From 9a413cc7eb56e5ea20e0fd96d1b3e5c89ac35b0e Mon Sep 17 00:00:00 2001
From: Michal Kubecek <mkubecek@suse.cz>
Date: Nov 22 2021 08:33:36 +0000
Subject: config: disable unprivileged BPF by default (jsc#SLE-22573)


Backport of mainline commit 8a03e56b253e ("bpf: Disallow unprivileged bpf
by default") only changes kconfig default, used e.g. for "make oldconfig"
when the config option is missing, but does not update our kernel configs
used for build. Update also these to make sure unprivileged BPF is really
disabled by default.

---

diff --git a/config/arm64/default b/config/arm64/default
index 9d8a20d..f1eb10f 100644
--- a/config/arm64/default
+++ b/config/arm64/default
@@ -216,7 +216,7 @@ CONFIG_KALLSYMS_ALL=y
 CONFIG_KALLSYMS_BASE_RELATIVE=y
 CONFIG_BPF_SYSCALL=y
 CONFIG_BPF_JIT_ALWAYS_ON=y
-# CONFIG_BPF_UNPRIV_DEFAULT_OFF is not set
+CONFIG_BPF_UNPRIV_DEFAULT_OFF=y
 CONFIG_USERFAULTFD=y
 CONFIG_ARCH_HAS_MEMBARRIER_SYNC_CORE=y
 CONFIG_RSEQ=y
diff --git a/config/ppc64le/default b/config/ppc64le/default
index b3d1e09..2a4817a 100644
--- a/config/ppc64le/default
+++ b/config/ppc64le/default
@@ -212,7 +212,7 @@ CONFIG_KALLSYMS_ALL=y
 CONFIG_KALLSYMS_BASE_RELATIVE=y
 CONFIG_BPF_SYSCALL=y
 CONFIG_BPF_JIT_ALWAYS_ON=y
-# CONFIG_BPF_UNPRIV_DEFAULT_OFF is not set
+CONFIG_BPF_UNPRIV_DEFAULT_OFF=y
 CONFIG_USERFAULTFD=y
 CONFIG_ARCH_HAS_MEMBARRIER_CALLBACKS=y
 CONFIG_RSEQ=y
diff --git a/config/s390x/default b/config/s390x/default
index 53c6b37..3c8caf9 100644
--- a/config/s390x/default
+++ b/config/s390x/default
@@ -205,7 +205,7 @@ CONFIG_KALLSYMS_ALL=y
 CONFIG_KALLSYMS_BASE_RELATIVE=y
 CONFIG_BPF_SYSCALL=y
 CONFIG_BPF_JIT_ALWAYS_ON=y
-# CONFIG_BPF_UNPRIV_DEFAULT_OFF is not set
+CONFIG_BPF_UNPRIV_DEFAULT_OFF=y
 CONFIG_USERFAULTFD=y
 CONFIG_RSEQ=y
 # CONFIG_DEBUG_RSEQ is not set
diff --git a/config/s390x/zfcpdump b/config/s390x/zfcpdump
index 94f9785..6325e9c 100644
--- a/config/s390x/zfcpdump
+++ b/config/s390x/zfcpdump
@@ -165,7 +165,7 @@ CONFIG_KALLSYMS=y
 # CONFIG_KALLSYMS_ABSOLUTE_PERCPU is not set
 CONFIG_KALLSYMS_BASE_RELATIVE=y
 CONFIG_BPF_SYSCALL=y
-# CONFIG_BPF_UNPRIV_DEFAULT_OFF is not set
+CONFIG_BPF_UNPRIV_DEFAULT_OFF=y
 CONFIG_USERFAULTFD=y
 CONFIG_RSEQ=y
 # CONFIG_DEBUG_RSEQ is not set
diff --git a/config/x86_64/default b/config/x86_64/default
index c98e7fc..27a354a 100644
--- a/config/x86_64/default
+++ b/config/x86_64/default
@@ -233,7 +233,7 @@ CONFIG_KALLSYMS_ABSOLUTE_PERCPU=y
 CONFIG_KALLSYMS_BASE_RELATIVE=y
 CONFIG_BPF_SYSCALL=y
 CONFIG_BPF_JIT_ALWAYS_ON=y
-# CONFIG_BPF_UNPRIV_DEFAULT_OFF is not set
+CONFIG_BPF_UNPRIV_DEFAULT_OFF=y
 CONFIG_USERFAULTFD=y
 CONFIG_ARCH_HAS_MEMBARRIER_SYNC_CORE=y
 CONFIG_RSEQ=y