* [LSF/MM/BPF TOPIC] Multi-kfunc sets / restricted scoping
@ 2023-01-26 14:15 David Vernet
2023-02-01 6:25 ` Martin KaFai Lau
0 siblings, 1 reply; 2+ messages in thread
From: David Vernet @ 2023-01-26 14:15 UTC (permalink / raw)
To: lsf-pc; +Cc: bpf
Hi all,
I would like to propose discussing a potential new kfunc-related feature
at LSF/MM/BPF: Enabling kfuncs to be restricted to only being callable
from a subset of specific BPF programs, e.g. from only a subset of
callbacks defined in a struct_ops struct, rather than from any
struct_ops program.
Some kfuncs may not be safe or logical to call from all contexts. For
example, the backend kernel implementation which is invoking a
struct_ops callback may set some global state before calling into BPF,
and may thus expect that the state is set when the program calls back
into the kernel from that struct_ops callback, via a kfunc. If the kfunc
can't actually rely on that expectation, whether for safety reasons or
correctness reasons, it has to implement its own methodology for
ensuring it was called from the right context.
Providing developers with an ability to specify the specific programs
that a kfunc should be invokable from would address this problem, and
would avoid every kfunc implementation from having to implement its own
scope checking / validation where required.
I would like to discuss possible design approaches, UX approaches, etc.
Thoughts?
Thanks,
David
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [LSF/MM/BPF TOPIC] Multi-kfunc sets / restricted scoping
2023-01-26 14:15 [LSF/MM/BPF TOPIC] Multi-kfunc sets / restricted scoping David Vernet
@ 2023-02-01 6:25 ` Martin KaFai Lau
0 siblings, 0 replies; 2+ messages in thread
From: Martin KaFai Lau @ 2023-02-01 6:25 UTC (permalink / raw)
To: David Vernet, lsf-pc; +Cc: bpf
On 1/26/23 6:15 AM, David Vernet wrote:
> I would like to propose discussing a potential new kfunc-related feature
> at LSF/MM/BPF: Enabling kfuncs to be restricted to only being callable
> from a subset of specific BPF programs, e.g. from only a subset of
> callbacks defined in a struct_ops struct, rather than from any
> struct_ops program.
>
> Some kfuncs may not be safe or logical to call from all contexts. For
> example, the backend kernel implementation which is invoking a
> struct_ops callback may set some global state before calling into BPF,
> and may thus expect that the state is set when the program calls back
> into the kernel from that struct_ops callback, via a kfunc. If the kfunc
> can't actually rely on that expectation, whether for safety reasons or
> correctness reasons, it has to implement its own methodology for
> ensuring it was called from the right context.
>
> Providing developers with an ability to specify the specific programs
> that a kfunc should be invokable from would address this problem, and
> would avoid every kfunc implementation from having to implement its own
> scope checking / validation where required.
>
> I would like to discuss possible design approaches, UX approaches, etc.
>
> Thoughts?
SG. This can be combined together with your another kfunc topic (per-arg flags).
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2023-02-01 6:26 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-01-26 14:15 [LSF/MM/BPF TOPIC] Multi-kfunc sets / restricted scoping David Vernet
2023-02-01 6:25 ` Martin KaFai Lau
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox