Merge tag 'io_uring-bpf-restrictions.4-20260206' of...

void io_uring_unreg_ringfd(void);

const char *io_uring_get_opcode(u8 opcode);

bool io_is_uring_fops(struct file *file);

int __io_uring_fork(struct task_struct *tsk);

static inline void io_uring_files_cancel(void)

{

}

static inline void io_uring_free(struct task_struct *tsk)

{

	if (tsk->io_uring)

	if (tsk->io_uring || tsk->io_uring_restrict)

		__io_uring_free(tsk);

}

static inline int io_uring_fork(struct task_struct *tsk)

{

	if (tsk->io_uring_restrict)

		return __io_uring_fork(tsk);

	return 0;

}

#else

static inline void io_uring_task_cancel(void)

{

{

	return false;

}

static inline int io_uring_fork(struct task_struct *tsk)

{

	return 0;

}

#endif

#endif

	struct io_uring_cqe	cqes[] ____cacheline_aligned_in_smp;

};

struct io_bpf_filter;

struct io_bpf_filters {

	refcount_t refs;	/* ref for ->bpf_filters */

	spinlock_t lock;	/* protects ->bpf_filters modifications */

	struct io_bpf_filter __rcu **filters;

	struct rcu_head rcu_head;

};

struct io_restriction {

	DECLARE_BITMAP(register_op, IORING_REGISTER_LAST);

	DECLARE_BITMAP(sqe_op, IORING_OP_LAST);

	struct io_bpf_filters *bpf_filters;

	/* ->bpf_filters needs COW on modification */

	bool bpf_filters_cow;

	u8 sqe_flags_allowed;

	u8 sqe_flags_required;

	/* IORING_OP_* restrictions exist */

		struct task_struct	*submitter_task;

		struct io_rings		*rings;

		/* cache of ->restrictions.bpf_filters->filters */

		struct io_bpf_filter __rcu	**bpf_filters;

		struct percpu_ref	refs;

		clockid_t		clockid;

#ifdef CONFIG_IO_URING

	struct io_uring_task		*io_uring;

	struct io_restriction		*io_uring_restrict;

#endif

	/* Namespaces: */

	/* auxiliary zcrx configuration, see enum zcrx_ctrl_op */

	IORING_REGISTER_ZCRX_CTRL		= 36,

	/* register bpf filtering programs */

	IORING_REGISTER_BPF_FILTER		= 37,

	/* this goes last */

	IORING_REGISTER_LAST,

	__u32 resv2[3];

};

struct io_uring_task_restriction {

	__u16 flags;

	__u16 nr_res;

	__u32 resv[3];

	__DECLARE_FLEX_ARRAY(struct io_uring_restriction, restrictions);

};

struct io_uring_clock_register {

	__u32	clockid;

	__u32	__resv[3];

/* SPDX-License-Identifier: (GPL-2.0 WITH Linux-syscall-note) OR MIT */

/*

 * Header file for the io_uring BPF filters.

 */

#ifndef LINUX_IO_URING_BPF_FILTER_H

#define LINUX_IO_URING_BPF_FILTER_H

#include <linux/types.h>

/*

 * Struct passed to filters.

 */

struct io_uring_bpf_ctx {

	__u64	user_data;

	__u8	opcode;

	__u8	sqe_flags;

	__u8	pdu_size;	/* size of aux data for filter */

	__u8	pad[5];

	union {

		struct {

			__u32	family;

			__u32	type;

			__u32	protocol;

		} socket;

		struct {

			__u64	flags;

			__u64	mode;

			__u64	resolve;

		} open;

	};

};

enum {

	/*

	 * If set, any currently unset opcode will have a deny filter attached

	 */

	IO_URING_BPF_FILTER_DENY_REST	= 1,

};

struct io_uring_bpf_filter {

	__u32	opcode;		/* io_uring opcode to filter */

	__u32	flags;

	__u32	filter_len;	/* number of BPF instructions */

	__u32	resv;

	__u64	filter_ptr;	/* pointer to BPF filter */

	__u64	resv2[5];

};

enum {

	IO_URING_BPF_CMD_FILTER	= 1,

};

struct io_uring_bpf {

	__u16	cmd_type;	/* IO_URING_BPF_* values */

	__u16	cmd_flags;	/* none so far */

	__u32	resv;

	union {

		struct io_uring_bpf_filter	filter;

	};

};

#endif