From 5f4d4e124584d175de24934c858b67d21335c976 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Wed, 10 Nov 2021 09:44:08 +0100 Subject: [PATCH] ANDROID: GKI: continue to allow eBPF unprivileged programs to run The 5.16-rc1 kernel has changed the default to disable eBPF unprivileged programs to run because of Intel's broken hardware which allows for speculation leaks to happen very easily on those platforms. This is not an issue on the majority of Android systems, and the Android networking functionality relies on this feature, so specifically disable the configuration option so that things continue to work properly. Disabling a disable configuration option, ugh... Fixes: 8a03e56b253e ("bpf: Disallow unprivileged bpf by default") Signed-off-by: Greg Kroah-Hartman Change-Id: Ifd055add42ec1e8360c3d7823ae12567513dba19 --- arch/arm64/configs/gki_defconfig | 1 + arch/x86/configs/gki_defconfig | 1 + 2 files changed, 2 insertions(+) diff --git a/arch/arm64/configs/gki_defconfig b/arch/arm64/configs/gki_defconfig index 4223709545d8..5b44637a8066 100644 --- a/arch/arm64/configs/gki_defconfig +++ b/arch/arm64/configs/gki_defconfig @@ -5,6 +5,7 @@ CONFIG_HIGH_RES_TIMERS=y CONFIG_BPF_SYSCALL=y CONFIG_BPF_JIT=y CONFIG_BPF_JIT_ALWAYS_ON=y +# CONFIG_BPF_UNPRIV_DEFAULT_OFF is not set CONFIG_PREEMPT_BEHAVIOUR=y CONFIG_IRQ_TIME_ACCOUNTING=y CONFIG_TASKSTATS=y diff --git a/arch/x86/configs/gki_defconfig b/arch/x86/configs/gki_defconfig index b89db7790ebd..2c19fa9e155b 100644 --- a/arch/x86/configs/gki_defconfig +++ b/arch/x86/configs/gki_defconfig @@ -7,6 +7,7 @@ CONFIG_HIGH_RES_TIMERS=y CONFIG_BPF_SYSCALL=y CONFIG_BPF_JIT=y CONFIG_BPF_JIT_ALWAYS_ON=y +# CONFIG_BPF_UNPRIV_DEFAULT_OFF is not set CONFIG_PREEMPT_BEHAVIOUR=y CONFIG_IRQ_TIME_ACCOUNTING=y CONFIG_TASKSTATS=y