diff options
author | YiFei Zhu <zhuyifei@google.com> | 2021-12-16 02:04:25 +0000 |
---|---|---|
committer | Alexei Starovoitov <ast@kernel.org> | 2022-01-19 12:51:30 -0800 |
commit | f10d059661968b01ef61a8b516775f95a18ab8ae (patch) | |
tree | c38cbd0409ee011dcebed1ecf7d866d455e149c4 /security/device_cgroup.c | |
parent | d81283d272661094ecc564709f25c7b7543308e0 (diff) | |
download | lwn-f10d059661968b01ef61a8b516775f95a18ab8ae.tar.gz lwn-f10d059661968b01ef61a8b516775f95a18ab8ae.zip |
bpf: Make BPF_PROG_RUN_ARRAY return -err instead of allow boolean
Right now BPF_PROG_RUN_ARRAY and related macros return 1 or 0
for whether the prog array allows or rejects whatever is being
hooked. The caller of these macros then return -EPERM or continue
processing based on thw macro's return value. Unforunately this is
inflexible, since -EPERM is the only err that can be returned.
This patch should be a no-op; it prepares for the next patch. The
returning of the -EPERM is moved to inside the macros, so the outer
functions are directly returning what the macros returned if they
are non-zero.
Signed-off-by: YiFei Zhu <zhuyifei@google.com>
Reviewed-by: Stanislav Fomichev <sdf@google.com>
Link: https://lore.kernel.org/r/788abcdca55886d1f43274c918eaa9f792a9f33b.1639619851.git.zhuyifei@google.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Diffstat (limited to 'security/device_cgroup.c')
-rw-r--r-- | security/device_cgroup.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/security/device_cgroup.c b/security/device_cgroup.c index 842889f3dcb7..a9f8c63a96d1 100644 --- a/security/device_cgroup.c +++ b/security/device_cgroup.c @@ -838,7 +838,7 @@ int devcgroup_check_permission(short type, u32 major, u32 minor, short access) int rc = BPF_CGROUP_RUN_PROG_DEVICE_CGROUP(type, major, minor, access); if (rc) - return -EPERM; + return rc; #ifdef CONFIG_CGROUP_DEVICE return devcgroup_legacy_check_permission(type, major, minor, access); |