selftests/bpf: Fix cap_enable_effective() return code

The caller of cap_enable_effective() expects negative error code.
Fix it.

Before:
  failed to restore CAP_SYS_ADMIN: -1, Unknown error -1

After:
  failed to restore CAP_SYS_ADMIN: -3, No such process
  failed to restore CAP_SYS_ADMIN: -22, Invalid argument

Signed-off-by: Feng Yang <yangfeng@kylinos.cn>
Acked-by: Eduard Zingerman <eddyz87@gmail.com>
Link: https://lore.kernel.org/r/20250305022234.44932-1-yangfeng59949@163.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>

diff --git a/tools/testing/selftests/bpf/cap_helpers.c b/tools/testing/selftests/bpf/cap_helpers.c
index d5ac507401d7cd03148d5e220b91b0533a50f7d8..98f840c3a38f7e15293f9f67e47aa3266e0d5a69 100644 (file)
--- a/tools/testing/selftests/bpf/cap_helpers.c
+++ b/tools/testing/selftests/bpf/cap_helpers.c
@@ -19,7 +19,7 @@ int cap_enable_effective(__u64 caps, __u64 *old_caps)
 
        err = capget(&hdr, data);
        if (err)
-               return err;
+               return -errno;
 
        if (old_caps)
                *old_caps = (__u64)(data[1].effective) << 32 | data[0].effective;
@@ -32,7 +32,7 @@ int cap_enable_effective(__u64 caps, __u64 *old_caps)
        data[1].effective |= cap1;
        err = capset(&hdr, data);
        if (err)
-               return err;
+               return -errno;
 
        return 0;
 }
@@ -49,7 +49,7 @@ int cap_disable_effective(__u64 caps, __u64 *old_caps)
 
        err = capget(&hdr, data);
        if (err)
-               return err;
+               return -errno;
 
        if (old_caps)
                *old_caps = (__u64)(data[1].effective) << 32 | data[0].effective;
@@ -61,7 +61,7 @@ int cap_disable_effective(__u64 caps, __u64 *old_caps)
        data[1].effective &= ~cap1;
        err = capset(&hdr, data);
        if (err)
-               return err;
+               return -errno;
 
        return 0;
 }

diff --git a/tools/testing/selftests/bpf/cap_helpers.h b/tools/testing/selftests/bpf/cap_helpers.h
index 6d163530cb0fd1ad7c6945dac13bd4c4531195ed..8dcb28557f762d57244bbada188fce4b09988ba7 100644 (file)
--- a/tools/testing/selftests/bpf/cap_helpers.h
+++ b/tools/testing/selftests/bpf/cap_helpers.h
@@ -4,6 +4,7 @@
 
 #include <linux/types.h>
 #include <linux/capability.h>
+#include <errno.h>
 
 #ifndef CAP_PERFMON
 #define CAP_PERFMON            38

diff --git a/tools/testing/selftests/bpf/prog_tests/verifier.c b/tools/testing/selftests/bpf/prog_tests/verifier.c
index cfe47b529e01a5d81a1f770d7e5ddc9da273188d..e66a57970d28cccf4e9f13dbdbfd93a6defeae81 100644 (file)
--- a/tools/testing/selftests/bpf/prog_tests/verifier.c
+++ b/tools/testing/selftests/bpf/prog_tests/verifier.c
@@ -123,7 +123,7 @@ static void run_tests_aux(const char *skel_name,
        /* test_verifier tests are executed w/o CAP_SYS_ADMIN, do the same here */
        err = cap_disable_effective(1ULL << CAP_SYS_ADMIN, &old_caps);
        if (err) {
-               PRINT_FAIL("failed to drop CAP_SYS_ADMIN: %i, %s\n", err, strerror(err));
+               PRINT_FAIL("failed to drop CAP_SYS_ADMIN: %i, %s\n", err, strerror(-err));
                return;
        }
 
@@ -133,7 +133,7 @@ static void run_tests_aux(const char *skel_name,
 
        err = cap_enable_effective(old_caps, NULL);
        if (err)
-               PRINT_FAIL("failed to restore CAP_SYS_ADMIN: %i, %s\n", err, strerror(err));
+               PRINT_FAIL("failed to restore CAP_SYS_ADMIN: %i, %s\n", err, strerror(-err));
 }
 
 #define RUN(skel) run_tests_aux(#skel, skel##__elf_bytes, NULL)

diff --git a/tools/testing/selftests/bpf/test_loader.c b/tools/testing/selftests/bpf/test_loader.c
index 4d23a9c463ee2747549564125f5d3e1aa0d56ff0..49f2fc61061f5db36e75f1967bd1908646d49fe4 100644 (file)
--- a/tools/testing/selftests/bpf/test_loader.c
+++ b/tools/testing/selftests/bpf/test_loader.c
@@ -793,7 +793,7 @@ static int drop_capabilities(struct cap_state *caps)
 
        err = cap_disable_effective(caps_to_drop, &caps->old_caps);
        if (err) {
-               PRINT_FAIL("failed to drop capabilities: %i, %s\n", err, strerror(err));
+               PRINT_FAIL("failed to drop capabilities: %i, %s\n", err, strerror(-err));
                return err;
        }
 
@@ -810,7 +810,7 @@ static int restore_capabilities(struct cap_state *caps)
 
        err = cap_enable_effective(caps->old_caps, NULL);
        if (err)
-               PRINT_FAIL("failed to restore capabilities: %i, %s\n", err, strerror(err));
+               PRINT_FAIL("failed to restore capabilities: %i, %s\n", err, strerror(-err));
        caps->initialized = false;
        return err;
 }
@@ -985,7 +985,7 @@ void run_subtest(struct test_loader *tester,
                if (subspec->caps) {
                        err = cap_enable_effective(subspec->caps, NULL);
                        if (err) {
-                               PRINT_FAIL("failed to set capabilities: %i, %s\n", err, strerror(err));
+                               PRINT_FAIL("failed to set capabilities: %i, %s\n", err, strerror(-err));
                                goto subtest_cleanup;
                        }
                }