From c624c9863d0bb2d84ac311e510d36192e79157e9 Mon Sep 17 00:00:00 2001
From: anthraxx <levente@leventepolyak.net>
Date: Mon, 7 May 2018 20:37:55 +0200
Subject: [PATCH] enable BPF JIT hardening by default (if available)

---
 kernel/bpf/core.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c
index d203a5d6b726d..2a6c3e2c57a61 100644
--- a/kernel/bpf/core.c
+++ b/kernel/bpf/core.c
@@ -539,7 +539,7 @@ void __weak bpf_jit_free(struct bpf_prog *fp)
 	bpf_prog_unlock_free(fp);
 }
 
-int bpf_jit_harden __read_mostly;
+int bpf_jit_harden __read_mostly = 2;
 
 static int bpf_jit_blind_insn(const struct bpf_insn *from,
 			      const struct bpf_insn *aux,