bpf: Avoid unnecessary audit log for CPU security mitigations

laoar · anakryiko · commit 236334aeec0f · 2023-10-13T12:33:21.000-07:00
Check cpu_mitigations_off() first to avoid calling capable() if it is off. This can avoid unnecessary audit log. Fixes: bc5bc30 ("bpf: Inherit system settings for CPU security mitigations") Suggested-by: Andrii Nakryiko <andrii.nakryiko@gmail.com> Signed-off-by: Yafang Shao <laoar.shao@gmail.com> Signed-off-by: Andrii Nakryiko <andrii@kernel.org> Link: https://lore.kernel.org/bpf/CAEf4Bza6UVUWqcWQ-66weZ-nMDr+TFU3Mtq=dumZFD-pSqU7Ow@mail.gmail.com/ Link: https://lore.kernel.org/bpf/20231013083916.4199-1-laoar.shao@gmail.com
diff --git a/include/linux/bpf.h b/include/linux/bpf.h
@@ -2164,12 +2164,12 @@ static inline bool bpf_allow_uninit_stack(void)
 
 static inline bool bpf_bypass_spec_v1(void)
 {
-	return perfmon_capable() || cpu_mitigations_off();
+	return cpu_mitigations_off() || perfmon_capable();
 }
 
 static inline bool bpf_bypass_spec_v4(void)
 {
-	return perfmon_capable() || cpu_mitigations_off();
+	return cpu_mitigations_off() || perfmon_capable();
 }
 
 int bpf_map_new_fd(struct bpf_map *map, int flags);

Original file line number	Diff line number	Diff line change
`@@ -2164,12 +2164,12 @@ static inline bool bpf_allow_uninit_stack(void)`
`2164`	`2164`
`2165`	`2165`	`static inline bool bpf_bypass_spec_v1(void)`
`2166`	`2166`	`{`
`2167`		`- return perfmon_capable() \|\| cpu_mitigations_off();`
	`2167`	`+ return cpu_mitigations_off() \|\| perfmon_capable();`
`2168`	`2168`	`}`
`2169`	`2169`
`2170`	`2170`	`static inline bool bpf_bypass_spec_v4(void)`
`2171`	`2171`	`{`
`2172`		`- return perfmon_capable() \|\| cpu_mitigations_off();`
	`2172`	`+ return cpu_mitigations_off() \|\| perfmon_capable();`
`2173`	`2173`	`}`
`2174`	`2174`
`2175`	`2175`	`int bpf_map_new_fd(struct bpf_map *map, int flags);`