bpf: Add namespace to BPF internal symbols

Alexei Starovoitov · anakryiko · commit f88886de0927 · 2025-04-25T09:21:23.000-07:00
Add namespace to BPF internal symbols used by light skeleton to prevent abuse and document with the code their allowed usage. Fixes: b1d18a7 ("bpf: Extend sys_bpf commands for bpf_syscall programs.") Signed-off-by: Alexei Starovoitov <ast@kernel.org> Signed-off-by: Andrii Nakryiko <andrii@kernel.org> Acked-by: Kumar Kartikeya Dwivedi <memxor@gmail.com> Link: https://lore.kernel.org/bpf/20250425014542.62385-1-alexei.starovoitov@gmail.com
diff --git a/Documentation/bpf/bpf_devel_QA.rst b/Documentation/bpf/bpf_devel_QA.rst
@@ -382,6 +382,14 @@ In case of new BPF instructions, once the changes have been accepted
 into the Linux kernel, please implement support into LLVM's BPF back
 end. See LLVM_ section below for further information.
 
+Q: What "BPF_INTERNAL" symbol namespace is for?
+-----------------------------------------------
+A: Symbols exported as BPF_INTERNAL can only be used by BPF infrastructure
+like preload kernel modules with light skeleton. Most symbols outside
+of BPF_INTERNAL are not expected to be used by code outside of BPF either.
+Symbols may lack the designation because they predate the namespaces,
+or due to an oversight.
+
 Stable submission
 =================
 
diff --git a/kernel/bpf/preload/bpf_preload_kern.c b/kernel/bpf/preload/bpf_preload_kern.c
@@ -89,5 +89,6 @@ static void __exit fini(void)
 }
 late_initcall(load);
 module_exit(fini);
+MODULE_IMPORT_NS("BPF_INTERNAL");
 MODULE_LICENSE("GPL");
 MODULE_DESCRIPTION("Embedded BPF programs for introspection in bpffs");
diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
@@ -1583,7 +1583,7 @@ struct bpf_map *bpf_map_get(u32 ufd)
 
 	return map;
 }
-EXPORT_SYMBOL(bpf_map_get);
+EXPORT_SYMBOL_NS(bpf_map_get, "BPF_INTERNAL");
 
 struct bpf_map *bpf_map_get_with_uref(u32 ufd)
 {
@@ -3364,7 +3364,7 @@ struct bpf_link *bpf_link_get_from_fd(u32 ufd)
 	bpf_link_inc(link);
 	return link;
 }
-EXPORT_SYMBOL(bpf_link_get_from_fd);
+EXPORT_SYMBOL_NS(bpf_link_get_from_fd, "BPF_INTERNAL");
 
 static void bpf_tracing_link_release(struct bpf_link *link)
 {
@@ -6020,7 +6020,7 @@ int kern_sys_bpf(int cmd, union bpf_attr *attr, unsigned int size)
 		return ____bpf_sys_bpf(cmd, attr, size);
 	}
 }
-EXPORT_SYMBOL(kern_sys_bpf);
+EXPORT_SYMBOL_NS(kern_sys_bpf, "BPF_INTERNAL");
 
 static const struct bpf_func_proto bpf_sys_bpf_proto = {
 	.func		= bpf_sys_bpf,

Original file line number	Diff line number	Diff line change
`@@ -89,5 +89,6 @@ static void __exit fini(void)`
`89`	`89`	`}`
`90`	`90`	`late_initcall(load);`
`91`	`91`	`module_exit(fini);`
	`92`	`+MODULE_IMPORT_NS("BPF_INTERNAL");`
`92`	`93`	`MODULE_LICENSE("GPL");`
`93`	`94`	`MODULE_DESCRIPTION("Embedded BPF programs for introspection in bpffs");`
Original file line number	Diff line number	Diff line change
`@@ -1583,7 +1583,7 @@ struct bpf_map *bpf_map_get(u32 ufd)`
`1583`	`1583`
`1584`	`1584`	`return map;`
`1585`	`1585`	`}`
`1586`		`-EXPORT_SYMBOL(bpf_map_get);`
	`1586`	`+EXPORT_SYMBOL_NS(bpf_map_get, "BPF_INTERNAL");`
`1587`	`1587`
`1588`	`1588`	`struct bpf_map *bpf_map_get_with_uref(u32 ufd)`
`1589`	`1589`	`{`
`@@ -3364,7 +3364,7 @@ struct bpf_link *bpf_link_get_from_fd(u32 ufd)`
`3364`	`3364`	`bpf_link_inc(link);`
`3365`	`3365`	`return link;`
`3366`	`3366`	`}`
`3367`		`-EXPORT_SYMBOL(bpf_link_get_from_fd);`
	`3367`	`+EXPORT_SYMBOL_NS(bpf_link_get_from_fd, "BPF_INTERNAL");`
`3368`	`3368`
`3369`	`3369`	`static void bpf_tracing_link_release(struct bpf_link *link)`
`3370`	`3370`	`{`
`@@ -6020,7 +6020,7 @@ int kern_sys_bpf(int cmd, union bpf_attr *attr, unsigned int size)`
`6020`	`6020`	`return ____bpf_sys_bpf(cmd, attr, size);`
`6021`	`6021`	`}`
`6022`	`6022`	`}`
`6023`		`-EXPORT_SYMBOL(kern_sys_bpf);`
	`6023`	`+EXPORT_SYMBOL_NS(kern_sys_bpf, "BPF_INTERNAL");`
`6024`	`6024`
`6025`	`6025`	`static const struct bpf_func_proto bpf_sys_bpf_proto = {`
`6026`	`6026`	`.func = bpf_sys_bpf,`