eBPF is often used for kernel debugging, and one of the widely used and powerful debugging techniques is post-mortem debugging with a full memory dump. Triggering a panic at exactly the right moment allows the user to get such a dump and thus a better view at the system's state. Right now the only way to do this in BPF is to signal userspace to trigger kexec/panic. This is suboptimal as going through userspace requires context changes and adds significant delays taking system further away from "the right moment". On a single-cpu system the situation is even worse because BPF program won't even be able to block the thread of interest. This patchset tries to solve this problem by allowing properly marked tracing bpf programs to call crash_kexec() kernel function. The only requirement for now to run programs calling crash_kexec() or other destructive kfuncs is CAP_SYS_BOOT capability. When signature checking for bpf programs is available it is possible that stricter rules will be applied to programs utilizing destructive kfuncs. This is a continuation of bpf_panic patchset with initial feedback taken into account. Changes in v2: - BPF_PROG_LOAD flag dropped as it doesn't fully achieve it's aim of preventing accidental execution of destructive bpf programs - selftest moved to the end of patchset - switched to kfunc destructive flag instead of a separate set Changes from RFC: - sysctl knob dropped - using crash_kexec() instead of panic() - using kfuncs instead of adding a new helper Artem Savkov (3): bpf: add destructive kfunc flag bpf: export crash_kexec() as destructive kfunc selftests/bpf: add destructive kfunc test include/linux/btf.h | 1 + kernel/bpf/verifier.c | 5 +++ kernel/kexec_core.c | 21 +++++++++++ net/bpf/test_run.c | 5 +++ .../selftests/bpf/prog_tests/kfunc_call.c | 36 +++++++++++++++++++ .../bpf/progs/kfunc_call_destructive.c | 14 ++++++++ 6 files changed, 82 insertions(+) create mode 100644 tools/testing/selftests/bpf/progs/kfunc_call_destructive.c -- 2.35.3