devcgroup: skip superfluous checks when found the DEV_ALL elem
authorLi Zefan <lizf@cn.fujitsu.com>
Wed, 17 Jun 2009 23:26:33 +0000 (16:26 -0700)
committerLinus Torvalds <torvalds@linux-foundation.org>
Thu, 18 Jun 2009 20:03:47 +0000 (13:03 -0700)
While walking through the whitelist, if the DEV_ALL item is found, no more
check is needed.

Signed-off-by: Li Zefan <lizf@cn.fujitsu.com>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
security/device_cgroup.c

index 5fda7df197237854c8a4fa5f4d8ff9d9ce27f232..b8186bac8b7eb08088b40914137e4f51b8e403fd 100644 (file)
@@ -490,7 +490,7 @@ int devcgroup_inode_permission(struct inode *inode, int mask)
 
        list_for_each_entry_rcu(wh, &dev_cgroup->whitelist, list) {
                if (wh->type & DEV_ALL)
 
        list_for_each_entry_rcu(wh, &dev_cgroup->whitelist, list) {
                if (wh->type & DEV_ALL)
-                       goto acc_check;
+                       goto found;
                if ((wh->type & DEV_BLOCK) && !S_ISBLK(inode->i_mode))
                        continue;
                if ((wh->type & DEV_CHAR) && !S_ISCHR(inode->i_mode))
                if ((wh->type & DEV_BLOCK) && !S_ISBLK(inode->i_mode))
                        continue;
                if ((wh->type & DEV_CHAR) && !S_ISCHR(inode->i_mode))
@@ -499,11 +499,12 @@ int devcgroup_inode_permission(struct inode *inode, int mask)
                        continue;
                if (wh->minor != ~0 && wh->minor != iminor(inode))
                        continue;
                        continue;
                if (wh->minor != ~0 && wh->minor != iminor(inode))
                        continue;
-acc_check:
+
                if ((mask & MAY_WRITE) && !(wh->access & ACC_WRITE))
                        continue;
                if ((mask & MAY_READ) && !(wh->access & ACC_READ))
                        continue;
                if ((mask & MAY_WRITE) && !(wh->access & ACC_WRITE))
                        continue;
                if ((mask & MAY_READ) && !(wh->access & ACC_READ))
                        continue;
+found:
                rcu_read_unlock();
                return 0;
        }
                rcu_read_unlock();
                return 0;
        }
@@ -527,7 +528,7 @@ int devcgroup_inode_mknod(int mode, dev_t dev)
 
        list_for_each_entry_rcu(wh, &dev_cgroup->whitelist, list) {
                if (wh->type & DEV_ALL)
 
        list_for_each_entry_rcu(wh, &dev_cgroup->whitelist, list) {
                if (wh->type & DEV_ALL)
-                       goto acc_check;
+                       goto found;
                if ((wh->type & DEV_BLOCK) && !S_ISBLK(mode))
                        continue;
                if ((wh->type & DEV_CHAR) && !S_ISCHR(mode))
                if ((wh->type & DEV_BLOCK) && !S_ISBLK(mode))
                        continue;
                if ((wh->type & DEV_CHAR) && !S_ISCHR(mode))
@@ -536,9 +537,10 @@ int devcgroup_inode_mknod(int mode, dev_t dev)
                        continue;
                if (wh->minor != ~0 && wh->minor != MINOR(dev))
                        continue;
                        continue;
                if (wh->minor != ~0 && wh->minor != MINOR(dev))
                        continue;
-acc_check:
+
                if (!(wh->access & ACC_MKNOD))
                        continue;
                if (!(wh->access & ACC_MKNOD))
                        continue;
+found:
                rcu_read_unlock();
                return 0;
        }
                rcu_read_unlock();
                return 0;
        }