1 | // SPDX-License-Identifier: GPL-2.0-or-later |
2 | /* |
3 | * Linux Socket Filter - Kernel level socket filtering |
4 | * |
5 | * Based on the design of the Berkeley Packet Filter. The new |
6 | * internal format has been designed by PLUMgrid: |
7 | * |
8 | * Copyright (c) 2011 - 2014 PLUMgrid, http://plumgrid.com |
9 | * |
10 | * Authors: |
11 | * |
12 | * Jay Schulist <jschlst@samba.org> |
13 | * Alexei Starovoitov <ast@plumgrid.com> |
14 | * Daniel Borkmann <dborkman@redhat.com> |
15 | * |
16 | * Andi Kleen - Fix a few bad bugs and races. |
17 | * Kris Katterjohn - Added many additional checks in bpf_check_classic() |
18 | */ |
19 | |
20 | #include <linux/atomic.h> |
21 | #include <linux/bpf_verifier.h> |
22 | #include <linux/module.h> |
23 | #include <linux/types.h> |
24 | #include <linux/mm.h> |
25 | #include <linux/fcntl.h> |
26 | #include <linux/socket.h> |
27 | #include <linux/sock_diag.h> |
28 | #include <linux/in.h> |
29 | #include <linux/inet.h> |
30 | #include <linux/netdevice.h> |
31 | #include <linux/if_packet.h> |
32 | #include <linux/if_arp.h> |
33 | #include <linux/gfp.h> |
34 | #include <net/inet_common.h> |
35 | #include <net/ip.h> |
36 | #include <net/protocol.h> |
37 | #include <net/netlink.h> |
38 | #include <linux/skbuff.h> |
39 | #include <linux/skmsg.h> |
40 | #include <net/sock.h> |
41 | #include <net/flow_dissector.h> |
42 | #include <linux/errno.h> |
43 | #include <linux/timer.h> |
44 | #include <linux/uaccess.h> |
45 | #include <asm/unaligned.h> |
46 | #include <linux/filter.h> |
47 | #include <linux/ratelimit.h> |
48 | #include <linux/seccomp.h> |
49 | #include <linux/if_vlan.h> |
50 | #include <linux/bpf.h> |
51 | #include <linux/btf.h> |
52 | #include <net/sch_generic.h> |
53 | #include <net/cls_cgroup.h> |
54 | #include <net/dst_metadata.h> |
55 | #include <net/dst.h> |
56 | #include <net/sock_reuseport.h> |
57 | #include <net/busy_poll.h> |
58 | #include <net/tcp.h> |
59 | #include <net/xfrm.h> |
60 | #include <net/udp.h> |
61 | #include <linux/bpf_trace.h> |
62 | #include <net/xdp_sock.h> |
63 | #include <linux/inetdevice.h> |
64 | #include <net/inet_hashtables.h> |
65 | #include <net/inet6_hashtables.h> |
66 | #include <net/ip_fib.h> |
67 | #include <net/nexthop.h> |
68 | #include <net/flow.h> |
69 | #include <net/arp.h> |
70 | #include <net/ipv6.h> |
71 | #include <net/net_namespace.h> |
72 | #include <linux/seg6_local.h> |
73 | #include <net/seg6.h> |
74 | #include <net/seg6_local.h> |
75 | #include <net/lwtunnel.h> |
76 | #include <net/ipv6_stubs.h> |
77 | #include <net/bpf_sk_storage.h> |
78 | #include <net/transp_v6.h> |
79 | #include <linux/btf_ids.h> |
80 | #include <net/tls.h> |
81 | #include <net/xdp.h> |
82 | #include <net/mptcp.h> |
83 | #include <net/netfilter/nf_conntrack_bpf.h> |
84 | #include <linux/un.h> |
85 | |
86 | #include "dev.h" |
87 | |
88 | static const struct bpf_func_proto * |
89 | bpf_sk_base_func_proto(enum bpf_func_id func_id); |
90 | |
91 | int copy_bpf_fprog_from_user(struct sock_fprog *dst, sockptr_t src, int len) |
92 | { |
93 | if (in_compat_syscall()) { |
94 | struct compat_sock_fprog f32; |
95 | |
96 | if (len != sizeof(f32)) |
97 | return -EINVAL; |
98 | if (copy_from_sockptr(dst: &f32, src, size: sizeof(f32))) |
99 | return -EFAULT; |
100 | memset(dst, 0, sizeof(*dst)); |
101 | dst->len = f32.len; |
102 | dst->filter = compat_ptr(uptr: f32.filter); |
103 | } else { |
104 | if (len != sizeof(*dst)) |
105 | return -EINVAL; |
106 | if (copy_from_sockptr(dst, src, size: sizeof(*dst))) |
107 | return -EFAULT; |
108 | } |
109 | |
110 | return 0; |
111 | } |
112 | EXPORT_SYMBOL_GPL(copy_bpf_fprog_from_user); |
113 | |
114 | /** |
115 | * sk_filter_trim_cap - run a packet through a socket filter |
116 | * @sk: sock associated with &sk_buff |
117 | * @skb: buffer to filter |
118 | * @cap: limit on how short the eBPF program may trim the packet |
119 | * |
120 | * Run the eBPF program and then cut skb->data to correct size returned by |
121 | * the program. If pkt_len is 0 we toss packet. If skb->len is smaller |
122 | * than pkt_len we keep whole skb->data. This is the socket level |
123 | * wrapper to bpf_prog_run. It returns 0 if the packet should |
124 | * be accepted or -EPERM if the packet should be tossed. |
125 | * |
126 | */ |
127 | int sk_filter_trim_cap(struct sock *sk, struct sk_buff *skb, unsigned int cap) |
128 | { |
129 | int err; |
130 | struct sk_filter *filter; |
131 | |
132 | /* |
133 | * If the skb was allocated from pfmemalloc reserves, only |
134 | * allow SOCK_MEMALLOC sockets to use it as this socket is |
135 | * helping free memory |
136 | */ |
137 | if (skb_pfmemalloc(skb) && !sock_flag(sk, flag: SOCK_MEMALLOC)) { |
138 | NET_INC_STATS(sock_net(sk), LINUX_MIB_PFMEMALLOCDROP); |
139 | return -ENOMEM; |
140 | } |
141 | err = BPF_CGROUP_RUN_PROG_INET_INGRESS(sk, skb); |
142 | if (err) |
143 | return err; |
144 | |
145 | err = security_sock_rcv_skb(sk, skb); |
146 | if (err) |
147 | return err; |
148 | |
149 | rcu_read_lock(); |
150 | filter = rcu_dereference(sk->sk_filter); |
151 | if (filter) { |
152 | struct sock *save_sk = skb->sk; |
153 | unsigned int pkt_len; |
154 | |
155 | skb->sk = sk; |
156 | pkt_len = bpf_prog_run_save_cb(prog: filter->prog, skb); |
157 | skb->sk = save_sk; |
158 | err = pkt_len ? pskb_trim(skb, max(cap, pkt_len)) : -EPERM; |
159 | } |
160 | rcu_read_unlock(); |
161 | |
162 | return err; |
163 | } |
164 | EXPORT_SYMBOL(sk_filter_trim_cap); |
165 | |
166 | BPF_CALL_1(bpf_skb_get_pay_offset, struct sk_buff *, skb) |
167 | { |
168 | return skb_get_poff(skb); |
169 | } |
170 | |
171 | BPF_CALL_3(bpf_skb_get_nlattr, struct sk_buff *, skb, u32, a, u32, x) |
172 | { |
173 | struct nlattr *nla; |
174 | |
175 | if (skb_is_nonlinear(skb)) |
176 | return 0; |
177 | |
178 | if (skb->len < sizeof(struct nlattr)) |
179 | return 0; |
180 | |
181 | if (a > skb->len - sizeof(struct nlattr)) |
182 | return 0; |
183 | |
184 | nla = nla_find(head: (struct nlattr *) &skb->data[a], len: skb->len - a, attrtype: x); |
185 | if (nla) |
186 | return (void *) nla - (void *) skb->data; |
187 | |
188 | return 0; |
189 | } |
190 | |
191 | BPF_CALL_3(bpf_skb_get_nlattr_nest, struct sk_buff *, skb, u32, a, u32, x) |
192 | { |
193 | struct nlattr *nla; |
194 | |
195 | if (skb_is_nonlinear(skb)) |
196 | return 0; |
197 | |
198 | if (skb->len < sizeof(struct nlattr)) |
199 | return 0; |
200 | |
201 | if (a > skb->len - sizeof(struct nlattr)) |
202 | return 0; |
203 | |
204 | nla = (struct nlattr *) &skb->data[a]; |
205 | if (nla->nla_len > skb->len - a) |
206 | return 0; |
207 | |
208 | nla = nla_find_nested(nla, attrtype: x); |
209 | if (nla) |
210 | return (void *) nla - (void *) skb->data; |
211 | |
212 | return 0; |
213 | } |
214 | |
215 | BPF_CALL_4(bpf_skb_load_helper_8, const struct sk_buff *, skb, const void *, |
216 | data, int, headlen, int, offset) |
217 | { |
218 | u8 tmp, *ptr; |
219 | const int len = sizeof(tmp); |
220 | |
221 | if (offset >= 0) { |
222 | if (headlen - offset >= len) |
223 | return *(u8 *)(data + offset); |
224 | if (!skb_copy_bits(skb, offset, to: &tmp, len: sizeof(tmp))) |
225 | return tmp; |
226 | } else { |
227 | ptr = bpf_internal_load_pointer_neg_helper(skb, k: offset, size: len); |
228 | if (likely(ptr)) |
229 | return *(u8 *)ptr; |
230 | } |
231 | |
232 | return -EFAULT; |
233 | } |
234 | |
235 | BPF_CALL_2(bpf_skb_load_helper_8_no_cache, const struct sk_buff *, skb, |
236 | int, offset) |
237 | { |
238 | return ____bpf_skb_load_helper_8(skb, data: skb->data, headlen: skb->len - skb->data_len, |
239 | offset); |
240 | } |
241 | |
242 | BPF_CALL_4(bpf_skb_load_helper_16, const struct sk_buff *, skb, const void *, |
243 | data, int, headlen, int, offset) |
244 | { |
245 | __be16 tmp, *ptr; |
246 | const int len = sizeof(tmp); |
247 | |
248 | if (offset >= 0) { |
249 | if (headlen - offset >= len) |
250 | return get_unaligned_be16(p: data + offset); |
251 | if (!skb_copy_bits(skb, offset, to: &tmp, len: sizeof(tmp))) |
252 | return be16_to_cpu(tmp); |
253 | } else { |
254 | ptr = bpf_internal_load_pointer_neg_helper(skb, k: offset, size: len); |
255 | if (likely(ptr)) |
256 | return get_unaligned_be16(p: ptr); |
257 | } |
258 | |
259 | return -EFAULT; |
260 | } |
261 | |
262 | BPF_CALL_2(bpf_skb_load_helper_16_no_cache, const struct sk_buff *, skb, |
263 | int, offset) |
264 | { |
265 | return ____bpf_skb_load_helper_16(skb, data: skb->data, headlen: skb->len - skb->data_len, |
266 | offset); |
267 | } |
268 | |
269 | BPF_CALL_4(bpf_skb_load_helper_32, const struct sk_buff *, skb, const void *, |
270 | data, int, headlen, int, offset) |
271 | { |
272 | __be32 tmp, *ptr; |
273 | const int len = sizeof(tmp); |
274 | |
275 | if (likely(offset >= 0)) { |
276 | if (headlen - offset >= len) |
277 | return get_unaligned_be32(p: data + offset); |
278 | if (!skb_copy_bits(skb, offset, to: &tmp, len: sizeof(tmp))) |
279 | return be32_to_cpu(tmp); |
280 | } else { |
281 | ptr = bpf_internal_load_pointer_neg_helper(skb, k: offset, size: len); |
282 | if (likely(ptr)) |
283 | return get_unaligned_be32(p: ptr); |
284 | } |
285 | |
286 | return -EFAULT; |
287 | } |
288 | |
289 | BPF_CALL_2(bpf_skb_load_helper_32_no_cache, const struct sk_buff *, skb, |
290 | int, offset) |
291 | { |
292 | return ____bpf_skb_load_helper_32(skb, data: skb->data, headlen: skb->len - skb->data_len, |
293 | offset); |
294 | } |
295 | |
296 | static u32 convert_skb_access(int skb_field, int dst_reg, int src_reg, |
297 | struct bpf_insn *insn_buf) |
298 | { |
299 | struct bpf_insn *insn = insn_buf; |
300 | |
301 | switch (skb_field) { |
302 | case SKF_AD_MARK: |
303 | BUILD_BUG_ON(sizeof_field(struct sk_buff, mark) != 4); |
304 | |
305 | *insn++ = BPF_LDX_MEM(BPF_W, dst_reg, src_reg, |
306 | offsetof(struct sk_buff, mark)); |
307 | break; |
308 | |
309 | case SKF_AD_PKTTYPE: |
310 | *insn++ = BPF_LDX_MEM(BPF_B, dst_reg, src_reg, PKT_TYPE_OFFSET); |
311 | *insn++ = BPF_ALU32_IMM(BPF_AND, dst_reg, PKT_TYPE_MAX); |
312 | #ifdef __BIG_ENDIAN_BITFIELD |
313 | *insn++ = BPF_ALU32_IMM(BPF_RSH, dst_reg, 5); |
314 | #endif |
315 | break; |
316 | |
317 | case SKF_AD_QUEUE: |
318 | BUILD_BUG_ON(sizeof_field(struct sk_buff, queue_mapping) != 2); |
319 | |
320 | *insn++ = BPF_LDX_MEM(BPF_H, dst_reg, src_reg, |
321 | offsetof(struct sk_buff, queue_mapping)); |
322 | break; |
323 | |
324 | case SKF_AD_VLAN_TAG: |
325 | BUILD_BUG_ON(sizeof_field(struct sk_buff, vlan_tci) != 2); |
326 | |
327 | /* dst_reg = *(u16 *) (src_reg + offsetof(vlan_tci)) */ |
328 | *insn++ = BPF_LDX_MEM(BPF_H, dst_reg, src_reg, |
329 | offsetof(struct sk_buff, vlan_tci)); |
330 | break; |
331 | case SKF_AD_VLAN_TAG_PRESENT: |
332 | BUILD_BUG_ON(sizeof_field(struct sk_buff, vlan_all) != 4); |
333 | *insn++ = BPF_LDX_MEM(BPF_W, dst_reg, src_reg, |
334 | offsetof(struct sk_buff, vlan_all)); |
335 | *insn++ = BPF_JMP_IMM(BPF_JEQ, dst_reg, 0, 1); |
336 | *insn++ = BPF_ALU32_IMM(BPF_MOV, dst_reg, 1); |
337 | break; |
338 | } |
339 | |
340 | return insn - insn_buf; |
341 | } |
342 | |
343 | static bool convert_bpf_extensions(struct sock_filter *fp, |
344 | struct bpf_insn **insnp) |
345 | { |
346 | struct bpf_insn *insn = *insnp; |
347 | u32 cnt; |
348 | |
349 | switch (fp->k) { |
350 | case SKF_AD_OFF + SKF_AD_PROTOCOL: |
351 | BUILD_BUG_ON(sizeof_field(struct sk_buff, protocol) != 2); |
352 | |
353 | /* A = *(u16 *) (CTX + offsetof(protocol)) */ |
354 | *insn++ = BPF_LDX_MEM(BPF_H, BPF_REG_A, BPF_REG_CTX, |
355 | offsetof(struct sk_buff, protocol)); |
356 | /* A = ntohs(A) [emitting a nop or swap16] */ |
357 | *insn = BPF_ENDIAN(BPF_FROM_BE, BPF_REG_A, 16); |
358 | break; |
359 | |
360 | case SKF_AD_OFF + SKF_AD_PKTTYPE: |
361 | cnt = convert_skb_access(SKF_AD_PKTTYPE, BPF_REG_A, BPF_REG_CTX, insn_buf: insn); |
362 | insn += cnt - 1; |
363 | break; |
364 | |
365 | case SKF_AD_OFF + SKF_AD_IFINDEX: |
366 | case SKF_AD_OFF + SKF_AD_HATYPE: |
367 | BUILD_BUG_ON(sizeof_field(struct net_device, ifindex) != 4); |
368 | BUILD_BUG_ON(sizeof_field(struct net_device, type) != 2); |
369 | |
370 | *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct sk_buff, dev), |
371 | BPF_REG_TMP, BPF_REG_CTX, |
372 | offsetof(struct sk_buff, dev)); |
373 | /* if (tmp != 0) goto pc + 1 */ |
374 | *insn++ = BPF_JMP_IMM(BPF_JNE, BPF_REG_TMP, 0, 1); |
375 | *insn++ = BPF_EXIT_INSN(); |
376 | if (fp->k == SKF_AD_OFF + SKF_AD_IFINDEX) |
377 | *insn = BPF_LDX_MEM(BPF_W, BPF_REG_A, BPF_REG_TMP, |
378 | offsetof(struct net_device, ifindex)); |
379 | else |
380 | *insn = BPF_LDX_MEM(BPF_H, BPF_REG_A, BPF_REG_TMP, |
381 | offsetof(struct net_device, type)); |
382 | break; |
383 | |
384 | case SKF_AD_OFF + SKF_AD_MARK: |
385 | cnt = convert_skb_access(SKF_AD_MARK, BPF_REG_A, BPF_REG_CTX, insn_buf: insn); |
386 | insn += cnt - 1; |
387 | break; |
388 | |
389 | case SKF_AD_OFF + SKF_AD_RXHASH: |
390 | BUILD_BUG_ON(sizeof_field(struct sk_buff, hash) != 4); |
391 | |
392 | *insn = BPF_LDX_MEM(BPF_W, BPF_REG_A, BPF_REG_CTX, |
393 | offsetof(struct sk_buff, hash)); |
394 | break; |
395 | |
396 | case SKF_AD_OFF + SKF_AD_QUEUE: |
397 | cnt = convert_skb_access(SKF_AD_QUEUE, BPF_REG_A, BPF_REG_CTX, insn_buf: insn); |
398 | insn += cnt - 1; |
399 | break; |
400 | |
401 | case SKF_AD_OFF + SKF_AD_VLAN_TAG: |
402 | cnt = convert_skb_access(SKF_AD_VLAN_TAG, |
403 | BPF_REG_A, BPF_REG_CTX, insn_buf: insn); |
404 | insn += cnt - 1; |
405 | break; |
406 | |
407 | case SKF_AD_OFF + SKF_AD_VLAN_TAG_PRESENT: |
408 | cnt = convert_skb_access(SKF_AD_VLAN_TAG_PRESENT, |
409 | BPF_REG_A, BPF_REG_CTX, insn_buf: insn); |
410 | insn += cnt - 1; |
411 | break; |
412 | |
413 | case SKF_AD_OFF + SKF_AD_VLAN_TPID: |
414 | BUILD_BUG_ON(sizeof_field(struct sk_buff, vlan_proto) != 2); |
415 | |
416 | /* A = *(u16 *) (CTX + offsetof(vlan_proto)) */ |
417 | *insn++ = BPF_LDX_MEM(BPF_H, BPF_REG_A, BPF_REG_CTX, |
418 | offsetof(struct sk_buff, vlan_proto)); |
419 | /* A = ntohs(A) [emitting a nop or swap16] */ |
420 | *insn = BPF_ENDIAN(BPF_FROM_BE, BPF_REG_A, 16); |
421 | break; |
422 | |
423 | case SKF_AD_OFF + SKF_AD_PAY_OFFSET: |
424 | case SKF_AD_OFF + SKF_AD_NLATTR: |
425 | case SKF_AD_OFF + SKF_AD_NLATTR_NEST: |
426 | case SKF_AD_OFF + SKF_AD_CPU: |
427 | case SKF_AD_OFF + SKF_AD_RANDOM: |
428 | /* arg1 = CTX */ |
429 | *insn++ = BPF_MOV64_REG(BPF_REG_ARG1, BPF_REG_CTX); |
430 | /* arg2 = A */ |
431 | *insn++ = BPF_MOV64_REG(BPF_REG_ARG2, BPF_REG_A); |
432 | /* arg3 = X */ |
433 | *insn++ = BPF_MOV64_REG(BPF_REG_ARG3, BPF_REG_X); |
434 | /* Emit call(arg1=CTX, arg2=A, arg3=X) */ |
435 | switch (fp->k) { |
436 | case SKF_AD_OFF + SKF_AD_PAY_OFFSET: |
437 | *insn = BPF_EMIT_CALL(bpf_skb_get_pay_offset); |
438 | break; |
439 | case SKF_AD_OFF + SKF_AD_NLATTR: |
440 | *insn = BPF_EMIT_CALL(bpf_skb_get_nlattr); |
441 | break; |
442 | case SKF_AD_OFF + SKF_AD_NLATTR_NEST: |
443 | *insn = BPF_EMIT_CALL(bpf_skb_get_nlattr_nest); |
444 | break; |
445 | case SKF_AD_OFF + SKF_AD_CPU: |
446 | *insn = BPF_EMIT_CALL(bpf_get_raw_cpu_id); |
447 | break; |
448 | case SKF_AD_OFF + SKF_AD_RANDOM: |
449 | *insn = BPF_EMIT_CALL(bpf_user_rnd_u32); |
450 | bpf_user_rnd_init_once(); |
451 | break; |
452 | } |
453 | break; |
454 | |
455 | case SKF_AD_OFF + SKF_AD_ALU_XOR_X: |
456 | /* A ^= X */ |
457 | *insn = BPF_ALU32_REG(BPF_XOR, BPF_REG_A, BPF_REG_X); |
458 | break; |
459 | |
460 | default: |
461 | /* This is just a dummy call to avoid letting the compiler |
462 | * evict __bpf_call_base() as an optimization. Placed here |
463 | * where no-one bothers. |
464 | */ |
465 | BUG_ON(__bpf_call_base(0, 0, 0, 0, 0) != 0); |
466 | return false; |
467 | } |
468 | |
469 | *insnp = insn; |
470 | return true; |
471 | } |
472 | |
473 | static bool convert_bpf_ld_abs(struct sock_filter *fp, struct bpf_insn **insnp) |
474 | { |
475 | const bool unaligned_ok = IS_BUILTIN(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS); |
476 | int size = bpf_size_to_bytes(BPF_SIZE(fp->code)); |
477 | bool endian = BPF_SIZE(fp->code) == BPF_H || |
478 | BPF_SIZE(fp->code) == BPF_W; |
479 | bool indirect = BPF_MODE(fp->code) == BPF_IND; |
480 | const int ip_align = NET_IP_ALIGN; |
481 | struct bpf_insn *insn = *insnp; |
482 | int offset = fp->k; |
483 | |
484 | if (!indirect && |
485 | ((unaligned_ok && offset >= 0) || |
486 | (!unaligned_ok && offset >= 0 && |
487 | offset + ip_align >= 0 && |
488 | offset + ip_align % size == 0))) { |
489 | bool ldx_off_ok = offset <= S16_MAX; |
490 | |
491 | *insn++ = BPF_MOV64_REG(BPF_REG_TMP, BPF_REG_H); |
492 | if (offset) |
493 | *insn++ = BPF_ALU64_IMM(BPF_SUB, BPF_REG_TMP, offset); |
494 | *insn++ = BPF_JMP_IMM(BPF_JSLT, BPF_REG_TMP, |
495 | size, 2 + endian + (!ldx_off_ok * 2)); |
496 | if (ldx_off_ok) { |
497 | *insn++ = BPF_LDX_MEM(BPF_SIZE(fp->code), BPF_REG_A, |
498 | BPF_REG_D, offset); |
499 | } else { |
500 | *insn++ = BPF_MOV64_REG(BPF_REG_TMP, BPF_REG_D); |
501 | *insn++ = BPF_ALU64_IMM(BPF_ADD, BPF_REG_TMP, offset); |
502 | *insn++ = BPF_LDX_MEM(BPF_SIZE(fp->code), BPF_REG_A, |
503 | BPF_REG_TMP, 0); |
504 | } |
505 | if (endian) |
506 | *insn++ = BPF_ENDIAN(BPF_FROM_BE, BPF_REG_A, size * 8); |
507 | *insn++ = BPF_JMP_A(8); |
508 | } |
509 | |
510 | *insn++ = BPF_MOV64_REG(BPF_REG_ARG1, BPF_REG_CTX); |
511 | *insn++ = BPF_MOV64_REG(BPF_REG_ARG2, BPF_REG_D); |
512 | *insn++ = BPF_MOV64_REG(BPF_REG_ARG3, BPF_REG_H); |
513 | if (!indirect) { |
514 | *insn++ = BPF_MOV64_IMM(BPF_REG_ARG4, offset); |
515 | } else { |
516 | *insn++ = BPF_MOV64_REG(BPF_REG_ARG4, BPF_REG_X); |
517 | if (fp->k) |
518 | *insn++ = BPF_ALU64_IMM(BPF_ADD, BPF_REG_ARG4, offset); |
519 | } |
520 | |
521 | switch (BPF_SIZE(fp->code)) { |
522 | case BPF_B: |
523 | *insn++ = BPF_EMIT_CALL(bpf_skb_load_helper_8); |
524 | break; |
525 | case BPF_H: |
526 | *insn++ = BPF_EMIT_CALL(bpf_skb_load_helper_16); |
527 | break; |
528 | case BPF_W: |
529 | *insn++ = BPF_EMIT_CALL(bpf_skb_load_helper_32); |
530 | break; |
531 | default: |
532 | return false; |
533 | } |
534 | |
535 | *insn++ = BPF_JMP_IMM(BPF_JSGE, BPF_REG_A, 0, 2); |
536 | *insn++ = BPF_ALU32_REG(BPF_XOR, BPF_REG_A, BPF_REG_A); |
537 | *insn = BPF_EXIT_INSN(); |
538 | |
539 | *insnp = insn; |
540 | return true; |
541 | } |
542 | |
543 | /** |
544 | * bpf_convert_filter - convert filter program |
545 | * @prog: the user passed filter program |
546 | * @len: the length of the user passed filter program |
547 | * @new_prog: allocated 'struct bpf_prog' or NULL |
548 | * @new_len: pointer to store length of converted program |
549 | * @seen_ld_abs: bool whether we've seen ld_abs/ind |
550 | * |
551 | * Remap 'sock_filter' style classic BPF (cBPF) instruction set to 'bpf_insn' |
552 | * style extended BPF (eBPF). |
553 | * Conversion workflow: |
554 | * |
555 | * 1) First pass for calculating the new program length: |
556 | * bpf_convert_filter(old_prog, old_len, NULL, &new_len, &seen_ld_abs) |
557 | * |
558 | * 2) 2nd pass to remap in two passes: 1st pass finds new |
559 | * jump offsets, 2nd pass remapping: |
560 | * bpf_convert_filter(old_prog, old_len, new_prog, &new_len, &seen_ld_abs) |
561 | */ |
562 | static int bpf_convert_filter(struct sock_filter *prog, int len, |
563 | struct bpf_prog *new_prog, int *new_len, |
564 | bool *seen_ld_abs) |
565 | { |
566 | int new_flen = 0, pass = 0, target, i, stack_off; |
567 | struct bpf_insn *new_insn, *first_insn = NULL; |
568 | struct sock_filter *fp; |
569 | int *addrs = NULL; |
570 | u8 bpf_src; |
571 | |
572 | BUILD_BUG_ON(BPF_MEMWORDS * sizeof(u32) > MAX_BPF_STACK); |
573 | BUILD_BUG_ON(BPF_REG_FP + 1 != MAX_BPF_REG); |
574 | |
575 | if (len <= 0 || len > BPF_MAXINSNS) |
576 | return -EINVAL; |
577 | |
578 | if (new_prog) { |
579 | first_insn = new_prog->insnsi; |
580 | addrs = kcalloc(n: len, size: sizeof(*addrs), |
581 | GFP_KERNEL | __GFP_NOWARN); |
582 | if (!addrs) |
583 | return -ENOMEM; |
584 | } |
585 | |
586 | do_pass: |
587 | new_insn = first_insn; |
588 | fp = prog; |
589 | |
590 | /* Classic BPF related prologue emission. */ |
591 | if (new_prog) { |
592 | /* Classic BPF expects A and X to be reset first. These need |
593 | * to be guaranteed to be the first two instructions. |
594 | */ |
595 | *new_insn++ = BPF_ALU32_REG(BPF_XOR, BPF_REG_A, BPF_REG_A); |
596 | *new_insn++ = BPF_ALU32_REG(BPF_XOR, BPF_REG_X, BPF_REG_X); |
597 | |
598 | /* All programs must keep CTX in callee saved BPF_REG_CTX. |
599 | * In eBPF case it's done by the compiler, here we need to |
600 | * do this ourself. Initial CTX is present in BPF_REG_ARG1. |
601 | */ |
602 | *new_insn++ = BPF_MOV64_REG(BPF_REG_CTX, BPF_REG_ARG1); |
603 | if (*seen_ld_abs) { |
604 | /* For packet access in classic BPF, cache skb->data |
605 | * in callee-saved BPF R8 and skb->len - skb->data_len |
606 | * (headlen) in BPF R9. Since classic BPF is read-only |
607 | * on CTX, we only need to cache it once. |
608 | */ |
609 | *new_insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct sk_buff, data), |
610 | BPF_REG_D, BPF_REG_CTX, |
611 | offsetof(struct sk_buff, data)); |
612 | *new_insn++ = BPF_LDX_MEM(BPF_W, BPF_REG_H, BPF_REG_CTX, |
613 | offsetof(struct sk_buff, len)); |
614 | *new_insn++ = BPF_LDX_MEM(BPF_W, BPF_REG_TMP, BPF_REG_CTX, |
615 | offsetof(struct sk_buff, data_len)); |
616 | *new_insn++ = BPF_ALU32_REG(BPF_SUB, BPF_REG_H, BPF_REG_TMP); |
617 | } |
618 | } else { |
619 | new_insn += 3; |
620 | } |
621 | |
622 | for (i = 0; i < len; fp++, i++) { |
623 | struct bpf_insn tmp_insns[32] = { }; |
624 | struct bpf_insn *insn = tmp_insns; |
625 | |
626 | if (addrs) |
627 | addrs[i] = new_insn - first_insn; |
628 | |
629 | switch (fp->code) { |
630 | /* All arithmetic insns and skb loads map as-is. */ |
631 | case BPF_ALU | BPF_ADD | BPF_X: |
632 | case BPF_ALU | BPF_ADD | BPF_K: |
633 | case BPF_ALU | BPF_SUB | BPF_X: |
634 | case BPF_ALU | BPF_SUB | BPF_K: |
635 | case BPF_ALU | BPF_AND | BPF_X: |
636 | case BPF_ALU | BPF_AND | BPF_K: |
637 | case BPF_ALU | BPF_OR | BPF_X: |
638 | case BPF_ALU | BPF_OR | BPF_K: |
639 | case BPF_ALU | BPF_LSH | BPF_X: |
640 | case BPF_ALU | BPF_LSH | BPF_K: |
641 | case BPF_ALU | BPF_RSH | BPF_X: |
642 | case BPF_ALU | BPF_RSH | BPF_K: |
643 | case BPF_ALU | BPF_XOR | BPF_X: |
644 | case BPF_ALU | BPF_XOR | BPF_K: |
645 | case BPF_ALU | BPF_MUL | BPF_X: |
646 | case BPF_ALU | BPF_MUL | BPF_K: |
647 | case BPF_ALU | BPF_DIV | BPF_X: |
648 | case BPF_ALU | BPF_DIV | BPF_K: |
649 | case BPF_ALU | BPF_MOD | BPF_X: |
650 | case BPF_ALU | BPF_MOD | BPF_K: |
651 | case BPF_ALU | BPF_NEG: |
652 | case BPF_LD | BPF_ABS | BPF_W: |
653 | case BPF_LD | BPF_ABS | BPF_H: |
654 | case BPF_LD | BPF_ABS | BPF_B: |
655 | case BPF_LD | BPF_IND | BPF_W: |
656 | case BPF_LD | BPF_IND | BPF_H: |
657 | case BPF_LD | BPF_IND | BPF_B: |
658 | /* Check for overloaded BPF extension and |
659 | * directly convert it if found, otherwise |
660 | * just move on with mapping. |
661 | */ |
662 | if (BPF_CLASS(fp->code) == BPF_LD && |
663 | BPF_MODE(fp->code) == BPF_ABS && |
664 | convert_bpf_extensions(fp, insnp: &insn)) |
665 | break; |
666 | if (BPF_CLASS(fp->code) == BPF_LD && |
667 | convert_bpf_ld_abs(fp, insnp: &insn)) { |
668 | *seen_ld_abs = true; |
669 | break; |
670 | } |
671 | |
672 | if (fp->code == (BPF_ALU | BPF_DIV | BPF_X) || |
673 | fp->code == (BPF_ALU | BPF_MOD | BPF_X)) { |
674 | *insn++ = BPF_MOV32_REG(BPF_REG_X, BPF_REG_X); |
675 | /* Error with exception code on div/mod by 0. |
676 | * For cBPF programs, this was always return 0. |
677 | */ |
678 | *insn++ = BPF_JMP_IMM(BPF_JNE, BPF_REG_X, 0, 2); |
679 | *insn++ = BPF_ALU32_REG(BPF_XOR, BPF_REG_A, BPF_REG_A); |
680 | *insn++ = BPF_EXIT_INSN(); |
681 | } |
682 | |
683 | *insn = BPF_RAW_INSN(fp->code, BPF_REG_A, BPF_REG_X, 0, fp->k); |
684 | break; |
685 | |
686 | /* Jump transformation cannot use BPF block macros |
687 | * everywhere as offset calculation and target updates |
688 | * require a bit more work than the rest, i.e. jump |
689 | * opcodes map as-is, but offsets need adjustment. |
690 | */ |
691 | |
692 | #define BPF_EMIT_JMP \ |
693 | do { \ |
694 | const s32 off_min = S16_MIN, off_max = S16_MAX; \ |
695 | s32 off; \ |
696 | \ |
697 | if (target >= len || target < 0) \ |
698 | goto err; \ |
699 | off = addrs ? addrs[target] - addrs[i] - 1 : 0; \ |
700 | /* Adjust pc relative offset for 2nd or 3rd insn. */ \ |
701 | off -= insn - tmp_insns; \ |
702 | /* Reject anything not fitting into insn->off. */ \ |
703 | if (off < off_min || off > off_max) \ |
704 | goto err; \ |
705 | insn->off = off; \ |
706 | } while (0) |
707 | |
708 | case BPF_JMP | BPF_JA: |
709 | target = i + fp->k + 1; |
710 | insn->code = fp->code; |
711 | BPF_EMIT_JMP; |
712 | break; |
713 | |
714 | case BPF_JMP | BPF_JEQ | BPF_K: |
715 | case BPF_JMP | BPF_JEQ | BPF_X: |
716 | case BPF_JMP | BPF_JSET | BPF_K: |
717 | case BPF_JMP | BPF_JSET | BPF_X: |
718 | case BPF_JMP | BPF_JGT | BPF_K: |
719 | case BPF_JMP | BPF_JGT | BPF_X: |
720 | case BPF_JMP | BPF_JGE | BPF_K: |
721 | case BPF_JMP | BPF_JGE | BPF_X: |
722 | if (BPF_SRC(fp->code) == BPF_K && (int) fp->k < 0) { |
723 | /* BPF immediates are signed, zero extend |
724 | * immediate into tmp register and use it |
725 | * in compare insn. |
726 | */ |
727 | *insn++ = BPF_MOV32_IMM(BPF_REG_TMP, fp->k); |
728 | |
729 | insn->dst_reg = BPF_REG_A; |
730 | insn->src_reg = BPF_REG_TMP; |
731 | bpf_src = BPF_X; |
732 | } else { |
733 | insn->dst_reg = BPF_REG_A; |
734 | insn->imm = fp->k; |
735 | bpf_src = BPF_SRC(fp->code); |
736 | insn->src_reg = bpf_src == BPF_X ? BPF_REG_X : 0; |
737 | } |
738 | |
739 | /* Common case where 'jump_false' is next insn. */ |
740 | if (fp->jf == 0) { |
741 | insn->code = BPF_JMP | BPF_OP(fp->code) | bpf_src; |
742 | target = i + fp->jt + 1; |
743 | BPF_EMIT_JMP; |
744 | break; |
745 | } |
746 | |
747 | /* Convert some jumps when 'jump_true' is next insn. */ |
748 | if (fp->jt == 0) { |
749 | switch (BPF_OP(fp->code)) { |
750 | case BPF_JEQ: |
751 | insn->code = BPF_JMP | BPF_JNE | bpf_src; |
752 | break; |
753 | case BPF_JGT: |
754 | insn->code = BPF_JMP | BPF_JLE | bpf_src; |
755 | break; |
756 | case BPF_JGE: |
757 | insn->code = BPF_JMP | BPF_JLT | bpf_src; |
758 | break; |
759 | default: |
760 | goto jmp_rest; |
761 | } |
762 | |
763 | target = i + fp->jf + 1; |
764 | BPF_EMIT_JMP; |
765 | break; |
766 | } |
767 | jmp_rest: |
768 | /* Other jumps are mapped into two insns: Jxx and JA. */ |
769 | target = i + fp->jt + 1; |
770 | insn->code = BPF_JMP | BPF_OP(fp->code) | bpf_src; |
771 | BPF_EMIT_JMP; |
772 | insn++; |
773 | |
774 | insn->code = BPF_JMP | BPF_JA; |
775 | target = i + fp->jf + 1; |
776 | BPF_EMIT_JMP; |
777 | break; |
778 | |
779 | /* ldxb 4 * ([14] & 0xf) is remaped into 6 insns. */ |
780 | case BPF_LDX | BPF_MSH | BPF_B: { |
781 | struct sock_filter tmp = { |
782 | .code = BPF_LD | BPF_ABS | BPF_B, |
783 | .k = fp->k, |
784 | }; |
785 | |
786 | *seen_ld_abs = true; |
787 | |
788 | /* X = A */ |
789 | *insn++ = BPF_MOV64_REG(BPF_REG_X, BPF_REG_A); |
790 | /* A = BPF_R0 = *(u8 *) (skb->data + K) */ |
791 | convert_bpf_ld_abs(fp: &tmp, insnp: &insn); |
792 | insn++; |
793 | /* A &= 0xf */ |
794 | *insn++ = BPF_ALU32_IMM(BPF_AND, BPF_REG_A, 0xf); |
795 | /* A <<= 2 */ |
796 | *insn++ = BPF_ALU32_IMM(BPF_LSH, BPF_REG_A, 2); |
797 | /* tmp = X */ |
798 | *insn++ = BPF_MOV64_REG(BPF_REG_TMP, BPF_REG_X); |
799 | /* X = A */ |
800 | *insn++ = BPF_MOV64_REG(BPF_REG_X, BPF_REG_A); |
801 | /* A = tmp */ |
802 | *insn = BPF_MOV64_REG(BPF_REG_A, BPF_REG_TMP); |
803 | break; |
804 | } |
805 | /* RET_K is remaped into 2 insns. RET_A case doesn't need an |
806 | * extra mov as BPF_REG_0 is already mapped into BPF_REG_A. |
807 | */ |
808 | case BPF_RET | BPF_A: |
809 | case BPF_RET | BPF_K: |
810 | if (BPF_RVAL(fp->code) == BPF_K) |
811 | *insn++ = BPF_MOV32_RAW(BPF_K, BPF_REG_0, |
812 | 0, fp->k); |
813 | *insn = BPF_EXIT_INSN(); |
814 | break; |
815 | |
816 | /* Store to stack. */ |
817 | case BPF_ST: |
818 | case BPF_STX: |
819 | stack_off = fp->k * 4 + 4; |
820 | *insn = BPF_STX_MEM(BPF_W, BPF_REG_FP, BPF_CLASS(fp->code) == |
821 | BPF_ST ? BPF_REG_A : BPF_REG_X, |
822 | -stack_off); |
823 | /* check_load_and_stores() verifies that classic BPF can |
824 | * load from stack only after write, so tracking |
825 | * stack_depth for ST|STX insns is enough |
826 | */ |
827 | if (new_prog && new_prog->aux->stack_depth < stack_off) |
828 | new_prog->aux->stack_depth = stack_off; |
829 | break; |
830 | |
831 | /* Load from stack. */ |
832 | case BPF_LD | BPF_MEM: |
833 | case BPF_LDX | BPF_MEM: |
834 | stack_off = fp->k * 4 + 4; |
835 | *insn = BPF_LDX_MEM(BPF_W, BPF_CLASS(fp->code) == BPF_LD ? |
836 | BPF_REG_A : BPF_REG_X, BPF_REG_FP, |
837 | -stack_off); |
838 | break; |
839 | |
840 | /* A = K or X = K */ |
841 | case BPF_LD | BPF_IMM: |
842 | case BPF_LDX | BPF_IMM: |
843 | *insn = BPF_MOV32_IMM(BPF_CLASS(fp->code) == BPF_LD ? |
844 | BPF_REG_A : BPF_REG_X, fp->k); |
845 | break; |
846 | |
847 | /* X = A */ |
848 | case BPF_MISC | BPF_TAX: |
849 | *insn = BPF_MOV64_REG(BPF_REG_X, BPF_REG_A); |
850 | break; |
851 | |
852 | /* A = X */ |
853 | case BPF_MISC | BPF_TXA: |
854 | *insn = BPF_MOV64_REG(BPF_REG_A, BPF_REG_X); |
855 | break; |
856 | |
857 | /* A = skb->len or X = skb->len */ |
858 | case BPF_LD | BPF_W | BPF_LEN: |
859 | case BPF_LDX | BPF_W | BPF_LEN: |
860 | *insn = BPF_LDX_MEM(BPF_W, BPF_CLASS(fp->code) == BPF_LD ? |
861 | BPF_REG_A : BPF_REG_X, BPF_REG_CTX, |
862 | offsetof(struct sk_buff, len)); |
863 | break; |
864 | |
865 | /* Access seccomp_data fields. */ |
866 | case BPF_LDX | BPF_ABS | BPF_W: |
867 | /* A = *(u32 *) (ctx + K) */ |
868 | *insn = BPF_LDX_MEM(BPF_W, BPF_REG_A, BPF_REG_CTX, fp->k); |
869 | break; |
870 | |
871 | /* Unknown instruction. */ |
872 | default: |
873 | goto err; |
874 | } |
875 | |
876 | insn++; |
877 | if (new_prog) |
878 | memcpy(new_insn, tmp_insns, |
879 | sizeof(*insn) * (insn - tmp_insns)); |
880 | new_insn += insn - tmp_insns; |
881 | } |
882 | |
883 | if (!new_prog) { |
884 | /* Only calculating new length. */ |
885 | *new_len = new_insn - first_insn; |
886 | if (*seen_ld_abs) |
887 | *new_len += 4; /* Prologue bits. */ |
888 | return 0; |
889 | } |
890 | |
891 | pass++; |
892 | if (new_flen != new_insn - first_insn) { |
893 | new_flen = new_insn - first_insn; |
894 | if (pass > 2) |
895 | goto err; |
896 | goto do_pass; |
897 | } |
898 | |
899 | kfree(objp: addrs); |
900 | BUG_ON(*new_len != new_flen); |
901 | return 0; |
902 | err: |
903 | kfree(objp: addrs); |
904 | return -EINVAL; |
905 | } |
906 | |
907 | /* Security: |
908 | * |
909 | * As we dont want to clear mem[] array for each packet going through |
910 | * __bpf_prog_run(), we check that filter loaded by user never try to read |
911 | * a cell if not previously written, and we check all branches to be sure |
912 | * a malicious user doesn't try to abuse us. |
913 | */ |
914 | static int check_load_and_stores(const struct sock_filter *filter, int flen) |
915 | { |
916 | u16 *masks, memvalid = 0; /* One bit per cell, 16 cells */ |
917 | int pc, ret = 0; |
918 | |
919 | BUILD_BUG_ON(BPF_MEMWORDS > 16); |
920 | |
921 | masks = kmalloc_array(n: flen, size: sizeof(*masks), GFP_KERNEL); |
922 | if (!masks) |
923 | return -ENOMEM; |
924 | |
925 | memset(masks, 0xff, flen * sizeof(*masks)); |
926 | |
927 | for (pc = 0; pc < flen; pc++) { |
928 | memvalid &= masks[pc]; |
929 | |
930 | switch (filter[pc].code) { |
931 | case BPF_ST: |
932 | case BPF_STX: |
933 | memvalid |= (1 << filter[pc].k); |
934 | break; |
935 | case BPF_LD | BPF_MEM: |
936 | case BPF_LDX | BPF_MEM: |
937 | if (!(memvalid & (1 << filter[pc].k))) { |
938 | ret = -EINVAL; |
939 | goto error; |
940 | } |
941 | break; |
942 | case BPF_JMP | BPF_JA: |
943 | /* A jump must set masks on target */ |
944 | masks[pc + 1 + filter[pc].k] &= memvalid; |
945 | memvalid = ~0; |
946 | break; |
947 | case BPF_JMP | BPF_JEQ | BPF_K: |
948 | case BPF_JMP | BPF_JEQ | BPF_X: |
949 | case BPF_JMP | BPF_JGE | BPF_K: |
950 | case BPF_JMP | BPF_JGE | BPF_X: |
951 | case BPF_JMP | BPF_JGT | BPF_K: |
952 | case BPF_JMP | BPF_JGT | BPF_X: |
953 | case BPF_JMP | BPF_JSET | BPF_K: |
954 | case BPF_JMP | BPF_JSET | BPF_X: |
955 | /* A jump must set masks on targets */ |
956 | masks[pc + 1 + filter[pc].jt] &= memvalid; |
957 | masks[pc + 1 + filter[pc].jf] &= memvalid; |
958 | memvalid = ~0; |
959 | break; |
960 | } |
961 | } |
962 | error: |
963 | kfree(objp: masks); |
964 | return ret; |
965 | } |
966 | |
967 | static bool chk_code_allowed(u16 code_to_probe) |
968 | { |
969 | static const bool codes[] = { |
970 | /* 32 bit ALU operations */ |
971 | [BPF_ALU | BPF_ADD | BPF_K] = true, |
972 | [BPF_ALU | BPF_ADD | BPF_X] = true, |
973 | [BPF_ALU | BPF_SUB | BPF_K] = true, |
974 | [BPF_ALU | BPF_SUB | BPF_X] = true, |
975 | [BPF_ALU | BPF_MUL | BPF_K] = true, |
976 | [BPF_ALU | BPF_MUL | BPF_X] = true, |
977 | [BPF_ALU | BPF_DIV | BPF_K] = true, |
978 | [BPF_ALU | BPF_DIV | BPF_X] = true, |
979 | [BPF_ALU | BPF_MOD | BPF_K] = true, |
980 | [BPF_ALU | BPF_MOD | BPF_X] = true, |
981 | [BPF_ALU | BPF_AND | BPF_K] = true, |
982 | [BPF_ALU | BPF_AND | BPF_X] = true, |
983 | [BPF_ALU | BPF_OR | BPF_K] = true, |
984 | [BPF_ALU | BPF_OR | BPF_X] = true, |
985 | [BPF_ALU | BPF_XOR | BPF_K] = true, |
986 | [BPF_ALU | BPF_XOR | BPF_X] = true, |
987 | [BPF_ALU | BPF_LSH | BPF_K] = true, |
988 | [BPF_ALU | BPF_LSH | BPF_X] = true, |
989 | [BPF_ALU | BPF_RSH | BPF_K] = true, |
990 | [BPF_ALU | BPF_RSH | BPF_X] = true, |
991 | [BPF_ALU | BPF_NEG] = true, |
992 | /* Load instructions */ |
993 | [BPF_LD | BPF_W | BPF_ABS] = true, |
994 | [BPF_LD | BPF_H | BPF_ABS] = true, |
995 | [BPF_LD | BPF_B | BPF_ABS] = true, |
996 | [BPF_LD | BPF_W | BPF_LEN] = true, |
997 | [BPF_LD | BPF_W | BPF_IND] = true, |
998 | [BPF_LD | BPF_H | BPF_IND] = true, |
999 | [BPF_LD | BPF_B | BPF_IND] = true, |
1000 | [BPF_LD | BPF_IMM] = true, |
1001 | [BPF_LD | BPF_MEM] = true, |
1002 | [BPF_LDX | BPF_W | BPF_LEN] = true, |
1003 | [BPF_LDX | BPF_B | BPF_MSH] = true, |
1004 | [BPF_LDX | BPF_IMM] = true, |
1005 | [BPF_LDX | BPF_MEM] = true, |
1006 | /* Store instructions */ |
1007 | [BPF_ST] = true, |
1008 | [BPF_STX] = true, |
1009 | /* Misc instructions */ |
1010 | [BPF_MISC | BPF_TAX] = true, |
1011 | [BPF_MISC | BPF_TXA] = true, |
1012 | /* Return instructions */ |
1013 | [BPF_RET | BPF_K] = true, |
1014 | [BPF_RET | BPF_A] = true, |
1015 | /* Jump instructions */ |
1016 | [BPF_JMP | BPF_JA] = true, |
1017 | [BPF_JMP | BPF_JEQ | BPF_K] = true, |
1018 | [BPF_JMP | BPF_JEQ | BPF_X] = true, |
1019 | [BPF_JMP | BPF_JGE | BPF_K] = true, |
1020 | [BPF_JMP | BPF_JGE | BPF_X] = true, |
1021 | [BPF_JMP | BPF_JGT | BPF_K] = true, |
1022 | [BPF_JMP | BPF_JGT | BPF_X] = true, |
1023 | [BPF_JMP | BPF_JSET | BPF_K] = true, |
1024 | [BPF_JMP | BPF_JSET | BPF_X] = true, |
1025 | }; |
1026 | |
1027 | if (code_to_probe >= ARRAY_SIZE(codes)) |
1028 | return false; |
1029 | |
1030 | return codes[code_to_probe]; |
1031 | } |
1032 | |
1033 | static bool bpf_check_basics_ok(const struct sock_filter *filter, |
1034 | unsigned int flen) |
1035 | { |
1036 | if (filter == NULL) |
1037 | return false; |
1038 | if (flen == 0 || flen > BPF_MAXINSNS) |
1039 | return false; |
1040 | |
1041 | return true; |
1042 | } |
1043 | |
1044 | /** |
1045 | * bpf_check_classic - verify socket filter code |
1046 | * @filter: filter to verify |
1047 | * @flen: length of filter |
1048 | * |
1049 | * Check the user's filter code. If we let some ugly |
1050 | * filter code slip through kaboom! The filter must contain |
1051 | * no references or jumps that are out of range, no illegal |
1052 | * instructions, and must end with a RET instruction. |
1053 | * |
1054 | * All jumps are forward as they are not signed. |
1055 | * |
1056 | * Returns 0 if the rule set is legal or -EINVAL if not. |
1057 | */ |
1058 | static int bpf_check_classic(const struct sock_filter *filter, |
1059 | unsigned int flen) |
1060 | { |
1061 | bool anc_found; |
1062 | int pc; |
1063 | |
1064 | /* Check the filter code now */ |
1065 | for (pc = 0; pc < flen; pc++) { |
1066 | const struct sock_filter *ftest = &filter[pc]; |
1067 | |
1068 | /* May we actually operate on this code? */ |
1069 | if (!chk_code_allowed(code_to_probe: ftest->code)) |
1070 | return -EINVAL; |
1071 | |
1072 | /* Some instructions need special checks */ |
1073 | switch (ftest->code) { |
1074 | case BPF_ALU | BPF_DIV | BPF_K: |
1075 | case BPF_ALU | BPF_MOD | BPF_K: |
1076 | /* Check for division by zero */ |
1077 | if (ftest->k == 0) |
1078 | return -EINVAL; |
1079 | break; |
1080 | case BPF_ALU | BPF_LSH | BPF_K: |
1081 | case BPF_ALU | BPF_RSH | BPF_K: |
1082 | if (ftest->k >= 32) |
1083 | return -EINVAL; |
1084 | break; |
1085 | case BPF_LD | BPF_MEM: |
1086 | case BPF_LDX | BPF_MEM: |
1087 | case BPF_ST: |
1088 | case BPF_STX: |
1089 | /* Check for invalid memory addresses */ |
1090 | if (ftest->k >= BPF_MEMWORDS) |
1091 | return -EINVAL; |
1092 | break; |
1093 | case BPF_JMP | BPF_JA: |
1094 | /* Note, the large ftest->k might cause loops. |
1095 | * Compare this with conditional jumps below, |
1096 | * where offsets are limited. --ANK (981016) |
1097 | */ |
1098 | if (ftest->k >= (unsigned int)(flen - pc - 1)) |
1099 | return -EINVAL; |
1100 | break; |
1101 | case BPF_JMP | BPF_JEQ | BPF_K: |
1102 | case BPF_JMP | BPF_JEQ | BPF_X: |
1103 | case BPF_JMP | BPF_JGE | BPF_K: |
1104 | case BPF_JMP | BPF_JGE | BPF_X: |
1105 | case BPF_JMP | BPF_JGT | BPF_K: |
1106 | case BPF_JMP | BPF_JGT | BPF_X: |
1107 | case BPF_JMP | BPF_JSET | BPF_K: |
1108 | case BPF_JMP | BPF_JSET | BPF_X: |
1109 | /* Both conditionals must be safe */ |
1110 | if (pc + ftest->jt + 1 >= flen || |
1111 | pc + ftest->jf + 1 >= flen) |
1112 | return -EINVAL; |
1113 | break; |
1114 | case BPF_LD | BPF_W | BPF_ABS: |
1115 | case BPF_LD | BPF_H | BPF_ABS: |
1116 | case BPF_LD | BPF_B | BPF_ABS: |
1117 | anc_found = false; |
1118 | if (bpf_anc_helper(ftest) & BPF_ANC) |
1119 | anc_found = true; |
1120 | /* Ancillary operation unknown or unsupported */ |
1121 | if (anc_found == false && ftest->k >= SKF_AD_OFF) |
1122 | return -EINVAL; |
1123 | } |
1124 | } |
1125 | |
1126 | /* Last instruction must be a RET code */ |
1127 | switch (filter[flen - 1].code) { |
1128 | case BPF_RET | BPF_K: |
1129 | case BPF_RET | BPF_A: |
1130 | return check_load_and_stores(filter, flen); |
1131 | } |
1132 | |
1133 | return -EINVAL; |
1134 | } |
1135 | |
1136 | static int bpf_prog_store_orig_filter(struct bpf_prog *fp, |
1137 | const struct sock_fprog *fprog) |
1138 | { |
1139 | unsigned int fsize = bpf_classic_proglen(fprog); |
1140 | struct sock_fprog_kern *fkprog; |
1141 | |
1142 | fp->orig_prog = kmalloc(size: sizeof(*fkprog), GFP_KERNEL); |
1143 | if (!fp->orig_prog) |
1144 | return -ENOMEM; |
1145 | |
1146 | fkprog = fp->orig_prog; |
1147 | fkprog->len = fprog->len; |
1148 | |
1149 | fkprog->filter = kmemdup(p: fp->insns, size: fsize, |
1150 | GFP_KERNEL | __GFP_NOWARN); |
1151 | if (!fkprog->filter) { |
1152 | kfree(objp: fp->orig_prog); |
1153 | return -ENOMEM; |
1154 | } |
1155 | |
1156 | return 0; |
1157 | } |
1158 | |
1159 | static void bpf_release_orig_filter(struct bpf_prog *fp) |
1160 | { |
1161 | struct sock_fprog_kern *fprog = fp->orig_prog; |
1162 | |
1163 | if (fprog) { |
1164 | kfree(objp: fprog->filter); |
1165 | kfree(objp: fprog); |
1166 | } |
1167 | } |
1168 | |
1169 | static void __bpf_prog_release(struct bpf_prog *prog) |
1170 | { |
1171 | if (prog->type == BPF_PROG_TYPE_SOCKET_FILTER) { |
1172 | bpf_prog_put(prog); |
1173 | } else { |
1174 | bpf_release_orig_filter(fp: prog); |
1175 | bpf_prog_free(fp: prog); |
1176 | } |
1177 | } |
1178 | |
1179 | static void __sk_filter_release(struct sk_filter *fp) |
1180 | { |
1181 | __bpf_prog_release(prog: fp->prog); |
1182 | kfree(objp: fp); |
1183 | } |
1184 | |
1185 | /** |
1186 | * sk_filter_release_rcu - Release a socket filter by rcu_head |
1187 | * @rcu: rcu_head that contains the sk_filter to free |
1188 | */ |
1189 | static void sk_filter_release_rcu(struct rcu_head *rcu) |
1190 | { |
1191 | struct sk_filter *fp = container_of(rcu, struct sk_filter, rcu); |
1192 | |
1193 | __sk_filter_release(fp); |
1194 | } |
1195 | |
1196 | /** |
1197 | * sk_filter_release - release a socket filter |
1198 | * @fp: filter to remove |
1199 | * |
1200 | * Remove a filter from a socket and release its resources. |
1201 | */ |
1202 | static void sk_filter_release(struct sk_filter *fp) |
1203 | { |
1204 | if (refcount_dec_and_test(r: &fp->refcnt)) |
1205 | call_rcu(head: &fp->rcu, func: sk_filter_release_rcu); |
1206 | } |
1207 | |
1208 | void sk_filter_uncharge(struct sock *sk, struct sk_filter *fp) |
1209 | { |
1210 | u32 filter_size = bpf_prog_size(proglen: fp->prog->len); |
1211 | |
1212 | atomic_sub(i: filter_size, v: &sk->sk_omem_alloc); |
1213 | sk_filter_release(fp); |
1214 | } |
1215 | |
1216 | /* try to charge the socket memory if there is space available |
1217 | * return true on success |
1218 | */ |
1219 | static bool __sk_filter_charge(struct sock *sk, struct sk_filter *fp) |
1220 | { |
1221 | u32 filter_size = bpf_prog_size(proglen: fp->prog->len); |
1222 | int optmem_max = READ_ONCE(sysctl_optmem_max); |
1223 | |
1224 | /* same check as in sock_kmalloc() */ |
1225 | if (filter_size <= optmem_max && |
1226 | atomic_read(v: &sk->sk_omem_alloc) + filter_size < optmem_max) { |
1227 | atomic_add(i: filter_size, v: &sk->sk_omem_alloc); |
1228 | return true; |
1229 | } |
1230 | return false; |
1231 | } |
1232 | |
1233 | bool sk_filter_charge(struct sock *sk, struct sk_filter *fp) |
1234 | { |
1235 | if (!refcount_inc_not_zero(r: &fp->refcnt)) |
1236 | return false; |
1237 | |
1238 | if (!__sk_filter_charge(sk, fp)) { |
1239 | sk_filter_release(fp); |
1240 | return false; |
1241 | } |
1242 | return true; |
1243 | } |
1244 | |
1245 | static struct bpf_prog *bpf_migrate_filter(struct bpf_prog *fp) |
1246 | { |
1247 | struct sock_filter *old_prog; |
1248 | struct bpf_prog *old_fp; |
1249 | int err, new_len, old_len = fp->len; |
1250 | bool seen_ld_abs = false; |
1251 | |
1252 | /* We are free to overwrite insns et al right here as it won't be used at |
1253 | * this point in time anymore internally after the migration to the eBPF |
1254 | * instruction representation. |
1255 | */ |
1256 | BUILD_BUG_ON(sizeof(struct sock_filter) != |
1257 | sizeof(struct bpf_insn)); |
1258 | |
1259 | /* Conversion cannot happen on overlapping memory areas, |
1260 | * so we need to keep the user BPF around until the 2nd |
1261 | * pass. At this time, the user BPF is stored in fp->insns. |
1262 | */ |
1263 | old_prog = kmemdup(p: fp->insns, size: old_len * sizeof(struct sock_filter), |
1264 | GFP_KERNEL | __GFP_NOWARN); |
1265 | if (!old_prog) { |
1266 | err = -ENOMEM; |
1267 | goto out_err; |
1268 | } |
1269 | |
1270 | /* 1st pass: calculate the new program length. */ |
1271 | err = bpf_convert_filter(prog: old_prog, len: old_len, NULL, new_len: &new_len, |
1272 | seen_ld_abs: &seen_ld_abs); |
1273 | if (err) |
1274 | goto out_err_free; |
1275 | |
1276 | /* Expand fp for appending the new filter representation. */ |
1277 | old_fp = fp; |
1278 | fp = bpf_prog_realloc(fp_old: old_fp, size: bpf_prog_size(proglen: new_len), gfp_extra_flags: 0); |
1279 | if (!fp) { |
1280 | /* The old_fp is still around in case we couldn't |
1281 | * allocate new memory, so uncharge on that one. |
1282 | */ |
1283 | fp = old_fp; |
1284 | err = -ENOMEM; |
1285 | goto out_err_free; |
1286 | } |
1287 | |
1288 | fp->len = new_len; |
1289 | |
1290 | /* 2nd pass: remap sock_filter insns into bpf_insn insns. */ |
1291 | err = bpf_convert_filter(prog: old_prog, len: old_len, new_prog: fp, new_len: &new_len, |
1292 | seen_ld_abs: &seen_ld_abs); |
1293 | if (err) |
1294 | /* 2nd bpf_convert_filter() can fail only if it fails |
1295 | * to allocate memory, remapping must succeed. Note, |
1296 | * that at this time old_fp has already been released |
1297 | * by krealloc(). |
1298 | */ |
1299 | goto out_err_free; |
1300 | |
1301 | fp = bpf_prog_select_runtime(fp, err: &err); |
1302 | if (err) |
1303 | goto out_err_free; |
1304 | |
1305 | kfree(objp: old_prog); |
1306 | return fp; |
1307 | |
1308 | out_err_free: |
1309 | kfree(objp: old_prog); |
1310 | out_err: |
1311 | __bpf_prog_release(prog: fp); |
1312 | return ERR_PTR(error: err); |
1313 | } |
1314 | |
1315 | static struct bpf_prog *bpf_prepare_filter(struct bpf_prog *fp, |
1316 | bpf_aux_classic_check_t trans) |
1317 | { |
1318 | int err; |
1319 | |
1320 | fp->bpf_func = NULL; |
1321 | fp->jited = 0; |
1322 | |
1323 | err = bpf_check_classic(filter: fp->insns, flen: fp->len); |
1324 | if (err) { |
1325 | __bpf_prog_release(prog: fp); |
1326 | return ERR_PTR(error: err); |
1327 | } |
1328 | |
1329 | /* There might be additional checks and transformations |
1330 | * needed on classic filters, f.e. in case of seccomp. |
1331 | */ |
1332 | if (trans) { |
1333 | err = trans(fp->insns, fp->len); |
1334 | if (err) { |
1335 | __bpf_prog_release(prog: fp); |
1336 | return ERR_PTR(error: err); |
1337 | } |
1338 | } |
1339 | |
1340 | /* Probe if we can JIT compile the filter and if so, do |
1341 | * the compilation of the filter. |
1342 | */ |
1343 | bpf_jit_compile(prog: fp); |
1344 | |
1345 | /* JIT compiler couldn't process this filter, so do the eBPF translation |
1346 | * for the optimized interpreter. |
1347 | */ |
1348 | if (!fp->jited) |
1349 | fp = bpf_migrate_filter(fp); |
1350 | |
1351 | return fp; |
1352 | } |
1353 | |
1354 | /** |
1355 | * bpf_prog_create - create an unattached filter |
1356 | * @pfp: the unattached filter that is created |
1357 | * @fprog: the filter program |
1358 | * |
1359 | * Create a filter independent of any socket. We first run some |
1360 | * sanity checks on it to make sure it does not explode on us later. |
1361 | * If an error occurs or there is insufficient memory for the filter |
1362 | * a negative errno code is returned. On success the return is zero. |
1363 | */ |
1364 | int bpf_prog_create(struct bpf_prog **pfp, struct sock_fprog_kern *fprog) |
1365 | { |
1366 | unsigned int fsize = bpf_classic_proglen(fprog); |
1367 | struct bpf_prog *fp; |
1368 | |
1369 | /* Make sure new filter is there and in the right amounts. */ |
1370 | if (!bpf_check_basics_ok(filter: fprog->filter, flen: fprog->len)) |
1371 | return -EINVAL; |
1372 | |
1373 | fp = bpf_prog_alloc(size: bpf_prog_size(proglen: fprog->len), gfp_extra_flags: 0); |
1374 | if (!fp) |
1375 | return -ENOMEM; |
1376 | |
1377 | memcpy(fp->insns, fprog->filter, fsize); |
1378 | |
1379 | fp->len = fprog->len; |
1380 | /* Since unattached filters are not copied back to user |
1381 | * space through sk_get_filter(), we do not need to hold |
1382 | * a copy here, and can spare us the work. |
1383 | */ |
1384 | fp->orig_prog = NULL; |
1385 | |
1386 | /* bpf_prepare_filter() already takes care of freeing |
1387 | * memory in case something goes wrong. |
1388 | */ |
1389 | fp = bpf_prepare_filter(fp, NULL); |
1390 | if (IS_ERR(ptr: fp)) |
1391 | return PTR_ERR(ptr: fp); |
1392 | |
1393 | *pfp = fp; |
1394 | return 0; |
1395 | } |
1396 | EXPORT_SYMBOL_GPL(bpf_prog_create); |
1397 | |
1398 | /** |
1399 | * bpf_prog_create_from_user - create an unattached filter from user buffer |
1400 | * @pfp: the unattached filter that is created |
1401 | * @fprog: the filter program |
1402 | * @trans: post-classic verifier transformation handler |
1403 | * @save_orig: save classic BPF program |
1404 | * |
1405 | * This function effectively does the same as bpf_prog_create(), only |
1406 | * that it builds up its insns buffer from user space provided buffer. |
1407 | * It also allows for passing a bpf_aux_classic_check_t handler. |
1408 | */ |
1409 | int bpf_prog_create_from_user(struct bpf_prog **pfp, struct sock_fprog *fprog, |
1410 | bpf_aux_classic_check_t trans, bool save_orig) |
1411 | { |
1412 | unsigned int fsize = bpf_classic_proglen(fprog); |
1413 | struct bpf_prog *fp; |
1414 | int err; |
1415 | |
1416 | /* Make sure new filter is there and in the right amounts. */ |
1417 | if (!bpf_check_basics_ok(filter: fprog->filter, flen: fprog->len)) |
1418 | return -EINVAL; |
1419 | |
1420 | fp = bpf_prog_alloc(size: bpf_prog_size(proglen: fprog->len), gfp_extra_flags: 0); |
1421 | if (!fp) |
1422 | return -ENOMEM; |
1423 | |
1424 | if (copy_from_user(to: fp->insns, from: fprog->filter, n: fsize)) { |
1425 | __bpf_prog_free(fp); |
1426 | return -EFAULT; |
1427 | } |
1428 | |
1429 | fp->len = fprog->len; |
1430 | fp->orig_prog = NULL; |
1431 | |
1432 | if (save_orig) { |
1433 | err = bpf_prog_store_orig_filter(fp, fprog); |
1434 | if (err) { |
1435 | __bpf_prog_free(fp); |
1436 | return -ENOMEM; |
1437 | } |
1438 | } |
1439 | |
1440 | /* bpf_prepare_filter() already takes care of freeing |
1441 | * memory in case something goes wrong. |
1442 | */ |
1443 | fp = bpf_prepare_filter(fp, trans); |
1444 | if (IS_ERR(ptr: fp)) |
1445 | return PTR_ERR(ptr: fp); |
1446 | |
1447 | *pfp = fp; |
1448 | return 0; |
1449 | } |
1450 | EXPORT_SYMBOL_GPL(bpf_prog_create_from_user); |
1451 | |
1452 | void bpf_prog_destroy(struct bpf_prog *fp) |
1453 | { |
1454 | __bpf_prog_release(prog: fp); |
1455 | } |
1456 | EXPORT_SYMBOL_GPL(bpf_prog_destroy); |
1457 | |
1458 | static int __sk_attach_prog(struct bpf_prog *prog, struct sock *sk) |
1459 | { |
1460 | struct sk_filter *fp, *old_fp; |
1461 | |
1462 | fp = kmalloc(size: sizeof(*fp), GFP_KERNEL); |
1463 | if (!fp) |
1464 | return -ENOMEM; |
1465 | |
1466 | fp->prog = prog; |
1467 | |
1468 | if (!__sk_filter_charge(sk, fp)) { |
1469 | kfree(objp: fp); |
1470 | return -ENOMEM; |
1471 | } |
1472 | refcount_set(r: &fp->refcnt, n: 1); |
1473 | |
1474 | old_fp = rcu_dereference_protected(sk->sk_filter, |
1475 | lockdep_sock_is_held(sk)); |
1476 | rcu_assign_pointer(sk->sk_filter, fp); |
1477 | |
1478 | if (old_fp) |
1479 | sk_filter_uncharge(sk, fp: old_fp); |
1480 | |
1481 | return 0; |
1482 | } |
1483 | |
1484 | static |
1485 | struct bpf_prog *__get_filter(struct sock_fprog *fprog, struct sock *sk) |
1486 | { |
1487 | unsigned int fsize = bpf_classic_proglen(fprog); |
1488 | struct bpf_prog *prog; |
1489 | int err; |
1490 | |
1491 | if (sock_flag(sk, flag: SOCK_FILTER_LOCKED)) |
1492 | return ERR_PTR(error: -EPERM); |
1493 | |
1494 | /* Make sure new filter is there and in the right amounts. */ |
1495 | if (!bpf_check_basics_ok(filter: fprog->filter, flen: fprog->len)) |
1496 | return ERR_PTR(error: -EINVAL); |
1497 | |
1498 | prog = bpf_prog_alloc(size: bpf_prog_size(proglen: fprog->len), gfp_extra_flags: 0); |
1499 | if (!prog) |
1500 | return ERR_PTR(error: -ENOMEM); |
1501 | |
1502 | if (copy_from_user(to: prog->insns, from: fprog->filter, n: fsize)) { |
1503 | __bpf_prog_free(fp: prog); |
1504 | return ERR_PTR(error: -EFAULT); |
1505 | } |
1506 | |
1507 | prog->len = fprog->len; |
1508 | |
1509 | err = bpf_prog_store_orig_filter(fp: prog, fprog); |
1510 | if (err) { |
1511 | __bpf_prog_free(fp: prog); |
1512 | return ERR_PTR(error: -ENOMEM); |
1513 | } |
1514 | |
1515 | /* bpf_prepare_filter() already takes care of freeing |
1516 | * memory in case something goes wrong. |
1517 | */ |
1518 | return bpf_prepare_filter(fp: prog, NULL); |
1519 | } |
1520 | |
1521 | /** |
1522 | * sk_attach_filter - attach a socket filter |
1523 | * @fprog: the filter program |
1524 | * @sk: the socket to use |
1525 | * |
1526 | * Attach the user's filter code. We first run some sanity checks on |
1527 | * it to make sure it does not explode on us later. If an error |
1528 | * occurs or there is insufficient memory for the filter a negative |
1529 | * errno code is returned. On success the return is zero. |
1530 | */ |
1531 | int sk_attach_filter(struct sock_fprog *fprog, struct sock *sk) |
1532 | { |
1533 | struct bpf_prog *prog = __get_filter(fprog, sk); |
1534 | int err; |
1535 | |
1536 | if (IS_ERR(ptr: prog)) |
1537 | return PTR_ERR(ptr: prog); |
1538 | |
1539 | err = __sk_attach_prog(prog, sk); |
1540 | if (err < 0) { |
1541 | __bpf_prog_release(prog); |
1542 | return err; |
1543 | } |
1544 | |
1545 | return 0; |
1546 | } |
1547 | EXPORT_SYMBOL_GPL(sk_attach_filter); |
1548 | |
1549 | int sk_reuseport_attach_filter(struct sock_fprog *fprog, struct sock *sk) |
1550 | { |
1551 | struct bpf_prog *prog = __get_filter(fprog, sk); |
1552 | int err; |
1553 | |
1554 | if (IS_ERR(ptr: prog)) |
1555 | return PTR_ERR(ptr: prog); |
1556 | |
1557 | if (bpf_prog_size(proglen: prog->len) > READ_ONCE(sysctl_optmem_max)) |
1558 | err = -ENOMEM; |
1559 | else |
1560 | err = reuseport_attach_prog(sk, prog); |
1561 | |
1562 | if (err) |
1563 | __bpf_prog_release(prog); |
1564 | |
1565 | return err; |
1566 | } |
1567 | |
1568 | static struct bpf_prog *__get_bpf(u32 ufd, struct sock *sk) |
1569 | { |
1570 | if (sock_flag(sk, flag: SOCK_FILTER_LOCKED)) |
1571 | return ERR_PTR(error: -EPERM); |
1572 | |
1573 | return bpf_prog_get_type(ufd, type: BPF_PROG_TYPE_SOCKET_FILTER); |
1574 | } |
1575 | |
1576 | int sk_attach_bpf(u32 ufd, struct sock *sk) |
1577 | { |
1578 | struct bpf_prog *prog = __get_bpf(ufd, sk); |
1579 | int err; |
1580 | |
1581 | if (IS_ERR(ptr: prog)) |
1582 | return PTR_ERR(ptr: prog); |
1583 | |
1584 | err = __sk_attach_prog(prog, sk); |
1585 | if (err < 0) { |
1586 | bpf_prog_put(prog); |
1587 | return err; |
1588 | } |
1589 | |
1590 | return 0; |
1591 | } |
1592 | |
1593 | int sk_reuseport_attach_bpf(u32 ufd, struct sock *sk) |
1594 | { |
1595 | struct bpf_prog *prog; |
1596 | int err; |
1597 | |
1598 | if (sock_flag(sk, flag: SOCK_FILTER_LOCKED)) |
1599 | return -EPERM; |
1600 | |
1601 | prog = bpf_prog_get_type(ufd, type: BPF_PROG_TYPE_SOCKET_FILTER); |
1602 | if (PTR_ERR(ptr: prog) == -EINVAL) |
1603 | prog = bpf_prog_get_type(ufd, type: BPF_PROG_TYPE_SK_REUSEPORT); |
1604 | if (IS_ERR(ptr: prog)) |
1605 | return PTR_ERR(ptr: prog); |
1606 | |
1607 | if (prog->type == BPF_PROG_TYPE_SK_REUSEPORT) { |
1608 | /* Like other non BPF_PROG_TYPE_SOCKET_FILTER |
1609 | * bpf prog (e.g. sockmap). It depends on the |
1610 | * limitation imposed by bpf_prog_load(). |
1611 | * Hence, sysctl_optmem_max is not checked. |
1612 | */ |
1613 | if ((sk->sk_type != SOCK_STREAM && |
1614 | sk->sk_type != SOCK_DGRAM) || |
1615 | (sk->sk_protocol != IPPROTO_UDP && |
1616 | sk->sk_protocol != IPPROTO_TCP) || |
1617 | (sk->sk_family != AF_INET && |
1618 | sk->sk_family != AF_INET6)) { |
1619 | err = -ENOTSUPP; |
1620 | goto err_prog_put; |
1621 | } |
1622 | } else { |
1623 | /* BPF_PROG_TYPE_SOCKET_FILTER */ |
1624 | if (bpf_prog_size(proglen: prog->len) > READ_ONCE(sysctl_optmem_max)) { |
1625 | err = -ENOMEM; |
1626 | goto err_prog_put; |
1627 | } |
1628 | } |
1629 | |
1630 | err = reuseport_attach_prog(sk, prog); |
1631 | err_prog_put: |
1632 | if (err) |
1633 | bpf_prog_put(prog); |
1634 | |
1635 | return err; |
1636 | } |
1637 | |
1638 | void sk_reuseport_prog_free(struct bpf_prog *prog) |
1639 | { |
1640 | if (!prog) |
1641 | return; |
1642 | |
1643 | if (prog->type == BPF_PROG_TYPE_SK_REUSEPORT) |
1644 | bpf_prog_put(prog); |
1645 | else |
1646 | bpf_prog_destroy(prog); |
1647 | } |
1648 | |
1649 | struct bpf_scratchpad { |
1650 | union { |
1651 | __be32 diff[MAX_BPF_STACK / sizeof(__be32)]; |
1652 | u8 buff[MAX_BPF_STACK]; |
1653 | }; |
1654 | }; |
1655 | |
1656 | static DEFINE_PER_CPU(struct bpf_scratchpad, bpf_sp); |
1657 | |
1658 | static inline int __bpf_try_make_writable(struct sk_buff *skb, |
1659 | unsigned int write_len) |
1660 | { |
1661 | return skb_ensure_writable(skb, write_len); |
1662 | } |
1663 | |
1664 | static inline int bpf_try_make_writable(struct sk_buff *skb, |
1665 | unsigned int write_len) |
1666 | { |
1667 | int err = __bpf_try_make_writable(skb, write_len); |
1668 | |
1669 | bpf_compute_data_pointers(skb); |
1670 | return err; |
1671 | } |
1672 | |
1673 | static int bpf_try_make_head_writable(struct sk_buff *skb) |
1674 | { |
1675 | return bpf_try_make_writable(skb, write_len: skb_headlen(skb)); |
1676 | } |
1677 | |
1678 | static inline void bpf_push_mac_rcsum(struct sk_buff *skb) |
1679 | { |
1680 | if (skb_at_tc_ingress(skb)) |
1681 | skb_postpush_rcsum(skb, start: skb_mac_header(skb), len: skb->mac_len); |
1682 | } |
1683 | |
1684 | static inline void bpf_pull_mac_rcsum(struct sk_buff *skb) |
1685 | { |
1686 | if (skb_at_tc_ingress(skb)) |
1687 | skb_postpull_rcsum(skb, start: skb_mac_header(skb), len: skb->mac_len); |
1688 | } |
1689 | |
1690 | BPF_CALL_5(bpf_skb_store_bytes, struct sk_buff *, skb, u32, offset, |
1691 | const void *, from, u32, len, u64, flags) |
1692 | { |
1693 | void *ptr; |
1694 | |
1695 | if (unlikely(flags & ~(BPF_F_RECOMPUTE_CSUM | BPF_F_INVALIDATE_HASH))) |
1696 | return -EINVAL; |
1697 | if (unlikely(offset > INT_MAX)) |
1698 | return -EFAULT; |
1699 | if (unlikely(bpf_try_make_writable(skb, offset + len))) |
1700 | return -EFAULT; |
1701 | |
1702 | ptr = skb->data + offset; |
1703 | if (flags & BPF_F_RECOMPUTE_CSUM) |
1704 | __skb_postpull_rcsum(skb, start: ptr, len, off: offset); |
1705 | |
1706 | memcpy(ptr, from, len); |
1707 | |
1708 | if (flags & BPF_F_RECOMPUTE_CSUM) |
1709 | __skb_postpush_rcsum(skb, start: ptr, len, off: offset); |
1710 | if (flags & BPF_F_INVALIDATE_HASH) |
1711 | skb_clear_hash(skb); |
1712 | |
1713 | return 0; |
1714 | } |
1715 | |
1716 | static const struct bpf_func_proto bpf_skb_store_bytes_proto = { |
1717 | .func = bpf_skb_store_bytes, |
1718 | .gpl_only = false, |
1719 | .ret_type = RET_INTEGER, |
1720 | .arg1_type = ARG_PTR_TO_CTX, |
1721 | .arg2_type = ARG_ANYTHING, |
1722 | .arg3_type = ARG_PTR_TO_MEM | MEM_RDONLY, |
1723 | .arg4_type = ARG_CONST_SIZE, |
1724 | .arg5_type = ARG_ANYTHING, |
1725 | }; |
1726 | |
1727 | int __bpf_skb_store_bytes(struct sk_buff *skb, u32 offset, const void *from, |
1728 | u32 len, u64 flags) |
1729 | { |
1730 | return ____bpf_skb_store_bytes(skb, offset, from, len, flags); |
1731 | } |
1732 | |
1733 | BPF_CALL_4(bpf_skb_load_bytes, const struct sk_buff *, skb, u32, offset, |
1734 | void *, to, u32, len) |
1735 | { |
1736 | void *ptr; |
1737 | |
1738 | if (unlikely(offset > INT_MAX)) |
1739 | goto err_clear; |
1740 | |
1741 | ptr = skb_header_pointer(skb, offset, len, buffer: to); |
1742 | if (unlikely(!ptr)) |
1743 | goto err_clear; |
1744 | if (ptr != to) |
1745 | memcpy(to, ptr, len); |
1746 | |
1747 | return 0; |
1748 | err_clear: |
1749 | memset(to, 0, len); |
1750 | return -EFAULT; |
1751 | } |
1752 | |
1753 | static const struct bpf_func_proto bpf_skb_load_bytes_proto = { |
1754 | .func = bpf_skb_load_bytes, |
1755 | .gpl_only = false, |
1756 | .ret_type = RET_INTEGER, |
1757 | .arg1_type = ARG_PTR_TO_CTX, |
1758 | .arg2_type = ARG_ANYTHING, |
1759 | .arg3_type = ARG_PTR_TO_UNINIT_MEM, |
1760 | .arg4_type = ARG_CONST_SIZE, |
1761 | }; |
1762 | |
1763 | int __bpf_skb_load_bytes(const struct sk_buff *skb, u32 offset, void *to, u32 len) |
1764 | { |
1765 | return ____bpf_skb_load_bytes(skb, offset, to, len); |
1766 | } |
1767 | |
1768 | BPF_CALL_4(bpf_flow_dissector_load_bytes, |
1769 | const struct bpf_flow_dissector *, ctx, u32, offset, |
1770 | void *, to, u32, len) |
1771 | { |
1772 | void *ptr; |
1773 | |
1774 | if (unlikely(offset > 0xffff)) |
1775 | goto err_clear; |
1776 | |
1777 | if (unlikely(!ctx->skb)) |
1778 | goto err_clear; |
1779 | |
1780 | ptr = skb_header_pointer(skb: ctx->skb, offset, len, buffer: to); |
1781 | if (unlikely(!ptr)) |
1782 | goto err_clear; |
1783 | if (ptr != to) |
1784 | memcpy(to, ptr, len); |
1785 | |
1786 | return 0; |
1787 | err_clear: |
1788 | memset(to, 0, len); |
1789 | return -EFAULT; |
1790 | } |
1791 | |
1792 | static const struct bpf_func_proto bpf_flow_dissector_load_bytes_proto = { |
1793 | .func = bpf_flow_dissector_load_bytes, |
1794 | .gpl_only = false, |
1795 | .ret_type = RET_INTEGER, |
1796 | .arg1_type = ARG_PTR_TO_CTX, |
1797 | .arg2_type = ARG_ANYTHING, |
1798 | .arg3_type = ARG_PTR_TO_UNINIT_MEM, |
1799 | .arg4_type = ARG_CONST_SIZE, |
1800 | }; |
1801 | |
1802 | BPF_CALL_5(bpf_skb_load_bytes_relative, const struct sk_buff *, skb, |
1803 | u32, offset, void *, to, u32, len, u32, ) |
1804 | { |
1805 | u8 *end = skb_tail_pointer(skb); |
1806 | u8 *start, *ptr; |
1807 | |
1808 | if (unlikely(offset > 0xffff)) |
1809 | goto err_clear; |
1810 | |
1811 | switch (start_header) { |
1812 | case BPF_HDR_START_MAC: |
1813 | if (unlikely(!skb_mac_header_was_set(skb))) |
1814 | goto err_clear; |
1815 | start = skb_mac_header(skb); |
1816 | break; |
1817 | case BPF_HDR_START_NET: |
1818 | start = skb_network_header(skb); |
1819 | break; |
1820 | default: |
1821 | goto err_clear; |
1822 | } |
1823 | |
1824 | ptr = start + offset; |
1825 | |
1826 | if (likely(ptr + len <= end)) { |
1827 | memcpy(to, ptr, len); |
1828 | return 0; |
1829 | } |
1830 | |
1831 | err_clear: |
1832 | memset(to, 0, len); |
1833 | return -EFAULT; |
1834 | } |
1835 | |
1836 | static const struct bpf_func_proto bpf_skb_load_bytes_relative_proto = { |
1837 | .func = bpf_skb_load_bytes_relative, |
1838 | .gpl_only = false, |
1839 | .ret_type = RET_INTEGER, |
1840 | .arg1_type = ARG_PTR_TO_CTX, |
1841 | .arg2_type = ARG_ANYTHING, |
1842 | .arg3_type = ARG_PTR_TO_UNINIT_MEM, |
1843 | .arg4_type = ARG_CONST_SIZE, |
1844 | .arg5_type = ARG_ANYTHING, |
1845 | }; |
1846 | |
1847 | BPF_CALL_2(bpf_skb_pull_data, struct sk_buff *, skb, u32, len) |
1848 | { |
1849 | /* Idea is the following: should the needed direct read/write |
1850 | * test fail during runtime, we can pull in more data and redo |
1851 | * again, since implicitly, we invalidate previous checks here. |
1852 | * |
1853 | * Or, since we know how much we need to make read/writeable, |
1854 | * this can be done once at the program beginning for direct |
1855 | * access case. By this we overcome limitations of only current |
1856 | * headroom being accessible. |
1857 | */ |
1858 | return bpf_try_make_writable(skb, write_len: len ? : skb_headlen(skb)); |
1859 | } |
1860 | |
1861 | static const struct bpf_func_proto bpf_skb_pull_data_proto = { |
1862 | .func = bpf_skb_pull_data, |
1863 | .gpl_only = false, |
1864 | .ret_type = RET_INTEGER, |
1865 | .arg1_type = ARG_PTR_TO_CTX, |
1866 | .arg2_type = ARG_ANYTHING, |
1867 | }; |
1868 | |
1869 | BPF_CALL_1(bpf_sk_fullsock, struct sock *, sk) |
1870 | { |
1871 | return sk_fullsock(sk) ? (unsigned long)sk : (unsigned long)NULL; |
1872 | } |
1873 | |
1874 | static const struct bpf_func_proto bpf_sk_fullsock_proto = { |
1875 | .func = bpf_sk_fullsock, |
1876 | .gpl_only = false, |
1877 | .ret_type = RET_PTR_TO_SOCKET_OR_NULL, |
1878 | .arg1_type = ARG_PTR_TO_SOCK_COMMON, |
1879 | }; |
1880 | |
1881 | static inline int sk_skb_try_make_writable(struct sk_buff *skb, |
1882 | unsigned int write_len) |
1883 | { |
1884 | return __bpf_try_make_writable(skb, write_len); |
1885 | } |
1886 | |
1887 | BPF_CALL_2(sk_skb_pull_data, struct sk_buff *, skb, u32, len) |
1888 | { |
1889 | /* Idea is the following: should the needed direct read/write |
1890 | * test fail during runtime, we can pull in more data and redo |
1891 | * again, since implicitly, we invalidate previous checks here. |
1892 | * |
1893 | * Or, since we know how much we need to make read/writeable, |
1894 | * this can be done once at the program beginning for direct |
1895 | * access case. By this we overcome limitations of only current |
1896 | * headroom being accessible. |
1897 | */ |
1898 | return sk_skb_try_make_writable(skb, write_len: len ? : skb_headlen(skb)); |
1899 | } |
1900 | |
1901 | static const struct bpf_func_proto sk_skb_pull_data_proto = { |
1902 | .func = sk_skb_pull_data, |
1903 | .gpl_only = false, |
1904 | .ret_type = RET_INTEGER, |
1905 | .arg1_type = ARG_PTR_TO_CTX, |
1906 | .arg2_type = ARG_ANYTHING, |
1907 | }; |
1908 | |
1909 | BPF_CALL_5(bpf_l3_csum_replace, struct sk_buff *, skb, u32, offset, |
1910 | u64, from, u64, to, u64, flags) |
1911 | { |
1912 | __sum16 *ptr; |
1913 | |
1914 | if (unlikely(flags & ~(BPF_F_HDR_FIELD_MASK))) |
1915 | return -EINVAL; |
1916 | if (unlikely(offset > 0xffff || offset & 1)) |
1917 | return -EFAULT; |
1918 | if (unlikely(bpf_try_make_writable(skb, offset + sizeof(*ptr)))) |
1919 | return -EFAULT; |
1920 | |
1921 | ptr = (__sum16 *)(skb->data + offset); |
1922 | switch (flags & BPF_F_HDR_FIELD_MASK) { |
1923 | case 0: |
1924 | if (unlikely(from != 0)) |
1925 | return -EINVAL; |
1926 | |
1927 | csum_replace_by_diff(sum: ptr, diff: to); |
1928 | break; |
1929 | case 2: |
1930 | csum_replace2(sum: ptr, old: from, new: to); |
1931 | break; |
1932 | case 4: |
1933 | csum_replace4(sum: ptr, from, to); |
1934 | break; |
1935 | default: |
1936 | return -EINVAL; |
1937 | } |
1938 | |
1939 | return 0; |
1940 | } |
1941 | |
1942 | static const struct bpf_func_proto bpf_l3_csum_replace_proto = { |
1943 | .func = bpf_l3_csum_replace, |
1944 | .gpl_only = false, |
1945 | .ret_type = RET_INTEGER, |
1946 | .arg1_type = ARG_PTR_TO_CTX, |
1947 | .arg2_type = ARG_ANYTHING, |
1948 | .arg3_type = ARG_ANYTHING, |
1949 | .arg4_type = ARG_ANYTHING, |
1950 | .arg5_type = ARG_ANYTHING, |
1951 | }; |
1952 | |
1953 | BPF_CALL_5(bpf_l4_csum_replace, struct sk_buff *, skb, u32, offset, |
1954 | u64, from, u64, to, u64, flags) |
1955 | { |
1956 | bool is_pseudo = flags & BPF_F_PSEUDO_HDR; |
1957 | bool is_mmzero = flags & BPF_F_MARK_MANGLED_0; |
1958 | bool do_mforce = flags & BPF_F_MARK_ENFORCE; |
1959 | __sum16 *ptr; |
1960 | |
1961 | if (unlikely(flags & ~(BPF_F_MARK_MANGLED_0 | BPF_F_MARK_ENFORCE | |
1962 | BPF_F_PSEUDO_HDR | BPF_F_HDR_FIELD_MASK))) |
1963 | return -EINVAL; |
1964 | if (unlikely(offset > 0xffff || offset & 1)) |
1965 | return -EFAULT; |
1966 | if (unlikely(bpf_try_make_writable(skb, offset + sizeof(*ptr)))) |
1967 | return -EFAULT; |
1968 | |
1969 | ptr = (__sum16 *)(skb->data + offset); |
1970 | if (is_mmzero && !do_mforce && !*ptr) |
1971 | return 0; |
1972 | |
1973 | switch (flags & BPF_F_HDR_FIELD_MASK) { |
1974 | case 0: |
1975 | if (unlikely(from != 0)) |
1976 | return -EINVAL; |
1977 | |
1978 | inet_proto_csum_replace_by_diff(sum: ptr, skb, diff: to, pseudohdr: is_pseudo); |
1979 | break; |
1980 | case 2: |
1981 | inet_proto_csum_replace2(sum: ptr, skb, from, to, pseudohdr: is_pseudo); |
1982 | break; |
1983 | case 4: |
1984 | inet_proto_csum_replace4(sum: ptr, skb, from, to, pseudohdr: is_pseudo); |
1985 | break; |
1986 | default: |
1987 | return -EINVAL; |
1988 | } |
1989 | |
1990 | if (is_mmzero && !*ptr) |
1991 | *ptr = CSUM_MANGLED_0; |
1992 | return 0; |
1993 | } |
1994 | |
1995 | static const struct bpf_func_proto bpf_l4_csum_replace_proto = { |
1996 | .func = bpf_l4_csum_replace, |
1997 | .gpl_only = false, |
1998 | .ret_type = RET_INTEGER, |
1999 | .arg1_type = ARG_PTR_TO_CTX, |
2000 | .arg2_type = ARG_ANYTHING, |
2001 | .arg3_type = ARG_ANYTHING, |
2002 | .arg4_type = ARG_ANYTHING, |
2003 | .arg5_type = ARG_ANYTHING, |
2004 | }; |
2005 | |
2006 | BPF_CALL_5(bpf_csum_diff, __be32 *, from, u32, from_size, |
2007 | __be32 *, to, u32, to_size, __wsum, seed) |
2008 | { |
2009 | struct bpf_scratchpad *sp = this_cpu_ptr(&bpf_sp); |
2010 | u32 diff_size = from_size + to_size; |
2011 | int i, j = 0; |
2012 | |
2013 | /* This is quite flexible, some examples: |
2014 | * |
2015 | * from_size == 0, to_size > 0, seed := csum --> pushing data |
2016 | * from_size > 0, to_size == 0, seed := csum --> pulling data |
2017 | * from_size > 0, to_size > 0, seed := 0 --> diffing data |
2018 | * |
2019 | * Even for diffing, from_size and to_size don't need to be equal. |
2020 | */ |
2021 | if (unlikely(((from_size | to_size) & (sizeof(__be32) - 1)) || |
2022 | diff_size > sizeof(sp->diff))) |
2023 | return -EINVAL; |
2024 | |
2025 | for (i = 0; i < from_size / sizeof(__be32); i++, j++) |
2026 | sp->diff[j] = ~from[i]; |
2027 | for (i = 0; i < to_size / sizeof(__be32); i++, j++) |
2028 | sp->diff[j] = to[i]; |
2029 | |
2030 | return csum_partial(buff: sp->diff, len: diff_size, sum: seed); |
2031 | } |
2032 | |
2033 | static const struct bpf_func_proto bpf_csum_diff_proto = { |
2034 | .func = bpf_csum_diff, |
2035 | .gpl_only = false, |
2036 | .pkt_access = true, |
2037 | .ret_type = RET_INTEGER, |
2038 | .arg1_type = ARG_PTR_TO_MEM | PTR_MAYBE_NULL | MEM_RDONLY, |
2039 | .arg2_type = ARG_CONST_SIZE_OR_ZERO, |
2040 | .arg3_type = ARG_PTR_TO_MEM | PTR_MAYBE_NULL | MEM_RDONLY, |
2041 | .arg4_type = ARG_CONST_SIZE_OR_ZERO, |
2042 | .arg5_type = ARG_ANYTHING, |
2043 | }; |
2044 | |
2045 | BPF_CALL_2(bpf_csum_update, struct sk_buff *, skb, __wsum, csum) |
2046 | { |
2047 | /* The interface is to be used in combination with bpf_csum_diff() |
2048 | * for direct packet writes. csum rotation for alignment as well |
2049 | * as emulating csum_sub() can be done from the eBPF program. |
2050 | */ |
2051 | if (skb->ip_summed == CHECKSUM_COMPLETE) |
2052 | return (skb->csum = csum_add(csum: skb->csum, addend: csum)); |
2053 | |
2054 | return -ENOTSUPP; |
2055 | } |
2056 | |
2057 | static const struct bpf_func_proto bpf_csum_update_proto = { |
2058 | .func = bpf_csum_update, |
2059 | .gpl_only = false, |
2060 | .ret_type = RET_INTEGER, |
2061 | .arg1_type = ARG_PTR_TO_CTX, |
2062 | .arg2_type = ARG_ANYTHING, |
2063 | }; |
2064 | |
2065 | BPF_CALL_2(bpf_csum_level, struct sk_buff *, skb, u64, level) |
2066 | { |
2067 | /* The interface is to be used in combination with bpf_skb_adjust_room() |
2068 | * for encap/decap of packet headers when BPF_F_ADJ_ROOM_NO_CSUM_RESET |
2069 | * is passed as flags, for example. |
2070 | */ |
2071 | switch (level) { |
2072 | case BPF_CSUM_LEVEL_INC: |
2073 | __skb_incr_checksum_unnecessary(skb); |
2074 | break; |
2075 | case BPF_CSUM_LEVEL_DEC: |
2076 | __skb_decr_checksum_unnecessary(skb); |
2077 | break; |
2078 | case BPF_CSUM_LEVEL_RESET: |
2079 | __skb_reset_checksum_unnecessary(skb); |
2080 | break; |
2081 | case BPF_CSUM_LEVEL_QUERY: |
2082 | return skb->ip_summed == CHECKSUM_UNNECESSARY ? |
2083 | skb->csum_level : -EACCES; |
2084 | default: |
2085 | return -EINVAL; |
2086 | } |
2087 | |
2088 | return 0; |
2089 | } |
2090 | |
2091 | static const struct bpf_func_proto bpf_csum_level_proto = { |
2092 | .func = bpf_csum_level, |
2093 | .gpl_only = false, |
2094 | .ret_type = RET_INTEGER, |
2095 | .arg1_type = ARG_PTR_TO_CTX, |
2096 | .arg2_type = ARG_ANYTHING, |
2097 | }; |
2098 | |
2099 | static inline int __bpf_rx_skb(struct net_device *dev, struct sk_buff *skb) |
2100 | { |
2101 | return dev_forward_skb_nomtu(dev, skb); |
2102 | } |
2103 | |
2104 | static inline int __bpf_rx_skb_no_mac(struct net_device *dev, |
2105 | struct sk_buff *skb) |
2106 | { |
2107 | int ret = ____dev_forward_skb(dev, skb, check_mtu: false); |
2108 | |
2109 | if (likely(!ret)) { |
2110 | skb->dev = dev; |
2111 | ret = netif_rx(skb); |
2112 | } |
2113 | |
2114 | return ret; |
2115 | } |
2116 | |
2117 | static inline int __bpf_tx_skb(struct net_device *dev, struct sk_buff *skb) |
2118 | { |
2119 | int ret; |
2120 | |
2121 | if (dev_xmit_recursion()) { |
2122 | net_crit_ratelimited("bpf: recursion limit reached on datapath, buggy bpf program?\n" ); |
2123 | kfree_skb(skb); |
2124 | return -ENETDOWN; |
2125 | } |
2126 | |
2127 | skb->dev = dev; |
2128 | skb_set_redirected_noclear(skb, from_ingress: skb_at_tc_ingress(skb)); |
2129 | skb_clear_tstamp(skb); |
2130 | |
2131 | dev_xmit_recursion_inc(); |
2132 | ret = dev_queue_xmit(skb); |
2133 | dev_xmit_recursion_dec(); |
2134 | |
2135 | return ret; |
2136 | } |
2137 | |
2138 | static int __bpf_redirect_no_mac(struct sk_buff *skb, struct net_device *dev, |
2139 | u32 flags) |
2140 | { |
2141 | unsigned int mlen = skb_network_offset(skb); |
2142 | |
2143 | if (unlikely(skb->len <= mlen)) { |
2144 | kfree_skb(skb); |
2145 | return -ERANGE; |
2146 | } |
2147 | |
2148 | if (mlen) { |
2149 | __skb_pull(skb, len: mlen); |
2150 | |
2151 | /* At ingress, the mac header has already been pulled once. |
2152 | * At egress, skb_pospull_rcsum has to be done in case that |
2153 | * the skb is originated from ingress (i.e. a forwarded skb) |
2154 | * to ensure that rcsum starts at net header. |
2155 | */ |
2156 | if (!skb_at_tc_ingress(skb)) |
2157 | skb_postpull_rcsum(skb, start: skb_mac_header(skb), len: mlen); |
2158 | } |
2159 | skb_pop_mac_header(skb); |
2160 | skb_reset_mac_len(skb); |
2161 | return flags & BPF_F_INGRESS ? |
2162 | __bpf_rx_skb_no_mac(dev, skb) : __bpf_tx_skb(dev, skb); |
2163 | } |
2164 | |
2165 | static int __bpf_redirect_common(struct sk_buff *skb, struct net_device *dev, |
2166 | u32 flags) |
2167 | { |
2168 | /* Verify that a link layer header is carried */ |
2169 | if (unlikely(skb->mac_header >= skb->network_header || skb->len == 0)) { |
2170 | kfree_skb(skb); |
2171 | return -ERANGE; |
2172 | } |
2173 | |
2174 | bpf_push_mac_rcsum(skb); |
2175 | return flags & BPF_F_INGRESS ? |
2176 | __bpf_rx_skb(dev, skb) : __bpf_tx_skb(dev, skb); |
2177 | } |
2178 | |
2179 | static int __bpf_redirect(struct sk_buff *skb, struct net_device *dev, |
2180 | u32 flags) |
2181 | { |
2182 | if (dev_is_mac_header_xmit(dev)) |
2183 | return __bpf_redirect_common(skb, dev, flags); |
2184 | else |
2185 | return __bpf_redirect_no_mac(skb, dev, flags); |
2186 | } |
2187 | |
2188 | #if IS_ENABLED(CONFIG_IPV6) |
2189 | static int bpf_out_neigh_v6(struct net *net, struct sk_buff *skb, |
2190 | struct net_device *dev, struct bpf_nh_params *nh) |
2191 | { |
2192 | u32 hh_len = LL_RESERVED_SPACE(dev); |
2193 | const struct in6_addr *nexthop; |
2194 | struct dst_entry *dst = NULL; |
2195 | struct neighbour *neigh; |
2196 | |
2197 | if (dev_xmit_recursion()) { |
2198 | net_crit_ratelimited("bpf: recursion limit reached on datapath, buggy bpf program?\n" ); |
2199 | goto out_drop; |
2200 | } |
2201 | |
2202 | skb->dev = dev; |
2203 | skb_clear_tstamp(skb); |
2204 | |
2205 | if (unlikely(skb_headroom(skb) < hh_len && dev->header_ops)) { |
2206 | skb = skb_expand_head(skb, headroom: hh_len); |
2207 | if (!skb) |
2208 | return -ENOMEM; |
2209 | } |
2210 | |
2211 | rcu_read_lock(); |
2212 | if (!nh) { |
2213 | dst = skb_dst(skb); |
2214 | nexthop = rt6_nexthop(container_of(dst, struct rt6_info, dst), |
2215 | daddr: &ipv6_hdr(skb)->daddr); |
2216 | } else { |
2217 | nexthop = &nh->ipv6_nh; |
2218 | } |
2219 | neigh = ip_neigh_gw6(dev, addr: nexthop); |
2220 | if (likely(!IS_ERR(neigh))) { |
2221 | int ret; |
2222 | |
2223 | sock_confirm_neigh(skb, n: neigh); |
2224 | local_bh_disable(); |
2225 | dev_xmit_recursion_inc(); |
2226 | ret = neigh_output(n: neigh, skb, skip_cache: false); |
2227 | dev_xmit_recursion_dec(); |
2228 | local_bh_enable(); |
2229 | rcu_read_unlock(); |
2230 | return ret; |
2231 | } |
2232 | rcu_read_unlock_bh(); |
2233 | if (dst) |
2234 | IP6_INC_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTNOROUTES); |
2235 | out_drop: |
2236 | kfree_skb(skb); |
2237 | return -ENETDOWN; |
2238 | } |
2239 | |
2240 | static int __bpf_redirect_neigh_v6(struct sk_buff *skb, struct net_device *dev, |
2241 | struct bpf_nh_params *nh) |
2242 | { |
2243 | const struct ipv6hdr *ip6h = ipv6_hdr(skb); |
2244 | struct net *net = dev_net(dev); |
2245 | int err, ret = NET_XMIT_DROP; |
2246 | |
2247 | if (!nh) { |
2248 | struct dst_entry *dst; |
2249 | struct flowi6 fl6 = { |
2250 | .flowi6_flags = FLOWI_FLAG_ANYSRC, |
2251 | .flowi6_mark = skb->mark, |
2252 | .flowlabel = ip6_flowinfo(hdr: ip6h), |
2253 | .flowi6_oif = dev->ifindex, |
2254 | .flowi6_proto = ip6h->nexthdr, |
2255 | .daddr = ip6h->daddr, |
2256 | .saddr = ip6h->saddr, |
2257 | }; |
2258 | |
2259 | dst = ipv6_stub->ipv6_dst_lookup_flow(net, NULL, &fl6, NULL); |
2260 | if (IS_ERR(ptr: dst)) |
2261 | goto out_drop; |
2262 | |
2263 | skb_dst_set(skb, dst); |
2264 | } else if (nh->nh_family != AF_INET6) { |
2265 | goto out_drop; |
2266 | } |
2267 | |
2268 | err = bpf_out_neigh_v6(net, skb, dev, nh); |
2269 | if (unlikely(net_xmit_eval(err))) |
2270 | dev->stats.tx_errors++; |
2271 | else |
2272 | ret = NET_XMIT_SUCCESS; |
2273 | goto out_xmit; |
2274 | out_drop: |
2275 | dev->stats.tx_errors++; |
2276 | kfree_skb(skb); |
2277 | out_xmit: |
2278 | return ret; |
2279 | } |
2280 | #else |
2281 | static int __bpf_redirect_neigh_v6(struct sk_buff *skb, struct net_device *dev, |
2282 | struct bpf_nh_params *nh) |
2283 | { |
2284 | kfree_skb(skb); |
2285 | return NET_XMIT_DROP; |
2286 | } |
2287 | #endif /* CONFIG_IPV6 */ |
2288 | |
2289 | #if IS_ENABLED(CONFIG_INET) |
2290 | static int bpf_out_neigh_v4(struct net *net, struct sk_buff *skb, |
2291 | struct net_device *dev, struct bpf_nh_params *nh) |
2292 | { |
2293 | u32 hh_len = LL_RESERVED_SPACE(dev); |
2294 | struct neighbour *neigh; |
2295 | bool is_v6gw = false; |
2296 | |
2297 | if (dev_xmit_recursion()) { |
2298 | net_crit_ratelimited("bpf: recursion limit reached on datapath, buggy bpf program?\n" ); |
2299 | goto out_drop; |
2300 | } |
2301 | |
2302 | skb->dev = dev; |
2303 | skb_clear_tstamp(skb); |
2304 | |
2305 | if (unlikely(skb_headroom(skb) < hh_len && dev->header_ops)) { |
2306 | skb = skb_expand_head(skb, headroom: hh_len); |
2307 | if (!skb) |
2308 | return -ENOMEM; |
2309 | } |
2310 | |
2311 | rcu_read_lock(); |
2312 | if (!nh) { |
2313 | struct dst_entry *dst = skb_dst(skb); |
2314 | struct rtable *rt = container_of(dst, struct rtable, dst); |
2315 | |
2316 | neigh = ip_neigh_for_gw(rt, skb, is_v6gw: &is_v6gw); |
2317 | } else if (nh->nh_family == AF_INET6) { |
2318 | neigh = ip_neigh_gw6(dev, addr: &nh->ipv6_nh); |
2319 | is_v6gw = true; |
2320 | } else if (nh->nh_family == AF_INET) { |
2321 | neigh = ip_neigh_gw4(dev, daddr: nh->ipv4_nh); |
2322 | } else { |
2323 | rcu_read_unlock(); |
2324 | goto out_drop; |
2325 | } |
2326 | |
2327 | if (likely(!IS_ERR(neigh))) { |
2328 | int ret; |
2329 | |
2330 | sock_confirm_neigh(skb, n: neigh); |
2331 | local_bh_disable(); |
2332 | dev_xmit_recursion_inc(); |
2333 | ret = neigh_output(n: neigh, skb, skip_cache: is_v6gw); |
2334 | dev_xmit_recursion_dec(); |
2335 | local_bh_enable(); |
2336 | rcu_read_unlock(); |
2337 | return ret; |
2338 | } |
2339 | rcu_read_unlock(); |
2340 | out_drop: |
2341 | kfree_skb(skb); |
2342 | return -ENETDOWN; |
2343 | } |
2344 | |
2345 | static int __bpf_redirect_neigh_v4(struct sk_buff *skb, struct net_device *dev, |
2346 | struct bpf_nh_params *nh) |
2347 | { |
2348 | const struct iphdr *ip4h = ip_hdr(skb); |
2349 | struct net *net = dev_net(dev); |
2350 | int err, ret = NET_XMIT_DROP; |
2351 | |
2352 | if (!nh) { |
2353 | struct flowi4 fl4 = { |
2354 | .flowi4_flags = FLOWI_FLAG_ANYSRC, |
2355 | .flowi4_mark = skb->mark, |
2356 | .flowi4_tos = RT_TOS(ip4h->tos), |
2357 | .flowi4_oif = dev->ifindex, |
2358 | .flowi4_proto = ip4h->protocol, |
2359 | .daddr = ip4h->daddr, |
2360 | .saddr = ip4h->saddr, |
2361 | }; |
2362 | struct rtable *rt; |
2363 | |
2364 | rt = ip_route_output_flow(net, flp: &fl4, NULL); |
2365 | if (IS_ERR(ptr: rt)) |
2366 | goto out_drop; |
2367 | if (rt->rt_type != RTN_UNICAST && rt->rt_type != RTN_LOCAL) { |
2368 | ip_rt_put(rt); |
2369 | goto out_drop; |
2370 | } |
2371 | |
2372 | skb_dst_set(skb, dst: &rt->dst); |
2373 | } |
2374 | |
2375 | err = bpf_out_neigh_v4(net, skb, dev, nh); |
2376 | if (unlikely(net_xmit_eval(err))) |
2377 | dev->stats.tx_errors++; |
2378 | else |
2379 | ret = NET_XMIT_SUCCESS; |
2380 | goto out_xmit; |
2381 | out_drop: |
2382 | dev->stats.tx_errors++; |
2383 | kfree_skb(skb); |
2384 | out_xmit: |
2385 | return ret; |
2386 | } |
2387 | #else |
2388 | static int __bpf_redirect_neigh_v4(struct sk_buff *skb, struct net_device *dev, |
2389 | struct bpf_nh_params *nh) |
2390 | { |
2391 | kfree_skb(skb); |
2392 | return NET_XMIT_DROP; |
2393 | } |
2394 | #endif /* CONFIG_INET */ |
2395 | |
2396 | static int __bpf_redirect_neigh(struct sk_buff *skb, struct net_device *dev, |
2397 | struct bpf_nh_params *nh) |
2398 | { |
2399 | struct ethhdr *ethh = eth_hdr(skb); |
2400 | |
2401 | if (unlikely(skb->mac_header >= skb->network_header)) |
2402 | goto out; |
2403 | bpf_push_mac_rcsum(skb); |
2404 | if (is_multicast_ether_addr(addr: ethh->h_dest)) |
2405 | goto out; |
2406 | |
2407 | skb_pull(skb, len: sizeof(*ethh)); |
2408 | skb_unset_mac_header(skb); |
2409 | skb_reset_network_header(skb); |
2410 | |
2411 | if (skb->protocol == htons(ETH_P_IP)) |
2412 | return __bpf_redirect_neigh_v4(skb, dev, nh); |
2413 | else if (skb->protocol == htons(ETH_P_IPV6)) |
2414 | return __bpf_redirect_neigh_v6(skb, dev, nh); |
2415 | out: |
2416 | kfree_skb(skb); |
2417 | return -ENOTSUPP; |
2418 | } |
2419 | |
2420 | /* Internal, non-exposed redirect flags. */ |
2421 | enum { |
2422 | BPF_F_NEIGH = (1ULL << 1), |
2423 | BPF_F_PEER = (1ULL << 2), |
2424 | BPF_F_NEXTHOP = (1ULL << 3), |
2425 | #define BPF_F_REDIRECT_INTERNAL (BPF_F_NEIGH | BPF_F_PEER | BPF_F_NEXTHOP) |
2426 | }; |
2427 | |
2428 | BPF_CALL_3(bpf_clone_redirect, struct sk_buff *, skb, u32, ifindex, u64, flags) |
2429 | { |
2430 | struct net_device *dev; |
2431 | struct sk_buff *clone; |
2432 | int ret; |
2433 | |
2434 | if (unlikely(flags & (~(BPF_F_INGRESS) | BPF_F_REDIRECT_INTERNAL))) |
2435 | return -EINVAL; |
2436 | |
2437 | dev = dev_get_by_index_rcu(net: dev_net(dev: skb->dev), ifindex); |
2438 | if (unlikely(!dev)) |
2439 | return -EINVAL; |
2440 | |
2441 | clone = skb_clone(skb, GFP_ATOMIC); |
2442 | if (unlikely(!clone)) |
2443 | return -ENOMEM; |
2444 | |
2445 | /* For direct write, we need to keep the invariant that the skbs |
2446 | * we're dealing with need to be uncloned. Should uncloning fail |
2447 | * here, we need to free the just generated clone to unclone once |
2448 | * again. |
2449 | */ |
2450 | ret = bpf_try_make_head_writable(skb); |
2451 | if (unlikely(ret)) { |
2452 | kfree_skb(skb: clone); |
2453 | return -ENOMEM; |
2454 | } |
2455 | |
2456 | return __bpf_redirect(skb: clone, dev, flags); |
2457 | } |
2458 | |
2459 | static const struct bpf_func_proto bpf_clone_redirect_proto = { |
2460 | .func = bpf_clone_redirect, |
2461 | .gpl_only = false, |
2462 | .ret_type = RET_INTEGER, |
2463 | .arg1_type = ARG_PTR_TO_CTX, |
2464 | .arg2_type = ARG_ANYTHING, |
2465 | .arg3_type = ARG_ANYTHING, |
2466 | }; |
2467 | |
2468 | DEFINE_PER_CPU(struct bpf_redirect_info, bpf_redirect_info); |
2469 | EXPORT_PER_CPU_SYMBOL_GPL(bpf_redirect_info); |
2470 | |
2471 | int skb_do_redirect(struct sk_buff *skb) |
2472 | { |
2473 | struct bpf_redirect_info *ri = this_cpu_ptr(&bpf_redirect_info); |
2474 | struct net *net = dev_net(dev: skb->dev); |
2475 | struct net_device *dev; |
2476 | u32 flags = ri->flags; |
2477 | |
2478 | dev = dev_get_by_index_rcu(net, ifindex: ri->tgt_index); |
2479 | ri->tgt_index = 0; |
2480 | ri->flags = 0; |
2481 | if (unlikely(!dev)) |
2482 | goto out_drop; |
2483 | if (flags & BPF_F_PEER) { |
2484 | const struct net_device_ops *ops = dev->netdev_ops; |
2485 | |
2486 | if (unlikely(!ops->ndo_get_peer_dev || |
2487 | !skb_at_tc_ingress(skb))) |
2488 | goto out_drop; |
2489 | dev = ops->ndo_get_peer_dev(dev); |
2490 | if (unlikely(!dev || |
2491 | !(dev->flags & IFF_UP) || |
2492 | net_eq(net, dev_net(dev)))) |
2493 | goto out_drop; |
2494 | skb->dev = dev; |
2495 | return -EAGAIN; |
2496 | } |
2497 | return flags & BPF_F_NEIGH ? |
2498 | __bpf_redirect_neigh(skb, dev, nh: flags & BPF_F_NEXTHOP ? |
2499 | &ri->nh : NULL) : |
2500 | __bpf_redirect(skb, dev, flags); |
2501 | out_drop: |
2502 | kfree_skb(skb); |
2503 | return -EINVAL; |
2504 | } |
2505 | |
2506 | BPF_CALL_2(bpf_redirect, u32, ifindex, u64, flags) |
2507 | { |
2508 | struct bpf_redirect_info *ri = this_cpu_ptr(&bpf_redirect_info); |
2509 | |
2510 | if (unlikely(flags & (~(BPF_F_INGRESS) | BPF_F_REDIRECT_INTERNAL))) |
2511 | return TC_ACT_SHOT; |
2512 | |
2513 | ri->flags = flags; |
2514 | ri->tgt_index = ifindex; |
2515 | |
2516 | return TC_ACT_REDIRECT; |
2517 | } |
2518 | |
2519 | static const struct bpf_func_proto bpf_redirect_proto = { |
2520 | .func = bpf_redirect, |
2521 | .gpl_only = false, |
2522 | .ret_type = RET_INTEGER, |
2523 | .arg1_type = ARG_ANYTHING, |
2524 | .arg2_type = ARG_ANYTHING, |
2525 | }; |
2526 | |
2527 | BPF_CALL_2(bpf_redirect_peer, u32, ifindex, u64, flags) |
2528 | { |
2529 | struct bpf_redirect_info *ri = this_cpu_ptr(&bpf_redirect_info); |
2530 | |
2531 | if (unlikely(flags)) |
2532 | return TC_ACT_SHOT; |
2533 | |
2534 | ri->flags = BPF_F_PEER; |
2535 | ri->tgt_index = ifindex; |
2536 | |
2537 | return TC_ACT_REDIRECT; |
2538 | } |
2539 | |
2540 | static const struct bpf_func_proto bpf_redirect_peer_proto = { |
2541 | .func = bpf_redirect_peer, |
2542 | .gpl_only = false, |
2543 | .ret_type = RET_INTEGER, |
2544 | .arg1_type = ARG_ANYTHING, |
2545 | .arg2_type = ARG_ANYTHING, |
2546 | }; |
2547 | |
2548 | BPF_CALL_4(bpf_redirect_neigh, u32, ifindex, struct bpf_redir_neigh *, params, |
2549 | int, plen, u64, flags) |
2550 | { |
2551 | struct bpf_redirect_info *ri = this_cpu_ptr(&bpf_redirect_info); |
2552 | |
2553 | if (unlikely((plen && plen < sizeof(*params)) || flags)) |
2554 | return TC_ACT_SHOT; |
2555 | |
2556 | ri->flags = BPF_F_NEIGH | (plen ? BPF_F_NEXTHOP : 0); |
2557 | ri->tgt_index = ifindex; |
2558 | |
2559 | BUILD_BUG_ON(sizeof(struct bpf_redir_neigh) != sizeof(struct bpf_nh_params)); |
2560 | if (plen) |
2561 | memcpy(&ri->nh, params, sizeof(ri->nh)); |
2562 | |
2563 | return TC_ACT_REDIRECT; |
2564 | } |
2565 | |
2566 | static const struct bpf_func_proto bpf_redirect_neigh_proto = { |
2567 | .func = bpf_redirect_neigh, |
2568 | .gpl_only = false, |
2569 | .ret_type = RET_INTEGER, |
2570 | .arg1_type = ARG_ANYTHING, |
2571 | .arg2_type = ARG_PTR_TO_MEM | PTR_MAYBE_NULL | MEM_RDONLY, |
2572 | .arg3_type = ARG_CONST_SIZE_OR_ZERO, |
2573 | .arg4_type = ARG_ANYTHING, |
2574 | }; |
2575 | |
2576 | BPF_CALL_2(bpf_msg_apply_bytes, struct sk_msg *, msg, u32, bytes) |
2577 | { |
2578 | msg->apply_bytes = bytes; |
2579 | return 0; |
2580 | } |
2581 | |
2582 | static const struct bpf_func_proto bpf_msg_apply_bytes_proto = { |
2583 | .func = bpf_msg_apply_bytes, |
2584 | .gpl_only = false, |
2585 | .ret_type = RET_INTEGER, |
2586 | .arg1_type = ARG_PTR_TO_CTX, |
2587 | .arg2_type = ARG_ANYTHING, |
2588 | }; |
2589 | |
2590 | BPF_CALL_2(bpf_msg_cork_bytes, struct sk_msg *, msg, u32, bytes) |
2591 | { |
2592 | msg->cork_bytes = bytes; |
2593 | return 0; |
2594 | } |
2595 | |
2596 | static const struct bpf_func_proto bpf_msg_cork_bytes_proto = { |
2597 | .func = bpf_msg_cork_bytes, |
2598 | .gpl_only = false, |
2599 | .ret_type = RET_INTEGER, |
2600 | .arg1_type = ARG_PTR_TO_CTX, |
2601 | .arg2_type = ARG_ANYTHING, |
2602 | }; |
2603 | |
2604 | BPF_CALL_4(bpf_msg_pull_data, struct sk_msg *, msg, u32, start, |
2605 | u32, end, u64, flags) |
2606 | { |
2607 | u32 len = 0, offset = 0, copy = 0, poffset = 0, bytes = end - start; |
2608 | u32 first_sge, last_sge, i, shift, bytes_sg_total; |
2609 | struct scatterlist *sge; |
2610 | u8 *raw, *to, *from; |
2611 | struct page *page; |
2612 | |
2613 | if (unlikely(flags || end <= start)) |
2614 | return -EINVAL; |
2615 | |
2616 | /* First find the starting scatterlist element */ |
2617 | i = msg->sg.start; |
2618 | do { |
2619 | offset += len; |
2620 | len = sk_msg_elem(msg, which: i)->length; |
2621 | if (start < offset + len) |
2622 | break; |
2623 | sk_msg_iter_var_next(i); |
2624 | } while (i != msg->sg.end); |
2625 | |
2626 | if (unlikely(start >= offset + len)) |
2627 | return -EINVAL; |
2628 | |
2629 | first_sge = i; |
2630 | /* The start may point into the sg element so we need to also |
2631 | * account for the headroom. |
2632 | */ |
2633 | bytes_sg_total = start - offset + bytes; |
2634 | if (!test_bit(i, msg->sg.copy) && bytes_sg_total <= len) |
2635 | goto out; |
2636 | |
2637 | /* At this point we need to linearize multiple scatterlist |
2638 | * elements or a single shared page. Either way we need to |
2639 | * copy into a linear buffer exclusively owned by BPF. Then |
2640 | * place the buffer in the scatterlist and fixup the original |
2641 | * entries by removing the entries now in the linear buffer |
2642 | * and shifting the remaining entries. For now we do not try |
2643 | * to copy partial entries to avoid complexity of running out |
2644 | * of sg_entry slots. The downside is reading a single byte |
2645 | * will copy the entire sg entry. |
2646 | */ |
2647 | do { |
2648 | copy += sk_msg_elem(msg, which: i)->length; |
2649 | sk_msg_iter_var_next(i); |
2650 | if (bytes_sg_total <= copy) |
2651 | break; |
2652 | } while (i != msg->sg.end); |
2653 | last_sge = i; |
2654 | |
2655 | if (unlikely(bytes_sg_total > copy)) |
2656 | return -EINVAL; |
2657 | |
2658 | page = alloc_pages(__GFP_NOWARN | GFP_ATOMIC | __GFP_COMP, |
2659 | order: get_order(size: copy)); |
2660 | if (unlikely(!page)) |
2661 | return -ENOMEM; |
2662 | |
2663 | raw = page_address(page); |
2664 | i = first_sge; |
2665 | do { |
2666 | sge = sk_msg_elem(msg, which: i); |
2667 | from = sg_virt(sg: sge); |
2668 | len = sge->length; |
2669 | to = raw + poffset; |
2670 | |
2671 | memcpy(to, from, len); |
2672 | poffset += len; |
2673 | sge->length = 0; |
2674 | put_page(page: sg_page(sg: sge)); |
2675 | |
2676 | sk_msg_iter_var_next(i); |
2677 | } while (i != last_sge); |
2678 | |
2679 | sg_set_page(sg: &msg->sg.data[first_sge], page, len: copy, offset: 0); |
2680 | |
2681 | /* To repair sg ring we need to shift entries. If we only |
2682 | * had a single entry though we can just replace it and |
2683 | * be done. Otherwise walk the ring and shift the entries. |
2684 | */ |
2685 | WARN_ON_ONCE(last_sge == first_sge); |
2686 | shift = last_sge > first_sge ? |
2687 | last_sge - first_sge - 1 : |
2688 | NR_MSG_FRAG_IDS - first_sge + last_sge - 1; |
2689 | if (!shift) |
2690 | goto out; |
2691 | |
2692 | i = first_sge; |
2693 | sk_msg_iter_var_next(i); |
2694 | do { |
2695 | u32 move_from; |
2696 | |
2697 | if (i + shift >= NR_MSG_FRAG_IDS) |
2698 | move_from = i + shift - NR_MSG_FRAG_IDS; |
2699 | else |
2700 | move_from = i + shift; |
2701 | if (move_from == msg->sg.end) |
2702 | break; |
2703 | |
2704 | msg->sg.data[i] = msg->sg.data[move_from]; |
2705 | msg->sg.data[move_from].length = 0; |
2706 | msg->sg.data[move_from].page_link = 0; |
2707 | msg->sg.data[move_from].offset = 0; |
2708 | sk_msg_iter_var_next(i); |
2709 | } while (1); |
2710 | |
2711 | msg->sg.end = msg->sg.end - shift > msg->sg.end ? |
2712 | msg->sg.end - shift + NR_MSG_FRAG_IDS : |
2713 | msg->sg.end - shift; |
2714 | out: |
2715 | msg->data = sg_virt(sg: &msg->sg.data[first_sge]) + start - offset; |
2716 | msg->data_end = msg->data + bytes; |
2717 | return 0; |
2718 | } |
2719 | |
2720 | static const struct bpf_func_proto bpf_msg_pull_data_proto = { |
2721 | .func = bpf_msg_pull_data, |
2722 | .gpl_only = false, |
2723 | .ret_type = RET_INTEGER, |
2724 | .arg1_type = ARG_PTR_TO_CTX, |
2725 | .arg2_type = ARG_ANYTHING, |
2726 | .arg3_type = ARG_ANYTHING, |
2727 | .arg4_type = ARG_ANYTHING, |
2728 | }; |
2729 | |
2730 | BPF_CALL_4(bpf_msg_push_data, struct sk_msg *, msg, u32, start, |
2731 | u32, len, u64, flags) |
2732 | { |
2733 | struct scatterlist sge, nsge, nnsge, rsge = {0}, *psge; |
2734 | u32 new, i = 0, l = 0, space, copy = 0, offset = 0; |
2735 | u8 *raw, *to, *from; |
2736 | struct page *page; |
2737 | |
2738 | if (unlikely(flags)) |
2739 | return -EINVAL; |
2740 | |
2741 | if (unlikely(len == 0)) |
2742 | return 0; |
2743 | |
2744 | /* First find the starting scatterlist element */ |
2745 | i = msg->sg.start; |
2746 | do { |
2747 | offset += l; |
2748 | l = sk_msg_elem(msg, which: i)->length; |
2749 | |
2750 | if (start < offset + l) |
2751 | break; |
2752 | sk_msg_iter_var_next(i); |
2753 | } while (i != msg->sg.end); |
2754 | |
2755 | if (start >= offset + l) |
2756 | return -EINVAL; |
2757 | |
2758 | space = MAX_MSG_FRAGS - sk_msg_elem_used(msg); |
2759 | |
2760 | /* If no space available will fallback to copy, we need at |
2761 | * least one scatterlist elem available to push data into |
2762 | * when start aligns to the beginning of an element or two |
2763 | * when it falls inside an element. We handle the start equals |
2764 | * offset case because its the common case for inserting a |
2765 | * header. |
2766 | */ |
2767 | if (!space || (space == 1 && start != offset)) |
2768 | copy = msg->sg.data[i].length; |
2769 | |
2770 | page = alloc_pages(__GFP_NOWARN | GFP_ATOMIC | __GFP_COMP, |
2771 | order: get_order(size: copy + len)); |
2772 | if (unlikely(!page)) |
2773 | return -ENOMEM; |
2774 | |
2775 | if (copy) { |
2776 | int front, back; |
2777 | |
2778 | raw = page_address(page); |
2779 | |
2780 | psge = sk_msg_elem(msg, which: i); |
2781 | front = start - offset; |
2782 | back = psge->length - front; |
2783 | from = sg_virt(sg: psge); |
2784 | |
2785 | if (front) |
2786 | memcpy(raw, from, front); |
2787 | |
2788 | if (back) { |
2789 | from += front; |
2790 | to = raw + front + len; |
2791 | |
2792 | memcpy(to, from, back); |
2793 | } |
2794 | |
2795 | put_page(page: sg_page(sg: psge)); |
2796 | } else if (start - offset) { |
2797 | psge = sk_msg_elem(msg, which: i); |
2798 | rsge = sk_msg_elem_cpy(msg, which: i); |
2799 | |
2800 | psge->length = start - offset; |
2801 | rsge.length -= psge->length; |
2802 | rsge.offset += start; |
2803 | |
2804 | sk_msg_iter_var_next(i); |
2805 | sg_unmark_end(sg: psge); |
2806 | sg_unmark_end(sg: &rsge); |
2807 | sk_msg_iter_next(msg, end); |
2808 | } |
2809 | |
2810 | /* Slot(s) to place newly allocated data */ |
2811 | new = i; |
2812 | |
2813 | /* Shift one or two slots as needed */ |
2814 | if (!copy) { |
2815 | sge = sk_msg_elem_cpy(msg, which: i); |
2816 | |
2817 | sk_msg_iter_var_next(i); |
2818 | sg_unmark_end(sg: &sge); |
2819 | sk_msg_iter_next(msg, end); |
2820 | |
2821 | nsge = sk_msg_elem_cpy(msg, which: i); |
2822 | if (rsge.length) { |
2823 | sk_msg_iter_var_next(i); |
2824 | nnsge = sk_msg_elem_cpy(msg, which: i); |
2825 | } |
2826 | |
2827 | while (i != msg->sg.end) { |
2828 | msg->sg.data[i] = sge; |
2829 | sge = nsge; |
2830 | sk_msg_iter_var_next(i); |
2831 | if (rsge.length) { |
2832 | nsge = nnsge; |
2833 | nnsge = sk_msg_elem_cpy(msg, which: i); |
2834 | } else { |
2835 | nsge = sk_msg_elem_cpy(msg, which: i); |
2836 | } |
2837 | } |
2838 | } |
2839 | |
2840 | /* Place newly allocated data buffer */ |
2841 | sk_mem_charge(sk: msg->sk, size: len); |
2842 | msg->sg.size += len; |
2843 | __clear_bit(new, msg->sg.copy); |
2844 | sg_set_page(sg: &msg->sg.data[new], page, len: len + copy, offset: 0); |
2845 | if (rsge.length) { |
2846 | get_page(page: sg_page(sg: &rsge)); |
2847 | sk_msg_iter_var_next(new); |
2848 | msg->sg.data[new] = rsge; |
2849 | } |
2850 | |
2851 | sk_msg_compute_data_pointers(msg); |
2852 | return 0; |
2853 | } |
2854 | |
2855 | static const struct bpf_func_proto bpf_msg_push_data_proto = { |
2856 | .func = bpf_msg_push_data, |
2857 | .gpl_only = false, |
2858 | .ret_type = RET_INTEGER, |
2859 | .arg1_type = ARG_PTR_TO_CTX, |
2860 | .arg2_type = ARG_ANYTHING, |
2861 | .arg3_type = ARG_ANYTHING, |
2862 | .arg4_type = ARG_ANYTHING, |
2863 | }; |
2864 | |
2865 | static void sk_msg_shift_left(struct sk_msg *msg, int i) |
2866 | { |
2867 | int prev; |
2868 | |
2869 | do { |
2870 | prev = i; |
2871 | sk_msg_iter_var_next(i); |
2872 | msg->sg.data[prev] = msg->sg.data[i]; |
2873 | } while (i != msg->sg.end); |
2874 | |
2875 | sk_msg_iter_prev(msg, end); |
2876 | } |
2877 | |
2878 | static void sk_msg_shift_right(struct sk_msg *msg, int i) |
2879 | { |
2880 | struct scatterlist tmp, sge; |
2881 | |
2882 | sk_msg_iter_next(msg, end); |
2883 | sge = sk_msg_elem_cpy(msg, which: i); |
2884 | sk_msg_iter_var_next(i); |
2885 | tmp = sk_msg_elem_cpy(msg, which: i); |
2886 | |
2887 | while (i != msg->sg.end) { |
2888 | msg->sg.data[i] = sge; |
2889 | sk_msg_iter_var_next(i); |
2890 | sge = tmp; |
2891 | tmp = sk_msg_elem_cpy(msg, which: i); |
2892 | } |
2893 | } |
2894 | |
2895 | BPF_CALL_4(bpf_msg_pop_data, struct sk_msg *, msg, u32, start, |
2896 | u32, len, u64, flags) |
2897 | { |
2898 | u32 i = 0, l = 0, space, offset = 0; |
2899 | u64 last = start + len; |
2900 | int pop; |
2901 | |
2902 | if (unlikely(flags)) |
2903 | return -EINVAL; |
2904 | |
2905 | /* First find the starting scatterlist element */ |
2906 | i = msg->sg.start; |
2907 | do { |
2908 | offset += l; |
2909 | l = sk_msg_elem(msg, which: i)->length; |
2910 | |
2911 | if (start < offset + l) |
2912 | break; |
2913 | sk_msg_iter_var_next(i); |
2914 | } while (i != msg->sg.end); |
2915 | |
2916 | /* Bounds checks: start and pop must be inside message */ |
2917 | if (start >= offset + l || last >= msg->sg.size) |
2918 | return -EINVAL; |
2919 | |
2920 | space = MAX_MSG_FRAGS - sk_msg_elem_used(msg); |
2921 | |
2922 | pop = len; |
2923 | /* --------------| offset |
2924 | * -| start |-------- len -------| |
2925 | * |
2926 | * |----- a ----|-------- pop -------|----- b ----| |
2927 | * |______________________________________________| length |
2928 | * |
2929 | * |
2930 | * a: region at front of scatter element to save |
2931 | * b: region at back of scatter element to save when length > A + pop |
2932 | * pop: region to pop from element, same as input 'pop' here will be |
2933 | * decremented below per iteration. |
2934 | * |
2935 | * Two top-level cases to handle when start != offset, first B is non |
2936 | * zero and second B is zero corresponding to when a pop includes more |
2937 | * than one element. |
2938 | * |
2939 | * Then if B is non-zero AND there is no space allocate space and |
2940 | * compact A, B regions into page. If there is space shift ring to |
2941 | * the rigth free'ing the next element in ring to place B, leaving |
2942 | * A untouched except to reduce length. |
2943 | */ |
2944 | if (start != offset) { |
2945 | struct scatterlist *nsge, *sge = sk_msg_elem(msg, which: i); |
2946 | int a = start; |
2947 | int b = sge->length - pop - a; |
2948 | |
2949 | sk_msg_iter_var_next(i); |
2950 | |
2951 | if (pop < sge->length - a) { |
2952 | if (space) { |
2953 | sge->length = a; |
2954 | sk_msg_shift_right(msg, i); |
2955 | nsge = sk_msg_elem(msg, which: i); |
2956 | get_page(page: sg_page(sg: sge)); |
2957 | sg_set_page(sg: nsge, |
2958 | page: sg_page(sg: sge), |
2959 | len: b, offset: sge->offset + pop + a); |
2960 | } else { |
2961 | struct page *page, *orig; |
2962 | u8 *to, *from; |
2963 | |
2964 | page = alloc_pages(__GFP_NOWARN | |
2965 | __GFP_COMP | GFP_ATOMIC, |
2966 | order: get_order(size: a + b)); |
2967 | if (unlikely(!page)) |
2968 | return -ENOMEM; |
2969 | |
2970 | sge->length = a; |
2971 | orig = sg_page(sg: sge); |
2972 | from = sg_virt(sg: sge); |
2973 | to = page_address(page); |
2974 | memcpy(to, from, a); |
2975 | memcpy(to + a, from + a + pop, b); |
2976 | sg_set_page(sg: sge, page, len: a + b, offset: 0); |
2977 | put_page(page: orig); |
2978 | } |
2979 | pop = 0; |
2980 | } else if (pop >= sge->length - a) { |
2981 | pop -= (sge->length - a); |
2982 | sge->length = a; |
2983 | } |
2984 | } |
2985 | |
2986 | /* From above the current layout _must_ be as follows, |
2987 | * |
2988 | * -| offset |
2989 | * -| start |
2990 | * |
2991 | * |---- pop ---|---------------- b ------------| |
2992 | * |____________________________________________| length |
2993 | * |
2994 | * Offset and start of the current msg elem are equal because in the |
2995 | * previous case we handled offset != start and either consumed the |
2996 | * entire element and advanced to the next element OR pop == 0. |
2997 | * |
2998 | * Two cases to handle here are first pop is less than the length |
2999 | * leaving some remainder b above. Simply adjust the element's layout |
3000 | * in this case. Or pop >= length of the element so that b = 0. In this |
3001 | * case advance to next element decrementing pop. |
3002 | */ |
3003 | while (pop) { |
3004 | struct scatterlist *sge = sk_msg_elem(msg, which: i); |
3005 | |
3006 | if (pop < sge->length) { |
3007 | sge->length -= pop; |
3008 | sge->offset += pop; |
3009 | pop = 0; |
3010 | } else { |
3011 | pop -= sge->length; |
3012 | sk_msg_shift_left(msg, i); |
3013 | } |
3014 | sk_msg_iter_var_next(i); |
3015 | } |
3016 | |
3017 | sk_mem_uncharge(sk: msg->sk, size: len - pop); |
3018 | msg->sg.size -= (len - pop); |
3019 | sk_msg_compute_data_pointers(msg); |
3020 | return 0; |
3021 | } |
3022 | |
3023 | static const struct bpf_func_proto bpf_msg_pop_data_proto = { |
3024 | .func = bpf_msg_pop_data, |
3025 | .gpl_only = false, |
3026 | .ret_type = RET_INTEGER, |
3027 | .arg1_type = ARG_PTR_TO_CTX, |
3028 | .arg2_type = ARG_ANYTHING, |
3029 | .arg3_type = ARG_ANYTHING, |
3030 | .arg4_type = ARG_ANYTHING, |
3031 | }; |
3032 | |
3033 | #ifdef CONFIG_CGROUP_NET_CLASSID |
3034 | BPF_CALL_0(bpf_get_cgroup_classid_curr) |
3035 | { |
3036 | return __task_get_classid(current); |
3037 | } |
3038 | |
3039 | const struct bpf_func_proto bpf_get_cgroup_classid_curr_proto = { |
3040 | .func = bpf_get_cgroup_classid_curr, |
3041 | .gpl_only = false, |
3042 | .ret_type = RET_INTEGER, |
3043 | }; |
3044 | |
3045 | BPF_CALL_1(bpf_skb_cgroup_classid, const struct sk_buff *, skb) |
3046 | { |
3047 | struct sock *sk = skb_to_full_sk(skb); |
3048 | |
3049 | if (!sk || !sk_fullsock(sk)) |
3050 | return 0; |
3051 | |
3052 | return sock_cgroup_classid(skcd: &sk->sk_cgrp_data); |
3053 | } |
3054 | |
3055 | static const struct bpf_func_proto bpf_skb_cgroup_classid_proto = { |
3056 | .func = bpf_skb_cgroup_classid, |
3057 | .gpl_only = false, |
3058 | .ret_type = RET_INTEGER, |
3059 | .arg1_type = ARG_PTR_TO_CTX, |
3060 | }; |
3061 | #endif |
3062 | |
3063 | BPF_CALL_1(bpf_get_cgroup_classid, const struct sk_buff *, skb) |
3064 | { |
3065 | return task_get_classid(skb); |
3066 | } |
3067 | |
3068 | static const struct bpf_func_proto bpf_get_cgroup_classid_proto = { |
3069 | .func = bpf_get_cgroup_classid, |
3070 | .gpl_only = false, |
3071 | .ret_type = RET_INTEGER, |
3072 | .arg1_type = ARG_PTR_TO_CTX, |
3073 | }; |
3074 | |
3075 | BPF_CALL_1(bpf_get_route_realm, const struct sk_buff *, skb) |
3076 | { |
3077 | return dst_tclassid(skb); |
3078 | } |
3079 | |
3080 | static const struct bpf_func_proto bpf_get_route_realm_proto = { |
3081 | .func = bpf_get_route_realm, |
3082 | .gpl_only = false, |
3083 | .ret_type = RET_INTEGER, |
3084 | .arg1_type = ARG_PTR_TO_CTX, |
3085 | }; |
3086 | |
3087 | BPF_CALL_1(bpf_get_hash_recalc, struct sk_buff *, skb) |
3088 | { |
3089 | /* If skb_clear_hash() was called due to mangling, we can |
3090 | * trigger SW recalculation here. Later access to hash |
3091 | * can then use the inline skb->hash via context directly |
3092 | * instead of calling this helper again. |
3093 | */ |
3094 | return skb_get_hash(skb); |
3095 | } |
3096 | |
3097 | static const struct bpf_func_proto bpf_get_hash_recalc_proto = { |
3098 | .func = bpf_get_hash_recalc, |
3099 | .gpl_only = false, |
3100 | .ret_type = RET_INTEGER, |
3101 | .arg1_type = ARG_PTR_TO_CTX, |
3102 | }; |
3103 | |
3104 | BPF_CALL_1(bpf_set_hash_invalid, struct sk_buff *, skb) |
3105 | { |
3106 | /* After all direct packet write, this can be used once for |
3107 | * triggering a lazy recalc on next skb_get_hash() invocation. |
3108 | */ |
3109 | skb_clear_hash(skb); |
3110 | return 0; |
3111 | } |
3112 | |
3113 | static const struct bpf_func_proto bpf_set_hash_invalid_proto = { |
3114 | .func = bpf_set_hash_invalid, |
3115 | .gpl_only = false, |
3116 | .ret_type = RET_INTEGER, |
3117 | .arg1_type = ARG_PTR_TO_CTX, |
3118 | }; |
3119 | |
3120 | BPF_CALL_2(bpf_set_hash, struct sk_buff *, skb, u32, hash) |
3121 | { |
3122 | /* Set user specified hash as L4(+), so that it gets returned |
3123 | * on skb_get_hash() call unless BPF prog later on triggers a |
3124 | * skb_clear_hash(). |
3125 | */ |
3126 | __skb_set_sw_hash(skb, hash, is_l4: true); |
3127 | return 0; |
3128 | } |
3129 | |
3130 | static const struct bpf_func_proto bpf_set_hash_proto = { |
3131 | .func = bpf_set_hash, |
3132 | .gpl_only = false, |
3133 | .ret_type = RET_INTEGER, |
3134 | .arg1_type = ARG_PTR_TO_CTX, |
3135 | .arg2_type = ARG_ANYTHING, |
3136 | }; |
3137 | |
3138 | BPF_CALL_3(bpf_skb_vlan_push, struct sk_buff *, skb, __be16, vlan_proto, |
3139 | u16, vlan_tci) |
3140 | { |
3141 | int ret; |
3142 | |
3143 | if (unlikely(vlan_proto != htons(ETH_P_8021Q) && |
3144 | vlan_proto != htons(ETH_P_8021AD))) |
3145 | vlan_proto = htons(ETH_P_8021Q); |
3146 | |
3147 | bpf_push_mac_rcsum(skb); |
3148 | ret = skb_vlan_push(skb, vlan_proto, vlan_tci); |
3149 | bpf_pull_mac_rcsum(skb); |
3150 | |
3151 | bpf_compute_data_pointers(skb); |
3152 | return ret; |
3153 | } |
3154 | |
3155 | static const struct bpf_func_proto bpf_skb_vlan_push_proto = { |
3156 | .func = bpf_skb_vlan_push, |
3157 | .gpl_only = false, |
3158 | .ret_type = RET_INTEGER, |
3159 | .arg1_type = ARG_PTR_TO_CTX, |
3160 | .arg2_type = ARG_ANYTHING, |
3161 | .arg3_type = ARG_ANYTHING, |
3162 | }; |
3163 | |
3164 | BPF_CALL_1(bpf_skb_vlan_pop, struct sk_buff *, skb) |
3165 | { |
3166 | int ret; |
3167 | |
3168 | bpf_push_mac_rcsum(skb); |
3169 | ret = skb_vlan_pop(skb); |
3170 | bpf_pull_mac_rcsum(skb); |
3171 | |
3172 | bpf_compute_data_pointers(skb); |
3173 | return ret; |
3174 | } |
3175 | |
3176 | static const struct bpf_func_proto bpf_skb_vlan_pop_proto = { |
3177 | .func = bpf_skb_vlan_pop, |
3178 | .gpl_only = false, |
3179 | .ret_type = RET_INTEGER, |
3180 | .arg1_type = ARG_PTR_TO_CTX, |
3181 | }; |
3182 | |
3183 | static int bpf_skb_generic_push(struct sk_buff *skb, u32 off, u32 len) |
3184 | { |
3185 | /* Caller already did skb_cow() with len as headroom, |
3186 | * so no need to do it here. |
3187 | */ |
3188 | skb_push(skb, len); |
3189 | memmove(skb->data, skb->data + len, off); |
3190 | memset(skb->data + off, 0, len); |
3191 | |
3192 | /* No skb_postpush_rcsum(skb, skb->data + off, len) |
3193 | * needed here as it does not change the skb->csum |
3194 | * result for checksum complete when summing over |
3195 | * zeroed blocks. |
3196 | */ |
3197 | return 0; |
3198 | } |
3199 | |
3200 | static int bpf_skb_generic_pop(struct sk_buff *skb, u32 off, u32 len) |
3201 | { |
3202 | void *old_data; |
3203 | |
3204 | /* skb_ensure_writable() is not needed here, as we're |
3205 | * already working on an uncloned skb. |
3206 | */ |
3207 | if (unlikely(!pskb_may_pull(skb, off + len))) |
3208 | return -ENOMEM; |
3209 | |
3210 | old_data = skb->data; |
3211 | __skb_pull(skb, len); |
3212 | skb_postpull_rcsum(skb, start: old_data + off, len); |
3213 | memmove(skb->data, old_data, off); |
3214 | |
3215 | return 0; |
3216 | } |
3217 | |
3218 | static int bpf_skb_net_hdr_push(struct sk_buff *skb, u32 off, u32 len) |
3219 | { |
3220 | bool trans_same = skb->transport_header == skb->network_header; |
3221 | int ret; |
3222 | |
3223 | /* There's no need for __skb_push()/__skb_pull() pair to |
3224 | * get to the start of the mac header as we're guaranteed |
3225 | * to always start from here under eBPF. |
3226 | */ |
3227 | ret = bpf_skb_generic_push(skb, off, len); |
3228 | if (likely(!ret)) { |
3229 | skb->mac_header -= len; |
3230 | skb->network_header -= len; |
3231 | if (trans_same) |
3232 | skb->transport_header = skb->network_header; |
3233 | } |
3234 | |
3235 | return ret; |
3236 | } |
3237 | |
3238 | static int bpf_skb_net_hdr_pop(struct sk_buff *skb, u32 off, u32 len) |
3239 | { |
3240 | bool trans_same = skb->transport_header == skb->network_header; |
3241 | int ret; |
3242 | |
3243 | /* Same here, __skb_push()/__skb_pull() pair not needed. */ |
3244 | ret = bpf_skb_generic_pop(skb, off, len); |
3245 | if (likely(!ret)) { |
3246 | skb->mac_header += len; |
3247 | skb->network_header += len; |
3248 | if (trans_same) |
3249 | skb->transport_header = skb->network_header; |
3250 | } |
3251 | |
3252 | return ret; |
3253 | } |
3254 | |
3255 | static int bpf_skb_proto_4_to_6(struct sk_buff *skb) |
3256 | { |
3257 | const u32 len_diff = sizeof(struct ipv6hdr) - sizeof(struct iphdr); |
3258 | u32 off = skb_mac_header_len(skb); |
3259 | int ret; |
3260 | |
3261 | ret = skb_cow(skb, headroom: len_diff); |
3262 | if (unlikely(ret < 0)) |
3263 | return ret; |
3264 | |
3265 | ret = bpf_skb_net_hdr_push(skb, off, len: len_diff); |
3266 | if (unlikely(ret < 0)) |
3267 | return ret; |
3268 | |
3269 | if (skb_is_gso(skb)) { |
3270 | struct skb_shared_info *shinfo = skb_shinfo(skb); |
3271 | |
3272 | /* SKB_GSO_TCPV4 needs to be changed into SKB_GSO_TCPV6. */ |
3273 | if (shinfo->gso_type & SKB_GSO_TCPV4) { |
3274 | shinfo->gso_type &= ~SKB_GSO_TCPV4; |
3275 | shinfo->gso_type |= SKB_GSO_TCPV6; |
3276 | } |
3277 | } |
3278 | |
3279 | skb->protocol = htons(ETH_P_IPV6); |
3280 | skb_clear_hash(skb); |
3281 | |
3282 | return 0; |
3283 | } |
3284 | |
3285 | static int bpf_skb_proto_6_to_4(struct sk_buff *skb) |
3286 | { |
3287 | const u32 len_diff = sizeof(struct ipv6hdr) - sizeof(struct iphdr); |
3288 | u32 off = skb_mac_header_len(skb); |
3289 | int ret; |
3290 | |
3291 | ret = skb_unclone(skb, GFP_ATOMIC); |
3292 | if (unlikely(ret < 0)) |
3293 | return ret; |
3294 | |
3295 | ret = bpf_skb_net_hdr_pop(skb, off, len: len_diff); |
3296 | if (unlikely(ret < 0)) |
3297 | return ret; |
3298 | |
3299 | if (skb_is_gso(skb)) { |
3300 | struct skb_shared_info *shinfo = skb_shinfo(skb); |
3301 | |
3302 | /* SKB_GSO_TCPV6 needs to be changed into SKB_GSO_TCPV4. */ |
3303 | if (shinfo->gso_type & SKB_GSO_TCPV6) { |
3304 | shinfo->gso_type &= ~SKB_GSO_TCPV6; |
3305 | shinfo->gso_type |= SKB_GSO_TCPV4; |
3306 | } |
3307 | } |
3308 | |
3309 | skb->protocol = htons(ETH_P_IP); |
3310 | skb_clear_hash(skb); |
3311 | |
3312 | return 0; |
3313 | } |
3314 | |
3315 | static int bpf_skb_proto_xlat(struct sk_buff *skb, __be16 to_proto) |
3316 | { |
3317 | __be16 from_proto = skb->protocol; |
3318 | |
3319 | if (from_proto == htons(ETH_P_IP) && |
3320 | to_proto == htons(ETH_P_IPV6)) |
3321 | return bpf_skb_proto_4_to_6(skb); |
3322 | |
3323 | if (from_proto == htons(ETH_P_IPV6) && |
3324 | to_proto == htons(ETH_P_IP)) |
3325 | return bpf_skb_proto_6_to_4(skb); |
3326 | |
3327 | return -ENOTSUPP; |
3328 | } |
3329 | |
3330 | BPF_CALL_3(bpf_skb_change_proto, struct sk_buff *, skb, __be16, proto, |
3331 | u64, flags) |
3332 | { |
3333 | int ret; |
3334 | |
3335 | if (unlikely(flags)) |
3336 | return -EINVAL; |
3337 | |
3338 | /* General idea is that this helper does the basic groundwork |
3339 | * needed for changing the protocol, and eBPF program fills the |
3340 | * rest through bpf_skb_store_bytes(), bpf_lX_csum_replace() |
3341 | * and other helpers, rather than passing a raw buffer here. |
3342 | * |
3343 | * The rationale is to keep this minimal and without a need to |
3344 | * deal with raw packet data. F.e. even if we would pass buffers |
3345 | * here, the program still needs to call the bpf_lX_csum_replace() |
3346 | * helpers anyway. Plus, this way we keep also separation of |
3347 | * concerns, since f.e. bpf_skb_store_bytes() should only take |
3348 | * care of stores. |
3349 | * |
3350 | * Currently, additional options and extension header space are |
3351 | * not supported, but flags register is reserved so we can adapt |
3352 | * that. For offloads, we mark packet as dodgy, so that headers |
3353 | * need to be verified first. |
3354 | */ |
3355 | ret = bpf_skb_proto_xlat(skb, to_proto: proto); |
3356 | bpf_compute_data_pointers(skb); |
3357 | return ret; |
3358 | } |
3359 | |
3360 | static const struct bpf_func_proto bpf_skb_change_proto_proto = { |
3361 | .func = bpf_skb_change_proto, |
3362 | .gpl_only = false, |
3363 | .ret_type = RET_INTEGER, |
3364 | .arg1_type = ARG_PTR_TO_CTX, |
3365 | .arg2_type = ARG_ANYTHING, |
3366 | .arg3_type = ARG_ANYTHING, |
3367 | }; |
3368 | |
3369 | BPF_CALL_2(bpf_skb_change_type, struct sk_buff *, skb, u32, pkt_type) |
3370 | { |
3371 | /* We only allow a restricted subset to be changed for now. */ |
3372 | if (unlikely(!skb_pkt_type_ok(skb->pkt_type) || |
3373 | !skb_pkt_type_ok(pkt_type))) |
3374 | return -EINVAL; |
3375 | |
3376 | skb->pkt_type = pkt_type; |
3377 | return 0; |
3378 | } |
3379 | |
3380 | static const struct bpf_func_proto bpf_skb_change_type_proto = { |
3381 | .func = bpf_skb_change_type, |
3382 | .gpl_only = false, |
3383 | .ret_type = RET_INTEGER, |
3384 | .arg1_type = ARG_PTR_TO_CTX, |
3385 | .arg2_type = ARG_ANYTHING, |
3386 | }; |
3387 | |
3388 | static u32 bpf_skb_net_base_len(const struct sk_buff *skb) |
3389 | { |
3390 | switch (skb->protocol) { |
3391 | case htons(ETH_P_IP): |
3392 | return sizeof(struct iphdr); |
3393 | case htons(ETH_P_IPV6): |
3394 | return sizeof(struct ipv6hdr); |
3395 | default: |
3396 | return ~0U; |
3397 | } |
3398 | } |
3399 | |
3400 | #define BPF_F_ADJ_ROOM_ENCAP_L3_MASK (BPF_F_ADJ_ROOM_ENCAP_L3_IPV4 | \ |
3401 | BPF_F_ADJ_ROOM_ENCAP_L3_IPV6) |
3402 | |
3403 | #define BPF_F_ADJ_ROOM_DECAP_L3_MASK (BPF_F_ADJ_ROOM_DECAP_L3_IPV4 | \ |
3404 | BPF_F_ADJ_ROOM_DECAP_L3_IPV6) |
3405 | |
3406 | #define BPF_F_ADJ_ROOM_MASK (BPF_F_ADJ_ROOM_FIXED_GSO | \ |
3407 | BPF_F_ADJ_ROOM_ENCAP_L3_MASK | \ |
3408 | BPF_F_ADJ_ROOM_ENCAP_L4_GRE | \ |
3409 | BPF_F_ADJ_ROOM_ENCAP_L4_UDP | \ |
3410 | BPF_F_ADJ_ROOM_ENCAP_L2_ETH | \ |
3411 | BPF_F_ADJ_ROOM_ENCAP_L2( \ |
3412 | BPF_ADJ_ROOM_ENCAP_L2_MASK) | \ |
3413 | BPF_F_ADJ_ROOM_DECAP_L3_MASK) |
3414 | |
3415 | static int bpf_skb_net_grow(struct sk_buff *skb, u32 off, u32 len_diff, |
3416 | u64 flags) |
3417 | { |
3418 | u8 inner_mac_len = flags >> BPF_ADJ_ROOM_ENCAP_L2_SHIFT; |
3419 | bool encap = flags & BPF_F_ADJ_ROOM_ENCAP_L3_MASK; |
3420 | u16 mac_len = 0, inner_net = 0, inner_trans = 0; |
3421 | unsigned int gso_type = SKB_GSO_DODGY; |
3422 | int ret; |
3423 | |
3424 | if (skb_is_gso(skb) && !skb_is_gso_tcp(skb)) { |
3425 | /* udp gso_size delineates datagrams, only allow if fixed */ |
3426 | if (!(skb_shinfo(skb)->gso_type & SKB_GSO_UDP_L4) || |
3427 | !(flags & BPF_F_ADJ_ROOM_FIXED_GSO)) |
3428 | return -ENOTSUPP; |
3429 | } |
3430 | |
3431 | ret = skb_cow_head(skb, headroom: len_diff); |
3432 | if (unlikely(ret < 0)) |
3433 | return ret; |
3434 | |
3435 | if (encap) { |
3436 | if (skb->protocol != htons(ETH_P_IP) && |
3437 | skb->protocol != htons(ETH_P_IPV6)) |
3438 | return -ENOTSUPP; |
3439 | |
3440 | if (flags & BPF_F_ADJ_ROOM_ENCAP_L3_IPV4 && |
3441 | flags & BPF_F_ADJ_ROOM_ENCAP_L3_IPV6) |
3442 | return -EINVAL; |
3443 | |
3444 | if (flags & BPF_F_ADJ_ROOM_ENCAP_L4_GRE && |
3445 | flags & BPF_F_ADJ_ROOM_ENCAP_L4_UDP) |
3446 | return -EINVAL; |
3447 | |
3448 | if (flags & BPF_F_ADJ_ROOM_ENCAP_L2_ETH && |
3449 | inner_mac_len < ETH_HLEN) |
3450 | return -EINVAL; |
3451 | |
3452 | if (skb->encapsulation) |
3453 | return -EALREADY; |
3454 | |
3455 | mac_len = skb->network_header - skb->mac_header; |
3456 | inner_net = skb->network_header; |
3457 | if (inner_mac_len > len_diff) |
3458 | return -EINVAL; |
3459 | inner_trans = skb->transport_header; |
3460 | } |
3461 | |
3462 | ret = bpf_skb_net_hdr_push(skb, off, len: len_diff); |
3463 | if (unlikely(ret < 0)) |
3464 | return ret; |
3465 | |
3466 | if (encap) { |
3467 | skb->inner_mac_header = inner_net - inner_mac_len; |
3468 | skb->inner_network_header = inner_net; |
3469 | skb->inner_transport_header = inner_trans; |
3470 | |
3471 | if (flags & BPF_F_ADJ_ROOM_ENCAP_L2_ETH) |
3472 | skb_set_inner_protocol(skb, htons(ETH_P_TEB)); |
3473 | else |
3474 | skb_set_inner_protocol(skb, protocol: skb->protocol); |
3475 | |
3476 | skb->encapsulation = 1; |
3477 | skb_set_network_header(skb, offset: mac_len); |
3478 | |
3479 | if (flags & BPF_F_ADJ_ROOM_ENCAP_L4_UDP) |
3480 | gso_type |= SKB_GSO_UDP_TUNNEL; |
3481 | else if (flags & BPF_F_ADJ_ROOM_ENCAP_L4_GRE) |
3482 | gso_type |= SKB_GSO_GRE; |
3483 | else if (flags & BPF_F_ADJ_ROOM_ENCAP_L3_IPV6) |
3484 | gso_type |= SKB_GSO_IPXIP6; |
3485 | else if (flags & BPF_F_ADJ_ROOM_ENCAP_L3_IPV4) |
3486 | gso_type |= SKB_GSO_IPXIP4; |
3487 | |
3488 | if (flags & BPF_F_ADJ_ROOM_ENCAP_L4_GRE || |
3489 | flags & BPF_F_ADJ_ROOM_ENCAP_L4_UDP) { |
3490 | int nh_len = flags & BPF_F_ADJ_ROOM_ENCAP_L3_IPV6 ? |
3491 | sizeof(struct ipv6hdr) : |
3492 | sizeof(struct iphdr); |
3493 | |
3494 | skb_set_transport_header(skb, offset: mac_len + nh_len); |
3495 | } |
3496 | |
3497 | /* Match skb->protocol to new outer l3 protocol */ |
3498 | if (skb->protocol == htons(ETH_P_IP) && |
3499 | flags & BPF_F_ADJ_ROOM_ENCAP_L3_IPV6) |
3500 | skb->protocol = htons(ETH_P_IPV6); |
3501 | else if (skb->protocol == htons(ETH_P_IPV6) && |
3502 | flags & BPF_F_ADJ_ROOM_ENCAP_L3_IPV4) |
3503 | skb->protocol = htons(ETH_P_IP); |
3504 | } |
3505 | |
3506 | if (skb_is_gso(skb)) { |
3507 | struct skb_shared_info *shinfo = skb_shinfo(skb); |
3508 | |
3509 | /* Due to header grow, MSS needs to be downgraded. */ |
3510 | if (!(flags & BPF_F_ADJ_ROOM_FIXED_GSO)) |
3511 | skb_decrease_gso_size(shinfo, decrement: len_diff); |
3512 | |
3513 | /* Header must be checked, and gso_segs recomputed. */ |
3514 | shinfo->gso_type |= gso_type; |
3515 | shinfo->gso_segs = 0; |
3516 | } |
3517 | |
3518 | return 0; |
3519 | } |
3520 | |
3521 | static int bpf_skb_net_shrink(struct sk_buff *skb, u32 off, u32 len_diff, |
3522 | u64 flags) |
3523 | { |
3524 | int ret; |
3525 | |
3526 | if (unlikely(flags & ~(BPF_F_ADJ_ROOM_FIXED_GSO | |
3527 | BPF_F_ADJ_ROOM_DECAP_L3_MASK | |
3528 | BPF_F_ADJ_ROOM_NO_CSUM_RESET))) |
3529 | return -EINVAL; |
3530 | |
3531 | if (skb_is_gso(skb) && !skb_is_gso_tcp(skb)) { |
3532 | /* udp gso_size delineates datagrams, only allow if fixed */ |
3533 | if (!(skb_shinfo(skb)->gso_type & SKB_GSO_UDP_L4) || |
3534 | !(flags & BPF_F_ADJ_ROOM_FIXED_GSO)) |
3535 | return -ENOTSUPP; |
3536 | } |
3537 | |
3538 | ret = skb_unclone(skb, GFP_ATOMIC); |
3539 | if (unlikely(ret < 0)) |
3540 | return ret; |
3541 | |
3542 | ret = bpf_skb_net_hdr_pop(skb, off, len: len_diff); |
3543 | if (unlikely(ret < 0)) |
3544 | return ret; |
3545 | |
3546 | /* Match skb->protocol to new outer l3 protocol */ |
3547 | if (skb->protocol == htons(ETH_P_IP) && |
3548 | flags & BPF_F_ADJ_ROOM_DECAP_L3_IPV6) |
3549 | skb->protocol = htons(ETH_P_IPV6); |
3550 | else if (skb->protocol == htons(ETH_P_IPV6) && |
3551 | flags & BPF_F_ADJ_ROOM_DECAP_L3_IPV4) |
3552 | skb->protocol = htons(ETH_P_IP); |
3553 | |
3554 | if (skb_is_gso(skb)) { |
3555 | struct skb_shared_info *shinfo = skb_shinfo(skb); |
3556 | |
3557 | /* Due to header shrink, MSS can be upgraded. */ |
3558 | if (!(flags & BPF_F_ADJ_ROOM_FIXED_GSO)) |
3559 | skb_increase_gso_size(shinfo, increment: len_diff); |
3560 | |
3561 | /* Header must be checked, and gso_segs recomputed. */ |
3562 | shinfo->gso_type |= SKB_GSO_DODGY; |
3563 | shinfo->gso_segs = 0; |
3564 | } |
3565 | |
3566 | return 0; |
3567 | } |
3568 | |
3569 | #define BPF_SKB_MAX_LEN SKB_MAX_ALLOC |
3570 | |
3571 | BPF_CALL_4(sk_skb_adjust_room, struct sk_buff *, skb, s32, len_diff, |
3572 | u32, mode, u64, flags) |
3573 | { |
3574 | u32 len_diff_abs = abs(len_diff); |
3575 | bool shrink = len_diff < 0; |
3576 | int ret = 0; |
3577 | |
3578 | if (unlikely(flags || mode)) |
3579 | return -EINVAL; |
3580 | if (unlikely(len_diff_abs > 0xfffU)) |
3581 | return -EFAULT; |
3582 | |
3583 | if (!shrink) { |
3584 | ret = skb_cow(skb, headroom: len_diff); |
3585 | if (unlikely(ret < 0)) |
3586 | return ret; |
3587 | __skb_push(skb, len: len_diff_abs); |
3588 | memset(skb->data, 0, len_diff_abs); |
3589 | } else { |
3590 | if (unlikely(!pskb_may_pull(skb, len_diff_abs))) |
3591 | return -ENOMEM; |
3592 | __skb_pull(skb, len: len_diff_abs); |
3593 | } |
3594 | if (tls_sw_has_ctx_rx(sk: skb->sk)) { |
3595 | struct strp_msg *rxm = strp_msg(skb); |
3596 | |
3597 | rxm->full_len += len_diff; |
3598 | } |
3599 | return ret; |
3600 | } |
3601 | |
3602 | static const struct bpf_func_proto sk_skb_adjust_room_proto = { |
3603 | .func = sk_skb_adjust_room, |
3604 | .gpl_only = false, |
3605 | .ret_type = RET_INTEGER, |
3606 | .arg1_type = ARG_PTR_TO_CTX, |
3607 | .arg2_type = ARG_ANYTHING, |
3608 | .arg3_type = ARG_ANYTHING, |
3609 | .arg4_type = ARG_ANYTHING, |
3610 | }; |
3611 | |
3612 | BPF_CALL_4(bpf_skb_adjust_room, struct sk_buff *, skb, s32, len_diff, |
3613 | u32, mode, u64, flags) |
3614 | { |
3615 | u32 len_cur, len_diff_abs = abs(len_diff); |
3616 | u32 len_min = bpf_skb_net_base_len(skb); |
3617 | u32 len_max = BPF_SKB_MAX_LEN; |
3618 | __be16 proto = skb->protocol; |
3619 | bool shrink = len_diff < 0; |
3620 | u32 off; |
3621 | int ret; |
3622 | |
3623 | if (unlikely(flags & ~(BPF_F_ADJ_ROOM_MASK | |
3624 | BPF_F_ADJ_ROOM_NO_CSUM_RESET))) |
3625 | return -EINVAL; |
3626 | if (unlikely(len_diff_abs > 0xfffU)) |
3627 | return -EFAULT; |
3628 | if (unlikely(proto != htons(ETH_P_IP) && |
3629 | proto != htons(ETH_P_IPV6))) |
3630 | return -ENOTSUPP; |
3631 | |
3632 | off = skb_mac_header_len(skb); |
3633 | switch (mode) { |
3634 | case BPF_ADJ_ROOM_NET: |
3635 | off += bpf_skb_net_base_len(skb); |
3636 | break; |
3637 | case BPF_ADJ_ROOM_MAC: |
3638 | break; |
3639 | default: |
3640 | return -ENOTSUPP; |
3641 | } |
3642 | |
3643 | if (flags & BPF_F_ADJ_ROOM_DECAP_L3_MASK) { |
3644 | if (!shrink) |
3645 | return -EINVAL; |
3646 | |
3647 | switch (flags & BPF_F_ADJ_ROOM_DECAP_L3_MASK) { |
3648 | case BPF_F_ADJ_ROOM_DECAP_L3_IPV4: |
3649 | len_min = sizeof(struct iphdr); |
3650 | break; |
3651 | case BPF_F_ADJ_ROOM_DECAP_L3_IPV6: |
3652 | len_min = sizeof(struct ipv6hdr); |
3653 | break; |
3654 | default: |
3655 | return -EINVAL; |
3656 | } |
3657 | } |
3658 | |
3659 | len_cur = skb->len - skb_network_offset(skb); |
3660 | if ((shrink && (len_diff_abs >= len_cur || |
3661 | len_cur - len_diff_abs < len_min)) || |
3662 | (!shrink && (skb->len + len_diff_abs > len_max && |
3663 | !skb_is_gso(skb)))) |
3664 | return -ENOTSUPP; |
3665 | |
3666 | ret = shrink ? bpf_skb_net_shrink(skb, off, len_diff: len_diff_abs, flags) : |
3667 | bpf_skb_net_grow(skb, off, len_diff: len_diff_abs, flags); |
3668 | if (!ret && !(flags & BPF_F_ADJ_ROOM_NO_CSUM_RESET)) |
3669 | __skb_reset_checksum_unnecessary(skb); |
3670 | |
3671 | bpf_compute_data_pointers(skb); |
3672 | return ret; |
3673 | } |
3674 | |
3675 | static const struct bpf_func_proto bpf_skb_adjust_room_proto = { |
3676 | .func = bpf_skb_adjust_room, |
3677 | .gpl_only = false, |
3678 | .ret_type = RET_INTEGER, |
3679 | .arg1_type = ARG_PTR_TO_CTX, |
3680 | .arg2_type = ARG_ANYTHING, |
3681 | .arg3_type = ARG_ANYTHING, |
3682 | .arg4_type = ARG_ANYTHING, |
3683 | }; |
3684 | |
3685 | static u32 __bpf_skb_min_len(const struct sk_buff *skb) |
3686 | { |
3687 | u32 min_len = skb_network_offset(skb); |
3688 | |
3689 | if (skb_transport_header_was_set(skb)) |
3690 | min_len = skb_transport_offset(skb); |
3691 | if (skb->ip_summed == CHECKSUM_PARTIAL) |
3692 | min_len = skb_checksum_start_offset(skb) + |
3693 | skb->csum_offset + sizeof(__sum16); |
3694 | return min_len; |
3695 | } |
3696 | |
3697 | static int bpf_skb_grow_rcsum(struct sk_buff *skb, unsigned int new_len) |
3698 | { |
3699 | unsigned int old_len = skb->len; |
3700 | int ret; |
3701 | |
3702 | ret = __skb_grow_rcsum(skb, len: new_len); |
3703 | if (!ret) |
3704 | memset(skb->data + old_len, 0, new_len - old_len); |
3705 | return ret; |
3706 | } |
3707 | |
3708 | static int bpf_skb_trim_rcsum(struct sk_buff *skb, unsigned int new_len) |
3709 | { |
3710 | return __skb_trim_rcsum(skb, len: new_len); |
3711 | } |
3712 | |
3713 | static inline int __bpf_skb_change_tail(struct sk_buff *skb, u32 new_len, |
3714 | u64 flags) |
3715 | { |
3716 | u32 max_len = BPF_SKB_MAX_LEN; |
3717 | u32 min_len = __bpf_skb_min_len(skb); |
3718 | int ret; |
3719 | |
3720 | if (unlikely(flags || new_len > max_len || new_len < min_len)) |
3721 | return -EINVAL; |
3722 | if (skb->encapsulation) |
3723 | return -ENOTSUPP; |
3724 | |
3725 | /* The basic idea of this helper is that it's performing the |
3726 | * needed work to either grow or trim an skb, and eBPF program |
3727 | * rewrites the rest via helpers like bpf_skb_store_bytes(), |
3728 | * bpf_lX_csum_replace() and others rather than passing a raw |
3729 | * buffer here. This one is a slow path helper and intended |
3730 | * for replies with control messages. |
3731 | * |
3732 | * Like in bpf_skb_change_proto(), we want to keep this rather |
3733 | * minimal and without protocol specifics so that we are able |
3734 | * to separate concerns as in bpf_skb_store_bytes() should only |
3735 | * be the one responsible for writing buffers. |
3736 | * |
3737 | * It's really expected to be a slow path operation here for |
3738 | * control message replies, so we're implicitly linearizing, |
3739 | * uncloning and drop offloads from the skb by this. |
3740 | */ |
3741 | ret = __bpf_try_make_writable(skb, write_len: skb->len); |
3742 | if (!ret) { |
3743 | if (new_len > skb->len) |
3744 | ret = bpf_skb_grow_rcsum(skb, new_len); |
3745 | else if (new_len < skb->len) |
3746 | ret = bpf_skb_trim_rcsum(skb, new_len); |
3747 | if (!ret && skb_is_gso(skb)) |
3748 | skb_gso_reset(skb); |
3749 | } |
3750 | return ret; |
3751 | } |
3752 | |
3753 | BPF_CALL_3(bpf_skb_change_tail, struct sk_buff *, skb, u32, new_len, |
3754 | u64, flags) |
3755 | { |
3756 | int ret = __bpf_skb_change_tail(skb, new_len, flags); |
3757 | |
3758 | bpf_compute_data_pointers(skb); |
3759 | return ret; |
3760 | } |
3761 | |
3762 | static const struct bpf_func_proto bpf_skb_change_tail_proto = { |
3763 | .func = bpf_skb_change_tail, |
3764 | .gpl_only = false, |
3765 | .ret_type = RET_INTEGER, |
3766 | .arg1_type = ARG_PTR_TO_CTX, |
3767 | .arg2_type = ARG_ANYTHING, |
3768 | .arg3_type = ARG_ANYTHING, |
3769 | }; |
3770 | |
3771 | BPF_CALL_3(sk_skb_change_tail, struct sk_buff *, skb, u32, new_len, |
3772 | u64, flags) |
3773 | { |
3774 | return __bpf_skb_change_tail(skb, new_len, flags); |
3775 | } |
3776 | |
3777 | static const struct bpf_func_proto sk_skb_change_tail_proto = { |
3778 | .func = sk_skb_change_tail, |
3779 | .gpl_only = false, |
3780 | .ret_type = RET_INTEGER, |
3781 | .arg1_type = ARG_PTR_TO_CTX, |
3782 | .arg2_type = ARG_ANYTHING, |
3783 | .arg3_type = ARG_ANYTHING, |
3784 | }; |
3785 | |
3786 | static inline int __bpf_skb_change_head(struct sk_buff *skb, u32 head_room, |
3787 | u64 flags) |
3788 | { |
3789 | u32 max_len = BPF_SKB_MAX_LEN; |
3790 | u32 new_len = skb->len + head_room; |
3791 | int ret; |
3792 | |
3793 | if (unlikely(flags || (!skb_is_gso(skb) && new_len > max_len) || |
3794 | new_len < skb->len)) |
3795 | return -EINVAL; |
3796 | |
3797 | ret = skb_cow(skb, headroom: head_room); |
3798 | if (likely(!ret)) { |
3799 | /* Idea for this helper is that we currently only |
3800 | * allow to expand on mac header. This means that |
3801 | * skb->protocol network header, etc, stay as is. |
3802 | * Compared to bpf_skb_change_tail(), we're more |
3803 | * flexible due to not needing to linearize or |
3804 | * reset GSO. Intention for this helper is to be |
3805 | * used by an L3 skb that needs to push mac header |
3806 | * for redirection into L2 device. |
3807 | */ |
3808 | __skb_push(skb, len: head_room); |
3809 | memset(skb->data, 0, head_room); |
3810 | skb_reset_mac_header(skb); |
3811 | skb_reset_mac_len(skb); |
3812 | } |
3813 | |
3814 | return ret; |
3815 | } |
3816 | |
3817 | BPF_CALL_3(bpf_skb_change_head, struct sk_buff *, skb, u32, head_room, |
3818 | u64, flags) |
3819 | { |
3820 | int ret = __bpf_skb_change_head(skb, head_room, flags); |
3821 | |
3822 | bpf_compute_data_pointers(skb); |
3823 | return ret; |
3824 | } |
3825 | |
3826 | static const struct bpf_func_proto bpf_skb_change_head_proto = { |
3827 | .func = bpf_skb_change_head, |
3828 | .gpl_only = false, |
3829 | .ret_type = RET_INTEGER, |
3830 | .arg1_type = ARG_PTR_TO_CTX, |
3831 | .arg2_type = ARG_ANYTHING, |
3832 | .arg3_type = ARG_ANYTHING, |
3833 | }; |
3834 | |
3835 | BPF_CALL_3(sk_skb_change_head, struct sk_buff *, skb, u32, head_room, |
3836 | u64, flags) |
3837 | { |
3838 | return __bpf_skb_change_head(skb, head_room, flags); |
3839 | } |
3840 | |
3841 | static const struct bpf_func_proto sk_skb_change_head_proto = { |
3842 | .func = sk_skb_change_head, |
3843 | .gpl_only = false, |
3844 | .ret_type = RET_INTEGER, |
3845 | .arg1_type = ARG_PTR_TO_CTX, |
3846 | .arg2_type = ARG_ANYTHING, |
3847 | .arg3_type = ARG_ANYTHING, |
3848 | }; |
3849 | |
3850 | BPF_CALL_1(bpf_xdp_get_buff_len, struct xdp_buff*, xdp) |
3851 | { |
3852 | return xdp_get_buff_len(xdp); |
3853 | } |
3854 | |
3855 | static const struct bpf_func_proto bpf_xdp_get_buff_len_proto = { |
3856 | .func = bpf_xdp_get_buff_len, |
3857 | .gpl_only = false, |
3858 | .ret_type = RET_INTEGER, |
3859 | .arg1_type = ARG_PTR_TO_CTX, |
3860 | }; |
3861 | |
3862 | BTF_ID_LIST_SINGLE(bpf_xdp_get_buff_len_bpf_ids, struct, xdp_buff) |
3863 | |
3864 | const struct bpf_func_proto bpf_xdp_get_buff_len_trace_proto = { |
3865 | .func = bpf_xdp_get_buff_len, |
3866 | .gpl_only = false, |
3867 | .arg1_type = ARG_PTR_TO_BTF_ID, |
3868 | .arg1_btf_id = &bpf_xdp_get_buff_len_bpf_ids[0], |
3869 | }; |
3870 | |
3871 | static unsigned long xdp_get_metalen(const struct xdp_buff *xdp) |
3872 | { |
3873 | return xdp_data_meta_unsupported(xdp) ? 0 : |
3874 | xdp->data - xdp->data_meta; |
3875 | } |
3876 | |
3877 | BPF_CALL_2(bpf_xdp_adjust_head, struct xdp_buff *, xdp, int, offset) |
3878 | { |
3879 | void *xdp_frame_end = xdp->data_hard_start + sizeof(struct xdp_frame); |
3880 | unsigned long metalen = xdp_get_metalen(xdp); |
3881 | void *data_start = xdp_frame_end + metalen; |
3882 | void *data = xdp->data + offset; |
3883 | |
3884 | if (unlikely(data < data_start || |
3885 | data > xdp->data_end - ETH_HLEN)) |
3886 | return -EINVAL; |
3887 | |
3888 | if (metalen) |
3889 | memmove(xdp->data_meta + offset, |
3890 | xdp->data_meta, metalen); |
3891 | xdp->data_meta += offset; |
3892 | xdp->data = data; |
3893 | |
3894 | return 0; |
3895 | } |
3896 | |
3897 | static const struct bpf_func_proto bpf_xdp_adjust_head_proto = { |
3898 | .func = bpf_xdp_adjust_head, |
3899 | .gpl_only = false, |
3900 | .ret_type = RET_INTEGER, |
3901 | .arg1_type = ARG_PTR_TO_CTX, |
3902 | .arg2_type = ARG_ANYTHING, |
3903 | }; |
3904 | |
3905 | void bpf_xdp_copy_buf(struct xdp_buff *xdp, unsigned long off, |
3906 | void *buf, unsigned long len, bool flush) |
3907 | { |
3908 | unsigned long ptr_len, ptr_off = 0; |
3909 | skb_frag_t *next_frag, *end_frag; |
3910 | struct skb_shared_info *sinfo; |
3911 | void *src, *dst; |
3912 | u8 *ptr_buf; |
3913 | |
3914 | if (likely(xdp->data_end - xdp->data >= off + len)) { |
3915 | src = flush ? buf : xdp->data + off; |
3916 | dst = flush ? xdp->data + off : buf; |
3917 | memcpy(dst, src, len); |
3918 | return; |
3919 | } |
3920 | |
3921 | sinfo = xdp_get_shared_info_from_buff(xdp); |
3922 | end_frag = &sinfo->frags[sinfo->nr_frags]; |
3923 | next_frag = &sinfo->frags[0]; |
3924 | |
3925 | ptr_len = xdp->data_end - xdp->data; |
3926 | ptr_buf = xdp->data; |
3927 | |
3928 | while (true) { |
3929 | if (off < ptr_off + ptr_len) { |
3930 | unsigned long copy_off = off - ptr_off; |
3931 | unsigned long copy_len = min(len, ptr_len - copy_off); |
3932 | |
3933 | src = flush ? buf : ptr_buf + copy_off; |
3934 | dst = flush ? ptr_buf + copy_off : buf; |
3935 | memcpy(dst, src, copy_len); |
3936 | |
3937 | off += copy_len; |
3938 | len -= copy_len; |
3939 | buf += copy_len; |
3940 | } |
3941 | |
3942 | if (!len || next_frag == end_frag) |
3943 | break; |
3944 | |
3945 | ptr_off += ptr_len; |
3946 | ptr_buf = skb_frag_address(frag: next_frag); |
3947 | ptr_len = skb_frag_size(frag: next_frag); |
3948 | next_frag++; |
3949 | } |
3950 | } |
3951 | |
3952 | void *bpf_xdp_pointer(struct xdp_buff *xdp, u32 offset, u32 len) |
3953 | { |
3954 | u32 size = xdp->data_end - xdp->data; |
3955 | struct skb_shared_info *sinfo; |
3956 | void *addr = xdp->data; |
3957 | int i; |
3958 | |
3959 | if (unlikely(offset > 0xffff || len > 0xffff)) |
3960 | return ERR_PTR(error: -EFAULT); |
3961 | |
3962 | if (unlikely(offset + len > xdp_get_buff_len(xdp))) |
3963 | return ERR_PTR(error: -EINVAL); |
3964 | |
3965 | if (likely(offset < size)) /* linear area */ |
3966 | goto out; |
3967 | |
3968 | sinfo = xdp_get_shared_info_from_buff(xdp); |
3969 | offset -= size; |
3970 | for (i = 0; i < sinfo->nr_frags; i++) { /* paged area */ |
3971 | u32 frag_size = skb_frag_size(frag: &sinfo->frags[i]); |
3972 | |
3973 | if (offset < frag_size) { |
3974 | addr = skb_frag_address(frag: &sinfo->frags[i]); |
3975 | size = frag_size; |
3976 | break; |
3977 | } |
3978 | offset -= frag_size; |
3979 | } |
3980 | out: |
3981 | return offset + len <= size ? addr + offset : NULL; |
3982 | } |
3983 | |
3984 | BPF_CALL_4(bpf_xdp_load_bytes, struct xdp_buff *, xdp, u32, offset, |
3985 | void *, buf, u32, len) |
3986 | { |
3987 | void *ptr; |
3988 | |
3989 | ptr = bpf_xdp_pointer(xdp, offset, len); |
3990 | if (IS_ERR(ptr)) |
3991 | return PTR_ERR(ptr); |
3992 | |
3993 | if (!ptr) |
3994 | bpf_xdp_copy_buf(xdp, off: offset, buf, len, flush: false); |
3995 | else |
3996 | memcpy(buf, ptr, len); |
3997 | |
3998 | return 0; |
3999 | } |
4000 | |
4001 | static const struct bpf_func_proto bpf_xdp_load_bytes_proto = { |
4002 | .func = bpf_xdp_load_bytes, |
4003 | .gpl_only = false, |
4004 | .ret_type = RET_INTEGER, |
4005 | .arg1_type = ARG_PTR_TO_CTX, |
4006 | .arg2_type = ARG_ANYTHING, |
4007 | .arg3_type = ARG_PTR_TO_UNINIT_MEM, |
4008 | .arg4_type = ARG_CONST_SIZE, |
4009 | }; |
4010 | |
4011 | int __bpf_xdp_load_bytes(struct xdp_buff *xdp, u32 offset, void *buf, u32 len) |
4012 | { |
4013 | return ____bpf_xdp_load_bytes(xdp, offset, buf, len); |
4014 | } |
4015 | |
4016 | BPF_CALL_4(bpf_xdp_store_bytes, struct xdp_buff *, xdp, u32, offset, |
4017 | void *, buf, u32, len) |
4018 | { |
4019 | void *ptr; |
4020 | |
4021 | ptr = bpf_xdp_pointer(xdp, offset, len); |
4022 | if (IS_ERR(ptr)) |
4023 | return PTR_ERR(ptr); |
4024 | |
4025 | if (!ptr) |
4026 | bpf_xdp_copy_buf(xdp, off: offset, buf, len, flush: true); |
4027 | else |
4028 | memcpy(ptr, buf, len); |
4029 | |
4030 | return 0; |
4031 | } |
4032 | |
4033 | static const struct bpf_func_proto bpf_xdp_store_bytes_proto = { |
4034 | .func = bpf_xdp_store_bytes, |
4035 | .gpl_only = false, |
4036 | .ret_type = RET_INTEGER, |
4037 | .arg1_type = ARG_PTR_TO_CTX, |
4038 | .arg2_type = ARG_ANYTHING, |
4039 | .arg3_type = ARG_PTR_TO_UNINIT_MEM, |
4040 | .arg4_type = ARG_CONST_SIZE, |
4041 | }; |
4042 | |
4043 | int __bpf_xdp_store_bytes(struct xdp_buff *xdp, u32 offset, void *buf, u32 len) |
4044 | { |
4045 | return ____bpf_xdp_store_bytes(xdp, offset, buf, len); |
4046 | } |
4047 | |
4048 | static int bpf_xdp_frags_increase_tail(struct xdp_buff *xdp, int offset) |
4049 | { |
4050 | struct skb_shared_info *sinfo = xdp_get_shared_info_from_buff(xdp); |
4051 | skb_frag_t *frag = &sinfo->frags[sinfo->nr_frags - 1]; |
4052 | struct xdp_rxq_info *rxq = xdp->rxq; |
4053 | unsigned int tailroom; |
4054 | |
4055 | if (!rxq->frag_size || rxq->frag_size > xdp->frame_sz) |
4056 | return -EOPNOTSUPP; |
4057 | |
4058 | tailroom = rxq->frag_size - skb_frag_size(frag) - skb_frag_off(frag); |
4059 | if (unlikely(offset > tailroom)) |
4060 | return -EINVAL; |
4061 | |
4062 | memset(skb_frag_address(frag) + skb_frag_size(frag), 0, offset); |
4063 | skb_frag_size_add(frag, delta: offset); |
4064 | sinfo->xdp_frags_size += offset; |
4065 | |
4066 | return 0; |
4067 | } |
4068 | |
4069 | static int bpf_xdp_frags_shrink_tail(struct xdp_buff *xdp, int offset) |
4070 | { |
4071 | struct skb_shared_info *sinfo = xdp_get_shared_info_from_buff(xdp); |
4072 | int i, n_frags_free = 0, len_free = 0; |
4073 | |
4074 | if (unlikely(offset > (int)xdp_get_buff_len(xdp) - ETH_HLEN)) |
4075 | return -EINVAL; |
4076 | |
4077 | for (i = sinfo->nr_frags - 1; i >= 0 && offset > 0; i--) { |
4078 | skb_frag_t *frag = &sinfo->frags[i]; |
4079 | int shrink = min_t(int, offset, skb_frag_size(frag)); |
4080 | |
4081 | len_free += shrink; |
4082 | offset -= shrink; |
4083 | |
4084 | if (skb_frag_size(frag) == shrink) { |
4085 | struct page *page = skb_frag_page(frag); |
4086 | |
4087 | __xdp_return(page_address(page), mem: &xdp->rxq->mem, |
4088 | napi_direct: false, NULL); |
4089 | n_frags_free++; |
4090 | } else { |
4091 | skb_frag_size_sub(frag, delta: shrink); |
4092 | break; |
4093 | } |
4094 | } |
4095 | sinfo->nr_frags -= n_frags_free; |
4096 | sinfo->xdp_frags_size -= len_free; |
4097 | |
4098 | if (unlikely(!sinfo->nr_frags)) { |
4099 | xdp_buff_clear_frags_flag(xdp); |
4100 | xdp->data_end -= offset; |
4101 | } |
4102 | |
4103 | return 0; |
4104 | } |
4105 | |
4106 | BPF_CALL_2(bpf_xdp_adjust_tail, struct xdp_buff *, xdp, int, offset) |
4107 | { |
4108 | void *data_hard_end = xdp_data_hard_end(xdp); /* use xdp->frame_sz */ |
4109 | void *data_end = xdp->data_end + offset; |
4110 | |
4111 | if (unlikely(xdp_buff_has_frags(xdp))) { /* non-linear xdp buff */ |
4112 | if (offset < 0) |
4113 | return bpf_xdp_frags_shrink_tail(xdp, offset: -offset); |
4114 | |
4115 | return bpf_xdp_frags_increase_tail(xdp, offset); |
4116 | } |
4117 | |
4118 | /* Notice that xdp_data_hard_end have reserved some tailroom */ |
4119 | if (unlikely(data_end > data_hard_end)) |
4120 | return -EINVAL; |
4121 | |
4122 | if (unlikely(data_end < xdp->data + ETH_HLEN)) |
4123 | return -EINVAL; |
4124 | |
4125 | /* Clear memory area on grow, can contain uninit kernel memory */ |
4126 | if (offset > 0) |
4127 | memset(xdp->data_end, 0, offset); |
4128 | |
4129 | xdp->data_end = data_end; |
4130 | |
4131 | return 0; |
4132 | } |
4133 | |
4134 | static const struct bpf_func_proto bpf_xdp_adjust_tail_proto = { |
4135 | .func = bpf_xdp_adjust_tail, |
4136 | .gpl_only = false, |
4137 | .ret_type = RET_INTEGER, |
4138 | .arg1_type = ARG_PTR_TO_CTX, |
4139 | .arg2_type = ARG_ANYTHING, |
4140 | }; |
4141 | |
4142 | BPF_CALL_2(bpf_xdp_adjust_meta, struct xdp_buff *, xdp, int, offset) |
4143 | { |
4144 | void *xdp_frame_end = xdp->data_hard_start + sizeof(struct xdp_frame); |
4145 | void *meta = xdp->data_meta + offset; |
4146 | unsigned long metalen = xdp->data - meta; |
4147 | |
4148 | if (xdp_data_meta_unsupported(xdp)) |
4149 | return -ENOTSUPP; |
4150 | if (unlikely(meta < xdp_frame_end || |
4151 | meta > xdp->data)) |
4152 | return -EINVAL; |
4153 | if (unlikely(xdp_metalen_invalid(metalen))) |
4154 | return -EACCES; |
4155 | |
4156 | xdp->data_meta = meta; |
4157 | |
4158 | return 0; |
4159 | } |
4160 | |
4161 | static const struct bpf_func_proto bpf_xdp_adjust_meta_proto = { |
4162 | .func = bpf_xdp_adjust_meta, |
4163 | .gpl_only = false, |
4164 | .ret_type = RET_INTEGER, |
4165 | .arg1_type = ARG_PTR_TO_CTX, |
4166 | .arg2_type = ARG_ANYTHING, |
4167 | }; |
4168 | |
4169 | /** |
4170 | * DOC: xdp redirect |
4171 | * |
4172 | * XDP_REDIRECT works by a three-step process, implemented in the functions |
4173 | * below: |
4174 | * |
4175 | * 1. The bpf_redirect() and bpf_redirect_map() helpers will lookup the target |
4176 | * of the redirect and store it (along with some other metadata) in a per-CPU |
4177 | * struct bpf_redirect_info. |
4178 | * |
4179 | * 2. When the program returns the XDP_REDIRECT return code, the driver will |
4180 | * call xdp_do_redirect() which will use the information in struct |
4181 | * bpf_redirect_info to actually enqueue the frame into a map type-specific |
4182 | * bulk queue structure. |
4183 | * |
4184 | * 3. Before exiting its NAPI poll loop, the driver will call |
4185 | * xdp_do_flush(), which will flush all the different bulk queues, |
4186 | * thus completing the redirect. Note that xdp_do_flush() must be |
4187 | * called before napi_complete_done() in the driver, as the |
4188 | * XDP_REDIRECT logic relies on being inside a single NAPI instance |
4189 | * through to the xdp_do_flush() call for RCU protection of all |
4190 | * in-kernel data structures. |
4191 | */ |
4192 | /* |
4193 | * Pointers to the map entries will be kept around for this whole sequence of |
4194 | * steps, protected by RCU. However, there is no top-level rcu_read_lock() in |
4195 | * the core code; instead, the RCU protection relies on everything happening |
4196 | * inside a single NAPI poll sequence, which means it's between a pair of calls |
4197 | * to local_bh_disable()/local_bh_enable(). |
4198 | * |
4199 | * The map entries are marked as __rcu and the map code makes sure to |
4200 | * dereference those pointers with rcu_dereference_check() in a way that works |
4201 | * for both sections that to hold an rcu_read_lock() and sections that are |
4202 | * called from NAPI without a separate rcu_read_lock(). The code below does not |
4203 | * use RCU annotations, but relies on those in the map code. |
4204 | */ |
4205 | void xdp_do_flush(void) |
4206 | { |
4207 | __dev_flush(); |
4208 | __cpu_map_flush(); |
4209 | __xsk_map_flush(); |
4210 | } |
4211 | EXPORT_SYMBOL_GPL(xdp_do_flush); |
4212 | |
4213 | #if defined(CONFIG_DEBUG_NET) && defined(CONFIG_BPF_SYSCALL) |
4214 | void xdp_do_check_flushed(struct napi_struct *napi) |
4215 | { |
4216 | bool ret; |
4217 | |
4218 | ret = dev_check_flush(); |
4219 | ret |= cpu_map_check_flush(); |
4220 | ret |= xsk_map_check_flush(); |
4221 | |
4222 | WARN_ONCE(ret, "Missing xdp_do_flush() invocation after NAPI by %ps\n" , |
4223 | napi->poll); |
4224 | } |
4225 | #endif |
4226 | |
4227 | void bpf_clear_redirect_map(struct bpf_map *map) |
4228 | { |
4229 | struct bpf_redirect_info *ri; |
4230 | int cpu; |
4231 | |
4232 | for_each_possible_cpu(cpu) { |
4233 | ri = per_cpu_ptr(&bpf_redirect_info, cpu); |
4234 | /* Avoid polluting remote cacheline due to writes if |
4235 | * not needed. Once we pass this test, we need the |
4236 | * cmpxchg() to make sure it hasn't been changed in |
4237 | * the meantime by remote CPU. |
4238 | */ |
4239 | if (unlikely(READ_ONCE(ri->map) == map)) |
4240 | cmpxchg(&ri->map, map, NULL); |
4241 | } |
4242 | } |
4243 | |
4244 | DEFINE_STATIC_KEY_FALSE(bpf_master_redirect_enabled_key); |
4245 | EXPORT_SYMBOL_GPL(bpf_master_redirect_enabled_key); |
4246 | |
4247 | u32 xdp_master_redirect(struct xdp_buff *xdp) |
4248 | { |
4249 | struct net_device *master, *slave; |
4250 | struct bpf_redirect_info *ri = this_cpu_ptr(&bpf_redirect_info); |
4251 | |
4252 | master = netdev_master_upper_dev_get_rcu(dev: xdp->rxq->dev); |
4253 | slave = master->netdev_ops->ndo_xdp_get_xmit_slave(master, xdp); |
4254 | if (slave && slave != xdp->rxq->dev) { |
4255 | /* The target device is different from the receiving device, so |
4256 | * redirect it to the new device. |
4257 | * Using XDP_REDIRECT gets the correct behaviour from XDP enabled |
4258 | * drivers to unmap the packet from their rx ring. |
4259 | */ |
4260 | ri->tgt_index = slave->ifindex; |
4261 | ri->map_id = INT_MAX; |
4262 | ri->map_type = BPF_MAP_TYPE_UNSPEC; |
4263 | return XDP_REDIRECT; |
4264 | } |
4265 | return XDP_TX; |
4266 | } |
4267 | EXPORT_SYMBOL_GPL(xdp_master_redirect); |
4268 | |
4269 | static inline int __xdp_do_redirect_xsk(struct bpf_redirect_info *ri, |
4270 | struct net_device *dev, |
4271 | struct xdp_buff *xdp, |
4272 | struct bpf_prog *xdp_prog) |
4273 | { |
4274 | enum bpf_map_type map_type = ri->map_type; |
4275 | void *fwd = ri->tgt_value; |
4276 | u32 map_id = ri->map_id; |
4277 | int err; |
4278 | |
4279 | ri->map_id = 0; /* Valid map id idr range: [1,INT_MAX[ */ |
4280 | ri->map_type = BPF_MAP_TYPE_UNSPEC; |
4281 | |
4282 | err = __xsk_map_redirect(xs: fwd, xdp); |
4283 | if (unlikely(err)) |
4284 | goto err; |
4285 | |
4286 | _trace_xdp_redirect_map(dev, xdp_prog, fwd, map_type, map_id, ri->tgt_index); |
4287 | return 0; |
4288 | err: |
4289 | _trace_xdp_redirect_map_err(dev, xdp_prog, fwd, map_type, map_id, ri->tgt_index, err); |
4290 | return err; |
4291 | } |
4292 | |
4293 | static __always_inline int __xdp_do_redirect_frame(struct bpf_redirect_info *ri, |
4294 | struct net_device *dev, |
4295 | struct xdp_frame *xdpf, |
4296 | struct bpf_prog *xdp_prog) |
4297 | { |
4298 | enum bpf_map_type map_type = ri->map_type; |
4299 | void *fwd = ri->tgt_value; |
4300 | u32 map_id = ri->map_id; |
4301 | struct bpf_map *map; |
4302 | int err; |
4303 | |
4304 | ri->map_id = 0; /* Valid map id idr range: [1,INT_MAX[ */ |
4305 | ri->map_type = BPF_MAP_TYPE_UNSPEC; |
4306 | |
4307 | if (unlikely(!xdpf)) { |
4308 | err = -EOVERFLOW; |
4309 | goto err; |
4310 | } |
4311 | |
4312 | switch (map_type) { |
4313 | case BPF_MAP_TYPE_DEVMAP: |
4314 | fallthrough; |
4315 | case BPF_MAP_TYPE_DEVMAP_HASH: |
4316 | map = READ_ONCE(ri->map); |
4317 | if (unlikely(map)) { |
4318 | WRITE_ONCE(ri->map, NULL); |
4319 | err = dev_map_enqueue_multi(xdpf, dev_rx: dev, map, |
4320 | exclude_ingress: ri->flags & BPF_F_EXCLUDE_INGRESS); |
4321 | } else { |
4322 | err = dev_map_enqueue(dst: fwd, xdpf, dev_rx: dev); |
4323 | } |
4324 | break; |
4325 | case BPF_MAP_TYPE_CPUMAP: |
4326 | err = cpu_map_enqueue(rcpu: fwd, xdpf, dev_rx: dev); |
4327 | break; |
4328 | case BPF_MAP_TYPE_UNSPEC: |
4329 | if (map_id == INT_MAX) { |
4330 | fwd = dev_get_by_index_rcu(net: dev_net(dev), ifindex: ri->tgt_index); |
4331 | if (unlikely(!fwd)) { |
4332 | err = -EINVAL; |
4333 | break; |
4334 | } |
4335 | err = dev_xdp_enqueue(dev: fwd, xdpf, dev_rx: dev); |
4336 | break; |
4337 | } |
4338 | fallthrough; |
4339 | default: |
4340 | err = -EBADRQC; |
4341 | } |
4342 | |
4343 | if (unlikely(err)) |
4344 | goto err; |
4345 | |
4346 | _trace_xdp_redirect_map(dev, xdp_prog, fwd, map_type, map_id, ri->tgt_index); |
4347 | return 0; |
4348 | err: |
4349 | _trace_xdp_redirect_map_err(dev, xdp_prog, fwd, map_type, map_id, ri->tgt_index, err); |
4350 | return err; |
4351 | } |
4352 | |
4353 | int xdp_do_redirect(struct net_device *dev, struct xdp_buff *xdp, |
4354 | struct bpf_prog *xdp_prog) |
4355 | { |
4356 | struct bpf_redirect_info *ri = this_cpu_ptr(&bpf_redirect_info); |
4357 | enum bpf_map_type map_type = ri->map_type; |
4358 | |
4359 | if (map_type == BPF_MAP_TYPE_XSKMAP) |
4360 | return __xdp_do_redirect_xsk(ri, dev, xdp, xdp_prog); |
4361 | |
4362 | return __xdp_do_redirect_frame(ri, dev, xdpf: xdp_convert_buff_to_frame(xdp), |
4363 | xdp_prog); |
4364 | } |
4365 | EXPORT_SYMBOL_GPL(xdp_do_redirect); |
4366 | |
4367 | int xdp_do_redirect_frame(struct net_device *dev, struct xdp_buff *xdp, |
4368 | struct xdp_frame *xdpf, struct bpf_prog *xdp_prog) |
4369 | { |
4370 | struct bpf_redirect_info *ri = this_cpu_ptr(&bpf_redirect_info); |
4371 | enum bpf_map_type map_type = ri->map_type; |
4372 | |
4373 | if (map_type == BPF_MAP_TYPE_XSKMAP) |
4374 | return __xdp_do_redirect_xsk(ri, dev, xdp, xdp_prog); |
4375 | |
4376 | return __xdp_do_redirect_frame(ri, dev, xdpf, xdp_prog); |
4377 | } |
4378 | EXPORT_SYMBOL_GPL(xdp_do_redirect_frame); |
4379 | |
4380 | static int xdp_do_generic_redirect_map(struct net_device *dev, |
4381 | struct sk_buff *skb, |
4382 | struct xdp_buff *xdp, |
4383 | struct bpf_prog *xdp_prog, |
4384 | void *fwd, |
4385 | enum bpf_map_type map_type, u32 map_id) |
4386 | { |
4387 | struct bpf_redirect_info *ri = this_cpu_ptr(&bpf_redirect_info); |
4388 | struct bpf_map *map; |
4389 | int err; |
4390 | |
4391 | switch (map_type) { |
4392 | case BPF_MAP_TYPE_DEVMAP: |
4393 | fallthrough; |
4394 | case BPF_MAP_TYPE_DEVMAP_HASH: |
4395 | map = READ_ONCE(ri->map); |
4396 | if (unlikely(map)) { |
4397 | WRITE_ONCE(ri->map, NULL); |
4398 | err = dev_map_redirect_multi(dev, skb, xdp_prog, map, |
4399 | exclude_ingress: ri->flags & BPF_F_EXCLUDE_INGRESS); |
4400 | } else { |
4401 | err = dev_map_generic_redirect(dst: fwd, skb, xdp_prog); |
4402 | } |
4403 | if (unlikely(err)) |
4404 | goto err; |
4405 | break; |
4406 | case BPF_MAP_TYPE_XSKMAP: |
4407 | err = xsk_generic_rcv(xs: fwd, xdp); |
4408 | if (err) |
4409 | goto err; |
4410 | consume_skb(skb); |
4411 | break; |
4412 | case BPF_MAP_TYPE_CPUMAP: |
4413 | err = cpu_map_generic_redirect(rcpu: fwd, skb); |
4414 | if (unlikely(err)) |
4415 | goto err; |
4416 | break; |
4417 | default: |
4418 | err = -EBADRQC; |
4419 | goto err; |
4420 | } |
4421 | |
4422 | _trace_xdp_redirect_map(dev, xdp_prog, fwd, map_type, map_id, ri->tgt_index); |
4423 | return 0; |
4424 | err: |
4425 | _trace_xdp_redirect_map_err(dev, xdp_prog, fwd, map_type, map_id, ri->tgt_index, err); |
4426 | return err; |
4427 | } |
4428 | |
4429 | int xdp_do_generic_redirect(struct net_device *dev, struct sk_buff *skb, |
4430 | struct xdp_buff *xdp, struct bpf_prog *xdp_prog) |
4431 | { |
4432 | struct bpf_redirect_info *ri = this_cpu_ptr(&bpf_redirect_info); |
4433 | enum bpf_map_type map_type = ri->map_type; |
4434 | void *fwd = ri->tgt_value; |
4435 | u32 map_id = ri->map_id; |
4436 | int err; |
4437 | |
4438 | ri->map_id = 0; /* Valid map id idr range: [1,INT_MAX[ */ |
4439 | ri->map_type = BPF_MAP_TYPE_UNSPEC; |
4440 | |
4441 | if (map_type == BPF_MAP_TYPE_UNSPEC && map_id == INT_MAX) { |
4442 | fwd = dev_get_by_index_rcu(net: dev_net(dev), ifindex: ri->tgt_index); |
4443 | if (unlikely(!fwd)) { |
4444 | err = -EINVAL; |
4445 | goto err; |
4446 | } |
4447 | |
4448 | err = xdp_ok_fwd_dev(fwd, pktlen: skb->len); |
4449 | if (unlikely(err)) |
4450 | goto err; |
4451 | |
4452 | skb->dev = fwd; |
4453 | _trace_xdp_redirect(dev, xdp_prog, ri->tgt_index); |
4454 | generic_xdp_tx(skb, xdp_prog); |
4455 | return 0; |
4456 | } |
4457 | |
4458 | return xdp_do_generic_redirect_map(dev, skb, xdp, xdp_prog, fwd, map_type, map_id); |
4459 | err: |
4460 | _trace_xdp_redirect_err(dev, xdp_prog, ri->tgt_index, err); |
4461 | return err; |
4462 | } |
4463 | |
4464 | BPF_CALL_2(bpf_xdp_redirect, u32, ifindex, u64, flags) |
4465 | { |
4466 | struct bpf_redirect_info *ri = this_cpu_ptr(&bpf_redirect_info); |
4467 | |
4468 | if (unlikely(flags)) |
4469 | return XDP_ABORTED; |
4470 | |
4471 | /* NB! Map type UNSPEC and map_id == INT_MAX (never generated |
4472 | * by map_idr) is used for ifindex based XDP redirect. |
4473 | */ |
4474 | ri->tgt_index = ifindex; |
4475 | ri->map_id = INT_MAX; |
4476 | ri->map_type = BPF_MAP_TYPE_UNSPEC; |
4477 | |
4478 | return XDP_REDIRECT; |
4479 | } |
4480 | |
4481 | static const struct bpf_func_proto bpf_xdp_redirect_proto = { |
4482 | .func = bpf_xdp_redirect, |
4483 | .gpl_only = false, |
4484 | .ret_type = RET_INTEGER, |
4485 | .arg1_type = ARG_ANYTHING, |
4486 | .arg2_type = ARG_ANYTHING, |
4487 | }; |
4488 | |
4489 | BPF_CALL_3(bpf_xdp_redirect_map, struct bpf_map *, map, u64, key, |
4490 | u64, flags) |
4491 | { |
4492 | return map->ops->map_redirect(map, key, flags); |
4493 | } |
4494 | |
4495 | static const struct bpf_func_proto bpf_xdp_redirect_map_proto = { |
4496 | .func = bpf_xdp_redirect_map, |
4497 | .gpl_only = false, |
4498 | .ret_type = RET_INTEGER, |
4499 | .arg1_type = ARG_CONST_MAP_PTR, |
4500 | .arg2_type = ARG_ANYTHING, |
4501 | .arg3_type = ARG_ANYTHING, |
4502 | }; |
4503 | |
4504 | static unsigned long bpf_skb_copy(void *dst_buff, const void *skb, |
4505 | unsigned long off, unsigned long len) |
4506 | { |
4507 | void *ptr = skb_header_pointer(skb, offset: off, len, buffer: dst_buff); |
4508 | |
4509 | if (unlikely(!ptr)) |
4510 | return len; |
4511 | if (ptr != dst_buff) |
4512 | memcpy(dst_buff, ptr, len); |
4513 | |
4514 | return 0; |
4515 | } |
4516 | |
4517 | BPF_CALL_5(bpf_skb_event_output, struct sk_buff *, skb, struct bpf_map *, map, |
4518 | u64, flags, void *, meta, u64, meta_size) |
4519 | { |
4520 | u64 skb_size = (flags & BPF_F_CTXLEN_MASK) >> 32; |
4521 | |
4522 | if (unlikely(flags & ~(BPF_F_CTXLEN_MASK | BPF_F_INDEX_MASK))) |
4523 | return -EINVAL; |
4524 | if (unlikely(!skb || skb_size > skb->len)) |
4525 | return -EFAULT; |
4526 | |
4527 | return bpf_event_output(map, flags, meta, meta_size, ctx: skb, ctx_size: skb_size, |
4528 | ctx_copy: bpf_skb_copy); |
4529 | } |
4530 | |
4531 | static const struct bpf_func_proto bpf_skb_event_output_proto = { |
4532 | .func = bpf_skb_event_output, |
4533 | .gpl_only = true, |
4534 | .ret_type = RET_INTEGER, |
4535 | .arg1_type = ARG_PTR_TO_CTX, |
4536 | .arg2_type = ARG_CONST_MAP_PTR, |
4537 | .arg3_type = ARG_ANYTHING, |
4538 | .arg4_type = ARG_PTR_TO_MEM | MEM_RDONLY, |
4539 | .arg5_type = ARG_CONST_SIZE_OR_ZERO, |
4540 | }; |
4541 | |
4542 | BTF_ID_LIST_SINGLE(bpf_skb_output_btf_ids, struct, sk_buff) |
4543 | |
4544 | const struct bpf_func_proto bpf_skb_output_proto = { |
4545 | .func = bpf_skb_event_output, |
4546 | .gpl_only = true, |
4547 | .ret_type = RET_INTEGER, |
4548 | .arg1_type = ARG_PTR_TO_BTF_ID, |
4549 | .arg1_btf_id = &bpf_skb_output_btf_ids[0], |
4550 | .arg2_type = ARG_CONST_MAP_PTR, |
4551 | .arg3_type = ARG_ANYTHING, |
4552 | .arg4_type = ARG_PTR_TO_MEM | MEM_RDONLY, |
4553 | .arg5_type = ARG_CONST_SIZE_OR_ZERO, |
4554 | }; |
4555 | |
4556 | static unsigned short bpf_tunnel_key_af(u64 flags) |
4557 | { |
4558 | return flags & BPF_F_TUNINFO_IPV6 ? AF_INET6 : AF_INET; |
4559 | } |
4560 | |
4561 | BPF_CALL_4(bpf_skb_get_tunnel_key, struct sk_buff *, skb, struct bpf_tunnel_key *, to, |
4562 | u32, size, u64, flags) |
4563 | { |
4564 | const struct ip_tunnel_info *info = skb_tunnel_info(skb); |
4565 | u8 compat[sizeof(struct bpf_tunnel_key)]; |
4566 | void *to_orig = to; |
4567 | int err; |
4568 | |
4569 | if (unlikely(!info || (flags & ~(BPF_F_TUNINFO_IPV6 | |
4570 | BPF_F_TUNINFO_FLAGS)))) { |
4571 | err = -EINVAL; |
4572 | goto err_clear; |
4573 | } |
4574 | if (ip_tunnel_info_af(tun_info: info) != bpf_tunnel_key_af(flags)) { |
4575 | err = -EPROTO; |
4576 | goto err_clear; |
4577 | } |
4578 | if (unlikely(size != sizeof(struct bpf_tunnel_key))) { |
4579 | err = -EINVAL; |
4580 | switch (size) { |
4581 | case offsetof(struct bpf_tunnel_key, local_ipv6[0]): |
4582 | case offsetof(struct bpf_tunnel_key, tunnel_label): |
4583 | case offsetof(struct bpf_tunnel_key, tunnel_ext): |
4584 | goto set_compat; |
4585 | case offsetof(struct bpf_tunnel_key, remote_ipv6[1]): |
4586 | /* Fixup deprecated structure layouts here, so we have |
4587 | * a common path later on. |
4588 | */ |
4589 | if (ip_tunnel_info_af(tun_info: info) != AF_INET) |
4590 | goto err_clear; |
4591 | set_compat: |
4592 | to = (struct bpf_tunnel_key *)compat; |
4593 | break; |
4594 | default: |
4595 | goto err_clear; |
4596 | } |
4597 | } |
4598 | |
4599 | to->tunnel_id = be64_to_cpu(info->key.tun_id); |
4600 | to->tunnel_tos = info->key.tos; |
4601 | to->tunnel_ttl = info->key.ttl; |
4602 | if (flags & BPF_F_TUNINFO_FLAGS) |
4603 | to->tunnel_flags = info->key.tun_flags; |
4604 | else |
4605 | to->tunnel_ext = 0; |
4606 | |
4607 | if (flags & BPF_F_TUNINFO_IPV6) { |
4608 | memcpy(to->remote_ipv6, &info->key.u.ipv6.src, |
4609 | sizeof(to->remote_ipv6)); |
4610 | memcpy(to->local_ipv6, &info->key.u.ipv6.dst, |
4611 | sizeof(to->local_ipv6)); |
4612 | to->tunnel_label = be32_to_cpu(info->key.label); |
4613 | } else { |
4614 | to->remote_ipv4 = be32_to_cpu(info->key.u.ipv4.src); |
4615 | memset(&to->remote_ipv6[1], 0, sizeof(__u32) * 3); |
4616 | to->local_ipv4 = be32_to_cpu(info->key.u.ipv4.dst); |
4617 | memset(&to->local_ipv6[1], 0, sizeof(__u32) * 3); |
4618 | to->tunnel_label = 0; |
4619 | } |
4620 | |
4621 | if (unlikely(size != sizeof(struct bpf_tunnel_key))) |
4622 | memcpy(to_orig, to, size); |
4623 | |
4624 | return 0; |
4625 | err_clear: |
4626 | memset(to_orig, 0, size); |
4627 | return err; |
4628 | } |
4629 | |
4630 | static const struct bpf_func_proto bpf_skb_get_tunnel_key_proto = { |
4631 | .func = bpf_skb_get_tunnel_key, |
4632 | .gpl_only = false, |
4633 | .ret_type = RET_INTEGER, |
4634 | .arg1_type = ARG_PTR_TO_CTX, |
4635 | .arg2_type = ARG_PTR_TO_UNINIT_MEM, |
4636 | .arg3_type = ARG_CONST_SIZE, |
4637 | .arg4_type = ARG_ANYTHING, |
4638 | }; |
4639 | |
4640 | BPF_CALL_3(bpf_skb_get_tunnel_opt, struct sk_buff *, skb, u8 *, to, u32, size) |
4641 | { |
4642 | const struct ip_tunnel_info *info = skb_tunnel_info(skb); |
4643 | int err; |
4644 | |
4645 | if (unlikely(!info || |
4646 | !(info->key.tun_flags & TUNNEL_OPTIONS_PRESENT))) { |
4647 | err = -ENOENT; |
4648 | goto err_clear; |
4649 | } |
4650 | if (unlikely(size < info->options_len)) { |
4651 | err = -ENOMEM; |
4652 | goto err_clear; |
4653 | } |
4654 | |
4655 | ip_tunnel_info_opts_get(to, info); |
4656 | if (size > info->options_len) |
4657 | memset(to + info->options_len, 0, size - info->options_len); |
4658 | |
4659 | return info->options_len; |
4660 | err_clear: |
4661 | memset(to, 0, size); |
4662 | return err; |
4663 | } |
4664 | |
4665 | static const struct bpf_func_proto bpf_skb_get_tunnel_opt_proto = { |
4666 | .func = bpf_skb_get_tunnel_opt, |
4667 | .gpl_only = false, |
4668 | .ret_type = RET_INTEGER, |
4669 | .arg1_type = ARG_PTR_TO_CTX, |
4670 | .arg2_type = ARG_PTR_TO_UNINIT_MEM, |
4671 | .arg3_type = ARG_CONST_SIZE, |
4672 | }; |
4673 | |
4674 | static struct metadata_dst __percpu *md_dst; |
4675 | |
4676 | BPF_CALL_4(bpf_skb_set_tunnel_key, struct sk_buff *, skb, |
4677 | const struct bpf_tunnel_key *, from, u32, size, u64, flags) |
4678 | { |
4679 | struct metadata_dst *md = this_cpu_ptr(md_dst); |
4680 | u8 compat[sizeof(struct bpf_tunnel_key)]; |
4681 | struct ip_tunnel_info *info; |
4682 | |
4683 | if (unlikely(flags & ~(BPF_F_TUNINFO_IPV6 | BPF_F_ZERO_CSUM_TX | |
4684 | BPF_F_DONT_FRAGMENT | BPF_F_SEQ_NUMBER | |
4685 | BPF_F_NO_TUNNEL_KEY))) |
4686 | return -EINVAL; |
4687 | if (unlikely(size != sizeof(struct bpf_tunnel_key))) { |
4688 | switch (size) { |
4689 | case offsetof(struct bpf_tunnel_key, local_ipv6[0]): |
4690 | case offsetof(struct bpf_tunnel_key, tunnel_label): |
4691 | case offsetof(struct bpf_tunnel_key, tunnel_ext): |
4692 | case offsetof(struct bpf_tunnel_key, remote_ipv6[1]): |
4693 | /* Fixup deprecated structure layouts here, so we have |
4694 | * a common path later on. |
4695 | */ |
4696 | memcpy(compat, from, size); |
4697 | memset(compat + size, 0, sizeof(compat) - size); |
4698 | from = (const struct bpf_tunnel_key *) compat; |
4699 | break; |
4700 | default: |
4701 | return -EINVAL; |
4702 | } |
4703 | } |
4704 | if (unlikely((!(flags & BPF_F_TUNINFO_IPV6) && from->tunnel_label) || |
4705 | from->tunnel_ext)) |
4706 | return -EINVAL; |
4707 | |
4708 | skb_dst_drop(skb); |
4709 | dst_hold(dst: (struct dst_entry *) md); |
4710 | skb_dst_set(skb, dst: (struct dst_entry *) md); |
4711 | |
4712 | info = &md->u.tun_info; |
4713 | memset(info, 0, sizeof(*info)); |
4714 | info->mode = IP_TUNNEL_INFO_TX; |
4715 | |
4716 | info->key.tun_flags = TUNNEL_KEY | TUNNEL_CSUM | TUNNEL_NOCACHE; |
4717 | if (flags & BPF_F_DONT_FRAGMENT) |
4718 | info->key.tun_flags |= TUNNEL_DONT_FRAGMENT; |
4719 | if (flags & BPF_F_ZERO_CSUM_TX) |
4720 | info->key.tun_flags &= ~TUNNEL_CSUM; |
4721 | if (flags & BPF_F_SEQ_NUMBER) |
4722 | info->key.tun_flags |= TUNNEL_SEQ; |
4723 | if (flags & BPF_F_NO_TUNNEL_KEY) |
4724 | info->key.tun_flags &= ~TUNNEL_KEY; |
4725 | |
4726 | info->key.tun_id = cpu_to_be64(from->tunnel_id); |
4727 | info->key.tos = from->tunnel_tos; |
4728 | info->key.ttl = from->tunnel_ttl; |
4729 | |
4730 | if (flags & BPF_F_TUNINFO_IPV6) { |
4731 | info->mode |= IP_TUNNEL_INFO_IPV6; |
4732 | memcpy(&info->key.u.ipv6.dst, from->remote_ipv6, |
4733 | sizeof(from->remote_ipv6)); |
4734 | memcpy(&info->key.u.ipv6.src, from->local_ipv6, |
4735 | sizeof(from->local_ipv6)); |
4736 | info->key.label = cpu_to_be32(from->tunnel_label) & |
4737 | IPV6_FLOWLABEL_MASK; |
4738 | } else { |
4739 | info->key.u.ipv4.dst = cpu_to_be32(from->remote_ipv4); |
4740 | info->key.u.ipv4.src = cpu_to_be32(from->local_ipv4); |
4741 | info->key.flow_flags = FLOWI_FLAG_ANYSRC; |
4742 | } |
4743 | |
4744 | return 0; |
4745 | } |
4746 | |
4747 | static const struct bpf_func_proto bpf_skb_set_tunnel_key_proto = { |
4748 | .func = bpf_skb_set_tunnel_key, |
4749 | .gpl_only = false, |
4750 | .ret_type = RET_INTEGER, |
4751 | .arg1_type = ARG_PTR_TO_CTX, |
4752 | .arg2_type = ARG_PTR_TO_MEM | MEM_RDONLY, |
4753 | .arg3_type = ARG_CONST_SIZE, |
4754 | .arg4_type = ARG_ANYTHING, |
4755 | }; |
4756 | |
4757 | BPF_CALL_3(bpf_skb_set_tunnel_opt, struct sk_buff *, skb, |
4758 | const u8 *, from, u32, size) |
4759 | { |
4760 | struct ip_tunnel_info *info = skb_tunnel_info(skb); |
4761 | const struct metadata_dst *md = this_cpu_ptr(md_dst); |
4762 | |
4763 | if (unlikely(info != &md->u.tun_info || (size & (sizeof(u32) - 1)))) |
4764 | return -EINVAL; |
4765 | if (unlikely(size > IP_TUNNEL_OPTS_MAX)) |
4766 | return -ENOMEM; |
4767 | |
4768 | ip_tunnel_info_opts_set(info, from, len: size, TUNNEL_OPTIONS_PRESENT); |
4769 | |
4770 | return 0; |
4771 | } |
4772 | |
4773 | static const struct bpf_func_proto bpf_skb_set_tunnel_opt_proto = { |
4774 | .func = bpf_skb_set_tunnel_opt, |
4775 | .gpl_only = false, |
4776 | .ret_type = RET_INTEGER, |
4777 | .arg1_type = ARG_PTR_TO_CTX, |
4778 | .arg2_type = ARG_PTR_TO_MEM | MEM_RDONLY, |
4779 | .arg3_type = ARG_CONST_SIZE, |
4780 | }; |
4781 | |
4782 | static const struct bpf_func_proto * |
4783 | bpf_get_skb_set_tunnel_proto(enum bpf_func_id which) |
4784 | { |
4785 | if (!md_dst) { |
4786 | struct metadata_dst __percpu *tmp; |
4787 | |
4788 | tmp = metadata_dst_alloc_percpu(IP_TUNNEL_OPTS_MAX, |
4789 | type: METADATA_IP_TUNNEL, |
4790 | GFP_KERNEL); |
4791 | if (!tmp) |
4792 | return NULL; |
4793 | if (cmpxchg(&md_dst, NULL, tmp)) |
4794 | metadata_dst_free_percpu(md_dst: tmp); |
4795 | } |
4796 | |
4797 | switch (which) { |
4798 | case BPF_FUNC_skb_set_tunnel_key: |
4799 | return &bpf_skb_set_tunnel_key_proto; |
4800 | case BPF_FUNC_skb_set_tunnel_opt: |
4801 | return &bpf_skb_set_tunnel_opt_proto; |
4802 | default: |
4803 | return NULL; |
4804 | } |
4805 | } |
4806 | |
4807 | BPF_CALL_3(bpf_skb_under_cgroup, struct sk_buff *, skb, struct bpf_map *, map, |
4808 | u32, idx) |
4809 | { |
4810 | struct bpf_array *array = container_of(map, struct bpf_array, map); |
4811 | struct cgroup *cgrp; |
4812 | struct sock *sk; |
4813 | |
4814 | sk = skb_to_full_sk(skb); |
4815 | if (!sk || !sk_fullsock(sk)) |
4816 | return -ENOENT; |
4817 | if (unlikely(idx >= array->map.max_entries)) |
4818 | return -E2BIG; |
4819 | |
4820 | cgrp = READ_ONCE(array->ptrs[idx]); |
4821 | if (unlikely(!cgrp)) |
4822 | return -EAGAIN; |
4823 | |
4824 | return sk_under_cgroup_hierarchy(sk, ancestor: cgrp); |
4825 | } |
4826 | |
4827 | static const struct bpf_func_proto bpf_skb_under_cgroup_proto = { |
4828 | .func = bpf_skb_under_cgroup, |
4829 | .gpl_only = false, |
4830 | .ret_type = RET_INTEGER, |
4831 | .arg1_type = ARG_PTR_TO_CTX, |
4832 | .arg2_type = ARG_CONST_MAP_PTR, |
4833 | .arg3_type = ARG_ANYTHING, |
4834 | }; |
4835 | |
4836 | #ifdef CONFIG_SOCK_CGROUP_DATA |
4837 | static inline u64 __bpf_sk_cgroup_id(struct sock *sk) |
4838 | { |
4839 | struct cgroup *cgrp; |
4840 | |
4841 | sk = sk_to_full_sk(sk); |
4842 | if (!sk || !sk_fullsock(sk)) |
4843 | return 0; |
4844 | |
4845 | cgrp = sock_cgroup_ptr(skcd: &sk->sk_cgrp_data); |
4846 | return cgroup_id(cgrp); |
4847 | } |
4848 | |
4849 | BPF_CALL_1(bpf_skb_cgroup_id, const struct sk_buff *, skb) |
4850 | { |
4851 | return __bpf_sk_cgroup_id(sk: skb->sk); |
4852 | } |
4853 | |
4854 | static const struct bpf_func_proto bpf_skb_cgroup_id_proto = { |
4855 | .func = bpf_skb_cgroup_id, |
4856 | .gpl_only = false, |
4857 | .ret_type = RET_INTEGER, |
4858 | .arg1_type = ARG_PTR_TO_CTX, |
4859 | }; |
4860 | |
4861 | static inline u64 __bpf_sk_ancestor_cgroup_id(struct sock *sk, |
4862 | int ancestor_level) |
4863 | { |
4864 | struct cgroup *ancestor; |
4865 | struct cgroup *cgrp; |
4866 | |
4867 | sk = sk_to_full_sk(sk); |
4868 | if (!sk || !sk_fullsock(sk)) |
4869 | return 0; |
4870 | |
4871 | cgrp = sock_cgroup_ptr(skcd: &sk->sk_cgrp_data); |
4872 | ancestor = cgroup_ancestor(cgrp, ancestor_level); |
4873 | if (!ancestor) |
4874 | return 0; |
4875 | |
4876 | return cgroup_id(cgrp: ancestor); |
4877 | } |
4878 | |
4879 | BPF_CALL_2(bpf_skb_ancestor_cgroup_id, const struct sk_buff *, skb, int, |
4880 | ancestor_level) |
4881 | { |
4882 | return __bpf_sk_ancestor_cgroup_id(sk: skb->sk, ancestor_level); |
4883 | } |
4884 | |
4885 | static const struct bpf_func_proto bpf_skb_ancestor_cgroup_id_proto = { |
4886 | .func = bpf_skb_ancestor_cgroup_id, |
4887 | .gpl_only = false, |
4888 | .ret_type = RET_INTEGER, |
4889 | .arg1_type = ARG_PTR_TO_CTX, |
4890 | .arg2_type = ARG_ANYTHING, |
4891 | }; |
4892 | |
4893 | BPF_CALL_1(bpf_sk_cgroup_id, struct sock *, sk) |
4894 | { |
4895 | return __bpf_sk_cgroup_id(sk); |
4896 | } |
4897 | |
4898 | static const struct bpf_func_proto bpf_sk_cgroup_id_proto = { |
4899 | .func = bpf_sk_cgroup_id, |
4900 | .gpl_only = false, |
4901 | .ret_type = RET_INTEGER, |
4902 | .arg1_type = ARG_PTR_TO_BTF_ID_SOCK_COMMON, |
4903 | }; |
4904 | |
4905 | BPF_CALL_2(bpf_sk_ancestor_cgroup_id, struct sock *, sk, int, ancestor_level) |
4906 | { |
4907 | return __bpf_sk_ancestor_cgroup_id(sk, ancestor_level); |
4908 | } |
4909 | |
4910 | static const struct bpf_func_proto bpf_sk_ancestor_cgroup_id_proto = { |
4911 | .func = bpf_sk_ancestor_cgroup_id, |
4912 | .gpl_only = false, |
4913 | .ret_type = RET_INTEGER, |
4914 | .arg1_type = ARG_PTR_TO_BTF_ID_SOCK_COMMON, |
4915 | .arg2_type = ARG_ANYTHING, |
4916 | }; |
4917 | #endif |
4918 | |
4919 | static unsigned long bpf_xdp_copy(void *dst, const void *ctx, |
4920 | unsigned long off, unsigned long len) |
4921 | { |
4922 | struct xdp_buff *xdp = (struct xdp_buff *)ctx; |
4923 | |
4924 | bpf_xdp_copy_buf(xdp, off, buf: dst, len, flush: false); |
4925 | return 0; |
4926 | } |
4927 | |
4928 | BPF_CALL_5(bpf_xdp_event_output, struct xdp_buff *, xdp, struct bpf_map *, map, |
4929 | u64, flags, void *, meta, u64, meta_size) |
4930 | { |
4931 | u64 xdp_size = (flags & BPF_F_CTXLEN_MASK) >> 32; |
4932 | |
4933 | if (unlikely(flags & ~(BPF_F_CTXLEN_MASK | BPF_F_INDEX_MASK))) |
4934 | return -EINVAL; |
4935 | |
4936 | if (unlikely(!xdp || xdp_size > xdp_get_buff_len(xdp))) |
4937 | return -EFAULT; |
4938 | |
4939 | return bpf_event_output(map, flags, meta, meta_size, ctx: xdp, |
4940 | ctx_size: xdp_size, ctx_copy: bpf_xdp_copy); |
4941 | } |
4942 | |
4943 | static const struct bpf_func_proto bpf_xdp_event_output_proto = { |
4944 | .func = bpf_xdp_event_output, |
4945 | .gpl_only = true, |
4946 | .ret_type = RET_INTEGER, |
4947 | .arg1_type = ARG_PTR_TO_CTX, |
4948 | .arg2_type = ARG_CONST_MAP_PTR, |
4949 | .arg3_type = ARG_ANYTHING, |
4950 | .arg4_type = ARG_PTR_TO_MEM | MEM_RDONLY, |
4951 | .arg5_type = ARG_CONST_SIZE_OR_ZERO, |
4952 | }; |
4953 | |
4954 | BTF_ID_LIST_SINGLE(bpf_xdp_output_btf_ids, struct, xdp_buff) |
4955 | |
4956 | const struct bpf_func_proto bpf_xdp_output_proto = { |
4957 | .func = bpf_xdp_event_output, |
4958 | .gpl_only = true, |
4959 | .ret_type = RET_INTEGER, |
4960 | .arg1_type = ARG_PTR_TO_BTF_ID, |
4961 | .arg1_btf_id = &bpf_xdp_output_btf_ids[0], |
4962 | .arg2_type = ARG_CONST_MAP_PTR, |
4963 | .arg3_type = ARG_ANYTHING, |
4964 | .arg4_type = ARG_PTR_TO_MEM | MEM_RDONLY, |
4965 | .arg5_type = ARG_CONST_SIZE_OR_ZERO, |
4966 | }; |
4967 | |
4968 | BPF_CALL_1(bpf_get_socket_cookie, struct sk_buff *, skb) |
4969 | { |
4970 | return skb->sk ? __sock_gen_cookie(sk: skb->sk) : 0; |
4971 | } |
4972 | |
4973 | static const struct bpf_func_proto bpf_get_socket_cookie_proto = { |
4974 | .func = bpf_get_socket_cookie, |
4975 | .gpl_only = false, |
4976 | .ret_type = RET_INTEGER, |
4977 | .arg1_type = ARG_PTR_TO_CTX, |
4978 | }; |
4979 | |
4980 | BPF_CALL_1(bpf_get_socket_cookie_sock_addr, struct bpf_sock_addr_kern *, ctx) |
4981 | { |
4982 | return __sock_gen_cookie(sk: ctx->sk); |
4983 | } |
4984 | |
4985 | static const struct bpf_func_proto bpf_get_socket_cookie_sock_addr_proto = { |
4986 | .func = bpf_get_socket_cookie_sock_addr, |
4987 | .gpl_only = false, |
4988 | .ret_type = RET_INTEGER, |
4989 | .arg1_type = ARG_PTR_TO_CTX, |
4990 | }; |
4991 | |
4992 | BPF_CALL_1(bpf_get_socket_cookie_sock, struct sock *, ctx) |
4993 | { |
4994 | return __sock_gen_cookie(sk: ctx); |
4995 | } |
4996 | |
4997 | static const struct bpf_func_proto bpf_get_socket_cookie_sock_proto = { |
4998 | .func = bpf_get_socket_cookie_sock, |
4999 | .gpl_only = false, |
5000 | .ret_type = RET_INTEGER, |
5001 | .arg1_type = ARG_PTR_TO_CTX, |
5002 | }; |
5003 | |
5004 | BPF_CALL_1(bpf_get_socket_ptr_cookie, struct sock *, sk) |
5005 | { |
5006 | return sk ? sock_gen_cookie(sk) : 0; |
5007 | } |
5008 | |
5009 | const struct bpf_func_proto bpf_get_socket_ptr_cookie_proto = { |
5010 | .func = bpf_get_socket_ptr_cookie, |
5011 | .gpl_only = false, |
5012 | .ret_type = RET_INTEGER, |
5013 | .arg1_type = ARG_PTR_TO_BTF_ID_SOCK_COMMON | PTR_MAYBE_NULL, |
5014 | }; |
5015 | |
5016 | BPF_CALL_1(bpf_get_socket_cookie_sock_ops, struct bpf_sock_ops_kern *, ctx) |
5017 | { |
5018 | return __sock_gen_cookie(sk: ctx->sk); |
5019 | } |
5020 | |
5021 | static const struct bpf_func_proto bpf_get_socket_cookie_sock_ops_proto = { |
5022 | .func = bpf_get_socket_cookie_sock_ops, |
5023 | .gpl_only = false, |
5024 | .ret_type = RET_INTEGER, |
5025 | .arg1_type = ARG_PTR_TO_CTX, |
5026 | }; |
5027 | |
5028 | static u64 __bpf_get_netns_cookie(struct sock *sk) |
5029 | { |
5030 | const struct net *net = sk ? sock_net(sk) : &init_net; |
5031 | |
5032 | return net->net_cookie; |
5033 | } |
5034 | |
5035 | BPF_CALL_1(bpf_get_netns_cookie_sock, struct sock *, ctx) |
5036 | { |
5037 | return __bpf_get_netns_cookie(sk: ctx); |
5038 | } |
5039 | |
5040 | static const struct bpf_func_proto bpf_get_netns_cookie_sock_proto = { |
5041 | .func = bpf_get_netns_cookie_sock, |
5042 | .gpl_only = false, |
5043 | .ret_type = RET_INTEGER, |
5044 | .arg1_type = ARG_PTR_TO_CTX_OR_NULL, |
5045 | }; |
5046 | |
5047 | BPF_CALL_1(bpf_get_netns_cookie_sock_addr, struct bpf_sock_addr_kern *, ctx) |
5048 | { |
5049 | return __bpf_get_netns_cookie(sk: ctx ? ctx->sk : NULL); |
5050 | } |
5051 | |
5052 | static const struct bpf_func_proto bpf_get_netns_cookie_sock_addr_proto = { |
5053 | .func = bpf_get_netns_cookie_sock_addr, |
5054 | .gpl_only = false, |
5055 | .ret_type = RET_INTEGER, |
5056 | .arg1_type = ARG_PTR_TO_CTX_OR_NULL, |
5057 | }; |
5058 | |
5059 | BPF_CALL_1(bpf_get_netns_cookie_sock_ops, struct bpf_sock_ops_kern *, ctx) |
5060 | { |
5061 | return __bpf_get_netns_cookie(sk: ctx ? ctx->sk : NULL); |
5062 | } |
5063 | |
5064 | static const struct bpf_func_proto bpf_get_netns_cookie_sock_ops_proto = { |
5065 | .func = bpf_get_netns_cookie_sock_ops, |
5066 | .gpl_only = false, |
5067 | .ret_type = RET_INTEGER, |
5068 | .arg1_type = ARG_PTR_TO_CTX_OR_NULL, |
5069 | }; |
5070 | |
5071 | BPF_CALL_1(bpf_get_netns_cookie_sk_msg, struct sk_msg *, ctx) |
5072 | { |
5073 | return __bpf_get_netns_cookie(sk: ctx ? ctx->sk : NULL); |
5074 | } |
5075 | |
5076 | static const struct bpf_func_proto bpf_get_netns_cookie_sk_msg_proto = { |
5077 | .func = bpf_get_netns_cookie_sk_msg, |
5078 | .gpl_only = false, |
5079 | .ret_type = RET_INTEGER, |
5080 | .arg1_type = ARG_PTR_TO_CTX_OR_NULL, |
5081 | }; |
5082 | |
5083 | BPF_CALL_1(bpf_get_socket_uid, struct sk_buff *, skb) |
5084 | { |
5085 | struct sock *sk = sk_to_full_sk(sk: skb->sk); |
5086 | kuid_t kuid; |
5087 | |
5088 | if (!sk || !sk_fullsock(sk)) |
5089 | return overflowuid; |
5090 | kuid = sock_net_uid(net: sock_net(sk), sk); |
5091 | return from_kuid_munged(to: sock_net(sk)->user_ns, uid: kuid); |
5092 | } |
5093 | |
5094 | static const struct bpf_func_proto bpf_get_socket_uid_proto = { |
5095 | .func = bpf_get_socket_uid, |
5096 | .gpl_only = false, |
5097 | .ret_type = RET_INTEGER, |
5098 | .arg1_type = ARG_PTR_TO_CTX, |
5099 | }; |
5100 | |
5101 | static int sol_socket_sockopt(struct sock *sk, int optname, |
5102 | char *optval, int *optlen, |
5103 | bool getopt) |
5104 | { |
5105 | switch (optname) { |
5106 | case SO_REUSEADDR: |
5107 | case SO_SNDBUF: |
5108 | case SO_RCVBUF: |
5109 | case SO_KEEPALIVE: |
5110 | case SO_PRIORITY: |
5111 | case SO_REUSEPORT: |
5112 | case SO_RCVLOWAT: |
5113 | case SO_MARK: |
5114 | case SO_MAX_PACING_RATE: |
5115 | case SO_BINDTOIFINDEX: |
5116 | case SO_TXREHASH: |
5117 | if (*optlen != sizeof(int)) |
5118 | return -EINVAL; |
5119 | break; |
5120 | case SO_BINDTODEVICE: |
5121 | break; |
5122 | default: |
5123 | return -EINVAL; |
5124 | } |
5125 | |
5126 | if (getopt) { |
5127 | if (optname == SO_BINDTODEVICE) |
5128 | return -EINVAL; |
5129 | return sk_getsockopt(sk, SOL_SOCKET, optname, |
5130 | optval: KERNEL_SOCKPTR(p: optval), |
5131 | optlen: KERNEL_SOCKPTR(p: optlen)); |
5132 | } |
5133 | |
5134 | return sk_setsockopt(sk, SOL_SOCKET, optname, |
5135 | optval: KERNEL_SOCKPTR(p: optval), optlen: *optlen); |
5136 | } |
5137 | |
5138 | static int bpf_sol_tcp_setsockopt(struct sock *sk, int optname, |
5139 | char *optval, int optlen) |
5140 | { |
5141 | struct tcp_sock *tp = tcp_sk(sk); |
5142 | unsigned long timeout; |
5143 | int val; |
5144 | |
5145 | if (optlen != sizeof(int)) |
5146 | return -EINVAL; |
5147 | |
5148 | val = *(int *)optval; |
5149 | |
5150 | /* Only some options are supported */ |
5151 | switch (optname) { |
5152 | case TCP_BPF_IW: |
5153 | if (val <= 0 || tp->data_segs_out > tp->syn_data) |
5154 | return -EINVAL; |
5155 | tcp_snd_cwnd_set(tp, val); |
5156 | break; |
5157 | case TCP_BPF_SNDCWND_CLAMP: |
5158 | if (val <= 0) |
5159 | return -EINVAL; |
5160 | tp->snd_cwnd_clamp = val; |
5161 | tp->snd_ssthresh = val; |
5162 | break; |
5163 | case TCP_BPF_DELACK_MAX: |
5164 | timeout = usecs_to_jiffies(u: val); |
5165 | if (timeout > TCP_DELACK_MAX || |
5166 | timeout < TCP_TIMEOUT_MIN) |
5167 | return -EINVAL; |
5168 | inet_csk(sk)->icsk_delack_max = timeout; |
5169 | break; |
5170 | case TCP_BPF_RTO_MIN: |
5171 | timeout = usecs_to_jiffies(u: val); |
5172 | if (timeout > TCP_RTO_MIN || |
5173 | timeout < TCP_TIMEOUT_MIN) |
5174 | return -EINVAL; |
5175 | inet_csk(sk)->icsk_rto_min = timeout; |
5176 | break; |
5177 | default: |
5178 | return -EINVAL; |
5179 | } |
5180 | |
5181 | return 0; |
5182 | } |
5183 | |
5184 | static int sol_tcp_sockopt_congestion(struct sock *sk, char *optval, |
5185 | int *optlen, bool getopt) |
5186 | { |
5187 | struct tcp_sock *tp; |
5188 | int ret; |
5189 | |
5190 | if (*optlen < 2) |
5191 | return -EINVAL; |
5192 | |
5193 | if (getopt) { |
5194 | if (!inet_csk(sk)->icsk_ca_ops) |
5195 | return -EINVAL; |
5196 | /* BPF expects NULL-terminated tcp-cc string */ |
5197 | optval[--(*optlen)] = '\0'; |
5198 | return do_tcp_getsockopt(sk, SOL_TCP, TCP_CONGESTION, |
5199 | optval: KERNEL_SOCKPTR(p: optval), |
5200 | optlen: KERNEL_SOCKPTR(p: optlen)); |
5201 | } |
5202 | |
5203 | /* "cdg" is the only cc that alloc a ptr |
5204 | * in inet_csk_ca area. The bpf-tcp-cc may |
5205 | * overwrite this ptr after switching to cdg. |
5206 | */ |
5207 | if (*optlen >= sizeof("cdg" ) - 1 && !strncmp("cdg" , optval, *optlen)) |
5208 | return -ENOTSUPP; |
5209 | |
5210 | /* It stops this looping |
5211 | * |
5212 | * .init => bpf_setsockopt(tcp_cc) => .init => |
5213 | * bpf_setsockopt(tcp_cc)" => .init => .... |
5214 | * |
5215 | * The second bpf_setsockopt(tcp_cc) is not allowed |
5216 | * in order to break the loop when both .init |
5217 | * are the same bpf prog. |
5218 | * |
5219 | * This applies even the second bpf_setsockopt(tcp_cc) |
5220 | * does not cause a loop. This limits only the first |
5221 | * '.init' can call bpf_setsockopt(TCP_CONGESTION) to |
5222 | * pick a fallback cc (eg. peer does not support ECN) |
5223 | * and the second '.init' cannot fallback to |
5224 | * another. |
5225 | */ |
5226 | tp = tcp_sk(sk); |
5227 | if (tp->bpf_chg_cc_inprogress) |
5228 | return -EBUSY; |
5229 | |
5230 | tp->bpf_chg_cc_inprogress = 1; |
5231 | ret = do_tcp_setsockopt(sk, SOL_TCP, TCP_CONGESTION, |
5232 | optval: KERNEL_SOCKPTR(p: optval), optlen: *optlen); |
5233 | tp->bpf_chg_cc_inprogress = 0; |
5234 | return ret; |
5235 | } |
5236 | |
5237 | static int sol_tcp_sockopt(struct sock *sk, int optname, |
5238 | char *optval, int *optlen, |
5239 | bool getopt) |
5240 | { |
5241 | if (sk->sk_protocol != IPPROTO_TCP) |
5242 | return -EINVAL; |
5243 | |
5244 | switch (optname) { |
5245 | case TCP_NODELAY: |
5246 | case TCP_MAXSEG: |
5247 | case TCP_KEEPIDLE: |
5248 | case TCP_KEEPINTVL: |
5249 | case TCP_KEEPCNT: |
5250 | case TCP_SYNCNT: |
5251 | case TCP_WINDOW_CLAMP: |
5252 | case TCP_THIN_LINEAR_TIMEOUTS: |
5253 | case TCP_USER_TIMEOUT: |
5254 | case TCP_NOTSENT_LOWAT: |
5255 | case TCP_SAVE_SYN: |
5256 | if (*optlen != sizeof(int)) |
5257 | return -EINVAL; |
5258 | break; |
5259 | case TCP_CONGESTION: |
5260 | return sol_tcp_sockopt_congestion(sk, optval, optlen, getopt); |
5261 | case TCP_SAVED_SYN: |
5262 | if (*optlen < 1) |
5263 | return -EINVAL; |
5264 | break; |
5265 | default: |
5266 | if (getopt) |
5267 | return -EINVAL; |
5268 | return bpf_sol_tcp_setsockopt(sk, optname, optval, optlen: *optlen); |
5269 | } |
5270 | |
5271 | if (getopt) { |
5272 | if (optname == TCP_SAVED_SYN) { |
5273 | struct tcp_sock *tp = tcp_sk(sk); |
5274 | |
5275 | if (!tp->saved_syn || |
5276 | *optlen > tcp_saved_syn_len(saved_syn: tp->saved_syn)) |
5277 | return -EINVAL; |
5278 | memcpy(optval, tp->saved_syn->data, *optlen); |
5279 | /* It cannot free tp->saved_syn here because it |
5280 | * does not know if the user space still needs it. |
5281 | */ |
5282 | return 0; |
5283 | } |
5284 | |
5285 | return do_tcp_getsockopt(sk, SOL_TCP, optname, |
5286 | optval: KERNEL_SOCKPTR(p: optval), |
5287 | optlen: KERNEL_SOCKPTR(p: optlen)); |
5288 | } |
5289 | |
5290 | return do_tcp_setsockopt(sk, SOL_TCP, optname, |
5291 | optval: KERNEL_SOCKPTR(p: optval), optlen: *optlen); |
5292 | } |
5293 | |
5294 | static int sol_ip_sockopt(struct sock *sk, int optname, |
5295 | char *optval, int *optlen, |
5296 | bool getopt) |
5297 | { |
5298 | if (sk->sk_family != AF_INET) |
5299 | return -EINVAL; |
5300 | |
5301 | switch (optname) { |
5302 | case IP_TOS: |
5303 | if (*optlen != sizeof(int)) |
5304 | return -EINVAL; |
5305 | break; |
5306 | default: |
5307 | return -EINVAL; |
5308 | } |
5309 | |
5310 | if (getopt) |
5311 | return do_ip_getsockopt(sk, SOL_IP, optname, |
5312 | optval: KERNEL_SOCKPTR(p: optval), |
5313 | optlen: KERNEL_SOCKPTR(p: optlen)); |
5314 | |
5315 | return do_ip_setsockopt(sk, SOL_IP, optname, |
5316 | optval: KERNEL_SOCKPTR(p: optval), optlen: *optlen); |
5317 | } |
5318 | |
5319 | static int sol_ipv6_sockopt(struct sock *sk, int optname, |
5320 | char *optval, int *optlen, |
5321 | bool getopt) |
5322 | { |
5323 | if (sk->sk_family != AF_INET6) |
5324 | return -EINVAL; |
5325 | |
5326 | switch (optname) { |
5327 | case IPV6_TCLASS: |
5328 | case IPV6_AUTOFLOWLABEL: |
5329 | if (*optlen != sizeof(int)) |
5330 | return -EINVAL; |
5331 | break; |
5332 | default: |
5333 | return -EINVAL; |
5334 | } |
5335 | |
5336 | if (getopt) |
5337 | return ipv6_bpf_stub->ipv6_getsockopt(sk, SOL_IPV6, optname, |
5338 | KERNEL_SOCKPTR(p: optval), |
5339 | KERNEL_SOCKPTR(p: optlen)); |
5340 | |
5341 | return ipv6_bpf_stub->ipv6_setsockopt(sk, SOL_IPV6, optname, |
5342 | KERNEL_SOCKPTR(p: optval), *optlen); |
5343 | } |
5344 | |
5345 | static int __bpf_setsockopt(struct sock *sk, int level, int optname, |
5346 | char *optval, int optlen) |
5347 | { |
5348 | if (!sk_fullsock(sk)) |
5349 | return -EINVAL; |
5350 | |
5351 | if (level == SOL_SOCKET) |
5352 | return sol_socket_sockopt(sk, optname, optval, optlen: &optlen, getopt: false); |
5353 | else if (IS_ENABLED(CONFIG_INET) && level == SOL_IP) |
5354 | return sol_ip_sockopt(sk, optname, optval, optlen: &optlen, getopt: false); |
5355 | else if (IS_ENABLED(CONFIG_IPV6) && level == SOL_IPV6) |
5356 | return sol_ipv6_sockopt(sk, optname, optval, optlen: &optlen, getopt: false); |
5357 | else if (IS_ENABLED(CONFIG_INET) && level == SOL_TCP) |
5358 | return sol_tcp_sockopt(sk, optname, optval, optlen: &optlen, getopt: false); |
5359 | |
5360 | return -EINVAL; |
5361 | } |
5362 | |
5363 | static int _bpf_setsockopt(struct sock *sk, int level, int optname, |
5364 | char *optval, int optlen) |
5365 | { |
5366 | if (sk_fullsock(sk)) |
5367 | sock_owned_by_me(sk); |
5368 | return __bpf_setsockopt(sk, level, optname, optval, optlen); |
5369 | } |
5370 | |
5371 | static int __bpf_getsockopt(struct sock *sk, int level, int optname, |
5372 | char *optval, int optlen) |
5373 | { |
5374 | int err, saved_optlen = optlen; |
5375 | |
5376 | if (!sk_fullsock(sk)) { |
5377 | err = -EINVAL; |
5378 | goto done; |
5379 | } |
5380 | |
5381 | if (level == SOL_SOCKET) |
5382 | err = sol_socket_sockopt(sk, optname, optval, optlen: &optlen, getopt: true); |
5383 | else if (IS_ENABLED(CONFIG_INET) && level == SOL_TCP) |
5384 | err = sol_tcp_sockopt(sk, optname, optval, optlen: &optlen, getopt: true); |
5385 | else if (IS_ENABLED(CONFIG_INET) && level == SOL_IP) |
5386 | err = sol_ip_sockopt(sk, optname, optval, optlen: &optlen, getopt: true); |
5387 | else if (IS_ENABLED(CONFIG_IPV6) && level == SOL_IPV6) |
5388 | err = sol_ipv6_sockopt(sk, optname, optval, optlen: &optlen, getopt: true); |
5389 | else |
5390 | err = -EINVAL; |
5391 | |
5392 | done: |
5393 | if (err) |
5394 | optlen = 0; |
5395 | if (optlen < saved_optlen) |
5396 | memset(optval + optlen, 0, saved_optlen - optlen); |
5397 | return err; |
5398 | } |
5399 | |
5400 | static int _bpf_getsockopt(struct sock *sk, int level, int optname, |
5401 | char *optval, int optlen) |
5402 | { |
5403 | if (sk_fullsock(sk)) |
5404 | sock_owned_by_me(sk); |
5405 | return __bpf_getsockopt(sk, level, optname, optval, optlen); |
5406 | } |
5407 | |
5408 | BPF_CALL_5(bpf_sk_setsockopt, struct sock *, sk, int, level, |
5409 | int, optname, char *, optval, int, optlen) |
5410 | { |
5411 | return _bpf_setsockopt(sk, level, optname, optval, optlen); |
5412 | } |
5413 | |
5414 | const struct bpf_func_proto bpf_sk_setsockopt_proto = { |
5415 | .func = bpf_sk_setsockopt, |
5416 | .gpl_only = false, |
5417 | .ret_type = RET_INTEGER, |
5418 | .arg1_type = ARG_PTR_TO_BTF_ID_SOCK_COMMON, |
5419 | .arg2_type = ARG_ANYTHING, |
5420 | .arg3_type = ARG_ANYTHING, |
5421 | .arg4_type = ARG_PTR_TO_MEM | MEM_RDONLY, |
5422 | .arg5_type = ARG_CONST_SIZE, |
5423 | }; |
5424 | |
5425 | BPF_CALL_5(bpf_sk_getsockopt, struct sock *, sk, int, level, |
5426 | int, optname, char *, optval, int, optlen) |
5427 | { |
5428 | return _bpf_getsockopt(sk, level, optname, optval, optlen); |
5429 | } |
5430 | |
5431 | const struct bpf_func_proto bpf_sk_getsockopt_proto = { |
5432 | .func = bpf_sk_getsockopt, |
5433 | .gpl_only = false, |
5434 | .ret_type = RET_INTEGER, |
5435 | .arg1_type = ARG_PTR_TO_BTF_ID_SOCK_COMMON, |
5436 | .arg2_type = ARG_ANYTHING, |
5437 | .arg3_type = ARG_ANYTHING, |
5438 | .arg4_type = ARG_PTR_TO_UNINIT_MEM, |
5439 | .arg5_type = ARG_CONST_SIZE, |
5440 | }; |
5441 | |
5442 | BPF_CALL_5(bpf_unlocked_sk_setsockopt, struct sock *, sk, int, level, |
5443 | int, optname, char *, optval, int, optlen) |
5444 | { |
5445 | return __bpf_setsockopt(sk, level, optname, optval, optlen); |
5446 | } |
5447 | |
5448 | const struct bpf_func_proto bpf_unlocked_sk_setsockopt_proto = { |
5449 | .func = bpf_unlocked_sk_setsockopt, |
5450 | .gpl_only = false, |
5451 | .ret_type = RET_INTEGER, |
5452 | .arg1_type = ARG_PTR_TO_BTF_ID_SOCK_COMMON, |
5453 | .arg2_type = ARG_ANYTHING, |
5454 | .arg3_type = ARG_ANYTHING, |
5455 | .arg4_type = ARG_PTR_TO_MEM | MEM_RDONLY, |
5456 | .arg5_type = ARG_CONST_SIZE, |
5457 | }; |
5458 | |
5459 | BPF_CALL_5(bpf_unlocked_sk_getsockopt, struct sock *, sk, int, level, |
5460 | int, optname, char *, optval, int, optlen) |
5461 | { |
5462 | return __bpf_getsockopt(sk, level, optname, optval, optlen); |
5463 | } |
5464 | |
5465 | const struct bpf_func_proto bpf_unlocked_sk_getsockopt_proto = { |
5466 | .func = bpf_unlocked_sk_getsockopt, |
5467 | .gpl_only = false, |
5468 | .ret_type = RET_INTEGER, |
5469 | .arg1_type = ARG_PTR_TO_BTF_ID_SOCK_COMMON, |
5470 | .arg2_type = ARG_ANYTHING, |
5471 | .arg3_type = ARG_ANYTHING, |
5472 | .arg4_type = ARG_PTR_TO_UNINIT_MEM, |
5473 | .arg5_type = ARG_CONST_SIZE, |
5474 | }; |
5475 | |
5476 | BPF_CALL_5(bpf_sock_addr_setsockopt, struct bpf_sock_addr_kern *, ctx, |
5477 | int, level, int, optname, char *, optval, int, optlen) |
5478 | { |
5479 | return _bpf_setsockopt(sk: ctx->sk, level, optname, optval, optlen); |
5480 | } |
5481 | |
5482 | static const struct bpf_func_proto bpf_sock_addr_setsockopt_proto = { |
5483 | .func = bpf_sock_addr_setsockopt, |
5484 | .gpl_only = false, |
5485 | .ret_type = RET_INTEGER, |
5486 | .arg1_type = ARG_PTR_TO_CTX, |
5487 | .arg2_type = ARG_ANYTHING, |
5488 | .arg3_type = ARG_ANYTHING, |
5489 | .arg4_type = ARG_PTR_TO_MEM | MEM_RDONLY, |
5490 | .arg5_type = ARG_CONST_SIZE, |
5491 | }; |
5492 | |
5493 | BPF_CALL_5(bpf_sock_addr_getsockopt, struct bpf_sock_addr_kern *, ctx, |
5494 | int, level, int, optname, char *, optval, int, optlen) |
5495 | { |
5496 | return _bpf_getsockopt(sk: ctx->sk, level, optname, optval, optlen); |
5497 | } |
5498 | |
5499 | static const struct bpf_func_proto bpf_sock_addr_getsockopt_proto = { |
5500 | .func = bpf_sock_addr_getsockopt, |
5501 | .gpl_only = false, |
5502 | .ret_type = RET_INTEGER, |
5503 | .arg1_type = ARG_PTR_TO_CTX, |
5504 | .arg2_type = ARG_ANYTHING, |
5505 | .arg3_type = ARG_ANYTHING, |
5506 | .arg4_type = ARG_PTR_TO_UNINIT_MEM, |
5507 | .arg5_type = ARG_CONST_SIZE, |
5508 | }; |
5509 | |
5510 | BPF_CALL_5(bpf_sock_ops_setsockopt, struct bpf_sock_ops_kern *, bpf_sock, |
5511 | int, level, int, optname, char *, optval, int, optlen) |
5512 | { |
5513 | return _bpf_setsockopt(sk: bpf_sock->sk, level, optname, optval, optlen); |
5514 | } |
5515 | |
5516 | static const struct bpf_func_proto bpf_sock_ops_setsockopt_proto = { |
5517 | .func = bpf_sock_ops_setsockopt, |
5518 | .gpl_only = false, |
5519 | .ret_type = RET_INTEGER, |
5520 | .arg1_type = ARG_PTR_TO_CTX, |
5521 | .arg2_type = ARG_ANYTHING, |
5522 | .arg3_type = ARG_ANYTHING, |
5523 | .arg4_type = ARG_PTR_TO_MEM | MEM_RDONLY, |
5524 | .arg5_type = ARG_CONST_SIZE, |
5525 | }; |
5526 | |
5527 | static int bpf_sock_ops_get_syn(struct bpf_sock_ops_kern *bpf_sock, |
5528 | int optname, const u8 **start) |
5529 | { |
5530 | struct sk_buff *syn_skb = bpf_sock->syn_skb; |
5531 | const u8 *hdr_start; |
5532 | int ret; |
5533 | |
5534 | if (syn_skb) { |
5535 | /* sk is a request_sock here */ |
5536 | |
5537 | if (optname == TCP_BPF_SYN) { |
5538 | hdr_start = syn_skb->data; |
5539 | ret = tcp_hdrlen(skb: syn_skb); |
5540 | } else if (optname == TCP_BPF_SYN_IP) { |
5541 | hdr_start = skb_network_header(skb: syn_skb); |
5542 | ret = skb_network_header_len(skb: syn_skb) + |
5543 | tcp_hdrlen(skb: syn_skb); |
5544 | } else { |
5545 | /* optname == TCP_BPF_SYN_MAC */ |
5546 | hdr_start = skb_mac_header(skb: syn_skb); |
5547 | ret = skb_mac_header_len(skb: syn_skb) + |
5548 | skb_network_header_len(skb: syn_skb) + |
5549 | tcp_hdrlen(skb: syn_skb); |
5550 | } |
5551 | } else { |
5552 | struct sock *sk = bpf_sock->sk; |
5553 | struct saved_syn *saved_syn; |
5554 | |
5555 | if (sk->sk_state == TCP_NEW_SYN_RECV) |
5556 | /* synack retransmit. bpf_sock->syn_skb will |
5557 | * not be available. It has to resort to |
5558 | * saved_syn (if it is saved). |
5559 | */ |
5560 | saved_syn = inet_reqsk(sk)->saved_syn; |
5561 | else |
5562 | saved_syn = tcp_sk(sk)->saved_syn; |
5563 | |
5564 | if (!saved_syn) |
5565 | return -ENOENT; |
5566 | |
5567 | if (optname == TCP_BPF_SYN) { |
5568 | hdr_start = saved_syn->data + |
5569 | saved_syn->mac_hdrlen + |
5570 | saved_syn->network_hdrlen; |
5571 | ret = saved_syn->tcp_hdrlen; |
5572 | } else if (optname == TCP_BPF_SYN_IP) { |
5573 | hdr_start = saved_syn->data + |
5574 | saved_syn->mac_hdrlen; |
5575 | ret = saved_syn->network_hdrlen + |
5576 | saved_syn->tcp_hdrlen; |
5577 | } else { |
5578 | /* optname == TCP_BPF_SYN_MAC */ |
5579 | |
5580 | /* TCP_SAVE_SYN may not have saved the mac hdr */ |
5581 | if (!saved_syn->mac_hdrlen) |
5582 | return -ENOENT; |
5583 | |
5584 | hdr_start = saved_syn->data; |
5585 | ret = saved_syn->mac_hdrlen + |
5586 | saved_syn->network_hdrlen + |
5587 | saved_syn->tcp_hdrlen; |
5588 | } |
5589 | } |
5590 | |
5591 | *start = hdr_start; |
5592 | return ret; |
5593 | } |
5594 | |
5595 | BPF_CALL_5(bpf_sock_ops_getsockopt, struct bpf_sock_ops_kern *, bpf_sock, |
5596 | int, level, int, optname, char *, optval, int, optlen) |
5597 | { |
5598 | if (IS_ENABLED(CONFIG_INET) && level == SOL_TCP && |
5599 | optname >= TCP_BPF_SYN && optname <= TCP_BPF_SYN_MAC) { |
5600 | int ret, copy_len = 0; |
5601 | const u8 *start; |
5602 | |
5603 | ret = bpf_sock_ops_get_syn(bpf_sock, optname, start: &start); |
5604 | if (ret > 0) { |
5605 | copy_len = ret; |
5606 | if (optlen < copy_len) { |
5607 | copy_len = optlen; |
5608 | ret = -ENOSPC; |
5609 | } |
5610 | |
5611 | memcpy(optval, start, copy_len); |
5612 | } |
5613 | |
5614 | /* Zero out unused buffer at the end */ |
5615 | memset(optval + copy_len, 0, optlen - copy_len); |
5616 | |
5617 | return ret; |
5618 | } |
5619 | |
5620 | return _bpf_getsockopt(sk: bpf_sock->sk, level, optname, optval, optlen); |
5621 | } |
5622 | |
5623 | static const struct bpf_func_proto bpf_sock_ops_getsockopt_proto = { |
5624 | .func = bpf_sock_ops_getsockopt, |
5625 | .gpl_only = false, |
5626 | .ret_type = RET_INTEGER, |
5627 | .arg1_type = ARG_PTR_TO_CTX, |
5628 | .arg2_type = ARG_ANYTHING, |
5629 | .arg3_type = ARG_ANYTHING, |
5630 | .arg4_type = ARG_PTR_TO_UNINIT_MEM, |
5631 | .arg5_type = ARG_CONST_SIZE, |
5632 | }; |
5633 | |
5634 | BPF_CALL_2(bpf_sock_ops_cb_flags_set, struct bpf_sock_ops_kern *, bpf_sock, |
5635 | int, argval) |
5636 | { |
5637 | struct sock *sk = bpf_sock->sk; |
5638 | int val = argval & BPF_SOCK_OPS_ALL_CB_FLAGS; |
5639 | |
5640 | if (!IS_ENABLED(CONFIG_INET) || !sk_fullsock(sk)) |
5641 | return -EINVAL; |
5642 | |
5643 | tcp_sk(sk)->bpf_sock_ops_cb_flags = val; |
5644 | |
5645 | return argval & (~BPF_SOCK_OPS_ALL_CB_FLAGS); |
5646 | } |
5647 | |
5648 | static const struct bpf_func_proto bpf_sock_ops_cb_flags_set_proto = { |
5649 | .func = bpf_sock_ops_cb_flags_set, |
5650 | .gpl_only = false, |
5651 | .ret_type = RET_INTEGER, |
5652 | .arg1_type = ARG_PTR_TO_CTX, |
5653 | .arg2_type = ARG_ANYTHING, |
5654 | }; |
5655 | |
5656 | const struct ipv6_bpf_stub *ipv6_bpf_stub __read_mostly; |
5657 | EXPORT_SYMBOL_GPL(ipv6_bpf_stub); |
5658 | |
5659 | BPF_CALL_3(bpf_bind, struct bpf_sock_addr_kern *, ctx, struct sockaddr *, addr, |
5660 | int, addr_len) |
5661 | { |
5662 | #ifdef CONFIG_INET |
5663 | struct sock *sk = ctx->sk; |
5664 | u32 flags = BIND_FROM_BPF; |
5665 | int err; |
5666 | |
5667 | err = -EINVAL; |
5668 | if (addr_len < offsetofend(struct sockaddr, sa_family)) |
5669 | return err; |
5670 | if (addr->sa_family == AF_INET) { |
5671 | if (addr_len < sizeof(struct sockaddr_in)) |
5672 | return err; |
5673 | if (((struct sockaddr_in *)addr)->sin_port == htons(0)) |
5674 | flags |= BIND_FORCE_ADDRESS_NO_PORT; |
5675 | return __inet_bind(sk, uaddr: addr, addr_len, flags); |
5676 | #if IS_ENABLED(CONFIG_IPV6) |
5677 | } else if (addr->sa_family == AF_INET6) { |
5678 | if (addr_len < SIN6_LEN_RFC2133) |
5679 | return err; |
5680 | if (((struct sockaddr_in6 *)addr)->sin6_port == htons(0)) |
5681 | flags |= BIND_FORCE_ADDRESS_NO_PORT; |
5682 | /* ipv6_bpf_stub cannot be NULL, since it's called from |
5683 | * bpf_cgroup_inet6_connect hook and ipv6 is already loaded |
5684 | */ |
5685 | return ipv6_bpf_stub->inet6_bind(sk, addr, addr_len, flags); |
5686 | #endif /* CONFIG_IPV6 */ |
5687 | } |
5688 | #endif /* CONFIG_INET */ |
5689 | |
5690 | return -EAFNOSUPPORT; |
5691 | } |
5692 | |
5693 | static const struct bpf_func_proto bpf_bind_proto = { |
5694 | .func = bpf_bind, |
5695 | .gpl_only = false, |
5696 | .ret_type = RET_INTEGER, |
5697 | .arg1_type = ARG_PTR_TO_CTX, |
5698 | .arg2_type = ARG_PTR_TO_MEM | MEM_RDONLY, |
5699 | .arg3_type = ARG_CONST_SIZE, |
5700 | }; |
5701 | |
5702 | #ifdef CONFIG_XFRM |
5703 | |
5704 | #if (IS_BUILTIN(CONFIG_XFRM_INTERFACE) && IS_ENABLED(CONFIG_DEBUG_INFO_BTF)) || \ |
5705 | (IS_MODULE(CONFIG_XFRM_INTERFACE) && IS_ENABLED(CONFIG_DEBUG_INFO_BTF_MODULES)) |
5706 | |
5707 | struct metadata_dst __percpu *xfrm_bpf_md_dst; |
5708 | EXPORT_SYMBOL_GPL(xfrm_bpf_md_dst); |
5709 | |
5710 | #endif |
5711 | |
5712 | BPF_CALL_5(bpf_skb_get_xfrm_state, struct sk_buff *, skb, u32, index, |
5713 | struct bpf_xfrm_state *, to, u32, size, u64, flags) |
5714 | { |
5715 | const struct sec_path *sp = skb_sec_path(skb); |
5716 | const struct xfrm_state *x; |
5717 | |
5718 | if (!sp || unlikely(index >= sp->len || flags)) |
5719 | goto err_clear; |
5720 | |
5721 | x = sp->xvec[index]; |
5722 | |
5723 | if (unlikely(size != sizeof(struct bpf_xfrm_state))) |
5724 | goto err_clear; |
5725 | |
5726 | to->reqid = x->props.reqid; |
5727 | to->spi = x->id.spi; |
5728 | to->family = x->props.family; |
5729 | to->ext = 0; |
5730 | |
5731 | if (to->family == AF_INET6) { |
5732 | memcpy(to->remote_ipv6, x->props.saddr.a6, |
5733 | sizeof(to->remote_ipv6)); |
5734 | } else { |
5735 | to->remote_ipv4 = x->props.saddr.a4; |
5736 | memset(&to->remote_ipv6[1], 0, sizeof(__u32) * 3); |
5737 | } |
5738 | |
5739 | return 0; |
5740 | err_clear: |
5741 | memset(to, 0, size); |
5742 | return -EINVAL; |
5743 | } |
5744 | |
5745 | static const struct bpf_func_proto bpf_skb_get_xfrm_state_proto = { |
5746 | .func = bpf_skb_get_xfrm_state, |
5747 | .gpl_only = false, |
5748 | .ret_type = RET_INTEGER, |
5749 | .arg1_type = ARG_PTR_TO_CTX, |
5750 | .arg2_type = ARG_ANYTHING, |
5751 | .arg3_type = ARG_PTR_TO_UNINIT_MEM, |
5752 | .arg4_type = ARG_CONST_SIZE, |
5753 | .arg5_type = ARG_ANYTHING, |
5754 | }; |
5755 | #endif |
5756 | |
5757 | #if IS_ENABLED(CONFIG_INET) || IS_ENABLED(CONFIG_IPV6) |
5758 | static int bpf_fib_set_fwd_params(struct bpf_fib_lookup *params, u32 mtu) |
5759 | { |
5760 | params->h_vlan_TCI = 0; |
5761 | params->h_vlan_proto = 0; |
5762 | if (mtu) |
5763 | params->mtu_result = mtu; /* union with tot_len */ |
5764 | |
5765 | return 0; |
5766 | } |
5767 | #endif |
5768 | |
5769 | #if IS_ENABLED(CONFIG_INET) |
5770 | static int bpf_ipv4_fib_lookup(struct net *net, struct bpf_fib_lookup *params, |
5771 | u32 flags, bool check_mtu) |
5772 | { |
5773 | struct fib_nh_common *nhc; |
5774 | struct in_device *in_dev; |
5775 | struct neighbour *neigh; |
5776 | struct net_device *dev; |
5777 | struct fib_result res; |
5778 | struct flowi4 fl4; |
5779 | u32 mtu = 0; |
5780 | int err; |
5781 | |
5782 | dev = dev_get_by_index_rcu(net, ifindex: params->ifindex); |
5783 | if (unlikely(!dev)) |
5784 | return -ENODEV; |
5785 | |
5786 | /* verify forwarding is enabled on this interface */ |
5787 | in_dev = __in_dev_get_rcu(dev); |
5788 | if (unlikely(!in_dev || !IN_DEV_FORWARD(in_dev))) |
5789 | return BPF_FIB_LKUP_RET_FWD_DISABLED; |
5790 | |
5791 | if (flags & BPF_FIB_LOOKUP_OUTPUT) { |
5792 | fl4.flowi4_iif = 1; |
5793 | fl4.flowi4_oif = params->ifindex; |
5794 | } else { |
5795 | fl4.flowi4_iif = params->ifindex; |
5796 | fl4.flowi4_oif = 0; |
5797 | } |
5798 | fl4.flowi4_tos = params->tos & IPTOS_RT_MASK; |
5799 | fl4.flowi4_scope = RT_SCOPE_UNIVERSE; |
5800 | fl4.flowi4_flags = 0; |
5801 | |
5802 | fl4.flowi4_proto = params->l4_protocol; |
5803 | fl4.daddr = params->ipv4_dst; |
5804 | fl4.saddr = params->ipv4_src; |
5805 | fl4.fl4_sport = params->sport; |
5806 | fl4.fl4_dport = params->dport; |
5807 | fl4.flowi4_multipath_hash = 0; |
5808 | |
5809 | if (flags & BPF_FIB_LOOKUP_DIRECT) { |
5810 | u32 tbid = l3mdev_fib_table_rcu(dev) ? : RT_TABLE_MAIN; |
5811 | struct fib_table *tb; |
5812 | |
5813 | if (flags & BPF_FIB_LOOKUP_TBID) { |
5814 | tbid = params->tbid; |
5815 | /* zero out for vlan output */ |
5816 | params->tbid = 0; |
5817 | } |
5818 | |
5819 | tb = fib_get_table(net, id: tbid); |
5820 | if (unlikely(!tb)) |
5821 | return BPF_FIB_LKUP_RET_NOT_FWDED; |
5822 | |
5823 | err = fib_table_lookup(tb, flp: &fl4, res: &res, FIB_LOOKUP_NOREF); |
5824 | } else { |
5825 | fl4.flowi4_mark = 0; |
5826 | fl4.flowi4_secid = 0; |
5827 | fl4.flowi4_tun_key.tun_id = 0; |
5828 | fl4.flowi4_uid = sock_net_uid(net, NULL); |
5829 | |
5830 | err = fib_lookup(net, flp: &fl4, res: &res, FIB_LOOKUP_NOREF); |
5831 | } |
5832 | |
5833 | if (err) { |
5834 | /* map fib lookup errors to RTN_ type */ |
5835 | if (err == -EINVAL) |
5836 | return BPF_FIB_LKUP_RET_BLACKHOLE; |
5837 | if (err == -EHOSTUNREACH) |
5838 | return BPF_FIB_LKUP_RET_UNREACHABLE; |
5839 | if (err == -EACCES) |
5840 | return BPF_FIB_LKUP_RET_PROHIBIT; |
5841 | |
5842 | return BPF_FIB_LKUP_RET_NOT_FWDED; |
5843 | } |
5844 | |
5845 | if (res.type != RTN_UNICAST) |
5846 | return BPF_FIB_LKUP_RET_NOT_FWDED; |
5847 | |
5848 | if (fib_info_num_path(fi: res.fi) > 1) |
5849 | fib_select_path(net, res: &res, fl4: &fl4, NULL); |
5850 | |
5851 | if (check_mtu) { |
5852 | mtu = ip_mtu_from_fib_result(res: &res, daddr: params->ipv4_dst); |
5853 | if (params->tot_len > mtu) { |
5854 | params->mtu_result = mtu; /* union with tot_len */ |
5855 | return BPF_FIB_LKUP_RET_FRAG_NEEDED; |
5856 | } |
5857 | } |
5858 | |
5859 | nhc = res.nhc; |
5860 | |
5861 | /* do not handle lwt encaps right now */ |
5862 | if (nhc->nhc_lwtstate) |
5863 | return BPF_FIB_LKUP_RET_UNSUPP_LWT; |
5864 | |
5865 | dev = nhc->nhc_dev; |
5866 | |
5867 | params->rt_metric = res.fi->fib_priority; |
5868 | params->ifindex = dev->ifindex; |
5869 | |
5870 | if (flags & BPF_FIB_LOOKUP_SRC) |
5871 | params->ipv4_src = fib_result_prefsrc(net, res: &res); |
5872 | |
5873 | /* xdp and cls_bpf programs are run in RCU-bh so |
5874 | * rcu_read_lock_bh is not needed here |
5875 | */ |
5876 | if (likely(nhc->nhc_gw_family != AF_INET6)) { |
5877 | if (nhc->nhc_gw_family) |
5878 | params->ipv4_dst = nhc->nhc_gw.ipv4; |
5879 | } else { |
5880 | struct in6_addr *dst = (struct in6_addr *)params->ipv6_dst; |
5881 | |
5882 | params->family = AF_INET6; |
5883 | *dst = nhc->nhc_gw.ipv6; |
5884 | } |
5885 | |
5886 | if (flags & BPF_FIB_LOOKUP_SKIP_NEIGH) |
5887 | goto set_fwd_params; |
5888 | |
5889 | if (likely(nhc->nhc_gw_family != AF_INET6)) |
5890 | neigh = __ipv4_neigh_lookup_noref(dev, |
5891 | key: (__force u32)params->ipv4_dst); |
5892 | else |
5893 | neigh = __ipv6_neigh_lookup_noref_stub(dev, pkey: params->ipv6_dst); |
5894 | |
5895 | if (!neigh || !(READ_ONCE(neigh->nud_state) & NUD_VALID)) |
5896 | return BPF_FIB_LKUP_RET_NO_NEIGH; |
5897 | memcpy(params->dmac, neigh->ha, ETH_ALEN); |
5898 | memcpy(params->smac, dev->dev_addr, ETH_ALEN); |
5899 | |
5900 | set_fwd_params: |
5901 | return bpf_fib_set_fwd_params(params, mtu); |
5902 | } |
5903 | #endif |
5904 | |
5905 | #if IS_ENABLED(CONFIG_IPV6) |
5906 | static int bpf_ipv6_fib_lookup(struct net *net, struct bpf_fib_lookup *params, |
5907 | u32 flags, bool check_mtu) |
5908 | { |
5909 | struct in6_addr *src = (struct in6_addr *) params->ipv6_src; |
5910 | struct in6_addr *dst = (struct in6_addr *) params->ipv6_dst; |
5911 | struct fib6_result res = {}; |
5912 | struct neighbour *neigh; |
5913 | struct net_device *dev; |
5914 | struct inet6_dev *idev; |
5915 | struct flowi6 fl6; |
5916 | int strict = 0; |
5917 | int oif, err; |
5918 | u32 mtu = 0; |
5919 | |
5920 | /* link local addresses are never forwarded */ |
5921 | if (rt6_need_strict(daddr: dst) || rt6_need_strict(daddr: src)) |
5922 | return BPF_FIB_LKUP_RET_NOT_FWDED; |
5923 | |
5924 | dev = dev_get_by_index_rcu(net, ifindex: params->ifindex); |
5925 | if (unlikely(!dev)) |
5926 | return -ENODEV; |
5927 | |
5928 | idev = __in6_dev_get_safely(dev); |
5929 | if (unlikely(!idev || !idev->cnf.forwarding)) |
5930 | return BPF_FIB_LKUP_RET_FWD_DISABLED; |
5931 | |
5932 | if (flags & BPF_FIB_LOOKUP_OUTPUT) { |
5933 | fl6.flowi6_iif = 1; |
5934 | oif = fl6.flowi6_oif = params->ifindex; |
5935 | } else { |
5936 | oif = fl6.flowi6_iif = params->ifindex; |
5937 | fl6.flowi6_oif = 0; |
5938 | strict = RT6_LOOKUP_F_HAS_SADDR; |
5939 | } |
5940 | fl6.flowlabel = params->flowinfo; |
5941 | fl6.flowi6_scope = 0; |
5942 | fl6.flowi6_flags = 0; |
5943 | fl6.mp_hash = 0; |
5944 | |
5945 | fl6.flowi6_proto = params->l4_protocol; |
5946 | fl6.daddr = *dst; |
5947 | fl6.saddr = *src; |
5948 | fl6.fl6_sport = params->sport; |
5949 | fl6.fl6_dport = params->dport; |
5950 | |
5951 | if (flags & BPF_FIB_LOOKUP_DIRECT) { |
5952 | u32 tbid = l3mdev_fib_table_rcu(dev) ? : RT_TABLE_MAIN; |
5953 | struct fib6_table *tb; |
5954 | |
5955 | if (flags & BPF_FIB_LOOKUP_TBID) { |
5956 | tbid = params->tbid; |
5957 | /* zero out for vlan output */ |
5958 | params->tbid = 0; |
5959 | } |
5960 | |
5961 | tb = ipv6_stub->fib6_get_table(net, tbid); |
5962 | if (unlikely(!tb)) |
5963 | return BPF_FIB_LKUP_RET_NOT_FWDED; |
5964 | |
5965 | err = ipv6_stub->fib6_table_lookup(net, tb, oif, &fl6, &res, |
5966 | strict); |
5967 | } else { |
5968 | fl6.flowi6_mark = 0; |
5969 | fl6.flowi6_secid = 0; |
5970 | fl6.flowi6_tun_key.tun_id = 0; |
5971 | fl6.flowi6_uid = sock_net_uid(net, NULL); |
5972 | |
5973 | err = ipv6_stub->fib6_lookup(net, oif, &fl6, &res, strict); |
5974 | } |
5975 | |
5976 | if (unlikely(err || IS_ERR_OR_NULL(res.f6i) || |
5977 | res.f6i == net->ipv6.fib6_null_entry)) |
5978 | return BPF_FIB_LKUP_RET_NOT_FWDED; |
5979 | |
5980 | switch (res.fib6_type) { |
5981 | /* only unicast is forwarded */ |
5982 | case RTN_UNICAST: |
5983 | break; |
5984 | case RTN_BLACKHOLE: |
5985 | return BPF_FIB_LKUP_RET_BLACKHOLE; |
5986 | case RTN_UNREACHABLE: |
5987 | return BPF_FIB_LKUP_RET_UNREACHABLE; |
5988 | case RTN_PROHIBIT: |
5989 | return BPF_FIB_LKUP_RET_PROHIBIT; |
5990 | default: |
5991 | return BPF_FIB_LKUP_RET_NOT_FWDED; |
5992 | } |
5993 | |
5994 | ipv6_stub->fib6_select_path(net, &res, &fl6, fl6.flowi6_oif, |
5995 | fl6.flowi6_oif != 0, NULL, strict); |
5996 | |
5997 | if (check_mtu) { |
5998 | mtu = ipv6_stub->ip6_mtu_from_fib6(&res, dst, src); |
5999 | if (params->tot_len > mtu) { |
6000 | params->mtu_result = mtu; /* union with tot_len */ |
6001 | return BPF_FIB_LKUP_RET_FRAG_NEEDED; |
6002 | } |
6003 | } |
6004 | |
6005 | if (res.nh->fib_nh_lws) |
6006 | return BPF_FIB_LKUP_RET_UNSUPP_LWT; |
6007 | |
6008 | if (res.nh->fib_nh_gw_family) |
6009 | *dst = res.nh->fib_nh_gw6; |
6010 | |
6011 | dev = res.nh->fib_nh_dev; |
6012 | params->rt_metric = res.f6i->fib6_metric; |
6013 | params->ifindex = dev->ifindex; |
6014 | |
6015 | if (flags & BPF_FIB_LOOKUP_SRC) { |
6016 | if (res.f6i->fib6_prefsrc.plen) { |
6017 | *src = res.f6i->fib6_prefsrc.addr; |
6018 | } else { |
6019 | err = ipv6_bpf_stub->ipv6_dev_get_saddr(net, dev, |
6020 | &fl6.daddr, 0, |
6021 | src); |
6022 | if (err) |
6023 | return BPF_FIB_LKUP_RET_NO_SRC_ADDR; |
6024 | } |
6025 | } |
6026 | |
6027 | if (flags & BPF_FIB_LOOKUP_SKIP_NEIGH) |
6028 | goto set_fwd_params; |
6029 | |
6030 | /* xdp and cls_bpf programs are run in RCU-bh so rcu_read_lock_bh is |
6031 | * not needed here. |
6032 | */ |
6033 | neigh = __ipv6_neigh_lookup_noref_stub(dev, pkey: dst); |
6034 | if (!neigh || !(READ_ONCE(neigh->nud_state) & NUD_VALID)) |
6035 | return BPF_FIB_LKUP_RET_NO_NEIGH; |
6036 | memcpy(params->dmac, neigh->ha, ETH_ALEN); |
6037 | memcpy(params->smac, dev->dev_addr, ETH_ALEN); |
6038 | |
6039 | set_fwd_params: |
6040 | return bpf_fib_set_fwd_params(params, mtu); |
6041 | } |
6042 | #endif |
6043 | |
6044 | #define BPF_FIB_LOOKUP_MASK (BPF_FIB_LOOKUP_DIRECT | BPF_FIB_LOOKUP_OUTPUT | \ |
6045 | BPF_FIB_LOOKUP_SKIP_NEIGH | BPF_FIB_LOOKUP_TBID | \ |
6046 | BPF_FIB_LOOKUP_SRC) |
6047 | |
6048 | BPF_CALL_4(bpf_xdp_fib_lookup, struct xdp_buff *, ctx, |
6049 | struct bpf_fib_lookup *, params, int, plen, u32, flags) |
6050 | { |
6051 | if (plen < sizeof(*params)) |
6052 | return -EINVAL; |
6053 | |
6054 | if (flags & ~BPF_FIB_LOOKUP_MASK) |
6055 | return -EINVAL; |
6056 | |
6057 | switch (params->family) { |
6058 | #if IS_ENABLED(CONFIG_INET) |
6059 | case AF_INET: |
6060 | return bpf_ipv4_fib_lookup(net: dev_net(dev: ctx->rxq->dev), params, |
6061 | flags, check_mtu: true); |
6062 | #endif |
6063 | #if IS_ENABLED(CONFIG_IPV6) |
6064 | case AF_INET6: |
6065 | return bpf_ipv6_fib_lookup(net: dev_net(dev: ctx->rxq->dev), params, |
6066 | flags, check_mtu: true); |
6067 | #endif |
6068 | } |
6069 | return -EAFNOSUPPORT; |
6070 | } |
6071 | |
6072 | static const struct bpf_func_proto bpf_xdp_fib_lookup_proto = { |
6073 | .func = bpf_xdp_fib_lookup, |
6074 | .gpl_only = true, |
6075 | .ret_type = RET_INTEGER, |
6076 | .arg1_type = ARG_PTR_TO_CTX, |
6077 | .arg2_type = ARG_PTR_TO_MEM, |
6078 | .arg3_type = ARG_CONST_SIZE, |
6079 | .arg4_type = ARG_ANYTHING, |
6080 | }; |
6081 | |
6082 | BPF_CALL_4(bpf_skb_fib_lookup, struct sk_buff *, skb, |
6083 | struct bpf_fib_lookup *, params, int, plen, u32, flags) |
6084 | { |
6085 | struct net *net = dev_net(dev: skb->dev); |
6086 | int rc = -EAFNOSUPPORT; |
6087 | bool check_mtu = false; |
6088 | |
6089 | if (plen < sizeof(*params)) |
6090 | return -EINVAL; |
6091 | |
6092 | if (flags & ~BPF_FIB_LOOKUP_MASK) |
6093 | return -EINVAL; |
6094 | |
6095 | if (params->tot_len) |
6096 | check_mtu = true; |
6097 | |
6098 | switch (params->family) { |
6099 | #if IS_ENABLED(CONFIG_INET) |
6100 | case AF_INET: |
6101 | rc = bpf_ipv4_fib_lookup(net, params, flags, check_mtu); |
6102 | break; |
6103 | #endif |
6104 | #if IS_ENABLED(CONFIG_IPV6) |
6105 | case AF_INET6: |
6106 | rc = bpf_ipv6_fib_lookup(net, params, flags, check_mtu); |
6107 | break; |
6108 | #endif |
6109 | } |
6110 | |
6111 | if (rc == BPF_FIB_LKUP_RET_SUCCESS && !check_mtu) { |
6112 | struct net_device *dev; |
6113 | |
6114 | /* When tot_len isn't provided by user, check skb |
6115 | * against MTU of FIB lookup resulting net_device |
6116 | */ |
6117 | dev = dev_get_by_index_rcu(net, ifindex: params->ifindex); |
6118 | if (!is_skb_forwardable(dev, skb)) |
6119 | rc = BPF_FIB_LKUP_RET_FRAG_NEEDED; |
6120 | |
6121 | params->mtu_result = dev->mtu; /* union with tot_len */ |
6122 | } |
6123 | |
6124 | return rc; |
6125 | } |
6126 | |
6127 | static const struct bpf_func_proto bpf_skb_fib_lookup_proto = { |
6128 | .func = bpf_skb_fib_lookup, |
6129 | .gpl_only = true, |
6130 | .ret_type = RET_INTEGER, |
6131 | .arg1_type = ARG_PTR_TO_CTX, |
6132 | .arg2_type = ARG_PTR_TO_MEM, |
6133 | .arg3_type = ARG_CONST_SIZE, |
6134 | .arg4_type = ARG_ANYTHING, |
6135 | }; |
6136 | |
6137 | static struct net_device *__dev_via_ifindex(struct net_device *dev_curr, |
6138 | u32 ifindex) |
6139 | { |
6140 | struct net *netns = dev_net(dev: dev_curr); |
6141 | |
6142 | /* Non-redirect use-cases can use ifindex=0 and save ifindex lookup */ |
6143 | if (ifindex == 0) |
6144 | return dev_curr; |
6145 | |
6146 | return dev_get_by_index_rcu(net: netns, ifindex); |
6147 | } |
6148 | |
6149 | BPF_CALL_5(bpf_skb_check_mtu, struct sk_buff *, skb, |
6150 | u32, ifindex, u32 *, mtu_len, s32, len_diff, u64, flags) |
6151 | { |
6152 | int ret = BPF_MTU_CHK_RET_FRAG_NEEDED; |
6153 | struct net_device *dev = skb->dev; |
6154 | int skb_len, dev_len; |
6155 | int mtu; |
6156 | |
6157 | if (unlikely(flags & ~(BPF_MTU_CHK_SEGS))) |
6158 | return -EINVAL; |
6159 | |
6160 | if (unlikely(flags & BPF_MTU_CHK_SEGS && (len_diff || *mtu_len))) |
6161 | return -EINVAL; |
6162 | |
6163 | dev = __dev_via_ifindex(dev_curr: dev, ifindex); |
6164 | if (unlikely(!dev)) |
6165 | return -ENODEV; |
6166 | |
6167 | mtu = READ_ONCE(dev->mtu); |
6168 | |
6169 | dev_len = mtu + dev->hard_header_len; |
6170 | |
6171 | /* If set use *mtu_len as input, L3 as iph->tot_len (like fib_lookup) */ |
6172 | skb_len = *mtu_len ? *mtu_len + dev->hard_header_len : skb->len; |
6173 | |
6174 | skb_len += len_diff; /* minus result pass check */ |
6175 | if (skb_len <= dev_len) { |
6176 | ret = BPF_MTU_CHK_RET_SUCCESS; |
6177 | goto out; |
6178 | } |
6179 | /* At this point, skb->len exceed MTU, but as it include length of all |
6180 | * segments, it can still be below MTU. The SKB can possibly get |
6181 | * re-segmented in transmit path (see validate_xmit_skb). Thus, user |
6182 | * must choose if segs are to be MTU checked. |
6183 | */ |
6184 | if (skb_is_gso(skb)) { |
6185 | ret = BPF_MTU_CHK_RET_SUCCESS; |
6186 | |
6187 | if (flags & BPF_MTU_CHK_SEGS && |
6188 | !skb_gso_validate_network_len(skb, mtu)) |
6189 | ret = BPF_MTU_CHK_RET_SEGS_TOOBIG; |
6190 | } |
6191 | out: |
6192 | /* BPF verifier guarantees valid pointer */ |
6193 | *mtu_len = mtu; |
6194 | |
6195 | return ret; |
6196 | } |
6197 | |
6198 | BPF_CALL_5(bpf_xdp_check_mtu, struct xdp_buff *, xdp, |
6199 | u32, ifindex, u32 *, mtu_len, s32, len_diff, u64, flags) |
6200 | { |
6201 | struct net_device *dev = xdp->rxq->dev; |
6202 | int xdp_len = xdp->data_end - xdp->data; |
6203 | int ret = BPF_MTU_CHK_RET_SUCCESS; |
6204 | int mtu, dev_len; |
6205 | |
6206 | /* XDP variant doesn't support multi-buffer segment check (yet) */ |
6207 | if (unlikely(flags)) |
6208 | return -EINVAL; |
6209 | |
6210 | dev = __dev_via_ifindex(dev_curr: dev, ifindex); |
6211 | if (unlikely(!dev)) |
6212 | return -ENODEV; |
6213 | |
6214 | mtu = READ_ONCE(dev->mtu); |
6215 | |
6216 | /* Add L2-header as dev MTU is L3 size */ |
6217 | dev_len = mtu + dev->hard_header_len; |
6218 | |
6219 | /* Use *mtu_len as input, L3 as iph->tot_len (like fib_lookup) */ |
6220 | if (*mtu_len) |
6221 | xdp_len = *mtu_len + dev->hard_header_len; |
6222 | |
6223 | xdp_len += len_diff; /* minus result pass check */ |
6224 | if (xdp_len > dev_len) |
6225 | ret = BPF_MTU_CHK_RET_FRAG_NEEDED; |
6226 | |
6227 | /* BPF verifier guarantees valid pointer */ |
6228 | *mtu_len = mtu; |
6229 | |
6230 | return ret; |
6231 | } |
6232 | |
6233 | static const struct bpf_func_proto bpf_skb_check_mtu_proto = { |
6234 | .func = bpf_skb_check_mtu, |
6235 | .gpl_only = true, |
6236 | .ret_type = RET_INTEGER, |
6237 | .arg1_type = ARG_PTR_TO_CTX, |
6238 | .arg2_type = ARG_ANYTHING, |
6239 | .arg3_type = ARG_PTR_TO_INT, |
6240 | .arg4_type = ARG_ANYTHING, |
6241 | .arg5_type = ARG_ANYTHING, |
6242 | }; |
6243 | |
6244 | static const struct bpf_func_proto bpf_xdp_check_mtu_proto = { |
6245 | .func = bpf_xdp_check_mtu, |
6246 | .gpl_only = true, |
6247 | .ret_type = RET_INTEGER, |
6248 | .arg1_type = ARG_PTR_TO_CTX, |
6249 | .arg2_type = ARG_ANYTHING, |
6250 | .arg3_type = ARG_PTR_TO_INT, |
6251 | .arg4_type = ARG_ANYTHING, |
6252 | .arg5_type = ARG_ANYTHING, |
6253 | }; |
6254 | |
6255 | #if IS_ENABLED(CONFIG_IPV6_SEG6_BPF) |
6256 | static int bpf_push_seg6_encap(struct sk_buff *skb, u32 type, void *hdr, u32 len) |
6257 | { |
6258 | int err; |
6259 | struct ipv6_sr_hdr *srh = (struct ipv6_sr_hdr *)hdr; |
6260 | |
6261 | if (!seg6_validate_srh(srh, len, reduced: false)) |
6262 | return -EINVAL; |
6263 | |
6264 | switch (type) { |
6265 | case BPF_LWT_ENCAP_SEG6_INLINE: |
6266 | if (skb->protocol != htons(ETH_P_IPV6)) |
6267 | return -EBADMSG; |
6268 | |
6269 | err = seg6_do_srh_inline(skb, osrh: srh); |
6270 | break; |
6271 | case BPF_LWT_ENCAP_SEG6: |
6272 | skb_reset_inner_headers(skb); |
6273 | skb->encapsulation = 1; |
6274 | err = seg6_do_srh_encap(skb, osrh: srh, IPPROTO_IPV6); |
6275 | break; |
6276 | default: |
6277 | return -EINVAL; |
6278 | } |
6279 | |
6280 | bpf_compute_data_pointers(skb); |
6281 | if (err) |
6282 | return err; |
6283 | |
6284 | skb_set_transport_header(skb, offset: sizeof(struct ipv6hdr)); |
6285 | |
6286 | return seg6_lookup_nexthop(skb, NULL, tbl_id: 0); |
6287 | } |
6288 | #endif /* CONFIG_IPV6_SEG6_BPF */ |
6289 | |
6290 | #if IS_ENABLED(CONFIG_LWTUNNEL_BPF) |
6291 | static int bpf_push_ip_encap(struct sk_buff *skb, void *hdr, u32 len, |
6292 | bool ingress) |
6293 | { |
6294 | return bpf_lwt_push_ip_encap(skb, hdr, len, ingress); |
6295 | } |
6296 | #endif |
6297 | |
6298 | BPF_CALL_4(bpf_lwt_in_push_encap, struct sk_buff *, skb, u32, type, void *, hdr, |
6299 | u32, len) |
6300 | { |
6301 | switch (type) { |
6302 | #if IS_ENABLED(CONFIG_IPV6_SEG6_BPF) |
6303 | case BPF_LWT_ENCAP_SEG6: |
6304 | case BPF_LWT_ENCAP_SEG6_INLINE: |
6305 | return bpf_push_seg6_encap(skb, type, hdr, len); |
6306 | #endif |
6307 | #if IS_ENABLED(CONFIG_LWTUNNEL_BPF) |
6308 | case BPF_LWT_ENCAP_IP: |
6309 | return bpf_push_ip_encap(skb, hdr, len, ingress: true /* ingress */); |
6310 | #endif |
6311 | default: |
6312 | return -EINVAL; |
6313 | } |
6314 | } |
6315 | |
6316 | BPF_CALL_4(bpf_lwt_xmit_push_encap, struct sk_buff *, skb, u32, type, |
6317 | void *, hdr, u32, len) |
6318 | { |
6319 | switch (type) { |
6320 | #if IS_ENABLED(CONFIG_LWTUNNEL_BPF) |
6321 | case BPF_LWT_ENCAP_IP: |
6322 | return bpf_push_ip_encap(skb, hdr, len, ingress: false /* egress */); |
6323 | #endif |
6324 | default: |
6325 | return -EINVAL; |
6326 | } |
6327 | } |
6328 | |
6329 | static const struct bpf_func_proto bpf_lwt_in_push_encap_proto = { |
6330 | .func = bpf_lwt_in_push_encap, |
6331 | .gpl_only = false, |
6332 | .ret_type = RET_INTEGER, |
6333 | .arg1_type = ARG_PTR_TO_CTX, |
6334 | .arg2_type = ARG_ANYTHING, |
6335 | .arg3_type = ARG_PTR_TO_MEM | MEM_RDONLY, |
6336 | .arg4_type = ARG_CONST_SIZE |
6337 | }; |
6338 | |
6339 | static const struct bpf_func_proto bpf_lwt_xmit_push_encap_proto = { |
6340 | .func = bpf_lwt_xmit_push_encap, |
6341 | .gpl_only = false, |
6342 | .ret_type = RET_INTEGER, |
6343 | .arg1_type = ARG_PTR_TO_CTX, |
6344 | .arg2_type = ARG_ANYTHING, |
6345 | .arg3_type = ARG_PTR_TO_MEM | MEM_RDONLY, |
6346 | .arg4_type = ARG_CONST_SIZE |
6347 | }; |
6348 | |
6349 | #if IS_ENABLED(CONFIG_IPV6_SEG6_BPF) |
6350 | BPF_CALL_4(bpf_lwt_seg6_store_bytes, struct sk_buff *, skb, u32, offset, |
6351 | const void *, from, u32, len) |
6352 | { |
6353 | struct seg6_bpf_srh_state *srh_state = |
6354 | this_cpu_ptr(&seg6_bpf_srh_states); |
6355 | struct ipv6_sr_hdr *srh = srh_state->srh; |
6356 | void *srh_tlvs, *srh_end, *ptr; |
6357 | int srhoff = 0; |
6358 | |
6359 | if (srh == NULL) |
6360 | return -EINVAL; |
6361 | |
6362 | srh_tlvs = (void *)((char *)srh + ((srh->first_segment + 1) << 4)); |
6363 | srh_end = (void *)((char *)srh + sizeof(*srh) + srh_state->hdrlen); |
6364 | |
6365 | ptr = skb->data + offset; |
6366 | if (ptr >= srh_tlvs && ptr + len <= srh_end) |
6367 | srh_state->valid = false; |
6368 | else if (ptr < (void *)&srh->flags || |
6369 | ptr + len > (void *)&srh->segments) |
6370 | return -EFAULT; |
6371 | |
6372 | if (unlikely(bpf_try_make_writable(skb, offset + len))) |
6373 | return -EFAULT; |
6374 | if (ipv6_find_hdr(skb, offset: &srhoff, IPPROTO_ROUTING, NULL, NULL) < 0) |
6375 | return -EINVAL; |
6376 | srh_state->srh = (struct ipv6_sr_hdr *)(skb->data + srhoff); |
6377 | |
6378 | memcpy(skb->data + offset, from, len); |
6379 | return 0; |
6380 | } |
6381 | |
6382 | static const struct bpf_func_proto bpf_lwt_seg6_store_bytes_proto = { |
6383 | .func = bpf_lwt_seg6_store_bytes, |
6384 | .gpl_only = false, |
6385 | .ret_type = RET_INTEGER, |
6386 | .arg1_type = ARG_PTR_TO_CTX, |
6387 | .arg2_type = ARG_ANYTHING, |
6388 | .arg3_type = ARG_PTR_TO_MEM | MEM_RDONLY, |
6389 | .arg4_type = ARG_CONST_SIZE |
6390 | }; |
6391 | |
6392 | static void bpf_update_srh_state(struct sk_buff *skb) |
6393 | { |
6394 | struct seg6_bpf_srh_state *srh_state = |
6395 | this_cpu_ptr(&seg6_bpf_srh_states); |
6396 | int srhoff = 0; |
6397 | |
6398 | if (ipv6_find_hdr(skb, offset: &srhoff, IPPROTO_ROUTING, NULL, NULL) < 0) { |
6399 | srh_state->srh = NULL; |
6400 | } else { |
6401 | srh_state->srh = (struct ipv6_sr_hdr *)(skb->data + srhoff); |
6402 | srh_state->hdrlen = srh_state->srh->hdrlen << 3; |
6403 | srh_state->valid = true; |
6404 | } |
6405 | } |
6406 | |
6407 | BPF_CALL_4(bpf_lwt_seg6_action, struct sk_buff *, skb, |
6408 | u32, action, void *, param, u32, param_len) |
6409 | { |
6410 | struct seg6_bpf_srh_state *srh_state = |
6411 | this_cpu_ptr(&seg6_bpf_srh_states); |
6412 | int hdroff = 0; |
6413 | int err; |
6414 | |
6415 | switch (action) { |
6416 | case SEG6_LOCAL_ACTION_END_X: |
6417 | if (!seg6_bpf_has_valid_srh(skb)) |
6418 | return -EBADMSG; |
6419 | if (param_len != sizeof(struct in6_addr)) |
6420 | return -EINVAL; |
6421 | return seg6_lookup_nexthop(skb, nhaddr: (struct in6_addr *)param, tbl_id: 0); |
6422 | case SEG6_LOCAL_ACTION_END_T: |
6423 | if (!seg6_bpf_has_valid_srh(skb)) |
6424 | return -EBADMSG; |
6425 | if (param_len != sizeof(int)) |
6426 | return -EINVAL; |
6427 | return seg6_lookup_nexthop(skb, NULL, tbl_id: *(int *)param); |
6428 | case SEG6_LOCAL_ACTION_END_DT6: |
6429 | if (!seg6_bpf_has_valid_srh(skb)) |
6430 | return -EBADMSG; |
6431 | if (param_len != sizeof(int)) |
6432 | return -EINVAL; |
6433 | |
6434 | if (ipv6_find_hdr(skb, offset: &hdroff, IPPROTO_IPV6, NULL, NULL) < 0) |
6435 | return -EBADMSG; |
6436 | if (!pskb_pull(skb, len: hdroff)) |
6437 | return -EBADMSG; |
6438 | |
6439 | skb_postpull_rcsum(skb, start: skb_network_header(skb), len: hdroff); |
6440 | skb_reset_network_header(skb); |
6441 | skb_reset_transport_header(skb); |
6442 | skb->encapsulation = 0; |
6443 | |
6444 | bpf_compute_data_pointers(skb); |
6445 | bpf_update_srh_state(skb); |
6446 | return seg6_lookup_nexthop(skb, NULL, tbl_id: *(int *)param); |
6447 | case SEG6_LOCAL_ACTION_END_B6: |
6448 | if (srh_state->srh && !seg6_bpf_has_valid_srh(skb)) |
6449 | return -EBADMSG; |
6450 | err = bpf_push_seg6_encap(skb, type: BPF_LWT_ENCAP_SEG6_INLINE, |
6451 | hdr: param, len: param_len); |
6452 | if (!err) |
6453 | bpf_update_srh_state(skb); |
6454 | |
6455 | return err; |
6456 | case SEG6_LOCAL_ACTION_END_B6_ENCAP: |
6457 | if (srh_state->srh && !seg6_bpf_has_valid_srh(skb)) |
6458 | return -EBADMSG; |
6459 | err = bpf_push_seg6_encap(skb, type: BPF_LWT_ENCAP_SEG6, |
6460 | hdr: param, len: param_len); |
6461 | if (!err) |
6462 | bpf_update_srh_state(skb); |
6463 | |
6464 | return err; |
6465 | default: |
6466 | return -EINVAL; |
6467 | } |
6468 | } |
6469 | |
6470 | static const struct bpf_func_proto bpf_lwt_seg6_action_proto = { |
6471 | .func = bpf_lwt_seg6_action, |
6472 | .gpl_only = false, |
6473 | .ret_type = RET_INTEGER, |
6474 | .arg1_type = ARG_PTR_TO_CTX, |
6475 | .arg2_type = ARG_ANYTHING, |
6476 | .arg3_type = ARG_PTR_TO_MEM | MEM_RDONLY, |
6477 | .arg4_type = ARG_CONST_SIZE |
6478 | }; |
6479 | |
6480 | BPF_CALL_3(bpf_lwt_seg6_adjust_srh, struct sk_buff *, skb, u32, offset, |
6481 | s32, len) |
6482 | { |
6483 | struct seg6_bpf_srh_state *srh_state = |
6484 | this_cpu_ptr(&seg6_bpf_srh_states); |
6485 | struct ipv6_sr_hdr *srh = srh_state->srh; |
6486 | void *srh_end, *srh_tlvs, *ptr; |
6487 | struct ipv6hdr *hdr; |
6488 | int srhoff = 0; |
6489 | int ret; |
6490 | |
6491 | if (unlikely(srh == NULL)) |
6492 | return -EINVAL; |
6493 | |
6494 | srh_tlvs = (void *)((unsigned char *)srh + sizeof(*srh) + |
6495 | ((srh->first_segment + 1) << 4)); |
6496 | srh_end = (void *)((unsigned char *)srh + sizeof(*srh) + |
6497 | srh_state->hdrlen); |
6498 | ptr = skb->data + offset; |
6499 | |
6500 | if (unlikely(ptr < srh_tlvs || ptr > srh_end)) |
6501 | return -EFAULT; |
6502 | if (unlikely(len < 0 && (void *)((char *)ptr - len) > srh_end)) |
6503 | return -EFAULT; |
6504 | |
6505 | if (len > 0) { |
6506 | ret = skb_cow_head(skb, headroom: len); |
6507 | if (unlikely(ret < 0)) |
6508 | return ret; |
6509 | |
6510 | ret = bpf_skb_net_hdr_push(skb, off: offset, len); |
6511 | } else { |
6512 | ret = bpf_skb_net_hdr_pop(skb, off: offset, len: -1 * len); |
6513 | } |
6514 | |
6515 | bpf_compute_data_pointers(skb); |
6516 | if (unlikely(ret < 0)) |
6517 | return ret; |
6518 | |
6519 | hdr = (struct ipv6hdr *)skb->data; |
6520 | hdr->payload_len = htons(skb->len - sizeof(struct ipv6hdr)); |
6521 | |
6522 | if (ipv6_find_hdr(skb, offset: &srhoff, IPPROTO_ROUTING, NULL, NULL) < 0) |
6523 | return -EINVAL; |
6524 | srh_state->srh = (struct ipv6_sr_hdr *)(skb->data + srhoff); |
6525 | srh_state->hdrlen += len; |
6526 | srh_state->valid = false; |
6527 | return 0; |
6528 | } |
6529 | |
6530 | static const struct bpf_func_proto bpf_lwt_seg6_adjust_srh_proto = { |
6531 | .func = bpf_lwt_seg6_adjust_srh, |
6532 | .gpl_only = false, |
6533 | .ret_type = RET_INTEGER, |
6534 | .arg1_type = ARG_PTR_TO_CTX, |
6535 | .arg2_type = ARG_ANYTHING, |
6536 | .arg3_type = ARG_ANYTHING, |
6537 | }; |
6538 | #endif /* CONFIG_IPV6_SEG6_BPF */ |
6539 | |
6540 | #ifdef CONFIG_INET |
6541 | static struct sock *sk_lookup(struct net *net, struct bpf_sock_tuple *tuple, |
6542 | int dif, int sdif, u8 family, u8 proto) |
6543 | { |
6544 | struct inet_hashinfo *hinfo = net->ipv4.tcp_death_row.hashinfo; |
6545 | bool refcounted = false; |
6546 | struct sock *sk = NULL; |
6547 | |
6548 | if (family == AF_INET) { |
6549 | __be32 src4 = tuple->ipv4.saddr; |
6550 | __be32 dst4 = tuple->ipv4.daddr; |
6551 | |
6552 | if (proto == IPPROTO_TCP) |
6553 | sk = __inet_lookup(net, hashinfo: hinfo, NULL, doff: 0, |
6554 | saddr: src4, sport: tuple->ipv4.sport, |
6555 | daddr: dst4, dport: tuple->ipv4.dport, |
6556 | dif, sdif, refcounted: &refcounted); |
6557 | else |
6558 | sk = __udp4_lib_lookup(net, saddr: src4, sport: tuple->ipv4.sport, |
6559 | daddr: dst4, dport: tuple->ipv4.dport, |
6560 | dif, sdif, tbl: net->ipv4.udp_table, NULL); |
6561 | #if IS_ENABLED(CONFIG_IPV6) |
6562 | } else { |
6563 | struct in6_addr *src6 = (struct in6_addr *)&tuple->ipv6.saddr; |
6564 | struct in6_addr *dst6 = (struct in6_addr *)&tuple->ipv6.daddr; |
6565 | |
6566 | if (proto == IPPROTO_TCP) |
6567 | sk = __inet6_lookup(net, hashinfo: hinfo, NULL, doff: 0, |
6568 | saddr: src6, sport: tuple->ipv6.sport, |
6569 | daddr: dst6, ntohs(tuple->ipv6.dport), |
6570 | dif, sdif, refcounted: &refcounted); |
6571 | else if (likely(ipv6_bpf_stub)) |
6572 | sk = ipv6_bpf_stub->udp6_lib_lookup(net, |
6573 | src6, tuple->ipv6.sport, |
6574 | dst6, tuple->ipv6.dport, |
6575 | dif, sdif, |
6576 | net->ipv4.udp_table, NULL); |
6577 | #endif |
6578 | } |
6579 | |
6580 | if (unlikely(sk && !refcounted && !sock_flag(sk, SOCK_RCU_FREE))) { |
6581 | WARN_ONCE(1, "Found non-RCU, unreferenced socket!" ); |
6582 | sk = NULL; |
6583 | } |
6584 | return sk; |
6585 | } |
6586 | |
6587 | /* bpf_skc_lookup performs the core lookup for different types of sockets, |
6588 | * taking a reference on the socket if it doesn't have the flag SOCK_RCU_FREE. |
6589 | */ |
6590 | static struct sock * |
6591 | __bpf_skc_lookup(struct sk_buff *skb, struct bpf_sock_tuple *tuple, u32 len, |
6592 | struct net *caller_net, u32 ifindex, u8 proto, u64 netns_id, |
6593 | u64 flags, int sdif) |
6594 | { |
6595 | struct sock *sk = NULL; |
6596 | struct net *net; |
6597 | u8 family; |
6598 | |
6599 | if (len == sizeof(tuple->ipv4)) |
6600 | family = AF_INET; |
6601 | else if (len == sizeof(tuple->ipv6)) |
6602 | family = AF_INET6; |
6603 | else |
6604 | return NULL; |
6605 | |
6606 | if (unlikely(flags || !((s32)netns_id < 0 || netns_id <= S32_MAX))) |
6607 | goto out; |
6608 | |
6609 | if (sdif < 0) { |
6610 | if (family == AF_INET) |
6611 | sdif = inet_sdif(skb); |
6612 | else |
6613 | sdif = inet6_sdif(skb); |
6614 | } |
6615 | |
6616 | if ((s32)netns_id < 0) { |
6617 | net = caller_net; |
6618 | sk = sk_lookup(net, tuple, dif: ifindex, sdif, family, proto); |
6619 | } else { |
6620 | net = get_net_ns_by_id(net: caller_net, id: netns_id); |
6621 | if (unlikely(!net)) |
6622 | goto out; |
6623 | sk = sk_lookup(net, tuple, dif: ifindex, sdif, family, proto); |
6624 | put_net(net); |
6625 | } |
6626 | |
6627 | out: |
6628 | return sk; |
6629 | } |
6630 | |
6631 | static struct sock * |
6632 | __bpf_sk_lookup(struct sk_buff *skb, struct bpf_sock_tuple *tuple, u32 len, |
6633 | struct net *caller_net, u32 ifindex, u8 proto, u64 netns_id, |
6634 | u64 flags, int sdif) |
6635 | { |
6636 | struct sock *sk = __bpf_skc_lookup(skb, tuple, len, caller_net, |
6637 | ifindex, proto, netns_id, flags, |
6638 | sdif); |
6639 | |
6640 | if (sk) { |
6641 | struct sock *sk2 = sk_to_full_sk(sk); |
6642 | |
6643 | /* sk_to_full_sk() may return (sk)->rsk_listener, so make sure the original sk |
6644 | * sock refcnt is decremented to prevent a request_sock leak. |
6645 | */ |
6646 | if (!sk_fullsock(sk: sk2)) |
6647 | sk2 = NULL; |
6648 | if (sk2 != sk) { |
6649 | sock_gen_put(sk); |
6650 | /* Ensure there is no need to bump sk2 refcnt */ |
6651 | if (unlikely(sk2 && !sock_flag(sk2, SOCK_RCU_FREE))) { |
6652 | WARN_ONCE(1, "Found non-RCU, unreferenced socket!" ); |
6653 | return NULL; |
6654 | } |
6655 | sk = sk2; |
6656 | } |
6657 | } |
6658 | |
6659 | return sk; |
6660 | } |
6661 | |
6662 | static struct sock * |
6663 | bpf_skc_lookup(struct sk_buff *skb, struct bpf_sock_tuple *tuple, u32 len, |
6664 | u8 proto, u64 netns_id, u64 flags) |
6665 | { |
6666 | struct net *caller_net; |
6667 | int ifindex; |
6668 | |
6669 | if (skb->dev) { |
6670 | caller_net = dev_net(dev: skb->dev); |
6671 | ifindex = skb->dev->ifindex; |
6672 | } else { |
6673 | caller_net = sock_net(sk: skb->sk); |
6674 | ifindex = 0; |
6675 | } |
6676 | |
6677 | return __bpf_skc_lookup(skb, tuple, len, caller_net, ifindex, proto, |
6678 | netns_id, flags, sdif: -1); |
6679 | } |
6680 | |
6681 | static struct sock * |
6682 | bpf_sk_lookup(struct sk_buff *skb, struct bpf_sock_tuple *tuple, u32 len, |
6683 | u8 proto, u64 netns_id, u64 flags) |
6684 | { |
6685 | struct sock *sk = bpf_skc_lookup(skb, tuple, len, proto, netns_id, |
6686 | flags); |
6687 | |
6688 | if (sk) { |
6689 | struct sock *sk2 = sk_to_full_sk(sk); |
6690 | |
6691 | /* sk_to_full_sk() may return (sk)->rsk_listener, so make sure the original sk |
6692 | * sock refcnt is decremented to prevent a request_sock leak. |
6693 | */ |
6694 | if (!sk_fullsock(sk: sk2)) |
6695 | sk2 = NULL; |
6696 | if (sk2 != sk) { |
6697 | sock_gen_put(sk); |
6698 | /* Ensure there is no need to bump sk2 refcnt */ |
6699 | if (unlikely(sk2 && !sock_flag(sk2, SOCK_RCU_FREE))) { |
6700 | WARN_ONCE(1, "Found non-RCU, unreferenced socket!" ); |
6701 | return NULL; |
6702 | } |
6703 | sk = sk2; |
6704 | } |
6705 | } |
6706 | |
6707 | return sk; |
6708 | } |
6709 | |
6710 | BPF_CALL_5(bpf_skc_lookup_tcp, struct sk_buff *, skb, |
6711 | struct bpf_sock_tuple *, tuple, u32, len, u64, netns_id, u64, flags) |
6712 | { |
6713 | return (unsigned long)bpf_skc_lookup(skb, tuple, len, IPPROTO_TCP, |
6714 | netns_id, flags); |
6715 | } |
6716 | |
6717 | static const struct bpf_func_proto bpf_skc_lookup_tcp_proto = { |
6718 | .func = bpf_skc_lookup_tcp, |
6719 | .gpl_only = false, |
6720 | .pkt_access = true, |
6721 | .ret_type = RET_PTR_TO_SOCK_COMMON_OR_NULL, |
6722 | .arg1_type = ARG_PTR_TO_CTX, |
6723 | .arg2_type = ARG_PTR_TO_MEM | MEM_RDONLY, |
6724 | .arg3_type = ARG_CONST_SIZE, |
6725 | .arg4_type = ARG_ANYTHING, |
6726 | .arg5_type = ARG_ANYTHING, |
6727 | }; |
6728 | |
6729 | BPF_CALL_5(bpf_sk_lookup_tcp, struct sk_buff *, skb, |
6730 | struct bpf_sock_tuple *, tuple, u32, len, u64, netns_id, u64, flags) |
6731 | { |
6732 | return (unsigned long)bpf_sk_lookup(skb, tuple, len, IPPROTO_TCP, |
6733 | netns_id, flags); |
6734 | } |
6735 | |
6736 | static const struct bpf_func_proto bpf_sk_lookup_tcp_proto = { |
6737 | .func = bpf_sk_lookup_tcp, |
6738 | .gpl_only = false, |
6739 | .pkt_access = true, |
6740 | .ret_type = RET_PTR_TO_SOCKET_OR_NULL, |
6741 | .arg1_type = ARG_PTR_TO_CTX, |
6742 | .arg2_type = ARG_PTR_TO_MEM | MEM_RDONLY, |
6743 | .arg3_type = ARG_CONST_SIZE, |
6744 | .arg4_type = ARG_ANYTHING, |
6745 | .arg5_type = ARG_ANYTHING, |
6746 | }; |
6747 | |
6748 | BPF_CALL_5(bpf_sk_lookup_udp, struct sk_buff *, skb, |
6749 | struct bpf_sock_tuple *, tuple, u32, len, u64, netns_id, u64, flags) |
6750 | { |
6751 | return (unsigned long)bpf_sk_lookup(skb, tuple, len, IPPROTO_UDP, |
6752 | netns_id, flags); |
6753 | } |
6754 | |
6755 | static const struct bpf_func_proto bpf_sk_lookup_udp_proto = { |
6756 | .func = bpf_sk_lookup_udp, |
6757 | .gpl_only = false, |
6758 | .pkt_access = true, |
6759 | .ret_type = RET_PTR_TO_SOCKET_OR_NULL, |
6760 | .arg1_type = ARG_PTR_TO_CTX, |
6761 | .arg2_type = ARG_PTR_TO_MEM | MEM_RDONLY, |
6762 | .arg3_type = ARG_CONST_SIZE, |
6763 | .arg4_type = ARG_ANYTHING, |
6764 | .arg5_type = ARG_ANYTHING, |
6765 | }; |
6766 | |
6767 | BPF_CALL_5(bpf_tc_skc_lookup_tcp, struct sk_buff *, skb, |
6768 | struct bpf_sock_tuple *, tuple, u32, len, u64, netns_id, u64, flags) |
6769 | { |
6770 | struct net_device *dev = skb->dev; |
6771 | int ifindex = dev->ifindex, sdif = dev_sdif(dev); |
6772 | struct net *caller_net = dev_net(dev); |
6773 | |
6774 | return (unsigned long)__bpf_skc_lookup(skb, tuple, len, caller_net, |
6775 | ifindex, IPPROTO_TCP, netns_id, |
6776 | flags, sdif); |
6777 | } |
6778 | |
6779 | static const struct bpf_func_proto bpf_tc_skc_lookup_tcp_proto = { |
6780 | .func = bpf_tc_skc_lookup_tcp, |
6781 | .gpl_only = false, |
6782 | .pkt_access = true, |
6783 | .ret_type = RET_PTR_TO_SOCK_COMMON_OR_NULL, |
6784 | .arg1_type = ARG_PTR_TO_CTX, |
6785 | .arg2_type = ARG_PTR_TO_MEM | MEM_RDONLY, |
6786 | .arg3_type = ARG_CONST_SIZE, |
6787 | .arg4_type = ARG_ANYTHING, |
6788 | .arg5_type = ARG_ANYTHING, |
6789 | }; |
6790 | |
6791 | BPF_CALL_5(bpf_tc_sk_lookup_tcp, struct sk_buff *, skb, |
6792 | struct bpf_sock_tuple *, tuple, u32, len, u64, netns_id, u64, flags) |
6793 | { |
6794 | struct net_device *dev = skb->dev; |
6795 | int ifindex = dev->ifindex, sdif = dev_sdif(dev); |
6796 | struct net *caller_net = dev_net(dev); |
6797 | |
6798 | return (unsigned long)__bpf_sk_lookup(skb, tuple, len, caller_net, |
6799 | ifindex, IPPROTO_TCP, netns_id, |
6800 | flags, sdif); |
6801 | } |
6802 | |
6803 | static const struct bpf_func_proto bpf_tc_sk_lookup_tcp_proto = { |
6804 | .func = bpf_tc_sk_lookup_tcp, |
6805 | .gpl_only = false, |
6806 | .pkt_access = true, |
6807 | .ret_type = RET_PTR_TO_SOCKET_OR_NULL, |
6808 | .arg1_type = ARG_PTR_TO_CTX, |
6809 | .arg2_type = ARG_PTR_TO_MEM | MEM_RDONLY, |
6810 | .arg3_type = ARG_CONST_SIZE, |
6811 | .arg4_type = ARG_ANYTHING, |
6812 | .arg5_type = ARG_ANYTHING, |
6813 | }; |
6814 | |
6815 | BPF_CALL_5(bpf_tc_sk_lookup_udp, struct sk_buff *, skb, |
6816 | struct bpf_sock_tuple *, tuple, u32, len, u64, netns_id, u64, flags) |
6817 | { |
6818 | struct net_device *dev = skb->dev; |
6819 | int ifindex = dev->ifindex, sdif = dev_sdif(dev); |
6820 | struct net *caller_net = dev_net(dev); |
6821 | |
6822 | return (unsigned long)__bpf_sk_lookup(skb, tuple, len, caller_net, |
6823 | ifindex, IPPROTO_UDP, netns_id, |
6824 | flags, sdif); |
6825 | } |
6826 | |
6827 | static const struct bpf_func_proto bpf_tc_sk_lookup_udp_proto = { |
6828 | .func = bpf_tc_sk_lookup_udp, |
6829 | .gpl_only = false, |
6830 | .pkt_access = true, |
6831 | .ret_type = RET_PTR_TO_SOCKET_OR_NULL, |
6832 | .arg1_type = ARG_PTR_TO_CTX, |
6833 | .arg2_type = ARG_PTR_TO_MEM | MEM_RDONLY, |
6834 | .arg3_type = ARG_CONST_SIZE, |
6835 | .arg4_type = ARG_ANYTHING, |
6836 | .arg5_type = ARG_ANYTHING, |
6837 | }; |
6838 | |
6839 | BPF_CALL_1(bpf_sk_release, struct sock *, sk) |
6840 | { |
6841 | if (sk && sk_is_refcounted(sk)) |
6842 | sock_gen_put(sk); |
6843 | return 0; |
6844 | } |
6845 | |
6846 | static const struct bpf_func_proto bpf_sk_release_proto = { |
6847 | .func = bpf_sk_release, |
6848 | .gpl_only = false, |
6849 | .ret_type = RET_INTEGER, |
6850 | .arg1_type = ARG_PTR_TO_BTF_ID_SOCK_COMMON | OBJ_RELEASE, |
6851 | }; |
6852 | |
6853 | BPF_CALL_5(bpf_xdp_sk_lookup_udp, struct xdp_buff *, ctx, |
6854 | struct bpf_sock_tuple *, tuple, u32, len, u32, netns_id, u64, flags) |
6855 | { |
6856 | struct net_device *dev = ctx->rxq->dev; |
6857 | int ifindex = dev->ifindex, sdif = dev_sdif(dev); |
6858 | struct net *caller_net = dev_net(dev); |
6859 | |
6860 | return (unsigned long)__bpf_sk_lookup(NULL, tuple, len, caller_net, |
6861 | ifindex, IPPROTO_UDP, netns_id, |
6862 | flags, sdif); |
6863 | } |
6864 | |
6865 | static const struct bpf_func_proto bpf_xdp_sk_lookup_udp_proto = { |
6866 | .func = bpf_xdp_sk_lookup_udp, |
6867 | .gpl_only = false, |
6868 | .pkt_access = true, |
6869 | .ret_type = RET_PTR_TO_SOCKET_OR_NULL, |
6870 | .arg1_type = ARG_PTR_TO_CTX, |
6871 | .arg2_type = ARG_PTR_TO_MEM | MEM_RDONLY, |
6872 | .arg3_type = ARG_CONST_SIZE, |
6873 | .arg4_type = ARG_ANYTHING, |
6874 | .arg5_type = ARG_ANYTHING, |
6875 | }; |
6876 | |
6877 | BPF_CALL_5(bpf_xdp_skc_lookup_tcp, struct xdp_buff *, ctx, |
6878 | struct bpf_sock_tuple *, tuple, u32, len, u32, netns_id, u64, flags) |
6879 | { |
6880 | struct net_device *dev = ctx->rxq->dev; |
6881 | int ifindex = dev->ifindex, sdif = dev_sdif(dev); |
6882 | struct net *caller_net = dev_net(dev); |
6883 | |
6884 | return (unsigned long)__bpf_skc_lookup(NULL, tuple, len, caller_net, |
6885 | ifindex, IPPROTO_TCP, netns_id, |
6886 | flags, sdif); |
6887 | } |
6888 | |
6889 | static const struct bpf_func_proto bpf_xdp_skc_lookup_tcp_proto = { |
6890 | .func = bpf_xdp_skc_lookup_tcp, |
6891 | .gpl_only = false, |
6892 | .pkt_access = true, |
6893 | .ret_type = RET_PTR_TO_SOCK_COMMON_OR_NULL, |
6894 | .arg1_type = ARG_PTR_TO_CTX, |
6895 | .arg2_type = ARG_PTR_TO_MEM | MEM_RDONLY, |
6896 | .arg3_type = ARG_CONST_SIZE, |
6897 | .arg4_type = ARG_ANYTHING, |
6898 | .arg5_type = ARG_ANYTHING, |
6899 | }; |
6900 | |
6901 | BPF_CALL_5(bpf_xdp_sk_lookup_tcp, struct xdp_buff *, ctx, |
6902 | struct bpf_sock_tuple *, tuple, u32, len, u32, netns_id, u64, flags) |
6903 | { |
6904 | struct net_device *dev = ctx->rxq->dev; |
6905 | int ifindex = dev->ifindex, sdif = dev_sdif(dev); |
6906 | struct net *caller_net = dev_net(dev); |
6907 | |
6908 | return (unsigned long)__bpf_sk_lookup(NULL, tuple, len, caller_net, |
6909 | ifindex, IPPROTO_TCP, netns_id, |
6910 | flags, sdif); |
6911 | } |
6912 | |
6913 | static const struct bpf_func_proto bpf_xdp_sk_lookup_tcp_proto = { |
6914 | .func = bpf_xdp_sk_lookup_tcp, |
6915 | .gpl_only = false, |
6916 | .pkt_access = true, |
6917 | .ret_type = RET_PTR_TO_SOCKET_OR_NULL, |
6918 | .arg1_type = ARG_PTR_TO_CTX, |
6919 | .arg2_type = ARG_PTR_TO_MEM | MEM_RDONLY, |
6920 | .arg3_type = ARG_CONST_SIZE, |
6921 | .arg4_type = ARG_ANYTHING, |
6922 | .arg5_type = ARG_ANYTHING, |
6923 | }; |
6924 | |
6925 | BPF_CALL_5(bpf_sock_addr_skc_lookup_tcp, struct bpf_sock_addr_kern *, ctx, |
6926 | struct bpf_sock_tuple *, tuple, u32, len, u64, netns_id, u64, flags) |
6927 | { |
6928 | return (unsigned long)__bpf_skc_lookup(NULL, tuple, len, |
6929 | caller_net: sock_net(sk: ctx->sk), ifindex: 0, |
6930 | IPPROTO_TCP, netns_id, flags, |
6931 | sdif: -1); |
6932 | } |
6933 | |
6934 | static const struct bpf_func_proto bpf_sock_addr_skc_lookup_tcp_proto = { |
6935 | .func = bpf_sock_addr_skc_lookup_tcp, |
6936 | .gpl_only = false, |
6937 | .ret_type = RET_PTR_TO_SOCK_COMMON_OR_NULL, |
6938 | .arg1_type = ARG_PTR_TO_CTX, |
6939 | .arg2_type = ARG_PTR_TO_MEM | MEM_RDONLY, |
6940 | .arg3_type = ARG_CONST_SIZE, |
6941 | .arg4_type = ARG_ANYTHING, |
6942 | .arg5_type = ARG_ANYTHING, |
6943 | }; |
6944 | |
6945 | BPF_CALL_5(bpf_sock_addr_sk_lookup_tcp, struct bpf_sock_addr_kern *, ctx, |
6946 | struct bpf_sock_tuple *, tuple, u32, len, u64, netns_id, u64, flags) |
6947 | { |
6948 | return (unsigned long)__bpf_sk_lookup(NULL, tuple, len, |
6949 | caller_net: sock_net(sk: ctx->sk), ifindex: 0, IPPROTO_TCP, |
6950 | netns_id, flags, sdif: -1); |
6951 | } |
6952 | |
6953 | static const struct bpf_func_proto bpf_sock_addr_sk_lookup_tcp_proto = { |
6954 | .func = bpf_sock_addr_sk_lookup_tcp, |
6955 | .gpl_only = false, |
6956 | .ret_type = RET_PTR_TO_SOCKET_OR_NULL, |
6957 | .arg1_type = ARG_PTR_TO_CTX, |
6958 | .arg2_type = ARG_PTR_TO_MEM | MEM_RDONLY, |
6959 | .arg3_type = ARG_CONST_SIZE, |
6960 | .arg4_type = ARG_ANYTHING, |
6961 | .arg5_type = ARG_ANYTHING, |
6962 | }; |
6963 | |
6964 | BPF_CALL_5(bpf_sock_addr_sk_lookup_udp, struct bpf_sock_addr_kern *, ctx, |
6965 | struct bpf_sock_tuple *, tuple, u32, len, u64, netns_id, u64, flags) |
6966 | { |
6967 | return (unsigned long)__bpf_sk_lookup(NULL, tuple, len, |
6968 | caller_net: sock_net(sk: ctx->sk), ifindex: 0, IPPROTO_UDP, |
6969 | netns_id, flags, sdif: -1); |
6970 | } |
6971 | |
6972 | static const struct bpf_func_proto bpf_sock_addr_sk_lookup_udp_proto = { |
6973 | .func = bpf_sock_addr_sk_lookup_udp, |
6974 | .gpl_only = false, |
6975 | .ret_type = RET_PTR_TO_SOCKET_OR_NULL, |
6976 | .arg1_type = ARG_PTR_TO_CTX, |
6977 | .arg2_type = ARG_PTR_TO_MEM | MEM_RDONLY, |
6978 | .arg3_type = ARG_CONST_SIZE, |
6979 | .arg4_type = ARG_ANYTHING, |
6980 | .arg5_type = ARG_ANYTHING, |
6981 | }; |
6982 | |
6983 | bool bpf_tcp_sock_is_valid_access(int off, int size, enum bpf_access_type type, |
6984 | struct bpf_insn_access_aux *info) |
6985 | { |
6986 | if (off < 0 || off >= offsetofend(struct bpf_tcp_sock, |
6987 | icsk_retransmits)) |
6988 | return false; |
6989 | |
6990 | if (off % size != 0) |
6991 | return false; |
6992 | |
6993 | switch (off) { |
6994 | case offsetof(struct bpf_tcp_sock, bytes_received): |
6995 | case offsetof(struct bpf_tcp_sock, bytes_acked): |
6996 | return size == sizeof(__u64); |
6997 | default: |
6998 | return size == sizeof(__u32); |
6999 | } |
7000 | } |
7001 | |
7002 | u32 bpf_tcp_sock_convert_ctx_access(enum bpf_access_type type, |
7003 | const struct bpf_insn *si, |
7004 | struct bpf_insn *insn_buf, |
7005 | struct bpf_prog *prog, u32 *target_size) |
7006 | { |
7007 | struct bpf_insn *insn = insn_buf; |
7008 | |
7009 | #define BPF_TCP_SOCK_GET_COMMON(FIELD) \ |
7010 | do { \ |
7011 | BUILD_BUG_ON(sizeof_field(struct tcp_sock, FIELD) > \ |
7012 | sizeof_field(struct bpf_tcp_sock, FIELD)); \ |
7013 | *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct tcp_sock, FIELD),\ |
7014 | si->dst_reg, si->src_reg, \ |
7015 | offsetof(struct tcp_sock, FIELD)); \ |
7016 | } while (0) |
7017 | |
7018 | #define BPF_INET_SOCK_GET_COMMON(FIELD) \ |
7019 | do { \ |
7020 | BUILD_BUG_ON(sizeof_field(struct inet_connection_sock, \ |
7021 | FIELD) > \ |
7022 | sizeof_field(struct bpf_tcp_sock, FIELD)); \ |
7023 | *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF( \ |
7024 | struct inet_connection_sock, \ |
7025 | FIELD), \ |
7026 | si->dst_reg, si->src_reg, \ |
7027 | offsetof( \ |
7028 | struct inet_connection_sock, \ |
7029 | FIELD)); \ |
7030 | } while (0) |
7031 | |
7032 | BTF_TYPE_EMIT(struct bpf_tcp_sock); |
7033 | |
7034 | switch (si->off) { |
7035 | case offsetof(struct bpf_tcp_sock, rtt_min): |
7036 | BUILD_BUG_ON(sizeof_field(struct tcp_sock, rtt_min) != |
7037 | sizeof(struct minmax)); |
7038 | BUILD_BUG_ON(sizeof(struct minmax) < |
7039 | sizeof(struct minmax_sample)); |
7040 | |
7041 | *insn++ = BPF_LDX_MEM(BPF_W, si->dst_reg, si->src_reg, |
7042 | offsetof(struct tcp_sock, rtt_min) + |
7043 | offsetof(struct minmax_sample, v)); |
7044 | break; |
7045 | case offsetof(struct bpf_tcp_sock, snd_cwnd): |
7046 | BPF_TCP_SOCK_GET_COMMON(snd_cwnd); |
7047 | break; |
7048 | case offsetof(struct bpf_tcp_sock, srtt_us): |
7049 | BPF_TCP_SOCK_GET_COMMON(srtt_us); |
7050 | break; |
7051 | case offsetof(struct bpf_tcp_sock, snd_ssthresh): |
7052 | BPF_TCP_SOCK_GET_COMMON(snd_ssthresh); |
7053 | break; |
7054 | case offsetof(struct bpf_tcp_sock, rcv_nxt): |
7055 | BPF_TCP_SOCK_GET_COMMON(rcv_nxt); |
7056 | break; |
7057 | case offsetof(struct bpf_tcp_sock, snd_nxt): |
7058 | BPF_TCP_SOCK_GET_COMMON(snd_nxt); |
7059 | break; |
7060 | case offsetof(struct bpf_tcp_sock, snd_una): |
7061 | BPF_TCP_SOCK_GET_COMMON(snd_una); |
7062 | break; |
7063 | case offsetof(struct bpf_tcp_sock, mss_cache): |
7064 | BPF_TCP_SOCK_GET_COMMON(mss_cache); |
7065 | break; |
7066 | case offsetof(struct bpf_tcp_sock, ecn_flags): |
7067 | BPF_TCP_SOCK_GET_COMMON(ecn_flags); |
7068 | break; |
7069 | case offsetof(struct bpf_tcp_sock, rate_delivered): |
7070 | BPF_TCP_SOCK_GET_COMMON(rate_delivered); |
7071 | break; |
7072 | case offsetof(struct bpf_tcp_sock, rate_interval_us): |
7073 | BPF_TCP_SOCK_GET_COMMON(rate_interval_us); |
7074 | break; |
7075 | case offsetof(struct bpf_tcp_sock, packets_out): |
7076 | BPF_TCP_SOCK_GET_COMMON(packets_out); |
7077 | break; |
7078 | case offsetof(struct bpf_tcp_sock, retrans_out): |
7079 | BPF_TCP_SOCK_GET_COMMON(retrans_out); |
7080 | break; |
7081 | case offsetof(struct bpf_tcp_sock, total_retrans): |
7082 | BPF_TCP_SOCK_GET_COMMON(total_retrans); |
7083 | break; |
7084 | case offsetof(struct bpf_tcp_sock, segs_in): |
7085 | BPF_TCP_SOCK_GET_COMMON(segs_in); |
7086 | break; |
7087 | case offsetof(struct bpf_tcp_sock, data_segs_in): |
7088 | BPF_TCP_SOCK_GET_COMMON(data_segs_in); |
7089 | break; |
7090 | case offsetof(struct bpf_tcp_sock, segs_out): |
7091 | BPF_TCP_SOCK_GET_COMMON(segs_out); |
7092 | break; |
7093 | case offsetof(struct bpf_tcp_sock, data_segs_out): |
7094 | BPF_TCP_SOCK_GET_COMMON(data_segs_out); |
7095 | break; |
7096 | case offsetof(struct bpf_tcp_sock, lost_out): |
7097 | BPF_TCP_SOCK_GET_COMMON(lost_out); |
7098 | break; |
7099 | case offsetof(struct bpf_tcp_sock, sacked_out): |
7100 | BPF_TCP_SOCK_GET_COMMON(sacked_out); |
7101 | break; |
7102 | case offsetof(struct bpf_tcp_sock, bytes_received): |
7103 | BPF_TCP_SOCK_GET_COMMON(bytes_received); |
7104 | break; |
7105 | case offsetof(struct bpf_tcp_sock, bytes_acked): |
7106 | BPF_TCP_SOCK_GET_COMMON(bytes_acked); |
7107 | break; |
7108 | case offsetof(struct bpf_tcp_sock, dsack_dups): |
7109 | BPF_TCP_SOCK_GET_COMMON(dsack_dups); |
7110 | break; |
7111 | case offsetof(struct bpf_tcp_sock, delivered): |
7112 | BPF_TCP_SOCK_GET_COMMON(delivered); |
7113 | break; |
7114 | case offsetof(struct bpf_tcp_sock, delivered_ce): |
7115 | BPF_TCP_SOCK_GET_COMMON(delivered_ce); |
7116 | break; |
7117 | case offsetof(struct bpf_tcp_sock, icsk_retransmits): |
7118 | BPF_INET_SOCK_GET_COMMON(icsk_retransmits); |
7119 | break; |
7120 | } |
7121 | |
7122 | return insn - insn_buf; |
7123 | } |
7124 | |
7125 | BPF_CALL_1(bpf_tcp_sock, struct sock *, sk) |
7126 | { |
7127 | if (sk_fullsock(sk) && sk->sk_protocol == IPPROTO_TCP) |
7128 | return (unsigned long)sk; |
7129 | |
7130 | return (unsigned long)NULL; |
7131 | } |
7132 | |
7133 | const struct bpf_func_proto bpf_tcp_sock_proto = { |
7134 | .func = bpf_tcp_sock, |
7135 | .gpl_only = false, |
7136 | .ret_type = RET_PTR_TO_TCP_SOCK_OR_NULL, |
7137 | .arg1_type = ARG_PTR_TO_SOCK_COMMON, |
7138 | }; |
7139 | |
7140 | BPF_CALL_1(bpf_get_listener_sock, struct sock *, sk) |
7141 | { |
7142 | sk = sk_to_full_sk(sk); |
7143 | |
7144 | if (sk->sk_state == TCP_LISTEN && sock_flag(sk, flag: SOCK_RCU_FREE)) |
7145 | return (unsigned long)sk; |
7146 | |
7147 | return (unsigned long)NULL; |
7148 | } |
7149 | |
7150 | static const struct bpf_func_proto bpf_get_listener_sock_proto = { |
7151 | .func = bpf_get_listener_sock, |
7152 | .gpl_only = false, |
7153 | .ret_type = RET_PTR_TO_SOCKET_OR_NULL, |
7154 | .arg1_type = ARG_PTR_TO_SOCK_COMMON, |
7155 | }; |
7156 | |
7157 | BPF_CALL_1(bpf_skb_ecn_set_ce, struct sk_buff *, skb) |
7158 | { |
7159 | unsigned int iphdr_len; |
7160 | |
7161 | switch (skb_protocol(skb, skip_vlan: true)) { |
7162 | case cpu_to_be16(ETH_P_IP): |
7163 | iphdr_len = sizeof(struct iphdr); |
7164 | break; |
7165 | case cpu_to_be16(ETH_P_IPV6): |
7166 | iphdr_len = sizeof(struct ipv6hdr); |
7167 | break; |
7168 | default: |
7169 | return 0; |
7170 | } |
7171 | |
7172 | if (skb_headlen(skb) < iphdr_len) |
7173 | return 0; |
7174 | |
7175 | if (skb_cloned(skb) && !skb_clone_writable(skb, len: iphdr_len)) |
7176 | return 0; |
7177 | |
7178 | return INET_ECN_set_ce(skb); |
7179 | } |
7180 | |
7181 | bool bpf_xdp_sock_is_valid_access(int off, int size, enum bpf_access_type type, |
7182 | struct bpf_insn_access_aux *info) |
7183 | { |
7184 | if (off < 0 || off >= offsetofend(struct bpf_xdp_sock, queue_id)) |
7185 | return false; |
7186 | |
7187 | if (off % size != 0) |
7188 | return false; |
7189 | |
7190 | switch (off) { |
7191 | default: |
7192 | return size == sizeof(__u32); |
7193 | } |
7194 | } |
7195 | |
7196 | u32 bpf_xdp_sock_convert_ctx_access(enum bpf_access_type type, |
7197 | const struct bpf_insn *si, |
7198 | struct bpf_insn *insn_buf, |
7199 | struct bpf_prog *prog, u32 *target_size) |
7200 | { |
7201 | struct bpf_insn *insn = insn_buf; |
7202 | |
7203 | #define BPF_XDP_SOCK_GET(FIELD) \ |
7204 | do { \ |
7205 | BUILD_BUG_ON(sizeof_field(struct xdp_sock, FIELD) > \ |
7206 | sizeof_field(struct bpf_xdp_sock, FIELD)); \ |
7207 | *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct xdp_sock, FIELD),\ |
7208 | si->dst_reg, si->src_reg, \ |
7209 | offsetof(struct xdp_sock, FIELD)); \ |
7210 | } while (0) |
7211 | |
7212 | switch (si->off) { |
7213 | case offsetof(struct bpf_xdp_sock, queue_id): |
7214 | BPF_XDP_SOCK_GET(queue_id); |
7215 | break; |
7216 | } |
7217 | |
7218 | return insn - insn_buf; |
7219 | } |
7220 | |
7221 | static const struct bpf_func_proto bpf_skb_ecn_set_ce_proto = { |
7222 | .func = bpf_skb_ecn_set_ce, |
7223 | .gpl_only = false, |
7224 | .ret_type = RET_INTEGER, |
7225 | .arg1_type = ARG_PTR_TO_CTX, |
7226 | }; |
7227 | |
7228 | BPF_CALL_5(bpf_tcp_check_syncookie, struct sock *, sk, void *, iph, u32, iph_len, |
7229 | struct tcphdr *, th, u32, th_len) |
7230 | { |
7231 | #ifdef CONFIG_SYN_COOKIES |
7232 | u32 cookie; |
7233 | int ret; |
7234 | |
7235 | if (unlikely(!sk || th_len < sizeof(*th))) |
7236 | return -EINVAL; |
7237 | |
7238 | /* sk_listener() allows TCP_NEW_SYN_RECV, which makes no sense here. */ |
7239 | if (sk->sk_protocol != IPPROTO_TCP || sk->sk_state != TCP_LISTEN) |
7240 | return -EINVAL; |
7241 | |
7242 | if (!READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_syncookies)) |
7243 | return -EINVAL; |
7244 | |
7245 | if (!th->ack || th->rst || th->syn) |
7246 | return -ENOENT; |
7247 | |
7248 | if (unlikely(iph_len < sizeof(struct iphdr))) |
7249 | return -EINVAL; |
7250 | |
7251 | if (tcp_synq_no_recent_overflow(sk)) |
7252 | return -ENOENT; |
7253 | |
7254 | cookie = ntohl(th->ack_seq) - 1; |
7255 | |
7256 | /* Both struct iphdr and struct ipv6hdr have the version field at the |
7257 | * same offset so we can cast to the shorter header (struct iphdr). |
7258 | */ |
7259 | switch (((struct iphdr *)iph)->version) { |
7260 | case 4: |
7261 | if (sk->sk_family == AF_INET6 && ipv6_only_sock(sk)) |
7262 | return -EINVAL; |
7263 | |
7264 | ret = __cookie_v4_check(iph: (struct iphdr *)iph, th, cookie); |
7265 | break; |
7266 | |
7267 | #if IS_BUILTIN(CONFIG_IPV6) |
7268 | case 6: |
7269 | if (unlikely(iph_len < sizeof(struct ipv6hdr))) |
7270 | return -EINVAL; |
7271 | |
7272 | if (sk->sk_family != AF_INET6) |
7273 | return -EINVAL; |
7274 | |
7275 | ret = __cookie_v6_check(iph: (struct ipv6hdr *)iph, th, cookie); |
7276 | break; |
7277 | #endif /* CONFIG_IPV6 */ |
7278 | |
7279 | default: |
7280 | return -EPROTONOSUPPORT; |
7281 | } |
7282 | |
7283 | if (ret > 0) |
7284 | return 0; |
7285 | |
7286 | return -ENOENT; |
7287 | #else |
7288 | return -ENOTSUPP; |
7289 | #endif |
7290 | } |
7291 | |
7292 | static const struct bpf_func_proto bpf_tcp_check_syncookie_proto = { |
7293 | .func = bpf_tcp_check_syncookie, |
7294 | .gpl_only = true, |
7295 | .pkt_access = true, |
7296 | .ret_type = RET_INTEGER, |
7297 | .arg1_type = ARG_PTR_TO_BTF_ID_SOCK_COMMON, |
7298 | .arg2_type = ARG_PTR_TO_MEM | MEM_RDONLY, |
7299 | .arg3_type = ARG_CONST_SIZE, |
7300 | .arg4_type = ARG_PTR_TO_MEM | MEM_RDONLY, |
7301 | .arg5_type = ARG_CONST_SIZE, |
7302 | }; |
7303 | |
7304 | BPF_CALL_5(bpf_tcp_gen_syncookie, struct sock *, sk, void *, iph, u32, iph_len, |
7305 | struct tcphdr *, th, u32, th_len) |
7306 | { |
7307 | #ifdef CONFIG_SYN_COOKIES |
7308 | u32 cookie; |
7309 | u16 mss; |
7310 | |
7311 | if (unlikely(!sk || th_len < sizeof(*th) || th_len != th->doff * 4)) |
7312 | return -EINVAL; |
7313 | |
7314 | if (sk->sk_protocol != IPPROTO_TCP || sk->sk_state != TCP_LISTEN) |
7315 | return -EINVAL; |
7316 | |
7317 | if (!READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_syncookies)) |
7318 | return -ENOENT; |
7319 | |
7320 | if (!th->syn || th->ack || th->fin || th->rst) |
7321 | return -EINVAL; |
7322 | |
7323 | if (unlikely(iph_len < sizeof(struct iphdr))) |
7324 | return -EINVAL; |
7325 | |
7326 | /* Both struct iphdr and struct ipv6hdr have the version field at the |
7327 | * same offset so we can cast to the shorter header (struct iphdr). |
7328 | */ |
7329 | switch (((struct iphdr *)iph)->version) { |
7330 | case 4: |
7331 | if (sk->sk_family == AF_INET6 && ipv6_only_sock(sk)) |
7332 | return -EINVAL; |
7333 | |
7334 | mss = tcp_v4_get_syncookie(sk, iph, th, cookie: &cookie); |
7335 | break; |
7336 | |
7337 | #if IS_BUILTIN(CONFIG_IPV6) |
7338 | case 6: |
7339 | if (unlikely(iph_len < sizeof(struct ipv6hdr))) |
7340 | return -EINVAL; |
7341 | |
7342 | if (sk->sk_family != AF_INET6) |
7343 | return -EINVAL; |
7344 | |
7345 | mss = tcp_v6_get_syncookie(sk, iph, th, cookie: &cookie); |
7346 | break; |
7347 | #endif /* CONFIG_IPV6 */ |
7348 | |
7349 | default: |
7350 | return -EPROTONOSUPPORT; |
7351 | } |
7352 | if (mss == 0) |
7353 | return -ENOENT; |
7354 | |
7355 | return cookie | ((u64)mss << 32); |
7356 | #else |
7357 | return -EOPNOTSUPP; |
7358 | #endif /* CONFIG_SYN_COOKIES */ |
7359 | } |
7360 | |
7361 | static const struct bpf_func_proto bpf_tcp_gen_syncookie_proto = { |
7362 | .func = bpf_tcp_gen_syncookie, |
7363 | .gpl_only = true, /* __cookie_v*_init_sequence() is GPL */ |
7364 | .pkt_access = true, |
7365 | .ret_type = RET_INTEGER, |
7366 | .arg1_type = ARG_PTR_TO_BTF_ID_SOCK_COMMON, |
7367 | .arg2_type = ARG_PTR_TO_MEM | MEM_RDONLY, |
7368 | .arg3_type = ARG_CONST_SIZE, |
7369 | .arg4_type = ARG_PTR_TO_MEM | MEM_RDONLY, |
7370 | .arg5_type = ARG_CONST_SIZE, |
7371 | }; |
7372 | |
7373 | BPF_CALL_3(bpf_sk_assign, struct sk_buff *, skb, struct sock *, sk, u64, flags) |
7374 | { |
7375 | if (!sk || flags != 0) |
7376 | return -EINVAL; |
7377 | if (!skb_at_tc_ingress(skb)) |
7378 | return -EOPNOTSUPP; |
7379 | if (unlikely(dev_net(skb->dev) != sock_net(sk))) |
7380 | return -ENETUNREACH; |
7381 | if (sk_unhashed(sk)) |
7382 | return -EOPNOTSUPP; |
7383 | if (sk_is_refcounted(sk) && |
7384 | unlikely(!refcount_inc_not_zero(&sk->sk_refcnt))) |
7385 | return -ENOENT; |
7386 | |
7387 | skb_orphan(skb); |
7388 | skb->sk = sk; |
7389 | skb->destructor = sock_pfree; |
7390 | |
7391 | return 0; |
7392 | } |
7393 | |
7394 | static const struct bpf_func_proto bpf_sk_assign_proto = { |
7395 | .func = bpf_sk_assign, |
7396 | .gpl_only = false, |
7397 | .ret_type = RET_INTEGER, |
7398 | .arg1_type = ARG_PTR_TO_CTX, |
7399 | .arg2_type = ARG_PTR_TO_BTF_ID_SOCK_COMMON, |
7400 | .arg3_type = ARG_ANYTHING, |
7401 | }; |
7402 | |
7403 | static const u8 *bpf_search_tcp_opt(const u8 *op, const u8 *opend, |
7404 | u8 search_kind, const u8 *magic, |
7405 | u8 magic_len, bool *eol) |
7406 | { |
7407 | u8 kind, kind_len; |
7408 | |
7409 | *eol = false; |
7410 | |
7411 | while (op < opend) { |
7412 | kind = op[0]; |
7413 | |
7414 | if (kind == TCPOPT_EOL) { |
7415 | *eol = true; |
7416 | return ERR_PTR(error: -ENOMSG); |
7417 | } else if (kind == TCPOPT_NOP) { |
7418 | op++; |
7419 | continue; |
7420 | } |
7421 | |
7422 | if (opend - op < 2 || opend - op < op[1] || op[1] < 2) |
7423 | /* Something is wrong in the received header. |
7424 | * Follow the TCP stack's tcp_parse_options() |
7425 | * and just bail here. |
7426 | */ |
7427 | return ERR_PTR(error: -EFAULT); |
7428 | |
7429 | kind_len = op[1]; |
7430 | if (search_kind == kind) { |
7431 | if (!magic_len) |
7432 | return op; |
7433 | |
7434 | if (magic_len > kind_len - 2) |
7435 | return ERR_PTR(error: -ENOMSG); |
7436 | |
7437 | if (!memcmp(p: &op[2], q: magic, size: magic_len)) |
7438 | return op; |
7439 | } |
7440 | |
7441 | op += kind_len; |
7442 | } |
7443 | |
7444 | return ERR_PTR(error: -ENOMSG); |
7445 | } |
7446 | |
7447 | BPF_CALL_4(bpf_sock_ops_load_hdr_opt, struct bpf_sock_ops_kern *, bpf_sock, |
7448 | void *, search_res, u32, len, u64, flags) |
7449 | { |
7450 | bool eol, load_syn = flags & BPF_LOAD_HDR_OPT_TCP_SYN; |
7451 | const u8 *op, *opend, *magic, *search = search_res; |
7452 | u8 search_kind, search_len, copy_len, magic_len; |
7453 | int ret; |
7454 | |
7455 | /* 2 byte is the minimal option len except TCPOPT_NOP and |
7456 | * TCPOPT_EOL which are useless for the bpf prog to learn |
7457 | * and this helper disallow loading them also. |
7458 | */ |
7459 | if (len < 2 || flags & ~BPF_LOAD_HDR_OPT_TCP_SYN) |
7460 | return -EINVAL; |
7461 | |
7462 | search_kind = search[0]; |
7463 | search_len = search[1]; |
7464 | |
7465 | if (search_len > len || search_kind == TCPOPT_NOP || |
7466 | search_kind == TCPOPT_EOL) |
7467 | return -EINVAL; |
7468 | |
7469 | if (search_kind == TCPOPT_EXP || search_kind == 253) { |
7470 | /* 16 or 32 bit magic. +2 for kind and kind length */ |
7471 | if (search_len != 4 && search_len != 6) |
7472 | return -EINVAL; |
7473 | magic = &search[2]; |
7474 | magic_len = search_len - 2; |
7475 | } else { |
7476 | if (search_len) |
7477 | return -EINVAL; |
7478 | magic = NULL; |
7479 | magic_len = 0; |
7480 | } |
7481 | |
7482 | if (load_syn) { |
7483 | ret = bpf_sock_ops_get_syn(bpf_sock, optname: TCP_BPF_SYN, start: &op); |
7484 | if (ret < 0) |
7485 | return ret; |
7486 | |
7487 | opend = op + ret; |
7488 | op += sizeof(struct tcphdr); |
7489 | } else { |
7490 | if (!bpf_sock->skb || |
7491 | bpf_sock->op == BPF_SOCK_OPS_HDR_OPT_LEN_CB) |
7492 | /* This bpf_sock->op cannot call this helper */ |
7493 | return -EPERM; |
7494 | |
7495 | opend = bpf_sock->skb_data_end; |
7496 | op = bpf_sock->skb->data + sizeof(struct tcphdr); |
7497 | } |
7498 | |
7499 | op = bpf_search_tcp_opt(op, opend, search_kind, magic, magic_len, |
7500 | eol: &eol); |
7501 | if (IS_ERR(ptr: op)) |
7502 | return PTR_ERR(ptr: op); |
7503 | |
7504 | copy_len = op[1]; |
7505 | ret = copy_len; |
7506 | if (copy_len > len) { |
7507 | ret = -ENOSPC; |
7508 | copy_len = len; |
7509 | } |
7510 | |
7511 | memcpy(search_res, op, copy_len); |
7512 | return ret; |
7513 | } |
7514 | |
7515 | static const struct bpf_func_proto bpf_sock_ops_load_hdr_opt_proto = { |
7516 | .func = bpf_sock_ops_load_hdr_opt, |
7517 | .gpl_only = false, |
7518 | .ret_type = RET_INTEGER, |
7519 | .arg1_type = ARG_PTR_TO_CTX, |
7520 | .arg2_type = ARG_PTR_TO_MEM, |
7521 | .arg3_type = ARG_CONST_SIZE, |
7522 | .arg4_type = ARG_ANYTHING, |
7523 | }; |
7524 | |
7525 | BPF_CALL_4(bpf_sock_ops_store_hdr_opt, struct bpf_sock_ops_kern *, bpf_sock, |
7526 | const void *, from, u32, len, u64, flags) |
7527 | { |
7528 | u8 new_kind, new_kind_len, magic_len = 0, *opend; |
7529 | const u8 *op, *new_op, *magic = NULL; |
7530 | struct sk_buff *skb; |
7531 | bool eol; |
7532 | |
7533 | if (bpf_sock->op != BPF_SOCK_OPS_WRITE_HDR_OPT_CB) |
7534 | return -EPERM; |
7535 | |
7536 | if (len < 2 || flags) |
7537 | return -EINVAL; |
7538 | |
7539 | new_op = from; |
7540 | new_kind = new_op[0]; |
7541 | new_kind_len = new_op[1]; |
7542 | |
7543 | if (new_kind_len > len || new_kind == TCPOPT_NOP || |
7544 | new_kind == TCPOPT_EOL) |
7545 | return -EINVAL; |
7546 | |
7547 | if (new_kind_len > bpf_sock->remaining_opt_len) |
7548 | return -ENOSPC; |
7549 | |
7550 | /* 253 is another experimental kind */ |
7551 | if (new_kind == TCPOPT_EXP || new_kind == 253) { |
7552 | if (new_kind_len < 4) |
7553 | return -EINVAL; |
7554 | /* Match for the 2 byte magic also. |
7555 | * RFC 6994: the magic could be 2 or 4 bytes. |
7556 | * Hence, matching by 2 byte only is on the |
7557 | * conservative side but it is the right |
7558 | * thing to do for the 'search-for-duplication' |
7559 | * purpose. |
7560 | */ |
7561 | magic = &new_op[2]; |
7562 | magic_len = 2; |
7563 | } |
7564 | |
7565 | /* Check for duplication */ |
7566 | skb = bpf_sock->skb; |
7567 | op = skb->data + sizeof(struct tcphdr); |
7568 | opend = bpf_sock->skb_data_end; |
7569 | |
7570 | op = bpf_search_tcp_opt(op, opend, search_kind: new_kind, magic, magic_len, |
7571 | eol: &eol); |
7572 | if (!IS_ERR(ptr: op)) |
7573 | return -EEXIST; |
7574 | |
7575 | if (PTR_ERR(ptr: op) != -ENOMSG) |
7576 | return PTR_ERR(ptr: op); |
7577 | |
7578 | if (eol) |
7579 | /* The option has been ended. Treat it as no more |
7580 | * header option can be written. |
7581 | */ |
7582 | return -ENOSPC; |
7583 | |
7584 | /* No duplication found. Store the header option. */ |
7585 | memcpy(opend, from, new_kind_len); |
7586 | |
7587 | bpf_sock->remaining_opt_len -= new_kind_len; |
7588 | bpf_sock->skb_data_end += new_kind_len; |
7589 | |
7590 | return 0; |
7591 | } |
7592 | |
7593 | static const struct bpf_func_proto bpf_sock_ops_store_hdr_opt_proto = { |
7594 | .func = bpf_sock_ops_store_hdr_opt, |
7595 | .gpl_only = false, |
7596 | .ret_type = RET_INTEGER, |
7597 | .arg1_type = ARG_PTR_TO_CTX, |
7598 | .arg2_type = ARG_PTR_TO_MEM | MEM_RDONLY, |
7599 | .arg3_type = ARG_CONST_SIZE, |
7600 | .arg4_type = ARG_ANYTHING, |
7601 | }; |
7602 | |
7603 | BPF_CALL_3(bpf_sock_ops_reserve_hdr_opt, struct bpf_sock_ops_kern *, bpf_sock, |
7604 | u32, len, u64, flags) |
7605 | { |
7606 | if (bpf_sock->op != BPF_SOCK_OPS_HDR_OPT_LEN_CB) |
7607 | return -EPERM; |
7608 | |
7609 | if (flags || len < 2) |
7610 | return -EINVAL; |
7611 | |
7612 | if (len > bpf_sock->remaining_opt_len) |
7613 | return -ENOSPC; |
7614 | |
7615 | bpf_sock->remaining_opt_len -= len; |
7616 | |
7617 | return 0; |
7618 | } |
7619 | |
7620 | static const struct bpf_func_proto bpf_sock_ops_reserve_hdr_opt_proto = { |
7621 | .func = bpf_sock_ops_reserve_hdr_opt, |
7622 | .gpl_only = false, |
7623 | .ret_type = RET_INTEGER, |
7624 | .arg1_type = ARG_PTR_TO_CTX, |
7625 | .arg2_type = ARG_ANYTHING, |
7626 | .arg3_type = ARG_ANYTHING, |
7627 | }; |
7628 | |
7629 | BPF_CALL_3(bpf_skb_set_tstamp, struct sk_buff *, skb, |
7630 | u64, tstamp, u32, tstamp_type) |
7631 | { |
7632 | /* skb_clear_delivery_time() is done for inet protocol */ |
7633 | if (skb->protocol != htons(ETH_P_IP) && |
7634 | skb->protocol != htons(ETH_P_IPV6)) |
7635 | return -EOPNOTSUPP; |
7636 | |
7637 | switch (tstamp_type) { |
7638 | case BPF_SKB_TSTAMP_DELIVERY_MONO: |
7639 | if (!tstamp) |
7640 | return -EINVAL; |
7641 | skb->tstamp = tstamp; |
7642 | skb->mono_delivery_time = 1; |
7643 | break; |
7644 | case BPF_SKB_TSTAMP_UNSPEC: |
7645 | if (tstamp) |
7646 | return -EINVAL; |
7647 | skb->tstamp = 0; |
7648 | skb->mono_delivery_time = 0; |
7649 | break; |
7650 | default: |
7651 | return -EINVAL; |
7652 | } |
7653 | |
7654 | return 0; |
7655 | } |
7656 | |
7657 | static const struct bpf_func_proto bpf_skb_set_tstamp_proto = { |
7658 | .func = bpf_skb_set_tstamp, |
7659 | .gpl_only = false, |
7660 | .ret_type = RET_INTEGER, |
7661 | .arg1_type = ARG_PTR_TO_CTX, |
7662 | .arg2_type = ARG_ANYTHING, |
7663 | .arg3_type = ARG_ANYTHING, |
7664 | }; |
7665 | |
7666 | #ifdef CONFIG_SYN_COOKIES |
7667 | BPF_CALL_3(bpf_tcp_raw_gen_syncookie_ipv4, struct iphdr *, iph, |
7668 | struct tcphdr *, th, u32, th_len) |
7669 | { |
7670 | u32 cookie; |
7671 | u16 mss; |
7672 | |
7673 | if (unlikely(th_len < sizeof(*th) || th_len != th->doff * 4)) |
7674 | return -EINVAL; |
7675 | |
7676 | mss = tcp_parse_mss_option(th, user_mss: 0) ?: TCP_MSS_DEFAULT; |
7677 | cookie = __cookie_v4_init_sequence(iph, th, mssp: &mss); |
7678 | |
7679 | return cookie | ((u64)mss << 32); |
7680 | } |
7681 | |
7682 | static const struct bpf_func_proto bpf_tcp_raw_gen_syncookie_ipv4_proto = { |
7683 | .func = bpf_tcp_raw_gen_syncookie_ipv4, |
7684 | .gpl_only = true, /* __cookie_v4_init_sequence() is GPL */ |
7685 | .pkt_access = true, |
7686 | .ret_type = RET_INTEGER, |
7687 | .arg1_type = ARG_PTR_TO_FIXED_SIZE_MEM, |
7688 | .arg1_size = sizeof(struct iphdr), |
7689 | .arg2_type = ARG_PTR_TO_MEM, |
7690 | .arg3_type = ARG_CONST_SIZE_OR_ZERO, |
7691 | }; |
7692 | |
7693 | BPF_CALL_3(bpf_tcp_raw_gen_syncookie_ipv6, struct ipv6hdr *, iph, |
7694 | struct tcphdr *, th, u32, th_len) |
7695 | { |
7696 | #if IS_BUILTIN(CONFIG_IPV6) |
7697 | const u16 mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - |
7698 | sizeof(struct ipv6hdr); |
7699 | u32 cookie; |
7700 | u16 mss; |
7701 | |
7702 | if (unlikely(th_len < sizeof(*th) || th_len != th->doff * 4)) |
7703 | return -EINVAL; |
7704 | |
7705 | mss = tcp_parse_mss_option(th, user_mss: 0) ?: mss_clamp; |
7706 | cookie = __cookie_v6_init_sequence(iph, th, mssp: &mss); |
7707 | |
7708 | return cookie | ((u64)mss << 32); |
7709 | #else |
7710 | return -EPROTONOSUPPORT; |
7711 | #endif |
7712 | } |
7713 | |
7714 | static const struct bpf_func_proto bpf_tcp_raw_gen_syncookie_ipv6_proto = { |
7715 | .func = bpf_tcp_raw_gen_syncookie_ipv6, |
7716 | .gpl_only = true, /* __cookie_v6_init_sequence() is GPL */ |
7717 | .pkt_access = true, |
7718 | .ret_type = RET_INTEGER, |
7719 | .arg1_type = ARG_PTR_TO_FIXED_SIZE_MEM, |
7720 | .arg1_size = sizeof(struct ipv6hdr), |
7721 | .arg2_type = ARG_PTR_TO_MEM, |
7722 | .arg3_type = ARG_CONST_SIZE_OR_ZERO, |
7723 | }; |
7724 | |
7725 | BPF_CALL_2(bpf_tcp_raw_check_syncookie_ipv4, struct iphdr *, iph, |
7726 | struct tcphdr *, th) |
7727 | { |
7728 | u32 cookie = ntohl(th->ack_seq) - 1; |
7729 | |
7730 | if (__cookie_v4_check(iph, th, cookie) > 0) |
7731 | return 0; |
7732 | |
7733 | return -EACCES; |
7734 | } |
7735 | |
7736 | static const struct bpf_func_proto bpf_tcp_raw_check_syncookie_ipv4_proto = { |
7737 | .func = bpf_tcp_raw_check_syncookie_ipv4, |
7738 | .gpl_only = true, /* __cookie_v4_check is GPL */ |
7739 | .pkt_access = true, |
7740 | .ret_type = RET_INTEGER, |
7741 | .arg1_type = ARG_PTR_TO_FIXED_SIZE_MEM, |
7742 | .arg1_size = sizeof(struct iphdr), |
7743 | .arg2_type = ARG_PTR_TO_FIXED_SIZE_MEM, |
7744 | .arg2_size = sizeof(struct tcphdr), |
7745 | }; |
7746 | |
7747 | BPF_CALL_2(bpf_tcp_raw_check_syncookie_ipv6, struct ipv6hdr *, iph, |
7748 | struct tcphdr *, th) |
7749 | { |
7750 | #if IS_BUILTIN(CONFIG_IPV6) |
7751 | u32 cookie = ntohl(th->ack_seq) - 1; |
7752 | |
7753 | if (__cookie_v6_check(iph, th, cookie) > 0) |
7754 | return 0; |
7755 | |
7756 | return -EACCES; |
7757 | #else |
7758 | return -EPROTONOSUPPORT; |
7759 | #endif |
7760 | } |
7761 | |
7762 | static const struct bpf_func_proto bpf_tcp_raw_check_syncookie_ipv6_proto = { |
7763 | .func = bpf_tcp_raw_check_syncookie_ipv6, |
7764 | .gpl_only = true, /* __cookie_v6_check is GPL */ |
7765 | .pkt_access = true, |
7766 | .ret_type = RET_INTEGER, |
7767 | .arg1_type = ARG_PTR_TO_FIXED_SIZE_MEM, |
7768 | .arg1_size = sizeof(struct ipv6hdr), |
7769 | .arg2_type = ARG_PTR_TO_FIXED_SIZE_MEM, |
7770 | .arg2_size = sizeof(struct tcphdr), |
7771 | }; |
7772 | #endif /* CONFIG_SYN_COOKIES */ |
7773 | |
7774 | #endif /* CONFIG_INET */ |
7775 | |
7776 | bool bpf_helper_changes_pkt_data(void *func) |
7777 | { |
7778 | if (func == bpf_skb_vlan_push || |
7779 | func == bpf_skb_vlan_pop || |
7780 | func == bpf_skb_store_bytes || |
7781 | func == bpf_skb_change_proto || |
7782 | func == bpf_skb_change_head || |
7783 | func == sk_skb_change_head || |
7784 | func == bpf_skb_change_tail || |
7785 | func == sk_skb_change_tail || |
7786 | func == bpf_skb_adjust_room || |
7787 | func == sk_skb_adjust_room || |
7788 | func == bpf_skb_pull_data || |
7789 | func == sk_skb_pull_data || |
7790 | func == bpf_clone_redirect || |
7791 | func == bpf_l3_csum_replace || |
7792 | func == bpf_l4_csum_replace || |
7793 | func == bpf_xdp_adjust_head || |
7794 | func == bpf_xdp_adjust_meta || |
7795 | func == bpf_msg_pull_data || |
7796 | func == bpf_msg_push_data || |
7797 | func == bpf_msg_pop_data || |
7798 | func == bpf_xdp_adjust_tail || |
7799 | #if IS_ENABLED(CONFIG_IPV6_SEG6_BPF) |
7800 | func == bpf_lwt_seg6_store_bytes || |
7801 | func == bpf_lwt_seg6_adjust_srh || |
7802 | func == bpf_lwt_seg6_action || |
7803 | #endif |
7804 | #ifdef CONFIG_INET |
7805 | func == bpf_sock_ops_store_hdr_opt || |
7806 | #endif |
7807 | func == bpf_lwt_in_push_encap || |
7808 | func == bpf_lwt_xmit_push_encap) |
7809 | return true; |
7810 | |
7811 | return false; |
7812 | } |
7813 | |
7814 | const struct bpf_func_proto bpf_event_output_data_proto __weak; |
7815 | const struct bpf_func_proto bpf_sk_storage_get_cg_sock_proto __weak; |
7816 | |
7817 | static const struct bpf_func_proto * |
7818 | sock_filter_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog) |
7819 | { |
7820 | const struct bpf_func_proto *func_proto; |
7821 | |
7822 | func_proto = cgroup_common_func_proto(func_id, prog); |
7823 | if (func_proto) |
7824 | return func_proto; |
7825 | |
7826 | func_proto = cgroup_current_func_proto(func_id, prog); |
7827 | if (func_proto) |
7828 | return func_proto; |
7829 | |
7830 | switch (func_id) { |
7831 | case BPF_FUNC_get_socket_cookie: |
7832 | return &bpf_get_socket_cookie_sock_proto; |
7833 | case BPF_FUNC_get_netns_cookie: |
7834 | return &bpf_get_netns_cookie_sock_proto; |
7835 | case BPF_FUNC_perf_event_output: |
7836 | return &bpf_event_output_data_proto; |
7837 | case BPF_FUNC_sk_storage_get: |
7838 | return &bpf_sk_storage_get_cg_sock_proto; |
7839 | case BPF_FUNC_ktime_get_coarse_ns: |
7840 | return &bpf_ktime_get_coarse_ns_proto; |
7841 | default: |
7842 | return bpf_base_func_proto(func_id); |
7843 | } |
7844 | } |
7845 | |
7846 | static const struct bpf_func_proto * |
7847 | sock_addr_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog) |
7848 | { |
7849 | const struct bpf_func_proto *func_proto; |
7850 | |
7851 | func_proto = cgroup_common_func_proto(func_id, prog); |
7852 | if (func_proto) |
7853 | return func_proto; |
7854 | |
7855 | func_proto = cgroup_current_func_proto(func_id, prog); |
7856 | if (func_proto) |
7857 | return func_proto; |
7858 | |
7859 | switch (func_id) { |
7860 | case BPF_FUNC_bind: |
7861 | switch (prog->expected_attach_type) { |
7862 | case BPF_CGROUP_INET4_CONNECT: |
7863 | case BPF_CGROUP_INET6_CONNECT: |
7864 | return &bpf_bind_proto; |
7865 | default: |
7866 | return NULL; |
7867 | } |
7868 | case BPF_FUNC_get_socket_cookie: |
7869 | return &bpf_get_socket_cookie_sock_addr_proto; |
7870 | case BPF_FUNC_get_netns_cookie: |
7871 | return &bpf_get_netns_cookie_sock_addr_proto; |
7872 | case BPF_FUNC_perf_event_output: |
7873 | return &bpf_event_output_data_proto; |
7874 | #ifdef CONFIG_INET |
7875 | case BPF_FUNC_sk_lookup_tcp: |
7876 | return &bpf_sock_addr_sk_lookup_tcp_proto; |
7877 | case BPF_FUNC_sk_lookup_udp: |
7878 | return &bpf_sock_addr_sk_lookup_udp_proto; |
7879 | case BPF_FUNC_sk_release: |
7880 | return &bpf_sk_release_proto; |
7881 | case BPF_FUNC_skc_lookup_tcp: |
7882 | return &bpf_sock_addr_skc_lookup_tcp_proto; |
7883 | #endif /* CONFIG_INET */ |
7884 | case BPF_FUNC_sk_storage_get: |
7885 | return &bpf_sk_storage_get_proto; |
7886 | case BPF_FUNC_sk_storage_delete: |
7887 | return &bpf_sk_storage_delete_proto; |
7888 | case BPF_FUNC_setsockopt: |
7889 | switch (prog->expected_attach_type) { |
7890 | case BPF_CGROUP_INET4_BIND: |
7891 | case BPF_CGROUP_INET6_BIND: |
7892 | case BPF_CGROUP_INET4_CONNECT: |
7893 | case BPF_CGROUP_INET6_CONNECT: |
7894 | case BPF_CGROUP_UNIX_CONNECT: |
7895 | case BPF_CGROUP_UDP4_RECVMSG: |
7896 | case BPF_CGROUP_UDP6_RECVMSG: |
7897 | case BPF_CGROUP_UNIX_RECVMSG: |
7898 | case BPF_CGROUP_UDP4_SENDMSG: |
7899 | case BPF_CGROUP_UDP6_SENDMSG: |
7900 | case BPF_CGROUP_UNIX_SENDMSG: |
7901 | case BPF_CGROUP_INET4_GETPEERNAME: |
7902 | case BPF_CGROUP_INET6_GETPEERNAME: |
7903 | case BPF_CGROUP_UNIX_GETPEERNAME: |
7904 | case BPF_CGROUP_INET4_GETSOCKNAME: |
7905 | case BPF_CGROUP_INET6_GETSOCKNAME: |
7906 | case BPF_CGROUP_UNIX_GETSOCKNAME: |
7907 | return &bpf_sock_addr_setsockopt_proto; |
7908 | default: |
7909 | return NULL; |
7910 | } |
7911 | case BPF_FUNC_getsockopt: |
7912 | switch (prog->expected_attach_type) { |
7913 | case BPF_CGROUP_INET4_BIND: |
7914 | case BPF_CGROUP_INET6_BIND: |
7915 | case BPF_CGROUP_INET4_CONNECT: |
7916 | case BPF_CGROUP_INET6_CONNECT: |
7917 | case BPF_CGROUP_UNIX_CONNECT: |
7918 | case BPF_CGROUP_UDP4_RECVMSG: |
7919 | case BPF_CGROUP_UDP6_RECVMSG: |
7920 | case BPF_CGROUP_UNIX_RECVMSG: |
7921 | case BPF_CGROUP_UDP4_SENDMSG: |
7922 | case BPF_CGROUP_UDP6_SENDMSG: |
7923 | case BPF_CGROUP_UNIX_SENDMSG: |
7924 | case BPF_CGROUP_INET4_GETPEERNAME: |
7925 | case BPF_CGROUP_INET6_GETPEERNAME: |
7926 | case BPF_CGROUP_UNIX_GETPEERNAME: |
7927 | case BPF_CGROUP_INET4_GETSOCKNAME: |
7928 | case BPF_CGROUP_INET6_GETSOCKNAME: |
7929 | case BPF_CGROUP_UNIX_GETSOCKNAME: |
7930 | return &bpf_sock_addr_getsockopt_proto; |
7931 | default: |
7932 | return NULL; |
7933 | } |
7934 | default: |
7935 | return bpf_sk_base_func_proto(func_id); |
7936 | } |
7937 | } |
7938 | |
7939 | static const struct bpf_func_proto * |
7940 | sk_filter_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog) |
7941 | { |
7942 | switch (func_id) { |
7943 | case BPF_FUNC_skb_load_bytes: |
7944 | return &bpf_skb_load_bytes_proto; |
7945 | case BPF_FUNC_skb_load_bytes_relative: |
7946 | return &bpf_skb_load_bytes_relative_proto; |
7947 | case BPF_FUNC_get_socket_cookie: |
7948 | return &bpf_get_socket_cookie_proto; |
7949 | case BPF_FUNC_get_socket_uid: |
7950 | return &bpf_get_socket_uid_proto; |
7951 | case BPF_FUNC_perf_event_output: |
7952 | return &bpf_skb_event_output_proto; |
7953 | default: |
7954 | return bpf_sk_base_func_proto(func_id); |
7955 | } |
7956 | } |
7957 | |
7958 | const struct bpf_func_proto bpf_sk_storage_get_proto __weak; |
7959 | const struct bpf_func_proto bpf_sk_storage_delete_proto __weak; |
7960 | |
7961 | static const struct bpf_func_proto * |
7962 | cg_skb_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog) |
7963 | { |
7964 | const struct bpf_func_proto *func_proto; |
7965 | |
7966 | func_proto = cgroup_common_func_proto(func_id, prog); |
7967 | if (func_proto) |
7968 | return func_proto; |
7969 | |
7970 | switch (func_id) { |
7971 | case BPF_FUNC_sk_fullsock: |
7972 | return &bpf_sk_fullsock_proto; |
7973 | case BPF_FUNC_sk_storage_get: |
7974 | return &bpf_sk_storage_get_proto; |
7975 | case BPF_FUNC_sk_storage_delete: |
7976 | return &bpf_sk_storage_delete_proto; |
7977 | case BPF_FUNC_perf_event_output: |
7978 | return &bpf_skb_event_output_proto; |
7979 | #ifdef CONFIG_SOCK_CGROUP_DATA |
7980 | case BPF_FUNC_skb_cgroup_id: |
7981 | return &bpf_skb_cgroup_id_proto; |
7982 | case BPF_FUNC_skb_ancestor_cgroup_id: |
7983 | return &bpf_skb_ancestor_cgroup_id_proto; |
7984 | case BPF_FUNC_sk_cgroup_id: |
7985 | return &bpf_sk_cgroup_id_proto; |
7986 | case BPF_FUNC_sk_ancestor_cgroup_id: |
7987 | return &bpf_sk_ancestor_cgroup_id_proto; |
7988 | #endif |
7989 | #ifdef CONFIG_INET |
7990 | case BPF_FUNC_sk_lookup_tcp: |
7991 | return &bpf_sk_lookup_tcp_proto; |
7992 | case BPF_FUNC_sk_lookup_udp: |
7993 | return &bpf_sk_lookup_udp_proto; |
7994 | case BPF_FUNC_sk_release: |
7995 | return &bpf_sk_release_proto; |
7996 | case BPF_FUNC_skc_lookup_tcp: |
7997 | return &bpf_skc_lookup_tcp_proto; |
7998 | case BPF_FUNC_tcp_sock: |
7999 | return &bpf_tcp_sock_proto; |
8000 | case BPF_FUNC_get_listener_sock: |
8001 | return &bpf_get_listener_sock_proto; |
8002 | case BPF_FUNC_skb_ecn_set_ce: |
8003 | return &bpf_skb_ecn_set_ce_proto; |
8004 | #endif |
8005 | default: |
8006 | return sk_filter_func_proto(func_id, prog); |
8007 | } |
8008 | } |
8009 | |
8010 | static const struct bpf_func_proto * |
8011 | tc_cls_act_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog) |
8012 | { |
8013 | switch (func_id) { |
8014 | case BPF_FUNC_skb_store_bytes: |
8015 | return &bpf_skb_store_bytes_proto; |
8016 | case BPF_FUNC_skb_load_bytes: |
8017 | return &bpf_skb_load_bytes_proto; |
8018 | case BPF_FUNC_skb_load_bytes_relative: |
8019 | return &bpf_skb_load_bytes_relative_proto; |
8020 | case BPF_FUNC_skb_pull_data: |
8021 | return &bpf_skb_pull_data_proto; |
8022 | case BPF_FUNC_csum_diff: |
8023 | return &bpf_csum_diff_proto; |
8024 | case BPF_FUNC_csum_update: |
8025 | return &bpf_csum_update_proto; |
8026 | case BPF_FUNC_csum_level: |
8027 | return &bpf_csum_level_proto; |
8028 | case BPF_FUNC_l3_csum_replace: |
8029 | return &bpf_l3_csum_replace_proto; |
8030 | case BPF_FUNC_l4_csum_replace: |
8031 | return &bpf_l4_csum_replace_proto; |
8032 | case BPF_FUNC_clone_redirect: |
8033 | return &bpf_clone_redirect_proto; |
8034 | case BPF_FUNC_get_cgroup_classid: |
8035 | return &bpf_get_cgroup_classid_proto; |
8036 | case BPF_FUNC_skb_vlan_push: |
8037 | return &bpf_skb_vlan_push_proto; |
8038 | case BPF_FUNC_skb_vlan_pop: |
8039 | return &bpf_skb_vlan_pop_proto; |
8040 | case BPF_FUNC_skb_change_proto: |
8041 | return &bpf_skb_change_proto_proto; |
8042 | case BPF_FUNC_skb_change_type: |
8043 | return &bpf_skb_change_type_proto; |
8044 | case BPF_FUNC_skb_adjust_room: |
8045 | return &bpf_skb_adjust_room_proto; |
8046 | case BPF_FUNC_skb_change_tail: |
8047 | return &bpf_skb_change_tail_proto; |
8048 | case BPF_FUNC_skb_change_head: |
8049 | return &bpf_skb_change_head_proto; |
8050 | case BPF_FUNC_skb_get_tunnel_key: |
8051 | return &bpf_skb_get_tunnel_key_proto; |
8052 | case BPF_FUNC_skb_set_tunnel_key: |
8053 | return bpf_get_skb_set_tunnel_proto(which: func_id); |
8054 | case BPF_FUNC_skb_get_tunnel_opt: |
8055 | return &bpf_skb_get_tunnel_opt_proto; |
8056 | case BPF_FUNC_skb_set_tunnel_opt: |
8057 | return bpf_get_skb_set_tunnel_proto(which: func_id); |
8058 | case BPF_FUNC_redirect: |
8059 | return &bpf_redirect_proto; |
8060 | case BPF_FUNC_redirect_neigh: |
8061 | return &bpf_redirect_neigh_proto; |
8062 | case BPF_FUNC_redirect_peer: |
8063 | return &bpf_redirect_peer_proto; |
8064 | case BPF_FUNC_get_route_realm: |
8065 | return &bpf_get_route_realm_proto; |
8066 | case BPF_FUNC_get_hash_recalc: |
8067 | return &bpf_get_hash_recalc_proto; |
8068 | case BPF_FUNC_set_hash_invalid: |
8069 | return &bpf_set_hash_invalid_proto; |
8070 | case BPF_FUNC_set_hash: |
8071 | return &bpf_set_hash_proto; |
8072 | case BPF_FUNC_perf_event_output: |
8073 | return &bpf_skb_event_output_proto; |
8074 | case BPF_FUNC_get_smp_processor_id: |
8075 | return &bpf_get_smp_processor_id_proto; |
8076 | case BPF_FUNC_skb_under_cgroup: |
8077 | return &bpf_skb_under_cgroup_proto; |
8078 | case BPF_FUNC_get_socket_cookie: |
8079 | return &bpf_get_socket_cookie_proto; |
8080 | case BPF_FUNC_get_socket_uid: |
8081 | return &bpf_get_socket_uid_proto; |
8082 | case BPF_FUNC_fib_lookup: |
8083 | return &bpf_skb_fib_lookup_proto; |
8084 | case BPF_FUNC_check_mtu: |
8085 | return &bpf_skb_check_mtu_proto; |
8086 | case BPF_FUNC_sk_fullsock: |
8087 | return &bpf_sk_fullsock_proto; |
8088 | case BPF_FUNC_sk_storage_get: |
8089 | return &bpf_sk_storage_get_proto; |
8090 | case BPF_FUNC_sk_storage_delete: |
8091 | return &bpf_sk_storage_delete_proto; |
8092 | #ifdef CONFIG_XFRM |
8093 | case BPF_FUNC_skb_get_xfrm_state: |
8094 | return &bpf_skb_get_xfrm_state_proto; |
8095 | #endif |
8096 | #ifdef CONFIG_CGROUP_NET_CLASSID |
8097 | case BPF_FUNC_skb_cgroup_classid: |
8098 | return &bpf_skb_cgroup_classid_proto; |
8099 | #endif |
8100 | #ifdef CONFIG_SOCK_CGROUP_DATA |
8101 | case BPF_FUNC_skb_cgroup_id: |
8102 | return &bpf_skb_cgroup_id_proto; |
8103 | case BPF_FUNC_skb_ancestor_cgroup_id: |
8104 | return &bpf_skb_ancestor_cgroup_id_proto; |
8105 | #endif |
8106 | #ifdef CONFIG_INET |
8107 | case BPF_FUNC_sk_lookup_tcp: |
8108 | return &bpf_tc_sk_lookup_tcp_proto; |
8109 | case BPF_FUNC_sk_lookup_udp: |
8110 | return &bpf_tc_sk_lookup_udp_proto; |
8111 | case BPF_FUNC_sk_release: |
8112 | return &bpf_sk_release_proto; |
8113 | case BPF_FUNC_tcp_sock: |
8114 | return &bpf_tcp_sock_proto; |
8115 | case BPF_FUNC_get_listener_sock: |
8116 | return &bpf_get_listener_sock_proto; |
8117 | case BPF_FUNC_skc_lookup_tcp: |
8118 | return &bpf_tc_skc_lookup_tcp_proto; |
8119 | case BPF_FUNC_tcp_check_syncookie: |
8120 | return &bpf_tcp_check_syncookie_proto; |
8121 | case BPF_FUNC_skb_ecn_set_ce: |
8122 | return &bpf_skb_ecn_set_ce_proto; |
8123 | case BPF_FUNC_tcp_gen_syncookie: |
8124 | return &bpf_tcp_gen_syncookie_proto; |
8125 | case BPF_FUNC_sk_assign: |
8126 | return &bpf_sk_assign_proto; |
8127 | case BPF_FUNC_skb_set_tstamp: |
8128 | return &bpf_skb_set_tstamp_proto; |
8129 | #ifdef CONFIG_SYN_COOKIES |
8130 | case BPF_FUNC_tcp_raw_gen_syncookie_ipv4: |
8131 | return &bpf_tcp_raw_gen_syncookie_ipv4_proto; |
8132 | case BPF_FUNC_tcp_raw_gen_syncookie_ipv6: |
8133 | return &bpf_tcp_raw_gen_syncookie_ipv6_proto; |
8134 | case BPF_FUNC_tcp_raw_check_syncookie_ipv4: |
8135 | return &bpf_tcp_raw_check_syncookie_ipv4_proto; |
8136 | case BPF_FUNC_tcp_raw_check_syncookie_ipv6: |
8137 | return &bpf_tcp_raw_check_syncookie_ipv6_proto; |
8138 | #endif |
8139 | #endif |
8140 | default: |
8141 | return bpf_sk_base_func_proto(func_id); |
8142 | } |
8143 | } |
8144 | |
8145 | static const struct bpf_func_proto * |
8146 | xdp_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog) |
8147 | { |
8148 | switch (func_id) { |
8149 | case BPF_FUNC_perf_event_output: |
8150 | return &bpf_xdp_event_output_proto; |
8151 | case BPF_FUNC_get_smp_processor_id: |
8152 | return &bpf_get_smp_processor_id_proto; |
8153 | case BPF_FUNC_csum_diff: |
8154 | return &bpf_csum_diff_proto; |
8155 | case BPF_FUNC_xdp_adjust_head: |
8156 | return &bpf_xdp_adjust_head_proto; |
8157 | case BPF_FUNC_xdp_adjust_meta: |
8158 | return &bpf_xdp_adjust_meta_proto; |
8159 | case BPF_FUNC_redirect: |
8160 | return &bpf_xdp_redirect_proto; |
8161 | case BPF_FUNC_redirect_map: |
8162 | return &bpf_xdp_redirect_map_proto; |
8163 | case BPF_FUNC_xdp_adjust_tail: |
8164 | return &bpf_xdp_adjust_tail_proto; |
8165 | case BPF_FUNC_xdp_get_buff_len: |
8166 | return &bpf_xdp_get_buff_len_proto; |
8167 | case BPF_FUNC_xdp_load_bytes: |
8168 | return &bpf_xdp_load_bytes_proto; |
8169 | case BPF_FUNC_xdp_store_bytes: |
8170 | return &bpf_xdp_store_bytes_proto; |
8171 | case BPF_FUNC_fib_lookup: |
8172 | return &bpf_xdp_fib_lookup_proto; |
8173 | case BPF_FUNC_check_mtu: |
8174 | return &bpf_xdp_check_mtu_proto; |
8175 | #ifdef CONFIG_INET |
8176 | case BPF_FUNC_sk_lookup_udp: |
8177 | return &bpf_xdp_sk_lookup_udp_proto; |
8178 | case BPF_FUNC_sk_lookup_tcp: |
8179 | return &bpf_xdp_sk_lookup_tcp_proto; |
8180 | case BPF_FUNC_sk_release: |
8181 | return &bpf_sk_release_proto; |
8182 | case BPF_FUNC_skc_lookup_tcp: |
8183 | return &bpf_xdp_skc_lookup_tcp_proto; |
8184 | case BPF_FUNC_tcp_check_syncookie: |
8185 | return &bpf_tcp_check_syncookie_proto; |
8186 | case BPF_FUNC_tcp_gen_syncookie: |
8187 | return &bpf_tcp_gen_syncookie_proto; |
8188 | #ifdef CONFIG_SYN_COOKIES |
8189 | case BPF_FUNC_tcp_raw_gen_syncookie_ipv4: |
8190 | return &bpf_tcp_raw_gen_syncookie_ipv4_proto; |
8191 | case BPF_FUNC_tcp_raw_gen_syncookie_ipv6: |
8192 | return &bpf_tcp_raw_gen_syncookie_ipv6_proto; |
8193 | case BPF_FUNC_tcp_raw_check_syncookie_ipv4: |
8194 | return &bpf_tcp_raw_check_syncookie_ipv4_proto; |
8195 | case BPF_FUNC_tcp_raw_check_syncookie_ipv6: |
8196 | return &bpf_tcp_raw_check_syncookie_ipv6_proto; |
8197 | #endif |
8198 | #endif |
8199 | default: |
8200 | return bpf_sk_base_func_proto(func_id); |
8201 | } |
8202 | |
8203 | #if IS_MODULE(CONFIG_NF_CONNTRACK) && IS_ENABLED(CONFIG_DEBUG_INFO_BTF_MODULES) |
8204 | /* The nf_conn___init type is used in the NF_CONNTRACK kfuncs. The |
8205 | * kfuncs are defined in two different modules, and we want to be able |
8206 | * to use them interchangably with the same BTF type ID. Because modules |
8207 | * can't de-duplicate BTF IDs between each other, we need the type to be |
8208 | * referenced in the vmlinux BTF or the verifier will get confused about |
8209 | * the different types. So we add this dummy type reference which will |
8210 | * be included in vmlinux BTF, allowing both modules to refer to the |
8211 | * same type ID. |
8212 | */ |
8213 | BTF_TYPE_EMIT(struct nf_conn___init); |
8214 | #endif |
8215 | } |
8216 | |
8217 | const struct bpf_func_proto bpf_sock_map_update_proto __weak; |
8218 | const struct bpf_func_proto bpf_sock_hash_update_proto __weak; |
8219 | |
8220 | static const struct bpf_func_proto * |
8221 | sock_ops_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog) |
8222 | { |
8223 | const struct bpf_func_proto *func_proto; |
8224 | |
8225 | func_proto = cgroup_common_func_proto(func_id, prog); |
8226 | if (func_proto) |
8227 | return func_proto; |
8228 | |
8229 | switch (func_id) { |
8230 | case BPF_FUNC_setsockopt: |
8231 | return &bpf_sock_ops_setsockopt_proto; |
8232 | case BPF_FUNC_getsockopt: |
8233 | return &bpf_sock_ops_getsockopt_proto; |
8234 | case BPF_FUNC_sock_ops_cb_flags_set: |
8235 | return &bpf_sock_ops_cb_flags_set_proto; |
8236 | case BPF_FUNC_sock_map_update: |
8237 | return &bpf_sock_map_update_proto; |
8238 | case BPF_FUNC_sock_hash_update: |
8239 | return &bpf_sock_hash_update_proto; |
8240 | case BPF_FUNC_get_socket_cookie: |
8241 | return &bpf_get_socket_cookie_sock_ops_proto; |
8242 | case BPF_FUNC_perf_event_output: |
8243 | return &bpf_event_output_data_proto; |
8244 | case BPF_FUNC_sk_storage_get: |
8245 | return &bpf_sk_storage_get_proto; |
8246 | case BPF_FUNC_sk_storage_delete: |
8247 | return &bpf_sk_storage_delete_proto; |
8248 | case BPF_FUNC_get_netns_cookie: |
8249 | return &bpf_get_netns_cookie_sock_ops_proto; |
8250 | #ifdef CONFIG_INET |
8251 | case BPF_FUNC_load_hdr_opt: |
8252 | return &bpf_sock_ops_load_hdr_opt_proto; |
8253 | case BPF_FUNC_store_hdr_opt: |
8254 | return &bpf_sock_ops_store_hdr_opt_proto; |
8255 | case BPF_FUNC_reserve_hdr_opt: |
8256 | return &bpf_sock_ops_reserve_hdr_opt_proto; |
8257 | case BPF_FUNC_tcp_sock: |
8258 | return &bpf_tcp_sock_proto; |
8259 | #endif /* CONFIG_INET */ |
8260 | default: |
8261 | return bpf_sk_base_func_proto(func_id); |
8262 | } |
8263 | } |
8264 | |
8265 | const struct bpf_func_proto bpf_msg_redirect_map_proto __weak; |
8266 | const struct bpf_func_proto bpf_msg_redirect_hash_proto __weak; |
8267 | |
8268 | static const struct bpf_func_proto * |
8269 | sk_msg_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog) |
8270 | { |
8271 | switch (func_id) { |
8272 | case BPF_FUNC_msg_redirect_map: |
8273 | return &bpf_msg_redirect_map_proto; |
8274 | case BPF_FUNC_msg_redirect_hash: |
8275 | return &bpf_msg_redirect_hash_proto; |
8276 | case BPF_FUNC_msg_apply_bytes: |
8277 | return &bpf_msg_apply_bytes_proto; |
8278 | case BPF_FUNC_msg_cork_bytes: |
8279 | return &bpf_msg_cork_bytes_proto; |
8280 | case BPF_FUNC_msg_pull_data: |
8281 | return &bpf_msg_pull_data_proto; |
8282 | case BPF_FUNC_msg_push_data: |
8283 | return &bpf_msg_push_data_proto; |
8284 | case BPF_FUNC_msg_pop_data: |
8285 | return &bpf_msg_pop_data_proto; |
8286 | case BPF_FUNC_perf_event_output: |
8287 | return &bpf_event_output_data_proto; |
8288 | case BPF_FUNC_get_current_uid_gid: |
8289 | return &bpf_get_current_uid_gid_proto; |
8290 | case BPF_FUNC_get_current_pid_tgid: |
8291 | return &bpf_get_current_pid_tgid_proto; |
8292 | case BPF_FUNC_sk_storage_get: |
8293 | return &bpf_sk_storage_get_proto; |
8294 | case BPF_FUNC_sk_storage_delete: |
8295 | return &bpf_sk_storage_delete_proto; |
8296 | case BPF_FUNC_get_netns_cookie: |
8297 | return &bpf_get_netns_cookie_sk_msg_proto; |
8298 | #ifdef CONFIG_CGROUP_NET_CLASSID |
8299 | case BPF_FUNC_get_cgroup_classid: |
8300 | return &bpf_get_cgroup_classid_curr_proto; |
8301 | #endif |
8302 | default: |
8303 | return bpf_sk_base_func_proto(func_id); |
8304 | } |
8305 | } |
8306 | |
8307 | const struct bpf_func_proto bpf_sk_redirect_map_proto __weak; |
8308 | const struct bpf_func_proto bpf_sk_redirect_hash_proto __weak; |
8309 | |
8310 | static const struct bpf_func_proto * |
8311 | sk_skb_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog) |
8312 | { |
8313 | switch (func_id) { |
8314 | case BPF_FUNC_skb_store_bytes: |
8315 | return &bpf_skb_store_bytes_proto; |
8316 | case BPF_FUNC_skb_load_bytes: |
8317 | return &bpf_skb_load_bytes_proto; |
8318 | case BPF_FUNC_skb_pull_data: |
8319 | return &sk_skb_pull_data_proto; |
8320 | case BPF_FUNC_skb_change_tail: |
8321 | return &sk_skb_change_tail_proto; |
8322 | case BPF_FUNC_skb_change_head: |
8323 | return &sk_skb_change_head_proto; |
8324 | case BPF_FUNC_skb_adjust_room: |
8325 | return &sk_skb_adjust_room_proto; |
8326 | case BPF_FUNC_get_socket_cookie: |
8327 | return &bpf_get_socket_cookie_proto; |
8328 | case BPF_FUNC_get_socket_uid: |
8329 | return &bpf_get_socket_uid_proto; |
8330 | case BPF_FUNC_sk_redirect_map: |
8331 | return &bpf_sk_redirect_map_proto; |
8332 | case BPF_FUNC_sk_redirect_hash: |
8333 | return &bpf_sk_redirect_hash_proto; |
8334 | case BPF_FUNC_perf_event_output: |
8335 | return &bpf_skb_event_output_proto; |
8336 | #ifdef CONFIG_INET |
8337 | case BPF_FUNC_sk_lookup_tcp: |
8338 | return &bpf_sk_lookup_tcp_proto; |
8339 | case BPF_FUNC_sk_lookup_udp: |
8340 | return &bpf_sk_lookup_udp_proto; |
8341 | case BPF_FUNC_sk_release: |
8342 | return &bpf_sk_release_proto; |
8343 | case BPF_FUNC_skc_lookup_tcp: |
8344 | return &bpf_skc_lookup_tcp_proto; |
8345 | #endif |
8346 | default: |
8347 | return bpf_sk_base_func_proto(func_id); |
8348 | } |
8349 | } |
8350 | |
8351 | static const struct bpf_func_proto * |
8352 | flow_dissector_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog) |
8353 | { |
8354 | switch (func_id) { |
8355 | case BPF_FUNC_skb_load_bytes: |
8356 | return &bpf_flow_dissector_load_bytes_proto; |
8357 | default: |
8358 | return bpf_sk_base_func_proto(func_id); |
8359 | } |
8360 | } |
8361 | |
8362 | static const struct bpf_func_proto * |
8363 | lwt_out_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog) |
8364 | { |
8365 | switch (func_id) { |
8366 | case BPF_FUNC_skb_load_bytes: |
8367 | return &bpf_skb_load_bytes_proto; |
8368 | case BPF_FUNC_skb_pull_data: |
8369 | return &bpf_skb_pull_data_proto; |
8370 | case BPF_FUNC_csum_diff: |
8371 | return &bpf_csum_diff_proto; |
8372 | case BPF_FUNC_get_cgroup_classid: |
8373 | return &bpf_get_cgroup_classid_proto; |
8374 | case BPF_FUNC_get_route_realm: |
8375 | return &bpf_get_route_realm_proto; |
8376 | case BPF_FUNC_get_hash_recalc: |
8377 | return &bpf_get_hash_recalc_proto; |
8378 | case BPF_FUNC_perf_event_output: |
8379 | return &bpf_skb_event_output_proto; |
8380 | case BPF_FUNC_get_smp_processor_id: |
8381 | return &bpf_get_smp_processor_id_proto; |
8382 | case BPF_FUNC_skb_under_cgroup: |
8383 | return &bpf_skb_under_cgroup_proto; |
8384 | default: |
8385 | return bpf_sk_base_func_proto(func_id); |
8386 | } |
8387 | } |
8388 | |
8389 | static const struct bpf_func_proto * |
8390 | lwt_in_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog) |
8391 | { |
8392 | switch (func_id) { |
8393 | case BPF_FUNC_lwt_push_encap: |
8394 | return &bpf_lwt_in_push_encap_proto; |
8395 | default: |
8396 | return lwt_out_func_proto(func_id, prog); |
8397 | } |
8398 | } |
8399 | |
8400 | static const struct bpf_func_proto * |
8401 | lwt_xmit_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog) |
8402 | { |
8403 | switch (func_id) { |
8404 | case BPF_FUNC_skb_get_tunnel_key: |
8405 | return &bpf_skb_get_tunnel_key_proto; |
8406 | case BPF_FUNC_skb_set_tunnel_key: |
8407 | return bpf_get_skb_set_tunnel_proto(which: func_id); |
8408 | case BPF_FUNC_skb_get_tunnel_opt: |
8409 | return &bpf_skb_get_tunnel_opt_proto; |
8410 | case BPF_FUNC_skb_set_tunnel_opt: |
8411 | return bpf_get_skb_set_tunnel_proto(which: func_id); |
8412 | case BPF_FUNC_redirect: |
8413 | return &bpf_redirect_proto; |
8414 | case BPF_FUNC_clone_redirect: |
8415 | return &bpf_clone_redirect_proto; |
8416 | case BPF_FUNC_skb_change_tail: |
8417 | return &bpf_skb_change_tail_proto; |
8418 | case BPF_FUNC_skb_change_head: |
8419 | return &bpf_skb_change_head_proto; |
8420 | case BPF_FUNC_skb_store_bytes: |
8421 | return &bpf_skb_store_bytes_proto; |
8422 | case BPF_FUNC_csum_update: |
8423 | return &bpf_csum_update_proto; |
8424 | case BPF_FUNC_csum_level: |
8425 | return &bpf_csum_level_proto; |
8426 | case BPF_FUNC_l3_csum_replace: |
8427 | return &bpf_l3_csum_replace_proto; |
8428 | case BPF_FUNC_l4_csum_replace: |
8429 | return &bpf_l4_csum_replace_proto; |
8430 | case BPF_FUNC_set_hash_invalid: |
8431 | return &bpf_set_hash_invalid_proto; |
8432 | case BPF_FUNC_lwt_push_encap: |
8433 | return &bpf_lwt_xmit_push_encap_proto; |
8434 | default: |
8435 | return lwt_out_func_proto(func_id, prog); |
8436 | } |
8437 | } |
8438 | |
8439 | static const struct bpf_func_proto * |
8440 | lwt_seg6local_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog) |
8441 | { |
8442 | switch (func_id) { |
8443 | #if IS_ENABLED(CONFIG_IPV6_SEG6_BPF) |
8444 | case BPF_FUNC_lwt_seg6_store_bytes: |
8445 | return &bpf_lwt_seg6_store_bytes_proto; |
8446 | case BPF_FUNC_lwt_seg6_action: |
8447 | return &bpf_lwt_seg6_action_proto; |
8448 | case BPF_FUNC_lwt_seg6_adjust_srh: |
8449 | return &bpf_lwt_seg6_adjust_srh_proto; |
8450 | #endif |
8451 | default: |
8452 | return lwt_out_func_proto(func_id, prog); |
8453 | } |
8454 | } |
8455 | |
8456 | static bool bpf_skb_is_valid_access(int off, int size, enum bpf_access_type type, |
8457 | const struct bpf_prog *prog, |
8458 | struct bpf_insn_access_aux *info) |
8459 | { |
8460 | const int size_default = sizeof(__u32); |
8461 | |
8462 | if (off < 0 || off >= sizeof(struct __sk_buff)) |
8463 | return false; |
8464 | |
8465 | /* The verifier guarantees that size > 0. */ |
8466 | if (off % size != 0) |
8467 | return false; |
8468 | |
8469 | switch (off) { |
8470 | case bpf_ctx_range_till(struct __sk_buff, cb[0], cb[4]): |
8471 | if (off + size > offsetofend(struct __sk_buff, cb[4])) |
8472 | return false; |
8473 | break; |
8474 | case bpf_ctx_range_till(struct __sk_buff, remote_ip6[0], remote_ip6[3]): |
8475 | case bpf_ctx_range_till(struct __sk_buff, local_ip6[0], local_ip6[3]): |
8476 | case bpf_ctx_range_till(struct __sk_buff, remote_ip4, remote_ip4): |
8477 | case bpf_ctx_range_till(struct __sk_buff, local_ip4, local_ip4): |
8478 | case bpf_ctx_range(struct __sk_buff, data): |
8479 | case bpf_ctx_range(struct __sk_buff, data_meta): |
8480 | case bpf_ctx_range(struct __sk_buff, data_end): |
8481 | if (size != size_default) |
8482 | return false; |
8483 | break; |
8484 | case bpf_ctx_range_ptr(struct __sk_buff, flow_keys): |
8485 | return false; |
8486 | case bpf_ctx_range(struct __sk_buff, hwtstamp): |
8487 | if (type == BPF_WRITE || size != sizeof(__u64)) |
8488 | return false; |
8489 | break; |
8490 | case bpf_ctx_range(struct __sk_buff, tstamp): |
8491 | if (size != sizeof(__u64)) |
8492 | return false; |
8493 | break; |
8494 | case offsetof(struct __sk_buff, sk): |
8495 | if (type == BPF_WRITE || size != sizeof(__u64)) |
8496 | return false; |
8497 | info->reg_type = PTR_TO_SOCK_COMMON_OR_NULL; |
8498 | break; |
8499 | case offsetof(struct __sk_buff, tstamp_type): |
8500 | return false; |
8501 | case offsetofend(struct __sk_buff, tstamp_type) ... offsetof(struct __sk_buff, hwtstamp) - 1: |
8502 | /* Explicitly prohibit access to padding in __sk_buff. */ |
8503 | return false; |
8504 | default: |
8505 | /* Only narrow read access allowed for now. */ |
8506 | if (type == BPF_WRITE) { |
8507 | if (size != size_default) |
8508 | return false; |
8509 | } else { |
8510 | bpf_ctx_record_field_size(aux: info, size: size_default); |
8511 | if (!bpf_ctx_narrow_access_ok(off, size, size_default)) |
8512 | return false; |
8513 | } |
8514 | } |
8515 | |
8516 | return true; |
8517 | } |
8518 | |
8519 | static bool sk_filter_is_valid_access(int off, int size, |
8520 | enum bpf_access_type type, |
8521 | const struct bpf_prog *prog, |
8522 | struct bpf_insn_access_aux *info) |
8523 | { |
8524 | switch (off) { |
8525 | case bpf_ctx_range(struct __sk_buff, tc_classid): |
8526 | case bpf_ctx_range(struct __sk_buff, data): |
8527 | case bpf_ctx_range(struct __sk_buff, data_meta): |
8528 | case bpf_ctx_range(struct __sk_buff, data_end): |
8529 | case bpf_ctx_range_till(struct __sk_buff, family, local_port): |
8530 | case bpf_ctx_range(struct __sk_buff, tstamp): |
8531 | case bpf_ctx_range(struct __sk_buff, wire_len): |
8532 | case bpf_ctx_range(struct __sk_buff, hwtstamp): |
8533 | return false; |
8534 | } |
8535 | |
8536 | if (type == BPF_WRITE) { |
8537 | switch (off) { |
8538 | case bpf_ctx_range_till(struct __sk_buff, cb[0], cb[4]): |
8539 | break; |
8540 | default: |
8541 | return false; |
8542 | } |
8543 | } |
8544 | |
8545 | return bpf_skb_is_valid_access(off, size, type, prog, info); |
8546 | } |
8547 | |
8548 | static bool cg_skb_is_valid_access(int off, int size, |
8549 | enum bpf_access_type type, |
8550 | const struct bpf_prog *prog, |
8551 | struct bpf_insn_access_aux *info) |
8552 | { |
8553 | switch (off) { |
8554 | case bpf_ctx_range(struct __sk_buff, tc_classid): |
8555 | case bpf_ctx_range(struct __sk_buff, data_meta): |
8556 | case bpf_ctx_range(struct __sk_buff, wire_len): |
8557 | return false; |
8558 | case bpf_ctx_range(struct __sk_buff, data): |
8559 | case bpf_ctx_range(struct __sk_buff, data_end): |
8560 | if (!bpf_capable()) |
8561 | return false; |
8562 | break; |
8563 | } |
8564 | |
8565 | if (type == BPF_WRITE) { |
8566 | switch (off) { |
8567 | case bpf_ctx_range(struct __sk_buff, mark): |
8568 | case bpf_ctx_range(struct __sk_buff, priority): |
8569 | case bpf_ctx_range_till(struct __sk_buff, cb[0], cb[4]): |
8570 | break; |
8571 | case bpf_ctx_range(struct __sk_buff, tstamp): |
8572 | if (!bpf_capable()) |
8573 | return false; |
8574 | break; |
8575 | default: |
8576 | return false; |
8577 | } |
8578 | } |
8579 | |
8580 | switch (off) { |
8581 | case bpf_ctx_range(struct __sk_buff, data): |
8582 | info->reg_type = PTR_TO_PACKET; |
8583 | break; |
8584 | case bpf_ctx_range(struct __sk_buff, data_end): |
8585 | info->reg_type = PTR_TO_PACKET_END; |
8586 | break; |
8587 | } |
8588 | |
8589 | return bpf_skb_is_valid_access(off, size, type, prog, info); |
8590 | } |
8591 | |
8592 | static bool lwt_is_valid_access(int off, int size, |
8593 | enum bpf_access_type type, |
8594 | const struct bpf_prog *prog, |
8595 | struct bpf_insn_access_aux *info) |
8596 | { |
8597 | switch (off) { |
8598 | case bpf_ctx_range(struct __sk_buff, tc_classid): |
8599 | case bpf_ctx_range_till(struct __sk_buff, family, local_port): |
8600 | case bpf_ctx_range(struct __sk_buff, data_meta): |
8601 | case bpf_ctx_range(struct __sk_buff, tstamp): |
8602 | case bpf_ctx_range(struct __sk_buff, wire_len): |
8603 | case bpf_ctx_range(struct __sk_buff, hwtstamp): |
8604 | return false; |
8605 | } |
8606 | |
8607 | if (type == BPF_WRITE) { |
8608 | switch (off) { |
8609 | case bpf_ctx_range(struct __sk_buff, mark): |
8610 | case bpf_ctx_range(struct __sk_buff, priority): |
8611 | case bpf_ctx_range_till(struct __sk_buff, cb[0], cb[4]): |
8612 | break; |
8613 | default: |
8614 | return false; |
8615 | } |
8616 | } |
8617 | |
8618 | switch (off) { |
8619 | case bpf_ctx_range(struct __sk_buff, data): |
8620 | info->reg_type = PTR_TO_PACKET; |
8621 | break; |
8622 | case bpf_ctx_range(struct __sk_buff, data_end): |
8623 | info->reg_type = PTR_TO_PACKET_END; |
8624 | break; |
8625 | } |
8626 | |
8627 | return bpf_skb_is_valid_access(off, size, type, prog, info); |
8628 | } |
8629 | |
8630 | /* Attach type specific accesses */ |
8631 | static bool __sock_filter_check_attach_type(int off, |
8632 | enum bpf_access_type access_type, |
8633 | enum bpf_attach_type attach_type) |
8634 | { |
8635 | switch (off) { |
8636 | case offsetof(struct bpf_sock, bound_dev_if): |
8637 | case offsetof(struct bpf_sock, mark): |
8638 | case offsetof(struct bpf_sock, priority): |
8639 | switch (attach_type) { |
8640 | case BPF_CGROUP_INET_SOCK_CREATE: |
8641 | case BPF_CGROUP_INET_SOCK_RELEASE: |
8642 | goto full_access; |
8643 | default: |
8644 | return false; |
8645 | } |
8646 | case bpf_ctx_range(struct bpf_sock, src_ip4): |
8647 | switch (attach_type) { |
8648 | case BPF_CGROUP_INET4_POST_BIND: |
8649 | goto read_only; |
8650 | default: |
8651 | return false; |
8652 | } |
8653 | case bpf_ctx_range_till(struct bpf_sock, src_ip6[0], src_ip6[3]): |
8654 | switch (attach_type) { |
8655 | case BPF_CGROUP_INET6_POST_BIND: |
8656 | goto read_only; |
8657 | default: |
8658 | return false; |
8659 | } |
8660 | case bpf_ctx_range(struct bpf_sock, src_port): |
8661 | switch (attach_type) { |
8662 | case BPF_CGROUP_INET4_POST_BIND: |
8663 | case BPF_CGROUP_INET6_POST_BIND: |
8664 | goto read_only; |
8665 | default: |
8666 | return false; |
8667 | } |
8668 | } |
8669 | read_only: |
8670 | return access_type == BPF_READ; |
8671 | full_access: |
8672 | return true; |
8673 | } |
8674 | |
8675 | bool bpf_sock_common_is_valid_access(int off, int size, |
8676 | enum bpf_access_type type, |
8677 | struct bpf_insn_access_aux *info) |
8678 | { |
8679 | switch (off) { |
8680 | case bpf_ctx_range_till(struct bpf_sock, type, priority): |
8681 | return false; |
8682 | default: |
8683 | return bpf_sock_is_valid_access(off, size, type, info); |
8684 | } |
8685 | } |
8686 | |
8687 | bool bpf_sock_is_valid_access(int off, int size, enum bpf_access_type type, |
8688 | struct bpf_insn_access_aux *info) |
8689 | { |
8690 | const int size_default = sizeof(__u32); |
8691 | int field_size; |
8692 | |
8693 | if (off < 0 || off >= sizeof(struct bpf_sock)) |
8694 | return false; |
8695 | if (off % size != 0) |
8696 | return false; |
8697 | |
8698 | switch (off) { |
8699 | case offsetof(struct bpf_sock, state): |
8700 | case offsetof(struct bpf_sock, family): |
8701 | case offsetof(struct bpf_sock, type): |
8702 | case offsetof(struct bpf_sock, protocol): |
8703 | case offsetof(struct bpf_sock, src_port): |
8704 | case offsetof(struct bpf_sock, rx_queue_mapping): |
8705 | case bpf_ctx_range(struct bpf_sock, src_ip4): |
8706 | case bpf_ctx_range_till(struct bpf_sock, src_ip6[0], src_ip6[3]): |
8707 | case bpf_ctx_range(struct bpf_sock, dst_ip4): |
8708 | case bpf_ctx_range_till(struct bpf_sock, dst_ip6[0], dst_ip6[3]): |
8709 | bpf_ctx_record_field_size(aux: info, size: size_default); |
8710 | return bpf_ctx_narrow_access_ok(off, size, size_default); |
8711 | case bpf_ctx_range(struct bpf_sock, dst_port): |
8712 | field_size = size == size_default ? |
8713 | size_default : sizeof_field(struct bpf_sock, dst_port); |
8714 | bpf_ctx_record_field_size(aux: info, size: field_size); |
8715 | return bpf_ctx_narrow_access_ok(off, size, size_default: field_size); |
8716 | case offsetofend(struct bpf_sock, dst_port) ... |
8717 | offsetof(struct bpf_sock, dst_ip4) - 1: |
8718 | return false; |
8719 | } |
8720 | |
8721 | return size == size_default; |
8722 | } |
8723 | |
8724 | static bool sock_filter_is_valid_access(int off, int size, |
8725 | enum bpf_access_type type, |
8726 | const struct bpf_prog *prog, |
8727 | struct bpf_insn_access_aux *info) |
8728 | { |
8729 | if (!bpf_sock_is_valid_access(off, size, type, info)) |
8730 | return false; |
8731 | return __sock_filter_check_attach_type(off, access_type: type, |
8732 | attach_type: prog->expected_attach_type); |
8733 | } |
8734 | |
8735 | static int bpf_noop_prologue(struct bpf_insn *insn_buf, bool direct_write, |
8736 | const struct bpf_prog *prog) |
8737 | { |
8738 | /* Neither direct read nor direct write requires any preliminary |
8739 | * action. |
8740 | */ |
8741 | return 0; |
8742 | } |
8743 | |
8744 | static int bpf_unclone_prologue(struct bpf_insn *insn_buf, bool direct_write, |
8745 | const struct bpf_prog *prog, int drop_verdict) |
8746 | { |
8747 | struct bpf_insn *insn = insn_buf; |
8748 | |
8749 | if (!direct_write) |
8750 | return 0; |
8751 | |
8752 | /* if (!skb->cloned) |
8753 | * goto start; |
8754 | * |
8755 | * (Fast-path, otherwise approximation that we might be |
8756 | * a clone, do the rest in helper.) |
8757 | */ |
8758 | *insn++ = BPF_LDX_MEM(BPF_B, BPF_REG_6, BPF_REG_1, CLONED_OFFSET); |
8759 | *insn++ = BPF_ALU32_IMM(BPF_AND, BPF_REG_6, CLONED_MASK); |
8760 | *insn++ = BPF_JMP_IMM(BPF_JEQ, BPF_REG_6, 0, 7); |
8761 | |
8762 | /* ret = bpf_skb_pull_data(skb, 0); */ |
8763 | *insn++ = BPF_MOV64_REG(BPF_REG_6, BPF_REG_1); |
8764 | *insn++ = BPF_ALU64_REG(BPF_XOR, BPF_REG_2, BPF_REG_2); |
8765 | *insn++ = BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, |
8766 | BPF_FUNC_skb_pull_data); |
8767 | /* if (!ret) |
8768 | * goto restore; |
8769 | * return TC_ACT_SHOT; |
8770 | */ |
8771 | *insn++ = BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 2); |
8772 | *insn++ = BPF_ALU32_IMM(BPF_MOV, BPF_REG_0, drop_verdict); |
8773 | *insn++ = BPF_EXIT_INSN(); |
8774 | |
8775 | /* restore: */ |
8776 | *insn++ = BPF_MOV64_REG(BPF_REG_1, BPF_REG_6); |
8777 | /* start: */ |
8778 | *insn++ = prog->insnsi[0]; |
8779 | |
8780 | return insn - insn_buf; |
8781 | } |
8782 | |
8783 | static int bpf_gen_ld_abs(const struct bpf_insn *orig, |
8784 | struct bpf_insn *insn_buf) |
8785 | { |
8786 | bool indirect = BPF_MODE(orig->code) == BPF_IND; |
8787 | struct bpf_insn *insn = insn_buf; |
8788 | |
8789 | if (!indirect) { |
8790 | *insn++ = BPF_MOV64_IMM(BPF_REG_2, orig->imm); |
8791 | } else { |
8792 | *insn++ = BPF_MOV64_REG(BPF_REG_2, orig->src_reg); |
8793 | if (orig->imm) |
8794 | *insn++ = BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, orig->imm); |
8795 | } |
8796 | /* We're guaranteed here that CTX is in R6. */ |
8797 | *insn++ = BPF_MOV64_REG(BPF_REG_1, BPF_REG_CTX); |
8798 | |
8799 | switch (BPF_SIZE(orig->code)) { |
8800 | case BPF_B: |
8801 | *insn++ = BPF_EMIT_CALL(bpf_skb_load_helper_8_no_cache); |
8802 | break; |
8803 | case BPF_H: |
8804 | *insn++ = BPF_EMIT_CALL(bpf_skb_load_helper_16_no_cache); |
8805 | break; |
8806 | case BPF_W: |
8807 | *insn++ = BPF_EMIT_CALL(bpf_skb_load_helper_32_no_cache); |
8808 | break; |
8809 | } |
8810 | |
8811 | *insn++ = BPF_JMP_IMM(BPF_JSGE, BPF_REG_0, 0, 2); |
8812 | *insn++ = BPF_ALU32_REG(BPF_XOR, BPF_REG_0, BPF_REG_0); |
8813 | *insn++ = BPF_EXIT_INSN(); |
8814 | |
8815 | return insn - insn_buf; |
8816 | } |
8817 | |
8818 | static int tc_cls_act_prologue(struct bpf_insn *insn_buf, bool direct_write, |
8819 | const struct bpf_prog *prog) |
8820 | { |
8821 | return bpf_unclone_prologue(insn_buf, direct_write, prog, TC_ACT_SHOT); |
8822 | } |
8823 | |
8824 | static bool tc_cls_act_is_valid_access(int off, int size, |
8825 | enum bpf_access_type type, |
8826 | const struct bpf_prog *prog, |
8827 | struct bpf_insn_access_aux *info) |
8828 | { |
8829 | if (type == BPF_WRITE) { |
8830 | switch (off) { |
8831 | case bpf_ctx_range(struct __sk_buff, mark): |
8832 | case bpf_ctx_range(struct __sk_buff, tc_index): |
8833 | case bpf_ctx_range(struct __sk_buff, priority): |
8834 | case bpf_ctx_range(struct __sk_buff, tc_classid): |
8835 | case bpf_ctx_range_till(struct __sk_buff, cb[0], cb[4]): |
8836 | case bpf_ctx_range(struct __sk_buff, tstamp): |
8837 | case bpf_ctx_range(struct __sk_buff, queue_mapping): |
8838 | break; |
8839 | default: |
8840 | return false; |
8841 | } |
8842 | } |
8843 | |
8844 | switch (off) { |
8845 | case bpf_ctx_range(struct __sk_buff, data): |
8846 | info->reg_type = PTR_TO_PACKET; |
8847 | break; |
8848 | case bpf_ctx_range(struct __sk_buff, data_meta): |
8849 | info->reg_type = PTR_TO_PACKET_META; |
8850 | break; |
8851 | case bpf_ctx_range(struct __sk_buff, data_end): |
8852 | info->reg_type = PTR_TO_PACKET_END; |
8853 | break; |
8854 | case bpf_ctx_range_till(struct __sk_buff, family, local_port): |
8855 | return false; |
8856 | case offsetof(struct __sk_buff, tstamp_type): |
8857 | /* The convert_ctx_access() on reading and writing |
8858 | * __sk_buff->tstamp depends on whether the bpf prog |
8859 | * has used __sk_buff->tstamp_type or not. |
8860 | * Thus, we need to set prog->tstamp_type_access |
8861 | * earlier during is_valid_access() here. |
8862 | */ |
8863 | ((struct bpf_prog *)prog)->tstamp_type_access = 1; |
8864 | return size == sizeof(__u8); |
8865 | } |
8866 | |
8867 | return bpf_skb_is_valid_access(off, size, type, prog, info); |
8868 | } |
8869 | |
8870 | DEFINE_MUTEX(nf_conn_btf_access_lock); |
8871 | EXPORT_SYMBOL_GPL(nf_conn_btf_access_lock); |
8872 | |
8873 | int (*nfct_btf_struct_access)(struct bpf_verifier_log *log, |
8874 | const struct bpf_reg_state *reg, |
8875 | int off, int size); |
8876 | EXPORT_SYMBOL_GPL(nfct_btf_struct_access); |
8877 | |
8878 | static int tc_cls_act_btf_struct_access(struct bpf_verifier_log *log, |
8879 | const struct bpf_reg_state *reg, |
8880 | int off, int size) |
8881 | { |
8882 | int ret = -EACCES; |
8883 | |
8884 | mutex_lock(&nf_conn_btf_access_lock); |
8885 | if (nfct_btf_struct_access) |
8886 | ret = nfct_btf_struct_access(log, reg, off, size); |
8887 | mutex_unlock(lock: &nf_conn_btf_access_lock); |
8888 | |
8889 | return ret; |
8890 | } |
8891 | |
8892 | static bool __is_valid_xdp_access(int off, int size) |
8893 | { |
8894 | if (off < 0 || off >= sizeof(struct xdp_md)) |
8895 | return false; |
8896 | if (off % size != 0) |
8897 | return false; |
8898 | if (size != sizeof(__u32)) |
8899 | return false; |
8900 | |
8901 | return true; |
8902 | } |
8903 | |
8904 | static bool xdp_is_valid_access(int off, int size, |
8905 | enum bpf_access_type type, |
8906 | const struct bpf_prog *prog, |
8907 | struct bpf_insn_access_aux *info) |
8908 | { |
8909 | if (prog->expected_attach_type != BPF_XDP_DEVMAP) { |
8910 | switch (off) { |
8911 | case offsetof(struct xdp_md, egress_ifindex): |
8912 | return false; |
8913 | } |
8914 | } |
8915 | |
8916 | if (type == BPF_WRITE) { |
8917 | if (bpf_prog_is_offloaded(aux: prog->aux)) { |
8918 | switch (off) { |
8919 | case offsetof(struct xdp_md, rx_queue_index): |
8920 | return __is_valid_xdp_access(off, size); |
8921 | } |
8922 | } |
8923 | return false; |
8924 | } |
8925 | |
8926 | switch (off) { |
8927 | case offsetof(struct xdp_md, data): |
8928 | info->reg_type = PTR_TO_PACKET; |
8929 | break; |
8930 | case offsetof(struct xdp_md, data_meta): |
8931 | info->reg_type = PTR_TO_PACKET_META; |
8932 | break; |
8933 | case offsetof(struct xdp_md, data_end): |
8934 | info->reg_type = PTR_TO_PACKET_END; |
8935 | break; |
8936 | } |
8937 | |
8938 | return __is_valid_xdp_access(off, size); |
8939 | } |
8940 | |
8941 | void bpf_warn_invalid_xdp_action(struct net_device *dev, struct bpf_prog *prog, u32 act) |
8942 | { |
8943 | const u32 act_max = XDP_REDIRECT; |
8944 | |
8945 | pr_warn_once("%s XDP return value %u on prog %s (id %d) dev %s, expect packet loss!\n" , |
8946 | act > act_max ? "Illegal" : "Driver unsupported" , |
8947 | act, prog->aux->name, prog->aux->id, dev ? dev->name : "N/A" ); |
8948 | } |
8949 | EXPORT_SYMBOL_GPL(bpf_warn_invalid_xdp_action); |
8950 | |
8951 | static int xdp_btf_struct_access(struct bpf_verifier_log *log, |
8952 | const struct bpf_reg_state *reg, |
8953 | int off, int size) |
8954 | { |
8955 | int ret = -EACCES; |
8956 | |
8957 | mutex_lock(&nf_conn_btf_access_lock); |
8958 | if (nfct_btf_struct_access) |
8959 | ret = nfct_btf_struct_access(log, reg, off, size); |
8960 | mutex_unlock(lock: &nf_conn_btf_access_lock); |
8961 | |
8962 | return ret; |
8963 | } |
8964 | |
8965 | static bool sock_addr_is_valid_access(int off, int size, |
8966 | enum bpf_access_type type, |
8967 | const struct bpf_prog *prog, |
8968 | struct bpf_insn_access_aux *info) |
8969 | { |
8970 | const int size_default = sizeof(__u32); |
8971 | |
8972 | if (off < 0 || off >= sizeof(struct bpf_sock_addr)) |
8973 | return false; |
8974 | if (off % size != 0) |
8975 | return false; |
8976 | |
8977 | /* Disallow access to fields not belonging to the attach type's address |
8978 | * family. |
8979 | */ |
8980 | switch (off) { |
8981 | case bpf_ctx_range(struct bpf_sock_addr, user_ip4): |
8982 | switch (prog->expected_attach_type) { |
8983 | case BPF_CGROUP_INET4_BIND: |
8984 | case BPF_CGROUP_INET4_CONNECT: |
8985 | case BPF_CGROUP_INET4_GETPEERNAME: |
8986 | case BPF_CGROUP_INET4_GETSOCKNAME: |
8987 | case BPF_CGROUP_UDP4_SENDMSG: |
8988 | case BPF_CGROUP_UDP4_RECVMSG: |
8989 | break; |
8990 | default: |
8991 | return false; |
8992 | } |
8993 | break; |
8994 | case bpf_ctx_range_till(struct bpf_sock_addr, user_ip6[0], user_ip6[3]): |
8995 | switch (prog->expected_attach_type) { |
8996 | case BPF_CGROUP_INET6_BIND: |
8997 | case BPF_CGROUP_INET6_CONNECT: |
8998 | case BPF_CGROUP_INET6_GETPEERNAME: |
8999 | case BPF_CGROUP_INET6_GETSOCKNAME: |
9000 | case BPF_CGROUP_UDP6_SENDMSG: |
9001 | case BPF_CGROUP_UDP6_RECVMSG: |
9002 | break; |
9003 | default: |
9004 | return false; |
9005 | } |
9006 | break; |
9007 | case bpf_ctx_range(struct bpf_sock_addr, msg_src_ip4): |
9008 | switch (prog->expected_attach_type) { |
9009 | case BPF_CGROUP_UDP4_SENDMSG: |
9010 | break; |
9011 | default: |
9012 | return false; |
9013 | } |
9014 | break; |
9015 | case bpf_ctx_range_till(struct bpf_sock_addr, msg_src_ip6[0], |
9016 | msg_src_ip6[3]): |
9017 | switch (prog->expected_attach_type) { |
9018 | case BPF_CGROUP_UDP6_SENDMSG: |
9019 | break; |
9020 | default: |
9021 | return false; |
9022 | } |
9023 | break; |
9024 | } |
9025 | |
9026 | switch (off) { |
9027 | case bpf_ctx_range(struct bpf_sock_addr, user_ip4): |
9028 | case bpf_ctx_range_till(struct bpf_sock_addr, user_ip6[0], user_ip6[3]): |
9029 | case bpf_ctx_range(struct bpf_sock_addr, msg_src_ip4): |
9030 | case bpf_ctx_range_till(struct bpf_sock_addr, msg_src_ip6[0], |
9031 | msg_src_ip6[3]): |
9032 | case bpf_ctx_range(struct bpf_sock_addr, user_port): |
9033 | if (type == BPF_READ) { |
9034 | bpf_ctx_record_field_size(aux: info, size: size_default); |
9035 | |
9036 | if (bpf_ctx_wide_access_ok(off, size, |
9037 | struct bpf_sock_addr, |
9038 | user_ip6)) |
9039 | return true; |
9040 | |
9041 | if (bpf_ctx_wide_access_ok(off, size, |
9042 | struct bpf_sock_addr, |
9043 | msg_src_ip6)) |
9044 | return true; |
9045 | |
9046 | if (!bpf_ctx_narrow_access_ok(off, size, size_default)) |
9047 | return false; |
9048 | } else { |
9049 | if (bpf_ctx_wide_access_ok(off, size, |
9050 | struct bpf_sock_addr, |
9051 | user_ip6)) |
9052 | return true; |
9053 | |
9054 | if (bpf_ctx_wide_access_ok(off, size, |
9055 | struct bpf_sock_addr, |
9056 | msg_src_ip6)) |
9057 | return true; |
9058 | |
9059 | if (size != size_default) |
9060 | return false; |
9061 | } |
9062 | break; |
9063 | case offsetof(struct bpf_sock_addr, sk): |
9064 | if (type != BPF_READ) |
9065 | return false; |
9066 | if (size != sizeof(__u64)) |
9067 | return false; |
9068 | info->reg_type = PTR_TO_SOCKET; |
9069 | break; |
9070 | default: |
9071 | if (type == BPF_READ) { |
9072 | if (size != size_default) |
9073 | return false; |
9074 | } else { |
9075 | return false; |
9076 | } |
9077 | } |
9078 | |
9079 | return true; |
9080 | } |
9081 | |
9082 | static bool sock_ops_is_valid_access(int off, int size, |
9083 | enum bpf_access_type type, |
9084 | const struct bpf_prog *prog, |
9085 | struct bpf_insn_access_aux *info) |
9086 | { |
9087 | const int size_default = sizeof(__u32); |
9088 | |
9089 | if (off < 0 || off >= sizeof(struct bpf_sock_ops)) |
9090 | return false; |
9091 | |
9092 | /* The verifier guarantees that size > 0. */ |
9093 | if (off % size != 0) |
9094 | return false; |
9095 | |
9096 | if (type == BPF_WRITE) { |
9097 | switch (off) { |
9098 | case offsetof(struct bpf_sock_ops, reply): |
9099 | case offsetof(struct bpf_sock_ops, sk_txhash): |
9100 | if (size != size_default) |
9101 | return false; |
9102 | break; |
9103 | default: |
9104 | return false; |
9105 | } |
9106 | } else { |
9107 | switch (off) { |
9108 | case bpf_ctx_range_till(struct bpf_sock_ops, bytes_received, |
9109 | bytes_acked): |
9110 | if (size != sizeof(__u64)) |
9111 | return false; |
9112 | break; |
9113 | case offsetof(struct bpf_sock_ops, sk): |
9114 | if (size != sizeof(__u64)) |
9115 | return false; |
9116 | info->reg_type = PTR_TO_SOCKET_OR_NULL; |
9117 | break; |
9118 | case offsetof(struct bpf_sock_ops, skb_data): |
9119 | if (size != sizeof(__u64)) |
9120 | return false; |
9121 | info->reg_type = PTR_TO_PACKET; |
9122 | break; |
9123 | case offsetof(struct bpf_sock_ops, skb_data_end): |
9124 | if (size != sizeof(__u64)) |
9125 | return false; |
9126 | info->reg_type = PTR_TO_PACKET_END; |
9127 | break; |
9128 | case offsetof(struct bpf_sock_ops, skb_tcp_flags): |
9129 | bpf_ctx_record_field_size(aux: info, size: size_default); |
9130 | return bpf_ctx_narrow_access_ok(off, size, |
9131 | size_default); |
9132 | case offsetof(struct bpf_sock_ops, skb_hwtstamp): |
9133 | if (size != sizeof(__u64)) |
9134 | return false; |
9135 | break; |
9136 | default: |
9137 | if (size != size_default) |
9138 | return false; |
9139 | break; |
9140 | } |
9141 | } |
9142 | |
9143 | return true; |
9144 | } |
9145 | |
9146 | static int sk_skb_prologue(struct bpf_insn *insn_buf, bool direct_write, |
9147 | const struct bpf_prog *prog) |
9148 | { |
9149 | return bpf_unclone_prologue(insn_buf, direct_write, prog, drop_verdict: SK_DROP); |
9150 | } |
9151 | |
9152 | static bool sk_skb_is_valid_access(int off, int size, |
9153 | enum bpf_access_type type, |
9154 | const struct bpf_prog *prog, |
9155 | struct bpf_insn_access_aux *info) |
9156 | { |
9157 | switch (off) { |
9158 | case bpf_ctx_range(struct __sk_buff, tc_classid): |
9159 | case bpf_ctx_range(struct __sk_buff, data_meta): |
9160 | case bpf_ctx_range(struct __sk_buff, tstamp): |
9161 | case bpf_ctx_range(struct __sk_buff, wire_len): |
9162 | case bpf_ctx_range(struct __sk_buff, hwtstamp): |
9163 | return false; |
9164 | } |
9165 | |
9166 | if (type == BPF_WRITE) { |
9167 | switch (off) { |
9168 | case bpf_ctx_range(struct __sk_buff, tc_index): |
9169 | case bpf_ctx_range(struct __sk_buff, priority): |
9170 | break; |
9171 | default: |
9172 | return false; |
9173 | } |
9174 | } |
9175 | |
9176 | switch (off) { |
9177 | case bpf_ctx_range(struct __sk_buff, mark): |
9178 | return false; |
9179 | case bpf_ctx_range(struct __sk_buff, data): |
9180 | info->reg_type = PTR_TO_PACKET; |
9181 | break; |
9182 | case bpf_ctx_range(struct __sk_buff, data_end): |
9183 | info->reg_type = PTR_TO_PACKET_END; |
9184 | break; |
9185 | } |
9186 | |
9187 | return bpf_skb_is_valid_access(off, size, type, prog, info); |
9188 | } |
9189 | |
9190 | static bool sk_msg_is_valid_access(int off, int size, |
9191 | enum bpf_access_type type, |
9192 | const struct bpf_prog *prog, |
9193 | struct bpf_insn_access_aux *info) |
9194 | { |
9195 | if (type == BPF_WRITE) |
9196 | return false; |
9197 | |
9198 | if (off % size != 0) |
9199 | return false; |
9200 | |
9201 | switch (off) { |
9202 | case offsetof(struct sk_msg_md, data): |
9203 | info->reg_type = PTR_TO_PACKET; |
9204 | if (size != sizeof(__u64)) |
9205 | return false; |
9206 | break; |
9207 | case offsetof(struct sk_msg_md, data_end): |
9208 | info->reg_type = PTR_TO_PACKET_END; |
9209 | if (size != sizeof(__u64)) |
9210 | return false; |
9211 | break; |
9212 | case offsetof(struct sk_msg_md, sk): |
9213 | if (size != sizeof(__u64)) |
9214 | return false; |
9215 | info->reg_type = PTR_TO_SOCKET; |
9216 | break; |
9217 | case bpf_ctx_range(struct sk_msg_md, family): |
9218 | case bpf_ctx_range(struct sk_msg_md, remote_ip4): |
9219 | case bpf_ctx_range(struct sk_msg_md, local_ip4): |
9220 | case bpf_ctx_range_till(struct sk_msg_md, remote_ip6[0], remote_ip6[3]): |
9221 | case bpf_ctx_range_till(struct sk_msg_md, local_ip6[0], local_ip6[3]): |
9222 | case bpf_ctx_range(struct sk_msg_md, remote_port): |
9223 | case bpf_ctx_range(struct sk_msg_md, local_port): |
9224 | case bpf_ctx_range(struct sk_msg_md, size): |
9225 | if (size != sizeof(__u32)) |
9226 | return false; |
9227 | break; |
9228 | default: |
9229 | return false; |
9230 | } |
9231 | return true; |
9232 | } |
9233 | |
9234 | static bool flow_dissector_is_valid_access(int off, int size, |
9235 | enum bpf_access_type type, |
9236 | const struct bpf_prog *prog, |
9237 | struct bpf_insn_access_aux *info) |
9238 | { |
9239 | const int size_default = sizeof(__u32); |
9240 | |
9241 | if (off < 0 || off >= sizeof(struct __sk_buff)) |
9242 | return false; |
9243 | |
9244 | if (type == BPF_WRITE) |
9245 | return false; |
9246 | |
9247 | switch (off) { |
9248 | case bpf_ctx_range(struct __sk_buff, data): |
9249 | if (size != size_default) |
9250 | return false; |
9251 | info->reg_type = PTR_TO_PACKET; |
9252 | return true; |
9253 | case bpf_ctx_range(struct __sk_buff, data_end): |
9254 | if (size != size_default) |
9255 | return false; |
9256 | info->reg_type = PTR_TO_PACKET_END; |
9257 | return true; |
9258 | case bpf_ctx_range_ptr(struct __sk_buff, flow_keys): |
9259 | if (size != sizeof(__u64)) |
9260 | return false; |
9261 | info->reg_type = PTR_TO_FLOW_KEYS; |
9262 | return true; |
9263 | default: |
9264 | return false; |
9265 | } |
9266 | } |
9267 | |
9268 | static u32 flow_dissector_convert_ctx_access(enum bpf_access_type type, |
9269 | const struct bpf_insn *si, |
9270 | struct bpf_insn *insn_buf, |
9271 | struct bpf_prog *prog, |
9272 | u32 *target_size) |
9273 | |
9274 | { |
9275 | struct bpf_insn *insn = insn_buf; |
9276 | |
9277 | switch (si->off) { |
9278 | case offsetof(struct __sk_buff, data): |
9279 | *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct bpf_flow_dissector, data), |
9280 | si->dst_reg, si->src_reg, |
9281 | offsetof(struct bpf_flow_dissector, data)); |
9282 | break; |
9283 | |
9284 | case offsetof(struct __sk_buff, data_end): |
9285 | *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct bpf_flow_dissector, data_end), |
9286 | si->dst_reg, si->src_reg, |
9287 | offsetof(struct bpf_flow_dissector, data_end)); |
9288 | break; |
9289 | |
9290 | case offsetof(struct __sk_buff, flow_keys): |
9291 | *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct bpf_flow_dissector, flow_keys), |
9292 | si->dst_reg, si->src_reg, |
9293 | offsetof(struct bpf_flow_dissector, flow_keys)); |
9294 | break; |
9295 | } |
9296 | |
9297 | return insn - insn_buf; |
9298 | } |
9299 | |
9300 | static struct bpf_insn *bpf_convert_tstamp_type_read(const struct bpf_insn *si, |
9301 | struct bpf_insn *insn) |
9302 | { |
9303 | __u8 value_reg = si->dst_reg; |
9304 | __u8 skb_reg = si->src_reg; |
9305 | /* AX is needed because src_reg and dst_reg could be the same */ |
9306 | __u8 tmp_reg = BPF_REG_AX; |
9307 | |
9308 | *insn++ = BPF_LDX_MEM(BPF_B, tmp_reg, skb_reg, |
9309 | SKB_BF_MONO_TC_OFFSET); |
9310 | *insn++ = BPF_JMP32_IMM(BPF_JSET, tmp_reg, |
9311 | SKB_MONO_DELIVERY_TIME_MASK, 2); |
9312 | *insn++ = BPF_MOV32_IMM(value_reg, BPF_SKB_TSTAMP_UNSPEC); |
9313 | *insn++ = BPF_JMP_A(1); |
9314 | *insn++ = BPF_MOV32_IMM(value_reg, BPF_SKB_TSTAMP_DELIVERY_MONO); |
9315 | |
9316 | return insn; |
9317 | } |
9318 | |
9319 | static struct bpf_insn *bpf_convert_shinfo_access(__u8 dst_reg, __u8 skb_reg, |
9320 | struct bpf_insn *insn) |
9321 | { |
9322 | /* si->dst_reg = skb_shinfo(SKB); */ |
9323 | #ifdef NET_SKBUFF_DATA_USES_OFFSET |
9324 | *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct sk_buff, end), |
9325 | BPF_REG_AX, skb_reg, |
9326 | offsetof(struct sk_buff, end)); |
9327 | *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct sk_buff, head), |
9328 | dst_reg, skb_reg, |
9329 | offsetof(struct sk_buff, head)); |
9330 | *insn++ = BPF_ALU64_REG(BPF_ADD, dst_reg, BPF_REG_AX); |
9331 | #else |
9332 | *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct sk_buff, end), |
9333 | dst_reg, skb_reg, |
9334 | offsetof(struct sk_buff, end)); |
9335 | #endif |
9336 | |
9337 | return insn; |
9338 | } |
9339 | |
9340 | static struct bpf_insn *bpf_convert_tstamp_read(const struct bpf_prog *prog, |
9341 | const struct bpf_insn *si, |
9342 | struct bpf_insn *insn) |
9343 | { |
9344 | __u8 value_reg = si->dst_reg; |
9345 | __u8 skb_reg = si->src_reg; |
9346 | |
9347 | #ifdef CONFIG_NET_XGRESS |
9348 | /* If the tstamp_type is read, |
9349 | * the bpf prog is aware the tstamp could have delivery time. |
9350 | * Thus, read skb->tstamp as is if tstamp_type_access is true. |
9351 | */ |
9352 | if (!prog->tstamp_type_access) { |
9353 | /* AX is needed because src_reg and dst_reg could be the same */ |
9354 | __u8 tmp_reg = BPF_REG_AX; |
9355 | |
9356 | *insn++ = BPF_LDX_MEM(BPF_B, tmp_reg, skb_reg, SKB_BF_MONO_TC_OFFSET); |
9357 | *insn++ = BPF_ALU32_IMM(BPF_AND, tmp_reg, |
9358 | TC_AT_INGRESS_MASK | SKB_MONO_DELIVERY_TIME_MASK); |
9359 | *insn++ = BPF_JMP32_IMM(BPF_JNE, tmp_reg, |
9360 | TC_AT_INGRESS_MASK | SKB_MONO_DELIVERY_TIME_MASK, 2); |
9361 | /* skb->tc_at_ingress && skb->mono_delivery_time, |
9362 | * read 0 as the (rcv) timestamp. |
9363 | */ |
9364 | *insn++ = BPF_MOV64_IMM(value_reg, 0); |
9365 | *insn++ = BPF_JMP_A(1); |
9366 | } |
9367 | #endif |
9368 | |
9369 | *insn++ = BPF_LDX_MEM(BPF_DW, value_reg, skb_reg, |
9370 | offsetof(struct sk_buff, tstamp)); |
9371 | return insn; |
9372 | } |
9373 | |
9374 | static struct bpf_insn *bpf_convert_tstamp_write(const struct bpf_prog *prog, |
9375 | const struct bpf_insn *si, |
9376 | struct bpf_insn *insn) |
9377 | { |
9378 | __u8 value_reg = si->src_reg; |
9379 | __u8 skb_reg = si->dst_reg; |
9380 | |
9381 | #ifdef CONFIG_NET_XGRESS |
9382 | /* If the tstamp_type is read, |
9383 | * the bpf prog is aware the tstamp could have delivery time. |
9384 | * Thus, write skb->tstamp as is if tstamp_type_access is true. |
9385 | * Otherwise, writing at ingress will have to clear the |
9386 | * mono_delivery_time bit also. |
9387 | */ |
9388 | if (!prog->tstamp_type_access) { |
9389 | __u8 tmp_reg = BPF_REG_AX; |
9390 | |
9391 | *insn++ = BPF_LDX_MEM(BPF_B, tmp_reg, skb_reg, SKB_BF_MONO_TC_OFFSET); |
9392 | /* Writing __sk_buff->tstamp as ingress, goto <clear> */ |
9393 | *insn++ = BPF_JMP32_IMM(BPF_JSET, tmp_reg, TC_AT_INGRESS_MASK, 1); |
9394 | /* goto <store> */ |
9395 | *insn++ = BPF_JMP_A(2); |
9396 | /* <clear>: mono_delivery_time */ |
9397 | *insn++ = BPF_ALU32_IMM(BPF_AND, tmp_reg, ~SKB_MONO_DELIVERY_TIME_MASK); |
9398 | *insn++ = BPF_STX_MEM(BPF_B, skb_reg, tmp_reg, SKB_BF_MONO_TC_OFFSET); |
9399 | } |
9400 | #endif |
9401 | |
9402 | /* <store>: skb->tstamp = tstamp */ |
9403 | *insn++ = BPF_RAW_INSN(BPF_CLASS(si->code) | BPF_DW | BPF_MEM, |
9404 | skb_reg, value_reg, offsetof(struct sk_buff, tstamp), si->imm); |
9405 | return insn; |
9406 | } |
9407 | |
9408 | #define BPF_EMIT_STORE(size, si, off) \ |
9409 | BPF_RAW_INSN(BPF_CLASS((si)->code) | (size) | BPF_MEM, \ |
9410 | (si)->dst_reg, (si)->src_reg, (off), (si)->imm) |
9411 | |
9412 | static u32 bpf_convert_ctx_access(enum bpf_access_type type, |
9413 | const struct bpf_insn *si, |
9414 | struct bpf_insn *insn_buf, |
9415 | struct bpf_prog *prog, u32 *target_size) |
9416 | { |
9417 | struct bpf_insn *insn = insn_buf; |
9418 | int off; |
9419 | |
9420 | switch (si->off) { |
9421 | case offsetof(struct __sk_buff, len): |
9422 | *insn++ = BPF_LDX_MEM(BPF_W, si->dst_reg, si->src_reg, |
9423 | bpf_target_off(struct sk_buff, len, 4, |
9424 | target_size)); |
9425 | break; |
9426 | |
9427 | case offsetof(struct __sk_buff, protocol): |
9428 | *insn++ = BPF_LDX_MEM(BPF_H, si->dst_reg, si->src_reg, |
9429 | bpf_target_off(struct sk_buff, protocol, 2, |
9430 | target_size)); |
9431 | break; |
9432 | |
9433 | case offsetof(struct __sk_buff, vlan_proto): |
9434 | *insn++ = BPF_LDX_MEM(BPF_H, si->dst_reg, si->src_reg, |
9435 | bpf_target_off(struct sk_buff, vlan_proto, 2, |
9436 | target_size)); |
9437 | break; |
9438 | |
9439 | case offsetof(struct __sk_buff, priority): |
9440 | if (type == BPF_WRITE) |
9441 | *insn++ = BPF_EMIT_STORE(BPF_W, si, |
9442 | bpf_target_off(struct sk_buff, priority, 4, |
9443 | target_size)); |
9444 | else |
9445 | *insn++ = BPF_LDX_MEM(BPF_W, si->dst_reg, si->src_reg, |
9446 | bpf_target_off(struct sk_buff, priority, 4, |
9447 | target_size)); |
9448 | break; |
9449 | |
9450 | case offsetof(struct __sk_buff, ingress_ifindex): |
9451 | *insn++ = BPF_LDX_MEM(BPF_W, si->dst_reg, si->src_reg, |
9452 | bpf_target_off(struct sk_buff, skb_iif, 4, |
9453 | target_size)); |
9454 | break; |
9455 | |
9456 | case offsetof(struct __sk_buff, ifindex): |
9457 | *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct sk_buff, dev), |
9458 | si->dst_reg, si->src_reg, |
9459 | offsetof(struct sk_buff, dev)); |
9460 | *insn++ = BPF_JMP_IMM(BPF_JEQ, si->dst_reg, 0, 1); |
9461 | *insn++ = BPF_LDX_MEM(BPF_W, si->dst_reg, si->dst_reg, |
9462 | bpf_target_off(struct net_device, ifindex, 4, |
9463 | target_size)); |
9464 | break; |
9465 | |
9466 | case offsetof(struct __sk_buff, hash): |
9467 | *insn++ = BPF_LDX_MEM(BPF_W, si->dst_reg, si->src_reg, |
9468 | bpf_target_off(struct sk_buff, hash, 4, |
9469 | target_size)); |
9470 | break; |
9471 | |
9472 | case offsetof(struct __sk_buff, mark): |
9473 | if (type == BPF_WRITE) |
9474 | *insn++ = BPF_EMIT_STORE(BPF_W, si, |
9475 | bpf_target_off(struct sk_buff, mark, 4, |
9476 | target_size)); |
9477 | else |
9478 | *insn++ = BPF_LDX_MEM(BPF_W, si->dst_reg, si->src_reg, |
9479 | bpf_target_off(struct sk_buff, mark, 4, |
9480 | target_size)); |
9481 | break; |
9482 | |
9483 | case offsetof(struct __sk_buff, pkt_type): |
9484 | *target_size = 1; |
9485 | *insn++ = BPF_LDX_MEM(BPF_B, si->dst_reg, si->src_reg, |
9486 | PKT_TYPE_OFFSET); |
9487 | *insn++ = BPF_ALU32_IMM(BPF_AND, si->dst_reg, PKT_TYPE_MAX); |
9488 | #ifdef __BIG_ENDIAN_BITFIELD |
9489 | *insn++ = BPF_ALU32_IMM(BPF_RSH, si->dst_reg, 5); |
9490 | #endif |
9491 | break; |
9492 | |
9493 | case offsetof(struct __sk_buff, queue_mapping): |
9494 | if (type == BPF_WRITE) { |
9495 | u32 off = bpf_target_off(struct sk_buff, queue_mapping, 2, target_size); |
9496 | |
9497 | if (BPF_CLASS(si->code) == BPF_ST && si->imm >= NO_QUEUE_MAPPING) { |
9498 | *insn++ = BPF_JMP_A(0); /* noop */ |
9499 | break; |
9500 | } |
9501 | |
9502 | if (BPF_CLASS(si->code) == BPF_STX) |
9503 | *insn++ = BPF_JMP_IMM(BPF_JGE, si->src_reg, NO_QUEUE_MAPPING, 1); |
9504 | *insn++ = BPF_EMIT_STORE(BPF_H, si, off); |
9505 | } else { |
9506 | *insn++ = BPF_LDX_MEM(BPF_H, si->dst_reg, si->src_reg, |
9507 | bpf_target_off(struct sk_buff, |
9508 | queue_mapping, |
9509 | 2, target_size)); |
9510 | } |
9511 | break; |
9512 | |
9513 | case offsetof(struct __sk_buff, vlan_present): |
9514 | *insn++ = BPF_LDX_MEM(BPF_W, si->dst_reg, si->src_reg, |
9515 | bpf_target_off(struct sk_buff, |
9516 | vlan_all, 4, target_size)); |
9517 | *insn++ = BPF_JMP_IMM(BPF_JEQ, si->dst_reg, 0, 1); |
9518 | *insn++ = BPF_ALU32_IMM(BPF_MOV, si->dst_reg, 1); |
9519 | break; |
9520 | |
9521 | case offsetof(struct __sk_buff, vlan_tci): |
9522 | *insn++ = BPF_LDX_MEM(BPF_H, si->dst_reg, si->src_reg, |
9523 | bpf_target_off(struct sk_buff, vlan_tci, 2, |
9524 | target_size)); |
9525 | break; |
9526 | |
9527 | case offsetof(struct __sk_buff, cb[0]) ... |
9528 | offsetofend(struct __sk_buff, cb[4]) - 1: |
9529 | BUILD_BUG_ON(sizeof_field(struct qdisc_skb_cb, data) < 20); |
9530 | BUILD_BUG_ON((offsetof(struct sk_buff, cb) + |
9531 | offsetof(struct qdisc_skb_cb, data)) % |
9532 | sizeof(__u64)); |
9533 | |
9534 | prog->cb_access = 1; |
9535 | off = si->off; |
9536 | off -= offsetof(struct __sk_buff, cb[0]); |
9537 | off += offsetof(struct sk_buff, cb); |
9538 | off += offsetof(struct qdisc_skb_cb, data); |
9539 | if (type == BPF_WRITE) |
9540 | *insn++ = BPF_EMIT_STORE(BPF_SIZE(si->code), si, off); |
9541 | else |
9542 | *insn++ = BPF_LDX_MEM(BPF_SIZE(si->code), si->dst_reg, |
9543 | si->src_reg, off); |
9544 | break; |
9545 | |
9546 | case offsetof(struct __sk_buff, tc_classid): |
9547 | BUILD_BUG_ON(sizeof_field(struct qdisc_skb_cb, tc_classid) != 2); |
9548 | |
9549 | off = si->off; |
9550 | off -= offsetof(struct __sk_buff, tc_classid); |
9551 | off += offsetof(struct sk_buff, cb); |
9552 | off += offsetof(struct qdisc_skb_cb, tc_classid); |
9553 | *target_size = 2; |
9554 | if (type == BPF_WRITE) |
9555 | *insn++ = BPF_EMIT_STORE(BPF_H, si, off); |
9556 | else |
9557 | *insn++ = BPF_LDX_MEM(BPF_H, si->dst_reg, |
9558 | si->src_reg, off); |
9559 | break; |
9560 | |
9561 | case offsetof(struct __sk_buff, data): |
9562 | *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct sk_buff, data), |
9563 | si->dst_reg, si->src_reg, |
9564 | offsetof(struct sk_buff, data)); |
9565 | break; |
9566 | |
9567 | case offsetof(struct __sk_buff, data_meta): |
9568 | off = si->off; |
9569 | off -= offsetof(struct __sk_buff, data_meta); |
9570 | off += offsetof(struct sk_buff, cb); |
9571 | off += offsetof(struct bpf_skb_data_end, data_meta); |
9572 | *insn++ = BPF_LDX_MEM(BPF_SIZEOF(void *), si->dst_reg, |
9573 | si->src_reg, off); |
9574 | break; |
9575 | |
9576 | case offsetof(struct __sk_buff, data_end): |
9577 | off = si->off; |
9578 | off -= offsetof(struct __sk_buff, data_end); |
9579 | off += offsetof(struct sk_buff, cb); |
9580 | off += offsetof(struct bpf_skb_data_end, data_end); |
9581 | *insn++ = BPF_LDX_MEM(BPF_SIZEOF(void *), si->dst_reg, |
9582 | si->src_reg, off); |
9583 | break; |
9584 | |
9585 | case offsetof(struct __sk_buff, tc_index): |
9586 | #ifdef CONFIG_NET_SCHED |
9587 | if (type == BPF_WRITE) |
9588 | *insn++ = BPF_EMIT_STORE(BPF_H, si, |
9589 | bpf_target_off(struct sk_buff, tc_index, 2, |
9590 | target_size)); |
9591 | else |
9592 | *insn++ = BPF_LDX_MEM(BPF_H, si->dst_reg, si->src_reg, |
9593 | bpf_target_off(struct sk_buff, tc_index, 2, |
9594 | target_size)); |
9595 | #else |
9596 | *target_size = 2; |
9597 | if (type == BPF_WRITE) |
9598 | *insn++ = BPF_MOV64_REG(si->dst_reg, si->dst_reg); |
9599 | else |
9600 | *insn++ = BPF_MOV64_IMM(si->dst_reg, 0); |
9601 | #endif |
9602 | break; |
9603 | |
9604 | case offsetof(struct __sk_buff, napi_id): |
9605 | #if defined(CONFIG_NET_RX_BUSY_POLL) |
9606 | *insn++ = BPF_LDX_MEM(BPF_W, si->dst_reg, si->src_reg, |
9607 | bpf_target_off(struct sk_buff, napi_id, 4, |
9608 | target_size)); |
9609 | *insn++ = BPF_JMP_IMM(BPF_JGE, si->dst_reg, MIN_NAPI_ID, 1); |
9610 | *insn++ = BPF_MOV64_IMM(si->dst_reg, 0); |
9611 | #else |
9612 | *target_size = 4; |
9613 | *insn++ = BPF_MOV64_IMM(si->dst_reg, 0); |
9614 | #endif |
9615 | break; |
9616 | case offsetof(struct __sk_buff, family): |
9617 | BUILD_BUG_ON(sizeof_field(struct sock_common, skc_family) != 2); |
9618 | |
9619 | *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct sk_buff, sk), |
9620 | si->dst_reg, si->src_reg, |
9621 | offsetof(struct sk_buff, sk)); |
9622 | *insn++ = BPF_LDX_MEM(BPF_H, si->dst_reg, si->dst_reg, |
9623 | bpf_target_off(struct sock_common, |
9624 | skc_family, |
9625 | 2, target_size)); |
9626 | break; |
9627 | case offsetof(struct __sk_buff, remote_ip4): |
9628 | BUILD_BUG_ON(sizeof_field(struct sock_common, skc_daddr) != 4); |
9629 | |
9630 | *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct sk_buff, sk), |
9631 | si->dst_reg, si->src_reg, |
9632 | offsetof(struct sk_buff, sk)); |
9633 | *insn++ = BPF_LDX_MEM(BPF_W, si->dst_reg, si->dst_reg, |
9634 | bpf_target_off(struct sock_common, |
9635 | skc_daddr, |
9636 | 4, target_size)); |
9637 | break; |
9638 | case offsetof(struct __sk_buff, local_ip4): |
9639 | BUILD_BUG_ON(sizeof_field(struct sock_common, |
9640 | skc_rcv_saddr) != 4); |
9641 | |
9642 | *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct sk_buff, sk), |
9643 | si->dst_reg, si->src_reg, |
9644 | offsetof(struct sk_buff, sk)); |
9645 | *insn++ = BPF_LDX_MEM(BPF_W, si->dst_reg, si->dst_reg, |
9646 | bpf_target_off(struct sock_common, |
9647 | skc_rcv_saddr, |
9648 | 4, target_size)); |
9649 | break; |
9650 | case offsetof(struct __sk_buff, remote_ip6[0]) ... |
9651 | offsetof(struct __sk_buff, remote_ip6[3]): |
9652 | #if IS_ENABLED(CONFIG_IPV6) |
9653 | BUILD_BUG_ON(sizeof_field(struct sock_common, |
9654 | skc_v6_daddr.s6_addr32[0]) != 4); |
9655 | |
9656 | off = si->off; |
9657 | off -= offsetof(struct __sk_buff, remote_ip6[0]); |
9658 | |
9659 | *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct sk_buff, sk), |
9660 | si->dst_reg, si->src_reg, |
9661 | offsetof(struct sk_buff, sk)); |
9662 | *insn++ = BPF_LDX_MEM(BPF_W, si->dst_reg, si->dst_reg, |
9663 | offsetof(struct sock_common, |
9664 | skc_v6_daddr.s6_addr32[0]) + |
9665 | off); |
9666 | #else |
9667 | *insn++ = BPF_MOV32_IMM(si->dst_reg, 0); |
9668 | #endif |
9669 | break; |
9670 | case offsetof(struct __sk_buff, local_ip6[0]) ... |
9671 | offsetof(struct __sk_buff, local_ip6[3]): |
9672 | #if IS_ENABLED(CONFIG_IPV6) |
9673 | BUILD_BUG_ON(sizeof_field(struct sock_common, |
9674 | skc_v6_rcv_saddr.s6_addr32[0]) != 4); |
9675 | |
9676 | off = si->off; |
9677 | off -= offsetof(struct __sk_buff, local_ip6[0]); |
9678 | |
9679 | *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct sk_buff, sk), |
9680 | si->dst_reg, si->src_reg, |
9681 | offsetof(struct sk_buff, sk)); |
9682 | *insn++ = BPF_LDX_MEM(BPF_W, si->dst_reg, si->dst_reg, |
9683 | offsetof(struct sock_common, |
9684 | skc_v6_rcv_saddr.s6_addr32[0]) + |
9685 | off); |
9686 | #else |
9687 | *insn++ = BPF_MOV32_IMM(si->dst_reg, 0); |
9688 | #endif |
9689 | break; |
9690 | |
9691 | case offsetof(struct __sk_buff, remote_port): |
9692 | BUILD_BUG_ON(sizeof_field(struct sock_common, skc_dport) != 2); |
9693 | |
9694 | *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct sk_buff, sk), |
9695 | si->dst_reg, si->src_reg, |
9696 | offsetof(struct sk_buff, sk)); |
9697 | *insn++ = BPF_LDX_MEM(BPF_H, si->dst_reg, si->dst_reg, |
9698 | bpf_target_off(struct sock_common, |
9699 | skc_dport, |
9700 | 2, target_size)); |
9701 | #ifndef __BIG_ENDIAN_BITFIELD |
9702 | *insn++ = BPF_ALU32_IMM(BPF_LSH, si->dst_reg, 16); |
9703 | #endif |
9704 | break; |
9705 | |
9706 | case offsetof(struct __sk_buff, local_port): |
9707 | BUILD_BUG_ON(sizeof_field(struct sock_common, skc_num) != 2); |
9708 | |
9709 | *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct sk_buff, sk), |
9710 | si->dst_reg, si->src_reg, |
9711 | offsetof(struct sk_buff, sk)); |
9712 | *insn++ = BPF_LDX_MEM(BPF_H, si->dst_reg, si->dst_reg, |
9713 | bpf_target_off(struct sock_common, |
9714 | skc_num, 2, target_size)); |
9715 | break; |
9716 | |
9717 | case offsetof(struct __sk_buff, tstamp): |
9718 | BUILD_BUG_ON(sizeof_field(struct sk_buff, tstamp) != 8); |
9719 | |
9720 | if (type == BPF_WRITE) |
9721 | insn = bpf_convert_tstamp_write(prog, si, insn); |
9722 | else |
9723 | insn = bpf_convert_tstamp_read(prog, si, insn); |
9724 | break; |
9725 | |
9726 | case offsetof(struct __sk_buff, tstamp_type): |
9727 | insn = bpf_convert_tstamp_type_read(si, insn); |
9728 | break; |
9729 | |
9730 | case offsetof(struct __sk_buff, gso_segs): |
9731 | insn = bpf_convert_shinfo_access(dst_reg: si->dst_reg, skb_reg: si->src_reg, insn); |
9732 | *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct skb_shared_info, gso_segs), |
9733 | si->dst_reg, si->dst_reg, |
9734 | bpf_target_off(struct skb_shared_info, |
9735 | gso_segs, 2, |
9736 | target_size)); |
9737 | break; |
9738 | case offsetof(struct __sk_buff, gso_size): |
9739 | insn = bpf_convert_shinfo_access(dst_reg: si->dst_reg, skb_reg: si->src_reg, insn); |
9740 | *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct skb_shared_info, gso_size), |
9741 | si->dst_reg, si->dst_reg, |
9742 | bpf_target_off(struct skb_shared_info, |
9743 | gso_size, 2, |
9744 | target_size)); |
9745 | break; |
9746 | case offsetof(struct __sk_buff, wire_len): |
9747 | BUILD_BUG_ON(sizeof_field(struct qdisc_skb_cb, pkt_len) != 4); |
9748 | |
9749 | off = si->off; |
9750 | off -= offsetof(struct __sk_buff, wire_len); |
9751 | off += offsetof(struct sk_buff, cb); |
9752 | off += offsetof(struct qdisc_skb_cb, pkt_len); |
9753 | *target_size = 4; |
9754 | *insn++ = BPF_LDX_MEM(BPF_W, si->dst_reg, si->src_reg, off); |
9755 | break; |
9756 | |
9757 | case offsetof(struct __sk_buff, sk): |
9758 | *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct sk_buff, sk), |
9759 | si->dst_reg, si->src_reg, |
9760 | offsetof(struct sk_buff, sk)); |
9761 | break; |
9762 | case offsetof(struct __sk_buff, hwtstamp): |
9763 | BUILD_BUG_ON(sizeof_field(struct skb_shared_hwtstamps, hwtstamp) != 8); |
9764 | BUILD_BUG_ON(offsetof(struct skb_shared_hwtstamps, hwtstamp) != 0); |
9765 | |
9766 | insn = bpf_convert_shinfo_access(dst_reg: si->dst_reg, skb_reg: si->src_reg, insn); |
9767 | *insn++ = BPF_LDX_MEM(BPF_DW, |
9768 | si->dst_reg, si->dst_reg, |
9769 | bpf_target_off(struct skb_shared_info, |
9770 | hwtstamps, 8, |
9771 | target_size)); |
9772 | break; |
9773 | } |
9774 | |
9775 | return insn - insn_buf; |
9776 | } |
9777 | |
9778 | u32 bpf_sock_convert_ctx_access(enum bpf_access_type type, |
9779 | const struct bpf_insn *si, |
9780 | struct bpf_insn *insn_buf, |
9781 | struct bpf_prog *prog, u32 *target_size) |
9782 | { |
9783 | struct bpf_insn *insn = insn_buf; |
9784 | int off; |
9785 | |
9786 | switch (si->off) { |
9787 | case offsetof(struct bpf_sock, bound_dev_if): |
9788 | BUILD_BUG_ON(sizeof_field(struct sock, sk_bound_dev_if) != 4); |
9789 | |
9790 | if (type == BPF_WRITE) |
9791 | *insn++ = BPF_EMIT_STORE(BPF_W, si, |
9792 | offsetof(struct sock, sk_bound_dev_if)); |
9793 | else |
9794 | *insn++ = BPF_LDX_MEM(BPF_W, si->dst_reg, si->src_reg, |
9795 | offsetof(struct sock, sk_bound_dev_if)); |
9796 | break; |
9797 | |
9798 | case offsetof(struct bpf_sock, mark): |
9799 | BUILD_BUG_ON(sizeof_field(struct sock, sk_mark) != 4); |
9800 | |
9801 | if (type == BPF_WRITE) |
9802 | *insn++ = BPF_EMIT_STORE(BPF_W, si, |
9803 | offsetof(struct sock, sk_mark)); |
9804 | else |
9805 | *insn++ = BPF_LDX_MEM(BPF_W, si->dst_reg, si->src_reg, |
9806 | offsetof(struct sock, sk_mark)); |
9807 | break; |
9808 | |
9809 | case offsetof(struct bpf_sock, priority): |
9810 | BUILD_BUG_ON(sizeof_field(struct sock, sk_priority) != 4); |
9811 | |
9812 | if (type == BPF_WRITE) |
9813 | *insn++ = BPF_EMIT_STORE(BPF_W, si, |
9814 | offsetof(struct sock, sk_priority)); |
9815 | else |
9816 | *insn++ = BPF_LDX_MEM(BPF_W, si->dst_reg, si->src_reg, |
9817 | offsetof(struct sock, sk_priority)); |
9818 | break; |
9819 | |
9820 | case offsetof(struct bpf_sock, family): |
9821 | *insn++ = BPF_LDX_MEM( |
9822 | BPF_FIELD_SIZEOF(struct sock_common, skc_family), |
9823 | si->dst_reg, si->src_reg, |
9824 | bpf_target_off(struct sock_common, |
9825 | skc_family, |
9826 | sizeof_field(struct sock_common, |
9827 | skc_family), |
9828 | target_size)); |
9829 | break; |
9830 | |
9831 | case offsetof(struct bpf_sock, type): |
9832 | *insn++ = BPF_LDX_MEM( |
9833 | BPF_FIELD_SIZEOF(struct sock, sk_type), |
9834 | si->dst_reg, si->src_reg, |
9835 | bpf_target_off(struct sock, sk_type, |
9836 | sizeof_field(struct sock, sk_type), |
9837 | target_size)); |
9838 | break; |
9839 | |
9840 | case offsetof(struct bpf_sock, protocol): |
9841 | *insn++ = BPF_LDX_MEM( |
9842 | BPF_FIELD_SIZEOF(struct sock, sk_protocol), |
9843 | si->dst_reg, si->src_reg, |
9844 | bpf_target_off(struct sock, sk_protocol, |
9845 | sizeof_field(struct sock, sk_protocol), |
9846 | target_size)); |
9847 | break; |
9848 | |
9849 | case offsetof(struct bpf_sock, src_ip4): |
9850 | *insn++ = BPF_LDX_MEM( |
9851 | BPF_SIZE(si->code), si->dst_reg, si->src_reg, |
9852 | bpf_target_off(struct sock_common, skc_rcv_saddr, |
9853 | sizeof_field(struct sock_common, |
9854 | skc_rcv_saddr), |
9855 | target_size)); |
9856 | break; |
9857 | |
9858 | case offsetof(struct bpf_sock, dst_ip4): |
9859 | *insn++ = BPF_LDX_MEM( |
9860 | BPF_SIZE(si->code), si->dst_reg, si->src_reg, |
9861 | bpf_target_off(struct sock_common, skc_daddr, |
9862 | sizeof_field(struct sock_common, |
9863 | skc_daddr), |
9864 | target_size)); |
9865 | break; |
9866 | |
9867 | case bpf_ctx_range_till(struct bpf_sock, src_ip6[0], src_ip6[3]): |
9868 | #if IS_ENABLED(CONFIG_IPV6) |
9869 | off = si->off; |
9870 | off -= offsetof(struct bpf_sock, src_ip6[0]); |
9871 | *insn++ = BPF_LDX_MEM( |
9872 | BPF_SIZE(si->code), si->dst_reg, si->src_reg, |
9873 | bpf_target_off( |
9874 | struct sock_common, |
9875 | skc_v6_rcv_saddr.s6_addr32[0], |
9876 | sizeof_field(struct sock_common, |
9877 | skc_v6_rcv_saddr.s6_addr32[0]), |
9878 | target_size) + off); |
9879 | #else |
9880 | (void)off; |
9881 | *insn++ = BPF_MOV32_IMM(si->dst_reg, 0); |
9882 | #endif |
9883 | break; |
9884 | |
9885 | case bpf_ctx_range_till(struct bpf_sock, dst_ip6[0], dst_ip6[3]): |
9886 | #if IS_ENABLED(CONFIG_IPV6) |
9887 | off = si->off; |
9888 | off -= offsetof(struct bpf_sock, dst_ip6[0]); |
9889 | *insn++ = BPF_LDX_MEM( |
9890 | BPF_SIZE(si->code), si->dst_reg, si->src_reg, |
9891 | bpf_target_off(struct sock_common, |
9892 | skc_v6_daddr.s6_addr32[0], |
9893 | sizeof_field(struct sock_common, |
9894 | skc_v6_daddr.s6_addr32[0]), |
9895 | target_size) + off); |
9896 | #else |
9897 | *insn++ = BPF_MOV32_IMM(si->dst_reg, 0); |
9898 | *target_size = 4; |
9899 | #endif |
9900 | break; |
9901 | |
9902 | case offsetof(struct bpf_sock, src_port): |
9903 | *insn++ = BPF_LDX_MEM( |
9904 | BPF_FIELD_SIZEOF(struct sock_common, skc_num), |
9905 | si->dst_reg, si->src_reg, |
9906 | bpf_target_off(struct sock_common, skc_num, |
9907 | sizeof_field(struct sock_common, |
9908 | skc_num), |
9909 | target_size)); |
9910 | break; |
9911 | |
9912 | case offsetof(struct bpf_sock, dst_port): |
9913 | *insn++ = BPF_LDX_MEM( |
9914 | BPF_FIELD_SIZEOF(struct sock_common, skc_dport), |
9915 | si->dst_reg, si->src_reg, |
9916 | bpf_target_off(struct sock_common, skc_dport, |
9917 | sizeof_field(struct sock_common, |
9918 | skc_dport), |
9919 | target_size)); |
9920 | break; |
9921 | |
9922 | case offsetof(struct bpf_sock, state): |
9923 | *insn++ = BPF_LDX_MEM( |
9924 | BPF_FIELD_SIZEOF(struct sock_common, skc_state), |
9925 | si->dst_reg, si->src_reg, |
9926 | bpf_target_off(struct sock_common, skc_state, |
9927 | sizeof_field(struct sock_common, |
9928 | skc_state), |
9929 | target_size)); |
9930 | break; |
9931 | case offsetof(struct bpf_sock, rx_queue_mapping): |
9932 | #ifdef CONFIG_SOCK_RX_QUEUE_MAPPING |
9933 | *insn++ = BPF_LDX_MEM( |
9934 | BPF_FIELD_SIZEOF(struct sock, sk_rx_queue_mapping), |
9935 | si->dst_reg, si->src_reg, |
9936 | bpf_target_off(struct sock, sk_rx_queue_mapping, |
9937 | sizeof_field(struct sock, |
9938 | sk_rx_queue_mapping), |
9939 | target_size)); |
9940 | *insn++ = BPF_JMP_IMM(BPF_JNE, si->dst_reg, NO_QUEUE_MAPPING, |
9941 | 1); |
9942 | *insn++ = BPF_MOV64_IMM(si->dst_reg, -1); |
9943 | #else |
9944 | *insn++ = BPF_MOV64_IMM(si->dst_reg, -1); |
9945 | *target_size = 2; |
9946 | #endif |
9947 | break; |
9948 | } |
9949 | |
9950 | return insn - insn_buf; |
9951 | } |
9952 | |
9953 | static u32 tc_cls_act_convert_ctx_access(enum bpf_access_type type, |
9954 | const struct bpf_insn *si, |
9955 | struct bpf_insn *insn_buf, |
9956 | struct bpf_prog *prog, u32 *target_size) |
9957 | { |
9958 | struct bpf_insn *insn = insn_buf; |
9959 | |
9960 | switch (si->off) { |
9961 | case offsetof(struct __sk_buff, ifindex): |
9962 | *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct sk_buff, dev), |
9963 | si->dst_reg, si->src_reg, |
9964 | offsetof(struct sk_buff, dev)); |
9965 | *insn++ = BPF_LDX_MEM(BPF_W, si->dst_reg, si->dst_reg, |
9966 | bpf_target_off(struct net_device, ifindex, 4, |
9967 | target_size)); |
9968 | break; |
9969 | default: |
9970 | return bpf_convert_ctx_access(type, si, insn_buf, prog, |
9971 | target_size); |
9972 | } |
9973 | |
9974 | return insn - insn_buf; |
9975 | } |
9976 | |
9977 | static u32 xdp_convert_ctx_access(enum bpf_access_type type, |
9978 | const struct bpf_insn *si, |
9979 | struct bpf_insn *insn_buf, |
9980 | struct bpf_prog *prog, u32 *target_size) |
9981 | { |
9982 | struct bpf_insn *insn = insn_buf; |
9983 | |
9984 | switch (si->off) { |
9985 | case offsetof(struct xdp_md, data): |
9986 | *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct xdp_buff, data), |
9987 | si->dst_reg, si->src_reg, |
9988 | offsetof(struct xdp_buff, data)); |
9989 | break; |
9990 | case offsetof(struct xdp_md, data_meta): |
9991 | *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct xdp_buff, data_meta), |
9992 | si->dst_reg, si->src_reg, |
9993 | offsetof(struct xdp_buff, data_meta)); |
9994 | break; |
9995 | case offsetof(struct xdp_md, data_end): |
9996 | *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct xdp_buff, data_end), |
9997 | si->dst_reg, si->src_reg, |
9998 | offsetof(struct xdp_buff, data_end)); |
9999 | break; |
10000 | case offsetof(struct xdp_md, ingress_ifindex): |
10001 | *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct xdp_buff, rxq), |
10002 | si->dst_reg, si->src_reg, |
10003 | offsetof(struct xdp_buff, rxq)); |
10004 | *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct xdp_rxq_info, dev), |
10005 | si->dst_reg, si->dst_reg, |
10006 | offsetof(struct xdp_rxq_info, dev)); |
10007 | *insn++ = BPF_LDX_MEM(BPF_W, si->dst_reg, si->dst_reg, |
10008 | offsetof(struct net_device, ifindex)); |
10009 | break; |
10010 | case offsetof(struct xdp_md, rx_queue_index): |
10011 | *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct xdp_buff, rxq), |
10012 | si->dst_reg, si->src_reg, |
10013 | offsetof(struct xdp_buff, rxq)); |
10014 | *insn++ = BPF_LDX_MEM(BPF_W, si->dst_reg, si->dst_reg, |
10015 | offsetof(struct xdp_rxq_info, |
10016 | queue_index)); |
10017 | break; |
10018 | case offsetof(struct xdp_md, egress_ifindex): |
10019 | *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct xdp_buff, txq), |
10020 | si->dst_reg, si->src_reg, |
10021 | offsetof(struct xdp_buff, txq)); |
10022 | *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct xdp_txq_info, dev), |
10023 | si->dst_reg, si->dst_reg, |
10024 | offsetof(struct xdp_txq_info, dev)); |
10025 | *insn++ = BPF_LDX_MEM(BPF_W, si->dst_reg, si->dst_reg, |
10026 | offsetof(struct net_device, ifindex)); |
10027 | break; |
10028 | } |
10029 | |
10030 | return insn - insn_buf; |
10031 | } |
10032 | |
10033 | /* SOCK_ADDR_LOAD_NESTED_FIELD() loads Nested Field S.F.NF where S is type of |
10034 | * context Structure, F is Field in context structure that contains a pointer |
10035 | * to Nested Structure of type NS that has the field NF. |
10036 | * |
10037 | * SIZE encodes the load size (BPF_B, BPF_H, etc). It's up to caller to make |
10038 | * sure that SIZE is not greater than actual size of S.F.NF. |
10039 | * |
10040 | * If offset OFF is provided, the load happens from that offset relative to |
10041 | * offset of NF. |
10042 | */ |
10043 | #define SOCK_ADDR_LOAD_NESTED_FIELD_SIZE_OFF(S, NS, F, NF, SIZE, OFF) \ |
10044 | do { \ |
10045 | *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(S, F), si->dst_reg, \ |
10046 | si->src_reg, offsetof(S, F)); \ |
10047 | *insn++ = BPF_LDX_MEM( \ |
10048 | SIZE, si->dst_reg, si->dst_reg, \ |
10049 | bpf_target_off(NS, NF, sizeof_field(NS, NF), \ |
10050 | target_size) \ |
10051 | + OFF); \ |
10052 | } while (0) |
10053 | |
10054 | #define SOCK_ADDR_LOAD_NESTED_FIELD(S, NS, F, NF) \ |
10055 | SOCK_ADDR_LOAD_NESTED_FIELD_SIZE_OFF(S, NS, F, NF, \ |
10056 | BPF_FIELD_SIZEOF(NS, NF), 0) |
10057 | |
10058 | /* SOCK_ADDR_STORE_NESTED_FIELD_OFF() has semantic similar to |
10059 | * SOCK_ADDR_LOAD_NESTED_FIELD_SIZE_OFF() but for store operation. |
10060 | * |
10061 | * In addition it uses Temporary Field TF (member of struct S) as the 3rd |
10062 | * "register" since two registers available in convert_ctx_access are not |
10063 | * enough: we can't override neither SRC, since it contains value to store, nor |
10064 | * DST since it contains pointer to context that may be used by later |
10065 | * instructions. But we need a temporary place to save pointer to nested |
10066 | * structure whose field we want to store to. |
10067 | */ |
10068 | #define SOCK_ADDR_STORE_NESTED_FIELD_OFF(S, NS, F, NF, SIZE, OFF, TF) \ |
10069 | do { \ |
10070 | int tmp_reg = BPF_REG_9; \ |
10071 | if (si->src_reg == tmp_reg || si->dst_reg == tmp_reg) \ |
10072 | --tmp_reg; \ |
10073 | if (si->src_reg == tmp_reg || si->dst_reg == tmp_reg) \ |
10074 | --tmp_reg; \ |
10075 | *insn++ = BPF_STX_MEM(BPF_DW, si->dst_reg, tmp_reg, \ |
10076 | offsetof(S, TF)); \ |
10077 | *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(S, F), tmp_reg, \ |
10078 | si->dst_reg, offsetof(S, F)); \ |
10079 | *insn++ = BPF_RAW_INSN(SIZE | BPF_MEM | BPF_CLASS(si->code), \ |
10080 | tmp_reg, si->src_reg, \ |
10081 | bpf_target_off(NS, NF, sizeof_field(NS, NF), \ |
10082 | target_size) \ |
10083 | + OFF, \ |
10084 | si->imm); \ |
10085 | *insn++ = BPF_LDX_MEM(BPF_DW, tmp_reg, si->dst_reg, \ |
10086 | offsetof(S, TF)); \ |
10087 | } while (0) |
10088 | |
10089 | #define SOCK_ADDR_LOAD_OR_STORE_NESTED_FIELD_SIZE_OFF(S, NS, F, NF, SIZE, OFF, \ |
10090 | TF) \ |
10091 | do { \ |
10092 | if (type == BPF_WRITE) { \ |
10093 | SOCK_ADDR_STORE_NESTED_FIELD_OFF(S, NS, F, NF, SIZE, \ |
10094 | OFF, TF); \ |
10095 | } else { \ |
10096 | SOCK_ADDR_LOAD_NESTED_FIELD_SIZE_OFF( \ |
10097 | S, NS, F, NF, SIZE, OFF); \ |
10098 | } \ |
10099 | } while (0) |
10100 | |
10101 | #define SOCK_ADDR_LOAD_OR_STORE_NESTED_FIELD(S, NS, F, NF, TF) \ |
10102 | SOCK_ADDR_LOAD_OR_STORE_NESTED_FIELD_SIZE_OFF( \ |
10103 | S, NS, F, NF, BPF_FIELD_SIZEOF(NS, NF), 0, TF) |
10104 | |
10105 | static u32 sock_addr_convert_ctx_access(enum bpf_access_type type, |
10106 | const struct bpf_insn *si, |
10107 | struct bpf_insn *insn_buf, |
10108 | struct bpf_prog *prog, u32 *target_size) |
10109 | { |
10110 | int off, port_size = sizeof_field(struct sockaddr_in6, sin6_port); |
10111 | struct bpf_insn *insn = insn_buf; |
10112 | |
10113 | switch (si->off) { |
10114 | case offsetof(struct bpf_sock_addr, user_family): |
10115 | SOCK_ADDR_LOAD_NESTED_FIELD(struct bpf_sock_addr_kern, |
10116 | struct sockaddr, uaddr, sa_family); |
10117 | break; |
10118 | |
10119 | case offsetof(struct bpf_sock_addr, user_ip4): |
10120 | SOCK_ADDR_LOAD_OR_STORE_NESTED_FIELD_SIZE_OFF( |
10121 | struct bpf_sock_addr_kern, struct sockaddr_in, uaddr, |
10122 | sin_addr, BPF_SIZE(si->code), 0, tmp_reg); |
10123 | break; |
10124 | |
10125 | case bpf_ctx_range_till(struct bpf_sock_addr, user_ip6[0], user_ip6[3]): |
10126 | off = si->off; |
10127 | off -= offsetof(struct bpf_sock_addr, user_ip6[0]); |
10128 | SOCK_ADDR_LOAD_OR_STORE_NESTED_FIELD_SIZE_OFF( |
10129 | struct bpf_sock_addr_kern, struct sockaddr_in6, uaddr, |
10130 | sin6_addr.s6_addr32[0], BPF_SIZE(si->code), off, |
10131 | tmp_reg); |
10132 | break; |
10133 | |
10134 | case offsetof(struct bpf_sock_addr, user_port): |
10135 | /* To get port we need to know sa_family first and then treat |
10136 | * sockaddr as either sockaddr_in or sockaddr_in6. |
10137 | * Though we can simplify since port field has same offset and |
10138 | * size in both structures. |
10139 | * Here we check this invariant and use just one of the |
10140 | * structures if it's true. |
10141 | */ |
10142 | BUILD_BUG_ON(offsetof(struct sockaddr_in, sin_port) != |
10143 | offsetof(struct sockaddr_in6, sin6_port)); |
10144 | BUILD_BUG_ON(sizeof_field(struct sockaddr_in, sin_port) != |
10145 | sizeof_field(struct sockaddr_in6, sin6_port)); |
10146 | /* Account for sin6_port being smaller than user_port. */ |
10147 | port_size = min(port_size, BPF_LDST_BYTES(si)); |
10148 | SOCK_ADDR_LOAD_OR_STORE_NESTED_FIELD_SIZE_OFF( |
10149 | struct bpf_sock_addr_kern, struct sockaddr_in6, uaddr, |
10150 | sin6_port, bytes_to_bpf_size(port_size), 0, tmp_reg); |
10151 | break; |
10152 | |
10153 | case offsetof(struct bpf_sock_addr, family): |
10154 | SOCK_ADDR_LOAD_NESTED_FIELD(struct bpf_sock_addr_kern, |
10155 | struct sock, sk, sk_family); |
10156 | break; |
10157 | |
10158 | case offsetof(struct bpf_sock_addr, type): |
10159 | SOCK_ADDR_LOAD_NESTED_FIELD(struct bpf_sock_addr_kern, |
10160 | struct sock, sk, sk_type); |
10161 | break; |
10162 | |
10163 | case offsetof(struct bpf_sock_addr, protocol): |
10164 | SOCK_ADDR_LOAD_NESTED_FIELD(struct bpf_sock_addr_kern, |
10165 | struct sock, sk, sk_protocol); |
10166 | break; |
10167 | |
10168 | case offsetof(struct bpf_sock_addr, msg_src_ip4): |
10169 | /* Treat t_ctx as struct in_addr for msg_src_ip4. */ |
10170 | SOCK_ADDR_LOAD_OR_STORE_NESTED_FIELD_SIZE_OFF( |
10171 | struct bpf_sock_addr_kern, struct in_addr, t_ctx, |
10172 | s_addr, BPF_SIZE(si->code), 0, tmp_reg); |
10173 | break; |
10174 | |
10175 | case bpf_ctx_range_till(struct bpf_sock_addr, msg_src_ip6[0], |
10176 | msg_src_ip6[3]): |
10177 | off = si->off; |
10178 | off -= offsetof(struct bpf_sock_addr, msg_src_ip6[0]); |
10179 | /* Treat t_ctx as struct in6_addr for msg_src_ip6. */ |
10180 | SOCK_ADDR_LOAD_OR_STORE_NESTED_FIELD_SIZE_OFF( |
10181 | struct bpf_sock_addr_kern, struct in6_addr, t_ctx, |
10182 | s6_addr32[0], BPF_SIZE(si->code), off, tmp_reg); |
10183 | break; |
10184 | case offsetof(struct bpf_sock_addr, sk): |
10185 | *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct bpf_sock_addr_kern, sk), |
10186 | si->dst_reg, si->src_reg, |
10187 | offsetof(struct bpf_sock_addr_kern, sk)); |
10188 | break; |
10189 | } |
10190 | |
10191 | return insn - insn_buf; |
10192 | } |
10193 | |
10194 | static u32 sock_ops_convert_ctx_access(enum bpf_access_type type, |
10195 | const struct bpf_insn *si, |
10196 | struct bpf_insn *insn_buf, |
10197 | struct bpf_prog *prog, |
10198 | u32 *target_size) |
10199 | { |
10200 | struct bpf_insn *insn = insn_buf; |
10201 | int off; |
10202 | |
10203 | /* Helper macro for adding read access to tcp_sock or sock fields. */ |
10204 | #define SOCK_OPS_GET_FIELD(BPF_FIELD, OBJ_FIELD, OBJ) \ |
10205 | do { \ |
10206 | int fullsock_reg = si->dst_reg, reg = BPF_REG_9, jmp = 2; \ |
10207 | BUILD_BUG_ON(sizeof_field(OBJ, OBJ_FIELD) > \ |
10208 | sizeof_field(struct bpf_sock_ops, BPF_FIELD)); \ |
10209 | if (si->dst_reg == reg || si->src_reg == reg) \ |
10210 | reg--; \ |
10211 | if (si->dst_reg == reg || si->src_reg == reg) \ |
10212 | reg--; \ |
10213 | if (si->dst_reg == si->src_reg) { \ |
10214 | *insn++ = BPF_STX_MEM(BPF_DW, si->src_reg, reg, \ |
10215 | offsetof(struct bpf_sock_ops_kern, \ |
10216 | temp)); \ |
10217 | fullsock_reg = reg; \ |
10218 | jmp += 2; \ |
10219 | } \ |
10220 | *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF( \ |
10221 | struct bpf_sock_ops_kern, \ |
10222 | is_fullsock), \ |
10223 | fullsock_reg, si->src_reg, \ |
10224 | offsetof(struct bpf_sock_ops_kern, \ |
10225 | is_fullsock)); \ |
10226 | *insn++ = BPF_JMP_IMM(BPF_JEQ, fullsock_reg, 0, jmp); \ |
10227 | if (si->dst_reg == si->src_reg) \ |
10228 | *insn++ = BPF_LDX_MEM(BPF_DW, reg, si->src_reg, \ |
10229 | offsetof(struct bpf_sock_ops_kern, \ |
10230 | temp)); \ |
10231 | *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF( \ |
10232 | struct bpf_sock_ops_kern, sk),\ |
10233 | si->dst_reg, si->src_reg, \ |
10234 | offsetof(struct bpf_sock_ops_kern, sk));\ |
10235 | *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(OBJ, \ |
10236 | OBJ_FIELD), \ |
10237 | si->dst_reg, si->dst_reg, \ |
10238 | offsetof(OBJ, OBJ_FIELD)); \ |
10239 | if (si->dst_reg == si->src_reg) { \ |
10240 | *insn++ = BPF_JMP_A(1); \ |
10241 | *insn++ = BPF_LDX_MEM(BPF_DW, reg, si->src_reg, \ |
10242 | offsetof(struct bpf_sock_ops_kern, \ |
10243 | temp)); \ |
10244 | } \ |
10245 | } while (0) |
10246 | |
10247 | #define SOCK_OPS_GET_SK() \ |
10248 | do { \ |
10249 | int fullsock_reg = si->dst_reg, reg = BPF_REG_9, jmp = 1; \ |
10250 | if (si->dst_reg == reg || si->src_reg == reg) \ |
10251 | reg--; \ |
10252 | if (si->dst_reg == reg || si->src_reg == reg) \ |
10253 | reg--; \ |
10254 | if (si->dst_reg == si->src_reg) { \ |
10255 | *insn++ = BPF_STX_MEM(BPF_DW, si->src_reg, reg, \ |
10256 | offsetof(struct bpf_sock_ops_kern, \ |
10257 | temp)); \ |
10258 | fullsock_reg = reg; \ |
10259 | jmp += 2; \ |
10260 | } \ |
10261 | *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF( \ |
10262 | struct bpf_sock_ops_kern, \ |
10263 | is_fullsock), \ |
10264 | fullsock_reg, si->src_reg, \ |
10265 | offsetof(struct bpf_sock_ops_kern, \ |
10266 | is_fullsock)); \ |
10267 | *insn++ = BPF_JMP_IMM(BPF_JEQ, fullsock_reg, 0, jmp); \ |
10268 | if (si->dst_reg == si->src_reg) \ |
10269 | *insn++ = BPF_LDX_MEM(BPF_DW, reg, si->src_reg, \ |
10270 | offsetof(struct bpf_sock_ops_kern, \ |
10271 | temp)); \ |
10272 | *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF( \ |
10273 | struct bpf_sock_ops_kern, sk),\ |
10274 | si->dst_reg, si->src_reg, \ |
10275 | offsetof(struct bpf_sock_ops_kern, sk));\ |
10276 | if (si->dst_reg == si->src_reg) { \ |
10277 | *insn++ = BPF_JMP_A(1); \ |
10278 | *insn++ = BPF_LDX_MEM(BPF_DW, reg, si->src_reg, \ |
10279 | offsetof(struct bpf_sock_ops_kern, \ |
10280 | temp)); \ |
10281 | } \ |
10282 | } while (0) |
10283 | |
10284 | #define SOCK_OPS_GET_TCP_SOCK_FIELD(FIELD) \ |
10285 | SOCK_OPS_GET_FIELD(FIELD, FIELD, struct tcp_sock) |
10286 | |
10287 | /* Helper macro for adding write access to tcp_sock or sock fields. |
10288 | * The macro is called with two registers, dst_reg which contains a pointer |
10289 | * to ctx (context) and src_reg which contains the value that should be |
10290 | * stored. However, we need an additional register since we cannot overwrite |
10291 | * dst_reg because it may be used later in the program. |
10292 | * Instead we "borrow" one of the other register. We first save its value |
10293 | * into a new (temp) field in bpf_sock_ops_kern, use it, and then restore |
10294 | * it at the end of the macro. |
10295 | */ |
10296 | #define SOCK_OPS_SET_FIELD(BPF_FIELD, OBJ_FIELD, OBJ) \ |
10297 | do { \ |
10298 | int reg = BPF_REG_9; \ |
10299 | BUILD_BUG_ON(sizeof_field(OBJ, OBJ_FIELD) > \ |
10300 | sizeof_field(struct bpf_sock_ops, BPF_FIELD)); \ |
10301 | if (si->dst_reg == reg || si->src_reg == reg) \ |
10302 | reg--; \ |
10303 | if (si->dst_reg == reg || si->src_reg == reg) \ |
10304 | reg--; \ |
10305 | *insn++ = BPF_STX_MEM(BPF_DW, si->dst_reg, reg, \ |
10306 | offsetof(struct bpf_sock_ops_kern, \ |
10307 | temp)); \ |
10308 | *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF( \ |
10309 | struct bpf_sock_ops_kern, \ |
10310 | is_fullsock), \ |
10311 | reg, si->dst_reg, \ |
10312 | offsetof(struct bpf_sock_ops_kern, \ |
10313 | is_fullsock)); \ |
10314 | *insn++ = BPF_JMP_IMM(BPF_JEQ, reg, 0, 2); \ |
10315 | *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF( \ |
10316 | struct bpf_sock_ops_kern, sk),\ |
10317 | reg, si->dst_reg, \ |
10318 | offsetof(struct bpf_sock_ops_kern, sk));\ |
10319 | *insn++ = BPF_RAW_INSN(BPF_FIELD_SIZEOF(OBJ, OBJ_FIELD) | \ |
10320 | BPF_MEM | BPF_CLASS(si->code), \ |
10321 | reg, si->src_reg, \ |
10322 | offsetof(OBJ, OBJ_FIELD), \ |
10323 | si->imm); \ |
10324 | *insn++ = BPF_LDX_MEM(BPF_DW, reg, si->dst_reg, \ |
10325 | offsetof(struct bpf_sock_ops_kern, \ |
10326 | temp)); \ |
10327 | } while (0) |
10328 | |
10329 | #define SOCK_OPS_GET_OR_SET_FIELD(BPF_FIELD, OBJ_FIELD, OBJ, TYPE) \ |
10330 | do { \ |
10331 | if (TYPE == BPF_WRITE) \ |
10332 | SOCK_OPS_SET_FIELD(BPF_FIELD, OBJ_FIELD, OBJ); \ |
10333 | else \ |
10334 | SOCK_OPS_GET_FIELD(BPF_FIELD, OBJ_FIELD, OBJ); \ |
10335 | } while (0) |
10336 | |
10337 | switch (si->off) { |
10338 | case offsetof(struct bpf_sock_ops, op): |
10339 | *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct bpf_sock_ops_kern, |
10340 | op), |
10341 | si->dst_reg, si->src_reg, |
10342 | offsetof(struct bpf_sock_ops_kern, op)); |
10343 | break; |
10344 | |
10345 | case offsetof(struct bpf_sock_ops, replylong[0]) ... |
10346 | offsetof(struct bpf_sock_ops, replylong[3]): |
10347 | BUILD_BUG_ON(sizeof_field(struct bpf_sock_ops, reply) != |
10348 | sizeof_field(struct bpf_sock_ops_kern, reply)); |
10349 | BUILD_BUG_ON(sizeof_field(struct bpf_sock_ops, replylong) != |
10350 | sizeof_field(struct bpf_sock_ops_kern, replylong)); |
10351 | off = si->off; |
10352 | off -= offsetof(struct bpf_sock_ops, replylong[0]); |
10353 | off += offsetof(struct bpf_sock_ops_kern, replylong[0]); |
10354 | if (type == BPF_WRITE) |
10355 | *insn++ = BPF_EMIT_STORE(BPF_W, si, off); |
10356 | else |
10357 | *insn++ = BPF_LDX_MEM(BPF_W, si->dst_reg, si->src_reg, |
10358 | off); |
10359 | break; |
10360 | |
10361 | case offsetof(struct bpf_sock_ops, family): |
10362 | BUILD_BUG_ON(sizeof_field(struct sock_common, skc_family) != 2); |
10363 | |
10364 | *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF( |
10365 | struct bpf_sock_ops_kern, sk), |
10366 | si->dst_reg, si->src_reg, |
10367 | offsetof(struct bpf_sock_ops_kern, sk)); |
10368 | *insn++ = BPF_LDX_MEM(BPF_H, si->dst_reg, si->dst_reg, |
10369 | offsetof(struct sock_common, skc_family)); |
10370 | break; |
10371 | |
10372 | case offsetof(struct bpf_sock_ops, remote_ip4): |
10373 | BUILD_BUG_ON(sizeof_field(struct sock_common, skc_daddr) != 4); |
10374 | |
10375 | *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF( |
10376 | struct bpf_sock_ops_kern, sk), |
10377 | si->dst_reg, si->src_reg, |
10378 | offsetof(struct bpf_sock_ops_kern, sk)); |
10379 | *insn++ = BPF_LDX_MEM(BPF_W, si->dst_reg, si->dst_reg, |
10380 | offsetof(struct sock_common, skc_daddr)); |
10381 | break; |
10382 | |
10383 | case offsetof(struct bpf_sock_ops, local_ip4): |
10384 | BUILD_BUG_ON(sizeof_field(struct sock_common, |
10385 | skc_rcv_saddr) != 4); |
10386 | |
10387 | *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF( |
10388 | struct bpf_sock_ops_kern, sk), |
10389 | si->dst_reg, si->src_reg, |
10390 | offsetof(struct bpf_sock_ops_kern, sk)); |
10391 | *insn++ = BPF_LDX_MEM(BPF_W, si->dst_reg, si->dst_reg, |
10392 | offsetof(struct sock_common, |
10393 | skc_rcv_saddr)); |
10394 | break; |
10395 | |
10396 | case offsetof(struct bpf_sock_ops, remote_ip6[0]) ... |
10397 | offsetof(struct bpf_sock_ops, remote_ip6[3]): |
10398 | #if IS_ENABLED(CONFIG_IPV6) |
10399 | BUILD_BUG_ON(sizeof_field(struct sock_common, |
10400 | skc_v6_daddr.s6_addr32[0]) != 4); |
10401 | |
10402 | off = si->off; |
10403 | off -= offsetof(struct bpf_sock_ops, remote_ip6[0]); |
10404 | *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF( |
10405 | struct bpf_sock_ops_kern, sk), |
10406 | si->dst_reg, si->src_reg, |
10407 | offsetof(struct bpf_sock_ops_kern, sk)); |
10408 | *insn++ = BPF_LDX_MEM(BPF_W, si->dst_reg, si->dst_reg, |
10409 | offsetof(struct sock_common, |
10410 | skc_v6_daddr.s6_addr32[0]) + |
10411 | off); |
10412 | #else |
10413 | *insn++ = BPF_MOV32_IMM(si->dst_reg, 0); |
10414 | #endif |
10415 | break; |
10416 | |
10417 | case offsetof(struct bpf_sock_ops, local_ip6[0]) ... |
10418 | offsetof(struct bpf_sock_ops, local_ip6[3]): |
10419 | #if IS_ENABLED(CONFIG_IPV6) |
10420 | BUILD_BUG_ON(sizeof_field(struct sock_common, |
10421 | skc_v6_rcv_saddr.s6_addr32[0]) != 4); |
10422 | |
10423 | off = si->off; |
10424 | off -= offsetof(struct bpf_sock_ops, local_ip6[0]); |
10425 | *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF( |
10426 | struct bpf_sock_ops_kern, sk), |
10427 | si->dst_reg, si->src_reg, |
10428 | offsetof(struct bpf_sock_ops_kern, sk)); |
10429 | *insn++ = BPF_LDX_MEM(BPF_W, si->dst_reg, si->dst_reg, |
10430 | offsetof(struct sock_common, |
10431 | skc_v6_rcv_saddr.s6_addr32[0]) + |
10432 | off); |
10433 | #else |
10434 | *insn++ = BPF_MOV32_IMM(si->dst_reg, 0); |
10435 | #endif |
10436 | break; |
10437 | |
10438 | case offsetof(struct bpf_sock_ops, remote_port): |
10439 | BUILD_BUG_ON(sizeof_field(struct sock_common, skc_dport) != 2); |
10440 | |
10441 | *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF( |
10442 | struct bpf_sock_ops_kern, sk), |
10443 | si->dst_reg, si->src_reg, |
10444 | offsetof(struct bpf_sock_ops_kern, sk)); |
10445 | *insn++ = BPF_LDX_MEM(BPF_H, si->dst_reg, si->dst_reg, |
10446 | offsetof(struct sock_common, skc_dport)); |
10447 | #ifndef __BIG_ENDIAN_BITFIELD |
10448 | *insn++ = BPF_ALU32_IMM(BPF_LSH, si->dst_reg, 16); |
10449 | #endif |
10450 | break; |
10451 | |
10452 | case offsetof(struct bpf_sock_ops, local_port): |
10453 | BUILD_BUG_ON(sizeof_field(struct sock_common, skc_num) != 2); |
10454 | |
10455 | *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF( |
10456 | struct bpf_sock_ops_kern, sk), |
10457 | si->dst_reg, si->src_reg, |
10458 | offsetof(struct bpf_sock_ops_kern, sk)); |
10459 | *insn++ = BPF_LDX_MEM(BPF_H, si->dst_reg, si->dst_reg, |
10460 | offsetof(struct sock_common, skc_num)); |
10461 | break; |
10462 | |
10463 | case offsetof(struct bpf_sock_ops, is_fullsock): |
10464 | *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF( |
10465 | struct bpf_sock_ops_kern, |
10466 | is_fullsock), |
10467 | si->dst_reg, si->src_reg, |
10468 | offsetof(struct bpf_sock_ops_kern, |
10469 | is_fullsock)); |
10470 | break; |
10471 | |
10472 | case offsetof(struct bpf_sock_ops, state): |
10473 | BUILD_BUG_ON(sizeof_field(struct sock_common, skc_state) != 1); |
10474 | |
10475 | *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF( |
10476 | struct bpf_sock_ops_kern, sk), |
10477 | si->dst_reg, si->src_reg, |
10478 | offsetof(struct bpf_sock_ops_kern, sk)); |
10479 | *insn++ = BPF_LDX_MEM(BPF_B, si->dst_reg, si->dst_reg, |
10480 | offsetof(struct sock_common, skc_state)); |
10481 | break; |
10482 | |
10483 | case offsetof(struct bpf_sock_ops, rtt_min): |
10484 | BUILD_BUG_ON(sizeof_field(struct tcp_sock, rtt_min) != |
10485 | sizeof(struct minmax)); |
10486 | BUILD_BUG_ON(sizeof(struct minmax) < |
10487 | sizeof(struct minmax_sample)); |
10488 | |
10489 | *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF( |
10490 | struct bpf_sock_ops_kern, sk), |
10491 | si->dst_reg, si->src_reg, |
10492 | offsetof(struct bpf_sock_ops_kern, sk)); |
10493 | *insn++ = BPF_LDX_MEM(BPF_W, si->dst_reg, si->dst_reg, |
10494 | offsetof(struct tcp_sock, rtt_min) + |
10495 | sizeof_field(struct minmax_sample, t)); |
10496 | break; |
10497 | |
10498 | case offsetof(struct bpf_sock_ops, bpf_sock_ops_cb_flags): |
10499 | SOCK_OPS_GET_FIELD(bpf_sock_ops_cb_flags, bpf_sock_ops_cb_flags, |
10500 | struct tcp_sock); |
10501 | break; |
10502 | |
10503 | case offsetof(struct bpf_sock_ops, sk_txhash): |
10504 | SOCK_OPS_GET_OR_SET_FIELD(sk_txhash, sk_txhash, |
10505 | struct sock, type); |
10506 | break; |
10507 | case offsetof(struct bpf_sock_ops, snd_cwnd): |
10508 | SOCK_OPS_GET_TCP_SOCK_FIELD(snd_cwnd); |
10509 | break; |
10510 | case offsetof(struct bpf_sock_ops, srtt_us): |
10511 | SOCK_OPS_GET_TCP_SOCK_FIELD(srtt_us); |
10512 | break; |
10513 | case offsetof(struct bpf_sock_ops, snd_ssthresh): |
10514 | SOCK_OPS_GET_TCP_SOCK_FIELD(snd_ssthresh); |
10515 | break; |
10516 | case offsetof(struct bpf_sock_ops, rcv_nxt): |
10517 | SOCK_OPS_GET_TCP_SOCK_FIELD(rcv_nxt); |
10518 | break; |
10519 | case offsetof(struct bpf_sock_ops, snd_nxt): |
10520 | SOCK_OPS_GET_TCP_SOCK_FIELD(snd_nxt); |
10521 | break; |
10522 | case offsetof(struct bpf_sock_ops, snd_una): |
10523 | SOCK_OPS_GET_TCP_SOCK_FIELD(snd_una); |
10524 | break; |
10525 | case offsetof(struct bpf_sock_ops, mss_cache): |
10526 | SOCK_OPS_GET_TCP_SOCK_FIELD(mss_cache); |
10527 | break; |
10528 | case offsetof(struct bpf_sock_ops, ecn_flags): |
10529 | SOCK_OPS_GET_TCP_SOCK_FIELD(ecn_flags); |
10530 | break; |
10531 | case offsetof(struct bpf_sock_ops, rate_delivered): |
10532 | SOCK_OPS_GET_TCP_SOCK_FIELD(rate_delivered); |
10533 | break; |
10534 | case offsetof(struct bpf_sock_ops, rate_interval_us): |
10535 | SOCK_OPS_GET_TCP_SOCK_FIELD(rate_interval_us); |
10536 | break; |
10537 | case offsetof(struct bpf_sock_ops, packets_out): |
10538 | SOCK_OPS_GET_TCP_SOCK_FIELD(packets_out); |
10539 | break; |
10540 | case offsetof(struct bpf_sock_ops, retrans_out): |
10541 | SOCK_OPS_GET_TCP_SOCK_FIELD(retrans_out); |
10542 | break; |
10543 | case offsetof(struct bpf_sock_ops, total_retrans): |
10544 | SOCK_OPS_GET_TCP_SOCK_FIELD(total_retrans); |
10545 | break; |
10546 | case offsetof(struct bpf_sock_ops, segs_in): |
10547 | SOCK_OPS_GET_TCP_SOCK_FIELD(segs_in); |
10548 | break; |
10549 | case offsetof(struct bpf_sock_ops, data_segs_in): |
10550 | SOCK_OPS_GET_TCP_SOCK_FIELD(data_segs_in); |
10551 | break; |
10552 | case offsetof(struct bpf_sock_ops, segs_out): |
10553 | SOCK_OPS_GET_TCP_SOCK_FIELD(segs_out); |
10554 | break; |
10555 | case offsetof(struct bpf_sock_ops, data_segs_out): |
10556 | SOCK_OPS_GET_TCP_SOCK_FIELD(data_segs_out); |
10557 | break; |
10558 | case offsetof(struct bpf_sock_ops, lost_out): |
10559 | SOCK_OPS_GET_TCP_SOCK_FIELD(lost_out); |
10560 | break; |
10561 | case offsetof(struct bpf_sock_ops, sacked_out): |
10562 | SOCK_OPS_GET_TCP_SOCK_FIELD(sacked_out); |
10563 | break; |
10564 | case offsetof(struct bpf_sock_ops, bytes_received): |
10565 | SOCK_OPS_GET_TCP_SOCK_FIELD(bytes_received); |
10566 | break; |
10567 | case offsetof(struct bpf_sock_ops, bytes_acked): |
10568 | SOCK_OPS_GET_TCP_SOCK_FIELD(bytes_acked); |
10569 | break; |
10570 | case offsetof(struct bpf_sock_ops, sk): |
10571 | SOCK_OPS_GET_SK(); |
10572 | break; |
10573 | case offsetof(struct bpf_sock_ops, skb_data_end): |
10574 | *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct bpf_sock_ops_kern, |
10575 | skb_data_end), |
10576 | si->dst_reg, si->src_reg, |
10577 | offsetof(struct bpf_sock_ops_kern, |
10578 | skb_data_end)); |
10579 | break; |
10580 | case offsetof(struct bpf_sock_ops, skb_data): |
10581 | *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct bpf_sock_ops_kern, |
10582 | skb), |
10583 | si->dst_reg, si->src_reg, |
10584 | offsetof(struct bpf_sock_ops_kern, |
10585 | skb)); |
10586 | *insn++ = BPF_JMP_IMM(BPF_JEQ, si->dst_reg, 0, 1); |
10587 | *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct sk_buff, data), |
10588 | si->dst_reg, si->dst_reg, |
10589 | offsetof(struct sk_buff, data)); |
10590 | break; |
10591 | case offsetof(struct bpf_sock_ops, skb_len): |
10592 | *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct bpf_sock_ops_kern, |
10593 | skb), |
10594 | si->dst_reg, si->src_reg, |
10595 | offsetof(struct bpf_sock_ops_kern, |
10596 | skb)); |
10597 | *insn++ = BPF_JMP_IMM(BPF_JEQ, si->dst_reg, 0, 1); |
10598 | *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct sk_buff, len), |
10599 | si->dst_reg, si->dst_reg, |
10600 | offsetof(struct sk_buff, len)); |
10601 | break; |
10602 | case offsetof(struct bpf_sock_ops, skb_tcp_flags): |
10603 | off = offsetof(struct sk_buff, cb); |
10604 | off += offsetof(struct tcp_skb_cb, tcp_flags); |
10605 | *target_size = sizeof_field(struct tcp_skb_cb, tcp_flags); |
10606 | *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct bpf_sock_ops_kern, |
10607 | skb), |
10608 | si->dst_reg, si->src_reg, |
10609 | offsetof(struct bpf_sock_ops_kern, |
10610 | skb)); |
10611 | *insn++ = BPF_JMP_IMM(BPF_JEQ, si->dst_reg, 0, 1); |
10612 | *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct tcp_skb_cb, |
10613 | tcp_flags), |
10614 | si->dst_reg, si->dst_reg, off); |
10615 | break; |
10616 | case offsetof(struct bpf_sock_ops, skb_hwtstamp): { |
10617 | struct bpf_insn *jmp_on_null_skb; |
10618 | |
10619 | *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct bpf_sock_ops_kern, |
10620 | skb), |
10621 | si->dst_reg, si->src_reg, |
10622 | offsetof(struct bpf_sock_ops_kern, |
10623 | skb)); |
10624 | /* Reserve one insn to test skb == NULL */ |
10625 | jmp_on_null_skb = insn++; |
10626 | insn = bpf_convert_shinfo_access(dst_reg: si->dst_reg, skb_reg: si->dst_reg, insn); |
10627 | *insn++ = BPF_LDX_MEM(BPF_DW, si->dst_reg, si->dst_reg, |
10628 | bpf_target_off(struct skb_shared_info, |
10629 | hwtstamps, 8, |
10630 | target_size)); |
10631 | *jmp_on_null_skb = BPF_JMP_IMM(BPF_JEQ, si->dst_reg, 0, |
10632 | insn - jmp_on_null_skb - 1); |
10633 | break; |
10634 | } |
10635 | } |
10636 | return insn - insn_buf; |
10637 | } |
10638 | |
10639 | /* data_end = skb->data + skb_headlen() */ |
10640 | static struct bpf_insn *bpf_convert_data_end_access(const struct bpf_insn *si, |
10641 | struct bpf_insn *insn) |
10642 | { |
10643 | int reg; |
10644 | int temp_reg_off = offsetof(struct sk_buff, cb) + |
10645 | offsetof(struct sk_skb_cb, temp_reg); |
10646 | |
10647 | if (si->src_reg == si->dst_reg) { |
10648 | /* We need an extra register, choose and save a register. */ |
10649 | reg = BPF_REG_9; |
10650 | if (si->src_reg == reg || si->dst_reg == reg) |
10651 | reg--; |
10652 | if (si->src_reg == reg || si->dst_reg == reg) |
10653 | reg--; |
10654 | *insn++ = BPF_STX_MEM(BPF_DW, si->src_reg, reg, temp_reg_off); |
10655 | } else { |
10656 | reg = si->dst_reg; |
10657 | } |
10658 | |
10659 | /* reg = skb->data */ |
10660 | *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct sk_buff, data), |
10661 | reg, si->src_reg, |
10662 | offsetof(struct sk_buff, data)); |
10663 | /* AX = skb->len */ |
10664 | *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct sk_buff, len), |
10665 | BPF_REG_AX, si->src_reg, |
10666 | offsetof(struct sk_buff, len)); |
10667 | /* reg = skb->data + skb->len */ |
10668 | *insn++ = BPF_ALU64_REG(BPF_ADD, reg, BPF_REG_AX); |
10669 | /* AX = skb->data_len */ |
10670 | *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct sk_buff, data_len), |
10671 | BPF_REG_AX, si->src_reg, |
10672 | offsetof(struct sk_buff, data_len)); |
10673 | |
10674 | /* reg = skb->data + skb->len - skb->data_len */ |
10675 | *insn++ = BPF_ALU64_REG(BPF_SUB, reg, BPF_REG_AX); |
10676 | |
10677 | if (si->src_reg == si->dst_reg) { |
10678 | /* Restore the saved register */ |
10679 | *insn++ = BPF_MOV64_REG(BPF_REG_AX, si->src_reg); |
10680 | *insn++ = BPF_MOV64_REG(si->dst_reg, reg); |
10681 | *insn++ = BPF_LDX_MEM(BPF_DW, reg, BPF_REG_AX, temp_reg_off); |
10682 | } |
10683 | |
10684 | return insn; |
10685 | } |
10686 | |
10687 | static u32 sk_skb_convert_ctx_access(enum bpf_access_type type, |
10688 | const struct bpf_insn *si, |
10689 | struct bpf_insn *insn_buf, |
10690 | struct bpf_prog *prog, u32 *target_size) |
10691 | { |
10692 | struct bpf_insn *insn = insn_buf; |
10693 | int off; |
10694 | |
10695 | switch (si->off) { |
10696 | case offsetof(struct __sk_buff, data_end): |
10697 | insn = bpf_convert_data_end_access(si, insn); |
10698 | break; |
10699 | case offsetof(struct __sk_buff, cb[0]) ... |
10700 | offsetofend(struct __sk_buff, cb[4]) - 1: |
10701 | BUILD_BUG_ON(sizeof_field(struct sk_skb_cb, data) < 20); |
10702 | BUILD_BUG_ON((offsetof(struct sk_buff, cb) + |
10703 | offsetof(struct sk_skb_cb, data)) % |
10704 | sizeof(__u64)); |
10705 | |
10706 | prog->cb_access = 1; |
10707 | off = si->off; |
10708 | off -= offsetof(struct __sk_buff, cb[0]); |
10709 | off += offsetof(struct sk_buff, cb); |
10710 | off += offsetof(struct sk_skb_cb, data); |
10711 | if (type == BPF_WRITE) |
10712 | *insn++ = BPF_EMIT_STORE(BPF_SIZE(si->code), si, off); |
10713 | else |
10714 | *insn++ = BPF_LDX_MEM(BPF_SIZE(si->code), si->dst_reg, |
10715 | si->src_reg, off); |
10716 | break; |
10717 | |
10718 | |
10719 | default: |
10720 | return bpf_convert_ctx_access(type, si, insn_buf, prog, |
10721 | target_size); |
10722 | } |
10723 | |
10724 | return insn - insn_buf; |
10725 | } |
10726 | |
10727 | static u32 sk_msg_convert_ctx_access(enum bpf_access_type type, |
10728 | const struct bpf_insn *si, |
10729 | struct bpf_insn *insn_buf, |
10730 | struct bpf_prog *prog, u32 *target_size) |
10731 | { |
10732 | struct bpf_insn *insn = insn_buf; |
10733 | #if IS_ENABLED(CONFIG_IPV6) |
10734 | int off; |
10735 | #endif |
10736 | |
10737 | /* convert ctx uses the fact sg element is first in struct */ |
10738 | BUILD_BUG_ON(offsetof(struct sk_msg, sg) != 0); |
10739 | |
10740 | switch (si->off) { |
10741 | case offsetof(struct sk_msg_md, data): |
10742 | *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct sk_msg, data), |
10743 | si->dst_reg, si->src_reg, |
10744 | offsetof(struct sk_msg, data)); |
10745 | break; |
10746 | case offsetof(struct sk_msg_md, data_end): |
10747 | *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct sk_msg, data_end), |
10748 | si->dst_reg, si->src_reg, |
10749 | offsetof(struct sk_msg, data_end)); |
10750 | break; |
10751 | case offsetof(struct sk_msg_md, family): |
10752 | BUILD_BUG_ON(sizeof_field(struct sock_common, skc_family) != 2); |
10753 | |
10754 | *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF( |
10755 | struct sk_msg, sk), |
10756 | si->dst_reg, si->src_reg, |
10757 | offsetof(struct sk_msg, sk)); |
10758 | *insn++ = BPF_LDX_MEM(BPF_H, si->dst_reg, si->dst_reg, |
10759 | offsetof(struct sock_common, skc_family)); |
10760 | break; |
10761 | |
10762 | case offsetof(struct sk_msg_md, remote_ip4): |
10763 | BUILD_BUG_ON(sizeof_field(struct sock_common, skc_daddr) != 4); |
10764 | |
10765 | *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF( |
10766 | struct sk_msg, sk), |
10767 | si->dst_reg, si->src_reg, |
10768 | offsetof(struct sk_msg, sk)); |
10769 | *insn++ = BPF_LDX_MEM(BPF_W, si->dst_reg, si->dst_reg, |
10770 | offsetof(struct sock_common, skc_daddr)); |
10771 | break; |
10772 | |
10773 | case offsetof(struct sk_msg_md, local_ip4): |
10774 | BUILD_BUG_ON(sizeof_field(struct sock_common, |
10775 | skc_rcv_saddr) != 4); |
10776 | |
10777 | *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF( |
10778 | struct sk_msg, sk), |
10779 | si->dst_reg, si->src_reg, |
10780 | offsetof(struct sk_msg, sk)); |
10781 | *insn++ = BPF_LDX_MEM(BPF_W, si->dst_reg, si->dst_reg, |
10782 | offsetof(struct sock_common, |
10783 | skc_rcv_saddr)); |
10784 | break; |
10785 | |
10786 | case offsetof(struct sk_msg_md, remote_ip6[0]) ... |
10787 | offsetof(struct sk_msg_md, remote_ip6[3]): |
10788 | #if IS_ENABLED(CONFIG_IPV6) |
10789 | BUILD_BUG_ON(sizeof_field(struct sock_common, |
10790 | skc_v6_daddr.s6_addr32[0]) != 4); |
10791 | |
10792 | off = si->off; |
10793 | off -= offsetof(struct sk_msg_md, remote_ip6[0]); |
10794 | *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF( |
10795 | struct sk_msg, sk), |
10796 | si->dst_reg, si->src_reg, |
10797 | offsetof(struct sk_msg, sk)); |
10798 | *insn++ = BPF_LDX_MEM(BPF_W, si->dst_reg, si->dst_reg, |
10799 | offsetof(struct sock_common, |
10800 | skc_v6_daddr.s6_addr32[0]) + |
10801 | off); |
10802 | #else |
10803 | *insn++ = BPF_MOV32_IMM(si->dst_reg, 0); |
10804 | #endif |
10805 | break; |
10806 | |
10807 | case offsetof(struct sk_msg_md, local_ip6[0]) ... |
10808 | offsetof(struct sk_msg_md, local_ip6[3]): |
10809 | #if IS_ENABLED(CONFIG_IPV6) |
10810 | BUILD_BUG_ON(sizeof_field(struct sock_common, |
10811 | skc_v6_rcv_saddr.s6_addr32[0]) != 4); |
10812 | |
10813 | off = si->off; |
10814 | off -= offsetof(struct sk_msg_md, local_ip6[0]); |
10815 | *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF( |
10816 | struct sk_msg, sk), |
10817 | si->dst_reg, si->src_reg, |
10818 | offsetof(struct sk_msg, sk)); |
10819 | *insn++ = BPF_LDX_MEM(BPF_W, si->dst_reg, si->dst_reg, |
10820 | offsetof(struct sock_common, |
10821 | skc_v6_rcv_saddr.s6_addr32[0]) + |
10822 | off); |
10823 | #else |
10824 | *insn++ = BPF_MOV32_IMM(si->dst_reg, 0); |
10825 | #endif |
10826 | break; |
10827 | |
10828 | case offsetof(struct sk_msg_md, remote_port): |
10829 | BUILD_BUG_ON(sizeof_field(struct sock_common, skc_dport) != 2); |
10830 | |
10831 | *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF( |
10832 | struct sk_msg, sk), |
10833 | si->dst_reg, si->src_reg, |
10834 | offsetof(struct sk_msg, sk)); |
10835 | *insn++ = BPF_LDX_MEM(BPF_H, si->dst_reg, si->dst_reg, |
10836 | offsetof(struct sock_common, skc_dport)); |
10837 | #ifndef __BIG_ENDIAN_BITFIELD |
10838 | *insn++ = BPF_ALU32_IMM(BPF_LSH, si->dst_reg, 16); |
10839 | #endif |
10840 | break; |
10841 | |
10842 | case offsetof(struct sk_msg_md, local_port): |
10843 | BUILD_BUG_ON(sizeof_field(struct sock_common, skc_num) != 2); |
10844 | |
10845 | *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF( |
10846 | struct sk_msg, sk), |
10847 | si->dst_reg, si->src_reg, |
10848 | offsetof(struct sk_msg, sk)); |
10849 | *insn++ = BPF_LDX_MEM(BPF_H, si->dst_reg, si->dst_reg, |
10850 | offsetof(struct sock_common, skc_num)); |
10851 | break; |
10852 | |
10853 | case offsetof(struct sk_msg_md, size): |
10854 | *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct sk_msg_sg, size), |
10855 | si->dst_reg, si->src_reg, |
10856 | offsetof(struct sk_msg_sg, size)); |
10857 | break; |
10858 | |
10859 | case offsetof(struct sk_msg_md, sk): |
10860 | *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct sk_msg, sk), |
10861 | si->dst_reg, si->src_reg, |
10862 | offsetof(struct sk_msg, sk)); |
10863 | break; |
10864 | } |
10865 | |
10866 | return insn - insn_buf; |
10867 | } |
10868 | |
10869 | const struct bpf_verifier_ops sk_filter_verifier_ops = { |
10870 | .get_func_proto = sk_filter_func_proto, |
10871 | .is_valid_access = sk_filter_is_valid_access, |
10872 | .convert_ctx_access = bpf_convert_ctx_access, |
10873 | .gen_ld_abs = bpf_gen_ld_abs, |
10874 | }; |
10875 | |
10876 | const struct bpf_prog_ops sk_filter_prog_ops = { |
10877 | .test_run = bpf_prog_test_run_skb, |
10878 | }; |
10879 | |
10880 | const struct bpf_verifier_ops tc_cls_act_verifier_ops = { |
10881 | .get_func_proto = tc_cls_act_func_proto, |
10882 | .is_valid_access = tc_cls_act_is_valid_access, |
10883 | .convert_ctx_access = tc_cls_act_convert_ctx_access, |
10884 | .gen_prologue = tc_cls_act_prologue, |
10885 | .gen_ld_abs = bpf_gen_ld_abs, |
10886 | .btf_struct_access = tc_cls_act_btf_struct_access, |
10887 | }; |
10888 | |
10889 | const struct bpf_prog_ops tc_cls_act_prog_ops = { |
10890 | .test_run = bpf_prog_test_run_skb, |
10891 | }; |
10892 | |
10893 | const struct bpf_verifier_ops xdp_verifier_ops = { |
10894 | .get_func_proto = xdp_func_proto, |
10895 | .is_valid_access = xdp_is_valid_access, |
10896 | .convert_ctx_access = xdp_convert_ctx_access, |
10897 | .gen_prologue = bpf_noop_prologue, |
10898 | .btf_struct_access = xdp_btf_struct_access, |
10899 | }; |
10900 | |
10901 | const struct bpf_prog_ops xdp_prog_ops = { |
10902 | .test_run = bpf_prog_test_run_xdp, |
10903 | }; |
10904 | |
10905 | const struct bpf_verifier_ops cg_skb_verifier_ops = { |
10906 | .get_func_proto = cg_skb_func_proto, |
10907 | .is_valid_access = cg_skb_is_valid_access, |
10908 | .convert_ctx_access = bpf_convert_ctx_access, |
10909 | }; |
10910 | |
10911 | const struct bpf_prog_ops cg_skb_prog_ops = { |
10912 | .test_run = bpf_prog_test_run_skb, |
10913 | }; |
10914 | |
10915 | const struct bpf_verifier_ops lwt_in_verifier_ops = { |
10916 | .get_func_proto = lwt_in_func_proto, |
10917 | .is_valid_access = lwt_is_valid_access, |
10918 | .convert_ctx_access = bpf_convert_ctx_access, |
10919 | }; |
10920 | |
10921 | const struct bpf_prog_ops lwt_in_prog_ops = { |
10922 | .test_run = bpf_prog_test_run_skb, |
10923 | }; |
10924 | |
10925 | const struct bpf_verifier_ops lwt_out_verifier_ops = { |
10926 | .get_func_proto = lwt_out_func_proto, |
10927 | .is_valid_access = lwt_is_valid_access, |
10928 | .convert_ctx_access = bpf_convert_ctx_access, |
10929 | }; |
10930 | |
10931 | const struct bpf_prog_ops lwt_out_prog_ops = { |
10932 | .test_run = bpf_prog_test_run_skb, |
10933 | }; |
10934 | |
10935 | const struct bpf_verifier_ops lwt_xmit_verifier_ops = { |
10936 | .get_func_proto = lwt_xmit_func_proto, |
10937 | .is_valid_access = lwt_is_valid_access, |
10938 | .convert_ctx_access = bpf_convert_ctx_access, |
10939 | .gen_prologue = tc_cls_act_prologue, |
10940 | }; |
10941 | |
10942 | const struct bpf_prog_ops lwt_xmit_prog_ops = { |
10943 | .test_run = bpf_prog_test_run_skb, |
10944 | }; |
10945 | |
10946 | const struct bpf_verifier_ops lwt_seg6local_verifier_ops = { |
10947 | .get_func_proto = lwt_seg6local_func_proto, |
10948 | .is_valid_access = lwt_is_valid_access, |
10949 | .convert_ctx_access = bpf_convert_ctx_access, |
10950 | }; |
10951 | |
10952 | const struct bpf_prog_ops lwt_seg6local_prog_ops = { |
10953 | .test_run = bpf_prog_test_run_skb, |
10954 | }; |
10955 | |
10956 | const struct bpf_verifier_ops cg_sock_verifier_ops = { |
10957 | .get_func_proto = sock_filter_func_proto, |
10958 | .is_valid_access = sock_filter_is_valid_access, |
10959 | .convert_ctx_access = bpf_sock_convert_ctx_access, |
10960 | }; |
10961 | |
10962 | const struct bpf_prog_ops cg_sock_prog_ops = { |
10963 | }; |
10964 | |
10965 | const struct bpf_verifier_ops cg_sock_addr_verifier_ops = { |
10966 | .get_func_proto = sock_addr_func_proto, |
10967 | .is_valid_access = sock_addr_is_valid_access, |
10968 | .convert_ctx_access = sock_addr_convert_ctx_access, |
10969 | }; |
10970 | |
10971 | const struct bpf_prog_ops cg_sock_addr_prog_ops = { |
10972 | }; |
10973 | |
10974 | const struct bpf_verifier_ops sock_ops_verifier_ops = { |
10975 | .get_func_proto = sock_ops_func_proto, |
10976 | .is_valid_access = sock_ops_is_valid_access, |
10977 | .convert_ctx_access = sock_ops_convert_ctx_access, |
10978 | }; |
10979 | |
10980 | const struct bpf_prog_ops sock_ops_prog_ops = { |
10981 | }; |
10982 | |
10983 | const struct bpf_verifier_ops sk_skb_verifier_ops = { |
10984 | .get_func_proto = sk_skb_func_proto, |
10985 | .is_valid_access = sk_skb_is_valid_access, |
10986 | .convert_ctx_access = sk_skb_convert_ctx_access, |
10987 | .gen_prologue = sk_skb_prologue, |
10988 | }; |
10989 | |
10990 | const struct bpf_prog_ops sk_skb_prog_ops = { |
10991 | }; |
10992 | |
10993 | const struct bpf_verifier_ops sk_msg_verifier_ops = { |
10994 | .get_func_proto = sk_msg_func_proto, |
10995 | .is_valid_access = sk_msg_is_valid_access, |
10996 | .convert_ctx_access = sk_msg_convert_ctx_access, |
10997 | .gen_prologue = bpf_noop_prologue, |
10998 | }; |
10999 | |
11000 | const struct bpf_prog_ops sk_msg_prog_ops = { |
11001 | }; |
11002 | |
11003 | const struct bpf_verifier_ops flow_dissector_verifier_ops = { |
11004 | .get_func_proto = flow_dissector_func_proto, |
11005 | .is_valid_access = flow_dissector_is_valid_access, |
11006 | .convert_ctx_access = flow_dissector_convert_ctx_access, |
11007 | }; |
11008 | |
11009 | const struct bpf_prog_ops flow_dissector_prog_ops = { |
11010 | .test_run = bpf_prog_test_run_flow_dissector, |
11011 | }; |
11012 | |
11013 | int sk_detach_filter(struct sock *sk) |
11014 | { |
11015 | int ret = -ENOENT; |
11016 | struct sk_filter *filter; |
11017 | |
11018 | if (sock_flag(sk, flag: SOCK_FILTER_LOCKED)) |
11019 | return -EPERM; |
11020 | |
11021 | filter = rcu_dereference_protected(sk->sk_filter, |
11022 | lockdep_sock_is_held(sk)); |
11023 | if (filter) { |
11024 | RCU_INIT_POINTER(sk->sk_filter, NULL); |
11025 | sk_filter_uncharge(sk, fp: filter); |
11026 | ret = 0; |
11027 | } |
11028 | |
11029 | return ret; |
11030 | } |
11031 | EXPORT_SYMBOL_GPL(sk_detach_filter); |
11032 | |
11033 | int sk_get_filter(struct sock *sk, sockptr_t optval, unsigned int len) |
11034 | { |
11035 | struct sock_fprog_kern *fprog; |
11036 | struct sk_filter *filter; |
11037 | int ret = 0; |
11038 | |
11039 | sockopt_lock_sock(sk); |
11040 | filter = rcu_dereference_protected(sk->sk_filter, |
11041 | lockdep_sock_is_held(sk)); |
11042 | if (!filter) |
11043 | goto out; |
11044 | |
11045 | /* We're copying the filter that has been originally attached, |
11046 | * so no conversion/decode needed anymore. eBPF programs that |
11047 | * have no original program cannot be dumped through this. |
11048 | */ |
11049 | ret = -EACCES; |
11050 | fprog = filter->prog->orig_prog; |
11051 | if (!fprog) |
11052 | goto out; |
11053 | |
11054 | ret = fprog->len; |
11055 | if (!len) |
11056 | /* User space only enquires number of filter blocks. */ |
11057 | goto out; |
11058 | |
11059 | ret = -EINVAL; |
11060 | if (len < fprog->len) |
11061 | goto out; |
11062 | |
11063 | ret = -EFAULT; |
11064 | if (copy_to_sockptr(dst: optval, src: fprog->filter, bpf_classic_proglen(fprog))) |
11065 | goto out; |
11066 | |
11067 | /* Instead of bytes, the API requests to return the number |
11068 | * of filter blocks. |
11069 | */ |
11070 | ret = fprog->len; |
11071 | out: |
11072 | sockopt_release_sock(sk); |
11073 | return ret; |
11074 | } |
11075 | |
11076 | #ifdef CONFIG_INET |
11077 | static void bpf_init_reuseport_kern(struct sk_reuseport_kern *reuse_kern, |
11078 | struct sock_reuseport *reuse, |
11079 | struct sock *sk, struct sk_buff *skb, |
11080 | struct sock *migrating_sk, |
11081 | u32 hash) |
11082 | { |
11083 | reuse_kern->skb = skb; |
11084 | reuse_kern->sk = sk; |
11085 | reuse_kern->selected_sk = NULL; |
11086 | reuse_kern->migrating_sk = migrating_sk; |
11087 | reuse_kern->data_end = skb->data + skb_headlen(skb); |
11088 | reuse_kern->hash = hash; |
11089 | reuse_kern->reuseport_id = reuse->reuseport_id; |
11090 | reuse_kern->bind_inany = reuse->bind_inany; |
11091 | } |
11092 | |
11093 | struct sock *bpf_run_sk_reuseport(struct sock_reuseport *reuse, struct sock *sk, |
11094 | struct bpf_prog *prog, struct sk_buff *skb, |
11095 | struct sock *migrating_sk, |
11096 | u32 hash) |
11097 | { |
11098 | struct sk_reuseport_kern reuse_kern; |
11099 | enum sk_action action; |
11100 | |
11101 | bpf_init_reuseport_kern(reuse_kern: &reuse_kern, reuse, sk, skb, migrating_sk, hash); |
11102 | action = bpf_prog_run(prog, ctx: &reuse_kern); |
11103 | |
11104 | if (action == SK_PASS) |
11105 | return reuse_kern.selected_sk; |
11106 | else |
11107 | return ERR_PTR(error: -ECONNREFUSED); |
11108 | } |
11109 | |
11110 | BPF_CALL_4(sk_select_reuseport, struct sk_reuseport_kern *, reuse_kern, |
11111 | struct bpf_map *, map, void *, key, u32, flags) |
11112 | { |
11113 | bool is_sockarray = map->map_type == BPF_MAP_TYPE_REUSEPORT_SOCKARRAY; |
11114 | struct sock_reuseport *reuse; |
11115 | struct sock *selected_sk; |
11116 | |
11117 | selected_sk = map->ops->map_lookup_elem(map, key); |
11118 | if (!selected_sk) |
11119 | return -ENOENT; |
11120 | |
11121 | reuse = rcu_dereference(selected_sk->sk_reuseport_cb); |
11122 | if (!reuse) { |
11123 | /* Lookup in sock_map can return TCP ESTABLISHED sockets. */ |
11124 | if (sk_is_refcounted(sk: selected_sk)) |
11125 | sock_put(sk: selected_sk); |
11126 | |
11127 | /* reuseport_array has only sk with non NULL sk_reuseport_cb. |
11128 | * The only (!reuse) case here is - the sk has already been |
11129 | * unhashed (e.g. by close()), so treat it as -ENOENT. |
11130 | * |
11131 | * Other maps (e.g. sock_map) do not provide this guarantee and |
11132 | * the sk may never be in the reuseport group to begin with. |
11133 | */ |
11134 | return is_sockarray ? -ENOENT : -EINVAL; |
11135 | } |
11136 | |
11137 | if (unlikely(reuse->reuseport_id != reuse_kern->reuseport_id)) { |
11138 | struct sock *sk = reuse_kern->sk; |
11139 | |
11140 | if (sk->sk_protocol != selected_sk->sk_protocol) |
11141 | return -EPROTOTYPE; |
11142 | else if (sk->sk_family != selected_sk->sk_family) |
11143 | return -EAFNOSUPPORT; |
11144 | |
11145 | /* Catch all. Likely bound to a different sockaddr. */ |
11146 | return -EBADFD; |
11147 | } |
11148 | |
11149 | reuse_kern->selected_sk = selected_sk; |
11150 | |
11151 | return 0; |
11152 | } |
11153 | |
11154 | static const struct bpf_func_proto sk_select_reuseport_proto = { |
11155 | .func = sk_select_reuseport, |
11156 | .gpl_only = false, |
11157 | .ret_type = RET_INTEGER, |
11158 | .arg1_type = ARG_PTR_TO_CTX, |
11159 | .arg2_type = ARG_CONST_MAP_PTR, |
11160 | .arg3_type = ARG_PTR_TO_MAP_KEY, |
11161 | .arg4_type = ARG_ANYTHING, |
11162 | }; |
11163 | |
11164 | BPF_CALL_4(sk_reuseport_load_bytes, |
11165 | const struct sk_reuseport_kern *, reuse_kern, u32, offset, |
11166 | void *, to, u32, len) |
11167 | { |
11168 | return ____bpf_skb_load_bytes(skb: reuse_kern->skb, offset, to, len); |
11169 | } |
11170 | |
11171 | static const struct bpf_func_proto sk_reuseport_load_bytes_proto = { |
11172 | .func = sk_reuseport_load_bytes, |
11173 | .gpl_only = false, |
11174 | .ret_type = RET_INTEGER, |
11175 | .arg1_type = ARG_PTR_TO_CTX, |
11176 | .arg2_type = ARG_ANYTHING, |
11177 | .arg3_type = ARG_PTR_TO_UNINIT_MEM, |
11178 | .arg4_type = ARG_CONST_SIZE, |
11179 | }; |
11180 | |
11181 | BPF_CALL_5(sk_reuseport_load_bytes_relative, |
11182 | const struct sk_reuseport_kern *, reuse_kern, u32, offset, |
11183 | void *, to, u32, len, u32, ) |
11184 | { |
11185 | return ____bpf_skb_load_bytes_relative(skb: reuse_kern->skb, offset, to, |
11186 | len, start_header); |
11187 | } |
11188 | |
11189 | static const struct bpf_func_proto sk_reuseport_load_bytes_relative_proto = { |
11190 | .func = sk_reuseport_load_bytes_relative, |
11191 | .gpl_only = false, |
11192 | .ret_type = RET_INTEGER, |
11193 | .arg1_type = ARG_PTR_TO_CTX, |
11194 | .arg2_type = ARG_ANYTHING, |
11195 | .arg3_type = ARG_PTR_TO_UNINIT_MEM, |
11196 | .arg4_type = ARG_CONST_SIZE, |
11197 | .arg5_type = ARG_ANYTHING, |
11198 | }; |
11199 | |
11200 | static const struct bpf_func_proto * |
11201 | sk_reuseport_func_proto(enum bpf_func_id func_id, |
11202 | const struct bpf_prog *prog) |
11203 | { |
11204 | switch (func_id) { |
11205 | case BPF_FUNC_sk_select_reuseport: |
11206 | return &sk_select_reuseport_proto; |
11207 | case BPF_FUNC_skb_load_bytes: |
11208 | return &sk_reuseport_load_bytes_proto; |
11209 | case BPF_FUNC_skb_load_bytes_relative: |
11210 | return &sk_reuseport_load_bytes_relative_proto; |
11211 | case BPF_FUNC_get_socket_cookie: |
11212 | return &bpf_get_socket_ptr_cookie_proto; |
11213 | case BPF_FUNC_ktime_get_coarse_ns: |
11214 | return &bpf_ktime_get_coarse_ns_proto; |
11215 | default: |
11216 | return bpf_base_func_proto(func_id); |
11217 | } |
11218 | } |
11219 | |
11220 | static bool |
11221 | sk_reuseport_is_valid_access(int off, int size, |
11222 | enum bpf_access_type type, |
11223 | const struct bpf_prog *prog, |
11224 | struct bpf_insn_access_aux *info) |
11225 | { |
11226 | const u32 size_default = sizeof(__u32); |
11227 | |
11228 | if (off < 0 || off >= sizeof(struct sk_reuseport_md) || |
11229 | off % size || type != BPF_READ) |
11230 | return false; |
11231 | |
11232 | switch (off) { |
11233 | case offsetof(struct sk_reuseport_md, data): |
11234 | info->reg_type = PTR_TO_PACKET; |
11235 | return size == sizeof(__u64); |
11236 | |
11237 | case offsetof(struct sk_reuseport_md, data_end): |
11238 | info->reg_type = PTR_TO_PACKET_END; |
11239 | return size == sizeof(__u64); |
11240 | |
11241 | case offsetof(struct sk_reuseport_md, hash): |
11242 | return size == size_default; |
11243 | |
11244 | case offsetof(struct sk_reuseport_md, sk): |
11245 | info->reg_type = PTR_TO_SOCKET; |
11246 | return size == sizeof(__u64); |
11247 | |
11248 | case offsetof(struct sk_reuseport_md, migrating_sk): |
11249 | info->reg_type = PTR_TO_SOCK_COMMON_OR_NULL; |
11250 | return size == sizeof(__u64); |
11251 | |
11252 | /* Fields that allow narrowing */ |
11253 | case bpf_ctx_range(struct sk_reuseport_md, eth_protocol): |
11254 | if (size < sizeof_field(struct sk_buff, protocol)) |
11255 | return false; |
11256 | fallthrough; |
11257 | case bpf_ctx_range(struct sk_reuseport_md, ip_protocol): |
11258 | case bpf_ctx_range(struct sk_reuseport_md, bind_inany): |
11259 | case bpf_ctx_range(struct sk_reuseport_md, len): |
11260 | bpf_ctx_record_field_size(aux: info, size: size_default); |
11261 | return bpf_ctx_narrow_access_ok(off, size, size_default); |
11262 | |
11263 | default: |
11264 | return false; |
11265 | } |
11266 | } |
11267 | |
11268 | #define SK_REUSEPORT_LOAD_FIELD(F) ({ \ |
11269 | *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct sk_reuseport_kern, F), \ |
11270 | si->dst_reg, si->src_reg, \ |
11271 | bpf_target_off(struct sk_reuseport_kern, F, \ |
11272 | sizeof_field(struct sk_reuseport_kern, F), \ |
11273 | target_size)); \ |
11274 | }) |
11275 | |
11276 | #define SK_REUSEPORT_LOAD_SKB_FIELD(SKB_FIELD) \ |
11277 | SOCK_ADDR_LOAD_NESTED_FIELD(struct sk_reuseport_kern, \ |
11278 | struct sk_buff, \ |
11279 | skb, \ |
11280 | SKB_FIELD) |
11281 | |
11282 | #define SK_REUSEPORT_LOAD_SK_FIELD(SK_FIELD) \ |
11283 | SOCK_ADDR_LOAD_NESTED_FIELD(struct sk_reuseport_kern, \ |
11284 | struct sock, \ |
11285 | sk, \ |
11286 | SK_FIELD) |
11287 | |
11288 | static u32 sk_reuseport_convert_ctx_access(enum bpf_access_type type, |
11289 | const struct bpf_insn *si, |
11290 | struct bpf_insn *insn_buf, |
11291 | struct bpf_prog *prog, |
11292 | u32 *target_size) |
11293 | { |
11294 | struct bpf_insn *insn = insn_buf; |
11295 | |
11296 | switch (si->off) { |
11297 | case offsetof(struct sk_reuseport_md, data): |
11298 | SK_REUSEPORT_LOAD_SKB_FIELD(data); |
11299 | break; |
11300 | |
11301 | case offsetof(struct sk_reuseport_md, len): |
11302 | SK_REUSEPORT_LOAD_SKB_FIELD(len); |
11303 | break; |
11304 | |
11305 | case offsetof(struct sk_reuseport_md, eth_protocol): |
11306 | SK_REUSEPORT_LOAD_SKB_FIELD(protocol); |
11307 | break; |
11308 | |
11309 | case offsetof(struct sk_reuseport_md, ip_protocol): |
11310 | SK_REUSEPORT_LOAD_SK_FIELD(sk_protocol); |
11311 | break; |
11312 | |
11313 | case offsetof(struct sk_reuseport_md, data_end): |
11314 | SK_REUSEPORT_LOAD_FIELD(data_end); |
11315 | break; |
11316 | |
11317 | case offsetof(struct sk_reuseport_md, hash): |
11318 | SK_REUSEPORT_LOAD_FIELD(hash); |
11319 | break; |
11320 | |
11321 | case offsetof(struct sk_reuseport_md, bind_inany): |
11322 | SK_REUSEPORT_LOAD_FIELD(bind_inany); |
11323 | break; |
11324 | |
11325 | case offsetof(struct sk_reuseport_md, sk): |
11326 | SK_REUSEPORT_LOAD_FIELD(sk); |
11327 | break; |
11328 | |
11329 | case offsetof(struct sk_reuseport_md, migrating_sk): |
11330 | SK_REUSEPORT_LOAD_FIELD(migrating_sk); |
11331 | break; |
11332 | } |
11333 | |
11334 | return insn - insn_buf; |
11335 | } |
11336 | |
11337 | const struct bpf_verifier_ops sk_reuseport_verifier_ops = { |
11338 | .get_func_proto = sk_reuseport_func_proto, |
11339 | .is_valid_access = sk_reuseport_is_valid_access, |
11340 | .convert_ctx_access = sk_reuseport_convert_ctx_access, |
11341 | }; |
11342 | |
11343 | const struct bpf_prog_ops sk_reuseport_prog_ops = { |
11344 | }; |
11345 | |
11346 | DEFINE_STATIC_KEY_FALSE(bpf_sk_lookup_enabled); |
11347 | EXPORT_SYMBOL(bpf_sk_lookup_enabled); |
11348 | |
11349 | BPF_CALL_3(bpf_sk_lookup_assign, struct bpf_sk_lookup_kern *, ctx, |
11350 | struct sock *, sk, u64, flags) |
11351 | { |
11352 | if (unlikely(flags & ~(BPF_SK_LOOKUP_F_REPLACE | |
11353 | BPF_SK_LOOKUP_F_NO_REUSEPORT))) |
11354 | return -EINVAL; |
11355 | if (unlikely(sk && sk_is_refcounted(sk))) |
11356 | return -ESOCKTNOSUPPORT; /* reject non-RCU freed sockets */ |
11357 | if (unlikely(sk && sk_is_tcp(sk) && sk->sk_state != TCP_LISTEN)) |
11358 | return -ESOCKTNOSUPPORT; /* only accept TCP socket in LISTEN */ |
11359 | if (unlikely(sk && sk_is_udp(sk) && sk->sk_state != TCP_CLOSE)) |
11360 | return -ESOCKTNOSUPPORT; /* only accept UDP socket in CLOSE */ |
11361 | |
11362 | /* Check if socket is suitable for packet L3/L4 protocol */ |
11363 | if (sk && sk->sk_protocol != ctx->protocol) |
11364 | return -EPROTOTYPE; |
11365 | if (sk && sk->sk_family != ctx->family && |
11366 | (sk->sk_family == AF_INET || ipv6_only_sock(sk))) |
11367 | return -EAFNOSUPPORT; |
11368 | |
11369 | if (ctx->selected_sk && !(flags & BPF_SK_LOOKUP_F_REPLACE)) |
11370 | return -EEXIST; |
11371 | |
11372 | /* Select socket as lookup result */ |
11373 | ctx->selected_sk = sk; |
11374 | ctx->no_reuseport = flags & BPF_SK_LOOKUP_F_NO_REUSEPORT; |
11375 | return 0; |
11376 | } |
11377 | |
11378 | static const struct bpf_func_proto bpf_sk_lookup_assign_proto = { |
11379 | .func = bpf_sk_lookup_assign, |
11380 | .gpl_only = false, |
11381 | .ret_type = RET_INTEGER, |
11382 | .arg1_type = ARG_PTR_TO_CTX, |
11383 | .arg2_type = ARG_PTR_TO_SOCKET_OR_NULL, |
11384 | .arg3_type = ARG_ANYTHING, |
11385 | }; |
11386 | |
11387 | static const struct bpf_func_proto * |
11388 | sk_lookup_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog) |
11389 | { |
11390 | switch (func_id) { |
11391 | case BPF_FUNC_perf_event_output: |
11392 | return &bpf_event_output_data_proto; |
11393 | case BPF_FUNC_sk_assign: |
11394 | return &bpf_sk_lookup_assign_proto; |
11395 | case BPF_FUNC_sk_release: |
11396 | return &bpf_sk_release_proto; |
11397 | default: |
11398 | return bpf_sk_base_func_proto(func_id); |
11399 | } |
11400 | } |
11401 | |
11402 | static bool sk_lookup_is_valid_access(int off, int size, |
11403 | enum bpf_access_type type, |
11404 | const struct bpf_prog *prog, |
11405 | struct bpf_insn_access_aux *info) |
11406 | { |
11407 | if (off < 0 || off >= sizeof(struct bpf_sk_lookup)) |
11408 | return false; |
11409 | if (off % size != 0) |
11410 | return false; |
11411 | if (type != BPF_READ) |
11412 | return false; |
11413 | |
11414 | switch (off) { |
11415 | case offsetof(struct bpf_sk_lookup, sk): |
11416 | info->reg_type = PTR_TO_SOCKET_OR_NULL; |
11417 | return size == sizeof(__u64); |
11418 | |
11419 | case bpf_ctx_range(struct bpf_sk_lookup, family): |
11420 | case bpf_ctx_range(struct bpf_sk_lookup, protocol): |
11421 | case bpf_ctx_range(struct bpf_sk_lookup, remote_ip4): |
11422 | case bpf_ctx_range(struct bpf_sk_lookup, local_ip4): |
11423 | case bpf_ctx_range_till(struct bpf_sk_lookup, remote_ip6[0], remote_ip6[3]): |
11424 | case bpf_ctx_range_till(struct bpf_sk_lookup, local_ip6[0], local_ip6[3]): |
11425 | case bpf_ctx_range(struct bpf_sk_lookup, local_port): |
11426 | case bpf_ctx_range(struct bpf_sk_lookup, ingress_ifindex): |
11427 | bpf_ctx_record_field_size(aux: info, size: sizeof(__u32)); |
11428 | return bpf_ctx_narrow_access_ok(off, size, size_default: sizeof(__u32)); |
11429 | |
11430 | case bpf_ctx_range(struct bpf_sk_lookup, remote_port): |
11431 | /* Allow 4-byte access to 2-byte field for backward compatibility */ |
11432 | if (size == sizeof(__u32)) |
11433 | return true; |
11434 | bpf_ctx_record_field_size(aux: info, size: sizeof(__be16)); |
11435 | return bpf_ctx_narrow_access_ok(off, size, size_default: sizeof(__be16)); |
11436 | |
11437 | case offsetofend(struct bpf_sk_lookup, remote_port) ... |
11438 | offsetof(struct bpf_sk_lookup, local_ip4) - 1: |
11439 | /* Allow access to zero padding for backward compatibility */ |
11440 | bpf_ctx_record_field_size(aux: info, size: sizeof(__u16)); |
11441 | return bpf_ctx_narrow_access_ok(off, size, size_default: sizeof(__u16)); |
11442 | |
11443 | default: |
11444 | return false; |
11445 | } |
11446 | } |
11447 | |
11448 | static u32 sk_lookup_convert_ctx_access(enum bpf_access_type type, |
11449 | const struct bpf_insn *si, |
11450 | struct bpf_insn *insn_buf, |
11451 | struct bpf_prog *prog, |
11452 | u32 *target_size) |
11453 | { |
11454 | struct bpf_insn *insn = insn_buf; |
11455 | |
11456 | switch (si->off) { |
11457 | case offsetof(struct bpf_sk_lookup, sk): |
11458 | *insn++ = BPF_LDX_MEM(BPF_SIZEOF(void *), si->dst_reg, si->src_reg, |
11459 | offsetof(struct bpf_sk_lookup_kern, selected_sk)); |
11460 | break; |
11461 | |
11462 | case offsetof(struct bpf_sk_lookup, family): |
11463 | *insn++ = BPF_LDX_MEM(BPF_H, si->dst_reg, si->src_reg, |
11464 | bpf_target_off(struct bpf_sk_lookup_kern, |
11465 | family, 2, target_size)); |
11466 | break; |
11467 | |
11468 | case offsetof(struct bpf_sk_lookup, protocol): |
11469 | *insn++ = BPF_LDX_MEM(BPF_H, si->dst_reg, si->src_reg, |
11470 | bpf_target_off(struct bpf_sk_lookup_kern, |
11471 | protocol, 2, target_size)); |
11472 | break; |
11473 | |
11474 | case offsetof(struct bpf_sk_lookup, remote_ip4): |
11475 | *insn++ = BPF_LDX_MEM(BPF_W, si->dst_reg, si->src_reg, |
11476 | bpf_target_off(struct bpf_sk_lookup_kern, |
11477 | v4.saddr, 4, target_size)); |
11478 | break; |
11479 | |
11480 | case offsetof(struct bpf_sk_lookup, local_ip4): |
11481 | *insn++ = BPF_LDX_MEM(BPF_W, si->dst_reg, si->src_reg, |
11482 | bpf_target_off(struct bpf_sk_lookup_kern, |
11483 | v4.daddr, 4, target_size)); |
11484 | break; |
11485 | |
11486 | case bpf_ctx_range_till(struct bpf_sk_lookup, |
11487 | remote_ip6[0], remote_ip6[3]): { |
11488 | #if IS_ENABLED(CONFIG_IPV6) |
11489 | int off = si->off; |
11490 | |
11491 | off -= offsetof(struct bpf_sk_lookup, remote_ip6[0]); |
11492 | off += bpf_target_off(struct in6_addr, s6_addr32[0], 4, target_size); |
11493 | *insn++ = BPF_LDX_MEM(BPF_SIZEOF(void *), si->dst_reg, si->src_reg, |
11494 | offsetof(struct bpf_sk_lookup_kern, v6.saddr)); |
11495 | *insn++ = BPF_JMP_IMM(BPF_JEQ, si->dst_reg, 0, 1); |
11496 | *insn++ = BPF_LDX_MEM(BPF_W, si->dst_reg, si->dst_reg, off); |
11497 | #else |
11498 | *insn++ = BPF_MOV32_IMM(si->dst_reg, 0); |
11499 | #endif |
11500 | break; |
11501 | } |
11502 | case bpf_ctx_range_till(struct bpf_sk_lookup, |
11503 | local_ip6[0], local_ip6[3]): { |
11504 | #if IS_ENABLED(CONFIG_IPV6) |
11505 | int off = si->off; |
11506 | |
11507 | off -= offsetof(struct bpf_sk_lookup, local_ip6[0]); |
11508 | off += bpf_target_off(struct in6_addr, s6_addr32[0], 4, target_size); |
11509 | *insn++ = BPF_LDX_MEM(BPF_SIZEOF(void *), si->dst_reg, si->src_reg, |
11510 | offsetof(struct bpf_sk_lookup_kern, v6.daddr)); |
11511 | *insn++ = BPF_JMP_IMM(BPF_JEQ, si->dst_reg, 0, 1); |
11512 | *insn++ = BPF_LDX_MEM(BPF_W, si->dst_reg, si->dst_reg, off); |
11513 | #else |
11514 | *insn++ = BPF_MOV32_IMM(si->dst_reg, 0); |
11515 | #endif |
11516 | break; |
11517 | } |
11518 | case offsetof(struct bpf_sk_lookup, remote_port): |
11519 | *insn++ = BPF_LDX_MEM(BPF_H, si->dst_reg, si->src_reg, |
11520 | bpf_target_off(struct bpf_sk_lookup_kern, |
11521 | sport, 2, target_size)); |
11522 | break; |
11523 | |
11524 | case offsetofend(struct bpf_sk_lookup, remote_port): |
11525 | *target_size = 2; |
11526 | *insn++ = BPF_MOV32_IMM(si->dst_reg, 0); |
11527 | break; |
11528 | |
11529 | case offsetof(struct bpf_sk_lookup, local_port): |
11530 | *insn++ = BPF_LDX_MEM(BPF_H, si->dst_reg, si->src_reg, |
11531 | bpf_target_off(struct bpf_sk_lookup_kern, |
11532 | dport, 2, target_size)); |
11533 | break; |
11534 | |
11535 | case offsetof(struct bpf_sk_lookup, ingress_ifindex): |
11536 | *insn++ = BPF_LDX_MEM(BPF_W, si->dst_reg, si->src_reg, |
11537 | bpf_target_off(struct bpf_sk_lookup_kern, |
11538 | ingress_ifindex, 4, target_size)); |
11539 | break; |
11540 | } |
11541 | |
11542 | return insn - insn_buf; |
11543 | } |
11544 | |
11545 | const struct bpf_prog_ops sk_lookup_prog_ops = { |
11546 | .test_run = bpf_prog_test_run_sk_lookup, |
11547 | }; |
11548 | |
11549 | const struct bpf_verifier_ops sk_lookup_verifier_ops = { |
11550 | .get_func_proto = sk_lookup_func_proto, |
11551 | .is_valid_access = sk_lookup_is_valid_access, |
11552 | .convert_ctx_access = sk_lookup_convert_ctx_access, |
11553 | }; |
11554 | |
11555 | #endif /* CONFIG_INET */ |
11556 | |
11557 | DEFINE_BPF_DISPATCHER(xdp) |
11558 | |
11559 | void bpf_prog_change_xdp(struct bpf_prog *prev_prog, struct bpf_prog *prog) |
11560 | { |
11561 | bpf_dispatcher_change_prog(BPF_DISPATCHER_PTR(xdp), from: prev_prog, to: prog); |
11562 | } |
11563 | |
11564 | BTF_ID_LIST_GLOBAL(btf_sock_ids, MAX_BTF_SOCK_TYPE) |
11565 | #define BTF_SOCK_TYPE(name, type) BTF_ID(struct, type) |
11566 | BTF_SOCK_TYPE_xxx |
11567 | #undef BTF_SOCK_TYPE |
11568 | |
11569 | BPF_CALL_1(bpf_skc_to_tcp6_sock, struct sock *, sk) |
11570 | { |
11571 | /* tcp6_sock type is not generated in dwarf and hence btf, |
11572 | * trigger an explicit type generation here. |
11573 | */ |
11574 | BTF_TYPE_EMIT(struct tcp6_sock); |
11575 | if (sk && sk_fullsock(sk) && sk->sk_protocol == IPPROTO_TCP && |
11576 | sk->sk_family == AF_INET6) |
11577 | return (unsigned long)sk; |
11578 | |
11579 | return (unsigned long)NULL; |
11580 | } |
11581 | |
11582 | const struct bpf_func_proto bpf_skc_to_tcp6_sock_proto = { |
11583 | .func = bpf_skc_to_tcp6_sock, |
11584 | .gpl_only = false, |
11585 | .ret_type = RET_PTR_TO_BTF_ID_OR_NULL, |
11586 | .arg1_type = ARG_PTR_TO_BTF_ID_SOCK_COMMON, |
11587 | .ret_btf_id = &btf_sock_ids[BTF_SOCK_TYPE_TCP6], |
11588 | }; |
11589 | |
11590 | BPF_CALL_1(bpf_skc_to_tcp_sock, struct sock *, sk) |
11591 | { |
11592 | if (sk && sk_fullsock(sk) && sk->sk_protocol == IPPROTO_TCP) |
11593 | return (unsigned long)sk; |
11594 | |
11595 | return (unsigned long)NULL; |
11596 | } |
11597 | |
11598 | const struct bpf_func_proto bpf_skc_to_tcp_sock_proto = { |
11599 | .func = bpf_skc_to_tcp_sock, |
11600 | .gpl_only = false, |
11601 | .ret_type = RET_PTR_TO_BTF_ID_OR_NULL, |
11602 | .arg1_type = ARG_PTR_TO_BTF_ID_SOCK_COMMON, |
11603 | .ret_btf_id = &btf_sock_ids[BTF_SOCK_TYPE_TCP], |
11604 | }; |
11605 | |
11606 | BPF_CALL_1(bpf_skc_to_tcp_timewait_sock, struct sock *, sk) |
11607 | { |
11608 | /* BTF types for tcp_timewait_sock and inet_timewait_sock are not |
11609 | * generated if CONFIG_INET=n. Trigger an explicit generation here. |
11610 | */ |
11611 | BTF_TYPE_EMIT(struct inet_timewait_sock); |
11612 | BTF_TYPE_EMIT(struct tcp_timewait_sock); |
11613 | |
11614 | #ifdef CONFIG_INET |
11615 | if (sk && sk->sk_prot == &tcp_prot && sk->sk_state == TCP_TIME_WAIT) |
11616 | return (unsigned long)sk; |
11617 | #endif |
11618 | |
11619 | #if IS_BUILTIN(CONFIG_IPV6) |
11620 | if (sk && sk->sk_prot == &tcpv6_prot && sk->sk_state == TCP_TIME_WAIT) |
11621 | return (unsigned long)sk; |
11622 | #endif |
11623 | |
11624 | return (unsigned long)NULL; |
11625 | } |
11626 | |
11627 | const struct bpf_func_proto bpf_skc_to_tcp_timewait_sock_proto = { |
11628 | .func = bpf_skc_to_tcp_timewait_sock, |
11629 | .gpl_only = false, |
11630 | .ret_type = RET_PTR_TO_BTF_ID_OR_NULL, |
11631 | .arg1_type = ARG_PTR_TO_BTF_ID_SOCK_COMMON, |
11632 | .ret_btf_id = &btf_sock_ids[BTF_SOCK_TYPE_TCP_TW], |
11633 | }; |
11634 | |
11635 | BPF_CALL_1(bpf_skc_to_tcp_request_sock, struct sock *, sk) |
11636 | { |
11637 | #ifdef CONFIG_INET |
11638 | if (sk && sk->sk_prot == &tcp_prot && sk->sk_state == TCP_NEW_SYN_RECV) |
11639 | return (unsigned long)sk; |
11640 | #endif |
11641 | |
11642 | #if IS_BUILTIN(CONFIG_IPV6) |
11643 | if (sk && sk->sk_prot == &tcpv6_prot && sk->sk_state == TCP_NEW_SYN_RECV) |
11644 | return (unsigned long)sk; |
11645 | #endif |
11646 | |
11647 | return (unsigned long)NULL; |
11648 | } |
11649 | |
11650 | const struct bpf_func_proto bpf_skc_to_tcp_request_sock_proto = { |
11651 | .func = bpf_skc_to_tcp_request_sock, |
11652 | .gpl_only = false, |
11653 | .ret_type = RET_PTR_TO_BTF_ID_OR_NULL, |
11654 | .arg1_type = ARG_PTR_TO_BTF_ID_SOCK_COMMON, |
11655 | .ret_btf_id = &btf_sock_ids[BTF_SOCK_TYPE_TCP_REQ], |
11656 | }; |
11657 | |
11658 | BPF_CALL_1(bpf_skc_to_udp6_sock, struct sock *, sk) |
11659 | { |
11660 | /* udp6_sock type is not generated in dwarf and hence btf, |
11661 | * trigger an explicit type generation here. |
11662 | */ |
11663 | BTF_TYPE_EMIT(struct udp6_sock); |
11664 | if (sk && sk_fullsock(sk) && sk->sk_protocol == IPPROTO_UDP && |
11665 | sk->sk_type == SOCK_DGRAM && sk->sk_family == AF_INET6) |
11666 | return (unsigned long)sk; |
11667 | |
11668 | return (unsigned long)NULL; |
11669 | } |
11670 | |
11671 | const struct bpf_func_proto bpf_skc_to_udp6_sock_proto = { |
11672 | .func = bpf_skc_to_udp6_sock, |
11673 | .gpl_only = false, |
11674 | .ret_type = RET_PTR_TO_BTF_ID_OR_NULL, |
11675 | .arg1_type = ARG_PTR_TO_BTF_ID_SOCK_COMMON, |
11676 | .ret_btf_id = &btf_sock_ids[BTF_SOCK_TYPE_UDP6], |
11677 | }; |
11678 | |
11679 | BPF_CALL_1(bpf_skc_to_unix_sock, struct sock *, sk) |
11680 | { |
11681 | /* unix_sock type is not generated in dwarf and hence btf, |
11682 | * trigger an explicit type generation here. |
11683 | */ |
11684 | BTF_TYPE_EMIT(struct unix_sock); |
11685 | if (sk && sk_fullsock(sk) && sk->sk_family == AF_UNIX) |
11686 | return (unsigned long)sk; |
11687 | |
11688 | return (unsigned long)NULL; |
11689 | } |
11690 | |
11691 | const struct bpf_func_proto bpf_skc_to_unix_sock_proto = { |
11692 | .func = bpf_skc_to_unix_sock, |
11693 | .gpl_only = false, |
11694 | .ret_type = RET_PTR_TO_BTF_ID_OR_NULL, |
11695 | .arg1_type = ARG_PTR_TO_BTF_ID_SOCK_COMMON, |
11696 | .ret_btf_id = &btf_sock_ids[BTF_SOCK_TYPE_UNIX], |
11697 | }; |
11698 | |
11699 | BPF_CALL_1(bpf_skc_to_mptcp_sock, struct sock *, sk) |
11700 | { |
11701 | BTF_TYPE_EMIT(struct mptcp_sock); |
11702 | return (unsigned long)bpf_mptcp_sock_from_subflow(sk); |
11703 | } |
11704 | |
11705 | const struct bpf_func_proto bpf_skc_to_mptcp_sock_proto = { |
11706 | .func = bpf_skc_to_mptcp_sock, |
11707 | .gpl_only = false, |
11708 | .ret_type = RET_PTR_TO_BTF_ID_OR_NULL, |
11709 | .arg1_type = ARG_PTR_TO_SOCK_COMMON, |
11710 | .ret_btf_id = &btf_sock_ids[BTF_SOCK_TYPE_MPTCP], |
11711 | }; |
11712 | |
11713 | BPF_CALL_1(bpf_sock_from_file, struct file *, file) |
11714 | { |
11715 | return (unsigned long)sock_from_file(file); |
11716 | } |
11717 | |
11718 | BTF_ID_LIST(bpf_sock_from_file_btf_ids) |
11719 | BTF_ID(struct, socket) |
11720 | BTF_ID(struct, file) |
11721 | |
11722 | const struct bpf_func_proto bpf_sock_from_file_proto = { |
11723 | .func = bpf_sock_from_file, |
11724 | .gpl_only = false, |
11725 | .ret_type = RET_PTR_TO_BTF_ID_OR_NULL, |
11726 | .ret_btf_id = &bpf_sock_from_file_btf_ids[0], |
11727 | .arg1_type = ARG_PTR_TO_BTF_ID, |
11728 | .arg1_btf_id = &bpf_sock_from_file_btf_ids[1], |
11729 | }; |
11730 | |
11731 | static const struct bpf_func_proto * |
11732 | bpf_sk_base_func_proto(enum bpf_func_id func_id) |
11733 | { |
11734 | const struct bpf_func_proto *func; |
11735 | |
11736 | switch (func_id) { |
11737 | case BPF_FUNC_skc_to_tcp6_sock: |
11738 | func = &bpf_skc_to_tcp6_sock_proto; |
11739 | break; |
11740 | case BPF_FUNC_skc_to_tcp_sock: |
11741 | func = &bpf_skc_to_tcp_sock_proto; |
11742 | break; |
11743 | case BPF_FUNC_skc_to_tcp_timewait_sock: |
11744 | func = &bpf_skc_to_tcp_timewait_sock_proto; |
11745 | break; |
11746 | case BPF_FUNC_skc_to_tcp_request_sock: |
11747 | func = &bpf_skc_to_tcp_request_sock_proto; |
11748 | break; |
11749 | case BPF_FUNC_skc_to_udp6_sock: |
11750 | func = &bpf_skc_to_udp6_sock_proto; |
11751 | break; |
11752 | case BPF_FUNC_skc_to_unix_sock: |
11753 | func = &bpf_skc_to_unix_sock_proto; |
11754 | break; |
11755 | case BPF_FUNC_skc_to_mptcp_sock: |
11756 | func = &bpf_skc_to_mptcp_sock_proto; |
11757 | break; |
11758 | case BPF_FUNC_ktime_get_coarse_ns: |
11759 | return &bpf_ktime_get_coarse_ns_proto; |
11760 | default: |
11761 | return bpf_base_func_proto(func_id); |
11762 | } |
11763 | |
11764 | if (!perfmon_capable()) |
11765 | return NULL; |
11766 | |
11767 | return func; |
11768 | } |
11769 | |
11770 | __diag_push(); |
11771 | __diag_ignore_all("-Wmissing-prototypes" , |
11772 | "Global functions as their definitions will be in vmlinux BTF" ); |
11773 | __bpf_kfunc int bpf_dynptr_from_skb(struct sk_buff *skb, u64 flags, |
11774 | struct bpf_dynptr_kern *ptr__uninit) |
11775 | { |
11776 | if (flags) { |
11777 | bpf_dynptr_set_null(ptr: ptr__uninit); |
11778 | return -EINVAL; |
11779 | } |
11780 | |
11781 | bpf_dynptr_init(ptr: ptr__uninit, data: skb, type: BPF_DYNPTR_TYPE_SKB, offset: 0, size: skb->len); |
11782 | |
11783 | return 0; |
11784 | } |
11785 | |
11786 | __bpf_kfunc int bpf_dynptr_from_xdp(struct xdp_buff *xdp, u64 flags, |
11787 | struct bpf_dynptr_kern *ptr__uninit) |
11788 | { |
11789 | if (flags) { |
11790 | bpf_dynptr_set_null(ptr: ptr__uninit); |
11791 | return -EINVAL; |
11792 | } |
11793 | |
11794 | bpf_dynptr_init(ptr: ptr__uninit, data: xdp, type: BPF_DYNPTR_TYPE_XDP, offset: 0, size: xdp_get_buff_len(xdp)); |
11795 | |
11796 | return 0; |
11797 | } |
11798 | |
11799 | __bpf_kfunc int bpf_sock_addr_set_sun_path(struct bpf_sock_addr_kern *sa_kern, |
11800 | const u8 *sun_path, u32 sun_path__sz) |
11801 | { |
11802 | struct sockaddr_un *un; |
11803 | |
11804 | if (sa_kern->sk->sk_family != AF_UNIX) |
11805 | return -EINVAL; |
11806 | |
11807 | /* We do not allow changing the address to unnamed or larger than the |
11808 | * maximum allowed address size for a unix sockaddr. |
11809 | */ |
11810 | if (sun_path__sz == 0 || sun_path__sz > UNIX_PATH_MAX) |
11811 | return -EINVAL; |
11812 | |
11813 | un = (struct sockaddr_un *)sa_kern->uaddr; |
11814 | memcpy(un->sun_path, sun_path, sun_path__sz); |
11815 | sa_kern->uaddrlen = offsetof(struct sockaddr_un, sun_path) + sun_path__sz; |
11816 | |
11817 | return 0; |
11818 | } |
11819 | __diag_pop(); |
11820 | |
11821 | int bpf_dynptr_from_skb_rdonly(struct sk_buff *skb, u64 flags, |
11822 | struct bpf_dynptr_kern *ptr__uninit) |
11823 | { |
11824 | int err; |
11825 | |
11826 | err = bpf_dynptr_from_skb(skb, flags, ptr__uninit); |
11827 | if (err) |
11828 | return err; |
11829 | |
11830 | bpf_dynptr_set_rdonly(ptr: ptr__uninit); |
11831 | |
11832 | return 0; |
11833 | } |
11834 | |
11835 | BTF_SET8_START(bpf_kfunc_check_set_skb) |
11836 | BTF_ID_FLAGS(func, bpf_dynptr_from_skb) |
11837 | BTF_SET8_END(bpf_kfunc_check_set_skb) |
11838 | |
11839 | BTF_SET8_START(bpf_kfunc_check_set_xdp) |
11840 | BTF_ID_FLAGS(func, bpf_dynptr_from_xdp) |
11841 | BTF_SET8_END(bpf_kfunc_check_set_xdp) |
11842 | |
11843 | BTF_SET8_START(bpf_kfunc_check_set_sock_addr) |
11844 | BTF_ID_FLAGS(func, bpf_sock_addr_set_sun_path) |
11845 | BTF_SET8_END(bpf_kfunc_check_set_sock_addr) |
11846 | |
11847 | static const struct btf_kfunc_id_set bpf_kfunc_set_skb = { |
11848 | .owner = THIS_MODULE, |
11849 | .set = &bpf_kfunc_check_set_skb, |
11850 | }; |
11851 | |
11852 | static const struct btf_kfunc_id_set bpf_kfunc_set_xdp = { |
11853 | .owner = THIS_MODULE, |
11854 | .set = &bpf_kfunc_check_set_xdp, |
11855 | }; |
11856 | |
11857 | static const struct btf_kfunc_id_set bpf_kfunc_set_sock_addr = { |
11858 | .owner = THIS_MODULE, |
11859 | .set = &bpf_kfunc_check_set_sock_addr, |
11860 | }; |
11861 | |
11862 | static int __init bpf_kfunc_init(void) |
11863 | { |
11864 | int ret; |
11865 | |
11866 | ret = register_btf_kfunc_id_set(prog_type: BPF_PROG_TYPE_SCHED_CLS, s: &bpf_kfunc_set_skb); |
11867 | ret = ret ?: register_btf_kfunc_id_set(prog_type: BPF_PROG_TYPE_SCHED_ACT, s: &bpf_kfunc_set_skb); |
11868 | ret = ret ?: register_btf_kfunc_id_set(prog_type: BPF_PROG_TYPE_SK_SKB, s: &bpf_kfunc_set_skb); |
11869 | ret = ret ?: register_btf_kfunc_id_set(prog_type: BPF_PROG_TYPE_SOCKET_FILTER, s: &bpf_kfunc_set_skb); |
11870 | ret = ret ?: register_btf_kfunc_id_set(prog_type: BPF_PROG_TYPE_CGROUP_SKB, s: &bpf_kfunc_set_skb); |
11871 | ret = ret ?: register_btf_kfunc_id_set(prog_type: BPF_PROG_TYPE_LWT_OUT, s: &bpf_kfunc_set_skb); |
11872 | ret = ret ?: register_btf_kfunc_id_set(prog_type: BPF_PROG_TYPE_LWT_IN, s: &bpf_kfunc_set_skb); |
11873 | ret = ret ?: register_btf_kfunc_id_set(prog_type: BPF_PROG_TYPE_LWT_XMIT, s: &bpf_kfunc_set_skb); |
11874 | ret = ret ?: register_btf_kfunc_id_set(prog_type: BPF_PROG_TYPE_LWT_SEG6LOCAL, s: &bpf_kfunc_set_skb); |
11875 | ret = ret ?: register_btf_kfunc_id_set(prog_type: BPF_PROG_TYPE_NETFILTER, s: &bpf_kfunc_set_skb); |
11876 | ret = ret ?: register_btf_kfunc_id_set(prog_type: BPF_PROG_TYPE_XDP, s: &bpf_kfunc_set_xdp); |
11877 | return ret ?: register_btf_kfunc_id_set(prog_type: BPF_PROG_TYPE_CGROUP_SOCK_ADDR, |
11878 | s: &bpf_kfunc_set_sock_addr); |
11879 | } |
11880 | late_initcall(bpf_kfunc_init); |
11881 | |
11882 | /* Disables missing prototype warnings */ |
11883 | __diag_push(); |
11884 | __diag_ignore_all("-Wmissing-prototypes" , |
11885 | "Global functions as their definitions will be in vmlinux BTF" ); |
11886 | |
11887 | /* bpf_sock_destroy: Destroy the given socket with ECONNABORTED error code. |
11888 | * |
11889 | * The function expects a non-NULL pointer to a socket, and invokes the |
11890 | * protocol specific socket destroy handlers. |
11891 | * |
11892 | * The helper can only be called from BPF contexts that have acquired the socket |
11893 | * locks. |
11894 | * |
11895 | * Parameters: |
11896 | * @sock: Pointer to socket to be destroyed |
11897 | * |
11898 | * Return: |
11899 | * On error, may return EPROTONOSUPPORT, EINVAL. |
11900 | * EPROTONOSUPPORT if protocol specific destroy handler is not supported. |
11901 | * 0 otherwise |
11902 | */ |
11903 | __bpf_kfunc int bpf_sock_destroy(struct sock_common *sock) |
11904 | { |
11905 | struct sock *sk = (struct sock *)sock; |
11906 | |
11907 | /* The locking semantics that allow for synchronous execution of the |
11908 | * destroy handlers are only supported for TCP and UDP. |
11909 | * Supporting protocols will need to acquire sock lock in the BPF context |
11910 | * prior to invoking this kfunc. |
11911 | */ |
11912 | if (!sk->sk_prot->diag_destroy || (sk->sk_protocol != IPPROTO_TCP && |
11913 | sk->sk_protocol != IPPROTO_UDP)) |
11914 | return -EOPNOTSUPP; |
11915 | |
11916 | return sk->sk_prot->diag_destroy(sk, ECONNABORTED); |
11917 | } |
11918 | |
11919 | __diag_pop() |
11920 | |
11921 | BTF_SET8_START(bpf_sk_iter_kfunc_ids) |
11922 | BTF_ID_FLAGS(func, bpf_sock_destroy, KF_TRUSTED_ARGS) |
11923 | BTF_SET8_END(bpf_sk_iter_kfunc_ids) |
11924 | |
11925 | static int tracing_iter_filter(const struct bpf_prog *prog, u32 kfunc_id) |
11926 | { |
11927 | if (btf_id_set8_contains(set: &bpf_sk_iter_kfunc_ids, id: kfunc_id) && |
11928 | prog->expected_attach_type != BPF_TRACE_ITER) |
11929 | return -EACCES; |
11930 | return 0; |
11931 | } |
11932 | |
11933 | static const struct btf_kfunc_id_set bpf_sk_iter_kfunc_set = { |
11934 | .owner = THIS_MODULE, |
11935 | .set = &bpf_sk_iter_kfunc_ids, |
11936 | .filter = tracing_iter_filter, |
11937 | }; |
11938 | |
11939 | static int init_subsystem(void) |
11940 | { |
11941 | return register_btf_kfunc_id_set(prog_type: BPF_PROG_TYPE_TRACING, s: &bpf_sk_iter_kfunc_set); |
11942 | } |
11943 | late_initcall(init_subsystem); |
11944 | |