bpf: add destructive kfunc flag

Add KF_DESTRUCTIVE flag for destructive functions. Functions with this flag set will require CAP_SYS_BOOT capabilities. Signed-off-by: Artem Savkov <asavkov@redhat.com> Link: https://lore.kernel.org/r/20220810065905.475418-2-asavkov@redhat.com Signed-off-by: Alexei Starovoitov <ast@kernel.org>
author: Artem Savkov <asavkov@redhat.com> 2022-08-10 09:59:03 +0300
committer: Alexei Starovoitov <ast@kernel.org> 2022-08-10 19:22:18 +0300
commit: 4dd48c6f1f83290d4bc61b43e61d86f8bc6c310e (patch)
tree: 9c01d2a53dac7963116e41142333f73b27d1aa79 /Documentation/bpf
parent: 3143d10b094596f3e5d5964b2660375e586652a3 (diff)
download: linux-4dd48c6f1f83290d4bc61b43e61d86f8bc6c310e.tar.xz
1 files changed, 9 insertions, 0 deletions
diff --git a/Documentation/bpf/kfuncs.rst b/Documentation/bpf/kfuncs.rst
index c8b21de1c772..781731749e55 100644
--- a/Documentation/bpf/kfuncs.rst
+++ b/Documentation/bpf/kfuncs.rst
@@ -152,6 +152,15 @@ ensure the integrity of the operation being performed on the expected object.
 The KF_SLEEPABLE flag is used for kfuncs that may sleep. Such kfuncs can only
 be called by sleepable BPF programs (BPF_F_SLEEPABLE).
 
+2.4.7 KF_DESTRUCTIVE flag
+--------------------------
+
+The KF_DESTRUCTIVE flag is used to indicate functions calling which is
+destructive to the system. For example such a call can result in system
+rebooting or panicking. Due to this additional restrictions apply to these
+calls. At the moment they only require CAP_SYS_BOOT capability, but more can be
+added later.
+
 2.5 Registering the kfuncs
 --------------------------
author	Artem Savkov <asavkov@redhat.com>	2022-08-10 09:59:03 +0300
committer	Alexei Starovoitov <ast@kernel.org>	2022-08-10 19:22:18 +0300
commit	4dd48c6f1f83290d4bc61b43e61d86f8bc6c310e (patch)
tree	9c01d2a53dac7963116e41142333f73b27d1aa79 /Documentation/bpf
parent	3143d10b094596f3e5d5964b2660375e586652a3 (diff)
download	linux-4dd48c6f1f83290d4bc61b43e61d86f8bc6c310e.tar.xz