/linux-6.1.9/drivers/net/ethernet/marvell/prestera/ |
D | prestera_acl.c | 140 struct prestera_acl_ruleset *ruleset; in prestera_acl_ruleset_create() local 147 ruleset = kzalloc(sizeof(*ruleset), GFP_KERNEL); in prestera_acl_ruleset_create() 148 if (!ruleset) in prestera_acl_ruleset_create() 151 ruleset->acl = acl; in prestera_acl_ruleset_create() 152 ruleset->ingress = block->ingress; in prestera_acl_ruleset_create() 153 ruleset->ht_key.block = block; in prestera_acl_ruleset_create() 154 ruleset->ht_key.chain_index = chain_index; in prestera_acl_ruleset_create() 155 refcount_set(&ruleset->refcount, 1); in prestera_acl_ruleset_create() 157 err = rhashtable_init(&ruleset->rule_ht, &prestera_acl_rule_ht_params); in prestera_acl_ruleset_create() 166 ruleset->pcl_id = PRESTERA_ACL_PCL_ID_MAKE((u8)uid, chain_index); in prestera_acl_ruleset_create() [all …]
|
D | prestera_flower.c | 11 struct prestera_acl_ruleset *ruleset; member 19 prestera_acl_ruleset_put(template->ruleset); in prestera_flower_template_free() 39 struct prestera_acl_ruleset *ruleset; in prestera_flower_parse_goto_action() local 48 ruleset = prestera_acl_ruleset_get(block->sw->acl, block, in prestera_flower_parse_goto_action() 50 if (IS_ERR(ruleset)) in prestera_flower_parse_goto_action() 51 return PTR_ERR(ruleset); in prestera_flower_parse_goto_action() 54 rule->re_arg.jump.i.index = prestera_acl_ruleset_index_get(ruleset); in prestera_flower_parse_goto_action() 56 rule->jump_ruleset = ruleset; in prestera_flower_parse_goto_action() 397 struct prestera_acl_ruleset *ruleset; in prestera_flower_prio_get() local 399 ruleset = prestera_acl_ruleset_lookup(block->sw->acl, block, chain_index); in prestera_flower_prio_get() [all …]
|
D | prestera_acl.h | 130 struct prestera_acl_ruleset *ruleset; member 156 prestera_acl_rule_create(struct prestera_acl_ruleset *ruleset, 162 prestera_acl_rule_lookup(struct prestera_acl_ruleset *ruleset, 188 int prestera_acl_ruleset_keymask_set(struct prestera_acl_ruleset *ruleset, 190 bool prestera_acl_ruleset_is_offload(struct prestera_acl_ruleset *ruleset); 191 int prestera_acl_ruleset_offload(struct prestera_acl_ruleset *ruleset); 192 void prestera_acl_ruleset_put(struct prestera_acl_ruleset *ruleset); 193 int prestera_acl_ruleset_bind(struct prestera_acl_ruleset *ruleset, 195 int prestera_acl_ruleset_unbind(struct prestera_acl_ruleset *ruleset, 197 u32 prestera_acl_ruleset_index_get(const struct prestera_acl_ruleset *ruleset); [all …]
|
/linux-6.1.9/security/landlock/ |
D | syscalls.c | 99 struct landlock_ruleset *ruleset = filp->private_data; in fop_ruleset_release() local 101 landlock_put_ruleset(ruleset); in fop_ruleset_release() 162 struct landlock_ruleset *ruleset; in SYSCALL_DEFINE3() local 192 ruleset = landlock_create_ruleset(ruleset_attr.handled_access_fs); in SYSCALL_DEFINE3() 193 if (IS_ERR(ruleset)) in SYSCALL_DEFINE3() 194 return PTR_ERR(ruleset); in SYSCALL_DEFINE3() 198 ruleset, O_RDWR | O_CLOEXEC); in SYSCALL_DEFINE3() 200 landlock_put_ruleset(ruleset); in SYSCALL_DEFINE3() 212 struct landlock_ruleset *ruleset; in get_ruleset_from_fd() local 220 ruleset = ERR_PTR(-EBADFD); in get_ruleset_from_fd() [all …]
|
D | ruleset.c | 116 const struct landlock_ruleset ruleset = { in build_check_ruleset() local 120 typeof(ruleset.fs_access_masks[0]) fs_access_mask = ~0; in build_check_ruleset() 122 BUILD_BUG_ON(ruleset.num_rules < LANDLOCK_MAX_NUM_RULES); in build_check_ruleset() 123 BUILD_BUG_ON(ruleset.num_layers < LANDLOCK_MAX_NUM_LAYERS); in build_check_ruleset() 145 static int insert_rule(struct landlock_ruleset *const ruleset, in insert_rule() argument 155 lockdep_assert_held(&ruleset->lock); in insert_rule() 158 walker_node = &(ruleset->root.rb_node); in insert_rule() 201 rb_replace_node(&this->node, &new_rule->node, &ruleset->root); in insert_rule() 208 if (ruleset->num_rules >= LANDLOCK_MAX_NUM_RULES) in insert_rule() 214 rb_insert_color(&new_rule->node, &ruleset->root); in insert_rule() [all …]
|
D | ruleset.h | 159 void landlock_put_ruleset(struct landlock_ruleset *const ruleset); 160 void landlock_put_ruleset_deferred(struct landlock_ruleset *const ruleset); 162 int landlock_insert_rule(struct landlock_ruleset *const ruleset, 168 struct landlock_ruleset *const ruleset); 171 landlock_find_rule(const struct landlock_ruleset *const ruleset, 174 static inline void landlock_get_ruleset(struct landlock_ruleset *const ruleset) in landlock_get_ruleset() argument 176 if (ruleset) in landlock_get_ruleset() 177 refcount_inc(&ruleset->usage); in landlock_get_ruleset()
|
D | fs.c | 165 int landlock_append_fs_rule(struct landlock_ruleset *const ruleset, in landlock_append_fs_rule() argument 176 if (WARN_ON_ONCE(ruleset->num_layers != 1)) in landlock_append_fs_rule() 182 ~(ruleset->fs_access_masks[0] | ACCESS_INITIALLY_DENIED); in landlock_append_fs_rule() 186 mutex_lock(&ruleset->lock); in landlock_append_fs_rule() 187 err = landlock_insert_rule(ruleset, object, access_rights); in landlock_append_fs_rule() 188 mutex_unlock(&ruleset->lock); in landlock_append_fs_rule()
|
D | Makefile | 3 landlock-y := setup.o syscalls.o object.o ruleset.o \
|
D | fs.h | 67 int landlock_append_fs_rule(struct landlock_ruleset *const ruleset,
|
/linux-6.1.9/drivers/net/ethernet/mellanox/mlxsw/ |
D | spectrum_acl.c | 64 struct mlxsw_sp_acl_ruleset *ruleset; member 94 mlxsw_sp_acl_ruleset_is_singular(const struct mlxsw_sp_acl_ruleset *ruleset) in mlxsw_sp_acl_ruleset_is_singular() argument 97 return ruleset->ref_count == 2; in mlxsw_sp_acl_ruleset_is_singular() 104 struct mlxsw_sp_acl_ruleset *ruleset = block->ruleset_zero; in mlxsw_sp_acl_ruleset_bind() local 105 const struct mlxsw_sp_acl_profile_ops *ops = ruleset->ht_key.ops; in mlxsw_sp_acl_ruleset_bind() 107 return ops->ruleset_bind(mlxsw_sp, ruleset->priv, in mlxsw_sp_acl_ruleset_bind() 115 struct mlxsw_sp_acl_ruleset *ruleset = block->ruleset_zero; in mlxsw_sp_acl_ruleset_unbind() local 116 const struct mlxsw_sp_acl_profile_ops *ops = ruleset->ht_key.ops; in mlxsw_sp_acl_ruleset_unbind() 118 ops->ruleset_unbind(mlxsw_sp, ruleset->priv, in mlxsw_sp_acl_ruleset_unbind() 124 struct mlxsw_sp_acl_ruleset *ruleset, in mlxsw_sp_acl_ruleset_block_bind() argument [all …]
|
D | spectrum_flower.c | 131 struct mlxsw_sp_acl_ruleset *ruleset; in mlxsw_sp_flower_parse_actions() local 134 ruleset = mlxsw_sp_acl_ruleset_lookup(mlxsw_sp, block, in mlxsw_sp_flower_parse_actions() 137 if (IS_ERR(ruleset)) in mlxsw_sp_flower_parse_actions() 138 return PTR_ERR(ruleset); in mlxsw_sp_flower_parse_actions() 140 group_id = mlxsw_sp_acl_ruleset_group_id(ruleset); in mlxsw_sp_flower_parse_actions() 634 struct mlxsw_sp_acl_ruleset *ruleset; in mlxsw_sp_flower_replace() local 642 ruleset = mlxsw_sp_acl_ruleset_get(mlxsw_sp, block, in mlxsw_sp_flower_replace() 645 if (IS_ERR(ruleset)) in mlxsw_sp_flower_replace() 646 return PTR_ERR(ruleset); in mlxsw_sp_flower_replace() 648 rule = mlxsw_sp_acl_rule_create(mlxsw_sp, ruleset, f->cookie, NULL, in mlxsw_sp_flower_replace() [all …]
|
D | spectrum2_mr_tcam.c | 36 struct mlxsw_sp_acl_ruleset *ruleset) in mlxsw_sp2_mr_tcam_bind_group() argument 41 group_id = mlxsw_sp_acl_ruleset_group_id(ruleset); in mlxsw_sp2_mr_tcam_bind_group() 214 struct mlxsw_sp_acl_ruleset *ruleset; in mlxsw_sp2_mr_tcam_route_create() local 219 ruleset = mlxsw_sp2_mr_tcam_proto_ruleset(mr_tcam, key->proto); in mlxsw_sp2_mr_tcam_route_create() 220 if (WARN_ON(!ruleset)) in mlxsw_sp2_mr_tcam_route_create() 223 rule = mlxsw_sp_acl_rule_create(mlxsw_sp, ruleset, in mlxsw_sp2_mr_tcam_route_create() 247 struct mlxsw_sp_acl_ruleset *ruleset; in mlxsw_sp2_mr_tcam_route_destroy() local 250 ruleset = mlxsw_sp2_mr_tcam_proto_ruleset(mr_tcam, key->proto); in mlxsw_sp2_mr_tcam_route_destroy() 251 if (WARN_ON(!ruleset)) in mlxsw_sp2_mr_tcam_route_destroy() 254 rule = mlxsw_sp_acl_rule_lookup(mlxsw_sp, ruleset, in mlxsw_sp2_mr_tcam_route_destroy() [all …]
|
D | spectrum_acl_tcam.c | 1610 struct mlxsw_sp_acl_tcam_flower_ruleset *ruleset = ruleset_priv; in mlxsw_sp_acl_tcam_flower_ruleset_add() local 1612 return mlxsw_sp_acl_tcam_vgroup_add(mlxsw_sp, tcam, &ruleset->vgroup, in mlxsw_sp_acl_tcam_flower_ruleset_add() 1623 struct mlxsw_sp_acl_tcam_flower_ruleset *ruleset = ruleset_priv; in mlxsw_sp_acl_tcam_flower_ruleset_del() local 1625 mlxsw_sp_acl_tcam_vgroup_del(&ruleset->vgroup); in mlxsw_sp_acl_tcam_flower_ruleset_del() 1634 struct mlxsw_sp_acl_tcam_flower_ruleset *ruleset = ruleset_priv; in mlxsw_sp_acl_tcam_flower_ruleset_bind() local 1636 return mlxsw_sp_acl_tcam_group_bind(mlxsw_sp, &ruleset->vgroup.group, in mlxsw_sp_acl_tcam_flower_ruleset_bind() 1646 struct mlxsw_sp_acl_tcam_flower_ruleset *ruleset = ruleset_priv; in mlxsw_sp_acl_tcam_flower_ruleset_unbind() local 1648 mlxsw_sp_acl_tcam_group_unbind(mlxsw_sp, &ruleset->vgroup.group, in mlxsw_sp_acl_tcam_flower_ruleset_unbind() 1655 struct mlxsw_sp_acl_tcam_flower_ruleset *ruleset = ruleset_priv; in mlxsw_sp_acl_tcam_flower_ruleset_group_id() local 1657 return mlxsw_sp_acl_tcam_group_id(&ruleset->vgroup.group); in mlxsw_sp_acl_tcam_flower_ruleset_group_id() [all …]
|
/linux-6.1.9/Documentation/userspace-api/ |
D | landlock.rst | 33 rights`_. A set of rules is aggregated in a ruleset, which can then restrict 39 We first need to define the ruleset that will contain our rules. For this 40 example, the ruleset will contain rules that only allow read actions, but write 41 actions will be denied. The ruleset then needs to handle both of these kind of 84 This enables to create an inclusive ruleset that will contain our rules. 92 perror("Failed to create a ruleset"); 96 We can now add a new rule to this ruleset thanks to the returned file 97 descriptor referring to this ruleset. The rule will only allow reading the 99 denied by the ruleset. To add ``/usr`` to the ruleset, we open it with the 123 perror("Failed to update ruleset"); [all …]
|
/linux-6.1.9/Documentation/security/ |
D | landlock.rst | 42 * Computation related to Landlock operations (e.g. enforcing a ruleset) shall 84 A domain is a read-only ruleset tied to a set of subjects (i.e. tasks' 85 credentials). Each time a ruleset is enforced on a task, the current domain is 86 duplicated and the ruleset is imported as a new layer of rules in the new 91 of a ruleset provided by the task. 96 .. kernel-doc:: security/landlock/ruleset.h
|
/linux-6.1.9/tools/testing/selftests/netfilter/ |
D | conntrack_vrf.sh | 143 ip netns exec $ns0 nft list ruleset 162 flush ruleset 211 flush ruleset
|
D | nft_fib.sh | 238 ip netns exec ${ns1} nft flush ruleset 239 ip netns exec ${ns2} nft flush ruleset 240 ip netns exec ${nsrouter} nft flush ruleset 267 ip -net ${nsrouter} nft list ruleset
|
D | nft_flowtable.sh | 360 ip netns exec $nsr1 nft list ruleset 390 ip netns exec $nsr1 nft list ruleset 410 ip netns exec $nsr1 nft list ruleset 443 ip netns exec $nsr1 nft list ruleset 467 ip netns exec $nsr1 nft list ruleset 535 ip netns exec $nsr1 nft list ruleset 1>&2
|
D | nft_queue.sh | 252 ip netns exec ${nsrouter} nft list ruleset 320 flush ruleset 369 flush ruleset 394 ip netns exec ${ns1} nft list ruleset
|
D | nft_zones_many.sh | 47 flush ruleset
|
D | nft_synproxy.sh | 112 ip netns exec $nsr nft list ruleset
|
/linux-6.1.9/include/linux/crush/ |
D | mapper.h | 14 extern int crush_find_rule(const struct crush_map *map, int ruleset, int type, int size);
|
D | crush.h | 81 __u8 ruleset; member
|
/linux-6.1.9/security/safesetid/ |
D | securityfs.c | 264 … size_t len, loff_t *ppos, struct mutex *policy_update_lock, struct __rcu setid_ruleset* ruleset) in safesetid_file_read() argument 271 pol = rcu_dereference_protected(ruleset, lockdep_is_held(policy_update_lock)); in safesetid_file_read()
|
/linux-6.1.9/tools/testing/selftests/net/mptcp/ |
D | mptcp_connect.sh | 696 flush ruleset 721 ip netns exec "$listener_ns" nft flush ruleset 728 ip netns exec "$listener_ns" nft flush ruleset 742 ip netns exec "$listener_ns" nft flush ruleset
|