Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 936436 - sys-kernel/gentoo-kernel: Add IUSE=jit to control BPF_JIT_ALWAYS_ON/BPF_JIT_DEFAULT_ON
Summary: sys-kernel/gentoo-kernel: Add IUSE=jit to control BPF_JIT_ALWAYS_ON/BPF_JIT_D...
Status: UNCONFIRMED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal enhancement
Assignee: Distribution Kernel Project
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2024-07-21 12:29 UTC by Luke-Jr
Modified: 2024-07-21 13:03 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Luke-Jr 2024-07-21 12:29:12 UTC
JIT is often a performance/security tradeoff, so it would be nice to have a way to disable it. Currently, gentoo-kernel uses BPF_JIT_ALWAYS_ON so it can't even be turned off at runtime.
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2024-07-21 12:37:17 UTC
Any reason you can't just use https://wiki.gentoo.org/wiki/Project:Distribution_Kernel#Modifying_kernel_configuration?
Comment 2 Luke-Jr 2024-07-21 12:38:55 UTC
No, but that's like suggesting to use /etc/portage/patches instead of any other package/USE flag combination. The point of USE flags is to (eg) let users set USE=-jit in one place and have it apply everywhere practical.
Comment 3 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2024-07-21 12:41:59 UTC
Not really.. we don't add USE for every single possible kernel configuration option.

The kernel has both savedconfig *and* kernel.d/config snippets available for you to customise.
Comment 4 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2024-07-21 12:42:33 UTC
Anyway, I'm not saying no given USE=jit has a meaning already, see what others say. But in general, you should really be prepared to justify why the config option mechanisms aren't appropriate for this package.
Comment 5 Nowa Ammerlaan gentoo-dev 2024-07-21 13:03:59 UTC
We don't set this option, it originates upstream from Fedora[1]. We could of course override BPF_JIT_ALWAYS_ON on our end, but I don't yet see why this would need a USE flag toggle. Not necessarily opposed to it either.

From the description, this option avoids "speculative execution of BPF instructions" which sounds to me like we would want to keep this option enabled.

[1] https://github.com/projg2/fedora-kernel-config-for-gentoo/blob/5fc4172d71d243f47b17be62d7aef176453514d4/kernel-x86_64-fedora.config#L680