| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 15 Mar 2020 13:26:48 +0100
From: Stephen Kitt <steve@....org>
To: Jonathan Corbet <corbet@....net>,
Alexei Starovoitov <ast@...nel.org>,
Daniel Borkmann <daniel@...earbox.net>,
Martin KaFai Lau <kafai@...com>,
Song Liu <songliubraving@...com>, Yonghong Song <yhs@...com>,
Andrii Nakryiko <andriin@...com>, linux-doc@...r.kernel.org
Cc: bpf@...r.kernel.org, linux-kernel@...r.kernel.org,
Stephen Kitt <steve@....org>
Subject: [PATCH v4] docs: sysctl/kernel: document BPF entries
Based on the implementation in kernel/bpf/syscall.c,
kernel/bpf/trampoline.c, include/linux/filter.h, and the documentation
in bpftool-prog.rst.
Signed-off-by: Stephen Kitt <steve@....org>
---
Notes:
This patch is intended for docs-next, but I'd appreciate reviews from
BPF developers.
Changes since v3:
- moved back to docs-next.
Changes since v2:
- fixed "will disabled" typo.
Changes since v1:
- rebased on bpf-next instead of docs-next.
Documentation/admin-guide/sysctl/kernel.rst | 24 +++++++++++++++++++++
1 file changed, 24 insertions(+)
diff --git a/Documentation/admin-guide/sysctl/kernel.rst b/Documentation/admin-guide/sysctl/kernel.rst
index 335696d3360d..88c51c0a5ce6 100644
--- a/Documentation/admin-guide/sysctl/kernel.rst
+++ b/Documentation/admin-guide/sysctl/kernel.rst
@@ -102,6 +102,20 @@ See the ``type_of_loader`` and ``ext_loader_ver`` fields in
:doc:`/x86/boot` for additional information.
+bpf_stats_enabled
+=================
+
+Controls whether the kernel should collect statistics on BPF programs
+(total time spent running, number of times run...). Enabling
+statistics causes a slight reduction in performance on each program
+run. The statistics can be seen using ``bpftool``.
+
+= ===================================
+0 Don't collect statistics (default).
+1 Collect statistics.
+= ===================================
+
+
cap_last_cap
============
@@ -1166,6 +1180,16 @@ NMI switch that most IA32 servers have fires unknown NMI up, for
example. If a system hangs up, try pressing the NMI switch.
+unprivileged_bpf_disabled
+=========================
+
+Writing 1 to this entry will disable unprivileged calls to ``bpf()``;
+once disabled, calling ``bpf()`` without ``CAP_SYS_ADMIN`` will return
+``-EPERM``.
+
+Once set, this can't be cleared.
+
+
watchdog
========
base-commit: 7d3d3254adaa61cba896f71497f56901deb618e5
--
2.20.1
Powered by blists - more mailing lists