summaryrefslogtreecommitdiff
path: root/security/device_cgroup.c
diff options
context:
space:
mode:
authorYiFei Zhu <zhuyifei@google.com>2021-12-16 02:04:25 +0000
committerAlexei Starovoitov <ast@kernel.org>2022-01-19 12:51:30 -0800
commitf10d059661968b01ef61a8b516775f95a18ab8ae (patch)
treec38cbd0409ee011dcebed1ecf7d866d455e149c4 /security/device_cgroup.c
parentd81283d272661094ecc564709f25c7b7543308e0 (diff)
bpf: Make BPF_PROG_RUN_ARRAY return -err instead of allow boolean
Right now BPF_PROG_RUN_ARRAY and related macros return 1 or 0 for whether the prog array allows or rejects whatever is being hooked. The caller of these macros then return -EPERM or continue processing based on thw macro's return value. Unforunately this is inflexible, since -EPERM is the only err that can be returned. This patch should be a no-op; it prepares for the next patch. The returning of the -EPERM is moved to inside the macros, so the outer functions are directly returning what the macros returned if they are non-zero. Signed-off-by: YiFei Zhu <zhuyifei@google.com> Reviewed-by: Stanislav Fomichev <sdf@google.com> Link: https://lore.kernel.org/r/788abcdca55886d1f43274c918eaa9f792a9f33b.1639619851.git.zhuyifei@google.com Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Diffstat (limited to 'security/device_cgroup.c')
-rw-r--r--security/device_cgroup.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/security/device_cgroup.c b/security/device_cgroup.c
index 842889f3dcb7..a9f8c63a96d1 100644
--- a/security/device_cgroup.c
+++ b/security/device_cgroup.c
@@ -838,7 +838,7 @@ int devcgroup_check_permission(short type, u32 major, u32 minor, short access)
int rc = BPF_CGROUP_RUN_PROG_DEVICE_CGROUP(type, major, minor, access);
if (rc)
- return -EPERM;
+ return rc;
#ifdef CONFIG_CGROUP_DEVICE
return devcgroup_legacy_check_permission(type, major, minor, access);