On 07/26, Martin KaFai Lau wrote:
When bpf program calling bpf_setsockopt(SOL_SOCKET), it could be run in softirq and doesn't make sense to do the capable check. There was a similar situation in bpf_setsockopt(TCP_CONGESTION).
Should we instead skip these capability checks based on something like in_serving_softirq? I wonder if we might be mixing too much into that is_bpf flag (locking assumptions, context assumptions, etc)?
