On Sat, Jan 06, 2018 at 11:26:43AM +1100, Adam Carter wrote > > > > > So, HAVE_EBPF_JIT=y just means that BPF JIT _can_ be done on x86. There > > > is a separate BPF_JIT setting to actually enable it. > > > > Well, that doesn't seem to be present here. Just the HAVE_ symbol. > > > Careful, there's BPF and EBPF. > > $ zgrep BPF /proc/config.gz > CONFIG_CGROUP_BPF=y > CONFIG_BPF=y > CONFIG_BPF_SYSCALL=y > # CONFIG_NETFILTER_XT_MATCH_BPF is not set > # CONFIG_NET_CLS_BPF is not set > # CONFIG_NET_ACT_BPF is not set > # CONFIG_BPF_JIT is not set > # CONFIG_BPF_STREAM_PARSER is not set > CONFIG_HAVE_EBPF_JIT=y > # CONFIG_TEST_BPF is not set
I'm running openrc. On my 32-bit install, Intel Core2 duo, I get... zgrep BPF /proc/config.gz CONFIG_BPF=y # CONFIG_BPF_SYSCALL is not set # CONFIG_NETFILTER_XT_MATCH_BPF is not set # CONFIG_TEST_BPF is not set On my 64-bit install, Intel Silvermont (Atom), I get... zgrep BPF /proc/config.gz CONFIG_BPF=y # CONFIG_BPF_SYSCALL is not set # CONFIG_NETFILTER_XT_MATCH_BPF is not set # CONFIG_BPF_JIT is not set CONFIG_HAVE_EBPF_JIT=y # CONFIG_TEST_BPF is not set Does this improve security at all versus meltdown/spectre? Any suggestions for changes? -- Walter Dnes <[email protected]> I don't run "desktop environments"; I run useful applications
