Queued this week into the BPF subsystem’s “bpf-next” Git branch ahead of the Linux 6.18 merge window are some exciting feature additions.
First up, merged to bpf-next is initial support for signed BPF programs. Signed BPF programs can help ensure the BPF program comes from a trusted source for ensuring system integrity. BPF program signing is also part of the process toward allowing unprivileged users to load vetted BPF programs.
That merge explains:
“BPF Signing has gone over multiple discussions in various conferences with the kernel and BPF community and the following patch series is a culmination of the current of discussion and signed BPF programs. Once signing is implemented, the next focus would be to implement the right security policies for all BPF use-cases (dynamically generated bpf programs, simple non CO-RE
programs).Signing also paves the way for allowing unrivileged users to load vetted BPF programs and helps in adhering to the principle of least
privlege by avoiding unnecessary elevation of privileges to CAP_BPF and CAP_SYS_ADMIN (of course, with the appropriate security policy active).”
Another notable merge this week to the BPF tree ahead of Linux 6.18 is support for deferred task context execution. That contribution from Meta/Facebook is described as:
“This patch introduces a new mechanism for BPF programs to schedule deferred execution in the context of a specific task using the kernel’s task_work infrastructure.
The new bpf_task_work interface enables BPF use cases that require sleepable subprogram execution within task context, for example, scheduling sleepable function from the context that does not allow sleepable, such as NMI.
Introduced kfuncs bpf_task_work_schedule_signal() and bpf_task_work_schedule_resume() for scheduling BPF callbacks correspond to different modes used by task_work (TWA_SIGNAL or TWA_RESUME).
The implementation manages scheduling state via metadata objects (struct bpf_task_work_context). Pointers to bpf_task_work_context are stored in BPF map values. State transitions are handled via an atomic state machine (bpf_task_work_state) to ensure correctness under concurrent usage and deletion, lifetime is guarded by refcounting and RCU Tasks Trace. Kfuncs call task_work_add() indirectly via irq_work to avoid locking in potentially NMI context.”
Barring any last minute issues, these new BPF features should be merged during the upcoming Linux 6.18 merge window.
