bpf: Avoid unnecessary audit log for CPU security mitigations

Check cpu_mitigations_off() first to avoid calling capable() if it is off. This can avoid unnecessary audit log. Fixes: bc5bc309db45 ("bpf: Inherit system settings for CPU security mitigations") Suggested-by: Andrii Nakryiko <andrii.nakryiko@gmail.com> Signed-off-by: Yafang Shao <laoar.shao@gmail.com> Signed-off-by: Andrii Nakryiko <andrii@kernel.org> Link: https://lore.kernel.org/bpf/CAEf4Bza6UVUWqcWQ-66weZ-nMDr+TFU3Mtq=dumZFD-pSqU7Ow@mail.gmail.com/ Link: https://lore.kernel.org/bpf/20231013083916.4199-1-laoar.shao@gmail.com
author: Yafang Shao <laoar.shao@gmail.com> 2023-10-13 08:39:16 +0000
committer: Andrii Nakryiko <andrii@kernel.org> 2023-10-13 12:33:21 -0700
commit: 236334aeec0f93217cf9235f2004e61a0a1a5985 (patch)
tree: 2752c8b15edaa537be81e3beca7460a9eb0222c0 /include/linux/bpf.h
parent: d2dc885b8c9ddb6fc374d93a87f8f2d1b97d2caf (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/include/linux/bpf.h b/include/linux/bpf.h
index 61bde4520f5c..f0891ba24cb1 100644
--- a/include/linux/bpf.h
+++ b/include/linux/bpf.h
@@ -2164,12 +2164,12 @@ static inline bool bpf_allow_uninit_stack(void)
 
 static inline bool bpf_bypass_spec_v1(void)
 {
-	return perfmon_capable() || cpu_mitigations_off();
+	return cpu_mitigations_off() || perfmon_capable();
 }
 
 static inline bool bpf_bypass_spec_v4(void)
 {
-	return perfmon_capable() || cpu_mitigations_off();
+	return cpu_mitigations_off() || perfmon_capable();
 }
 
 int bpf_map_new_fd(struct bpf_map *map, int flags);
author	Yafang Shao <laoar.shao@gmail.com>	2023-10-13 08:39:16 +0000
committer	Andrii Nakryiko <andrii@kernel.org>	2023-10-13 12:33:21 -0700
commit	236334aeec0f93217cf9235f2004e61a0a1a5985 (patch)
tree	2752c8b15edaa537be81e3beca7460a9eb0222c0 /include/linux/bpf.h
parent	d2dc885b8c9ddb6fc374d93a87f8f2d1b97d2caf (diff)