kernel/bpf/cgroup.c

Source file repositories/reference/linux-study-clean/kernel/bpf/cgroup.c

File Facts

System
Linux kernel
Corpus path
kernel/bpf/cgroup.c
Extension
.c
Size
74352 bytes
Lines
2781
Domain
Core OS
Bucket
Scheduler, Processes, Timers, Sync, And Syscalls
Inferred role
Core OS: exported/initcall integration point
Status
integration implementation candidate

Why This File Exists

Core operating-system implementation surface: boot, tasks, memory, VFS, syscall-facing interfaces, synchronization, credentials, and isolation.

Dependency Surface

Detected Declarations

Annotated Snippet

core_initcall(cgroup_bpf_wq_init);

static int cgroup_bpf_lifetime_notify(struct notifier_block *nb,
				      unsigned long action, void *data);

static struct notifier_block cgroup_bpf_lifetime_nb = {
	.notifier_call = cgroup_bpf_lifetime_notify,
};

void __init cgroup_bpf_lifetime_notifier_init(void)
{
	BUG_ON(blocking_notifier_chain_register(&cgroup_lifetime_notifier,
						&cgroup_bpf_lifetime_nb));
}

#ifdef CONFIG_BPF_LSM
struct cgroup_lsm_atype {
	u32 attach_btf_id;
	int refcnt;
	bool returns_errno;
};

static struct cgroup_lsm_atype cgroup_lsm_atype[CGROUP_LSM_NUM];

static bool cgroup_bpf_hook_returns_errno(enum cgroup_bpf_attach_type atype)
{
	if (atype >= CGROUP_LSM_START && atype <= CGROUP_LSM_END)
		return READ_ONCE(cgroup_lsm_atype[atype - CGROUP_LSM_START].returns_errno);
	return true;
}
#else
static bool cgroup_bpf_hook_returns_errno(enum cgroup_bpf_attach_type atype)
{
	return true;
}
#endif

/* __always_inline is necessary to prevent indirect call through run_prog
 * function pointer.
 */
static __always_inline int
bpf_prog_run_array_cg(const struct cgroup_bpf *cgrp,
		      enum cgroup_bpf_attach_type atype,
		      const void *ctx, bpf_prog_run_fn run_prog,
		      int retval, u32 *ret_flags)
{
	const struct bpf_prog_array_item *item;
	const struct bpf_prog *prog;
	const struct bpf_prog_array *array;
	struct bpf_run_ctx *old_run_ctx;
	struct bpf_cg_run_ctx run_ctx;
	u32 func_ret;

	run_ctx.retval = retval;
	rcu_read_lock_dont_migrate();
	array = rcu_dereference(cgrp->effective[atype]);
	item = &array->items[0];
	old_run_ctx = bpf_set_run_ctx(&run_ctx.run_ctx);
	while ((prog = READ_ONCE(item->prog))) {
		run_ctx.prog_item = item;
		func_ret = run_prog(prog, ctx);
		if (ret_flags) {
			*(ret_flags) |= (func_ret >> 1);
			func_ret &= 1;
		}
		if (!func_ret && cgroup_bpf_hook_returns_errno(atype) &&
		    !IS_ERR_VALUE((long)run_ctx.retval))
			run_ctx.retval = -EPERM;
		item++;
	}
	bpf_reset_run_ctx(old_run_ctx);
	rcu_read_unlock_migrate();
	return run_ctx.retval;
}

unsigned int __cgroup_bpf_run_lsm_sock(const void *ctx,
				       const struct bpf_insn *insn)
{
	const struct bpf_prog *shim_prog;
	struct sock *sk;
	struct cgroup *cgrp;
	int ret = 0;
	u64 *args;

	args = (u64 *)ctx;
	sk = (void *)(unsigned long)args[0];
	/*shim_prog = container_of(insn, struct bpf_prog, insnsi);*/
	shim_prog = (const struct bpf_prog *)((void *)insn - offsetof(struct bpf_prog, insnsi));

	cgrp = sock_cgroup_ptr(&sk->sk_cgrp_data);

Annotation

Implementation Notes