1 /* SPDX-License-Identifier: GPL-2.0 */
2 #ifndef _BPF_CGROUP_DEFS_H
3 #define _BPF_CGROUP_DEFS_H
5 #ifdef CONFIG_CGROUP_BPF
7 #include <linux/list.h>
8 #include <linux/percpu-refcount.h>
9 #include <linux/workqueue.h>
11 struct bpf_prog_array
;
14 /* Maximum number of concurrently attachable per-cgroup LSM hooks. */
15 #define CGROUP_LSM_NUM 10
17 #define CGROUP_LSM_NUM 0
20 enum cgroup_bpf_attach_type
{
21 CGROUP_BPF_ATTACH_TYPE_INVALID
= -1,
22 CGROUP_INET_INGRESS
= 0,
24 CGROUP_INET_SOCK_CREATE
,
32 CGROUP_INET4_POST_BIND
,
33 CGROUP_INET6_POST_BIND
,
43 CGROUP_INET4_GETPEERNAME
,
44 CGROUP_INET6_GETPEERNAME
,
45 CGROUP_UNIX_GETPEERNAME
,
46 CGROUP_INET4_GETSOCKNAME
,
47 CGROUP_INET6_GETSOCKNAME
,
48 CGROUP_UNIX_GETSOCKNAME
,
49 CGROUP_INET_SOCK_RELEASE
,
51 CGROUP_LSM_END
= CGROUP_LSM_START
+ CGROUP_LSM_NUM
- 1,
52 MAX_CGROUP_BPF_ATTACH_TYPE
56 /* array of effective progs in this cgroup */
57 struct bpf_prog_array __rcu
*effective
[MAX_CGROUP_BPF_ATTACH_TYPE
];
59 /* attached progs to this cgroup and attach flags
60 * when flags == 0 or BPF_F_ALLOW_OVERRIDE the progs list will
61 * have either zero or one element
62 * when BPF_F_ALLOW_MULTI the list can have up to BPF_CGROUP_MAX_PROGS
64 struct hlist_head progs
[MAX_CGROUP_BPF_ATTACH_TYPE
];
65 u8 flags
[MAX_CGROUP_BPF_ATTACH_TYPE
];
67 /* list of cgroup shared storages */
68 struct list_head storages
;
70 /* temp storage for effective prog array used by prog_attach/detach */
71 struct bpf_prog_array
*inactive
;
73 /* reference counter used to detach bpf programs after cgroup removal */
74 struct percpu_ref refcnt
;
76 /* cgroup_bpf is released using a work queue */
77 struct work_struct release_work
;
80 #else /* CONFIG_CGROUP_BPF */
82 #endif /* CONFIG_CGROUP_BPF */