bpf: consistently use BPF token throughout BPF verifier logic

Remove remaining direct queries to perfmon_capable() and bpf_capable() in BPF verifier logic and instead use BPF token (if available) to make decisions about privileges. Signed-off-by: Andrii Nakryiko <andrii@kernel.org> Link: https://lore.kernel.org/r/20231130185229.2688956-9-andrii@kernel.org Signed-off-by: Alexei Starovoitov <ast@kernel.org>
author: Andrii Nakryiko <andrii@kernel.org> 2023-11-30 10:52:20 -0800
committer: Alexei Starovoitov <ast@kernel.org> 2023-12-06 10:02:59 -0800
commit: 8062fb12de99b2da33754c6a3be1bfc30d9a35f4 (patch)
tree: 5c70426f65a08c9b76c69c95fe98f1e44ef05b5e /kernel/bpf/core.c
parent: 4cbb270e115bc197ff2046aeb54cc951666b16ec (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c
index 47085839af8d..ced511f44174 100644
--- a/kernel/bpf/core.c
+++ b/kernel/bpf/core.c
@@ -675,7 +675,7 @@ static bool bpf_prog_kallsyms_candidate(const struct bpf_prog *fp)
 void bpf_prog_kallsyms_add(struct bpf_prog *fp)
 {
 	if (!bpf_prog_kallsyms_candidate(fp) ||
-	    !bpf_capable())
+	    !bpf_token_capable(fp->aux->token, CAP_BPF))
 		return;
 
 	bpf_prog_ksym_set_addr(fp);
author	Andrii Nakryiko <andrii@kernel.org>	2023-11-30 10:52:20 -0800
committer	Alexei Starovoitov <ast@kernel.org>	2023-12-06 10:02:59 -0800
commit	8062fb12de99b2da33754c6a3be1bfc30d9a35f4 (patch)
tree	5c70426f65a08c9b76c69c95fe98f1e44ef05b5e /kernel/bpf/core.c
parent	4cbb270e115bc197ff2046aeb54cc951666b16ec (diff)