Andrii Nakryiko wrote: > Adjust feature probing callbacks to take into account optional token_fd. > In unprivileged contexts, some feature detectors would fail to detect > kernel support just because BPF program, BPF map, or BTF object can't be > loaded due to privileged nature of those operations. So when BPF object > is loaded with BPF token, this token should be used for feature probing. > > This patch is setting support for this scenario, but we don't yet pass > non-zero token FD. This will be added in the next patch. > > We also switched BPF cookie detector from using kprobe program to > tracepoint one, as tracepoint is somewhat less dangerous BPF program > type and has higher likelihood of being allowed through BPF token in the > future. This change has no effect on detection behavior. > > Signed-off-by: Andrii Nakryiko <andrii@xxxxxxxxxx> > --- Acked-by: John Fastabend <john.fastabend@xxxxxxxxx>
