On Wed, Jul 27, 2022 at 09:54:08AM -0700, sdf@xxxxxxxxxx wrote: > On 07/26, Martin KaFai Lau wrote: > > When bpf program calling bpf_setsockopt(SOL_SOCKET), > > it could be run in softirq and doesn't make sense to do the capable > > check. There was a similar situation in bpf_setsockopt(TCP_CONGESTION). > > Should we instead skip these capability checks based on something like > in_serving_softirq? I wonder if we might be mixing too much into that > is_bpf flag (locking assumptions, context assumptions, etc)? Yes, the bit can be splitted as another reply in patch 2. I don't think in_serving_softirq is a good fit name. Some of the hooks is not in_serving_softirq. is_bpf should be a better name for this.
