| Message ID | 1524644322-9263-1-git-send-email-leo.yan@linaro.org |
|---|---|
| State | New |
| Headers | show |
| Series | [bpf-next] bpf: Allow bpf_jit_enable = 2 with BPF_JIT_ALWAYS_ON config | expand |
On Wed, Apr 25, 2018 at 05:37:39PM +0200, Daniel Borkmann wrote: > On 04/25/2018 04:14 PM, Alexei Starovoitov wrote: > > On Wed, Apr 25, 2018 at 05:25:47PM +0800, Leo Yan wrote: > >> > >> If we have concern for security issue, should we remove support for > >> 'bpf_jit_enable = 2' and modify the doc to reflect this change? > > > > I suggest to fix the doc. > > Agree, lets do that instead. Leo, could you cook a patch for that? Sure, have sent new patch for this. Thanks for suggestion! > Thanks, > Daniel
diff --git a/net/core/sysctl_net_core.c b/net/core/sysctl_net_core.c index b1a2c5e..6a39b22 100644 --- a/net/core/sysctl_net_core.c +++ b/net/core/sysctl_net_core.c @@ -371,7 +371,7 @@ static int proc_dointvec_minmax_bpf_enable(struct ctl_table *table, int write, .proc_handler = proc_dointvec_minmax_bpf_enable, # ifdef CONFIG_BPF_JIT_ALWAYS_ON .extra1 = &one, - .extra2 = &one, + .extra2 = &two, # else .extra1 = &zero, .extra2 = &two,
After enabled BPF_JIT_ALWAYS_ON config, bpf_jit_enable always equals to 1; it is impossible to set 'bpf_jit_enable = 2' and the kernel has no chance to call bpf_jit_dump(). This patch relaxes bpf_jit_enable range to [1..2] when kernel config BPF_JIT_ALWAYS_ON is enabled so can invoke jit dump. Signed-off-by: Leo Yan <leo.yan@linaro.org> --- net/core/sysctl_net_core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- 1.9.1