[Devel] [PATCH VZ10 0/2] ve/bpf: Limit loadable BPF programs

[Pavel Tikhomirov]

This is a continuation for "ve/bpf: Add VE_FEATURE_BPF to allow bpf
device cgroup programs per VE" to prevent DoS attack by loading too many
BPF programs in VE.

https://virtuozzo.atlassian.net/browse/VSTOR-131947
Signed-off-by: Pavel Tikhomirov <ptikhomi...@virtuozzo.com>
Feature: ve: allow BPF in Containers

Pavel Tikhomirov (2):
  ve/bpf: Limit number of BPF programs loadable per-VE
  ve: Add bpf_prog_max_nr/bpf_prog_avail_nr cgroup files

 include/linux/bpf.h  |  8 ++++++++
 include/linux/ve.h   |  4 ++++
 kernel/bpf/core.c    |  8 ++++++++
 kernel/bpf/syscall.c | 35 +++++++++++++++++++++++++++++++++++
 kernel/ve/ve.c       | 44 ++++++++++++++++++++++++++++++++++++++++++++
 5 files changed, 99 insertions(+)

-- 
2.54.0

_______________________________________________
Devel mailing list
Devel@openvz.org
https://lists.openvz.org/mailman/listinfo/devel