From 194a055d1c212e7d2cae19aca20472846e9ec9fd Mon Sep 17 00:00:00 2001 From: Frederic Dalleau Date: Fri, 25 Jun 2021 11:56:15 +0200 Subject: [PATCH] Disable CONFIG_BPFILTER and CONFIG_BPFILTER_UMH CONFIG_BPFILTER is aimed to provide a replacement for netfilter. When CONFIG_BPFILTER is enabled, the kernel tries to contact a user mode helper for each iptable rule update. However the implementation of this helper has not been upstreamed yet. The communication thus fails and the kernel then falls back to netfilter. As a result, the rule update takes more than ten times the duration of the netfilter implementation alone. This has been reported by Docker Desktop users for whom it can take minutes to start a container sharing a few hundred ports. https://github.com/for-mac/issues/5668 More details on the situation is described in https://lwn.net/Articles/822744/. Signed-off-by: Frederic Dalleau --- kernel/config-5.10.x-aarch64 | 4 +--- kernel/config-5.10.x-s390x | 4 +--- kernel/config-5.10.x-x86_64 | 4 +--- kernel/config-5.11.x-aarch64 | 4 +--- kernel/config-5.11.x-s390x | 4 +--- kernel/config-5.11.x-x86_64 | 4 +--- 6 files changed, 6 insertions(+), 18 deletions(-) diff --git a/kernel/config-5.10.x-aarch64 b/kernel/config-5.10.x-aarch64 index b20f41f72..139f2356b 100644 --- a/kernel/config-5.10.x-aarch64 +++ b/kernel/config-5.10.x-aarch64 @@ -213,7 +213,6 @@ CONFIG_BPF_SYSCALL=y CONFIG_ARCH_WANT_DEFAULT_BPF_JIT=y CONFIG_BPF_JIT_ALWAYS_ON=y CONFIG_BPF_JIT_DEFAULT_ON=y -CONFIG_USERMODE_DRIVER=y # CONFIG_BPF_PRELOAD is not set # CONFIG_USERFAULTFD is not set CONFIG_ARCH_HAS_MEMBARRIER_SYNC_CORE=y @@ -1341,8 +1340,7 @@ CONFIG_BRIDGE_EBT_REDIRECT=y CONFIG_BRIDGE_EBT_SNAT=y CONFIG_BRIDGE_EBT_LOG=y CONFIG_BRIDGE_EBT_NFLOG=y -CONFIG_BPFILTER=y -CONFIG_BPFILTER_UMH=m +# CONFIG_BPFILTER is not set # CONFIG_IP_DCCP is not set CONFIG_IP_SCTP=m # CONFIG_SCTP_DBG_OBJCNT is not set diff --git a/kernel/config-5.10.x-s390x b/kernel/config-5.10.x-s390x index 43c555033..ac5a46796 100644 --- a/kernel/config-5.10.x-s390x +++ b/kernel/config-5.10.x-s390x @@ -203,7 +203,6 @@ CONFIG_KALLSYMS=y CONFIG_KALLSYMS_BASE_RELATIVE=y CONFIG_BPF_SYSCALL=y CONFIG_ARCH_WANT_DEFAULT_BPF_JIT=y -CONFIG_USERMODE_DRIVER=y # CONFIG_BPF_PRELOAD is not set # CONFIG_USERFAULTFD is not set CONFIG_KCMP=y @@ -1102,8 +1101,7 @@ CONFIG_BRIDGE_EBT_REDIRECT=y CONFIG_BRIDGE_EBT_SNAT=y CONFIG_BRIDGE_EBT_LOG=y CONFIG_BRIDGE_EBT_NFLOG=y -CONFIG_BPFILTER=y -CONFIG_BPFILTER_UMH=m +# CONFIG_BPFILTER is not set # CONFIG_IP_DCCP is not set CONFIG_IP_SCTP=m # CONFIG_SCTP_DBG_OBJCNT is not set diff --git a/kernel/config-5.10.x-x86_64 b/kernel/config-5.10.x-x86_64 index e40a89100..08bb35358 100644 --- a/kernel/config-5.10.x-x86_64 +++ b/kernel/config-5.10.x-x86_64 @@ -233,7 +233,6 @@ CONFIG_BPF_SYSCALL=y CONFIG_ARCH_WANT_DEFAULT_BPF_JIT=y CONFIG_BPF_JIT_ALWAYS_ON=y CONFIG_BPF_JIT_DEFAULT_ON=y -CONFIG_USERMODE_DRIVER=y # CONFIG_BPF_PRELOAD is not set # CONFIG_USERFAULTFD is not set CONFIG_ARCH_HAS_MEMBARRIER_SYNC_CORE=y @@ -1393,8 +1392,7 @@ CONFIG_BRIDGE_EBT_REDIRECT=y CONFIG_BRIDGE_EBT_SNAT=y CONFIG_BRIDGE_EBT_LOG=y CONFIG_BRIDGE_EBT_NFLOG=y -CONFIG_BPFILTER=y -CONFIG_BPFILTER_UMH=m +# CONFIG_BPFILTER is not set # CONFIG_IP_DCCP is not set CONFIG_IP_SCTP=m # CONFIG_SCTP_DBG_OBJCNT is not set diff --git a/kernel/config-5.11.x-aarch64 b/kernel/config-5.11.x-aarch64 index 0094c00ac..8dc2c66f9 100644 --- a/kernel/config-5.11.x-aarch64 +++ b/kernel/config-5.11.x-aarch64 @@ -213,7 +213,6 @@ CONFIG_BPF_SYSCALL=y CONFIG_ARCH_WANT_DEFAULT_BPF_JIT=y CONFIG_BPF_JIT_ALWAYS_ON=y CONFIG_BPF_JIT_DEFAULT_ON=y -CONFIG_USERMODE_DRIVER=y # CONFIG_BPF_PRELOAD is not set # CONFIG_USERFAULTFD is not set CONFIG_ARCH_HAS_MEMBARRIER_SYNC_CORE=y @@ -1345,8 +1344,7 @@ CONFIG_BRIDGE_EBT_REDIRECT=y CONFIG_BRIDGE_EBT_SNAT=y CONFIG_BRIDGE_EBT_LOG=y CONFIG_BRIDGE_EBT_NFLOG=y -CONFIG_BPFILTER=y -CONFIG_BPFILTER_UMH=m +# CONFIG_BPFILTER is not set # CONFIG_IP_DCCP is not set CONFIG_IP_SCTP=m # CONFIG_SCTP_DBG_OBJCNT is not set diff --git a/kernel/config-5.11.x-s390x b/kernel/config-5.11.x-s390x index 3fb1b4b54..c72fb751a 100644 --- a/kernel/config-5.11.x-s390x +++ b/kernel/config-5.11.x-s390x @@ -203,7 +203,6 @@ CONFIG_KALLSYMS=y CONFIG_KALLSYMS_BASE_RELATIVE=y CONFIG_BPF_SYSCALL=y CONFIG_ARCH_WANT_DEFAULT_BPF_JIT=y -CONFIG_USERMODE_DRIVER=y # CONFIG_BPF_PRELOAD is not set # CONFIG_USERFAULTFD is not set CONFIG_KCMP=y @@ -1105,8 +1104,7 @@ CONFIG_BRIDGE_EBT_REDIRECT=y CONFIG_BRIDGE_EBT_SNAT=y CONFIG_BRIDGE_EBT_LOG=y CONFIG_BRIDGE_EBT_NFLOG=y -CONFIG_BPFILTER=y -CONFIG_BPFILTER_UMH=m +# CONFIG_BPFILTER is not set # CONFIG_IP_DCCP is not set CONFIG_IP_SCTP=m # CONFIG_SCTP_DBG_OBJCNT is not set diff --git a/kernel/config-5.11.x-x86_64 b/kernel/config-5.11.x-x86_64 index 975a85daf..878625e29 100644 --- a/kernel/config-5.11.x-x86_64 +++ b/kernel/config-5.11.x-x86_64 @@ -233,7 +233,6 @@ CONFIG_BPF_SYSCALL=y CONFIG_ARCH_WANT_DEFAULT_BPF_JIT=y CONFIG_BPF_JIT_ALWAYS_ON=y CONFIG_BPF_JIT_DEFAULT_ON=y -CONFIG_USERMODE_DRIVER=y # CONFIG_BPF_PRELOAD is not set # CONFIG_USERFAULTFD is not set CONFIG_ARCH_HAS_MEMBARRIER_SYNC_CORE=y @@ -1399,8 +1398,7 @@ CONFIG_BRIDGE_EBT_REDIRECT=y CONFIG_BRIDGE_EBT_SNAT=y CONFIG_BRIDGE_EBT_LOG=y CONFIG_BRIDGE_EBT_NFLOG=y -CONFIG_BPFILTER=y -CONFIG_BPFILTER_UMH=m +# CONFIG_BPFILTER is not set # CONFIG_IP_DCCP is not set CONFIG_IP_SCTP=m # CONFIG_SCTP_DBG_OBJCNT is not set