diff options
author | Andrii Nakryiko <andrii@kernel.org> | 2024-01-23 18:21:05 -0800 |
---|---|---|
committer | Alexei Starovoitov <ast@kernel.org> | 2024-01-24 16:21:01 -0800 |
commit | d79a3549754725bb90e58104417449edddf3da3d (patch) | |
tree | dbcb8b033e1d9bc85127d229aa6d7bd3b933e356 /include/linux/bpf.h | |
parent | bbc1d24724e110b86a1a7c3c1724ce0d62cc1e2e (diff) | |
download | linux-stable-d79a3549754725bb90e58104417449edddf3da3d.tar.gz linux-stable-d79a3549754725bb90e58104417449edddf3da3d.tar.bz2 linux-stable-d79a3549754725bb90e58104417449edddf3da3d.zip |
bpf: Consistently use BPF token throughout BPF verifier logic
Remove remaining direct queries to perfmon_capable() and bpf_capable()
in BPF verifier logic and instead use BPF token (if available) to make
decisions about privileges.
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Link: https://lore.kernel.org/bpf/20240124022127.2379740-9-andrii@kernel.org
Diffstat (limited to 'include/linux/bpf.h')
-rw-r--r-- | include/linux/bpf.h | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/include/linux/bpf.h b/include/linux/bpf.h index 1325225bf602..4e146e9708be 100644 --- a/include/linux/bpf.h +++ b/include/linux/bpf.h @@ -2261,24 +2261,24 @@ extern int sysctl_unprivileged_bpf_disabled; bool bpf_token_capable(const struct bpf_token *token, int cap); -static inline bool bpf_allow_ptr_leaks(void) +static inline bool bpf_allow_ptr_leaks(const struct bpf_token *token) { - return perfmon_capable(); + return bpf_token_capable(token, CAP_PERFMON); } -static inline bool bpf_allow_uninit_stack(void) +static inline bool bpf_allow_uninit_stack(const struct bpf_token *token) { - return perfmon_capable(); + return bpf_token_capable(token, CAP_PERFMON); } -static inline bool bpf_bypass_spec_v1(void) +static inline bool bpf_bypass_spec_v1(const struct bpf_token *token) { - return cpu_mitigations_off() || perfmon_capable(); + return cpu_mitigations_off() || bpf_token_capable(token, CAP_PERFMON); } -static inline bool bpf_bypass_spec_v4(void) +static inline bool bpf_bypass_spec_v4(const struct bpf_token *token) { - return cpu_mitigations_off() || perfmon_capable(); + return cpu_mitigations_off() || bpf_token_capable(token, CAP_PERFMON); } int bpf_map_new_fd(struct bpf_map *map, int flags); |