1 // SPDX-License-Identifier: GPL-2.0
4 #include <linux/filter.h>
5 #include <net/net_namespace.h>
8 * Functions to manage BPF programs attached to netns
11 struct bpf_netns_link {
13 enum bpf_attach_type type;
14 enum netns_bpf_attach_type netns_type;
16 /* We don't hold a ref to net in order to auto-detach the link
17 * when netns is going away. Instead we rely on pernet
18 * pre_exit callback to clear this pointer. Must be accessed
19 * with netns_bpf_mutex held.
24 /* Protects updates to netns_bpf */
25 DEFINE_MUTEX(netns_bpf_mutex);
27 /* Must be called with netns_bpf_mutex held. */
28 static void __net_exit bpf_netns_link_auto_detach(struct bpf_link *link)
30 struct bpf_netns_link *net_link =
31 container_of(link, struct bpf_netns_link, link);
36 /* Must be called with netns_bpf_mutex held. */
37 static void netns_bpf_run_array_detach(struct net *net,
38 enum netns_bpf_attach_type type)
40 struct bpf_prog_array *run_array;
42 run_array = rcu_replace_pointer(net->bpf.run_array[type], NULL,
43 lockdep_is_held(&netns_bpf_mutex));
44 bpf_prog_array_free(run_array);
47 static void bpf_netns_link_release(struct bpf_link *link)
49 struct bpf_netns_link *net_link =
50 container_of(link, struct bpf_netns_link, link);
51 enum netns_bpf_attach_type type = net_link->netns_type;
54 /* Link auto-detached by dying netns. */
58 mutex_lock(&netns_bpf_mutex);
60 /* Recheck after potential sleep. We can race with cleanup_net
61 * here, but if we see a non-NULL struct net pointer pre_exit
62 * has not happened yet and will block on netns_bpf_mutex.
68 netns_bpf_run_array_detach(net, type);
69 net->bpf.links[type] = NULL;
72 mutex_unlock(&netns_bpf_mutex);
75 static void bpf_netns_link_dealloc(struct bpf_link *link)
77 struct bpf_netns_link *net_link =
78 container_of(link, struct bpf_netns_link, link);
83 static int bpf_netns_link_update_prog(struct bpf_link *link,
84 struct bpf_prog *new_prog,
85 struct bpf_prog *old_prog)
87 struct bpf_netns_link *net_link =
88 container_of(link, struct bpf_netns_link, link);
89 enum netns_bpf_attach_type type = net_link->netns_type;
90 struct bpf_prog_array *run_array;
94 if (old_prog && old_prog != link->prog)
96 if (new_prog->type != link->prog->type)
99 mutex_lock(&netns_bpf_mutex);
102 if (!net || !check_net(net)) {
103 /* Link auto-detached or netns dying */
108 run_array = rcu_dereference_protected(net->bpf.run_array[type],
109 lockdep_is_held(&netns_bpf_mutex));
110 WRITE_ONCE(run_array->items[0].prog, new_prog);
112 old_prog = xchg(&link->prog, new_prog);
113 bpf_prog_put(old_prog);
116 mutex_unlock(&netns_bpf_mutex);
120 static int bpf_netns_link_fill_info(const struct bpf_link *link,
121 struct bpf_link_info *info)
123 const struct bpf_netns_link *net_link =
124 container_of(link, struct bpf_netns_link, link);
125 unsigned int inum = 0;
128 mutex_lock(&netns_bpf_mutex);
130 if (net && check_net(net))
132 mutex_unlock(&netns_bpf_mutex);
134 info->netns.netns_ino = inum;
135 info->netns.attach_type = net_link->type;
139 static void bpf_netns_link_show_fdinfo(const struct bpf_link *link,
140 struct seq_file *seq)
142 struct bpf_link_info info = {};
144 bpf_netns_link_fill_info(link, &info);
147 "attach_type:\t%u\n",
148 info.netns.netns_ino,
149 info.netns.attach_type);
152 static const struct bpf_link_ops bpf_netns_link_ops = {
153 .release = bpf_netns_link_release,
154 .dealloc = bpf_netns_link_dealloc,
155 .update_prog = bpf_netns_link_update_prog,
156 .fill_link_info = bpf_netns_link_fill_info,
157 .show_fdinfo = bpf_netns_link_show_fdinfo,
160 /* Must be called with netns_bpf_mutex held. */
161 static int __netns_bpf_prog_query(const union bpf_attr *attr,
162 union bpf_attr __user *uattr,
164 enum netns_bpf_attach_type type)
166 __u32 __user *prog_ids = u64_to_user_ptr(attr->query.prog_ids);
167 struct bpf_prog_array *run_array;
168 u32 prog_cnt = 0, flags = 0;
170 run_array = rcu_dereference_protected(net->bpf.run_array[type],
171 lockdep_is_held(&netns_bpf_mutex));
173 prog_cnt = bpf_prog_array_length(run_array);
175 if (copy_to_user(&uattr->query.attach_flags, &flags, sizeof(flags)))
177 if (copy_to_user(&uattr->query.prog_cnt, &prog_cnt, sizeof(prog_cnt)))
179 if (!attr->query.prog_cnt || !prog_ids || !prog_cnt)
182 return bpf_prog_array_copy_to_user(run_array, prog_ids,
183 attr->query.prog_cnt);
186 int netns_bpf_prog_query(const union bpf_attr *attr,
187 union bpf_attr __user *uattr)
189 enum netns_bpf_attach_type type;
193 if (attr->query.query_flags)
196 type = to_netns_bpf_attach_type(attr->query.attach_type);
200 net = get_net_ns_by_fd(attr->query.target_fd);
204 mutex_lock(&netns_bpf_mutex);
205 ret = __netns_bpf_prog_query(attr, uattr, net, type);
206 mutex_unlock(&netns_bpf_mutex);
212 int netns_bpf_prog_attach(const union bpf_attr *attr, struct bpf_prog *prog)
214 struct bpf_prog_array *run_array;
215 enum netns_bpf_attach_type type;
216 struct bpf_prog *attached;
220 type = to_netns_bpf_attach_type(attr->attach_type);
224 net = current->nsproxy->net_ns;
225 mutex_lock(&netns_bpf_mutex);
227 /* Attaching prog directly is not compatible with links */
228 if (net->bpf.links[type]) {
234 case NETNS_BPF_FLOW_DISSECTOR:
235 ret = flow_dissector_bpf_prog_attach_check(net, prog);
244 attached = net->bpf.progs[type];
245 if (attached == prog) {
246 /* The same program cannot be attached twice */
251 run_array = rcu_dereference_protected(net->bpf.run_array[type],
252 lockdep_is_held(&netns_bpf_mutex));
254 WRITE_ONCE(run_array->items[0].prog, prog);
256 run_array = bpf_prog_array_alloc(1, GFP_KERNEL);
261 run_array->items[0].prog = prog;
262 rcu_assign_pointer(net->bpf.run_array[type], run_array);
265 net->bpf.progs[type] = prog;
267 bpf_prog_put(attached);
270 mutex_unlock(&netns_bpf_mutex);
275 /* Must be called with netns_bpf_mutex held. */
276 static int __netns_bpf_prog_detach(struct net *net,
277 enum netns_bpf_attach_type type)
279 struct bpf_prog *attached;
281 /* Progs attached via links cannot be detached */
282 if (net->bpf.links[type])
285 attached = net->bpf.progs[type];
288 netns_bpf_run_array_detach(net, type);
289 net->bpf.progs[type] = NULL;
290 bpf_prog_put(attached);
294 int netns_bpf_prog_detach(const union bpf_attr *attr)
296 enum netns_bpf_attach_type type;
299 type = to_netns_bpf_attach_type(attr->attach_type);
303 mutex_lock(&netns_bpf_mutex);
304 ret = __netns_bpf_prog_detach(current->nsproxy->net_ns, type);
305 mutex_unlock(&netns_bpf_mutex);
310 static int netns_bpf_link_attach(struct net *net, struct bpf_link *link,
311 enum netns_bpf_attach_type type)
313 struct bpf_prog_array *run_array;
316 mutex_lock(&netns_bpf_mutex);
318 /* Allow attaching only one prog or link for now */
319 if (net->bpf.links[type]) {
323 /* Links are not compatible with attaching prog directly */
324 if (net->bpf.progs[type]) {
330 case NETNS_BPF_FLOW_DISSECTOR:
331 err = flow_dissector_bpf_prog_attach_check(net, link->prog);
340 run_array = bpf_prog_array_alloc(1, GFP_KERNEL);
345 run_array->items[0].prog = link->prog;
346 rcu_assign_pointer(net->bpf.run_array[type], run_array);
348 net->bpf.links[type] = link;
351 mutex_unlock(&netns_bpf_mutex);
355 int netns_bpf_link_create(const union bpf_attr *attr, struct bpf_prog *prog)
357 enum netns_bpf_attach_type netns_type;
358 struct bpf_link_primer link_primer;
359 struct bpf_netns_link *net_link;
360 enum bpf_attach_type type;
364 if (attr->link_create.flags)
367 type = attr->link_create.attach_type;
368 netns_type = to_netns_bpf_attach_type(type);
372 net = get_net_ns_by_fd(attr->link_create.target_fd);
376 net_link = kzalloc(sizeof(*net_link), GFP_USER);
381 bpf_link_init(&net_link->link, BPF_LINK_TYPE_NETNS,
382 &bpf_netns_link_ops, prog);
384 net_link->type = type;
385 net_link->netns_type = netns_type;
387 err = bpf_link_prime(&net_link->link, &link_primer);
393 err = netns_bpf_link_attach(net, &net_link->link, netns_type);
395 bpf_link_cleanup(&link_primer);
400 return bpf_link_settle(&link_primer);
407 static void __net_exit netns_bpf_pernet_pre_exit(struct net *net)
409 enum netns_bpf_attach_type type;
410 struct bpf_link *link;
412 mutex_lock(&netns_bpf_mutex);
413 for (type = 0; type < MAX_NETNS_BPF_ATTACH_TYPE; type++) {
414 netns_bpf_run_array_detach(net, type);
415 link = net->bpf.links[type];
417 bpf_netns_link_auto_detach(link);
418 else if (net->bpf.progs[type])
419 bpf_prog_put(net->bpf.progs[type]);
421 mutex_unlock(&netns_bpf_mutex);
424 static struct pernet_operations netns_bpf_pernet_ops __net_initdata = {
425 .pre_exit = netns_bpf_pernet_pre_exit,
428 static int __init netns_bpf_init(void)
430 return register_pernet_subsys(&netns_bpf_pernet_ops);
433 subsys_initcall(netns_bpf_init);
projects / linux-2.6-microblaze.git / blob