linux/kernel/bpf/syscall.c
Imported from
_research/manual-study-linux/file-notes/linux__kernel__bpf__syscall.c.md.
File Notes: kernel/bpf/syscall.c
Status: reviewed.
Purpose: BPF syscall and runtime boundary.
Review target: programmable observability, verifier boundary, capability checks, and policy-safe agent extensions.
Evidence
- The file implements the syscall boundary for BPF maps, programs, links, and attachment operations.
- Perf event BPF load/unload paths appear around lines 2477 and 3224.
- Program load and tracing-related paths appear around line 3169.
- Perf/kprobe/uprobe/tracepoint link information appears around lines 4050-4287.
- Link creation begins around line 4304.
Design Notes
BPF is a constrained programmable extension model. AI-native runtimes can copy the architecture pattern: verified programs/rules, explicit attachment handles, and capability checks at load/attach time.