Loading Documentation/ABI/testing/sysfs-fs-f2fs +8 −0 Original line number Original line Diff line number Diff line Loading @@ -243,3 +243,11 @@ Description: - Del: echo '[h/c]!extension' > /sys/fs/f2fs/<disk>/extension_list - Del: echo '[h/c]!extension' > /sys/fs/f2fs/<disk>/extension_list - [h] means add/del hot file extension - [h] means add/del hot file extension - [c] means add/del cold file extension - [c] means add/del cold file extension What: /sys/fs/f2fs/<disk>/unusable Date April 2019 Contact: "Daniel Rosenberg" <drosen@google.com> Description: If checkpoint=disable, it displays the number of blocks that are unusable. If checkpoint=enable it displays the enumber of blocks that would be unusable if checkpoint=disable were to be set. Documentation/devicetree/bindings/serial/mvebu-uart.txt +1 −1 Original line number Original line Diff line number Diff line Loading @@ -8,6 +8,6 @@ Required properties: Example: Example: serial@12000 { serial@12000 { compatible = "marvell,armada-3700-uart"; compatible = "marvell,armada-3700-uart"; reg = <0x12000 0x400>; reg = <0x12000 0x200>; interrupts = <43>; interrupts = <43>; }; }; Documentation/filesystems/f2fs.txt +123 −10 Original line number Original line Diff line number Diff line Loading @@ -214,11 +214,22 @@ fsync_mode=%s Control the policy of fsync. Currently supports "posix", non-atomic files likewise "nobarrier" mount option. non-atomic files likewise "nobarrier" mount option. test_dummy_encryption Enable dummy encryption, which provides a fake fscrypt test_dummy_encryption Enable dummy encryption, which provides a fake fscrypt context. The fake fscrypt context is used by xfstests. context. The fake fscrypt context is used by xfstests. checkpoint=%s Set to "disable" to turn off checkpointing. Set to "enable" checkpoint=%s[:%u[%]] Set to "disable" to turn off checkpointing. Set to "enable" to reenable checkpointing. Is enabled by default. While to reenable checkpointing. Is enabled by default. While disabled, any unmounting or unexpected shutdowns will cause disabled, any unmounting or unexpected shutdowns will cause the filesystem contents to appear as they did when the the filesystem contents to appear as they did when the filesystem was mounted with that option. filesystem was mounted with that option. While mounting with checkpoint=disabled, the filesystem must run garbage collection to ensure that all available space can be used. If this takes too much time, the mount may return EAGAIN. You may optionally add a value to indicate how much of the disk you would be willing to temporarily give up to avoid additional garbage collection. This can be given as a number of blocks, or as a percent. For instance, mounting with checkpoint=disable:100% would always succeed, but it may hide up to all remaining free space. The actual space that would be unusable can be viewed at /sys/fs/f2fs/<disk>/unusable This space is reclaimed once checkpoint=enable. ================================================================================ ================================================================================ DEBUGFS ENTRIES DEBUGFS ENTRIES Loading Loading @@ -246,11 +257,14 @@ Files in /sys/fs/f2fs/<devname> .............................................................................. .............................................................................. File Content File Content gc_max_sleep_time This tuning parameter controls the maximum sleep gc_urgent_sleep_time This parameter controls sleep time for gc_urgent. 500 ms is set by default. See above gc_urgent. gc_min_sleep_time This tuning parameter controls the minimum sleep time for the garbage collection thread. Time is time for the garbage collection thread. Time is in milliseconds. in milliseconds. gc_min_sleep_time This tuning parameter controls the minimum sleep gc_max_sleep_time This tuning parameter controls the maximum sleep time for the garbage collection thread. Time is time for the garbage collection thread. Time is in milliseconds. in milliseconds. Loading @@ -270,9 +284,6 @@ Files in /sys/fs/f2fs/<devname> to 1, background thread starts to do GC by given to 1, background thread starts to do GC by given gc_urgent_sleep_time interval. gc_urgent_sleep_time interval. gc_urgent_sleep_time This parameter controls sleep time for gc_urgent. 500 ms is set by default. See above gc_urgent. reclaim_segments This parameter controls the number of prefree reclaim_segments This parameter controls the number of prefree segments to be reclaimed. If the number of prefree segments to be reclaimed. If the number of prefree segments is larger than the number of segments segments is larger than the number of segments Loading @@ -287,7 +298,16 @@ Files in /sys/fs/f2fs/<devname> checkpoint is triggered, and issued during the checkpoint is triggered, and issued during the checkpoint. By default, it is disabled with 0. checkpoint. By default, it is disabled with 0. trim_sections This parameter controls the number of sections discard_granularity This parameter controls the granularity of discard command size. It will issue discard commands iif the size is larger than given granularity. Its unit size is 4KB, and 4 (=16KB) is set by default. The maximum value is 128 (=512KB). reserved_blocks This parameter indicates the number of blocks that f2fs reserves internally for root. batched_trim_sections This parameter controls the number of sections to be trimmed out in batch mode when FITRIM to be trimmed out in batch mode when FITRIM conducts. 32 sections is set by default. conducts. 32 sections is set by default. Loading @@ -309,11 +329,35 @@ Files in /sys/fs/f2fs/<devname> the number is less than this value, it triggers the number is less than this value, it triggers in-place-updates. in-place-updates. min_seq_blocks This parameter controls the threshold to serialize write IOs issued by multiple threads in parallel. min_hot_blocks This parameter controls the threshold to allocate a hot data log for pending data blocks to write. min_ssr_sections This parameter adds the threshold when deciding SSR block allocation. If this is large, SSR mode will be enabled early. ram_thresh This parameter controls the memory footprint used by free nids and cached nat entries. By default, 10 is set, which indicates 10 MB / 1 GB RAM. ra_nid_pages When building free nids, F2FS reads NAT blocks ahead for speed up. Default is 0. dirty_nats_ratio Given dirty ratio of cached nat entries, F2FS determines flushing them in background. max_victim_search This parameter controls the number of trials to max_victim_search This parameter controls the number of trials to find a victim segment when conducting SSR and find a victim segment when conducting SSR and cleaning operations. The default value is 4096 cleaning operations. The default value is 4096 which covers 8GB block address range. which covers 8GB block address range. migration_granularity For large-sized sections, F2FS can stop GC given this granularity instead of reclaiming entire section. dir_level This parameter controls the directory level to dir_level This parameter controls the directory level to support large directory. If a directory has a support large directory. If a directory has a number of files, it can reduce the file lookup number of files, it can reduce the file lookup Loading @@ -321,9 +365,53 @@ Files in /sys/fs/f2fs/<devname> Otherwise, it needs to decrease this value to Otherwise, it needs to decrease this value to reduce the space overhead. The default value is 0. reduce the space overhead. The default value is 0. ram_thresh This parameter controls the memory footprint used cp_interval F2FS tries to do checkpoint periodically, 60 secs by free nids and cached nat entries. By default, by default. 10 is set, which indicates 10 MB / 1 GB RAM. idle_interval F2FS detects system is idle, if there's no F2FS operations during given interval, 5 secs by default. discard_idle_interval F2FS detects the discard thread is idle, given time interval. Default is 5 secs. gc_idle_interval F2FS detects the GC thread is idle, given time interval. Default is 5 secs. umount_discard_timeout When unmounting the disk, F2FS waits for finishing queued discard commands which can take huge time. This gives time out for it, 5 secs by default. iostat_enable This controls to enable/disable iostat in F2FS. readdir_ra This enables/disabled readahead of inode blocks in readdir, and default is enabled. gc_pin_file_thresh This indicates how many GC can be failed for the pinned file. If it exceeds this, F2FS doesn't guarantee its pinning state. 2048 trials is set by default. extension_list This enables to change extension_list for hot/cold files in runtime. inject_rate This controls injection rate of arbitrary faults. inject_type This controls injection type of arbitrary faults. dirty_segments This shows # of dirty segments. lifetime_write_kbytes This shows # of data written to the disk. features This shows current features enabled on F2FS. current_reserved_blocks This shows # of blocks currently reserved. unusable If checkpoint=disable, this shows the number of blocks that are unusable. If checkpoint=enable it shows the number of blocks that would be unusable if checkpoint=disable were to be set. ================================================================================ ================================================================================ USAGE USAGE Loading Loading @@ -656,3 +744,28 @@ algorithm. In order to identify whether the data in the victim segment are valid or not, In order to identify whether the data in the victim segment are valid or not, F2FS manages a bitmap. Each bit represents the validity of a block, and the F2FS manages a bitmap. Each bit represents the validity of a block, and the bitmap is composed of a bit stream covering whole blocks in main area. bitmap is composed of a bit stream covering whole blocks in main area. Fallocate(2) Policy ------------------- The default policy follows the below posix rule. Allocating disk space The default operation (i.e., mode is zero) of fallocate() allocates the disk space within the range specified by offset and len. The file size (as reported by stat(2)) will be changed if offset+len is greater than the file size. Any subregion within the range specified by offset and len that did not contain data before the call will be initialized to zero. This default behavior closely resembles the behavior of the posix_fallocate(3) library function, and is intended as a method of optimally implementing that function. However, once F2FS receives ioctl(fd, F2FS_IOC_SET_PIN_FILE) in prior to fallocate(fd, DEFAULT_MODE), it allocates on-disk blocks addressess having zero or random data, which is useful to the below scenario where: 1. create(fd) 2. ioctl(fd, F2FS_IOC_SET_PIN_FILE) 3. fallocate(fd, 0, 0, size) 4. address = fibmap(fd, offset) 5. open(blkdev) 6. write(blkdev, address) Documentation/kernel-parameters.txt +12 −4 Original line number Original line Diff line number Diff line Loading @@ -2506,6 +2506,7 @@ bytes respectively. Such letter suffixes can also be entirely omitted. improves system performance, but it may also improves system performance, but it may also expose users to several CPU vulnerabilities. expose users to several CPU vulnerabilities. Equivalent to: nopti [X86] Equivalent to: nopti [X86] nospectre_v1 [X86] nospectre_v2 [X86] nospectre_v2 [X86] spectre_v2_user=off [X86] spectre_v2_user=off [X86] spec_store_bypass_disable=off [X86] spec_store_bypass_disable=off [X86] Loading Loading @@ -2841,10 +2842,6 @@ bytes respectively. Such letter suffixes can also be entirely omitted. nohugeiomap [KNL,x86] Disable kernel huge I/O mappings. nohugeiomap [KNL,x86] Disable kernel huge I/O mappings. nospectre_v1 [PPC] Disable mitigations for Spectre Variant 1 (bounds check bypass). With this option data leaks are possible in the system. nosmt [KNL,S390] Disable symmetric multithreading (SMT). nosmt [KNL,S390] Disable symmetric multithreading (SMT). Equivalent to smt=1. Equivalent to smt=1. Loading @@ -2852,6 +2849,10 @@ bytes respectively. Such letter suffixes can also be entirely omitted. nosmt=force: Force disable SMT, cannot be undone nosmt=force: Force disable SMT, cannot be undone via the sysfs control file. via the sysfs control file. nospectre_v1 [X86,PPC] Disable mitigations for Spectre Variant 1 (bounds check bypass). With this option data leaks are possible in the system. nospectre_v2 [X86,PPC_FSL_BOOK3E] Disable all mitigations for the Spectre variant 2 nospectre_v2 [X86,PPC_FSL_BOOK3E] Disable all mitigations for the Spectre variant 2 (indirect branch prediction) vulnerability. System may (indirect branch prediction) vulnerability. System may allow data leaks with this option, which is equivalent allow data leaks with this option, which is equivalent Loading Loading @@ -3854,6 +3855,13 @@ bytes respectively. Such letter suffixes can also be entirely omitted. Run specified binary instead of /init from the ramdisk, Run specified binary instead of /init from the ramdisk, used for early userspace startup. See initrd. used for early userspace startup. See initrd. rdrand= [X86] force - Override the decision by the kernel to hide the advertisement of RDRAND support (this affects certain AMD processors because of buggy BIOS support, specifically around the suspend/resume path). reboot= [KNL] reboot= [KNL] Format (x86 or x86_64): Format (x86 or x86_64): [w[arm] | c[old] | h[ard] | s[oft] | g[pio]] \ [w[arm] | c[old] | h[ard] | s[oft] | g[pio]] \ Loading Documentation/sysctl/net.txt +8 −0 Original line number Original line Diff line number Diff line Loading @@ -54,6 +54,14 @@ Values : 1 - enable JIT hardening for unprivileged users only 1 - enable JIT hardening for unprivileged users only 2 - enable JIT hardening for all users 2 - enable JIT hardening for all users bpf_jit_limit ------------- This enforces a global limit for memory allocations to the BPF JIT compiler in order to reject unprivileged JIT requests once it has been surpassed. bpf_jit_limit contains the value of the global limit in bytes. dev_weight dev_weight -------------- -------------- Loading Loading
Documentation/ABI/testing/sysfs-fs-f2fs +8 −0 Original line number Original line Diff line number Diff line Loading @@ -243,3 +243,11 @@ Description: - Del: echo '[h/c]!extension' > /sys/fs/f2fs/<disk>/extension_list - Del: echo '[h/c]!extension' > /sys/fs/f2fs/<disk>/extension_list - [h] means add/del hot file extension - [h] means add/del hot file extension - [c] means add/del cold file extension - [c] means add/del cold file extension What: /sys/fs/f2fs/<disk>/unusable Date April 2019 Contact: "Daniel Rosenberg" <drosen@google.com> Description: If checkpoint=disable, it displays the number of blocks that are unusable. If checkpoint=enable it displays the enumber of blocks that would be unusable if checkpoint=disable were to be set.
Documentation/devicetree/bindings/serial/mvebu-uart.txt +1 −1 Original line number Original line Diff line number Diff line Loading @@ -8,6 +8,6 @@ Required properties: Example: Example: serial@12000 { serial@12000 { compatible = "marvell,armada-3700-uart"; compatible = "marvell,armada-3700-uart"; reg = <0x12000 0x400>; reg = <0x12000 0x200>; interrupts = <43>; interrupts = <43>; }; };
Documentation/filesystems/f2fs.txt +123 −10 Original line number Original line Diff line number Diff line Loading @@ -214,11 +214,22 @@ fsync_mode=%s Control the policy of fsync. Currently supports "posix", non-atomic files likewise "nobarrier" mount option. non-atomic files likewise "nobarrier" mount option. test_dummy_encryption Enable dummy encryption, which provides a fake fscrypt test_dummy_encryption Enable dummy encryption, which provides a fake fscrypt context. The fake fscrypt context is used by xfstests. context. The fake fscrypt context is used by xfstests. checkpoint=%s Set to "disable" to turn off checkpointing. Set to "enable" checkpoint=%s[:%u[%]] Set to "disable" to turn off checkpointing. Set to "enable" to reenable checkpointing. Is enabled by default. While to reenable checkpointing. Is enabled by default. While disabled, any unmounting or unexpected shutdowns will cause disabled, any unmounting or unexpected shutdowns will cause the filesystem contents to appear as they did when the the filesystem contents to appear as they did when the filesystem was mounted with that option. filesystem was mounted with that option. While mounting with checkpoint=disabled, the filesystem must run garbage collection to ensure that all available space can be used. If this takes too much time, the mount may return EAGAIN. You may optionally add a value to indicate how much of the disk you would be willing to temporarily give up to avoid additional garbage collection. This can be given as a number of blocks, or as a percent. For instance, mounting with checkpoint=disable:100% would always succeed, but it may hide up to all remaining free space. The actual space that would be unusable can be viewed at /sys/fs/f2fs/<disk>/unusable This space is reclaimed once checkpoint=enable. ================================================================================ ================================================================================ DEBUGFS ENTRIES DEBUGFS ENTRIES Loading Loading @@ -246,11 +257,14 @@ Files in /sys/fs/f2fs/<devname> .............................................................................. .............................................................................. File Content File Content gc_max_sleep_time This tuning parameter controls the maximum sleep gc_urgent_sleep_time This parameter controls sleep time for gc_urgent. 500 ms is set by default. See above gc_urgent. gc_min_sleep_time This tuning parameter controls the minimum sleep time for the garbage collection thread. Time is time for the garbage collection thread. Time is in milliseconds. in milliseconds. gc_min_sleep_time This tuning parameter controls the minimum sleep gc_max_sleep_time This tuning parameter controls the maximum sleep time for the garbage collection thread. Time is time for the garbage collection thread. Time is in milliseconds. in milliseconds. Loading @@ -270,9 +284,6 @@ Files in /sys/fs/f2fs/<devname> to 1, background thread starts to do GC by given to 1, background thread starts to do GC by given gc_urgent_sleep_time interval. gc_urgent_sleep_time interval. gc_urgent_sleep_time This parameter controls sleep time for gc_urgent. 500 ms is set by default. See above gc_urgent. reclaim_segments This parameter controls the number of prefree reclaim_segments This parameter controls the number of prefree segments to be reclaimed. If the number of prefree segments to be reclaimed. If the number of prefree segments is larger than the number of segments segments is larger than the number of segments Loading @@ -287,7 +298,16 @@ Files in /sys/fs/f2fs/<devname> checkpoint is triggered, and issued during the checkpoint is triggered, and issued during the checkpoint. By default, it is disabled with 0. checkpoint. By default, it is disabled with 0. trim_sections This parameter controls the number of sections discard_granularity This parameter controls the granularity of discard command size. It will issue discard commands iif the size is larger than given granularity. Its unit size is 4KB, and 4 (=16KB) is set by default. The maximum value is 128 (=512KB). reserved_blocks This parameter indicates the number of blocks that f2fs reserves internally for root. batched_trim_sections This parameter controls the number of sections to be trimmed out in batch mode when FITRIM to be trimmed out in batch mode when FITRIM conducts. 32 sections is set by default. conducts. 32 sections is set by default. Loading @@ -309,11 +329,35 @@ Files in /sys/fs/f2fs/<devname> the number is less than this value, it triggers the number is less than this value, it triggers in-place-updates. in-place-updates. min_seq_blocks This parameter controls the threshold to serialize write IOs issued by multiple threads in parallel. min_hot_blocks This parameter controls the threshold to allocate a hot data log for pending data blocks to write. min_ssr_sections This parameter adds the threshold when deciding SSR block allocation. If this is large, SSR mode will be enabled early. ram_thresh This parameter controls the memory footprint used by free nids and cached nat entries. By default, 10 is set, which indicates 10 MB / 1 GB RAM. ra_nid_pages When building free nids, F2FS reads NAT blocks ahead for speed up. Default is 0. dirty_nats_ratio Given dirty ratio of cached nat entries, F2FS determines flushing them in background. max_victim_search This parameter controls the number of trials to max_victim_search This parameter controls the number of trials to find a victim segment when conducting SSR and find a victim segment when conducting SSR and cleaning operations. The default value is 4096 cleaning operations. The default value is 4096 which covers 8GB block address range. which covers 8GB block address range. migration_granularity For large-sized sections, F2FS can stop GC given this granularity instead of reclaiming entire section. dir_level This parameter controls the directory level to dir_level This parameter controls the directory level to support large directory. If a directory has a support large directory. If a directory has a number of files, it can reduce the file lookup number of files, it can reduce the file lookup Loading @@ -321,9 +365,53 @@ Files in /sys/fs/f2fs/<devname> Otherwise, it needs to decrease this value to Otherwise, it needs to decrease this value to reduce the space overhead. The default value is 0. reduce the space overhead. The default value is 0. ram_thresh This parameter controls the memory footprint used cp_interval F2FS tries to do checkpoint periodically, 60 secs by free nids and cached nat entries. By default, by default. 10 is set, which indicates 10 MB / 1 GB RAM. idle_interval F2FS detects system is idle, if there's no F2FS operations during given interval, 5 secs by default. discard_idle_interval F2FS detects the discard thread is idle, given time interval. Default is 5 secs. gc_idle_interval F2FS detects the GC thread is idle, given time interval. Default is 5 secs. umount_discard_timeout When unmounting the disk, F2FS waits for finishing queued discard commands which can take huge time. This gives time out for it, 5 secs by default. iostat_enable This controls to enable/disable iostat in F2FS. readdir_ra This enables/disabled readahead of inode blocks in readdir, and default is enabled. gc_pin_file_thresh This indicates how many GC can be failed for the pinned file. If it exceeds this, F2FS doesn't guarantee its pinning state. 2048 trials is set by default. extension_list This enables to change extension_list for hot/cold files in runtime. inject_rate This controls injection rate of arbitrary faults. inject_type This controls injection type of arbitrary faults. dirty_segments This shows # of dirty segments. lifetime_write_kbytes This shows # of data written to the disk. features This shows current features enabled on F2FS. current_reserved_blocks This shows # of blocks currently reserved. unusable If checkpoint=disable, this shows the number of blocks that are unusable. If checkpoint=enable it shows the number of blocks that would be unusable if checkpoint=disable were to be set. ================================================================================ ================================================================================ USAGE USAGE Loading Loading @@ -656,3 +744,28 @@ algorithm. In order to identify whether the data in the victim segment are valid or not, In order to identify whether the data in the victim segment are valid or not, F2FS manages a bitmap. Each bit represents the validity of a block, and the F2FS manages a bitmap. Each bit represents the validity of a block, and the bitmap is composed of a bit stream covering whole blocks in main area. bitmap is composed of a bit stream covering whole blocks in main area. Fallocate(2) Policy ------------------- The default policy follows the below posix rule. Allocating disk space The default operation (i.e., mode is zero) of fallocate() allocates the disk space within the range specified by offset and len. The file size (as reported by stat(2)) will be changed if offset+len is greater than the file size. Any subregion within the range specified by offset and len that did not contain data before the call will be initialized to zero. This default behavior closely resembles the behavior of the posix_fallocate(3) library function, and is intended as a method of optimally implementing that function. However, once F2FS receives ioctl(fd, F2FS_IOC_SET_PIN_FILE) in prior to fallocate(fd, DEFAULT_MODE), it allocates on-disk blocks addressess having zero or random data, which is useful to the below scenario where: 1. create(fd) 2. ioctl(fd, F2FS_IOC_SET_PIN_FILE) 3. fallocate(fd, 0, 0, size) 4. address = fibmap(fd, offset) 5. open(blkdev) 6. write(blkdev, address)
Documentation/kernel-parameters.txt +12 −4 Original line number Original line Diff line number Diff line Loading @@ -2506,6 +2506,7 @@ bytes respectively. Such letter suffixes can also be entirely omitted. improves system performance, but it may also improves system performance, but it may also expose users to several CPU vulnerabilities. expose users to several CPU vulnerabilities. Equivalent to: nopti [X86] Equivalent to: nopti [X86] nospectre_v1 [X86] nospectre_v2 [X86] nospectre_v2 [X86] spectre_v2_user=off [X86] spectre_v2_user=off [X86] spec_store_bypass_disable=off [X86] spec_store_bypass_disable=off [X86] Loading Loading @@ -2841,10 +2842,6 @@ bytes respectively. Such letter suffixes can also be entirely omitted. nohugeiomap [KNL,x86] Disable kernel huge I/O mappings. nohugeiomap [KNL,x86] Disable kernel huge I/O mappings. nospectre_v1 [PPC] Disable mitigations for Spectre Variant 1 (bounds check bypass). With this option data leaks are possible in the system. nosmt [KNL,S390] Disable symmetric multithreading (SMT). nosmt [KNL,S390] Disable symmetric multithreading (SMT). Equivalent to smt=1. Equivalent to smt=1. Loading @@ -2852,6 +2849,10 @@ bytes respectively. Such letter suffixes can also be entirely omitted. nosmt=force: Force disable SMT, cannot be undone nosmt=force: Force disable SMT, cannot be undone via the sysfs control file. via the sysfs control file. nospectre_v1 [X86,PPC] Disable mitigations for Spectre Variant 1 (bounds check bypass). With this option data leaks are possible in the system. nospectre_v2 [X86,PPC_FSL_BOOK3E] Disable all mitigations for the Spectre variant 2 nospectre_v2 [X86,PPC_FSL_BOOK3E] Disable all mitigations for the Spectre variant 2 (indirect branch prediction) vulnerability. System may (indirect branch prediction) vulnerability. System may allow data leaks with this option, which is equivalent allow data leaks with this option, which is equivalent Loading Loading @@ -3854,6 +3855,13 @@ bytes respectively. Such letter suffixes can also be entirely omitted. Run specified binary instead of /init from the ramdisk, Run specified binary instead of /init from the ramdisk, used for early userspace startup. See initrd. used for early userspace startup. See initrd. rdrand= [X86] force - Override the decision by the kernel to hide the advertisement of RDRAND support (this affects certain AMD processors because of buggy BIOS support, specifically around the suspend/resume path). reboot= [KNL] reboot= [KNL] Format (x86 or x86_64): Format (x86 or x86_64): [w[arm] | c[old] | h[ard] | s[oft] | g[pio]] \ [w[arm] | c[old] | h[ard] | s[oft] | g[pio]] \ Loading
Documentation/sysctl/net.txt +8 −0 Original line number Original line Diff line number Diff line Loading @@ -54,6 +54,14 @@ Values : 1 - enable JIT hardening for unprivileged users only 1 - enable JIT hardening for unprivileged users only 2 - enable JIT hardening for all users 2 - enable JIT hardening for all users bpf_jit_limit ------------- This enforces a global limit for memory allocations to the BPF JIT compiler in order to reject unprivileged JIT requests once it has been surpassed. bpf_jit_limit contains the value of the global limit in bytes. dev_weight dev_weight -------------- -------------- Loading
