From 086dde4ef1c089d6941da3c03d6751b061e82359 Mon Sep 17 00:00:00 2001
From: anthraxx <levente@leventepolyak.net>
Date: Mon, 7 May 2018 20:37:55 +0200
Subject: [PATCH] enable BPF JIT hardening by default (if available)

---
 kernel/bpf/core.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c
index ba03ec39efb39..47ed9081b6680 100644
--- a/kernel/bpf/core.c
+++ b/kernel/bpf/core.c
@@ -302,7 +302,7 @@ struct bpf_prog *bpf_patch_insn_single(struct bpf_prog *prog, u32 off,
 #ifdef CONFIG_BPF_JIT
 /* All BPF JIT sysctl knobs here. */
 int bpf_jit_enable   __read_mostly = IS_BUILTIN(CONFIG_BPF_JIT_ALWAYS_ON);
-int bpf_jit_harden   __read_mostly;
+int bpf_jit_harden   __read_mostly = 2;
 int bpf_jit_kallsyms __read_mostly;
 
 static __always_inline void