RE: [PATCH RFC net-next 07/14] bpf: expand BPF syscall with program load/unload
From: David Laight
Date: Mon Jun 30 2014 - 06:07:30 EST
From: Alexei Starovoitov
> On Fri, Jun 27, 2014 at 5:19 PM, Andy Lutomirski <luto@xxxxxxxxxxxxxx> wrote:
> > On Fri, Jun 27, 2014 at 5:05 PM, Alexei Starovoitov <ast@xxxxxxxxxxxx> wrote:
> >> eBPF programs are safe run-to-completion functions with load/unload
> >> methods from userspace similar to kernel modules.
> >>
> >> User space API:
> >>
> >> - load eBPF program
> >> prog_id = bpf_prog_load(int prog_id, bpf_prog_type, struct nlattr *prog, int len)
> >>
> >> where 'prog' is a sequence of sections (currently TEXT and LICENSE)
> >> TEXT - array of eBPF instructions
> >> LICENSE - GPL compatible
> >> +
> >> + err = -EINVAL;
> >> + /* look for mandatory license string */
> >> + if (!tb[BPF_PROG_LICENSE])
> >> + goto free_attr;
> >> +
> >> + /* eBPF programs must be GPL compatible */
> >> + if (!license_is_gpl_compatible(nla_data(tb[BPF_PROG_LICENSE])))
> >> + goto free_attr;
> >
> > Seriously? My mind boggles.
>
> Yes. Quite a bit of logic can fit into one eBPF program. I don't think it's wise
> to leave this door open for abuse. This check makes it clear that if you
> write a program in C, the source code must be available.
That seems utterly extreme.
Loadable kernel modules don't have to be GPL.
I can imagine that some people might not want to load code for which
they don't have the source - but in that case they probably want to
compile it themselves anyway.
I don't want to have to put a gpl licence on random pieces of test
code I might happen to write for my own use.
David