~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/net/sched/cls_cgroup.c

Version: ~ [ linux-5.11 ] ~ [ linux-5.10.17 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.99 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.176 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.221 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.257 ] ~ [ linux-4.8.17 ] ~ [ linux-4.7.10 ] ~ [ linux-4.6.7 ] ~ [ linux-4.5.7 ] ~ [ linux-4.4.257 ] ~ [ linux-4.3.6 ] ~ [ linux-4.2.8 ] ~ [ linux-4.1.52 ] ~ [ linux-4.0.9 ] ~ [ linux-3.19.8 ] ~ [ linux-3.18.140 ] ~ [ linux-3.17.8 ] ~ [ linux-3.16.85 ] ~ [ linux-3.15.10 ] ~ [ linux-3.14.79 ] ~ [ linux-3.13.11 ] ~ [ linux-3.12.74 ] ~ [ linux-3.11.10 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.5 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

  1 /*
  2  * net/sched/cls_cgroup.c       Control Group Classifier
  3  *
  4  *              This program is free software; you can redistribute it and/or
  5  *              modify it under the terms of the GNU General Public License
  6  *              as published by the Free Software Foundation; either version
  7  *              2 of the License, or (at your option) any later version.
  8  *
  9  * Authors:     Thomas Graf <tgraf@suug.ch>
 10  */
 11 
 12 #include <linux/module.h>
 13 #include <linux/slab.h>
 14 #include <linux/types.h>
 15 #include <linux/string.h>
 16 #include <linux/errno.h>
 17 #include <linux/skbuff.h>
 18 #include <linux/cgroup.h>
 19 #include <linux/rcupdate.h>
 20 #include <linux/fdtable.h>
 21 #include <net/rtnetlink.h>
 22 #include <net/pkt_cls.h>
 23 #include <net/sock.h>
 24 #include <net/cls_cgroup.h>
 25 
 26 static inline struct cgroup_cls_state *cgrp_cls_state(struct cgroup *cgrp)
 27 {
 28         return container_of(cgroup_subsys_state(cgrp, net_cls_subsys_id),
 29                             struct cgroup_cls_state, css);
 30 }
 31 
 32 static inline struct cgroup_cls_state *task_cls_state(struct task_struct *p)
 33 {
 34         return container_of(task_subsys_state(p, net_cls_subsys_id),
 35                             struct cgroup_cls_state, css);
 36 }
 37 
 38 static struct cgroup_subsys_state *cgrp_css_alloc(struct cgroup *cgrp)
 39 {
 40         struct cgroup_cls_state *cs;
 41 
 42         cs = kzalloc(sizeof(*cs), GFP_KERNEL);
 43         if (!cs)
 44                 return ERR_PTR(-ENOMEM);
 45         return &cs->css;
 46 }
 47 
 48 static int cgrp_css_online(struct cgroup *cgrp)
 49 {
 50         if (cgrp->parent)
 51                 cgrp_cls_state(cgrp)->classid =
 52                         cgrp_cls_state(cgrp->parent)->classid;
 53         return 0;
 54 }
 55 
 56 static void cgrp_css_free(struct cgroup *cgrp)
 57 {
 58         kfree(cgrp_cls_state(cgrp));
 59 }
 60 
 61 static int update_classid(const void *v, struct file *file, unsigned n)
 62 {
 63         int err;
 64         struct socket *sock = sock_from_file(file, &err);
 65         if (sock)
 66                 sock->sk->sk_classid = (u32)(unsigned long)v;
 67         return 0;
 68 }
 69 
 70 static void cgrp_attach(struct cgroup *cgrp, struct cgroup_taskset *tset)
 71 {
 72         struct task_struct *p;
 73         void *v;
 74 
 75         cgroup_taskset_for_each(p, cgrp, tset) {
 76                 task_lock(p);
 77                 v = (void *)(unsigned long)task_cls_classid(p);
 78                 iterate_fd(p->files, 0, update_classid, v);
 79                 task_unlock(p);
 80         }
 81 }
 82 
 83 static u64 read_classid(struct cgroup *cgrp, struct cftype *cft)
 84 {
 85         return cgrp_cls_state(cgrp)->classid;
 86 }
 87 
 88 static int write_classid(struct cgroup *cgrp, struct cftype *cft, u64 value)
 89 {
 90         cgrp_cls_state(cgrp)->classid = (u32) value;
 91         return 0;
 92 }
 93 
 94 static struct cftype ss_files[] = {
 95         {
 96                 .name = "classid",
 97                 .read_u64 = read_classid,
 98                 .write_u64 = write_classid,
 99         },
100         { }     /* terminate */
101 };
102 
103 struct cgroup_subsys net_cls_subsys = {
104         .name           = "net_cls",
105         .css_alloc      = cgrp_css_alloc,
106         .css_online     = cgrp_css_online,
107         .css_free       = cgrp_css_free,
108         .attach         = cgrp_attach,
109         .subsys_id      = net_cls_subsys_id,
110         .base_cftypes   = ss_files,
111         .module         = THIS_MODULE,
112 };
113 
114 struct cls_cgroup_head {
115         u32                     handle;
116         struct tcf_exts         exts;
117         struct tcf_ematch_tree  ematches;
118 };
119 
120 static int cls_cgroup_classify(struct sk_buff *skb, const struct tcf_proto *tp,
121                                struct tcf_result *res)
122 {
123         struct cls_cgroup_head *head = tp->root;
124         u32 classid;
125 
126         rcu_read_lock();
127         classid = task_cls_state(current)->classid;
128         rcu_read_unlock();
129 
130         /*
131          * Due to the nature of the classifier it is required to ignore all
132          * packets originating from softirq context as accessing `current'
133          * would lead to false results.
134          *
135          * This test assumes that all callers of dev_queue_xmit() explicitely
136          * disable bh. Knowing this, it is possible to detect softirq based
137          * calls by looking at the number of nested bh disable calls because
138          * softirqs always disables bh.
139          */
140         if (in_serving_softirq()) {
141                 /* If there is an sk_classid we'll use that. */
142                 if (!skb->sk)
143                         return -1;
144                 classid = skb->sk->sk_classid;
145         }
146 
147         if (!classid)
148                 return -1;
149 
150         if (!tcf_em_tree_match(skb, &head->ematches, NULL))
151                 return -1;
152 
153         res->classid = classid;
154         res->class = 0;
155         return tcf_exts_exec(skb, &head->exts, res);
156 }
157 
158 static unsigned long cls_cgroup_get(struct tcf_proto *tp, u32 handle)
159 {
160         return 0UL;
161 }
162 
163 static void cls_cgroup_put(struct tcf_proto *tp, unsigned long f)
164 {
165 }
166 
167 static int cls_cgroup_init(struct tcf_proto *tp)
168 {
169         return 0;
170 }
171 
172 static const struct tcf_ext_map cgroup_ext_map = {
173         .action = TCA_CGROUP_ACT,
174         .police = TCA_CGROUP_POLICE,
175 };
176 
177 static const struct nla_policy cgroup_policy[TCA_CGROUP_MAX + 1] = {
178         [TCA_CGROUP_EMATCHES]   = { .type = NLA_NESTED },
179 };
180 
181 static int cls_cgroup_change(struct net *net, struct sk_buff *in_skb,
182                              struct tcf_proto *tp, unsigned long base,
183                              u32 handle, struct nlattr **tca,
184                              unsigned long *arg)
185 {
186         struct nlattr *tb[TCA_CGROUP_MAX + 1];
187         struct cls_cgroup_head *head = tp->root;
188         struct tcf_ematch_tree t;
189         struct tcf_exts e;
190         int err;
191 
192         if (!tca[TCA_OPTIONS])
193                 return -EINVAL;
194 
195         if (head == NULL) {
196                 if (!handle)
197                         return -EINVAL;
198 
199                 head = kzalloc(sizeof(*head), GFP_KERNEL);
200                 if (head == NULL)
201                         return -ENOBUFS;
202 
203                 head->handle = handle;
204 
205                 tcf_tree_lock(tp);
206                 tp->root = head;
207                 tcf_tree_unlock(tp);
208         }
209 
210         if (handle != head->handle)
211                 return -ENOENT;
212 
213         err = nla_parse_nested(tb, TCA_CGROUP_MAX, tca[TCA_OPTIONS],
214                                cgroup_policy);
215         if (err < 0)
216                 return err;
217 
218         err = tcf_exts_validate(net, tp, tb, tca[TCA_RATE], &e,
219                                 &cgroup_ext_map);
220         if (err < 0)
221                 return err;
222 
223         err = tcf_em_tree_validate(tp, tb[TCA_CGROUP_EMATCHES], &t);
224         if (err < 0)
225                 return err;
226 
227         tcf_exts_change(tp, &head->exts, &e);
228         tcf_em_tree_change(tp, &head->ematches, &t);
229 
230         return 0;
231 }
232 
233 static void cls_cgroup_destroy(struct tcf_proto *tp)
234 {
235         struct cls_cgroup_head *head = tp->root;
236 
237         if (head) {
238                 tcf_exts_destroy(tp, &head->exts);
239                 tcf_em_tree_destroy(tp, &head->ematches);
240                 kfree(head);
241         }
242 }
243 
244 static int cls_cgroup_delete(struct tcf_proto *tp, unsigned long arg)
245 {
246         return -EOPNOTSUPP;
247 }
248 
249 static void cls_cgroup_walk(struct tcf_proto *tp, struct tcf_walker *arg)
250 {
251         struct cls_cgroup_head *head = tp->root;
252 
253         if (arg->count < arg->skip)
254                 goto skip;
255 
256         if (arg->fn(tp, (unsigned long) head, arg) < 0) {
257                 arg->stop = 1;
258                 return;
259         }
260 skip:
261         arg->count++;
262 }
263 
264 static int cls_cgroup_dump(struct tcf_proto *tp, unsigned long fh,
265                            struct sk_buff *skb, struct tcmsg *t)
266 {
267         struct cls_cgroup_head *head = tp->root;
268         unsigned char *b = skb_tail_pointer(skb);
269         struct nlattr *nest;
270 
271         t->tcm_handle = head->handle;
272 
273         nest = nla_nest_start(skb, TCA_OPTIONS);
274         if (nest == NULL)
275                 goto nla_put_failure;
276 
277         if (tcf_exts_dump(skb, &head->exts, &cgroup_ext_map) < 0 ||
278             tcf_em_tree_dump(skb, &head->ematches, TCA_CGROUP_EMATCHES) < 0)
279                 goto nla_put_failure;
280 
281         nla_nest_end(skb, nest);
282 
283         if (tcf_exts_dump_stats(skb, &head->exts, &cgroup_ext_map) < 0)
284                 goto nla_put_failure;
285 
286         return skb->len;
287 
288 nla_put_failure:
289         nlmsg_trim(skb, b);
290         return -1;
291 }
292 
293 static struct tcf_proto_ops cls_cgroup_ops __read_mostly = {
294         .kind           =       "cgroup",
295         .init           =       cls_cgroup_init,
296         .change         =       cls_cgroup_change,
297         .classify       =       cls_cgroup_classify,
298         .destroy        =       cls_cgroup_destroy,
299         .get            =       cls_cgroup_get,
300         .put            =       cls_cgroup_put,
301         .delete         =       cls_cgroup_delete,
302         .walk           =       cls_cgroup_walk,
303         .dump           =       cls_cgroup_dump,
304         .owner          =       THIS_MODULE,
305 };
306 
307 static int __init init_cgroup_cls(void)
308 {
309         int ret;
310 
311         ret = cgroup_load_subsys(&net_cls_subsys);
312         if (ret)
313                 goto out;
314 
315         ret = register_tcf_proto_ops(&cls_cgroup_ops);
316         if (ret)
317                 cgroup_unload_subsys(&net_cls_subsys);
318 
319 out:
320         return ret;
321 }
322 
323 static void __exit exit_cgroup_cls(void)
324 {
325         unregister_tcf_proto_ops(&cls_cgroup_ops);
326 
327         cgroup_unload_subsys(&net_cls_subsys);
328 }
329 
330 module_init(init_cgroup_cls);
331 module_exit(exit_cgroup_cls);
332 MODULE_LICENSE("GPL");
333 

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | Wiki (Japanese) | Wiki (English) | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

osdn.jp