1	/* SPDX-License-Identifier: GPL-2.0 */
2	/*
3	* Linux Socket Filter Data Structures
4	*/
5	#ifndef __LINUX_FILTER_H__
6	#define __LINUX_FILTER_H__
7
8	#include <linux/atomic.h>
9	#include <linux/bpf.h>
10	#include <linux/refcount.h>
11	#include <linux/compat.h>
12	#include <linux/skbuff.h>
13	#include <linux/linkage.h>
14	#include <linux/printk.h>
15	#include <linux/workqueue.h>
16	#include <linux/sched.h>
17	#include <linux/sched/clock.h>
18	#include <linux/capability.h>
19	#include <linux/set_memory.h>
20	#include <linux/kallsyms.h>
21	#include <linux/if_vlan.h>
22	#include <linux/vmalloc.h>
23	#include <linux/sockptr.h>
24	#include <crypto/sha1.h>
25	#include <linux/u64_stats_sync.h>
26
27	#include <net/sch_generic.h>
28
29	#include <asm/byteorder.h>
30	#include <uapi/linux/filter.h>
31
32	struct sk_buff;
33	struct sock;
34	struct seccomp_data;
35	struct bpf_prog_aux;
36	struct xdp_rxq_info;
37	struct xdp_buff;
38	struct sock_reuseport;
39	struct ctl_table;
40	struct ctl_table_header;
41
42	/* ArgX, context and stack frame pointer register positions. Note,
43	* Arg1, Arg2, Arg3, etc are used as argument mappings of function
44	* calls in BPF_CALL instruction.
45	*/
46	#define BPF_REG_ARG1 BPF_REG_1
47	#define BPF_REG_ARG2 BPF_REG_2
48	#define BPF_REG_ARG3 BPF_REG_3
49	#define BPF_REG_ARG4 BPF_REG_4
50	#define BPF_REG_ARG5 BPF_REG_5
51	#define BPF_REG_CTX BPF_REG_6
52	#define BPF_REG_FP BPF_REG_10
53
54	/* Additional register mappings for converted user programs. */
55	#define BPF_REG_A BPF_REG_0
56	#define BPF_REG_X BPF_REG_7
57	#define BPF_REG_TMP BPF_REG_2 /* scratch reg */
58	#define BPF_REG_D BPF_REG_8 /* data, callee-saved */
59	#define BPF_REG_H BPF_REG_9 /* hlen, callee-saved */
60
61	/* Kernel hidden auxiliary/helper register. */
62	#define BPF_REG_AX MAX_BPF_REG
63	#define MAX_BPF_EXT_REG (MAX_BPF_REG + 1)
64	#define MAX_BPF_JIT_REG MAX_BPF_EXT_REG
65
66	/* unused opcode to mark special call to bpf_tail_call() helper */
67	#define BPF_TAIL_CALL 0xf0
68
69	/* unused opcode to mark special load instruction. Same as BPF_ABS */
70	#define BPF_PROBE_MEM 0x20
71
72	/* unused opcode to mark special ldsx instruction. Same as BPF_IND */
73	#define BPF_PROBE_MEMSX 0x40
74
75	/* unused opcode to mark call to interpreter with arguments */
76	#define BPF_CALL_ARGS 0xe0
77
78	/* unused opcode to mark speculation barrier for mitigating
79	* Speculative Store Bypass
80	*/
81	#define BPF_NOSPEC 0xc0
82
83	/* As per nm, we expose JITed images as text (code) section for
84	* kallsyms. That way, tools like perf can find it to match
85	* addresses.
86	*/
87	#define BPF_SYM_ELF_TYPE 't'
88
89	/* BPF program can access up to 512 bytes of stack space. */
90	#define MAX_BPF_STACK 512
91
92	/* Helper macros for filter block array initializers. */
93
94	/* ALU ops on registers, bpf_add|sub|...: dst_reg += src_reg */
95
96	#define BPF_ALU64_REG_OFF(OP, DST, SRC, OFF) \
97	((struct bpf_insn) { \
98	.code = BPF_ALU64 | BPF_OP(OP) | BPF_X, \
99	.dst_reg = DST, \
100	.src_reg = SRC, \
101	.off = OFF, \
102	.imm = 0 })
103
104	#define BPF_ALU64_REG(OP, DST, SRC) \
105	BPF_ALU64_REG_OFF(OP, DST, SRC, 0)
106
107	#define BPF_ALU32_REG_OFF(OP, DST, SRC, OFF) \
108	((struct bpf_insn) { \
109	.code = BPF_ALU | BPF_OP(OP) | BPF_X, \
110	.dst_reg = DST, \
111	.src_reg = SRC, \
112	.off = OFF, \
113	.imm = 0 })
114
115	#define BPF_ALU32_REG(OP, DST, SRC) \
116	BPF_ALU32_REG_OFF(OP, DST, SRC, 0)
117
118	/* ALU ops on immediates, bpf_add|sub|...: dst_reg += imm32 */
119
120	#define BPF_ALU64_IMM_OFF(OP, DST, IMM, OFF) \
121	((struct bpf_insn) { \
122	.code = BPF_ALU64 | BPF_OP(OP) | BPF_K, \
123	.dst_reg = DST, \
124	.src_reg = 0, \
125	.off = OFF, \
126	.imm = IMM })
127	#define BPF_ALU64_IMM(OP, DST, IMM) \
128	BPF_ALU64_IMM_OFF(OP, DST, IMM, 0)
129
130	#define BPF_ALU32_IMM_OFF(OP, DST, IMM, OFF) \
131	((struct bpf_insn) { \
132	.code = BPF_ALU | BPF_OP(OP) | BPF_K, \
133	.dst_reg = DST, \
134	.src_reg = 0, \
135	.off = OFF, \
136	.imm = IMM })
137	#define BPF_ALU32_IMM(OP, DST, IMM) \
138	BPF_ALU32_IMM_OFF(OP, DST, IMM, 0)
139
140	/* Endianess conversion, cpu_to_{l,b}e(), {l,b}e_to_cpu() */
141
142	#define BPF_ENDIAN(TYPE, DST, LEN) \
143	((struct bpf_insn) { \
144	.code = BPF_ALU | BPF_END | BPF_SRC(TYPE), \
145	.dst_reg = DST, \
146	.src_reg = 0, \
147	.off = 0, \
148	.imm = LEN })
149
150	/* Byte Swap, bswap16/32/64 */
151
152	#define BPF_BSWAP(DST, LEN) \
153	((struct bpf_insn) { \
154	.code = BPF_ALU64 | BPF_END | BPF_SRC(BPF_TO_LE), \
155	.dst_reg = DST, \
156	.src_reg = 0, \
157	.off = 0, \
158	.imm = LEN })
159
160	/* Short form of mov, dst_reg = src_reg */
161
162	#define BPF_MOV64_REG(DST, SRC) \
163	((struct bpf_insn) { \
164	.code = BPF_ALU64 | BPF_MOV | BPF_X, \
165	.dst_reg = DST, \
166	.src_reg = SRC, \
167	.off = 0, \
168	.imm = 0 })
169
170	#define BPF_MOV32_REG(DST, SRC) \
171	((struct bpf_insn) { \
172	.code = BPF_ALU | BPF_MOV | BPF_X, \
173	.dst_reg = DST, \
174	.src_reg = SRC, \
175	.off = 0, \
176	.imm = 0 })
177
178	/* Short form of mov, dst_reg = imm32 */
179
180	#define BPF_MOV64_IMM(DST, IMM) \
181	((struct bpf_insn) { \
182	.code = BPF_ALU64 | BPF_MOV | BPF_K, \
183	.dst_reg = DST, \
184	.src_reg = 0, \
185	.off = 0, \
186	.imm = IMM })
187
188	#define BPF_MOV32_IMM(DST, IMM) \
189	((struct bpf_insn) { \
190	.code = BPF_ALU | BPF_MOV | BPF_K, \
191	.dst_reg = DST, \
192	.src_reg = 0, \
193	.off = 0, \
194	.imm = IMM })
195
196	/* Short form of movsx, dst_reg = (s8,s16,s32)src_reg */
197
198	#define BPF_MOVSX64_REG(DST, SRC, OFF) \
199	((struct bpf_insn) { \
200	.code = BPF_ALU64 | BPF_MOV | BPF_X, \
201	.dst_reg = DST, \
202	.src_reg = SRC, \
203	.off = OFF, \
204	.imm = 0 })
205
206	#define BPF_MOVSX32_REG(DST, SRC, OFF) \
207	((struct bpf_insn) { \
208	.code = BPF_ALU | BPF_MOV | BPF_X, \
209	.dst_reg = DST, \
210	.src_reg = SRC, \
211	.off = OFF, \
212	.imm = 0 })
213
214	/* Special form of mov32, used for doing explicit zero extension on dst. */
215	#define BPF_ZEXT_REG(DST) \
216	((struct bpf_insn) { \
217	.code = BPF_ALU | BPF_MOV | BPF_X, \
218	.dst_reg = DST, \
219	.src_reg = DST, \
220	.off = 0, \
221	.imm = 1 })
222
223	static inline bool insn_is_zext(const struct bpf_insn *insn)
224	{
225	return insn->code == (BPF_ALU | BPF_MOV | BPF_X) && insn->imm == 1;
226	}
227
228	/* BPF_LD_IMM64 macro encodes single 'load 64-bit immediate' insn */
229	#define BPF_LD_IMM64(DST, IMM) \
230	BPF_LD_IMM64_RAW(DST, 0, IMM)
231
232	#define BPF_LD_IMM64_RAW(DST, SRC, IMM) \
233	((struct bpf_insn) { \
234	.code = BPF_LD | BPF_DW | BPF_IMM, \
235	.dst_reg = DST, \
236	.src_reg = SRC, \
237	.off = 0, \
238	.imm = (__u32) (IMM) }), \
239	((struct bpf_insn) { \
240	.code = 0, /* zero is reserved opcode */ \
241	.dst_reg = 0, \
242	.src_reg = 0, \
243	.off = 0, \
244	.imm = ((__u64) (IMM)) >> 32 })
245
246	/* pseudo BPF_LD_IMM64 insn used to refer to process-local map_fd */
247	#define BPF_LD_MAP_FD(DST, MAP_FD) \
248	BPF_LD_IMM64_RAW(DST, BPF_PSEUDO_MAP_FD, MAP_FD)
249
250	/* Short form of mov based on type, BPF_X: dst_reg = src_reg, BPF_K: dst_reg = imm32 */
251
252	#define BPF_MOV64_RAW(TYPE, DST, SRC, IMM) \
253	((struct bpf_insn) { \
254	.code = BPF_ALU64 | BPF_MOV | BPF_SRC(TYPE), \
255	.dst_reg = DST, \
256	.src_reg = SRC, \
257	.off = 0, \
258	.imm = IMM })
259
260	#define BPF_MOV32_RAW(TYPE, DST, SRC, IMM) \
261	((struct bpf_insn) { \
262	.code = BPF_ALU | BPF_MOV | BPF_SRC(TYPE), \
263	.dst_reg = DST, \
264	.src_reg = SRC, \
265	.off = 0, \
266	.imm = IMM })
267
268	/* Direct packet access, R0 = *(uint *) (skb->data + imm32) */
269
270	#define BPF_LD_ABS(SIZE, IMM) \
271	((struct bpf_insn) { \
272	.code = BPF_LD | BPF_SIZE(SIZE) | BPF_ABS, \
273	.dst_reg = 0, \
274	.src_reg = 0, \
275	.off = 0, \
276	.imm = IMM })
277
278	/* Indirect packet access, R0 = *(uint *) (skb->data + src_reg + imm32) */
279
280	#define BPF_LD_IND(SIZE, SRC, IMM) \
281	((struct bpf_insn) { \
282	.code = BPF_LD | BPF_SIZE(SIZE) | BPF_IND, \
283	.dst_reg = 0, \
284	.src_reg = SRC, \
285	.off = 0, \
286	.imm = IMM })
287
288	/* Memory load, dst_reg = *(uint *) (src_reg + off16) */
289
290	#define BPF_LDX_MEM(SIZE, DST, SRC, OFF) \
291	((struct bpf_insn) { \
292	.code = BPF_LDX | BPF_SIZE(SIZE) | BPF_MEM, \
293	.dst_reg = DST, \
294	.src_reg = SRC, \
295	.off = OFF, \
296	.imm = 0 })
297
298	/* Memory load, dst_reg = *(signed size *) (src_reg + off16) */
299
300	#define BPF_LDX_MEMSX(SIZE, DST, SRC, OFF) \
301	((struct bpf_insn) { \
302	.code = BPF_LDX | BPF_SIZE(SIZE) | BPF_MEMSX, \
303	.dst_reg = DST, \
304	.src_reg = SRC, \
305	.off = OFF, \
306	.imm = 0 })
307
308	/* Memory store, *(uint *) (dst_reg + off16) = src_reg */
309
310	#define BPF_STX_MEM(SIZE, DST, SRC, OFF) \
311	((struct bpf_insn) { \
312	.code = BPF_STX | BPF_SIZE(SIZE) | BPF_MEM, \
313	.dst_reg = DST, \
314	.src_reg = SRC, \
315	.off = OFF, \
316	.imm = 0 })
317
318
319	/*
320	* Atomic operations:
321	*
322	* BPF_ADD *(uint *) (dst_reg + off16) += src_reg
323	* BPF_AND *(uint *) (dst_reg + off16) &= src_reg
324	* BPF_OR *(uint *) (dst_reg + off16) |= src_reg
325	* BPF_XOR *(uint *) (dst_reg + off16) ^= src_reg
326	* BPF_ADD | BPF_FETCH src_reg = atomic_fetch_add(dst_reg + off16, src_reg);
327	* BPF_AND | BPF_FETCH src_reg = atomic_fetch_and(dst_reg + off16, src_reg);
328	* BPF_OR | BPF_FETCH src_reg = atomic_fetch_or(dst_reg + off16, src_reg);
329	* BPF_XOR | BPF_FETCH src_reg = atomic_fetch_xor(dst_reg + off16, src_reg);
330	* BPF_XCHG src_reg = atomic_xchg(dst_reg + off16, src_reg)
331	* BPF_CMPXCHG r0 = atomic_cmpxchg(dst_reg + off16, r0, src_reg)
332	*/
333
334	#define BPF_ATOMIC_OP(SIZE, OP, DST, SRC, OFF) \
335	((struct bpf_insn) { \
336	.code = BPF_STX | BPF_SIZE(SIZE) | BPF_ATOMIC, \
337	.dst_reg = DST, \
338	.src_reg = SRC, \
339	.off = OFF, \
340	.imm = OP })
341
342	/* Legacy alias */
343	#define BPF_STX_XADD(SIZE, DST, SRC, OFF) BPF_ATOMIC_OP(SIZE, BPF_ADD, DST, SRC, OFF)
344
345	/* Memory store, *(uint *) (dst_reg + off16) = imm32 */
346
347	#define BPF_ST_MEM(SIZE, DST, OFF, IMM) \
348	((struct bpf_insn) { \
349	.code = BPF_ST | BPF_SIZE(SIZE) | BPF_MEM, \
350	.dst_reg = DST, \
351	.src_reg = 0, \
352	.off = OFF, \
353	.imm = IMM })
354
355	/* Conditional jumps against registers, if (dst_reg 'op' src_reg) goto pc + off16 */
356
357	#define BPF_JMP_REG(OP, DST, SRC, OFF) \
358	((struct bpf_insn) { \
359	.code = BPF_JMP | BPF_OP(OP) | BPF_X, \
360	.dst_reg = DST, \
361	.src_reg = SRC, \
362	.off = OFF, \
363	.imm = 0 })
364
365	/* Conditional jumps against immediates, if (dst_reg 'op' imm32) goto pc + off16 */
366
367	#define BPF_JMP_IMM(OP, DST, IMM, OFF) \
368	((struct bpf_insn) { \
369	.code = BPF_JMP | BPF_OP(OP) | BPF_K, \
370	.dst_reg = DST, \
371	.src_reg = 0, \
372	.off = OFF, \
373	.imm = IMM })
374
375	/* Like BPF_JMP_REG, but with 32-bit wide operands for comparison. */
376
377	#define BPF_JMP32_REG(OP, DST, SRC, OFF) \
378	((struct bpf_insn) { \
379	.code = BPF_JMP32 | BPF_OP(OP) | BPF_X, \
380	.dst_reg = DST, \
381	.src_reg = SRC, \
382	.off = OFF, \
383	.imm = 0 })
384
385	/* Like BPF_JMP_IMM, but with 32-bit wide operands for comparison. */
386
387	#define BPF_JMP32_IMM(OP, DST, IMM, OFF) \
388	((struct bpf_insn) { \
389	.code = BPF_JMP32 | BPF_OP(OP) | BPF_K, \
390	.dst_reg = DST, \
391	.src_reg = 0, \
392	.off = OFF, \
393	.imm = IMM })
394
395	/* Unconditional jumps, goto pc + off16 */
396
397	#define BPF_JMP_A(OFF) \
398	((struct bpf_insn) { \
399	.code = BPF_JMP | BPF_JA, \
400	.dst_reg = 0, \
401	.src_reg = 0, \
402	.off = OFF, \
403	.imm = 0 })
404
405	/* Relative call */
406
407	#define BPF_CALL_REL(TGT) \
408	((struct bpf_insn) { \
409	.code = BPF_JMP | BPF_CALL, \
410	.dst_reg = 0, \
411	.src_reg = BPF_PSEUDO_CALL, \
412	.off = 0, \
413	.imm = TGT })
414
415	/* Convert function address to BPF immediate */
416
417	#define BPF_CALL_IMM(x) ((void *)(x) - (void *)__bpf_call_base)
418
419	#define BPF_EMIT_CALL(FUNC) \
420	((struct bpf_insn) { \
421	.code = BPF_JMP | BPF_CALL, \
422	.dst_reg = 0, \
423	.src_reg = 0, \
424	.off = 0, \
425	.imm = BPF_CALL_IMM(FUNC) })
426
427	/* Raw code statement block */
428
429	#define BPF_RAW_INSN(CODE, DST, SRC, OFF, IMM) \
430	((struct bpf_insn) { \
431	.code = CODE, \
432	.dst_reg = DST, \
433	.src_reg = SRC, \
434	.off = OFF, \
435	.imm = IMM })
436
437	/* Program exit */
438
439	#define BPF_EXIT_INSN() \
440	((struct bpf_insn) { \
441	.code = BPF_JMP | BPF_EXIT, \
442	.dst_reg = 0, \
443	.src_reg = 0, \
444	.off = 0, \
445	.imm = 0 })
446
447	/* Speculation barrier */
448
449	#define BPF_ST_NOSPEC() \
450	((struct bpf_insn) { \
451	.code = BPF_ST | BPF_NOSPEC, \
452	.dst_reg = 0, \
453	.src_reg = 0, \
454	.off = 0, \
455	.imm = 0 })
456
457	/* Internal classic blocks for direct assignment */
458
459	#define __BPF_STMT(CODE, K) \
460	((struct sock_filter) BPF_STMT(CODE, K))
461
462	#define __BPF_JUMP(CODE, K, JT, JF) \
463	((struct sock_filter) BPF_JUMP(CODE, K, JT, JF))
464
465	#define bytes_to_bpf_size(bytes) \
466	({ \
467	int bpf_size = -EINVAL; \
468	\
469	if (bytes == sizeof(u8)) \
470	bpf_size = BPF_B; \
471	else if (bytes == sizeof(u16)) \
472	bpf_size = BPF_H; \
473	else if (bytes == sizeof(u32)) \
474	bpf_size = BPF_W; \
475	else if (bytes == sizeof(u64)) \
476	bpf_size = BPF_DW; \
477	\
478	bpf_size; \
479	})
480
481	#define bpf_size_to_bytes(bpf_size) \
482	({ \
483	int bytes = -EINVAL; \
484	\
485	if (bpf_size == BPF_B) \
486	bytes = sizeof(u8); \
487	else if (bpf_size == BPF_H) \
488	bytes = sizeof(u16); \
489	else if (bpf_size == BPF_W) \
490	bytes = sizeof(u32); \
491	else if (bpf_size == BPF_DW) \
492	bytes = sizeof(u64); \
493	\
494	bytes; \
495	})
496
497	#define BPF_SIZEOF(type) \
498	({ \
499	const int __size = bytes_to_bpf_size(sizeof(type)); \
500	BUILD_BUG_ON(__size < 0); \
501	__size; \
502	})
503
504	#define BPF_FIELD_SIZEOF(type, field) \
505	({ \
506	const int __size = bytes_to_bpf_size(sizeof_field(type, field)); \
507	BUILD_BUG_ON(__size < 0); \
508	__size; \
509	})
510
511	#define BPF_LDST_BYTES(insn) \
512	({ \
513	const int __size = bpf_size_to_bytes(BPF_SIZE((insn)->code)); \
514	WARN_ON(__size < 0); \
515	__size; \
516	})
517
518	#define __BPF_MAP_0(m, v, ...) v
519	#define __BPF_MAP_1(m, v, t, a, ...) m(t, a)
520	#define __BPF_MAP_2(m, v, t, a, ...) m(t, a), __BPF_MAP_1(m, v, __VA_ARGS__)
521	#define __BPF_MAP_3(m, v, t, a, ...) m(t, a), __BPF_MAP_2(m, v, __VA_ARGS__)
522	#define __BPF_MAP_4(m, v, t, a, ...) m(t, a), __BPF_MAP_3(m, v, __VA_ARGS__)
523	#define __BPF_MAP_5(m, v, t, a, ...) m(t, a), __BPF_MAP_4(m, v, __VA_ARGS__)
524
525	#define __BPF_REG_0(...) __BPF_PAD(5)
526	#define __BPF_REG_1(...) __BPF_MAP(1, __VA_ARGS__), __BPF_PAD(4)
527	#define __BPF_REG_2(...) __BPF_MAP(2, __VA_ARGS__), __BPF_PAD(3)
528	#define __BPF_REG_3(...) __BPF_MAP(3, __VA_ARGS__), __BPF_PAD(2)
529	#define __BPF_REG_4(...) __BPF_MAP(4, __VA_ARGS__), __BPF_PAD(1)
530	#define __BPF_REG_5(...) __BPF_MAP(5, __VA_ARGS__)
531
532	#define __BPF_MAP(n, ...) __BPF_MAP_##n(__VA_ARGS__)
533	#define __BPF_REG(n, ...) __BPF_REG_##n(__VA_ARGS__)
534
535	#define __BPF_CAST(t, a) \
536	(__force t) \
537	(__force \
538	typeof(__builtin_choose_expr(sizeof(t) == sizeof(unsigned long), \
539	(unsigned long)0, (t)0))) a
540	#define __BPF_V void
541	#define __BPF_N
542
543	#define __BPF_DECL_ARGS(t, a) t a
544	#define __BPF_DECL_REGS(t, a) u64 a
545
546	#define __BPF_PAD(n) \
547	__BPF_MAP(n, __BPF_DECL_ARGS, __BPF_N, u64, __ur_1, u64, __ur_2, \
548	u64, __ur_3, u64, __ur_4, u64, __ur_5)
549
550	#define BPF_CALL_x(x, name, ...) \
551	static __always_inline \
552	u64 ____##name(__BPF_MAP(x, __BPF_DECL_ARGS, __BPF_V, __VA_ARGS__)); \
553	typedef u64 (*btf_##name)(__BPF_MAP(x, __BPF_DECL_ARGS, __BPF_V, __VA_ARGS__)); \
554	u64 name(__BPF_REG(x, __BPF_DECL_REGS, __BPF_N, __VA_ARGS__)); \
555	u64 name(__BPF_REG(x, __BPF_DECL_REGS, __BPF_N, __VA_ARGS__)) \
556	{ \
557	return ((btf_##name)____##name)(__BPF_MAP(x,__BPF_CAST,__BPF_N,__VA_ARGS__));\
558	} \
559	static __always_inline \
560	u64 ____##name(__BPF_MAP(x, __BPF_DECL_ARGS, __BPF_V, __VA_ARGS__))
561
562	#define BPF_CALL_0(name, ...) BPF_CALL_x(0, name, __VA_ARGS__)
563	#define BPF_CALL_1(name, ...) BPF_CALL_x(1, name, __VA_ARGS__)
564	#define BPF_CALL_2(name, ...) BPF_CALL_x(2, name, __VA_ARGS__)
565	#define BPF_CALL_3(name, ...) BPF_CALL_x(3, name, __VA_ARGS__)
566	#define BPF_CALL_4(name, ...) BPF_CALL_x(4, name, __VA_ARGS__)
567	#define BPF_CALL_5(name, ...) BPF_CALL_x(5, name, __VA_ARGS__)
568
569	#define bpf_ctx_range(TYPE, MEMBER) \
570	offsetof(TYPE, MEMBER) ... offsetofend(TYPE, MEMBER) - 1
571	#define bpf_ctx_range_till(TYPE, MEMBER1, MEMBER2) \
572	offsetof(TYPE, MEMBER1) ... offsetofend(TYPE, MEMBER2) - 1
573	#if BITS_PER_LONG == 64
574	# define bpf_ctx_range_ptr(TYPE, MEMBER) \
575	offsetof(TYPE, MEMBER) ... offsetofend(TYPE, MEMBER) - 1
576	#else
577	# define bpf_ctx_range_ptr(TYPE, MEMBER) \
578	offsetof(TYPE, MEMBER) ... offsetof(TYPE, MEMBER) + 8 - 1
579	#endif /* BITS_PER_LONG == 64 */
580
581	#define bpf_target_off(TYPE, MEMBER, SIZE, PTR_SIZE) \
582	({ \
583	BUILD_BUG_ON(sizeof_field(TYPE, MEMBER) != (SIZE)); \
584	*(PTR_SIZE) = (SIZE); \
585	offsetof(TYPE, MEMBER); \
586	})
587
588	/* A struct sock_filter is architecture independent. */
589	struct compat_sock_fprog {
590	u16 len;
591	compat_uptr_t filter; /* struct sock_filter * */
592	};
593
594	struct sock_fprog_kern {
595	u16 len;
596	struct sock_filter *filter;
597	};
598
599	/* Some arches need doubleword alignment for their instructions and/or data */
600	#define BPF_IMAGE_ALIGNMENT 8
601
602	struct bpf_binary_header {
603	u32 size;
604	u8 image[] __aligned(BPF_IMAGE_ALIGNMENT);
605	};
606
607	struct bpf_prog_stats {
608	u64_stats_t cnt;
609	u64_stats_t nsecs;
610	u64_stats_t misses;
611	struct u64_stats_sync syncp;
612	} __aligned(2 * sizeof(u64));
613
614	struct sk_filter {
615	refcount_t refcnt;
616	struct rcu_head rcu;
617	struct bpf_prog *prog;
618	};
619
620	DECLARE_STATIC_KEY_FALSE(bpf_stats_enabled_key);
621
622	extern struct mutex nf_conn_btf_access_lock;
623	extern int (*nfct_btf_struct_access)(struct bpf_verifier_log *log,
624	const struct bpf_reg_state *reg,
625	int off, int size);
626
627	typedef unsigned int (*bpf_dispatcher_fn)(const void *ctx,
628	const struct bpf_insn *insnsi,
629	unsigned int (*bpf_func)(const void *,
630	const struct bpf_insn *));
631
632	static __always_inline u32 __bpf_prog_run(const struct bpf_prog *prog,
633	const void *ctx,
634	bpf_dispatcher_fn dfunc)
635	{
636	u32 ret;
637
638	cant_migrate();
639	if (static_branch_unlikely(&bpf_stats_enabled_key)) {
640	struct bpf_prog_stats *stats;
641	u64 start = sched_clock();
642	unsigned long flags;
643
644	ret = dfunc(ctx, prog->insnsi, prog->bpf_func);
645	stats = this_cpu_ptr(prog->stats);
646	flags = u64_stats_update_begin_irqsave(syncp: &stats->syncp);
647	u64_stats_inc(p: &stats->cnt);
648	u64_stats_add(p: &stats->nsecs, val: sched_clock() - start);
649	u64_stats_update_end_irqrestore(syncp: &stats->syncp, flags);
650	} else {
651	ret = dfunc(ctx, prog->insnsi, prog->bpf_func);
652	}
653	return ret;
654	}
655
656	static __always_inline u32 bpf_prog_run(const struct bpf_prog *prog, const void *ctx)
657	{
658	return __bpf_prog_run(prog, ctx, dfunc: bpf_dispatcher_nop_func);
659	}
660
661	/*
662	* Use in preemptible and therefore migratable context to make sure that
663	* the execution of the BPF program runs on one CPU.
664	*
665	* This uses migrate_disable/enable() explicitly to document that the
666	* invocation of a BPF program does not require reentrancy protection
667	* against a BPF program which is invoked from a preempting task.
668	*/
669	static inline u32 bpf_prog_run_pin_on_cpu(const struct bpf_prog *prog,
670	const void *ctx)
671	{
672	u32 ret;
673
674	migrate_disable();
675	ret = bpf_prog_run(prog, ctx);
676	migrate_enable();
677	return ret;
678	}
679
680	#define BPF_SKB_CB_LEN QDISC_CB_PRIV_LEN
681
682	struct bpf_skb_data_end {
683	struct qdisc_skb_cb qdisc_cb;
684	void *data_meta;
685	void *data_end;
686	};
687
688	struct bpf_nh_params {
689	u32 nh_family;
690	union {
691	u32 ipv4_nh;
692	struct in6_addr ipv6_nh;
693	};
694	};
695
696	struct bpf_redirect_info {
697	u64 tgt_index;
698	void *tgt_value;
699	struct bpf_map *map;
700	u32 flags;
701	u32 kern_flags;
702	u32 map_id;
703	enum bpf_map_type map_type;
704	struct bpf_nh_params nh;
705	};
706
707	DECLARE_PER_CPU(struct bpf_redirect_info, bpf_redirect_info);
708
709	/* flags for bpf_redirect_info kern_flags */
710	#define BPF_RI_F_RF_NO_DIRECT BIT(0) /* no napi_direct on return_frame */
711
712	/* Compute the linear packet data range [data, data_end) which
713	* will be accessed by various program types (cls_bpf, act_bpf,
714	* lwt, ...). Subsystems allowing direct data access must (!)
715	* ensure that cb[] area can be written to when BPF program is
716	* invoked (otherwise cb[] save/restore is necessary).
717	*/
718	static inline void bpf_compute_data_pointers(struct sk_buff *skb)
719	{
720	struct bpf_skb_data_end *cb = (struct bpf_skb_data_end *)skb->cb;
721
722	BUILD_BUG_ON(sizeof(*cb) > sizeof_field(struct sk_buff, cb));
723	cb->data_meta = skb->data - skb_metadata_len(skb);
724	cb->data_end = skb->data + skb_headlen(skb);
725	}
726
727	/* Similar to bpf_compute_data_pointers(), except that save orginal
728	* data in cb->data and cb->meta_data for restore.
729	*/
730	static inline void bpf_compute_and_save_data_end(
731	struct sk_buff *skb, void **saved_data_end)
732	{
733	struct bpf_skb_data_end *cb = (struct bpf_skb_data_end *)skb->cb;
734
735	*saved_data_end = cb->data_end;
736	cb->data_end = skb->data + skb_headlen(skb);
737	}
738
739	/* Restore data saved by bpf_compute_and_save_data_end(). */
740	static inline void bpf_restore_data_end(
741	struct sk_buff *skb, void *saved_data_end)
742	{
743	struct bpf_skb_data_end *cb = (struct bpf_skb_data_end *)skb->cb;
744
745	cb->data_end = saved_data_end;
746	}
747
748	static inline u8 *bpf_skb_cb(const struct sk_buff *skb)
749	{
750	/* eBPF programs may read/write skb->cb[] area to transfer meta
751	* data between tail calls. Since this also needs to work with
752	* tc, that scratch memory is mapped to qdisc_skb_cb's data area.
753	*
754	* In some socket filter cases, the cb unfortunately needs to be
755	* saved/restored so that protocol specific skb->cb[] data won't
756	* be lost. In any case, due to unpriviledged eBPF programs
757	* attached to sockets, we need to clear the bpf_skb_cb() area
758	* to not leak previous contents to user space.
759	*/
760	BUILD_BUG_ON(sizeof_field(struct __sk_buff, cb) != BPF_SKB_CB_LEN);
761	BUILD_BUG_ON(sizeof_field(struct __sk_buff, cb) !=
762	sizeof_field(struct qdisc_skb_cb, data));
763
764	return qdisc_skb_cb(skb)->data;
765	}
766
767	/* Must be invoked with migration disabled */
768	static inline u32 __bpf_prog_run_save_cb(const struct bpf_prog *prog,
769	const void *ctx)
770	{
771	const struct sk_buff *skb = ctx;
772	u8 *cb_data = bpf_skb_cb(skb);
773	u8 cb_saved[BPF_SKB_CB_LEN];
774	u32 res;
775
776	if (unlikely(prog->cb_access)) {
777	memcpy(cb_saved, cb_data, sizeof(cb_saved));
778	memset(cb_data, 0, sizeof(cb_saved));
779	}
780
781	res = bpf_prog_run(prog, ctx: skb);
782
783	if (unlikely(prog->cb_access))
784	memcpy(cb_data, cb_saved, sizeof(cb_saved));
785
786	return res;
787	}
788
789	static inline u32 bpf_prog_run_save_cb(const struct bpf_prog *prog,
790	struct sk_buff *skb)
791	{
792	u32 res;
793
794	migrate_disable();
795	res = __bpf_prog_run_save_cb(prog, ctx: skb);
796	migrate_enable();
797	return res;
798	}
799
800	static inline u32 bpf_prog_run_clear_cb(const struct bpf_prog *prog,
801	struct sk_buff *skb)
802	{
803	u8 *cb_data = bpf_skb_cb(skb);
804	u32 res;
805
806	if (unlikely(prog->cb_access))
807	memset(cb_data, 0, BPF_SKB_CB_LEN);
808
809	res = bpf_prog_run_pin_on_cpu(prog, ctx: skb);
810	return res;
811	}
812
813	DECLARE_BPF_DISPATCHER(xdp)
814
815	DECLARE_STATIC_KEY_FALSE(bpf_master_redirect_enabled_key);
816
817	u32 xdp_master_redirect(struct xdp_buff *xdp);
818
819	void bpf_prog_change_xdp(struct bpf_prog *prev_prog, struct bpf_prog *prog);
820
821	static inline u32 bpf_prog_insn_size(const struct bpf_prog *prog)
822	{
823	return prog->len * sizeof(struct bpf_insn);
824	}
825
826	static inline u32 bpf_prog_tag_scratch_size(const struct bpf_prog *prog)
827	{
828	return round_up(bpf_prog_insn_size(prog) +
829	sizeof(__be64) + 1, SHA1_BLOCK_SIZE);
830	}
831
832	static inline unsigned int bpf_prog_size(unsigned int proglen)
833	{
834	return max(sizeof(struct bpf_prog),
835	offsetof(struct bpf_prog, insns[proglen]));
836	}
837
838	static inline bool bpf_prog_was_classic(const struct bpf_prog *prog)
839	{
840	/* When classic BPF programs have been loaded and the arch
841	* does not have a classic BPF JIT (anymore), they have been
842	* converted via bpf_migrate_filter() to eBPF and thus always
843	* have an unspec program type.
844	*/
845	return prog->type == BPF_PROG_TYPE_UNSPEC;
846	}
847
848	static inline u32 bpf_ctx_off_adjust_machine(u32 size)
849	{
850	const u32 size_machine = sizeof(unsigned long);
851
852	if (size > size_machine && size % size_machine == 0)
853	size = size_machine;
854
855	return size;
856	}
857
858	static inline bool
859	bpf_ctx_narrow_access_ok(u32 off, u32 size, u32 size_default)
860	{
861	return size <= size_default && (size & (size - 1)) == 0;
862	}
863
864	static inline u8
865	bpf_ctx_narrow_access_offset(u32 off, u32 size, u32 size_default)
866	{
867	u8 access_off = off & (size_default - 1);
868
869	#ifdef __LITTLE_ENDIAN
870	return access_off;
871	#else
872	return size_default - (access_off + size);
873	#endif
874	}
875
876	#define bpf_ctx_wide_access_ok(off, size, type, field) \
877	(size == sizeof(__u64) && \
878	off >= offsetof(type, field) && \
879	off + sizeof(__u64) <= offsetofend(type, field) && \
880	off % sizeof(__u64) == 0)
881
882	#define bpf_classic_proglen(fprog) (fprog->len * sizeof(fprog->filter[0]))
883
884	static inline void bpf_prog_lock_ro(struct bpf_prog *fp)
885	{
886	#ifndef CONFIG_BPF_JIT_ALWAYS_ON
887	if (!fp->jited) {
888	set_vm_flush_reset_perms(fp);
889	set_memory_ro((unsigned long)fp, fp->pages);
890	}
891	#endif
892	}
893
894	static inline void bpf_jit_binary_lock_ro(struct bpf_binary_header *hdr)
895	{
896	set_vm_flush_reset_perms(hdr);
897	set_memory_rox(addr: (unsigned long)hdr, numpages: hdr->size >> PAGE_SHIFT);
898	}
899
900	int sk_filter_trim_cap(struct sock *sk, struct sk_buff *skb, unsigned int cap);
901	static inline int sk_filter(struct sock *sk, struct sk_buff *skb)
902	{
903	return sk_filter_trim_cap(sk, skb, cap: 1);
904	}
905
906	struct bpf_prog *bpf_prog_select_runtime(struct bpf_prog *fp, int *err);
907	void bpf_prog_free(struct bpf_prog *fp);
908
909	bool bpf_opcode_in_insntable(u8 code);
910
911	void bpf_prog_fill_jited_linfo(struct bpf_prog *prog,
912	const u32 *insn_to_jit_off);
913	int bpf_prog_alloc_jited_linfo(struct bpf_prog *prog);
914	void bpf_prog_jit_attempt_done(struct bpf_prog *prog);
915
916	struct bpf_prog *bpf_prog_alloc(unsigned int size, gfp_t gfp_extra_flags);
917	struct bpf_prog *bpf_prog_alloc_no_stats(unsigned int size, gfp_t gfp_extra_flags);
918	struct bpf_prog *bpf_prog_realloc(struct bpf_prog *fp_old, unsigned int size,
919	gfp_t gfp_extra_flags);
920	void __bpf_prog_free(struct bpf_prog *fp);
921
922	static inline void bpf_prog_unlock_free(struct bpf_prog *fp)
923	{
924	__bpf_prog_free(fp);
925	}
926
927	typedef int (*bpf_aux_classic_check_t)(struct sock_filter *filter,
928	unsigned int flen);
929
930	int bpf_prog_create(struct bpf_prog **pfp, struct sock_fprog_kern *fprog);
931	int bpf_prog_create_from_user(struct bpf_prog **pfp, struct sock_fprog *fprog,
932	bpf_aux_classic_check_t trans, bool save_orig);
933	void bpf_prog_destroy(struct bpf_prog *fp);
934
935	int sk_attach_filter(struct sock_fprog *fprog, struct sock *sk);
936	int sk_attach_bpf(u32 ufd, struct sock *sk);
937	int sk_reuseport_attach_filter(struct sock_fprog *fprog, struct sock *sk);
938	int sk_reuseport_attach_bpf(u32 ufd, struct sock *sk);
939	void sk_reuseport_prog_free(struct bpf_prog *prog);
940	int sk_detach_filter(struct sock *sk);
941	int sk_get_filter(struct sock *sk, sockptr_t optval, unsigned int len);
942
943	bool sk_filter_charge(struct sock *sk, struct sk_filter *fp);
944	void sk_filter_uncharge(struct sock *sk, struct sk_filter *fp);
945
946	u64 __bpf_call_base(u64 r1, u64 r2, u64 r3, u64 r4, u64 r5);
947	#define __bpf_call_base_args \
948	((u64 (*)(u64, u64, u64, u64, u64, const struct bpf_insn *)) \
949	(void *)__bpf_call_base)
950
951	struct bpf_prog *bpf_int_jit_compile(struct bpf_prog *prog);
952	void bpf_jit_compile(struct bpf_prog *prog);
953	bool bpf_jit_needs_zext(void);
954	bool bpf_jit_supports_subprog_tailcalls(void);
955	bool bpf_jit_supports_kfunc_call(void);
956	bool bpf_jit_supports_far_kfunc_call(void);
957	bool bpf_jit_supports_exceptions(void);
958	void arch_bpf_stack_walk(bool (*consume_fn)(void *cookie, u64 ip, u64 sp, u64 bp), void *cookie);
959	bool bpf_helper_changes_pkt_data(void *func);
960
961	static inline bool bpf_dump_raw_ok(const struct cred *cred)
962	{
963	/* Reconstruction of call-sites is dependent on kallsyms,
964	* thus make dump the same restriction.
965	*/
966	return kallsyms_show_value(cred);
967	}
968
969	struct bpf_prog *bpf_patch_insn_single(struct bpf_prog *prog, u32 off,
970	const struct bpf_insn *patch, u32 len);
971	int bpf_remove_insns(struct bpf_prog *prog, u32 off, u32 cnt);
972
973	void bpf_clear_redirect_map(struct bpf_map *map);
974
975	static inline bool xdp_return_frame_no_direct(void)
976	{
977	struct bpf_redirect_info *ri = this_cpu_ptr(&bpf_redirect_info);
978
979	return ri->kern_flags & BPF_RI_F_RF_NO_DIRECT;
980	}
981
982	static inline void xdp_set_return_frame_no_direct(void)
983	{
984	struct bpf_redirect_info *ri = this_cpu_ptr(&bpf_redirect_info);
985
986	ri->kern_flags |= BPF_RI_F_RF_NO_DIRECT;
987	}
988
989	static inline void xdp_clear_return_frame_no_direct(void)
990	{
991	struct bpf_redirect_info *ri = this_cpu_ptr(&bpf_redirect_info);
992
993	ri->kern_flags &= ~BPF_RI_F_RF_NO_DIRECT;
994	}
995
996	static inline int xdp_ok_fwd_dev(const struct net_device *fwd,
997	unsigned int pktlen)
998	{
999	unsigned int len;
1000
1001	if (unlikely(!(fwd->flags & IFF_UP)))
1002	return -ENETDOWN;
1003
1004	len = fwd->mtu + fwd->hard_header_len + VLAN_HLEN;
1005	if (pktlen > len)
1006	return -EMSGSIZE;
1007
1008	return 0;
1009	}
1010
1011	/* The pair of xdp_do_redirect and xdp_do_flush MUST be called in the
1012	* same cpu context. Further for best results no more than a single map
1013	* for the do_redirect/do_flush pair should be used. This limitation is
1014	* because we only track one map and force a flush when the map changes.
1015	* This does not appear to be a real limitation for existing software.
1016	*/
1017	int xdp_do_generic_redirect(struct net_device *dev, struct sk_buff *skb,
1018	struct xdp_buff *xdp, struct bpf_prog *prog);
1019	int xdp_do_redirect(struct net_device *dev,
1020	struct xdp_buff *xdp,
1021	struct bpf_prog *prog);
1022	int xdp_do_redirect_frame(struct net_device *dev,
1023	struct xdp_buff *xdp,
1024	struct xdp_frame *xdpf,
1025	struct bpf_prog *prog);
1026	void xdp_do_flush(void);
1027
1028	void bpf_warn_invalid_xdp_action(struct net_device *dev, struct bpf_prog *prog, u32 act);
1029
1030	#ifdef CONFIG_INET
1031	struct sock *bpf_run_sk_reuseport(struct sock_reuseport *reuse, struct sock *sk,
1032	struct bpf_prog *prog, struct sk_buff *skb,
1033	struct sock *migrating_sk,
1034	u32 hash);
1035	#else
1036	static inline struct sock *
1037	bpf_run_sk_reuseport(struct sock_reuseport *reuse, struct sock *sk,
1038	struct bpf_prog *prog, struct sk_buff *skb,
1039	struct sock *migrating_sk,
1040	u32 hash)
1041	{
1042	return NULL;
1043	}
1044	#endif
1045
1046	#ifdef CONFIG_BPF_JIT
1047	extern int bpf_jit_enable;
1048	extern int bpf_jit_harden;
1049	extern int bpf_jit_kallsyms;
1050	extern long bpf_jit_limit;
1051	extern long bpf_jit_limit_max;
1052
1053	typedef void (*bpf_jit_fill_hole_t)(void *area, unsigned int size);
1054
1055	void bpf_jit_fill_hole_with_zero(void *area, unsigned int size);
1056
1057	struct bpf_binary_header *
1058	bpf_jit_binary_alloc(unsigned int proglen, u8 **image_ptr,
1059	unsigned int alignment,
1060	bpf_jit_fill_hole_t bpf_fill_ill_insns);
1061	void bpf_jit_binary_free(struct bpf_binary_header *hdr);
1062	u64 bpf_jit_alloc_exec_limit(void);
1063	void *bpf_jit_alloc_exec(unsigned long size);
1064	void bpf_jit_free_exec(void *addr);
1065	void bpf_jit_free(struct bpf_prog *fp);
1066	struct bpf_binary_header *
1067	bpf_jit_binary_pack_hdr(const struct bpf_prog *fp);
1068
1069	void *bpf_prog_pack_alloc(u32 size, bpf_jit_fill_hole_t bpf_fill_ill_insns);
1070	void bpf_prog_pack_free(struct bpf_binary_header *hdr);
1071
1072	static inline bool bpf_prog_kallsyms_verify_off(const struct bpf_prog *fp)
1073	{
1074	return list_empty(head: &fp->aux->ksym.lnode) ||
1075	fp->aux->ksym.lnode.prev == LIST_POISON2;
1076	}
1077
1078	struct bpf_binary_header *
1079	bpf_jit_binary_pack_alloc(unsigned int proglen, u8 **ro_image,
1080	unsigned int alignment,
1081	struct bpf_binary_header **rw_hdr,
1082	u8 **rw_image,
1083	bpf_jit_fill_hole_t bpf_fill_ill_insns);
1084	int bpf_jit_binary_pack_finalize(struct bpf_prog *prog,
1085	struct bpf_binary_header *ro_header,
1086	struct bpf_binary_header *rw_header);
1087	void bpf_jit_binary_pack_free(struct bpf_binary_header *ro_header,
1088	struct bpf_binary_header *rw_header);
1089
1090	int bpf_jit_add_poke_descriptor(struct bpf_prog *prog,
1091	struct bpf_jit_poke_descriptor *poke);
1092
1093	int bpf_jit_get_func_addr(const struct bpf_prog *prog,
1094	const struct bpf_insn *insn, bool extra_pass,
1095	u64 *func_addr, bool *func_addr_fixed);
1096
1097	struct bpf_prog *bpf_jit_blind_constants(struct bpf_prog *fp);
1098	void bpf_jit_prog_release_other(struct bpf_prog *fp, struct bpf_prog *fp_other);
1099
1100	static inline void bpf_jit_dump(unsigned int flen, unsigned int proglen,
1101	u32 pass, void *image)
1102	{
1103	pr_err("flen=%u proglen=%u pass=%u image=%pK from=%s pid=%d\n", flen,
1104	proglen, pass, image, current->comm, task_pid_nr(current));
1105
1106	if (image)
1107	print_hex_dump(KERN_ERR, prefix_str: "JIT code: ", prefix_type: DUMP_PREFIX_OFFSET,
1108	rowsize: 16, groupsize: 1, buf: image, len: proglen, ascii: false);
1109	}
1110
1111	static inline bool bpf_jit_is_ebpf(void)
1112	{
1113	# ifdef CONFIG_HAVE_EBPF_JIT
1114	return true;
1115	# else
1116	return false;
1117	# endif
1118	}
1119
1120	static inline bool ebpf_jit_enabled(void)
1121	{
1122	return bpf_jit_enable && bpf_jit_is_ebpf();
1123	}
1124
1125	static inline bool bpf_prog_ebpf_jited(const struct bpf_prog *fp)
1126	{
1127	return fp->jited && bpf_jit_is_ebpf();
1128	}
1129
1130	static inline bool bpf_jit_blinding_enabled(struct bpf_prog *prog)
1131	{
1132	/* These are the prerequisites, should someone ever have the
1133	* idea to call blinding outside of them, we make sure to
1134	* bail out.
1135	*/
1136	if (!bpf_jit_is_ebpf())
1137	return false;
1138	if (!prog->jit_requested)
1139	return false;
1140	if (!bpf_jit_harden)
1141	return false;
1142	if (bpf_jit_harden == 1 && bpf_capable())
1143	return false;
1144
1145	return true;
1146	}
1147
1148	static inline bool bpf_jit_kallsyms_enabled(void)
1149	{
1150	/* There are a couple of corner cases where kallsyms should
1151	* not be enabled f.e. on hardening.
1152	*/
1153	if (bpf_jit_harden)
1154	return false;
1155	if (!bpf_jit_kallsyms)
1156	return false;
1157	if (bpf_jit_kallsyms == 1)
1158	return true;
1159
1160	return false;
1161	}
1162
1163	const char *__bpf_address_lookup(unsigned long addr, unsigned long *size,
1164	unsigned long *off, char *sym);
1165	bool is_bpf_text_address(unsigned long addr);
1166	int bpf_get_kallsym(unsigned int symnum, unsigned long *value, char *type,
1167	char *sym);
1168	struct bpf_prog *bpf_prog_ksym_find(unsigned long addr);
1169
1170	static inline const char *
1171	bpf_address_lookup(unsigned long addr, unsigned long *size,
1172	unsigned long *off, char **modname, char *sym)
1173	{
1174	const char *ret = __bpf_address_lookup(addr, size, off, sym);
1175
1176	if (ret && modname)
1177	*modname = NULL;
1178	return ret;
1179	}
1180
1181	void bpf_prog_kallsyms_add(struct bpf_prog *fp);
1182	void bpf_prog_kallsyms_del(struct bpf_prog *fp);
1183
1184	#else /* CONFIG_BPF_JIT */
1185
1186	static inline bool ebpf_jit_enabled(void)
1187	{
1188	return false;
1189	}
1190
1191	static inline bool bpf_jit_blinding_enabled(struct bpf_prog *prog)
1192	{
1193	return false;
1194	}
1195
1196	static inline bool bpf_prog_ebpf_jited(const struct bpf_prog *fp)
1197	{
1198	return false;
1199	}
1200
1201	static inline int
1202	bpf_jit_add_poke_descriptor(struct bpf_prog *prog,
1203	struct bpf_jit_poke_descriptor *poke)
1204	{
1205	return -ENOTSUPP;
1206	}
1207
1208	static inline void bpf_jit_free(struct bpf_prog *fp)
1209	{
1210	bpf_prog_unlock_free(fp);
1211	}
1212
1213	static inline bool bpf_jit_kallsyms_enabled(void)
1214	{
1215	return false;
1216	}
1217
1218	static inline const char *
1219	__bpf_address_lookup(unsigned long addr, unsigned long *size,
1220	unsigned long *off, char *sym)
1221	{
1222	return NULL;
1223	}
1224
1225	static inline bool is_bpf_text_address(unsigned long addr)
1226	{
1227	return false;
1228	}
1229
1230	static inline int bpf_get_kallsym(unsigned int symnum, unsigned long *value,
1231	char *type, char *sym)
1232	{
1233	return -ERANGE;
1234	}
1235
1236	static inline struct bpf_prog *bpf_prog_ksym_find(unsigned long addr)
1237	{
1238	return NULL;
1239	}
1240
1241	static inline const char *
1242	bpf_address_lookup(unsigned long addr, unsigned long *size,
1243	unsigned long *off, char **modname, char *sym)
1244	{
1245	return NULL;
1246	}
1247
1248	static inline void bpf_prog_kallsyms_add(struct bpf_prog *fp)
1249	{
1250	}
1251
1252	static inline void bpf_prog_kallsyms_del(struct bpf_prog *fp)
1253	{
1254	}
1255
1256	#endif /* CONFIG_BPF_JIT */
1257
1258	void bpf_prog_kallsyms_del_all(struct bpf_prog *fp);
1259
1260	#define BPF_ANC BIT(15)
1261
1262	static inline bool bpf_needs_clear_a(const struct sock_filter *first)
1263	{
1264	switch (first->code) {
1265	case BPF_RET | BPF_K:
1266	case BPF_LD | BPF_W | BPF_LEN:
1267	return false;
1268
1269	case BPF_LD | BPF_W | BPF_ABS:
1270	case BPF_LD | BPF_H | BPF_ABS:
1271	case BPF_LD | BPF_B | BPF_ABS:
1272	if (first->k == SKF_AD_OFF + SKF_AD_ALU_XOR_X)
1273	return true;
1274	return false;
1275
1276	default:
1277	return true;
1278	}
1279	}
1280
1281	static inline u16 bpf_anc_helper(const struct sock_filter *ftest)
1282	{
1283	BUG_ON(ftest->code & BPF_ANC);
1284
1285	switch (ftest->code) {
1286	case BPF_LD | BPF_W | BPF_ABS:
1287	case BPF_LD | BPF_H | BPF_ABS:
1288	case BPF_LD | BPF_B | BPF_ABS:
1289	#define BPF_ANCILLARY(CODE) case SKF_AD_OFF + SKF_AD_##CODE: \
1290	return BPF_ANC | SKF_AD_##CODE
1291	switch (ftest->k) {
1292	BPF_ANCILLARY(PROTOCOL);
1293	BPF_ANCILLARY(PKTTYPE);
1294	BPF_ANCILLARY(IFINDEX);
1295	BPF_ANCILLARY(NLATTR);
1296	BPF_ANCILLARY(NLATTR_NEST);
1297	BPF_ANCILLARY(MARK);
1298	BPF_ANCILLARY(QUEUE);
1299	BPF_ANCILLARY(HATYPE);
1300	BPF_ANCILLARY(RXHASH);
1301	BPF_ANCILLARY(CPU);
1302	BPF_ANCILLARY(ALU_XOR_X);
1303	BPF_ANCILLARY(VLAN_TAG);
1304	BPF_ANCILLARY(VLAN_TAG_PRESENT);
1305	BPF_ANCILLARY(PAY_OFFSET);
1306	BPF_ANCILLARY(RANDOM);
1307	BPF_ANCILLARY(VLAN_TPID);
1308	}
1309	fallthrough;
1310	default:
1311	return ftest->code;
1312	}
1313	}
1314
1315	void *bpf_internal_load_pointer_neg_helper(const struct sk_buff *skb,
1316	int k, unsigned int size);
1317
1318	static inline int bpf_tell_extensions(void)
1319	{
1320	return SKF_AD_MAX;
1321	}
1322
1323	struct bpf_sock_addr_kern {
1324	struct sock *sk;
1325	struct sockaddr *uaddr;
1326	/* Temporary "register" to make indirect stores to nested structures
1327	* defined above. We need three registers to make such a store, but
1328	* only two (src and dst) are available at convert_ctx_access time
1329	*/
1330	u64 tmp_reg;
1331	void *t_ctx; /* Attach type specific context. */
1332	u32 uaddrlen;
1333	};
1334
1335	struct bpf_sock_ops_kern {
1336	struct sock *sk;
1337	union {
1338	u32 args[4];
1339	u32 reply;
1340	u32 replylong[4];
1341	};
1342	struct sk_buff *syn_skb;
1343	struct sk_buff *skb;
1344	void *skb_data_end;
1345	u8 op;
1346	u8 is_fullsock;
1347	u8 remaining_opt_len;
1348	u64 temp; /* temp and everything after is not
1349	* initialized to 0 before calling
1350	* the BPF program. New fields that
1351	* should be initialized to 0 should
1352	* be inserted before temp.
1353	* temp is scratch storage used by
1354	* sock_ops_convert_ctx_access
1355	* as temporary storage of a register.
1356	*/
1357	};
1358
1359	struct bpf_sysctl_kern {
1360	struct ctl_table_header *head;
1361	struct ctl_table *table;
1362	void *cur_val;
1363	size_t cur_len;
1364	void *new_val;
1365	size_t new_len;
1366	int new_updated;
1367	int write;
1368	loff_t *ppos;
1369	/* Temporary "register" for indirect stores to ppos. */
1370	u64 tmp_reg;
1371	};
1372
1373	#define BPF_SOCKOPT_KERN_BUF_SIZE 32
1374	struct bpf_sockopt_buf {
1375	u8 data[BPF_SOCKOPT_KERN_BUF_SIZE];
1376	};
1377
1378	struct bpf_sockopt_kern {
1379	struct sock *sk;
1380	u8 *optval;
1381	u8 *optval_end;
1382	s32 level;
1383	s32 optname;
1384	s32 optlen;
1385	/* for retval in struct bpf_cg_run_ctx */
1386	struct task_struct *current_task;
1387	/* Temporary "register" for indirect stores to ppos. */
1388	u64 tmp_reg;
1389	};
1390
1391	int copy_bpf_fprog_from_user(struct sock_fprog *dst, sockptr_t src, int len);
1392
1393	struct bpf_sk_lookup_kern {
1394	u16 family;
1395	u16 protocol;
1396	__be16 sport;
1397	u16 dport;
1398	struct {
1399	__be32 saddr;
1400	__be32 daddr;
1401	} v4;
1402	struct {
1403	const struct in6_addr *saddr;
1404	const struct in6_addr *daddr;
1405	} v6;
1406	struct sock *selected_sk;
1407	u32 ingress_ifindex;
1408	bool no_reuseport;
1409	};
1410
1411	extern struct static_key_false bpf_sk_lookup_enabled;
1412
1413	/* Runners for BPF_SK_LOOKUP programs to invoke on socket lookup.
1414	*
1415	* Allowed return values for a BPF SK_LOOKUP program are SK_PASS and
1416	* SK_DROP. Their meaning is as follows:
1417	*
1418	* SK_PASS && ctx.selected_sk != NULL: use selected_sk as lookup result
1419	* SK_PASS && ctx.selected_sk == NULL: continue to htable-based socket lookup
1420	* SK_DROP : terminate lookup with -ECONNREFUSED
1421	*
1422	* This macro aggregates return values and selected sockets from
1423	* multiple BPF programs according to following rules in order:
1424	*
1425	* 1. If any program returned SK_PASS and a non-NULL ctx.selected_sk,
1426	* macro result is SK_PASS and last ctx.selected_sk is used.
1427	* 2. If any program returned SK_DROP return value,
1428	* macro result is SK_DROP.
1429	* 3. Otherwise result is SK_PASS and ctx.selected_sk is NULL.
1430	*
1431	* Caller must ensure that the prog array is non-NULL, and that the
1432	* array as well as the programs it contains remain valid.
1433	*/
1434	#define BPF_PROG_SK_LOOKUP_RUN_ARRAY(array, ctx, func) \
1435	({ \
1436	struct bpf_sk_lookup_kern *_ctx = &(ctx); \
1437	struct bpf_prog_array_item *_item; \
1438	struct sock *_selected_sk = NULL; \
1439	bool _no_reuseport = false; \
1440	struct bpf_prog *_prog; \
1441	bool _all_pass = true; \
1442	u32 _ret; \
1443	\
1444	migrate_disable(); \
1445	_item = &(array)->items[0]; \
1446	while ((_prog = READ_ONCE(_item->prog))) { \
1447	/* restore most recent selection */ \
1448	_ctx->selected_sk = _selected_sk; \
1449	_ctx->no_reuseport = _no_reuseport; \
1450	\
1451	_ret = func(_prog, _ctx); \
1452	if (_ret == SK_PASS && _ctx->selected_sk) { \
1453	/* remember last non-NULL socket */ \
1454	_selected_sk = _ctx->selected_sk; \
1455	_no_reuseport = _ctx->no_reuseport; \
1456	} else if (_ret == SK_DROP && _all_pass) { \
1457	_all_pass = false; \
1458	} \
1459	_item++; \
1460	} \
1461	_ctx->selected_sk = _selected_sk; \
1462	_ctx->no_reuseport = _no_reuseport; \
1463	migrate_enable(); \
1464	_all_pass || _selected_sk ? SK_PASS : SK_DROP; \
1465	})
1466
1467	static inline bool bpf_sk_lookup_run_v4(struct net *net, int protocol,
1468	const __be32 saddr, const __be16 sport,
1469	const __be32 daddr, const u16 dport,
1470	const int ifindex, struct sock **psk)
1471	{
1472	struct bpf_prog_array *run_array;
1473	struct sock *selected_sk = NULL;
1474	bool no_reuseport = false;
1475
1476	rcu_read_lock();
1477	run_array = rcu_dereference(net->bpf.run_array[NETNS_BPF_SK_LOOKUP]);
1478	if (run_array) {
1479	struct bpf_sk_lookup_kern ctx = {
1480	.family = AF_INET,
1481	.protocol = protocol,
1482	.v4.saddr = saddr,
1483	.v4.daddr = daddr,
1484	.sport = sport,
1485	.dport = dport,
1486	.ingress_ifindex = ifindex,
1487	};
1488	u32 act;
1489
1490	act = BPF_PROG_SK_LOOKUP_RUN_ARRAY(run_array, ctx, bpf_prog_run);
1491	if (act == SK_PASS) {
1492	selected_sk = ctx.selected_sk;
1493	no_reuseport = ctx.no_reuseport;
1494	} else {
1495	selected_sk = ERR_PTR(error: -ECONNREFUSED);
1496	}
1497	}
1498	rcu_read_unlock();
1499	*psk = selected_sk;
1500	return no_reuseport;
1501	}
1502
1503	#if IS_ENABLED(CONFIG_IPV6)
1504	static inline bool bpf_sk_lookup_run_v6(struct net *net, int protocol,
1505	const struct in6_addr *saddr,
1506	const __be16 sport,
1507	const struct in6_addr *daddr,
1508	const u16 dport,
1509	const int ifindex, struct sock **psk)
1510	{
1511	struct bpf_prog_array *run_array;
1512	struct sock *selected_sk = NULL;
1513	bool no_reuseport = false;
1514
1515	rcu_read_lock();
1516	run_array = rcu_dereference(net->bpf.run_array[NETNS_BPF_SK_LOOKUP]);
1517	if (run_array) {
1518	struct bpf_sk_lookup_kern ctx = {
1519	.family = AF_INET6,
1520	.protocol = protocol,
1521	.v6.saddr = saddr,
1522	.v6.daddr = daddr,
1523	.sport = sport,
1524	.dport = dport,
1525	.ingress_ifindex = ifindex,
1526	};
1527	u32 act;
1528
1529	act = BPF_PROG_SK_LOOKUP_RUN_ARRAY(run_array, ctx, bpf_prog_run);
1530	if (act == SK_PASS) {
1531	selected_sk = ctx.selected_sk;
1532	no_reuseport = ctx.no_reuseport;
1533	} else {
1534	selected_sk = ERR_PTR(error: -ECONNREFUSED);
1535	}
1536	}
1537	rcu_read_unlock();
1538	*psk = selected_sk;
1539	return no_reuseport;
1540	}
1541	#endif /* IS_ENABLED(CONFIG_IPV6) */
1542
1543	static __always_inline long __bpf_xdp_redirect_map(struct bpf_map *map, u64 index,
1544	u64 flags, const u64 flag_mask,
1545	void *lookup_elem(struct bpf_map *map, u32 key))
1546	{
1547	struct bpf_redirect_info *ri = this_cpu_ptr(&bpf_redirect_info);
1548	const u64 action_mask = XDP_ABORTED | XDP_DROP | XDP_PASS | XDP_TX;
1549
1550	/* Lower bits of the flags are used as return code on lookup failure */
1551	if (unlikely(flags & ~(action_mask | flag_mask)))
1552	return XDP_ABORTED;
1553
1554	ri->tgt_value = lookup_elem(map, index);
1555	if (unlikely(!ri->tgt_value) && !(flags & BPF_F_BROADCAST)) {
1556	/* If the lookup fails we want to clear out the state in the
1557	* redirect_info struct completely, so that if an eBPF program
1558	* performs multiple lookups, the last one always takes
1559	* precedence.
1560	*/
1561	ri->map_id = INT_MAX; /* Valid map id idr range: [1,INT_MAX[ */
1562	ri->map_type = BPF_MAP_TYPE_UNSPEC;
1563	return flags & action_mask;
1564	}
1565
1566	ri->tgt_index = index;
1567	ri->map_id = map->id;
1568	ri->map_type = map->map_type;
1569
1570	if (flags & BPF_F_BROADCAST) {
1571	WRITE_ONCE(ri->map, map);
1572	ri->flags = flags;
1573	} else {
1574	WRITE_ONCE(ri->map, NULL);
1575	ri->flags = 0;
1576	}
1577
1578	return XDP_REDIRECT;
1579	}
1580
1581	#ifdef CONFIG_NET
1582	int __bpf_skb_load_bytes(const struct sk_buff *skb, u32 offset, void *to, u32 len);
1583	int __bpf_skb_store_bytes(struct sk_buff *skb, u32 offset, const void *from,
1584	u32 len, u64 flags);
1585	int __bpf_xdp_load_bytes(struct xdp_buff *xdp, u32 offset, void *buf, u32 len);
1586	int __bpf_xdp_store_bytes(struct xdp_buff *xdp, u32 offset, void *buf, u32 len);
1587	void *bpf_xdp_pointer(struct xdp_buff *xdp, u32 offset, u32 len);
1588	void bpf_xdp_copy_buf(struct xdp_buff *xdp, unsigned long off,
1589	void *buf, unsigned long len, bool flush);
1590	#else /* CONFIG_NET */
1591	static inline int __bpf_skb_load_bytes(const struct sk_buff *skb, u32 offset,
1592	void *to, u32 len)
1593	{
1594	return -EOPNOTSUPP;
1595	}
1596
1597	static inline int __bpf_skb_store_bytes(struct sk_buff *skb, u32 offset,
1598	const void *from, u32 len, u64 flags)
1599	{
1600	return -EOPNOTSUPP;
1601	}
1602
1603	static inline int __bpf_xdp_load_bytes(struct xdp_buff *xdp, u32 offset,
1604	void *buf, u32 len)
1605	{
1606	return -EOPNOTSUPP;
1607	}
1608
1609	static inline int __bpf_xdp_store_bytes(struct xdp_buff *xdp, u32 offset,
1610	void *buf, u32 len)
1611	{
1612	return -EOPNOTSUPP;
1613	}
1614
1615	static inline void *bpf_xdp_pointer(struct xdp_buff *xdp, u32 offset, u32 len)
1616	{
1617	return NULL;
1618	}
1619
1620	static inline void bpf_xdp_copy_buf(struct xdp_buff *xdp, unsigned long off, void *buf,
1621	unsigned long len, bool flush)
1622	{
1623	}
1624	#endif /* CONFIG_NET */
1625
1626	#endif /* __LINUX_FILTER_H__ */
1627