (map->map_type == BPF_MAP_TYPE_PERCPU_HASH ||
434 map->map_type == BPF_MAP_TYPE_LRU_PERCPU_HASH) {
435 err = bpf_percpu_hash_copy(map, key, value);
436 } else if (map->map_type == BPF_MAP_TYPE_PERCPU_ARRAY) {
437 err = bpf_percpu_array_copy(map, key, value);
438 } else if (map->map_type == BPF_MAP_TYPE_STACK_TRACE) {
439 err = bpf_stackmap_copy(map, key, value);
440 } else if (IS_FD_ARRAY(map)) {
441 err = bpf_fd_array_map_lookup_elem(map, key, value);
442 } else if (IS_FD_HASH(map)) {
443 err = bpf_fd_htab_map_lookup_elem(map, key, value);
446 ptr = map->ops->map_lookup_elem(map, key);
448 memcpy(value, ptr, value_size);
450 err = ptr ? 0 : -ENOENT;
457 if (copy_to_user(uvalue, value, value_size) != 0)
460 trace_bpf_map_lookup_elem(map, ufd, key, value);
472 #define BPF_MAP_UPDATE_ELEM_LAST_FIELD flags
474 static int map_update_elem(union bpf_attr *attr)
476 void __user *ukey = u64_to_user_ptr(attr->key);
477 void __user *uvalue = u64_to_user_ptr(attr->value);
478 int ufd = attr->map_fd;
485 if (CHECK_ATTR(BPF_MAP_UPDATE_ELEM))
489 map = __bpf_map_get(f);
493 key = memdup_user(ukey, map->key_size);
499 if (map->map_type == BPF_MAP_TYPE_PERCPU_HASH ||
500 map->map_type == BPF_MAP_TYPE_LRU_PERCPU_HASH ||
501 map->map_type == BPF_MAP_TYPE_PERCPU_ARRAY)
502 value_size = round_up(map->value_size, 8) * num_possible_cpus();
504 value_size = map->value_size;
507 value = kmalloc(value_size, GFP_USER | __GFP_NOWARN);
512 if (copy_from_user(value, uvalue, value_size) != 0)
515 /* must increment bpf_prog_active to avoid kprobe+bpf triggering from
516 * inside bpf map update or delete otherwise deadlocks are possible
519 __this_cpu_inc(bpf_prog_active);
520 if (map->map_type == BPF_MAP_TYPE_PERCPU_HASH ||
521 map->map_type == BPF_MAP_TYPE_LRU_PERCPU_HASH) {
522 err = bpf_percpu_hash_update(map, key, value, attr->flags);
523 } else if (map->map_type == BPF_MAP_TYPE_PERCPU_ARRAY) {
524 err = bpf_percpu_array_update(map, key, value, attr->flags);
525 } else if (map->map_type == BPF_MAP_TYPE_PERF_EVENT_ARRAY ||
526 map->map_type == BPF_MAP_TYPE_PROG_ARRAY ||
527 map->map_type == BPF_MAP_TYPE_CGROUP_ARRAY ||
528 map->map_type == BPF_MAP_TYPE_ARRAY_OF_MAPS) {
530 err = bpf_fd_array_map_update_elem(map, f.file, key, value,
533 } else if (map->map_type == BPF_MAP_TYPE_HASH_OF_MAPS) {
535 err = bpf_fd_htab_map_update_elem(map, f.file, key, value,
540 err = map->ops->map_update_elem(map, key, value, attr->flags);
543 __this_cpu_dec(bpf_prog_active);
547 trace_bpf_map_update_elem(map, ufd, key, value);
557 #define BPF_MAP_DELETE_ELEM_LAST_FIELD key
559 static int map_delete_elem(union bpf_attr *attr)
561 void __user *ukey = u64_to_user_ptr(attr->key);
562 int ufd = attr->map_fd;
568 if (CHECK_ATTR(BPF_MAP_DELETE_ELEM))
572 map = __bpf_map_get(f);
576 key = memdup_user(ukey, map->key_size);
583 __this_cpu_inc(bpf_prog_active);
585 err = map->ops->map_delete_elem(map, key);
587 __this_cpu_dec(bpf_prog_active);
591 trace_bpf_map_delete_elem(map, ufd, key);
598 /* last field in 'union bpf_attr' used by this command */
599 #define BPF_MAP_GET_NEXT_KEY_LAST_FIELD next_key
601 static int map_get_next_key(union bpf_attr *attr)
603 void __user *ukey = u64_to_user_ptr(attr->key);
604 void __user *unext_key = u64_to_user_ptr(attr->next_key);
605 int ufd = attr->map_fd;
607 void *key, *next_key;
611 if (CHECK_ATTR(BPF_MAP_GET_NEXT_KEY))
615 map = __bpf_map_get(f);
620 key = memdup_user(ukey, map->key_size);
630 next_key = kmalloc(map->key_size, GFP_USER);
635 err = map->ops->map_get_next_key(map, key, next_key);
641 if (copy_to_user(unext_key, next_key, map->key_size) != 0)
644 trace_bpf_map_next_key(map, ufd, key, next_key);
656 static const struct bpf_verifier_ops * const bpf_prog_types[] = {
657 #define BPF_PROG_TYPE(_id, _ops) \
659 #define BPF_MAP_TYPE(_id, _ops)
660 #include <linux/bpf_types.h>
665 static int find_prog_type(enum bpf_prog_type type, struct bpf_prog *prog)
667 if (type >= ARRAY_SIZE(bpf_prog_types) || !bpf_prog_types[type])
670 prog->aux->ops = bpf_prog_types[type];
675 /* drop refcnt on maps used by eBPF program and free auxilary data */
676 static void free_used_maps(struct bpf_prog_aux *aux)
680 for (i = 0; i < aux->used_map_cnt; i++)
681 bpf_map_put(aux->used_maps[i]);
683 kfree(aux->used_maps);
686 int __bpf_prog_charge(struct user_struct *user, u32 pages)
688 unsigned long memlock_limit = rlimit(RLIMIT_MEMLOCK) >> PAGE_SHIFT;
689 unsigned long user_bufs;
692 user_bufs = atomic_long_add_return(pages, &user->locked_vm);
693 if (user_bufs > memlock_limit) {
694 atomic_long_sub(pages, &user->locked_vm);
702 void __bpf_prog_uncharge(struct user_struct *user, u32 pages)
705 atomic_long_sub(pages, &user->locked_vm);
708 static int bpf_prog_charge_memlock(struct bpf_prog *prog)
710 struct user_struct *user = get_current_user();
713 ret = __bpf_prog_charge(user, prog->pages);
719 prog->aux->user = user;
723 static void bpf_prog_uncharge_memlock(struct bpf_prog *prog)
725 struct user_struct *user = prog->aux->user;
727 __bpf_prog_uncharge(user, prog->pages);
731 static int bpf_prog_alloc_id(struct bpf_prog *prog)
735 spin_lock_bh(&prog_idr_lock);
736 id = idr_alloc_cyclic(&prog_idr, prog, 1, INT_MAX, GFP_ATOMIC);
739 spin_unlock_bh(&prog_idr_lock);
741 /* id is in [1, INT_MAX) */
742 if (WARN_ON_ONCE(!id))
745 return id > 0 ? 0 : id;
748 static void bpf_prog_free_id(struct bpf_prog *prog, bool do_idr_lock)
750 /* cBPF to eBPF migrations are currently not in the idr store. */
755 spin_lock_bh(&prog_idr_lock);
757 __acquire(&prog_idr_lock);
759 idr_remove(&prog_idr, prog->aux->id);
762 spin_unlock_bh(&prog_idr_lock);
764 __release(&prog_idr_lock);
767 static void __bpf_prog_put_rcu(struct rcu_head *rcu)
769 struct bpf_prog_aux *aux = container_of(rcu, struct bpf_prog_aux, rcu);
772 bpf_prog_uncharge_memlock(aux->prog);
773 bpf_prog_free(aux->prog);
776 static void __bpf_prog_put(struct bpf_prog *prog, bool do_idr_lock)
778 if (atomic_dec_and_test(&prog->aux->refcnt)) {
779 trace_bpf_prog_put_rcu(prog);
780 /* bpf_prog_free_id() must be called first */
781 bpf_prog_free_id(prog, do_idr_lock);
782 bpf_prog_kallsyms_del(prog);
783 call_rcu(&prog->aux->rcu, __bpf_prog_put_rcu);
787 void bpf_prog_put(struct bpf_prog *prog)
789 __bpf_prog_put(prog, true);
791 EXPORT_SYMBOL_GPL(bpf_prog_put);
793 static int bpf_prog_release(struct inode *inode, struct file *filp)
795 struct bpf_prog *prog = filp->private_data;
801 #ifdef CONFIG_PROC_FS
802 static void bpf_prog_show_fdinfo(struct seq_file *m, struct file *filp)
804 const struct bpf_prog *prog = filp->private_data;
805 char prog_tag[sizeof(prog->tag) * 2 + 1] = { };
807 bin2hex(prog_tag, prog->tag, sizeof(prog->tag));
816 prog->pages * 1ULL << PAGE_SHIFT);
820 static const struct file_operations bpf_prog_fops = {
821 #ifdef CONFIG_PROC_FS
822 .show_fdinfo = bpf_prog_show_fdinfo,
824 .release = bpf_prog_release,
827 int bpf_prog_new_fd(struct bpf_prog *prog)
829 return anon_inode_getfd("bpf-prog", &bpf_prog_fops, prog,
833 static struct bpf_prog *____bpf_prog_get(struct fd f)
836 return ERR_PTR(-EBADF);
837 if (f.file->f_op != &bpf_prog_fops) {
839 return ERR_PTR(-EINVAL);
842 return f.file->private_data;
845 struct bpf_prog *bpf_prog_add(struct bpf_prog *prog, int i)
847 if (atomic_add_return(i, &prog->aux->refcnt) > BPF_MAX_REFCNT) {
848 atomic_sub(i, &prog->aux->refcnt);
849 return ERR_PTR(-EBUSY);
853 EXPORT_SYMBOL_GPL(bpf_prog_add);
855 void bpf_prog_sub(struct bpf_prog *prog, int i)
857 /* Only to be used for undoing previous bpf_prog_add() in some
858 * error path. We still know that another entity in our call
859 * path holds a reference to the program, thus atomic_sub() can
860 * be safely used in such cases!
862 WARN_ON(atomic_sub_return(i, &prog->aux->refcnt) == 0);
864 EXPORT_SYMBOL_GPL(bpf_prog_sub);
866 struct bpf_prog *bpf_prog_inc(struct bpf_prog *prog)
868 return bpf_prog_add(prog, 1);
870 EXPORT_SYMBOL_GPL(bpf_prog_inc);
872 /* prog_idr_lock should have been held */
873 static struct bpf_prog *bpf_prog_inc_not_zero(struct bpf_prog *prog)
877 refold = __atomic_add_unless(&prog->aux->refcnt, 1, 0);
879 if (refold >= BPF_MAX_REFCNT) {
880 __bpf_prog_put(prog, false);
881 return ERR_PTR(-EBUSY);
885 return ERR_PTR(-ENOENT);
890 static struct bpf_prog *__bpf_prog_get(u32 ufd, enum bpf_prog_type *type)
892 struct fd f = fdget(ufd);
893 struct bpf_prog *prog;
895 prog = ____bpf_prog_get(f);
898 if (type && prog->type != *type) {
899 prog = ERR_PTR(-EINVAL);
903 prog = bpf_prog_inc(prog);
909 struct bpf_prog *bpf_prog_get(u32 ufd)
911 return __bpf_prog_get(ufd, NULL);
914 struct bpf_prog *bpf_prog_get_type(u32 ufd, enum bpf_prog_type type)
916 struct bpf_prog *prog = __bpf_prog_get(ufd, &type);
919 trace_bpf_prog_get_type(prog);
922 EXPORT_SYMBOL_GPL(bpf_prog_get_type);
924 /* last field in 'union bpf_attr' used by this command */
925 #define BPF_PROG_LOAD_LAST_FIELD prog_flags
927 static int bpf_prog_load(union bpf_attr *attr)
929 enum bpf_prog_type type = attr->prog_type;
930 struct bpf_prog *prog;
935 if (CHECK_ATTR(BPF_PROG_LOAD))
938 if (attr->prog_flags & ~BPF_F_STRICT_ALIGNMENT)
941 /* copy eBPF program license from user space */
942 if (strncpy_from_user(license, u64_to_user_ptr(attr->license),
943 sizeof(license) - 1) < 0)
945 license[sizeof(license) - 1] = 0;
947 /* eBPF programs must be GPL compatible to use GPL-ed functions */
948 is_gpl = license_is_gpl_compatible(license);
950 if (attr->insn_cnt == 0 || attr->insn_cnt > BPF_MAXINSNS)
953 if (type == BPF_PROG_TYPE_KPROBE &&
954 attr->kern_version != LINUX_VERSION_CODE)
957 if (type != BPF_PROG_TYPE_SOCKET_FILTER &&
958 type != BPF_PROG_TYPE_CGROUP_SKB &&
959 !capable(CAP_SYS_ADMIN))
962 /* plain bpf_prog allocation */
963 prog = bpf_prog_alloc(bpf_prog_size(attr->insn_cnt), GFP_USER);
967 err = bpf_prog_charge_memlock(prog);
969 goto free_prog_nouncharge;
971 prog->len = attr->insn_cnt;
974 if (copy_from_user(prog->insns, u64_to_user_ptr(attr->insns),
975 bpf_prog_insn_size(prog)) != 0)
978 prog->orig_prog = NULL;
981 atomic_set(&prog->aux->refcnt, 1);
982 prog->gpl_compatible = is_gpl ? 1 : 0;
984 /* find program type: socket_filter vs tracing_filter */
985 err = find_prog_type(type, prog);
989 /* run eBPF verifier */
990 err = bpf_check(&prog, attr);
994 /* eBPF program is ready to be JITed */
995 prog = bpf_prog_select_runtime(prog, &err);
999 err = bpf_prog_alloc_id(prog);
1001 goto free_used_maps;
1003 err = bpf_prog_new_fd(prog);
1005 /* failed to allocate fd.
1006 * bpf_prog_put() is needed because the above
1007 * bpf_prog_alloc_id() has published the prog
1008 * to the userspace and the userspace may
1009 * have refcnt-ed it through BPF_PROG_GET_FD_BY_ID.
1015 bpf_prog_kallsyms_add(prog);
1016 trace_bpf_prog_load(prog, err);
1020 free_used_maps(prog->aux);
1022 bpf_prog_uncharge_memlock(prog);
1023 free_prog_nouncharge:
1024 bpf_prog_free(prog);
1028 #define BPF_OBJ_LAST_FIELD bpf_fd
1030 static int bpf_obj_pin(const union bpf_attr *attr)
1032 if (CHECK_ATTR(BPF_OBJ))
1035 return bpf_obj_pin_user(attr->bpf_fd, u64_to_user_ptr(attr->pathname));
1038 static int bpf_obj_get(const union bpf_attr *attr)
1040 if (CHECK_ATTR(BPF_OBJ) || attr->bpf_fd != 0)
1043 return bpf_obj_get_user(u64_to_user_ptr(attr->pathname));
1046 #ifdef CONFIG_CGROUP_BPF
1048 #define BPF_PROG_ATTACH_LAST_FIELD attach_flags
1050 static int bpf_prog_attach(const union bpf_attr *attr)
1052 enum bpf_prog_type ptype;
1053 struct bpf_prog *prog;
1054 struct cgroup *cgrp;
1057 if (!capable(CAP_NET_ADMIN))
1060 if (CHECK_ATTR(BPF_PROG_ATTACH))
1063 if (attr->attach_flags & ~BPF_F_ALLOW_OVERRIDE)
1066 switch (attr->attach_type) {
1067 case BPF_CGROUP_INET_INGRESS:
1068 case BPF_CGROUP_INET_EGRESS:
1069 ptype = BPF_PROG_TYPE_CGROUP_SKB;
1071 case BPF_CGROUP_INET_SOCK_CREATE:
1072 ptype = BPF_PROG_TYPE_CGROUP_SOCK;
1074 case BPF_CGROUP_SOCK_OPS:
1075 ptype = BPF_PROG_TYPE_SOCK_OPS;
1081 prog = bpf_prog_get_type(attr->attach_bpf_fd, ptype);
1083 return PTR_ERR(prog);
1085 cgrp = cgroup_get_from_fd(attr->target_fd);
1088 return PTR_ERR(cgrp);
1091 ret = cgroup_bpf_update(cgrp, prog, attr->attach_type,
1092 attr->attach_flags & BPF_F_ALLOW_OVERRIDE);
1100 #define BPF_PROG_DETACH_LAST_FIELD attach_type
1102 static int bpf_prog_detach(const union bpf_attr *attr)
1104 struct cgroup *cgrp;
1107 if (!capable(CAP_NET_ADMIN))
1110 if (CHECK_ATTR(BPF_PROG_DETACH))
1113 switch (attr->attach_type) {
1114 case BPF_CGROUP_INET_INGRESS:
1115 case BPF_CGROUP_INET_EGRESS:
1116 case BPF_CGROUP_INET_SOCK_CREATE:
1117 case BPF_CGROUP_SOCK_OPS:
1118 cgrp = cgroup_get_from_fd(attr->target_fd);
1120 return PTR_ERR(cgrp);
1122 ret = cgroup_bpf_update(cgrp, NULL, attr->attach_type, false);
1133 #endif /* CONFIG_CGROUP_BPF */
1135 #define BPF_PROG_TEST_RUN_LAST_FIELD test.duration
1137 static int bpf_prog_test_run(const union bpf_attr *attr,
1138 union bpf_attr __user *uattr)
1140 struct bpf_prog *prog;
1141 int ret = -ENOTSUPP;
1143 if (CHECK_ATTR(BPF_PROG_TEST_RUN))
1146 prog = bpf_prog_get(attr->test.prog_fd);
1148 return PTR_ERR(prog);
1150 if (prog->aux->ops->test_run)
1151 ret = prog->aux->ops->test_run(prog, attr, uattr);
1157 #define BPF_OBJ_GET_NEXT_ID_LAST_FIELD next_id
1159 static int bpf_obj_get_next_id(const union bpf_attr *attr,
1160 union bpf_attr __user *uattr,
1164 u32 next_id = attr->start_id;
1167 if (CHECK_ATTR(BPF_OBJ_GET_NEXT_ID) || next_id >= INT_MAX)
1170 if (!capable(CAP_SYS_ADMIN))
1175 if (!idr_get_next(idr, &next_id))
1177 spin_unlock_bh(lock);
1180 err = put_user(next_id, &uattr->next_id);
1185 #define BPF_PROG_GET_FD_BY_ID_LAST_FIELD prog_id
1187 static int bpf_prog_get_fd_by_id(const union bpf_attr *attr)
1189 struct bpf_prog *prog;
1190 u32 id = attr->prog_id;
1193 if (CHECK_ATTR(BPF_PROG_GET_FD_BY_ID))
1196 if (!capable(CAP_SYS_ADMIN))
1199 spin_lock_bh(&prog_idr_lock);
1200 prog = idr_find(&prog_idr, id);
1202 prog = bpf_prog_inc_not_zero(prog);
1204 prog = ERR_PTR(-ENOENT);
1205 spin_unlock_bh(&prog_idr_lock);
1208 return PTR_ERR(prog);
1210 fd = bpf_prog_new_fd(prog);
1217 #define BPF_MAP_GET_FD_BY_ID_LAST_FIELD map_id
1219 static int bpf_map_get_fd_by_id(const union bpf_attr *attr)
1221 struct bpf_map *map;
1222 u32 id = attr->map_id;
1225 if (CHECK_ATTR(BPF_MAP_GET_FD_BY_ID))
1228 if (!capable(CAP_SYS_ADMIN))
1231 spin_lock_bh(&map_idr_lock);
1232 map = idr_find(&map_idr, id);
1234 map = bpf_map_inc_not_zero(map, true);
1236 map = ERR_PTR(-ENOENT);
1237 spin_unlock_bh(&map_idr_lock);
1240 return PTR_ERR(map);
1242 fd = bpf_map_new_fd(map);
1249 static int check_uarg_tail_zero(void __user *uaddr,
1250 size_t expected_size,
1253 unsigned char __user *addr;
1254 unsigned char __user *end;
1258 if (actual_size <= expected_size)
1261 addr = uaddr + expected_size;
1262 end = uaddr + actual_size;
1264 for (; addr < end; addr++) {
1265 err = get_user(val, addr);
1275 static int bpf_prog_get_info_by_fd(struct bpf_prog *prog,
1276 const union bpf_attr *attr,
1277 union bpf_attr __user *uattr)
1279 struct bpf_prog_info __user *uinfo = u64_to_user_ptr(attr->info.info);
1280 struct bpf_prog_info info = {};
1281 u32 info_len = attr->info.info_len;
1282 char __user *uinsns;
1286 err = check_uarg_tail_zero(uinfo, sizeof(info), info_len);
1289 info_len = min_t(u32, sizeof(info), info_len);
1291 if (copy_from_user(&info, uinfo, info_len))
1294 info.type = prog->type;
1295 info.id = prog->aux->id;
1297 memcpy(info.tag, prog->tag, sizeof(prog->tag));
1299 if (!capable(CAP_SYS_ADMIN)) {
1300 info.jited_prog_len = 0;
1301 info.xlated_prog_len = 0;
1305 ulen = info.jited_prog_len;
1306 info.jited_prog_len = prog->jited_len;
1307 if (info.jited_prog_len && ulen) {
1308 uinsns = u64_to_user_ptr(info.jited_prog_insns);
1309 ulen = min_t(u32, info.jited_prog_len, ulen);
1310 if (copy_to_user(uinsns, prog->bpf_func, ulen))
1314 ulen = info.xlated_prog_len;
1315 info.xlated_prog_len = bpf_prog_insn_size(prog);
1316 if (info.xlated_prog_len && ulen) {
1317 uinsns = u64_to_user_ptr(info.xlated_prog_insns);
1318 ulen = min_t(u32, info.xlated_prog_len, ulen);
1319 if (copy_to_user(uinsns, prog->insnsi, ulen))
1324 if (copy_to_user(uinfo, &info, info_len) ||
1325 put_user(info_len, &uattr->info.info_len))
1331 static int bpf_map_get_info_by_fd(struct bpf_map *map,
1332 const union bpf_attr *attr,
1333 union bpf_attr __user *uattr)
1335 struct bpf_map_info __user *uinfo = u64_to_user_ptr(attr->info.info);
1336 struct bpf_map_info info = {};
1337 u32 info_len = attr->info.info_len;
1340 err = check_uarg_tail_zero(uinfo, sizeof(info), info_len);
1343 info_len = min_t(u32, sizeof(info), info_len);
1345 info.type = map->map_type;
1347 info.key_size = map->key_size;
1348 info.value_size = map->value_size;
1349 info.max_entries = map->max_entries;
1350 info.map_flags = map->map_flags;
1352 if (copy_to_user(uinfo, &info, info_len) ||
1353 put_user(info_len, &uattr->info.info_len))
1359 #define BPF_OBJ_GET_INFO_BY_FD_LAST_FIELD info.info
1361 static int bpf_obj_get_info_by_fd(const union bpf_attr *attr,
1362 union bpf_attr __user *uattr)
1364 int ufd = attr->info.bpf_fd;
1368 if (CHECK_ATTR(BPF_OBJ_GET_INFO_BY_FD))
1375 if (f.file->f_op == &bpf_prog_fops)
1376 err = bpf_prog_get_info_by_fd(f.file->private_data, attr,
1378 else if (f.file->f_op == &bpf_map_fops)
1379 err = bpf_map_get_info_by_fd(f.file->private_data, attr,
1388 SYSCALL_DEFINE3(bpf, int, cmd, union bpf_attr __user *, uattr, unsigned int, size)
1390 union bpf_attr attr = {};
1393 if (!capable(CAP_SYS_ADMIN) && sysctl_unprivileged_bpf_disabled)
1396 if (!access_ok(VERIFY_READ, uattr, 1))
1399 if (size > PAGE_SIZE) /* silly large */
1402 /* If we're handed a bigger struct than we know of,
1403 * ensure all the unknown bits are 0 - i.e. new
1404 * user-space does not rely on any kernel feature
1405 * extensions we dont know about yet.
1407 err = check_uarg_tail_zero(uattr, sizeof(attr), size);
1410 size = min_t(u32, size, sizeof(attr));
1412 /* copy attributes from user space, may be less than sizeof(bpf_attr) */
1413 if (copy_from_user(&attr, uattr, size) != 0)
1417 case BPF_MAP_CREATE:
1418 err = map_create(&attr);
1420 case BPF_MAP_LOOKUP_ELEM:
1421 err = map_lookup_elem(&attr);
1423 case BPF_MAP_UPDATE_ELEM:
1424 err = map_update_elem(&attr);
1426 case BPF_MAP_DELETE_ELEM:
1427 err = map_delete_elem(&attr);
1429 case BPF_MAP_GET_NEXT_KEY:
1430 err = map_get_next_key(&attr);
1433 err = bpf_prog_load(&attr);
1436 err = bpf_obj_pin(&attr);
1439 err = bpf_obj_get(&attr);
1441 #ifdef CONFIG_CGROUP_BPF
1442 case BPF_PROG_ATTACH:
1443 err = bpf_prog_attach(&attr);
1445 case BPF_PROG_DETACH:
1446 err = bpf_prog_detach(&attr);
1449 case BPF_PROG_TEST_RUN:
1450 err = bpf_prog_test_run(&attr, uattr);
1452 case BPF_PROG_GET_NEXT_ID:
1453 err = bpf_obj_get_next_id(&attr, uattr,
1454 &prog_idr, &prog_idr_lock);
1456 case BPF_MAP_GET_NEXT_ID:
1457 err = bpf_obj_get_next_id(&attr, uattr,
1458 &map_idr, &map_idr_lock);
1460 case BPF_PROG_GET_FD_BY_ID:
1461 err = bpf_prog_get_fd_by_id(&attr);
1463 case BPF_MAP_GET_FD_BY_ID:
1464 err = bpf_map_get_fd_by_id(&attr);
1466 case BPF_OBJ_GET_INFO_BY_FD:
1467 err = bpf_obj_get_info_by_fd(&attr, uattr);
projects / karo-tx-linux.git / blob