On 5/29/26 14:20, Pavel Tikhomirov wrote:
Without a per-VE cap a single container could exhaust the system-wide
bpf JIT memory budget by loading excessive numbers of CGROUP_DEVICE
...
struct btf *attach_btf = NULL;
struct bpf_token *token = NULL;
+ struct ve_struct *load_ve = NULL;
All other code in this function is hidden by #ifdef CONFIG_VE. This
variable should be hidden as well or marked __maybe_unused to make
compiler happy with !CONFIG_VE.
bool bpf_cap;
int err;
--
Best regards, Riabchun Vladimir
Linux Kernel Developer, Virtuozzo
_______________________________________________
Devel mailing list
[email protected]
https://lists.openvz.org/mailman/listinfo/devel
