bpf: charge user for creation of BPF maps and programs

	u32 key_size;

	u32 value_size;

	u32 max_entries;

	u32 pages;

	struct user_struct *user;

	const struct bpf_map_ops *ops;

	struct work_struct work;

};

	const struct bpf_verifier_ops *ops;

	struct bpf_map **used_maps;

	struct bpf_prog *prog;

	struct user_struct *user;

	union {

		struct work_struct work;

		struct rcu_head	rcu;

	struct hlist_node uidhash_node;

	kuid_t uid;

#ifdef CONFIG_PERF_EVENTS

#if defined(CONFIG_PERF_EVENTS) || defined(CONFIG_BPF_SYSCALL)

	atomic_long_t locked_vm;

#endif

};

	array->map.key_size = attr->key_size;

	array->map.value_size = attr->value_size;

	array->map.max_entries = attr->max_entries;

	array->map.pages = round_up(array_size, PAGE_SIZE) >> PAGE_SHIFT;

	array->elem_size = elem_size;

	return &array->map;

	htab->elem_size = sizeof(struct htab_elem) +

			  round_up(htab->map.key_size, 8) +

			  htab->map.value_size;

	htab->map.pages = round_up(htab->n_buckets * sizeof(struct hlist_head) +

				   htab->elem_size * htab->map.max_entries,

				   PAGE_SIZE) >> PAGE_SHIFT;

	return &htab->map;

free_htab:

	list_add(&tl->list_node, &bpf_map_types);

}

static int bpf_map_charge_memlock(struct bpf_map *map)

{

	struct user_struct *user = get_current_user();

	unsigned long memlock_limit;

	memlock_limit = rlimit(RLIMIT_MEMLOCK) >> PAGE_SHIFT;

	atomic_long_add(map->pages, &user->locked_vm);

	if (atomic_long_read(&user->locked_vm) > memlock_limit) {

		atomic_long_sub(map->pages, &user->locked_vm);

		free_uid(user);

		return -EPERM;

	}

	map->user = user;

	return 0;

}

static void bpf_map_uncharge_memlock(struct bpf_map *map)

{

	struct user_struct *user = map->user;

	atomic_long_sub(map->pages, &user->locked_vm);

	free_uid(user);

}

/* called from workqueue */

static void bpf_map_free_deferred(struct work_struct *work)

{

	struct bpf_map *map = container_of(work, struct bpf_map, work);

	bpf_map_uncharge_memlock(map);

	/* implementation dependent freeing */

	map->ops->map_free(map);

}

	atomic_set(&map->refcnt, 1);

	err = bpf_map_charge_memlock(map);

	if (err)

		goto free_map;

	err = anon_inode_getfd("bpf-map", &bpf_map_fops, map, O_RDWR | O_CLOEXEC);

	if (err < 0)

	kfree(aux->used_maps);

}

static int bpf_prog_charge_memlock(struct bpf_prog *prog)

{

	struct user_struct *user = get_current_user();

	unsigned long memlock_limit;

	memlock_limit = rlimit(RLIMIT_MEMLOCK) >> PAGE_SHIFT;

	atomic_long_add(prog->pages, &user->locked_vm);

	if (atomic_long_read(&user->locked_vm) > memlock_limit) {

		atomic_long_sub(prog->pages, &user->locked_vm);

		free_uid(user);

		return -EPERM;

	}

	prog->aux->user = user;

	return 0;

}

static void bpf_prog_uncharge_memlock(struct bpf_prog *prog)

{

	struct user_struct *user = prog->aux->user;

	atomic_long_sub(prog->pages, &user->locked_vm);

	free_uid(user);

}

static void __prog_put_rcu(struct rcu_head *rcu)

{

	struct bpf_prog_aux *aux = container_of(rcu, struct bpf_prog_aux, rcu);

	free_used_maps(aux);

	bpf_prog_uncharge_memlock(aux->prog);

	bpf_prog_free(aux->prog);

}

	if (!prog)

		return -ENOMEM;

	err = bpf_prog_charge_memlock(prog);

	if (err)

		goto free_prog_nouncharge;

	prog->len = attr->insn_cnt;

	err = -EFAULT;

free_used_maps:

	free_used_maps(prog->aux);

free_prog:

	bpf_prog_uncharge_memlock(prog);

free_prog_nouncharge:

	bpf_prog_free(prog);

	return err;

}