Commit 5d8e5aee authored by Stephen Kitt's avatar Stephen Kitt Committed by Jonathan Corbet

docs: sysctl/kernel: document BPF entries

Based on the implementation in kernel/bpf/syscall.c,
kernel/bpf/trampoline.c, include/linux/filter.h, and the documentation
in bpftool-prog.rst.
Signed-off-by: default avatarStephen Kitt <steve@sk2.org>
Link: https://lore.kernel.org/r/20200315122648.20558-1-steve@sk2.orgSigned-off-by: default avatarJonathan Corbet <corbet@lwn.net>
parent 3f11de39
...@@ -102,6 +102,20 @@ See the ``type_of_loader`` and ``ext_loader_ver`` fields in ...@@ -102,6 +102,20 @@ See the ``type_of_loader`` and ``ext_loader_ver`` fields in
:doc:`/x86/boot` for additional information. :doc:`/x86/boot` for additional information.
bpf_stats_enabled
=================
Controls whether the kernel should collect statistics on BPF programs
(total time spent running, number of times run...). Enabling
statistics causes a slight reduction in performance on each program
run. The statistics can be seen using ``bpftool``.
= ===================================
0 Don't collect statistics (default).
1 Collect statistics.
= ===================================
cap_last_cap cap_last_cap
============ ============
...@@ -1178,6 +1192,16 @@ NMI switch that most IA32 servers have fires unknown NMI up, for ...@@ -1178,6 +1192,16 @@ NMI switch that most IA32 servers have fires unknown NMI up, for
example. If a system hangs up, try pressing the NMI switch. example. If a system hangs up, try pressing the NMI switch.
unprivileged_bpf_disabled
=========================
Writing 1 to this entry will disable unprivileged calls to ``bpf()``;
once disabled, calling ``bpf()`` without ``CAP_SYS_ADMIN`` will return
``-EPERM``.
Once set, this can't be cleared.
watchdog watchdog
======== ========
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment