Post Syndicated from original https://lwn.net/Articles/900749/

The BPF subsystem allows
programmers to write programs that can run safely in kernel space. All
memory accesses and function calls in BPF programs are statically checked
for safety using the in-kernel verifier, which
analyzes programs in their entirety before allowing them to be loaded.
While this allows the kernel to safely run BPF programs, it heavily
restricts what those programs are able to do. Among these
constraints is a rule that programs cannot store pointers into BPF maps for
use (such as dereferencing them or passing them to the kernel in
kfunc and BPF helper invocations) at a
later time. A
patch set by
Kumar Kartikeya Dwivedi adds this capability to BPF.