Re: [PATCH bpf-next v5 4/5] bpf: Make fs kfuncs available for SYSCALL and TRACING program types
From: Juntong Deng
Date: Tue Dec 17 2024 - 09:15:19 EST
On 2024/12/17 12:30, Christian Brauner wrote:
On Tue, Dec 10, 2024 at 10:58:52AM -0800, Alexei Starovoitov wrote:
On Tue, Dec 10, 2024 at 6:43 AM Christian Brauner <brauner@xxxxxxxxxx> wrote:
On Tue, Dec 10, 2024 at 02:03:53PM +0000, Juntong Deng wrote:
Currently fs kfuncs are only available for LSM program type, but fs
kfuncs are generic and useful for scenarios other than LSM.
This patch makes fs kfuncs available for SYSCALL and TRACING
program types.
I would like a detailed explanation from the maintainers what it means
to make this available to SYSCALL program types, please.
Sigh.
Hm? Was that directed at my question? I don't have the background to
judge this and this whole api looks like a giant footgun so far for
questionable purposes.
I have a hard time seeing parts of CRIU moved into bpf especially
because all of the userspace stuff exists.
All these kfuncs I want to add are not CRIB specific but generic.
Although these kfuncs are to be added because of CRIB, these kfuncs
are essentially to give BPF the ability to access process-related
information.
Obtaining process-related information is not a requirement specific to
checkpoint/restore scenarios, but is also required in other scenarios.
Access to process-related information is a generic ability that would
be useful for scenarios other than checkpoint/restore.
Therefore these generic kfuncs will be valuable to all BPF users
in the long run.
This is obviously not safe from tracing progs.
From BPF_PROG_TYPE_SYSCALL these kfuncs should be safe to use,
since those progs are not attached to anything.
Such progs can only be executed via sys_bpf syscall prog_run command.
They're sleepable, preemptable, faultable, in task ctx.
But I'm not sure what's the value of enabling these kfuncs for
BPF_PROG_TYPE_SYSCALL.