enable BPF JIT hardening by default (if available)

2018-05-07 20:37:55 +02:00 · 2018-05-07 20:37:55 +02:00 · 87a4cd3844
parent 35e7bc6bf1
commit 87a4cd3844
1 changed files with 1 additions and 1 deletions
--- a/kernel/bpf/core.c
+++ b/kernel/bpf/core.c
@ -551,7 +551,7 @@ void bpf_prog_kallsyms_del_all(struct bpf_prog *fp)
 /* All BPF JIT sysctl knobs here. */
 int bpf_jit_enable   __read_mostly = IS_BUILTIN(CONFIG_BPF_JIT_DEFAULT_ON);
 int bpf_jit_kallsyms __read_mostly = IS_BUILTIN(CONFIG_BPF_JIT_DEFAULT_ON);
-int bpf_jit_harden   __read_mostly;
+int bpf_jit_harden   __read_mostly = 2;
 long bpf_jit_limit   __read_mostly;
 long bpf_jit_limit_max __read_mostly;