On Thu, Nov 17, 2022 at 05:40:30PM -0500, Steven Rostedt wrote: > On Thu, 17 Nov 2022 16:55:12 -0500 > Chris Mason <clm@xxxxxxxx> wrote: > > > On 11/17/22 12:16 PM, Steven Rostedt wrote: > > The short answer to your concerns is that you can't replace kernel > > functions from proprietary BPF programs. The LSM and TCP congestion > > control features intentionally have GPL only support functions in the > > way. bpf_probe_read_kernel() is also GPL only and massively limits the > > things that can be done from proprietary code. > > ^^^^^^^^^^^^^^^^^ > > That's the part I wanted to hear. But just the fact of replacing a kernel > function with BPF code seems a bit concerning. > > This list of helpers is pretty current and details which ones are GPL only: > > > > https://github.com/iovisor/bcc/blob/master/docs/kernel-versions.md#helpers > > > > I know there's a long and glorious history of collaboration around these > > parts of bpf and ftrace. I really hope this time around we all come > > away feeling like the technical discussion made both projects better. > > Mark and Florent today certainly made me think that was the direction we > > were headed. > > > > Along these lines, I'm also hoping to avoid diving into old debates and > > alarmist conclusions about GPL compliance and signed bpf programs. Or, > > Not alarmist, but concern as being able to modify what a kernel function can > do is not something I take lightly. FWIW, given that the aim here seems to be to expose all kernel internals to be overridden arbitrarily, I'm also concerned that there's a huge surface area for issues with maintainability, robustness/correctness, and security. I really don't want to be stuck in a position where someone argues that all kernel internal functions are ABI and need to stay around as-is to be hooked by eBPF, and I hope that we all agree that there are no guarantees on that front. Thanks, Mark.
