bpf: Refactor cgroups code in prep for new type

Code move and rename only; no functional change intended. Signed-off-by: David Ahern <dsa@cumulusnetworks.com> Acked-by: Alexei Starovoitov <ast@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net>

bpf: Refactor cgroups code in prep for new type
Code move and rename only; no functional change intended. Signed-off-by: David Ahern <dsa@cumulusnetworks.com> Acked-by: Alexei Starovoitov <ast@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net>
b2cd1257 · David Ahern · David S. Miller · 7f7bf160 · b2cd1257 · b2cd1257
Commit b2cd1257 authored Dec 01, 2016 by David Ahern Committed by David S. Miller Dec 02, 2016
Hide whitespace changes
Inline Side-by-side

Showing with 43 additions and 41 deletions

include/linux/bpf-cgroup.h include/linux/bpf-cgroup.h +23 -23

kernel/bpf/cgroup.c kernel/bpf/cgroup.c +5 -5

kernel/bpf/syscall.c kernel/bpf/syscall.c +15 -13

No files found.
--- a/include/linux/bpf-cgroup.h
+++ b/include/linux/bpf-cgroup.h
@@ -36,31 +36,31 @@ void cgroup_bpf_update(struct cgroup *cgrp,
 		       struct bpf_prog *prog,
 		       enum bpf_attach_type type);
-int __cgroup_bpf_run_filter(struct sock *sk,
+int __cgroup_bpf_run_filter_skb(struct sock *sk,
-			    struct sk_buff *skb,
+				struct sk_buff *skb,
-			    enum bpf_attach_type type);
+				enum bpf_attach_type type);
-/* Wrappers for __cgroup_bpf_run_filter() guarded by cgroup_bpf_enabled. */
+/* Wrappers for __cgroup_bpf_run_filter_skb() guarded by cgroup_bpf_enabled. */
-#define BPF_CGROUP_RUN_PROG_INET_INGRESS(sk,skb)			\
+#define BPF_CGROUP_RUN_PROG_INET_INGRESS(sk, skb)			      \
-({									\
+({									      \
-	int __ret = 0;							\
+	int __ret = 0;							      \
-	if (cgroup_bpf_enabled)						\
+	if (cgroup_bpf_enabled)						      \
-		__ret = __cgroup_bpf_run_filter(sk, skb,		\
+		__ret = __cgroup_bpf_run_filter_skb(sk, skb,		      \
-						BPF_CGROUP_INET_INGRESS); \
+						    BPF_CGROUP_INET_INGRESS); \
-									\
+									      \
-	__ret;								\
+	__ret;								      \
 })
-#define BPF_CGROUP_RUN_PROG_INET_EGRESS(sk,skb)				\
+#define BPF_CGROUP_RUN_PROG_INET_EGRESS(sk, skb)			       \
-({									\
+({									       \
-	int __ret = 0;							\
+	int __ret = 0;							       \
-	if (cgroup_bpf_enabled && sk && sk == skb->sk) {		\
+	if (cgroup_bpf_enabled && sk && sk == skb->sk) {		       \
-		typeof(sk) __sk = sk_to_full_sk(sk);			\
+		typeof(sk) __sk = sk_to_full_sk(sk);			       \
-		if (sk_fullsock(__sk))					\
+		if (sk_fullsock(__sk))					       \
-			__ret = __cgroup_bpf_run_filter(__sk, skb,	\
+			__ret = __cgroup_bpf_run_filter_skb(__sk, skb,	       \
-						BPF_CGROUP_INET_EGRESS); \
+						      BPF_CGROUP_INET_EGRESS); \
-	}								\
+	}								       \
-	__ret;								\
+	__ret;								       \
 })
 #else

--- a/kernel/bpf/cgroup.c
+++ b/kernel/bpf/cgroup.c
@@ -118,7 +118,7 @@ void __cgroup_bpf_update(struct cgroup *cgrp,
 }
 /**
- * __cgroup_bpf_run_filter() - Run a program for packet filtering
+ * __cgroup_bpf_run_filter_skb() - Run a program for packet filtering
 * @sk: The socken sending or receiving traffic
 * @skb: The skb that is being sent or received
 * @type: The type of program to be exectuted
@@ -132,9 +132,9 @@ void __cgroup_bpf_update(struct cgroup *cgrp,
 * This function will return %-EPERM if any if an attached program was found
 * and if it returned != 1 during execution. In all other cases, 0 is returned.
 */
-int __cgroup_bpf_run_filter(struct sock *sk,
+int __cgroup_bpf_run_filter_skb(struct sock *sk,
-			    struct sk_buff *skb,
+				struct sk_buff *skb,
-			    enum bpf_attach_type type)
+				enum bpf_attach_type type)
 {
 	struct bpf_prog *prog;
 	struct cgroup *cgrp;
@@ -164,4 +164,4 @@ int __cgroup_bpf_run_filter(struct sock *sk,
 	return ret;
 }
-EXPORT_SYMBOL(__cgroup_bpf_run_filter);
+EXPORT_SYMBOL(__cgroup_bpf_run_filter_skb);
--- a/kernel/bpf/syscall.c
+++ b/kernel/bpf/syscall.c
@@ -856,6 +856,7 @@ static int bpf_prog_attach(const union bpf_attr *attr)
 {
 	struct bpf_prog *prog;
 	struct cgroup *cgrp;
+	enum bpf_prog_type ptype;
 	if (!capable(CAP_NET_ADMIN))
 		return -EPERM;
@@ -866,25 +867,26 @@ static int bpf_prog_attach(const union bpf_attr *attr)
 	switch (attr->attach_type) {
 	case BPF_CGROUP_INET_INGRESS:
 	case BPF_CGROUP_INET_EGRESS:
-		prog = bpf_prog_get_type(attr->attach_bpf_fd,
+		ptype = BPF_PROG_TYPE_CGROUP_SKB;
-					 BPF_PROG_TYPE_CGROUP_SKB);
-		if (IS_ERR(prog))
-			return PTR_ERR(prog);
-		cgrp = cgroup_get_from_fd(attr->target_fd);
-		if (IS_ERR(cgrp)) {
-			bpf_prog_put(prog);
-			return PTR_ERR(cgrp);
-		}
-		cgroup_bpf_update(cgrp, prog, attr->attach_type);
-		cgroup_put(cgrp);
 		break;
 	default:
 		return -EINVAL;
 	}
+	prog = bpf_prog_get_type(attr->attach_bpf_fd, ptype);
+	if (IS_ERR(prog))
+		return PTR_ERR(prog);
+	cgrp = cgroup_get_from_fd(attr->target_fd);
+	if (IS_ERR(cgrp)) {
+		bpf_prog_put(prog);
+		return PTR_ERR(cgrp);
+	}
+	cgroup_bpf_update(cgrp, prog, attr->attach_type);
+	cgroup_put(cgrp);
 	return 0;
 }