Skip to content

linux/kernel/bpf/syscall.c

Imported from _research/manual-study-linux/file-notes/linux__kernel__bpf__syscall.c.md.

File Notes: kernel/bpf/syscall.c

Status: reviewed.

Purpose: BPF syscall and runtime boundary.

Review target: programmable observability, verifier boundary, capability checks, and policy-safe agent extensions.

Evidence

  • The file implements the syscall boundary for BPF maps, programs, links, and attachment operations.
  • Perf event BPF load/unload paths appear around lines 2477 and 3224.
  • Program load and tracing-related paths appear around line 3169.
  • Perf/kprobe/uprobe/tracepoint link information appears around lines 4050-4287.
  • Link creation begins around line 4304.

Design Notes

BPF is a constrained programmable extension model. AI-native runtimes can copy the architecture pattern: verified programs/rules, explicit attachment handles, and capability checks at load/attach time.