[Devel] [PATCH VZ10 0/2] ve/bpf: Limit loadable BPF programs
Pavel Tikhomirov
ptikhomirov at virtuozzo.com
Fri May 29 15:20:35 MSK 2026
This is a continuation for "ve/bpf: Add VE_FEATURE_BPF to allow bpf
device cgroup programs per VE" to prevent DoS attack by loading too many
BPF programs in VE.
https://virtuozzo.atlassian.net/browse/VSTOR-131947
Signed-off-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
Feature: ve: allow BPF in Containers
Pavel Tikhomirov (2):
ve/bpf: Limit number of BPF programs loadable per-VE
ve: Add bpf_prog_max_nr/bpf_prog_avail_nr cgroup files
include/linux/bpf.h | 8 ++++++++
include/linux/ve.h | 4 ++++
kernel/bpf/core.c | 8 ++++++++
kernel/bpf/syscall.c | 35 +++++++++++++++++++++++++++++++++++
kernel/ve/ve.c | 44 ++++++++++++++++++++++++++++++++++++++++++++
5 files changed, 99 insertions(+)
--
2.54.0
More information about the Devel
mailing list