Hi all, I would like to propose discussing a potential new kfunc-related feature at LSF/MM/BPF: Enabling kfuncs to be restricted to only being callable from a subset of specific BPF programs, e.g. from only a subset of callbacks defined in a struct_ops struct, rather than from any struct_ops program. Some kfuncs may not be safe or logical to call from all contexts. For example, the backend kernel implementation which is invoking a struct_ops callback may set some global state before calling into BPF, and may thus expect that the state is set when the program calls back into the kernel from that struct_ops callback, via a kfunc. If the kfunc can't actually rely on that expectation, whether for safety reasons or correctness reasons, it has to implement its own methodology for ensuring it was called from the right context. Providing developers with an ability to specify the specific programs that a kfunc should be invokable from would address this problem, and would avoid every kfunc implementation from having to implement its own scope checking / validation where required. I would like to discuss possible design approaches, UX approaches, etc. Thoughts? Thanks, David
