1*b24abcffSDaniel Borkmann# SPDX-License-Identifier: GPL-2.0-only 2*b24abcffSDaniel Borkmann 3*b24abcffSDaniel Borkmann# BPF interpreter that, for example, classic socket filters depend on. 4*b24abcffSDaniel Borkmannconfig BPF 5*b24abcffSDaniel Borkmann bool 6*b24abcffSDaniel Borkmann 7*b24abcffSDaniel Borkmann# Used by archs to tell that they support BPF JIT compiler plus which 8*b24abcffSDaniel Borkmann# flavour. Only one of the two can be selected for a specific arch since 9*b24abcffSDaniel Borkmann# eBPF JIT supersedes the cBPF JIT. 10*b24abcffSDaniel Borkmann 11*b24abcffSDaniel Borkmann# Classic BPF JIT (cBPF) 12*b24abcffSDaniel Borkmannconfig HAVE_CBPF_JIT 13*b24abcffSDaniel Borkmann bool 14*b24abcffSDaniel Borkmann 15*b24abcffSDaniel Borkmann# Extended BPF JIT (eBPF) 16*b24abcffSDaniel Borkmannconfig HAVE_EBPF_JIT 17*b24abcffSDaniel Borkmann bool 18*b24abcffSDaniel Borkmann 19*b24abcffSDaniel Borkmann# Used by archs to tell that they want the BPF JIT compiler enabled by 20*b24abcffSDaniel Borkmann# default for kernels that were compiled with BPF JIT support. 21*b24abcffSDaniel Borkmannconfig ARCH_WANT_DEFAULT_BPF_JIT 22*b24abcffSDaniel Borkmann bool 23*b24abcffSDaniel Borkmann 24*b24abcffSDaniel Borkmannmenu "BPF subsystem" 25*b24abcffSDaniel Borkmann 26*b24abcffSDaniel Borkmannconfig BPF_SYSCALL 27*b24abcffSDaniel Borkmann bool "Enable bpf() system call" 28*b24abcffSDaniel Borkmann select BPF 29*b24abcffSDaniel Borkmann select IRQ_WORK 30*b24abcffSDaniel Borkmann select TASKS_TRACE_RCU 31*b24abcffSDaniel Borkmann select BINARY_PRINTF 32*b24abcffSDaniel Borkmann select NET_SOCK_MSG if INET 33*b24abcffSDaniel Borkmann default n 34*b24abcffSDaniel Borkmann help 35*b24abcffSDaniel Borkmann Enable the bpf() system call that allows to manipulate BPF programs 36*b24abcffSDaniel Borkmann and maps via file descriptors. 37*b24abcffSDaniel Borkmann 38*b24abcffSDaniel Borkmannconfig BPF_JIT 39*b24abcffSDaniel Borkmann bool "Enable BPF Just In Time compiler" 40*b24abcffSDaniel Borkmann depends on HAVE_CBPF_JIT || HAVE_EBPF_JIT 41*b24abcffSDaniel Borkmann depends on MODULES 42*b24abcffSDaniel Borkmann help 43*b24abcffSDaniel Borkmann BPF programs are normally handled by a BPF interpreter. This option 44*b24abcffSDaniel Borkmann allows the kernel to generate native code when a program is loaded 45*b24abcffSDaniel Borkmann into the kernel. This will significantly speed-up processing of BPF 46*b24abcffSDaniel Borkmann programs. 47*b24abcffSDaniel Borkmann 48*b24abcffSDaniel Borkmann Note, an admin should enable this feature changing: 49*b24abcffSDaniel Borkmann /proc/sys/net/core/bpf_jit_enable 50*b24abcffSDaniel Borkmann /proc/sys/net/core/bpf_jit_harden (optional) 51*b24abcffSDaniel Borkmann /proc/sys/net/core/bpf_jit_kallsyms (optional) 52*b24abcffSDaniel Borkmann 53*b24abcffSDaniel Borkmannconfig BPF_JIT_ALWAYS_ON 54*b24abcffSDaniel Borkmann bool "Permanently enable BPF JIT and remove BPF interpreter" 55*b24abcffSDaniel Borkmann depends on BPF_SYSCALL && HAVE_EBPF_JIT && BPF_JIT 56*b24abcffSDaniel Borkmann help 57*b24abcffSDaniel Borkmann Enables BPF JIT and removes BPF interpreter to avoid speculative 58*b24abcffSDaniel Borkmann execution of BPF instructions by the interpreter. 59*b24abcffSDaniel Borkmann 60*b24abcffSDaniel Borkmannconfig BPF_JIT_DEFAULT_ON 61*b24abcffSDaniel Borkmann def_bool ARCH_WANT_DEFAULT_BPF_JIT || BPF_JIT_ALWAYS_ON 62*b24abcffSDaniel Borkmann depends on HAVE_EBPF_JIT && BPF_JIT 63*b24abcffSDaniel Borkmann 64*b24abcffSDaniel Borkmannsource "kernel/bpf/preload/Kconfig" 65*b24abcffSDaniel Borkmann 66*b24abcffSDaniel Borkmannconfig BPF_LSM 67*b24abcffSDaniel Borkmann bool "Enable BPF LSM Instrumentation" 68*b24abcffSDaniel Borkmann depends on BPF_EVENTS 69*b24abcffSDaniel Borkmann depends on BPF_SYSCALL 70*b24abcffSDaniel Borkmann depends on SECURITY 71*b24abcffSDaniel Borkmann depends on BPF_JIT 72*b24abcffSDaniel Borkmann help 73*b24abcffSDaniel Borkmann Enables instrumentation of the security hooks with BPF programs for 74*b24abcffSDaniel Borkmann implementing dynamic MAC and Audit Policies. 75*b24abcffSDaniel Borkmann 76*b24abcffSDaniel Borkmann If you are unsure how to answer this question, answer N. 77*b24abcffSDaniel Borkmann 78*b24abcffSDaniel Borkmannendmenu # "BPF subsystem" 79