Commit 339c1f8e authored by Feng Yang's avatar Feng Yang Committed by Alexei Starovoitov
Browse files

selftests/bpf: Fix cap_enable_effective() return code 



The caller of cap_enable_effective() expects negative error code.
Fix it.

Before:
  failed to restore CAP_SYS_ADMIN: -1, Unknown error -1

After:
  failed to restore CAP_SYS_ADMIN: -3, No such process
  failed to restore CAP_SYS_ADMIN: -22, Invalid argument

Signed-off-by: default avatarFeng Yang <yangfeng@kylinos.cn>
Acked-by: default avatarEduard Zingerman <eddyz87@gmail.com>
Link: https://lore.kernel.org/r/20250305022234.44932-1-yangfeng59949@163.com


Signed-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
parent 8bda5b78

tools/testing/selftests/bpf/cap_helpers.c

+4 −4
Original line number Diff line number Diff line
@@ -19,7 +19,7 @@ int cap_enable_effective(__u64 caps, __u64 *old_caps) 


	err = capget(&hdr, data);

	if (err)

		return err;

		return -errno;



	if (old_caps)

		*old_caps = (__u64)(data[1].effective) << 32 | data[0].effective;
@@ -32,7 +32,7 @@ int cap_enable_effective(__u64 caps, __u64 *old_caps) 
	data[1].effective |= cap1;

	err = capset(&hdr, data);

	if (err)

		return err;

		return -errno;



	return 0;

}
@@ -49,7 +49,7 @@ int cap_disable_effective(__u64 caps, __u64 *old_caps) 


	err = capget(&hdr, data);

	if (err)

		return err;

		return -errno;



	if (old_caps)

		*old_caps = (__u64)(data[1].effective) << 32 | data[0].effective;
@@ -61,7 +61,7 @@ int cap_disable_effective(__u64 caps, __u64 *old_caps) 
	data[1].effective &= ~cap1;

	err = capset(&hdr, data);

	if (err)

		return err;

		return -errno;



	return 0;

}

tools/testing/selftests/bpf/cap_helpers.h

+1 −0
Original line number Diff line number Diff line
@@ -4,6 +4,7 @@ 


#include <linux/types.h>

#include <linux/capability.h>

#include <errno.h>



#ifndef CAP_PERFMON

#define CAP_PERFMON		38

tools/testing/selftests/bpf/prog_tests/verifier.c

+2 −2
Original line number Diff line number Diff line
@@ -123,7 +123,7 @@ static void run_tests_aux(const char *skel_name, 
	/* test_verifier tests are executed w/o CAP_SYS_ADMIN, do the same here */

	err = cap_disable_effective(1ULL << CAP_SYS_ADMIN, &old_caps);

	if (err) {

		PRINT_FAIL("failed to drop CAP_SYS_ADMIN: %i, %s\n", err, strerror(err));

		PRINT_FAIL("failed to drop CAP_SYS_ADMIN: %i, %s\n", err, strerror(-err));

		return;

	}
@@ -133,7 +133,7 @@ static void run_tests_aux(const char *skel_name, 


	err = cap_enable_effective(old_caps, NULL);

	if (err)

		PRINT_FAIL("failed to restore CAP_SYS_ADMIN: %i, %s\n", err, strerror(err));

		PRINT_FAIL("failed to restore CAP_SYS_ADMIN: %i, %s\n", err, strerror(-err));

}



#define RUN(skel) run_tests_aux(#skel, skel##__elf_bytes, NULL)

tools/testing/selftests/bpf/test_loader.c

+3 −3
Original line number Diff line number Diff line
@@ -793,7 +793,7 @@ static int drop_capabilities(struct cap_state *caps) 


	err = cap_disable_effective(caps_to_drop, &caps->old_caps);

	if (err) {

		PRINT_FAIL("failed to drop capabilities: %i, %s\n", err, strerror(err));

		PRINT_FAIL("failed to drop capabilities: %i, %s\n", err, strerror(-err));

		return err;

	}
@@ -810,7 +810,7 @@ static int restore_capabilities(struct cap_state *caps) 


	err = cap_enable_effective(caps->old_caps, NULL);

	if (err)

		PRINT_FAIL("failed to restore capabilities: %i, %s\n", err, strerror(err));

		PRINT_FAIL("failed to restore capabilities: %i, %s\n", err, strerror(-err));

	caps->initialized = false;

	return err;

}
@@ -985,7 +985,7 @@ void run_subtest(struct test_loader *tester, 
		if (subspec->caps) {

			err = cap_enable_effective(subspec->caps, NULL);

			if (err) {

				PRINT_FAIL("failed to set capabilities: %i, %s\n", err, strerror(err));

				PRINT_FAIL("failed to set capabilities: %i, %s\n", err, strerror(-err));

				goto subtest_cleanup;

			}

		}