bpf.h revision 8a56ec283c64512a16e4e19ae6a293ba7f543daf 
1/* bpf.h
2 * Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
3 * Use of this source code is governed by a BSD-style license that can be
4 * found in the LICENSE file.
5 *
6 * Berkeley Packet Filter functions.
7 */
8
9#ifndef BPF_H
10#define BPF_H
11
12#include <asm/bitsperlong.h>   /* for __BITS_PER_LONG */
13#include <linux/audit.h>
14#include <linux/filter.h>
15#include <stddef.h>
16#include <sys/user.h>
17
18#if __BITS_PER_LONG == 32 || defined(__ILP32__)
19#define BITS32
20#elif __BITS_PER_LONG == 64
21#define BITS64
22#endif
23
24/* Constants for comparison operators. */
25#define MIN_OPERATOR 128
26enum operator {
27	EQ = MIN_OPERATOR,
28	NE,
29	LT,
30	LE,
31	GT,
32	GE,
33	SET
34};
35
36/*
37 * BPF return values and data structures,
38 * since they're not yet in the kernel.
39 */
40#define SECCOMP_RET_KILL	0x00000000U /* kill the task immediately */
41#define SECCOMP_RET_TRAP	0x00030000U /* return SIGSYS */
42#define SECCOMP_RET_ERRNO	0x00050000U /* return -1 and set errno */
43#define SECCOMP_RET_ALLOW	0x7fff0000U /* allow */
44
45#define SECCOMP_RET_DATA	0x0000ffffU /* mask for return value */
46
47struct seccomp_data {
48	int nr;
49	__u32 arch;
50	__u64 instruction_pointer;
51	__u64 args[6];
52};
53
54#define syscall_nr (offsetof(struct seccomp_data, nr))
55#define arch_nr (offsetof(struct seccomp_data, arch))
56
57#if defined(__i386__)
58#define ARCH_NR	AUDIT_ARCH_I386
59#elif defined(__x86_64__)
60#define ARCH_NR	AUDIT_ARCH_X86_64
61#elif defined(__arm__)
62/*
63 * <linux/audit.h> includes <linux/elf-em.h>, which does not define EM_ARM.
64 * <linux/elf.h> only includes <asm/elf.h> if we're in the kernel.
65 */
66# ifndef EM_ARM
67# define EM_ARM 40
68# endif
69#define ARCH_NR	AUDIT_ARCH_ARM
70#else
71#error "AUDIT_ARCH value unavailable"
72#endif
73
74/* Size-dependent defines. */
75#if defined(BITS32)
76/*
77 * On 32 bits, comparisons take 2 instructions: 1 for loading the argument,
78 * 1 for the actual comparison.
79 */
80#define BPF_LOAD_ARG_LEN	1U
81#define BPF_COMP_LEN		1U
82#define BPF_ARG_COMP_LEN (BPF_LOAD_ARG_LEN + BPF_COMP_LEN)
83
84#define bpf_comp_jeq bpf_comp_jeq32
85#define bpf_comp_jset bpf_comp_jset32
86
87#define LO_ARG(idx) offsetof(struct seccomp_data, args[(idx)])
88
89#elif defined(BITS64)
90/*
91 * On 64 bits, comparisons take 7 instructions: 4 for loading the argument,
92 * and 3 for the actual comparison.
93 */
94#define BPF_LOAD_ARG_LEN	4U
95#define BPF_COMP_LEN		3U
96#define BPF_ARG_COMP_LEN (BPF_LOAD_ARG_LEN + BPF_COMP_LEN)
97
98#define bpf_comp_jeq bpf_comp_jeq64
99#define bpf_comp_jset bpf_comp_jset64
100
101/* Ensure that we load the logically correct offset. */
102#if defined(__LITTLE_ENDIAN)
103#define LO_ARG(idx) offsetof(struct seccomp_data, args[(idx)])
104#define HI_ARG(idx) offsetof(struct seccomp_data, args[(idx)]) + sizeof(__u32)
105#elif defined(__BIG_ENDIAN)
106#define LO_ARG(idx) offsetof(struct seccomp_data, args[(idx)]) + sizeof(__u32)
107#define HI_ARG(idx) offsetof(struct seccomp_data, args[(idx)])
108#else
109#error "Unknown endianness"
110#endif
111
112#else
113#error "Unknown bit width"
114
115#endif
116
117/* Common jump targets. */
118#define NEXT 0
119#define SKIP 1
120#define SKIPN(_n) (_n)
121
122/* Support for labels in BPF programs. */
123#define JUMP_JT 0xff
124#define JUMP_JF 0xff
125#define LABEL_JT 0xfe
126#define LABEL_JF 0xfe
127
128#define MAX_BPF_LABEL_LEN 32
129
130#define BPF_LABELS_MAX 256
131struct bpf_labels {
132	int count;
133	struct __bpf_label {
134		const char *label;
135		unsigned int location;
136	} labels[BPF_LABELS_MAX];
137};
138
139/* BPF instruction manipulation functions and macros. */
140inline size_t set_bpf_instr(struct sock_filter *instr,
141		unsigned short code, unsigned int k,
142		unsigned char jt, unsigned char jf);
143
144#define set_bpf_stmt(_block, _code, _k) \
145	set_bpf_instr((_block), (_code), (_k), 0, 0)
146
147#define set_bpf_jump(_block, _code, _k, _jt, _jf) \
148	set_bpf_instr((_block), (_code), (_k), (_jt), (_jf))
149
150#define set_bpf_lbl(_block, _lbl_id) \
151	set_bpf_jump((_block), BPF_JMP+BPF_JA, (_lbl_id), \
152			LABEL_JT, LABEL_JF)
153
154#define set_bpf_jump_lbl(_block, _lbl_id) \
155	set_bpf_jump((_block), BPF_JMP+BPF_JA, (_lbl_id), \
156			JUMP_JT, JUMP_JF)
157
158#define set_bpf_ret_kill(_block) \
159	set_bpf_stmt((_block), BPF_RET+BPF_K, SECCOMP_RET_KILL)
160
161#define set_bpf_ret_trap(_block) \
162	set_bpf_stmt((_block), BPF_RET+BPF_K, SECCOMP_RET_TRAP)
163
164#define set_bpf_ret_errno(_block, _errno) \
165	set_bpf_stmt((_block), BPF_RET+BPF_K, \
166		SECCOMP_RET_ERRNO | ((_errno) & SECCOMP_RET_DATA))
167
168#define set_bpf_ret_allow(_block) \
169	set_bpf_stmt((_block), BPF_RET+BPF_K, SECCOMP_RET_ALLOW)
170
171#define bpf_load_syscall_nr(_filter) \
172	set_bpf_stmt((_filter), BPF_LD+BPF_W+BPF_ABS, syscall_nr)
173
174/* BPF label functions. */
175int bpf_resolve_jumps(struct bpf_labels *labels,
176		struct sock_filter *filter, size_t count);
177int bpf_label_id(struct bpf_labels *labels, const char *label);
178void free_label_strings(struct bpf_labels *labels);
179
180/* BPF helper functions. */
181size_t bpf_load_arg(struct sock_filter *filter, int argidx);
182size_t bpf_comp_jeq(struct sock_filter *filter, unsigned long c,
183		unsigned char jt, unsigned char jf);
184size_t bpf_comp_jset(struct sock_filter *filter, unsigned long mask,
185		unsigned char jt, unsigned char jf);
186
187/* Functions called by syscall_filter.c */
188#define ARCH_VALIDATION_LEN 3U
189#define ALLOW_SYSCALL_LEN 2U
190
191size_t bpf_arg_comp(struct sock_filter **pfilter,
192		int op, int argidx, unsigned long c, unsigned int label_id);
193size_t bpf_validate_arch(struct sock_filter *filter);
194size_t bpf_allow_syscall(struct sock_filter *filter, int nr);
195size_t bpf_allow_syscall_args(struct sock_filter *filter,
196		int nr, unsigned int id);
197
198/* Debug functions. */
199void dump_bpf_prog(struct sock_fprog *fprog);
200void dump_bpf_filter(struct sock_filter *filter, unsigned short len);
201
202#endif /* BPF_H */
203