When using a large page size, the default value of the bpf_jit_limit
knob becomes invalid and users are not able to run unprivileged bpf
programs.
The bpf_jit_limit knob is represented internally as a 32-bit signed
integer because of which the default value, i.e. PAGE_SIZE * 40000,
overflows in case of an architecture like powerpc64 which uses 64K
as the default page size (i.e. CONFIG_PPC_64K_PAGES is set).
So, instead of depending on the page size, use a constant value.
Fixes: ede95a63b5e8 ("bpf: add bpf_jit_limit knob to restrict unpriv
allocations")
Signed-off-by: Sandipan Das <sandi...@linux.ibm.com>
---
kernel/bpf/core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c
index b1a3545d0ec8..a81d097a17fb 100644
--- a/kernel/bpf/core.c
+++ b/kernel/bpf/core.c
@@ -365,7 +365,7 @@ void bpf_prog_kallsyms_del_all(struct bpf_prog *fp)
}
#ifdef CONFIG_BPF_JIT
-# define BPF_JIT_LIMIT_DEFAULT (PAGE_SIZE * 40000)
+# define BPF_JIT_LIMIT_DEFAULT (4096 * 40000)
/* All BPF JIT sysctl knobs here. */
int bpf_jit_enable __read_mostly = IS_BUILTIN(CONFIG_BPF_JIT_ALWAYS_ON);
--
2.19.2
