tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom
kernel / include / linux / filter.h
at v3.16 12 kB view raw
1/* 2 * Linux Socket Filter Data Structures 3 */ 4#ifndef __LINUX_FILTER_H__ 5#define __LINUX_FILTER_H__ 6 7#include <linux/atomic.h> 8#include <linux/compat.h> 9#include <linux/workqueue.h> 10#include <uapi/linux/filter.h> 11 12/* Internally used and optimized filter representation with extended 13 * instruction set based on top of classic BPF. 14 */ 15 16/* instruction classes */ 17#define BPF_ALU64 0x07 /* alu mode in double word width */ 18 19/* ld/ldx fields */ 20#define BPF_DW 0x18 /* double word */ 21#define BPF_XADD 0xc0 /* exclusive add */ 22 23/* alu/jmp fields */ 24#define BPF_MOV 0xb0 /* mov reg to reg */ 25#define BPF_ARSH 0xc0 /* sign extending arithmetic shift right */ 26 27/* change endianness of a register */ 28#define BPF_END 0xd0 /* flags for endianness conversion: */ 29#define BPF_TO_LE 0x00 /* convert to little-endian */ 30#define BPF_TO_BE 0x08 /* convert to big-endian */ 31#define BPF_FROM_LE BPF_TO_LE 32#define BPF_FROM_BE BPF_TO_BE 33 34#define BPF_JNE 0x50 /* jump != */ 35#define BPF_JSGT 0x60 /* SGT is signed '>', GT in x86 */ 36#define BPF_JSGE 0x70 /* SGE is signed '>=', GE in x86 */ 37#define BPF_CALL 0x80 /* function call */ 38#define BPF_EXIT 0x90 /* function return */ 39 40/* Register numbers */ 41enum { 42 BPF_REG_0 = 0, 43 BPF_REG_1, 44 BPF_REG_2, 45 BPF_REG_3, 46 BPF_REG_4, 47 BPF_REG_5, 48 BPF_REG_6, 49 BPF_REG_7, 50 BPF_REG_8, 51 BPF_REG_9, 52 BPF_REG_10, 53 __MAX_BPF_REG, 54}; 55 56/* BPF has 10 general purpose 64-bit registers and stack frame. */ 57#define MAX_BPF_REG __MAX_BPF_REG 58 59/* ArgX, context and stack frame pointer register positions. Note, 60 * Arg1, Arg2, Arg3, etc are used as argument mappings of function 61 * calls in BPF_CALL instruction. 62 */ 63#define BPF_REG_ARG1 BPF_REG_1 64#define BPF_REG_ARG2 BPF_REG_2 65#define BPF_REG_ARG3 BPF_REG_3 66#define BPF_REG_ARG4 BPF_REG_4 67#define BPF_REG_ARG5 BPF_REG_5 68#define BPF_REG_CTX BPF_REG_6 69#define BPF_REG_FP BPF_REG_10 70 71/* Additional register mappings for converted user programs. */ 72#define BPF_REG_A BPF_REG_0 73#define BPF_REG_X BPF_REG_7 74#define BPF_REG_TMP BPF_REG_8 75 76/* BPF program can access up to 512 bytes of stack space. */ 77#define MAX_BPF_STACK 512 78 79/* Helper macros for filter block array initializers. */ 80 81/* ALU ops on registers, bpf_add|sub|...: dst_reg += src_reg */ 82 83#define BPF_ALU64_REG(OP, DST, SRC) \ 84 ((struct sock_filter_int) { \ 85 .code = BPF_ALU64 | BPF_OP(OP) | BPF_X, \ 86 .dst_reg = DST, \ 87 .src_reg = SRC, \ 88 .off = 0, \ 89 .imm = 0 }) 90 91#define BPF_ALU32_REG(OP, DST, SRC) \ 92 ((struct sock_filter_int) { \ 93 .code = BPF_ALU | BPF_OP(OP) | BPF_X, \ 94 .dst_reg = DST, \ 95 .src_reg = SRC, \ 96 .off = 0, \ 97 .imm = 0 }) 98 99/* ALU ops on immediates, bpf_add|sub|...: dst_reg += imm32 */ 100 101#define BPF_ALU64_IMM(OP, DST, IMM) \ 102 ((struct sock_filter_int) { \ 103 .code = BPF_ALU64 | BPF_OP(OP) | BPF_K, \ 104 .dst_reg = DST, \ 105 .src_reg = 0, \ 106 .off = 0, \ 107 .imm = IMM }) 108 109#define BPF_ALU32_IMM(OP, DST, IMM) \ 110 ((struct sock_filter_int) { \ 111 .code = BPF_ALU | BPF_OP(OP) | BPF_K, \ 112 .dst_reg = DST, \ 113 .src_reg = 0, \ 114 .off = 0, \ 115 .imm = IMM }) 116 117/* Endianess conversion, cpu_to_{l,b}e(), {l,b}e_to_cpu() */ 118 119#define BPF_ENDIAN(TYPE, DST, LEN) \ 120 ((struct sock_filter_int) { \ 121 .code = BPF_ALU | BPF_END | BPF_SRC(TYPE), \ 122 .dst_reg = DST, \ 123 .src_reg = 0, \ 124 .off = 0, \ 125 .imm = LEN }) 126 127/* Short form of mov, dst_reg = src_reg */ 128 129#define BPF_MOV64_REG(DST, SRC) \ 130 ((struct sock_filter_int) { \ 131 .code = BPF_ALU64 | BPF_MOV | BPF_X, \ 132 .dst_reg = DST, \ 133 .src_reg = SRC, \ 134 .off = 0, \ 135 .imm = 0 }) 136 137#define BPF_MOV32_REG(DST, SRC) \ 138 ((struct sock_filter_int) { \ 139 .code = BPF_ALU | BPF_MOV | BPF_X, \ 140 .dst_reg = DST, \ 141 .src_reg = SRC, \ 142 .off = 0, \ 143 .imm = 0 }) 144 145/* Short form of mov, dst_reg = imm32 */ 146 147#define BPF_MOV64_IMM(DST, IMM) \ 148 ((struct sock_filter_int) { \ 149 .code = BPF_ALU64 | BPF_MOV | BPF_K, \ 150 .dst_reg = DST, \ 151 .src_reg = 0, \ 152 .off = 0, \ 153 .imm = IMM }) 154 155#define BPF_MOV32_IMM(DST, IMM) \ 156 ((struct sock_filter_int) { \ 157 .code = BPF_ALU | BPF_MOV | BPF_K, \ 158 .dst_reg = DST, \ 159 .src_reg = 0, \ 160 .off = 0, \ 161 .imm = IMM }) 162 163/* Short form of mov based on type, BPF_X: dst_reg = src_reg, BPF_K: dst_reg = imm32 */ 164 165#define BPF_MOV64_RAW(TYPE, DST, SRC, IMM) \ 166 ((struct sock_filter_int) { \ 167 .code = BPF_ALU64 | BPF_MOV | BPF_SRC(TYPE), \ 168 .dst_reg = DST, \ 169 .src_reg = SRC, \ 170 .off = 0, \ 171 .imm = IMM }) 172 173#define BPF_MOV32_RAW(TYPE, DST, SRC, IMM) \ 174 ((struct sock_filter_int) { \ 175 .code = BPF_ALU | BPF_MOV | BPF_SRC(TYPE), \ 176 .dst_reg = DST, \ 177 .src_reg = SRC, \ 178 .off = 0, \ 179 .imm = IMM }) 180 181/* Direct packet access, R0 = *(uint *) (skb->data + imm32) */ 182 183#define BPF_LD_ABS(SIZE, IMM) \ 184 ((struct sock_filter_int) { \ 185 .code = BPF_LD | BPF_SIZE(SIZE) | BPF_ABS, \ 186 .dst_reg = 0, \ 187 .src_reg = 0, \ 188 .off = 0, \ 189 .imm = IMM }) 190 191/* Indirect packet access, R0 = *(uint *) (skb->data + src_reg + imm32) */ 192 193#define BPF_LD_IND(SIZE, SRC, IMM) \ 194 ((struct sock_filter_int) { \ 195 .code = BPF_LD | BPF_SIZE(SIZE) | BPF_IND, \ 196 .dst_reg = 0, \ 197 .src_reg = SRC, \ 198 .off = 0, \ 199 .imm = IMM }) 200 201/* Memory load, dst_reg = *(uint *) (src_reg + off16) */ 202 203#define BPF_LDX_MEM(SIZE, DST, SRC, OFF) \ 204 ((struct sock_filter_int) { \ 205 .code = BPF_LDX | BPF_SIZE(SIZE) | BPF_MEM, \ 206 .dst_reg = DST, \ 207 .src_reg = SRC, \ 208 .off = OFF, \ 209 .imm = 0 }) 210 211/* Memory store, *(uint *) (dst_reg + off16) = src_reg */ 212 213#define BPF_STX_MEM(SIZE, DST, SRC, OFF) \ 214 ((struct sock_filter_int) { \ 215 .code = BPF_STX | BPF_SIZE(SIZE) | BPF_MEM, \ 216 .dst_reg = DST, \ 217 .src_reg = SRC, \ 218 .off = OFF, \ 219 .imm = 0 }) 220 221/* Memory store, *(uint *) (dst_reg + off16) = imm32 */ 222 223#define BPF_ST_MEM(SIZE, DST, OFF, IMM) \ 224 ((struct sock_filter_int) { \ 225 .code = BPF_ST | BPF_SIZE(SIZE) | BPF_MEM, \ 226 .dst_reg = DST, \ 227 .src_reg = 0, \ 228 .off = OFF, \ 229 .imm = IMM }) 230 231/* Conditional jumps against registers, if (dst_reg 'op' src_reg) goto pc + off16 */ 232 233#define BPF_JMP_REG(OP, DST, SRC, OFF) \ 234 ((struct sock_filter_int) { \ 235 .code = BPF_JMP | BPF_OP(OP) | BPF_X, \ 236 .dst_reg = DST, \ 237 .src_reg = SRC, \ 238 .off = OFF, \ 239 .imm = 0 }) 240 241/* Conditional jumps against immediates, if (dst_reg 'op' imm32) goto pc + off16 */ 242 243#define BPF_JMP_IMM(OP, DST, IMM, OFF) \ 244 ((struct sock_filter_int) { \ 245 .code = BPF_JMP | BPF_OP(OP) | BPF_K, \ 246 .dst_reg = DST, \ 247 .src_reg = 0, \ 248 .off = OFF, \ 249 .imm = IMM }) 250 251/* Function call */ 252 253#define BPF_EMIT_CALL(FUNC) \ 254 ((struct sock_filter_int) { \ 255 .code = BPF_JMP | BPF_CALL, \ 256 .dst_reg = 0, \ 257 .src_reg = 0, \ 258 .off = 0, \ 259 .imm = ((FUNC) - __bpf_call_base) }) 260 261/* Raw code statement block */ 262 263#define BPF_RAW_INSN(CODE, DST, SRC, OFF, IMM) \ 264 ((struct sock_filter_int) { \ 265 .code = CODE, \ 266 .dst_reg = DST, \ 267 .src_reg = SRC, \ 268 .off = OFF, \ 269 .imm = IMM }) 270 271/* Program exit */ 272 273#define BPF_EXIT_INSN() \ 274 ((struct sock_filter_int) { \ 275 .code = BPF_JMP | BPF_EXIT, \ 276 .dst_reg = 0, \ 277 .src_reg = 0, \ 278 .off = 0, \ 279 .imm = 0 }) 280 281#define bytes_to_bpf_size(bytes) \ 282({ \ 283 int bpf_size = -EINVAL; \ 284 \ 285 if (bytes == sizeof(u8)) \ 286 bpf_size = BPF_B; \ 287 else if (bytes == sizeof(u16)) \ 288 bpf_size = BPF_H; \ 289 else if (bytes == sizeof(u32)) \ 290 bpf_size = BPF_W; \ 291 else if (bytes == sizeof(u64)) \ 292 bpf_size = BPF_DW; \ 293 \ 294 bpf_size; \ 295}) 296 297/* Macro to invoke filter function. */ 298#define SK_RUN_FILTER(filter, ctx) (*filter->bpf_func)(ctx, filter->insnsi) 299 300struct sock_filter_int { 301 __u8 code; /* opcode */ 302 __u8 dst_reg:4; /* dest register */ 303 __u8 src_reg:4; /* source register */ 304 __s16 off; /* signed offset */ 305 __s32 imm; /* signed immediate constant */ 306}; 307 308#ifdef CONFIG_COMPAT 309/* A struct sock_filter is architecture independent. */ 310struct compat_sock_fprog { 311 u16 len; 312 compat_uptr_t filter; /* struct sock_filter * */ 313}; 314#endif 315 316struct sock_fprog_kern { 317 u16 len; 318 struct sock_filter *filter; 319}; 320 321struct sk_buff; 322struct sock; 323struct seccomp_data; 324 325struct sk_filter { 326 atomic_t refcnt; 327 u32 jited:1, /* Is our filter JIT'ed? */ 328 len:31; /* Number of filter blocks */ 329 struct sock_fprog_kern *orig_prog; /* Original BPF program */ 330 struct rcu_head rcu; 331 unsigned int (*bpf_func)(const struct sk_buff *skb, 332 const struct sock_filter_int *filter); 333 union { 334 struct sock_filter insns[0]; 335 struct sock_filter_int insnsi[0]; 336 struct work_struct work; 337 }; 338}; 339 340static inline unsigned int sk_filter_size(unsigned int proglen) 341{ 342 return max(sizeof(struct sk_filter), 343 offsetof(struct sk_filter, insns[proglen])); 344} 345 346#define sk_filter_proglen(fprog) \ 347 (fprog->len * sizeof(fprog->filter[0])) 348 349int sk_filter(struct sock *sk, struct sk_buff *skb); 350 351void sk_filter_select_runtime(struct sk_filter *fp); 352void sk_filter_free(struct sk_filter *fp); 353 354int sk_convert_filter(struct sock_filter *prog, int len, 355 struct sock_filter_int *new_prog, int *new_len); 356 357int sk_unattached_filter_create(struct sk_filter **pfp, 358 struct sock_fprog_kern *fprog); 359void sk_unattached_filter_destroy(struct sk_filter *fp); 360 361int sk_attach_filter(struct sock_fprog *fprog, struct sock *sk); 362int sk_detach_filter(struct sock *sk); 363 364int sk_chk_filter(struct sock_filter *filter, unsigned int flen); 365int sk_get_filter(struct sock *sk, struct sock_filter __user *filter, 366 unsigned int len); 367 368void sk_filter_charge(struct sock *sk, struct sk_filter *fp); 369void sk_filter_uncharge(struct sock *sk, struct sk_filter *fp); 370 371u64 __bpf_call_base(u64 r1, u64 r2, u64 r3, u64 r4, u64 r5); 372void bpf_int_jit_compile(struct sk_filter *fp); 373 374#define BPF_ANC BIT(15) 375 376static inline u16 bpf_anc_helper(const struct sock_filter *ftest) 377{ 378 BUG_ON(ftest->code & BPF_ANC); 379 380 switch (ftest->code) { 381 case BPF_LD | BPF_W | BPF_ABS: 382 case BPF_LD | BPF_H | BPF_ABS: 383 case BPF_LD | BPF_B | BPF_ABS: 384#define BPF_ANCILLARY(CODE) case SKF_AD_OFF + SKF_AD_##CODE: \ 385 return BPF_ANC | SKF_AD_##CODE 386 switch (ftest->k) { 387 BPF_ANCILLARY(PROTOCOL); 388 BPF_ANCILLARY(PKTTYPE); 389 BPF_ANCILLARY(IFINDEX); 390 BPF_ANCILLARY(NLATTR); 391 BPF_ANCILLARY(NLATTR_NEST); 392 BPF_ANCILLARY(MARK); 393 BPF_ANCILLARY(QUEUE); 394 BPF_ANCILLARY(HATYPE); 395 BPF_ANCILLARY(RXHASH); 396 BPF_ANCILLARY(CPU); 397 BPF_ANCILLARY(ALU_XOR_X); 398 BPF_ANCILLARY(VLAN_TAG); 399 BPF_ANCILLARY(VLAN_TAG_PRESENT); 400 BPF_ANCILLARY(PAY_OFFSET); 401 BPF_ANCILLARY(RANDOM); 402 } 403 /* Fallthrough. */ 404 default: 405 return ftest->code; 406 } 407} 408 409#ifdef CONFIG_BPF_JIT 410#include <stdarg.h> 411#include <linux/linkage.h> 412#include <linux/printk.h> 413 414void bpf_jit_compile(struct sk_filter *fp); 415void bpf_jit_free(struct sk_filter *fp); 416 417static inline void bpf_jit_dump(unsigned int flen, unsigned int proglen, 418 u32 pass, void *image) 419{ 420 pr_err("flen=%u proglen=%u pass=%u image=%pK\n", 421 flen, proglen, pass, image); 422 if (image) 423 print_hex_dump(KERN_ERR, "JIT code: ", DUMP_PREFIX_OFFSET, 424 16, 1, image, proglen, false); 425} 426#else 427#include <linux/slab.h> 428 429static inline void bpf_jit_compile(struct sk_filter *fp) 430{ 431} 432 433static inline void bpf_jit_free(struct sk_filter *fp) 434{ 435 kfree(fp); 436} 437#endif /* CONFIG_BPF_JIT */ 438 439static inline int bpf_tell_extensions(void) 440{ 441 return SKF_AD_MAX; 442} 443 444#endif /* __LINUX_FILTER_H__ */