kernel/bpf/cgroup.c
Source file repositories/reference/linux-study-clean/kernel/bpf/cgroup.c
File Facts
- System
- Linux kernel
- Corpus path
kernel/bpf/cgroup.c- Extension
.c- Size
- 74352 bytes
- Lines
- 2781
- Domain
- Core OS
- Bucket
- Scheduler, Processes, Timers, Sync, And Syscalls
- Inferred role
- Core OS: exported/initcall integration point
- Status
- integration implementation candidate
Why This File Exists
Core operating-system implementation surface: boot, tasks, memory, VFS, syscall-facing interfaces, synchronization, credentials, and isolation.
- Core operating-system implementation surface: boot, tasks, memory, VFS, syscall-facing interfaces, synchronization, credentials, and isolation.
- Exports symbols or registers init work; inspect boot/module ordering and who consumes the exported contract.
- Touches user memory; correctness depends on fault-safe copying and privilege boundary handling.
- Uses kernel synchronization; read lock ordering, sleepability, and interrupt context assumptions before translating.
- Allocates kernel memory; connect allocation flags and lifetime to context constraints.
- Defines or uses C structs; map object ownership, embedded links, reference counts, and lock ownership.
Dependency Surface
linux/kernel.hlinux/atomic.hlinux/cgroup.hlinux/filter.hlinux/slab.hlinux/sysctl.hlinux/string.hlinux/bpf.hlinux/bpf-cgroup.hlinux/bpf_lsm.hlinux/bpf_verifier.hnet/sock.hnet/bpf_sk_storage.h../cgroup/cgroup-internal.h
Detected Declarations
struct cgroup_lsm_atypefunction cgroup_bpf_wq_initfunction cgroup_bpf_lifetime_notifier_initfunction cgroup_bpf_hook_returns_errnofunction cgroup_bpf_hook_returns_errnofunction bpf_prog_run_array_cgfunction __cgroup_bpf_run_lsm_sockfunction __cgroup_bpf_run_lsm_socketfunction __cgroup_bpf_run_lsm_currentfunction bpf_cgroup_atype_findfunction bpf_cgroup_atype_getfunction bpf_cgroup_atype_putfunction bpf_cgroup_atype_findfunction cgroup_bpf_offlinefunction bpf_cgroup_storages_freefunction bpf_cgroup_storages_allocfunction for_each_cgroup_storage_typefunction bpf_cgroup_storages_assignfunction bpf_cgroup_storages_linkfunction releasefunction cgroup_bpf_releasefunction hlist_for_each_entry_safefunction list_for_each_entry_safefunction cgroup_bpf_release_fnfunction prog_list_lengthfunction hlist_for_each_entryfunction hierarchy_allows_attachfunction compute_effective_progsfunction hlist_for_each_entryfunction activate_effective_progsfunction cgroup_bpf_inheritfunction cgroup_bpf_lifetime_notifyfunction update_effective_progsfunction hlist_for_each_entryfunction hlist_for_each_entryfunction hlist_for_each_entryfunction insert_pl_to_hlistfunction __cgroup_bpf_attachfunction cgroup_bpf_attachfunction replace_effective_progfunction css_for_each_descendant_prefunction hlist_for_each_entryfunction __cgroup_bpf_replacefunction hlist_for_each_entryfunction cgroup_bpf_replacefunction purge_effective_progsfunction hlist_for_each_entryfunction __cgroup_bpf_detach
Annotated Snippet
core_initcall(cgroup_bpf_wq_init);
static int cgroup_bpf_lifetime_notify(struct notifier_block *nb,
unsigned long action, void *data);
static struct notifier_block cgroup_bpf_lifetime_nb = {
.notifier_call = cgroup_bpf_lifetime_notify,
};
void __init cgroup_bpf_lifetime_notifier_init(void)
{
BUG_ON(blocking_notifier_chain_register(&cgroup_lifetime_notifier,
&cgroup_bpf_lifetime_nb));
}
#ifdef CONFIG_BPF_LSM
struct cgroup_lsm_atype {
u32 attach_btf_id;
int refcnt;
bool returns_errno;
};
static struct cgroup_lsm_atype cgroup_lsm_atype[CGROUP_LSM_NUM];
static bool cgroup_bpf_hook_returns_errno(enum cgroup_bpf_attach_type atype)
{
if (atype >= CGROUP_LSM_START && atype <= CGROUP_LSM_END)
return READ_ONCE(cgroup_lsm_atype[atype - CGROUP_LSM_START].returns_errno);
return true;
}
#else
static bool cgroup_bpf_hook_returns_errno(enum cgroup_bpf_attach_type atype)
{
return true;
}
#endif
/* __always_inline is necessary to prevent indirect call through run_prog
* function pointer.
*/
static __always_inline int
bpf_prog_run_array_cg(const struct cgroup_bpf *cgrp,
enum cgroup_bpf_attach_type atype,
const void *ctx, bpf_prog_run_fn run_prog,
int retval, u32 *ret_flags)
{
const struct bpf_prog_array_item *item;
const struct bpf_prog *prog;
const struct bpf_prog_array *array;
struct bpf_run_ctx *old_run_ctx;
struct bpf_cg_run_ctx run_ctx;
u32 func_ret;
run_ctx.retval = retval;
rcu_read_lock_dont_migrate();
array = rcu_dereference(cgrp->effective[atype]);
item = &array->items[0];
old_run_ctx = bpf_set_run_ctx(&run_ctx.run_ctx);
while ((prog = READ_ONCE(item->prog))) {
run_ctx.prog_item = item;
func_ret = run_prog(prog, ctx);
if (ret_flags) {
*(ret_flags) |= (func_ret >> 1);
func_ret &= 1;
}
if (!func_ret && cgroup_bpf_hook_returns_errno(atype) &&
!IS_ERR_VALUE((long)run_ctx.retval))
run_ctx.retval = -EPERM;
item++;
}
bpf_reset_run_ctx(old_run_ctx);
rcu_read_unlock_migrate();
return run_ctx.retval;
}
unsigned int __cgroup_bpf_run_lsm_sock(const void *ctx,
const struct bpf_insn *insn)
{
const struct bpf_prog *shim_prog;
struct sock *sk;
struct cgroup *cgrp;
int ret = 0;
u64 *args;
args = (u64 *)ctx;
sk = (void *)(unsigned long)args[0];
/*shim_prog = container_of(insn, struct bpf_prog, insnsi);*/
shim_prog = (const struct bpf_prog *)((void *)insn - offsetof(struct bpf_prog, insnsi));
cgrp = sock_cgroup_ptr(&sk->sk_cgrp_data);
Annotation
- Immediate include surface: `linux/kernel.h`, `linux/atomic.h`, `linux/cgroup.h`, `linux/filter.h`, `linux/slab.h`, `linux/sysctl.h`, `linux/string.h`, `linux/bpf.h`.
- Detected declarations: `struct cgroup_lsm_atype`, `function cgroup_bpf_wq_init`, `function cgroup_bpf_lifetime_notifier_init`, `function cgroup_bpf_hook_returns_errno`, `function cgroup_bpf_hook_returns_errno`, `function bpf_prog_run_array_cg`, `function __cgroup_bpf_run_lsm_sock`, `function __cgroup_bpf_run_lsm_socket`, `function __cgroup_bpf_run_lsm_current`, `function bpf_cgroup_atype_find`.
- Atlas domain: Core OS / Scheduler, Processes, Timers, Sync, And Syscalls.
- Implementation status: integration implementation candidate.
- This snippet crosses the user/kernel memory boundary; validate fault handling and access checks before translating the pattern.
- Synchronization appears in or near this file; preserve lock ordering, sleepability, and interrupt-context constraints.
Implementation Notes
- This generated page is the file-by-file coverage layer; curated subsystem chapters should link here when they synthesize a multi-file control flow.
- Core OS pages should be promoted from atlas-only to deep-reviewed when they explain data structures, invariants, locking, lifecycle, and C implementation snippets.
- Driver-family pages are intentionally pattern-oriented unless they are part of the selected PCIe/NVMe representative device path.