[OS-BUILD PATCHv2] [kernel] bpf: set default value for bpf_jit_harden

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



From: Artem Savkov <asavkov@xxxxxxxxxx>

[kernel] bpf: set default value for bpf_jit_harden

JIRA: https://issues.redhat.com/browse/RHEL-51896
Upstream Status: RHEL only

Forwardport from rhel9: 4a4798ed0a475 ("[kernel]
bpf: set default value for bpf_jit_harden")

The patch for configuring boot-time value for these
options has been proposed [1] and rejected upstream.

[1] https://lkml.org/lkml/2018/5/23/449

Set default values for net.bpf_jit_harden sysctl.

 - net.bpf_jit_harden is set to 1: it's a compromise between the fact that
   by default we do not have unprivileged BPF enabled (and there's little
   reason for enforcing constant blinding for root programs by default,
   considering performance tradeoffs), and providing some sane default for
   users that still want unprivileged BPF (and enable it via the boot
   option),

Signed-off-by: Jiri Olsa <jolsa@xxxxxxxxxx>
Signed-off-by: Artem Savkov <asavkov@xxxxxxxxxx>

diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c
index blahblah..blahblah 100644
--- a/kernel/bpf/core.c
+++ b/kernel/bpf/core.c
@@ -566,7 +566,12 @@ void bpf_prog_kallsyms_del_all(struct bpf_prog *fp)
 /* All BPF JIT sysctl knobs here. */
 int bpf_jit_enable   __read_mostly = IS_BUILTIN(CONFIG_BPF_JIT_DEFAULT_ON);
 int bpf_jit_kallsyms __read_mostly = IS_BUILTIN(CONFIG_BPF_JIT_DEFAULT_ON);
+#ifdef CONFIG_RHEL_DIFFERENCES
+/* RHEL-only: set it to 1 by default */
+int bpf_jit_harden   __read_mostly = 1;
+#else
 int bpf_jit_harden   __read_mostly;
+#endif /* CONFIG_RHEL_DIFFERENCES */
 long bpf_jit_limit   __read_mostly;
 long bpf_jit_limit_max __read_mostly;
 

--
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/3309

-- 
_______________________________________________
kernel mailing list -- kernel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to kernel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/kernel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue




[Index of Archives]     [Fedora General Discussion]     [Older Fedora Users Archive]     [Fedora Advisory Board]     [Fedora Security]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Mentors]     [Fedora Package Announce]     [Fedora Package Review]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Coolkey]     [Yum Users]     [Tux]     [Yosemite News]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [USB]     [Asterisk PBX]

  Powered by Linux