Disabling unprivileged BPF by default would help prevent unprivileged users from creating the conditions required for potential speculative execution side-channel attacks on affected hardware as demonstrated by [1][2][3]. This will sync mainline with what most distros are currently applying. An admin can enable this at runtime if necessary. Signed-off-by: Pawan Gupta <pawan.kumar.gupta@xxxxxxxxxxxxxxx> [1] https://access.redhat.com/security/cve/cve-2019-7308 [2] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3490 [3] https://bugzilla.redhat.com/show_bug.cgi?id=1672355#c5 --- kernel/bpf/Kconfig | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/kernel/bpf/Kconfig b/kernel/bpf/Kconfig index a82d6de86522..73d446294455 100644 --- a/kernel/bpf/Kconfig +++ b/kernel/bpf/Kconfig @@ -64,6 +64,7 @@ config BPF_JIT_DEFAULT_ON config BPF_UNPRIV_DEFAULT_OFF bool "Disable unprivileged BPF by default" + default y depends on BPF_SYSCALL help Disables unprivileged BPF by default by setting the corresponding @@ -72,6 +73,10 @@ config BPF_UNPRIV_DEFAULT_OFF disable it by setting it to 1 (from which no other transition to 0 is possible anymore). + Unprivileged BPF can be used to exploit potential speculative + execution side-channel vulnerabilities on affected hardware. If you + are concerned about it, answer Y. + source "kernel/bpf/preload/Kconfig" config BPF_LSM -- 2.31.1
