From: will.deacon@arm.com (Will Deacon)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH 2/2] arm64: defconfig: enable BPF related configs
Date: Mon, 26 Nov 2018 15:38:20 +0000 [thread overview]
Message-ID: <20181126153820.GA28400@arm.com> (raw)
In-Reply-To: <CAKv+Gu9EE_bWcoxEFr4pi41pfAQsDAywKR+gSueA9vE_Z4Np+g@mail.gmail.com>
On Sat, Nov 17, 2018 at 03:18:04PM -0800, Ard Biesheuvel wrote:
> On Mon, 12 Nov 2018 at 10:36, Will Deacon <will.deacon@arm.com> wrote:
> > On Sun, Nov 11, 2018 at 06:10:48PM +0000, Peter Robinson wrote:
> > > The BPF components are getting more widely used by various components
> > > so we should enable them in the ARMv7 multi config to ensure they
> > > get wider testing and don't regress.
> >
> > Have other architectures already made this leap?
> >
>
> $ git grep CONFIG_BPF_SYSCALL=y arch/
> arch/arm/configs/aspeed_g4_defconfig:CONFIG_BPF_SYSCALL=y
> arch/arm/configs/aspeed_g5_defconfig:CONFIG_BPF_SYSCALL=y
> arch/mips/configs/generic_defconfig:CONFIG_BPF_SYSCALL=y
> arch/powerpc/configs/44x/fsp2_defconfig:CONFIG_BPF_SYSCALL=y
> arch/powerpc/configs/powernv_defconfig:CONFIG_BPF_SYSCALL=y
> arch/powerpc/configs/ppc64_defconfig:CONFIG_BPF_SYSCALL=y
> arch/powerpc/configs/pseries_defconfig:CONFIG_BPF_SYSCALL=y
> arch/riscv/configs/defconfig:CONFIG_BPF_SYSCALL=y
> arch/s390/configs/debug_defconfig:CONFIG_BPF_SYSCALL=y
> arch/s390/configs/performance_defconfig:CONFIG_BPF_SYSCALL=y
> arch/s390/defconfig:CONFIG_BPF_SYSCALL=y
>
> but nobody seems to enable CONFIG_BPF_JIT_ALWAYS_ON.
>
> I sent some patches to move the BPF JIT allocations out of the module
> range. Whether that really improves things in terms of security is not
> obvious to me, but at least we stop wasting module region space (and
> potentially KASAN shadow pages) on BPF programs.
>
> If this is mainly for coverage, it would indeed be nice if we could at
> least make it root only by default. However, if the distros are
> enabling this in their default configurations, I'd prefer it if we at
> least have a config that will help us spot issues early on.
That's a fair point on the distros. Peter, as author of the patch, please
can you take a look at the arm64 kernel configs from some popular
distributions and see which of these options they tend to enable?
Thanks,
Will
next prev parent reply other threads:[~2018-11-26 15:38 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-11-11 18:10 [PATCH 1/2] ARM: multi_v7_defconfig: enable BPF related configs Peter Robinson
2018-11-11 18:10 ` [PATCH 2/2] arm64: defconfig: " Peter Robinson
2018-11-12 18:36 ` Will Deacon
2018-11-17 23:18 ` Ard Biesheuvel
2018-11-26 15:38 ` Will Deacon [this message]
2018-11-26 15:52 ` Russell King - ARM Linux
2018-11-27 19:31 ` Will Deacon
2018-11-27 23:18 ` Russell King - ARM Linux
2018-11-28 20:01 ` Will Deacon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181126153820.GA28400@arm.com \
--to=will.deacon@arm.com \
--cc=linux-arm-kernel@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).