| Message ID | 1645240502-13398-3-git-send-email-yangtiezhu@loongson.cn (mailing list archive) |
|---|---|
| State | Superseded |
| Delegated to: | BPF |
| Headers | show |
| Series | Modify BPF_JIT_ALWAYS_ON and BPF_JIT_DEFAULT_ON | expand |
| Context | Check | Description |
|---|---|---|
| netdev/tree_selection | success | Clearly marked for bpf-next |
| netdev/fixes_present | success | Fixes tag not required for -next series |
| netdev/subject_prefix | success | Link |
| netdev/cover_letter | success | Series has a cover letter |
| netdev/patch_count | success | Link |
| netdev/header_inline | success | No static functions without inline keyword in header files |
| netdev/build_32bit | success | Errors and warnings before: 0 this patch: 0 |
| netdev/cc_maintainers | success | CCed 10 of 10 maintainers |
| netdev/build_clang | success | Errors and warnings before: 0 this patch: 0 |
| netdev/module_param | success | Was 0 now: 0 |
| netdev/verify_signedoff | success | Signed-off-by tag matches author and committer |
| netdev/verify_fixes | success | No Fixes tag |
| netdev/build_allmodconfig_warn | success | Errors and warnings before: 0 this patch: 0 |
| netdev/checkpatch | success | total: 0 errors, 0 warnings, 0 checks, 25 lines checked |
| netdev/kdoc | success | Errors and warnings before: 0 this patch: 0 |
| netdev/source_inline | success | Was 0 now: 0 |
| bpf/vmtest-bpf-next-PR | success | PR summary |
| bpf/vmtest-bpf-next | success | VM_Test |
On Fri, Feb 18, 2022 at 7:15 PM Tiezhu Yang <yangtiezhu@loongson.cn> wrote: > > Currently, only x86, arm64 and s390 select ARCH_WANT_DEFAULT_BPF_JIT, > the other archs do not select ARCH_WANT_DEFAULT_BPF_JIT. On the archs > without ARCH_WANT_DEFAULT_BPF_JIT, if we want to set bpf_jit_enable to > 1 by default, the only way is to enable CONFIG_BPF_JIT_ALWAYS_ON, then > the users can not change it to 0 or 2, it seems bad for some users. We > can select ARCH_WANT_DEFAULT_BPF_JIT for those archs if it is proper, > but at least for now, make BPF_JIT_DEFAULT_ON selectable can give them > a chance. > > Additionally, with this patch, under !BPF_JIT_ALWAYS_ON, we can disable > BPF_JIT_DEFAULT_ON on the archs with ARCH_WANT_DEFAULT_BPF_JIT when make > menuconfig, it seems flexible for some developers. > > Signed-off-by: Tiezhu Yang <yangtiezhu@loongson.cn> > --- > kernel/bpf/Kconfig | 13 +++++++++++-- > 1 file changed, 11 insertions(+), 2 deletions(-) > > diff --git a/kernel/bpf/Kconfig b/kernel/bpf/Kconfig > index cbf3f65..461ac60 100644 > --- a/kernel/bpf/Kconfig > +++ b/kernel/bpf/Kconfig > @@ -54,6 +54,7 @@ config BPF_JIT > config BPF_JIT_ALWAYS_ON > bool "Permanently enable BPF JIT and remove BPF interpreter" > depends on BPF_SYSCALL && HAVE_EBPF_JIT && BPF_JIT > + select BPF_JIT_DEFAULT_ON > help > Enables BPF JIT and removes BPF interpreter to avoid speculative > execution of BPF instructions by the interpreter. > @@ -63,8 +64,16 @@ config BPF_JIT_ALWAYS_ON > in failure. > > config BPF_JIT_DEFAULT_ON > - def_bool ARCH_WANT_DEFAULT_BPF_JIT || BPF_JIT_ALWAYS_ON > - depends on HAVE_EBPF_JIT && BPF_JIT > + bool "Defaultly enable BPF JIT and remove BPF interpreter" I think "remove BPF interpreter" is not accurate. I guess we can just say "Enable BPF JIT by default". (also "defaultly" sounds weird to me). > + default y if ARCH_WANT_DEFAULT_BPF_JIT > + depends on BPF_SYSCALL && HAVE_EBPF_JIT && BPF_JIT > + help > + Enables BPF JIT and removes BPF interpreter to avoid speculative > + execution of BPF instructions by the interpreter. > + > + When CONFIG_BPF_JIT_DEFAULT_ON is enabled but CONFIG_BPF_JIT_ALWAYS_ON > + is disabled, /proc/sys/net/core/bpf_jit_enable is set to 1 by default > + and can be changed to 0 or 2. > > config BPF_UNPRIV_DEFAULT_OFF > bool "Disable unprivileged BPF by default" > -- > 2.1.0 >
diff --git a/kernel/bpf/Kconfig b/kernel/bpf/Kconfig index cbf3f65..461ac60 100644 --- a/kernel/bpf/Kconfig +++ b/kernel/bpf/Kconfig @@ -54,6 +54,7 @@ config BPF_JIT config BPF_JIT_ALWAYS_ON bool "Permanently enable BPF JIT and remove BPF interpreter" depends on BPF_SYSCALL && HAVE_EBPF_JIT && BPF_JIT + select BPF_JIT_DEFAULT_ON help Enables BPF JIT and removes BPF interpreter to avoid speculative execution of BPF instructions by the interpreter. @@ -63,8 +64,16 @@ config BPF_JIT_ALWAYS_ON in failure. config BPF_JIT_DEFAULT_ON - def_bool ARCH_WANT_DEFAULT_BPF_JIT || BPF_JIT_ALWAYS_ON - depends on HAVE_EBPF_JIT && BPF_JIT + bool "Defaultly enable BPF JIT and remove BPF interpreter" + default y if ARCH_WANT_DEFAULT_BPF_JIT + depends on BPF_SYSCALL && HAVE_EBPF_JIT && BPF_JIT + help + Enables BPF JIT and removes BPF interpreter to avoid speculative + execution of BPF instructions by the interpreter. + + When CONFIG_BPF_JIT_DEFAULT_ON is enabled but CONFIG_BPF_JIT_ALWAYS_ON + is disabled, /proc/sys/net/core/bpf_jit_enable is set to 1 by default + and can be changed to 0 or 2. config BPF_UNPRIV_DEFAULT_OFF bool "Disable unprivileged BPF by default"
Currently, only x86, arm64 and s390 select ARCH_WANT_DEFAULT_BPF_JIT, the other archs do not select ARCH_WANT_DEFAULT_BPF_JIT. On the archs without ARCH_WANT_DEFAULT_BPF_JIT, if we want to set bpf_jit_enable to 1 by default, the only way is to enable CONFIG_BPF_JIT_ALWAYS_ON, then the users can not change it to 0 or 2, it seems bad for some users. We can select ARCH_WANT_DEFAULT_BPF_JIT for those archs if it is proper, but at least for now, make BPF_JIT_DEFAULT_ON selectable can give them a chance. Additionally, with this patch, under !BPF_JIT_ALWAYS_ON, we can disable BPF_JIT_DEFAULT_ON on the archs with ARCH_WANT_DEFAULT_BPF_JIT when make menuconfig, it seems flexible for some developers. Signed-off-by: Tiezhu Yang <yangtiezhu@loongson.cn> --- kernel/bpf/Kconfig | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-)