On Tue, Jan 5, 2021 at 12:00 AM Xichen Lin <linxichen.01@xxxxxxxxxxxxx> wrote: > > From: Xichen Lin <linxichen.01@xxxxxxxxxxxxx> > > Check the signature of a BPF program against the same set of keys for > module signature checking. > > Currently the format of a signed BPF program is similar to that of > a signed kernel module, composed of BPF bytecode, signature, > module_signature structure and a magic string, in order, aligned to > struct sock_filter. Commit log talks about 'what' and gives no insight into 'why' the patch was sent. Please take time to clearly explain the motivation for the changes. Also please see earlier discussions on the subject and Arnaldo's preso from plumbers.