Re: per st_ops kfunc allow/deny mask. Was: [PATCH bpf-next v6 4/5] bpf: Make fs kfuncs available for SYSCALL program type

From: Juntong Deng
Date: Fri Jan 10 2025 - 15:50:28 EST


On 2025/1/10 20:19, Tejun Heo wrote:
Hello,

On Thu, Jan 09, 2025 at 12:49:39PM -0800, Song Liu wrote:
...
Shall we move some of these logics from verifier core to
btf_kfunc_id_set.filter()? IIUC, this would avoid using extra
KF_* bits. To make the filter functions more capable, we
probably need to pass bpf_verifier_env into the filter() function.

FWIW, doing this through callbacks (maybe with predefined helpers and
conventions) seems like the better approach to me given that this policy is
closely tied to specific subsystem (sched_ext here). e.g. If sched_ext want
to introduce new kfunc groups or rules, the changes being contained within
sched_ext implementation would be nicer.

Thanks.


I think so, it would be better to use callback functions and keep
this part decoupled from bpf core.