Home
last modified time | relevance | path

Searched refs:ruleset (Results 1 – 25 of 31) sorted by relevance

12

/linux-6.3-rc2/drivers/net/ethernet/marvell/prestera/
A Dprestera_acl.c147 ruleset = kzalloc(sizeof(*ruleset), GFP_KERNEL); in prestera_acl_ruleset_create()
148 if (!ruleset) in prestera_acl_ruleset_create()
235 prestera_acl_vtcam_id_put(ruleset->acl, ruleset->vtcam_id); in prestera_acl_ruleset_offload()
290 if (!ruleset) in prestera_acl_ruleset_lookup()
389 if (ruleset->ingress != rule->ruleset->ingress) in prestera_acl_ruleset_prio_refresh()
445 rule->ruleset = ruleset; in prestera_acl_rule_create()
473 ruleset->prio.min = min(ruleset->prio.min, prio); in prestera_acl_ruleset_prio_update()
474 ruleset->prio.max = max(ruleset->prio.max, prio); in prestera_acl_ruleset_prio_update()
481 struct prestera_acl_ruleset *ruleset = rule->ruleset; in prestera_acl_rule_add() local
532 struct prestera_acl_ruleset *ruleset = rule->ruleset; in prestera_acl_rule_del() local
[all …]
A Dprestera_flower.c50 if (IS_ERR(ruleset)) in prestera_flower_parse_goto_action()
51 return PTR_ERR(ruleset); in prestera_flower_parse_goto_action()
56 rule->jump_ruleset = ruleset; in prestera_flower_parse_goto_action()
400 if (IS_ERR(ruleset)) in prestera_flower_prio_get()
401 return PTR_ERR(ruleset); in prestera_flower_prio_get()
420 if (IS_ERR(ruleset)) in prestera_flower_replace()
421 return PTR_ERR(ruleset); in prestera_flower_replace()
464 if (IS_ERR(ruleset)) in prestera_flower_destroy()
516 template->ruleset = ruleset; in prestera_flower_tmplt_create()
555 if (IS_ERR(ruleset)) in prestera_flower_stats()
[all …]
A Dprestera_acl.h130 struct prestera_acl_ruleset *ruleset; member
156 prestera_acl_rule_create(struct prestera_acl_ruleset *ruleset,
162 prestera_acl_rule_lookup(struct prestera_acl_ruleset *ruleset,
188 int prestera_acl_ruleset_keymask_set(struct prestera_acl_ruleset *ruleset,
190 bool prestera_acl_ruleset_is_offload(struct prestera_acl_ruleset *ruleset);
191 int prestera_acl_ruleset_offload(struct prestera_acl_ruleset *ruleset);
192 void prestera_acl_ruleset_put(struct prestera_acl_ruleset *ruleset);
193 int prestera_acl_ruleset_bind(struct prestera_acl_ruleset *ruleset,
195 int prestera_acl_ruleset_unbind(struct prestera_acl_ruleset *ruleset,
197 u32 prestera_acl_ruleset_index_get(const struct prestera_acl_ruleset *ruleset);
[all …]
/linux-6.3-rc2/security/landlock/
A Dsyscalls.c101 landlock_put_ruleset(ruleset); in fop_ruleset_release()
193 if (IS_ERR(ruleset)) in SYSCALL_DEFINE3()
194 return PTR_ERR(ruleset); in SYSCALL_DEFINE3()
220 ruleset = ERR_PTR(-EBADFD); in get_ruleset_from_fd()
224 ruleset = ERR_PTR(-EPERM); in get_ruleset_from_fd()
229 ruleset = ERR_PTR(-EINVAL); in get_ruleset_from_fd()
236 return ruleset; in get_ruleset_from_fd()
323 if (IS_ERR(ruleset)) in SYSCALL_DEFINE4()
324 return PTR_ERR(ruleset); in SYSCALL_DEFINE4()
422 if (IS_ERR(ruleset)) in SYSCALL_DEFINE2()
[all …]
A Druleset.c155 lockdep_assert_held(&ruleset->lock); in insert_rule()
215 ruleset->num_rules++; in insert_rule()
366 put_hierarchy(ruleset->hierarchy); in free_ruleset()
367 kfree(ruleset); in free_ruleset()
373 if (ruleset && refcount_dec_and_test(&ruleset->usage)) in landlock_put_ruleset()
374 free_ruleset(ruleset); in landlock_put_ruleset()
379 struct landlock_ruleset *ruleset; in free_ruleset_work() local
382 free_ruleset(ruleset); in free_ruleset_work()
387 if (ruleset && refcount_dec_and_test(&ruleset->usage)) { in landlock_put_ruleset_deferred()
411 if (WARN_ON_ONCE(!ruleset || parent == ruleset)) in landlock_merge_ruleset()
[all …]
A Druleset.h159 void landlock_put_ruleset(struct landlock_ruleset *const ruleset);
160 void landlock_put_ruleset_deferred(struct landlock_ruleset *const ruleset);
162 int landlock_insert_rule(struct landlock_ruleset *const ruleset,
168 struct landlock_ruleset *const ruleset);
171 landlock_find_rule(const struct landlock_ruleset *const ruleset,
174 static inline void landlock_get_ruleset(struct landlock_ruleset *const ruleset) in landlock_get_ruleset() argument
176 if (ruleset) in landlock_get_ruleset()
177 refcount_inc(&ruleset->usage); in landlock_get_ruleset()
A Dfs.c166 int landlock_append_fs_rule(struct landlock_ruleset *const ruleset, in landlock_append_fs_rule() argument
177 if (WARN_ON_ONCE(ruleset->num_layers != 1)) in landlock_append_fs_rule()
183 ~(ruleset->fs_access_masks[0] | ACCESS_INITIALLY_DENIED); in landlock_append_fs_rule()
187 mutex_lock(&ruleset->lock); in landlock_append_fs_rule()
188 err = landlock_insert_rule(ruleset, object, access_rights); in landlock_append_fs_rule()
189 mutex_unlock(&ruleset->lock); in landlock_append_fs_rule()
A DMakefile3 landlock-y := setup.o syscalls.o object.o ruleset.o \
A Dfs.h91 int landlock_append_fs_rule(struct landlock_ruleset *const ruleset,
/linux-6.3-rc2/drivers/net/ethernet/mellanox/mlxsw/
A Dspectrum_acl.c177 if (!ruleset) in mlxsw_sp_acl_ruleset_create()
199 return ruleset; in mlxsw_sp_acl_ruleset_create()
206 kfree(ruleset); in mlxsw_sp_acl_ruleset_create()
264 if (!ruleset) in mlxsw_sp_acl_ruleset_lookup()
284 if (ruleset) { in mlxsw_sp_acl_ruleset_get()
815 rule->ruleset = ruleset; in mlxsw_sp_acl_rule_create()
835 struct mlxsw_sp_acl_ruleset *ruleset = rule->ruleset; in mlxsw_sp_acl_rule_destroy() local
845 struct mlxsw_sp_acl_ruleset *ruleset = rule->ruleset; in mlxsw_sp_acl_rule_add() local
889 struct mlxsw_sp_acl_ruleset *ruleset = rule->ruleset; in mlxsw_sp_acl_rule_del() local
911 struct mlxsw_sp_acl_ruleset *ruleset = rule->ruleset; in mlxsw_sp_acl_rule_action_replace() local
[all …]
A Dspectrum_flower.c131 struct mlxsw_sp_acl_ruleset *ruleset; in mlxsw_sp_flower_parse_actions() local
137 if (IS_ERR(ruleset)) in mlxsw_sp_flower_parse_actions()
138 return PTR_ERR(ruleset); in mlxsw_sp_flower_parse_actions()
645 if (IS_ERR(ruleset)) in mlxsw_sp_flower_replace()
646 return PTR_ERR(ruleset); in mlxsw_sp_flower_replace()
690 if (IS_ERR(ruleset)) in mlxsw_sp_flower_destroy()
718 if (WARN_ON(IS_ERR(ruleset))) in mlxsw_sp_flower_stats()
759 return PTR_ERR_OR_ZERO(ruleset); in mlxsw_sp_flower_tmplt_create()
771 if (IS_ERR(ruleset)) in mlxsw_sp_flower_tmplt_destroy()
788 if (IS_ERR(ruleset)) in mlxsw_sp_flower_prio_get()
[all …]
A Dspectrum2_mr_tcam.c36 struct mlxsw_sp_acl_ruleset *ruleset) in mlxsw_sp2_mr_tcam_bind_group() argument
41 group_id = mlxsw_sp_acl_ruleset_group_id(ruleset); in mlxsw_sp2_mr_tcam_bind_group()
214 struct mlxsw_sp_acl_ruleset *ruleset; in mlxsw_sp2_mr_tcam_route_create() local
220 if (WARN_ON(!ruleset)) in mlxsw_sp2_mr_tcam_route_create()
223 rule = mlxsw_sp_acl_rule_create(mlxsw_sp, ruleset, in mlxsw_sp2_mr_tcam_route_create()
247 struct mlxsw_sp_acl_ruleset *ruleset; in mlxsw_sp2_mr_tcam_route_destroy() local
251 if (WARN_ON(!ruleset)) in mlxsw_sp2_mr_tcam_route_destroy()
254 rule = mlxsw_sp_acl_rule_lookup(mlxsw_sp, ruleset, in mlxsw_sp2_mr_tcam_route_destroy()
271 struct mlxsw_sp_acl_ruleset *ruleset; in mlxsw_sp2_mr_tcam_route_update() local
275 if (WARN_ON(!ruleset)) in mlxsw_sp2_mr_tcam_route_update()
[all …]
A Dspectrum_acl_tcam.c1677 mlxsw_sp_acl_tcam_vgroup_del(&ruleset->vgroup); in mlxsw_sp_acl_tcam_flower_ruleset_del()
1709 return mlxsw_sp_acl_tcam_group_id(&ruleset->vgroup.group); in mlxsw_sp_acl_tcam_flower_ruleset_group_id()
1781 struct mlxsw_sp_acl_tcam_mr_ruleset *ruleset = ruleset_priv; in mlxsw_sp_acl_tcam_mr_ruleset_add() local
1798 ruleset->vchunk = mlxsw_sp_acl_tcam_vchunk_get(mlxsw_sp, in mlxsw_sp_acl_tcam_mr_ruleset_add()
1799 &ruleset->vgroup, 1, in mlxsw_sp_acl_tcam_mr_ruleset_add()
1801 if (IS_ERR(ruleset->vchunk)) { in mlxsw_sp_acl_tcam_mr_ruleset_add()
1802 err = PTR_ERR(ruleset->vchunk); in mlxsw_sp_acl_tcam_mr_ruleset_add()
1809 mlxsw_sp_acl_tcam_vgroup_del(&ruleset->vgroup); in mlxsw_sp_acl_tcam_mr_ruleset_add()
1818 mlxsw_sp_acl_tcam_vchunk_put(mlxsw_sp, ruleset->vchunk); in mlxsw_sp_acl_tcam_mr_ruleset_del()
1819 mlxsw_sp_acl_tcam_vgroup_del(&ruleset->vgroup); in mlxsw_sp_acl_tcam_mr_ruleset_del()
[all …]
/linux-6.3-rc2/Documentation/userspace-api/
A Dlandlock.rst105 perror("Failed to create a ruleset");
112 denied by the ruleset. To add ``/usr`` to the ruleset, we open it with the
136 perror("Failed to update ruleset");
164 perror("Failed to enforce ruleset");
175 ruleset.
208 ruleset.
297 enforced Landlock ruleset.
360 Creating a new ruleset
369 Extending a ruleset
378 Enforcing a ruleset
[all …]
/linux-6.3-rc2/Documentation/security/
A Dlandlock.rst42 * Computation related to Landlock operations (e.g. enforcing a ruleset) shall
112 A domain is a read-only ruleset tied to a set of subjects (i.e. tasks'
113 credentials). Each time a ruleset is enforced on a task, the current domain is
114 duplicated and the ruleset is imported as a new layer of rules in the new
119 of a ruleset provided by the task.
124 .. kernel-doc:: security/landlock/ruleset.h
/linux-6.3-rc2/tools/testing/selftests/netfilter/
A Dconntrack_vrf.sh143 ip netns exec $ns0 nft list ruleset
162 flush ruleset
211 flush ruleset
A Dnft_fib.sh238 ip netns exec ${ns1} nft flush ruleset
239 ip netns exec ${ns2} nft flush ruleset
240 ip netns exec ${nsrouter} nft flush ruleset
267 ip -net ${nsrouter} nft list ruleset
A Dnft_flowtable.sh360 ip netns exec $nsr1 nft list ruleset
390 ip netns exec $nsr1 nft list ruleset
410 ip netns exec $nsr1 nft list ruleset
443 ip netns exec $nsr1 nft list ruleset
467 ip netns exec $nsr1 nft list ruleset
535 ip netns exec $nsr1 nft list ruleset 1>&2
A Dnft_queue.sh252 ip netns exec ${nsrouter} nft list ruleset
320 flush ruleset
369 flush ruleset
394 ip netns exec ${ns1} nft list ruleset
A Dnft_zones_many.sh47 flush ruleset
A Dnft_synproxy.sh112 ip netns exec $nsr nft list ruleset
/linux-6.3-rc2/include/linux/crush/
A Dmapper.h14 extern int crush_find_rule(const struct crush_map *map, int ruleset, int type, int size);
A Dcrush.h81 __u8 ruleset; member
/linux-6.3-rc2/security/safesetid/
A Dsecurityfs.c264 … size_t len, loff_t *ppos, struct mutex *policy_update_lock, struct __rcu setid_ruleset* ruleset) in safesetid_file_read() argument
271 pol = rcu_dereference_protected(ruleset, lockdep_is_held(policy_update_lock)); in safesetid_file_read()
/linux-6.3-rc2/tools/testing/selftests/net/mptcp/
A Dmptcp_connect.sh695 flush ruleset
720 ip netns exec "$listener_ns" nft flush ruleset
727 ip netns exec "$listener_ns" nft flush ruleset
741 ip netns exec "$listener_ns" nft flush ruleset

Completed in 95 milliseconds

12