bpf: set default value for bpf_jit_harden (!220) · Merge requests · Red Hat / centos-stream / src / kernel / centos-stream-9

Upstream: RHEL only. The patch for configuring boot-time value for these options has been proposed [1] and rejected upstream.

Set default values for net.bpf_jit_harden sysctl.

net.bpf_jit_harden is set to 1: it's a compromise between the fact that by default we do not have unprivileged BPF enabled (and there's little reason for enforcing constant blinding for root programs by default, considering performance tradeoffs), and providing some sane default for users that still want unprivileged BPF (and enable it via the boot option),

Signed-off-by: Jiri Olsa jolsa@redhat.com

Edited Dec 04, 2021 by Jiri Olsa

bpf: set default value for bpf_jit_harden