include/linux/filter.h at v3.17-rc2 · tjh.dev/kernel

tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
kernel / include / linux / filter.h
at v3.17-rc2 12 kB view raw
  1/*
  2 * Linux Socket Filter Data Structures
  3 */
  4#ifndef __LINUX_FILTER_H__
  5#define __LINUX_FILTER_H__
  6
  7#include <linux/atomic.h>
  8#include <linux/compat.h>
  9#include <linux/skbuff.h>
 10#include <linux/workqueue.h>
 11#include <uapi/linux/filter.h>
 12
 13/* Internally used and optimized filter representation with extended
 14 * instruction set based on top of classic BPF.
 15 */
 16
 17/* instruction classes */
 18#define BPF_ALU64	0x07	/* alu mode in double word width */
 19
 20/* ld/ldx fields */
 21#define BPF_DW		0x18	/* double word */
 22#define BPF_XADD	0xc0	/* exclusive add */
 23
 24/* alu/jmp fields */
 25#define BPF_MOV		0xb0	/* mov reg to reg */
 26#define BPF_ARSH	0xc0	/* sign extending arithmetic shift right */
 27
 28/* change endianness of a register */
 29#define BPF_END		0xd0	/* flags for endianness conversion: */
 30#define BPF_TO_LE	0x00	/* convert to little-endian */
 31#define BPF_TO_BE	0x08	/* convert to big-endian */
 32#define BPF_FROM_LE	BPF_TO_LE
 33#define BPF_FROM_BE	BPF_TO_BE
 34
 35#define BPF_JNE		0x50	/* jump != */
 36#define BPF_JSGT	0x60	/* SGT is signed '>', GT in x86 */
 37#define BPF_JSGE	0x70	/* SGE is signed '>=', GE in x86 */
 38#define BPF_CALL	0x80	/* function call */
 39#define BPF_EXIT	0x90	/* function return */
 40
 41/* Register numbers */
 42enum {
 43	BPF_REG_0 = 0,
 44	BPF_REG_1,
 45	BPF_REG_2,
 46	BPF_REG_3,
 47	BPF_REG_4,
 48	BPF_REG_5,
 49	BPF_REG_6,
 50	BPF_REG_7,
 51	BPF_REG_8,
 52	BPF_REG_9,
 53	BPF_REG_10,
 54	__MAX_BPF_REG,
 55};
 56
 57/* BPF has 10 general purpose 64-bit registers and stack frame. */
 58#define MAX_BPF_REG	__MAX_BPF_REG
 59
 60/* ArgX, context and stack frame pointer register positions. Note,
 61 * Arg1, Arg2, Arg3, etc are used as argument mappings of function
 62 * calls in BPF_CALL instruction.
 63 */
 64#define BPF_REG_ARG1	BPF_REG_1
 65#define BPF_REG_ARG2	BPF_REG_2
 66#define BPF_REG_ARG3	BPF_REG_3
 67#define BPF_REG_ARG4	BPF_REG_4
 68#define BPF_REG_ARG5	BPF_REG_5
 69#define BPF_REG_CTX	BPF_REG_6
 70#define BPF_REG_FP	BPF_REG_10
 71
 72/* Additional register mappings for converted user programs. */
 73#define BPF_REG_A	BPF_REG_0
 74#define BPF_REG_X	BPF_REG_7
 75#define BPF_REG_TMP	BPF_REG_8
 76
 77/* BPF program can access up to 512 bytes of stack space. */
 78#define MAX_BPF_STACK	512
 79
 80/* Helper macros for filter block array initializers. */
 81
 82/* ALU ops on registers, bpf_add|sub|...: dst_reg += src_reg */
 83
 84#define BPF_ALU64_REG(OP, DST, SRC)				\
 85	((struct bpf_insn) {					\
 86		.code  = BPF_ALU64 | BPF_OP(OP) | BPF_X,	\
 87		.dst_reg = DST,					\
 88		.src_reg = SRC,					\
 89		.off   = 0,					\
 90		.imm   = 0 })
 91
 92#define BPF_ALU32_REG(OP, DST, SRC)				\
 93	((struct bpf_insn) {					\
 94		.code  = BPF_ALU | BPF_OP(OP) | BPF_X,		\
 95		.dst_reg = DST,					\
 96		.src_reg = SRC,					\
 97		.off   = 0,					\
 98		.imm   = 0 })
 99
100/* ALU ops on immediates, bpf_add|sub|...: dst_reg += imm32 */
101
102#define BPF_ALU64_IMM(OP, DST, IMM)				\
103	((struct bpf_insn) {					\
104		.code  = BPF_ALU64 | BPF_OP(OP) | BPF_K,	\
105		.dst_reg = DST,					\
106		.src_reg = 0,					\
107		.off   = 0,					\
108		.imm   = IMM })
109
110#define BPF_ALU32_IMM(OP, DST, IMM)				\
111	((struct bpf_insn) {					\
112		.code  = BPF_ALU | BPF_OP(OP) | BPF_K,		\
113		.dst_reg = DST,					\
114		.src_reg = 0,					\
115		.off   = 0,					\
116		.imm   = IMM })
117
118/* Endianess conversion, cpu_to_{l,b}e(), {l,b}e_to_cpu() */
119
120#define BPF_ENDIAN(TYPE, DST, LEN)				\
121	((struct bpf_insn) {					\
122		.code  = BPF_ALU | BPF_END | BPF_SRC(TYPE),	\
123		.dst_reg = DST,					\
124		.src_reg = 0,					\
125		.off   = 0,					\
126		.imm   = LEN })
127
128/* Short form of mov, dst_reg = src_reg */
129
130#define BPF_MOV64_REG(DST, SRC)					\
131	((struct bpf_insn) {					\
132		.code  = BPF_ALU64 | BPF_MOV | BPF_X,		\
133		.dst_reg = DST,					\
134		.src_reg = SRC,					\
135		.off   = 0,					\
136		.imm   = 0 })
137
138#define BPF_MOV32_REG(DST, SRC)					\
139	((struct bpf_insn) {					\
140		.code  = BPF_ALU | BPF_MOV | BPF_X,		\
141		.dst_reg = DST,					\
142		.src_reg = SRC,					\
143		.off   = 0,					\
144		.imm   = 0 })
145
146/* Short form of mov, dst_reg = imm32 */
147
148#define BPF_MOV64_IMM(DST, IMM)					\
149	((struct bpf_insn) {					\
150		.code  = BPF_ALU64 | BPF_MOV | BPF_K,		\
151		.dst_reg = DST,					\
152		.src_reg = 0,					\
153		.off   = 0,					\
154		.imm   = IMM })
155
156#define BPF_MOV32_IMM(DST, IMM)					\
157	((struct bpf_insn) {					\
158		.code  = BPF_ALU | BPF_MOV | BPF_K,		\
159		.dst_reg = DST,					\
160		.src_reg = 0,					\
161		.off   = 0,					\
162		.imm   = IMM })
163
164/* Short form of mov based on type, BPF_X: dst_reg = src_reg, BPF_K: dst_reg = imm32 */
165
166#define BPF_MOV64_RAW(TYPE, DST, SRC, IMM)			\
167	((struct bpf_insn) {					\
168		.code  = BPF_ALU64 | BPF_MOV | BPF_SRC(TYPE),	\
169		.dst_reg = DST,					\
170		.src_reg = SRC,					\
171		.off   = 0,					\
172		.imm   = IMM })
173
174#define BPF_MOV32_RAW(TYPE, DST, SRC, IMM)			\
175	((struct bpf_insn) {					\
176		.code  = BPF_ALU | BPF_MOV | BPF_SRC(TYPE),	\
177		.dst_reg = DST,					\
178		.src_reg = SRC,					\
179		.off   = 0,					\
180		.imm   = IMM })
181
182/* Direct packet access, R0 = *(uint *) (skb->data + imm32) */
183
184#define BPF_LD_ABS(SIZE, IMM)					\
185	((struct bpf_insn) {					\
186		.code  = BPF_LD | BPF_SIZE(SIZE) | BPF_ABS,	\
187		.dst_reg = 0,					\
188		.src_reg = 0,					\
189		.off   = 0,					\
190		.imm   = IMM })
191
192/* Indirect packet access, R0 = *(uint *) (skb->data + src_reg + imm32) */
193
194#define BPF_LD_IND(SIZE, SRC, IMM)				\
195	((struct bpf_insn) {					\
196		.code  = BPF_LD | BPF_SIZE(SIZE) | BPF_IND,	\
197		.dst_reg = 0,					\
198		.src_reg = SRC,					\
199		.off   = 0,					\
200		.imm   = IMM })
201
202/* Memory load, dst_reg = *(uint *) (src_reg + off16) */
203
204#define BPF_LDX_MEM(SIZE, DST, SRC, OFF)			\
205	((struct bpf_insn) {					\
206		.code  = BPF_LDX | BPF_SIZE(SIZE) | BPF_MEM,	\
207		.dst_reg = DST,					\
208		.src_reg = SRC,					\
209		.off   = OFF,					\
210		.imm   = 0 })
211
212/* Memory store, *(uint *) (dst_reg + off16) = src_reg */
213
214#define BPF_STX_MEM(SIZE, DST, SRC, OFF)			\
215	((struct bpf_insn) {					\
216		.code  = BPF_STX | BPF_SIZE(SIZE) | BPF_MEM,	\
217		.dst_reg = DST,					\
218		.src_reg = SRC,					\
219		.off   = OFF,					\
220		.imm   = 0 })
221
222/* Memory store, *(uint *) (dst_reg + off16) = imm32 */
223
224#define BPF_ST_MEM(SIZE, DST, OFF, IMM)				\
225	((struct bpf_insn) {					\
226		.code  = BPF_ST | BPF_SIZE(SIZE) | BPF_MEM,	\
227		.dst_reg = DST,					\
228		.src_reg = 0,					\
229		.off   = OFF,					\
230		.imm   = IMM })
231
232/* Conditional jumps against registers, if (dst_reg 'op' src_reg) goto pc + off16 */
233
234#define BPF_JMP_REG(OP, DST, SRC, OFF)				\
235	((struct bpf_insn) {					\
236		.code  = BPF_JMP | BPF_OP(OP) | BPF_X,		\
237		.dst_reg = DST,					\
238		.src_reg = SRC,					\
239		.off   = OFF,					\
240		.imm   = 0 })
241
242/* Conditional jumps against immediates, if (dst_reg 'op' imm32) goto pc + off16 */
243
244#define BPF_JMP_IMM(OP, DST, IMM, OFF)				\
245	((struct bpf_insn) {					\
246		.code  = BPF_JMP | BPF_OP(OP) | BPF_K,		\
247		.dst_reg = DST,					\
248		.src_reg = 0,					\
249		.off   = OFF,					\
250		.imm   = IMM })
251
252/* Function call */
253
254#define BPF_EMIT_CALL(FUNC)					\
255	((struct bpf_insn) {					\
256		.code  = BPF_JMP | BPF_CALL,			\
257		.dst_reg = 0,					\
258		.src_reg = 0,					\
259		.off   = 0,					\
260		.imm   = ((FUNC) - __bpf_call_base) })
261
262/* Raw code statement block */
263
264#define BPF_RAW_INSN(CODE, DST, SRC, OFF, IMM)			\
265	((struct bpf_insn) {					\
266		.code  = CODE,					\
267		.dst_reg = DST,					\
268		.src_reg = SRC,					\
269		.off   = OFF,					\
270		.imm   = IMM })
271
272/* Program exit */
273
274#define BPF_EXIT_INSN()						\
275	((struct bpf_insn) {					\
276		.code  = BPF_JMP | BPF_EXIT,			\
277		.dst_reg = 0,					\
278		.src_reg = 0,					\
279		.off   = 0,					\
280		.imm   = 0 })
281
282#define bytes_to_bpf_size(bytes)				\
283({								\
284	int bpf_size = -EINVAL;					\
285								\
286	if (bytes == sizeof(u8))				\
287		bpf_size = BPF_B;				\
288	else if (bytes == sizeof(u16))				\
289		bpf_size = BPF_H;				\
290	else if (bytes == sizeof(u32))				\
291		bpf_size = BPF_W;				\
292	else if (bytes == sizeof(u64))				\
293		bpf_size = BPF_DW;				\
294								\
295	bpf_size;						\
296})
297
298/* Macro to invoke filter function. */
299#define SK_RUN_FILTER(filter, ctx) \
300	(*filter->prog->bpf_func)(ctx, filter->prog->insnsi)
301
302struct bpf_insn {
303	__u8	code;		/* opcode */
304	__u8	dst_reg:4;	/* dest register */
305	__u8	src_reg:4;	/* source register */
306	__s16	off;		/* signed offset */
307	__s32	imm;		/* signed immediate constant */
308};
309
310#ifdef CONFIG_COMPAT
311/* A struct sock_filter is architecture independent. */
312struct compat_sock_fprog {
313	u16		len;
314	compat_uptr_t	filter;	/* struct sock_filter * */
315};
316#endif
317
318struct sock_fprog_kern {
319	u16			len;
320	struct sock_filter	*filter;
321};
322
323struct sk_buff;
324struct sock;
325struct seccomp_data;
326
327struct bpf_prog {
328	u32			jited:1,	/* Is our filter JIT'ed? */
329				len:31;		/* Number of filter blocks */
330	struct sock_fprog_kern	*orig_prog;	/* Original BPF program */
331	unsigned int		(*bpf_func)(const struct sk_buff *skb,
332					    const struct bpf_insn *filter);
333	union {
334		struct sock_filter	insns[0];
335		struct bpf_insn		insnsi[0];
336		struct work_struct	work;
337	};
338};
339
340struct sk_filter {
341	atomic_t	refcnt;
342	struct rcu_head	rcu;
343	struct bpf_prog	*prog;
344};
345
346#define BPF_PROG_RUN(filter, ctx)  (*filter->bpf_func)(ctx, filter->insnsi)
347
348static inline unsigned int bpf_prog_size(unsigned int proglen)
349{
350	return max(sizeof(struct bpf_prog),
351		   offsetof(struct bpf_prog, insns[proglen]));
352}
353
354#define bpf_classic_proglen(fprog) (fprog->len * sizeof(fprog->filter[0]))
355
356int sk_filter(struct sock *sk, struct sk_buff *skb);
357
358void bpf_prog_select_runtime(struct bpf_prog *fp);
359void bpf_prog_free(struct bpf_prog *fp);
360
361int bpf_convert_filter(struct sock_filter *prog, int len,
362		       struct bpf_insn *new_prog, int *new_len);
363
364int bpf_prog_create(struct bpf_prog **pfp, struct sock_fprog_kern *fprog);
365void bpf_prog_destroy(struct bpf_prog *fp);
366
367int sk_attach_filter(struct sock_fprog *fprog, struct sock *sk);
368int sk_detach_filter(struct sock *sk);
369
370int bpf_check_classic(const struct sock_filter *filter, unsigned int flen);
371int sk_get_filter(struct sock *sk, struct sock_filter __user *filter,
372		  unsigned int len);
373
374bool sk_filter_charge(struct sock *sk, struct sk_filter *fp);
375void sk_filter_uncharge(struct sock *sk, struct sk_filter *fp);
376
377u64 __bpf_call_base(u64 r1, u64 r2, u64 r3, u64 r4, u64 r5);
378void bpf_int_jit_compile(struct bpf_prog *fp);
379
380#define BPF_ANC		BIT(15)
381
382static inline u16 bpf_anc_helper(const struct sock_filter *ftest)
383{
384	BUG_ON(ftest->code & BPF_ANC);
385
386	switch (ftest->code) {
387	case BPF_LD | BPF_W | BPF_ABS:
388	case BPF_LD | BPF_H | BPF_ABS:
389	case BPF_LD | BPF_B | BPF_ABS:
390#define BPF_ANCILLARY(CODE)	case SKF_AD_OFF + SKF_AD_##CODE:	\
391				return BPF_ANC | SKF_AD_##CODE
392		switch (ftest->k) {
393		BPF_ANCILLARY(PROTOCOL);
394		BPF_ANCILLARY(PKTTYPE);
395		BPF_ANCILLARY(IFINDEX);
396		BPF_ANCILLARY(NLATTR);
397		BPF_ANCILLARY(NLATTR_NEST);
398		BPF_ANCILLARY(MARK);
399		BPF_ANCILLARY(QUEUE);
400		BPF_ANCILLARY(HATYPE);
401		BPF_ANCILLARY(RXHASH);
402		BPF_ANCILLARY(CPU);
403		BPF_ANCILLARY(ALU_XOR_X);
404		BPF_ANCILLARY(VLAN_TAG);
405		BPF_ANCILLARY(VLAN_TAG_PRESENT);
406		BPF_ANCILLARY(PAY_OFFSET);
407		BPF_ANCILLARY(RANDOM);
408		}
409		/* Fallthrough. */
410	default:
411		return ftest->code;
412	}
413}
414
415void *bpf_internal_load_pointer_neg_helper(const struct sk_buff *skb,
416					   int k, unsigned int size);
417
418static inline void *bpf_load_pointer(const struct sk_buff *skb, int k,
419				     unsigned int size, void *buffer)
420{
421	if (k >= 0)
422		return skb_header_pointer(skb, k, size, buffer);
423
424	return bpf_internal_load_pointer_neg_helper(skb, k, size);
425}
426
427#ifdef CONFIG_BPF_JIT
428#include <stdarg.h>
429#include <linux/linkage.h>
430#include <linux/printk.h>
431
432void bpf_jit_compile(struct bpf_prog *fp);
433void bpf_jit_free(struct bpf_prog *fp);
434
435static inline void bpf_jit_dump(unsigned int flen, unsigned int proglen,
436				u32 pass, void *image)
437{
438	pr_err("flen=%u proglen=%u pass=%u image=%pK\n",
439	       flen, proglen, pass, image);
440	if (image)
441		print_hex_dump(KERN_ERR, "JIT code: ", DUMP_PREFIX_OFFSET,
442			       16, 1, image, proglen, false);
443}
444#else
445#include <linux/slab.h>
446
447static inline void bpf_jit_compile(struct bpf_prog *fp)
448{
449}
450
451static inline void bpf_jit_free(struct bpf_prog *fp)
452{
453	kfree(fp);
454}
455#endif /* CONFIG_BPF_JIT */
456
457static inline int bpf_tell_extensions(void)
458{
459	return SKF_AD_MAX;
460}
461
462#endif /* __LINUX_FILTER_H__ */