From 50fdab4387908d33f355d403752a7f23a3590a42 Mon Sep 17 00:00:00 2001
From: Dongsu Park <dongsu@kinvolk.io>
Date: Tue, 17 Nov 2020 14:12:23 +0100
Subject: [PATCH] sys-kernel: enable CONFIG_BPF_JIT_ALWAYS_ON

CONFIG_BPF_JIT_ALWAYS_ON enables BPF JIT and removes BPF interpreter
to avoid speculative execution of BPF instructions by the interpreter.

See also https://github.com/kinvolk/Flatcar/issues/185.
---
 .../sys-kernel/coreos-modules/files/commonconfig-5.9             | 1 +
 1 file changed, 1 insertion(+)

diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/commonconfig-5.9 b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/commonconfig-5.9
index 17367c24d4..b745b6158e 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/commonconfig-5.9
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/commonconfig-5.9
@@ -50,6 +50,7 @@ CONFIG_BOOTPARAM_SOFTLOCKUP_PANIC=y
 CONFIG_BOOT_PRINTK_DELAY=y
 CONFIG_BPF_EVENTS=y
 CONFIG_BPF_JIT=y
+CONFIG_BPF_JIT_ALWAYS_ON=y
 CONFIG_BPF_SYSCALL=y
 CONFIG_BRIDGE=m
 CONFIG_BRIDGE_EBT_802_3=m