JIT is often a performance/security tradeoff, so it would be nice to have a way to disable it. Currently, gentoo-kernel uses BPF_JIT_ALWAYS_ON so it can't even be turned off at runtime.
Any reason you can't just use https://wiki.gentoo.org/wiki/Project:Distribution_Kernel#Modifying_kernel_configuration?
No, but that's like suggesting to use /etc/portage/patches instead of any other package/USE flag combination. The point of USE flags is to (eg) let users set USE=-jit in one place and have it apply everywhere practical.
Not really.. we don't add USE for every single possible kernel configuration option. The kernel has both savedconfig *and* kernel.d/config snippets available for you to customise.
Anyway, I'm not saying no given USE=jit has a meaning already, see what others say. But in general, you should really be prepared to justify why the config option mechanisms aren't appropriate for this package.
We don't set this option, it originates upstream from Fedora[1]. We could of course override BPF_JIT_ALWAYS_ON on our end, but I don't yet see why this would need a USE flag toggle. Not necessarily opposed to it either. From the description, this option avoids "speculative execution of BPF instructions" which sounds to me like we would want to keep this option enabled. [1] https://github.com/projg2/fedora-kernel-config-for-gentoo/blob/5fc4172d71d243f47b17be62d7aef176453514d4/kernel-x86_64-fedora.config#L680