diff options
| author | Andrii Nakryiko <andrii@kernel.org> | 2024-01-23 18:21:05 -0800 |
|---|---|---|
| committer | Alexei Starovoitov <ast@kernel.org> | 2024-01-24 16:21:01 -0800 |
| commit | d79a3549754725bb90e58104417449edddf3da3d (patch) | |
| tree | dbcb8b033e1d9bc85127d229aa6d7bd3b933e356 /include/linux/filter.h | |
| parent | bbc1d24724e110b86a1a7c3c1724ce0d62cc1e2e (diff) | |
bpf: Consistently use BPF token throughout BPF verifier logic
Remove remaining direct queries to perfmon_capable() and bpf_capable()
in BPF verifier logic and instead use BPF token (if available) to make
decisions about privileges.
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Link: https://lore.kernel.org/bpf/20240124022127.2379740-9-andrii@kernel.org
Diffstat (limited to 'include/linux/filter.h')
| -rw-r--r-- | include/linux/filter.h | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/include/linux/filter.h b/include/linux/filter.h index 35f067fd3840..fee070b9826e 100644 --- a/include/linux/filter.h +++ b/include/linux/filter.h @@ -1140,7 +1140,7 @@ static inline bool bpf_jit_blinding_enabled(struct bpf_prog *prog) return false; if (!bpf_jit_harden) return false; - if (bpf_jit_harden == 1 && bpf_capable()) + if (bpf_jit_harden == 1 && bpf_token_capable(prog->aux->token, CAP_BPF)) return false; return true; |