| Message ID | 1644569851-20859-3-git-send-email-yangtiezhu@loongson.cn (mailing list archive) |
|---|---|
| State | Superseded |
| Delegated to: | BPF |
| Headers | show |
| Series | Modify BPF_JIT_ALWAYS_ON and BPF_JIT_DEFAULT_ON | expand |
| Context | Check | Description |
|---|---|---|
| bpf/vmtest-bpf-next | success | VM_Test |
| bpf/vmtest-bpf-next-PR | success | PR summary |
| netdev/tree_selection | success | Clearly marked for bpf-next |
| netdev/fixes_present | success | Fixes tag not required for -next series |
| netdev/subject_prefix | success | Link |
| netdev/cover_letter | success | Series has a cover letter |
| netdev/patch_count | success | Link |
| netdev/header_inline | success | No static functions without inline keyword in header files |
| netdev/build_32bit | success | Errors and warnings before: 0 this patch: 0 |
| netdev/cc_maintainers | success | CCed 10 of 10 maintainers |
| netdev/build_clang | success | Errors and warnings before: 0 this patch: 0 |
| netdev/module_param | success | Was 0 now: 0 |
| netdev/verify_signedoff | success | Signed-off-by tag matches author and committer |
| netdev/verify_fixes | success | No Fixes tag |
| netdev/build_allmodconfig_warn | success | Errors and warnings before: 0 this patch: 0 |
| netdev/checkpatch | success | total: 0 errors, 0 warnings, 0 checks, 25 lines checked |
| netdev/kdoc | success | Errors and warnings before: 0 this patch: 0 |
| netdev/source_inline | success | Was 0 now: 0 |
On 2/11/22 9:57 AM, Tiezhu Yang wrote: > Currently, it is not possible to set bpf_jit_enable to 1 by default > and the users can change it to 0 or 2, it seems bad for some users, > make BPF_JIT_DEFAULT_ON selectable to give them a chance. I'm not fully sure I follow the above, so you are saying that a kconfig of !BPF_JIT_ALWAYS_ON and ARCH_WANT_DEFAULT_BPF_JIT, enables BPF_JIT_DEFAULT_ON however in such setting you are not able to reset bpf_jit_enable back to 0 at runtime? Thanks, Daniel
On 02/11/2022 06:23 PM, Daniel Borkmann wrote: > On 2/11/22 9:57 AM, Tiezhu Yang wrote: >> Currently, it is not possible to set bpf_jit_enable to 1 by default >> and the users can change it to 0 or 2, it seems bad for some users, >> make BPF_JIT_DEFAULT_ON selectable to give them a chance. > > I'm not fully sure I follow the above, so you are saying that a kconfig of > !BPF_JIT_ALWAYS_ON and ARCH_WANT_DEFAULT_BPF_JIT, enables > BPF_JIT_DEFAULT_ON > however in such setting you are not able to reset bpf_jit_enable back to > 0 at > runtime? Oh, no. Sorry for the unclear description. currently, only x86, arm64 and s390 select ARCH_WANT_DEFAULT_BPF_JIT, the other archs do not select ARCH_WANT_DEFAULT_BPF_JIT. On the archs without ARCH_WANT_DEFAULT_BPF_JIT, if we want to set bpf_jit_enable to 1 by default, the only way is to enable CONFIG_BPF_JIT_ALWAYS_ON, then the users can not change it to 0 or 2, it seems bad for some users, we can select ARCH_WANT_DEFAULT_BPF_JIT for those archs if it is proper, but at least for now, make BPF_JIT_DEFAULT_ON selectable can give them a chance. Additionaly, with this patch, under !BPF_JIT_ALWAYS_ON, we can disable BPF_JIT_DEFAULT_ON on the archs with ARCH_WANT_DEFAULT_BPF_JIT when make menuconfig, it seems flexible for some developers. If you are OK, I will update the commit message and then send v2. Thanks, Tiezhu > > Thanks, > Daniel
diff --git a/kernel/bpf/Kconfig b/kernel/bpf/Kconfig index 88409f8..28b7d71 100644 --- a/kernel/bpf/Kconfig +++ b/kernel/bpf/Kconfig @@ -54,6 +54,7 @@ config BPF_JIT config BPF_JIT_ALWAYS_ON bool "Permanently enable BPF JIT and remove BPF interpreter" depends on BPF_SYSCALL && HAVE_EBPF_JIT && BPF_JIT + select BPF_JIT_DEFAULT_ON help Enables BPF JIT and removes BPF interpreter to avoid speculative execution of BPF instructions by the interpreter. @@ -62,8 +63,16 @@ config BPF_JIT_ALWAYS_ON set to 1 and setting any other value than that will return in failure. config BPF_JIT_DEFAULT_ON - def_bool ARCH_WANT_DEFAULT_BPF_JIT || BPF_JIT_ALWAYS_ON - depends on HAVE_EBPF_JIT && BPF_JIT + bool "Defaultly enable BPF JIT and remove BPF interpreter" + default y if ARCH_WANT_DEFAULT_BPF_JIT + depends on BPF_SYSCALL && HAVE_EBPF_JIT && BPF_JIT + help + Enables BPF JIT and removes BPF interpreter to avoid speculative + execution of BPF instructions by the interpreter. + + When CONFIG_BPF_JIT_DEFAULT_ON is enabled but CONFIG_BPF_JIT_ALWAYS_ON + is disabled, bpf_jit_enable is set to 1 by default and can be changed + to 0 or 2. config BPF_UNPRIV_DEFAULT_OFF bool "Disable unprivileged BPF by default"
Currently, it is not possible to set bpf_jit_enable to 1 by default and the users can change it to 0 or 2, it seems bad for some users, make BPF_JIT_DEFAULT_ON selectable to give them a chance. Signed-off-by: Tiezhu Yang <yangtiezhu@loongson.cn> --- kernel/bpf/Kconfig | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-)