%PDF- %PDF-
Direktori : /usr/src/linux-headers-5.15.0-125-generic/kernel/bpf/ |
Current File : //usr/src/linux-headers-5.15.0-125-generic/kernel/bpf/Kconfig |
# SPDX-License-Identifier: GPL-2.0-only # BPF interpreter that, for example, classic socket filters depend on. config BPF bool # Used by archs to tell that they support BPF JIT compiler plus which # flavour. Only one of the two can be selected for a specific arch since # eBPF JIT supersedes the cBPF JIT. # Classic BPF JIT (cBPF) config HAVE_CBPF_JIT bool # Extended BPF JIT (eBPF) config HAVE_EBPF_JIT bool # Used by archs to tell that they want the BPF JIT compiler enabled by # default for kernels that were compiled with BPF JIT support. config ARCH_WANT_DEFAULT_BPF_JIT bool menu "BPF subsystem" config BPF_SYSCALL bool "Enable bpf() system call" select BPF select IRQ_WORK select TASKS_TRACE_RCU select BINARY_PRINTF select NET_SOCK_MSG if NET default n help Enable the bpf() system call that allows to manipulate BPF programs and maps via file descriptors. config BPF_JIT bool "Enable BPF Just In Time compiler" depends on BPF depends on HAVE_CBPF_JIT || HAVE_EBPF_JIT depends on MODULES help BPF programs are normally handled by a BPF interpreter. This option allows the kernel to generate native code when a program is loaded into the kernel. This will significantly speed-up processing of BPF programs. Note, an admin should enable this feature changing: /proc/sys/net/core/bpf_jit_enable /proc/sys/net/core/bpf_jit_harden (optional) /proc/sys/net/core/bpf_jit_kallsyms (optional) config BPF_JIT_ALWAYS_ON bool "Permanently enable BPF JIT and remove BPF interpreter" depends on BPF_SYSCALL && HAVE_EBPF_JIT && BPF_JIT help Enables BPF JIT and removes BPF interpreter to avoid speculative execution of BPF instructions by the interpreter. config BPF_JIT_DEFAULT_ON def_bool ARCH_WANT_DEFAULT_BPF_JIT || BPF_JIT_ALWAYS_ON depends on HAVE_EBPF_JIT && BPF_JIT config BPF_UNPRIV_DEFAULT_OFF bool "Disable unprivileged BPF by default" depends on BPF_SYSCALL help Disables unprivileged BPF by default by setting the corresponding /proc/sys/kernel/unprivileged_bpf_disabled knob to 2. An admin can still reenable it by setting it to 0 later on, or permanently disable it by setting it to 1 (from which no other transition to 0 is possible anymore). source "kernel/bpf/preload/Kconfig" config BPF_LSM bool "Enable BPF LSM Instrumentation" depends on BPF_EVENTS depends on BPF_SYSCALL depends on SECURITY depends on BPF_JIT help Enables instrumentation of the security hooks with BPF programs for implementing dynamic MAC and Audit Policies. If you are unsure how to answer this question, answer N. endmenu # "BPF subsystem"