bpf: Limit loadable BPF programs

Pavel Tikhomirov Fri, 29 May 2026 07:43:58 -0700

This is a continuation for "ve/bpf: Add VE_FEATURE_BPF to allow bpf
device cgroup programs per VE" to prevent DoS attack by loading too many
BPF programs in VE.


https://virtuozzo.atlassian.net/browse/VSTOR-131947
Signed-off-by: Pavel Tikhomirov <[email protected]>
Feature: ve: allow BPF in Containers

Pavel Tikhomirov (2):
  ve/bpf: Limit number of BPF programs loadable per-VE
  ve: Add bpf_prog_max_nr/bpf_prog_avail_nr cgroup files

 include/linux/bpf.h  |  8 ++++++++
 include/linux/ve.h   |  4 ++++
 kernel/bpf/core.c    |  8 ++++++++
 kernel/bpf/syscall.c | 37 +++++++++++++++++++++++++++++++++++++
 kernel/ve/ve.c       | 44 ++++++++++++++++++++++++++++++++++++++++++++
 5 files changed, 101 insertions(+)

-- 
2.54.0

_______________________________________________
Devel mailing list
[email protected]
https://lists.openvz.org/mailman/listinfo/devel

[Devel] [PATCH v2 VZ10 0/2] ve/bpf: Limit loadable BPF programs

Reply via email to