On Fri, 18 Nov 2022 16:34:50 +0000
Mark Rutland <mark.rutland@xxxxxxx> wrote:
> > Not alarmist, but concern as being able to modify what a kernel function can
> > do is not something I take lightly.
>
> FWIW, given that the aim here seems to be to expose all kernel internals to be
> overridden arbitrarily, I'm also concerned that there's a huge surface area for
> issues with maintainability, robustness/correctness, and security.
>
> I really don't want to be stuck in a position where someone argues that all
> kernel internal functions are ABI and need to stay around as-is to be hooked by
> eBPF, and I hope that we all agree that there are no guarantees on that front.
My biggest concern is changing functionality of arbitrary functions by BPF.
I would much rather limit what functions BPF could change with some
annotation.
int __bpf_modify foo()
{
...
}
That way if somethings not working, you can see directly in the code that
the function could be modified by a BPF program, instead of getting some
random bug report because a function returned an unexpected result that the
code of that function could never produce.
-- Steve
