Merge branch 'v5.15/standard/base' into v5.15/standard/bcm-2xxx-rpiv5.15/standard/bcm-2xxx-rpi

author: Bruce Ashfield <bruce.ashfield@gmail.com> 2022-05-18 14:06:13 -0400
committer: Bruce Ashfield <bruce.ashfield@gmail.com> 2022-05-18 14:06:13 -0400
commit: fdd2ada69157e4659a677f8218698e167236713d (patch)
tree: 790867a1881f321e3b8bdf630ec7c51736f46821
parent: 35a442d3a4f223f1201be99e06855d7bfc68db6a (diff)
parent: 77aa9e489eafdd700df399b2e47a0ff313a91870 (diff)
download: linux-yocto-v5.15/standard/bcm-2xxx-rpi.tar.gz
linux-yocto-v5.15/standard/bcm-2xxx-rpi.tar.bz2
linux-yocto-v5.15/standard/bcm-2xxx-rpi.zip
1 files changed, 7 insertions, 0 deletions
diff --git a/kernel/bpf/Kconfig b/kernel/bpf/Kconfig
index a82d6de86522..d24d518ddd63 100644
--- a/kernel/bpf/Kconfig
+++ b/kernel/bpf/Kconfig
@@ -64,6 +64,7 @@ config BPF_JIT_DEFAULT_ON
 
 config BPF_UNPRIV_DEFAULT_OFF
 	bool "Disable unprivileged BPF by default"
+	default y
 	depends on BPF_SYSCALL
 	help
 	  Disables unprivileged BPF by default by setting the corresponding
@@ -72,6 +73,12 @@ config BPF_UNPRIV_DEFAULT_OFF
 	  disable it by setting it to 1 (from which no other transition to
 	  0 is possible anymore).
 
+	  Unprivileged BPF could be used to exploit certain potential
+	  speculative execution side-channel vulnerabilities on unmitigated
+	  affected hardware.
+
+	  If you are unsure how to answer this question, answer Y.
+
 source "kernel/bpf/preload/Kconfig"
 
 config BPF_LSM
author	Bruce Ashfield <bruce.ashfield@gmail.com>	2022-05-18 14:06:13 -0400
committer	Bruce Ashfield <bruce.ashfield@gmail.com>	2022-05-18 14:06:13 -0400
commit	fdd2ada69157e4659a677f8218698e167236713d (patch)
tree	790867a1881f321e3b8bdf630ec7c51736f46821
parent	35a442d3a4f223f1201be99e06855d7bfc68db6a (diff)
parent	77aa9e489eafdd700df399b2e47a0ff313a91870 (diff)
download	linux-yocto-v5.15/standard/bcm-2xxx-rpi.tar.gz linux-yocto-v5.15/standard/bcm-2xxx-rpi.tar.bz2 linux-yocto-v5.15/standard/bcm-2xxx-rpi.zip