Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b2cd1257 authored by David Ahern's avatar David Ahern Committed by David S. Miller
Browse files

bpf: Refactor cgroups code in prep for new type 



Code move and rename only; no functional change intended.

Signed-off-by: default avatarDavid Ahern <dsa@cumulusnetworks.com>
Acked-by: default avatarAlexei Starovoitov <ast@kernel.org>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 7f7bf160

include/linux/bpf-cgroup.h

+23 −23
Original line number Diff line number Diff line
@@ -36,16 +36,16 @@ void cgroup_bpf_update(struct cgroup *cgrp, 
		       struct bpf_prog *prog,

		       enum bpf_attach_type type);



int __cgroup_bpf_run_filter(struct sock *sk,

int __cgroup_bpf_run_filter_skb(struct sock *sk,

				struct sk_buff *skb,

				enum bpf_attach_type type);



/* Wrappers for __cgroup_bpf_run_filter() guarded by cgroup_bpf_enabled. */

/* Wrappers for __cgroup_bpf_run_filter_skb() guarded by cgroup_bpf_enabled. */

#define BPF_CGROUP_RUN_PROG_INET_INGRESS(sk, skb)			      \

({									      \

	int __ret = 0;							      \

	if (cgroup_bpf_enabled)						      \

		__ret = __cgroup_bpf_run_filter(sk, skb,		\

		__ret = __cgroup_bpf_run_filter_skb(sk, skb,		      \

						    BPF_CGROUP_INET_INGRESS); \

									      \

	__ret;								      \
@@ -57,7 +57,7 @@ int __cgroup_bpf_run_filter(struct sock *sk, 
	if (cgroup_bpf_enabled && sk && sk == skb->sk) {		       \

		typeof(sk) __sk = sk_to_full_sk(sk);			       \

		if (sk_fullsock(__sk))					       \

			__ret = __cgroup_bpf_run_filter(__sk, skb,	\

			__ret = __cgroup_bpf_run_filter_skb(__sk, skb,	       \

						      BPF_CGROUP_INET_EGRESS); \

	}								       \

	__ret;								       \

kernel/bpf/cgroup.c

+5 −5
Original line number Diff line number Diff line
@@ -118,7 +118,7 @@ void __cgroup_bpf_update(struct cgroup *cgrp, 
}



/**

 * __cgroup_bpf_run_filter() - Run a program for packet filtering

 * __cgroup_bpf_run_filter_skb() - Run a program for packet filtering

 * @sk: The socken sending or receiving traffic

 * @skb: The skb that is being sent or received

 * @type: The type of program to be exectuted
@@ -132,7 +132,7 @@ void __cgroup_bpf_update(struct cgroup *cgrp, 
 * This function will return %-EPERM if any if an attached program was found

 * and if it returned != 1 during execution. In all other cases, 0 is returned.

 */

int __cgroup_bpf_run_filter(struct sock *sk,

int __cgroup_bpf_run_filter_skb(struct sock *sk,

				struct sk_buff *skb,

				enum bpf_attach_type type)

{
@@ -164,4 +164,4 @@ int __cgroup_bpf_run_filter(struct sock *sk, 


	return ret;

}

EXPORT_SYMBOL(__cgroup_bpf_run_filter);
 
EXPORT_SYMBOL(__cgroup_bpf_run_filter_skb);

kernel/bpf/syscall.c

+15 −13
Original line number Diff line number Diff line
@@ -856,6 +856,7 @@ static int bpf_prog_attach(const union bpf_attr *attr) 
{

	struct bpf_prog *prog;

	struct cgroup *cgrp;

	enum bpf_prog_type ptype;



	if (!capable(CAP_NET_ADMIN))

		return -EPERM;
@@ -866,8 +867,14 @@ static int bpf_prog_attach(const union bpf_attr *attr) 
	switch (attr->attach_type) {

	case BPF_CGROUP_INET_INGRESS:

	case BPF_CGROUP_INET_EGRESS:

		prog = bpf_prog_get_type(attr->attach_bpf_fd,

					 BPF_PROG_TYPE_CGROUP_SKB);

		ptype = BPF_PROG_TYPE_CGROUP_SKB;

		break;



	default:

		return -EINVAL;

	}



	prog = bpf_prog_get_type(attr->attach_bpf_fd, ptype);

	if (IS_ERR(prog))

		return PTR_ERR(prog);
@@ -879,11 +886,6 @@ static int bpf_prog_attach(const union bpf_attr *attr) 


	cgroup_bpf_update(cgrp, prog, attr->attach_type);

	cgroup_put(cgrp);

		break;



	default:

		return -EINVAL;

	}



	return 0;

}