diff options
| author | David S. Miller <davem@davemloft.net> | 2016-05-16 13:49:33 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2016-05-16 13:49:33 -0400 |
| commit | 485b777855ed74dfcde5c46cfc88e2bc1b7c0714 (patch) | |
| tree | ec3eef1f80ae2f1d5fdbb9a5c12df5bf06025ad7 /Documentation | |
| parent | 553eb544444e28749e2d752dee11e2ae4a3ecfb6 (diff) | |
| parent | d93a47f735f3455a896e46b18d0ac26fa19639e6 (diff) | |
Merge branch 'bpf-blinding'
Daniel Borkmann says:
====================
BPF updates
This set implements constant blinding for BPF, first couple of
patches are some preparatory cleanups, followed by the blinding.
Please see individual patches for details.
Thanks a lot!
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'Documentation')
| -rw-r--r-- | Documentation/sysctl/net.txt | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/Documentation/sysctl/net.txt b/Documentation/sysctl/net.txt index 809ab6efcc74..f0480f7ea740 100644 --- a/Documentation/sysctl/net.txt +++ b/Documentation/sysctl/net.txt @@ -43,6 +43,17 @@ Values : 1 - enable the JIT 2 - enable the JIT and ask the compiler to emit traces on kernel log. +bpf_jit_harden +-------------- + +This enables hardening for the Berkeley Packet Filter Just in Time compiler. +Supported are eBPF JIT backends. Enabling hardening trades off performance, +but can mitigate JIT spraying. +Values : + 0 - disable JIT hardening (default value) + 1 - enable JIT hardening for unprivileged users only + 2 - enable JIT hardening for all users + dev_weight -------------- |