devcgroup: skip superfluous checks when found the DEV_ALL elem

While walking through the whitelist, if the DEV_ALL item is found, no more check is needed. Signed-off-by: Li Zefan <lizf@cn.fujitsu.com> Acked-by: Serge Hallyn <serue@us.ibm.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
author: Li Zefan <lizf@cn.fujitsu.com> 2009-06-17 19:26:33 -0400
committer: Linus Torvalds <torvalds@linux-foundation.org> 2009-06-18 16:03:47 -0400
commit: cd5008196f7e583f4c558531a2bca59f6c674c5b (patch)
tree: c91a3d15b09545eddebbc09577b2763ef2e34235 /security
parent: f9ab5b5b0f5be506640321d710b0acd3dca6154a (diff)
1 files changed, 6 insertions, 4 deletions
diff --git a/security/device_cgroup.c b/security/device_cgroup.c
index 5fda7df19723..b8186bac8b7e 100644
--- a/security/device_cgroup.c
+++ b/security/device_cgroup.c
@@ -490,7 +490,7 @@ int devcgroup_inode_permission(struct inode *inode, int mask)
        list_for_each_entry_rcu(wh, &dev_cgroup->whitelist, list) {
                if (wh->type & DEV_ALL)
-                        goto acc_check;
+                        goto found;
                if ((wh->type & DEV_BLOCK) && !S_ISBLK(inode->i_mode))
                        continue;
                if ((wh->type & DEV_CHAR) && !S_ISCHR(inode->i_mode))
@@ -499,11 +499,12 @@ int devcgroup_inode_permission(struct inode *inode, int mask)
                        continue;
                if (wh->minor != ~0 && wh->minor != iminor(inode))
                        continue;
-acc_check:
                if ((mask & MAY_WRITE) && !(wh->access & ACC_WRITE))
                        continue;
                if ((mask & MAY_READ) && !(wh->access & ACC_READ))
                        continue;
+found:
                rcu_read_unlock();
                return 0;
        }
@@ -527,7 +528,7 @@ int devcgroup_inode_mknod(int mode, dev_t dev)
        list_for_each_entry_rcu(wh, &dev_cgroup->whitelist, list) {
                if (wh->type & DEV_ALL)
-                        goto acc_check;
+                        goto found;
                if ((wh->type & DEV_BLOCK) && !S_ISBLK(mode))
                        continue;
                if ((wh->type & DEV_CHAR) && !S_ISCHR(mode))
@@ -536,9 +537,10 @@ int devcgroup_inode_mknod(int mode, dev_t dev)
                        continue;
                if (wh->minor != ~0 && wh->minor != MINOR(dev))
                        continue;
-acc_check:
                if (!(wh->access & ACC_MKNOD))
                        continue;
+found:
                rcu_read_unlock();
                return 0;
        }
author	Li Zefan <lizf@cn.fujitsu.com>	2009-06-17 19:26:33 -0400
committer	Linus Torvalds <torvalds@linux-foundation.org>	2009-06-18 16:03:47 -0400
commit	cd5008196f7e583f4c558531a2bca59f6c674c5b (patch)
tree	c91a3d15b09545eddebbc09577b2763ef2e34235 /security
parent	f9ab5b5b0f5be506640321d710b0acd3dca6154a (diff)

diff --git a/security/device_cgroup.c b/security/device_cgroup.c index 5fda7df19723..b8186bac8b7e 100644 --- a/security/device_cgroup.c +++ b/security/device_cgroup.c
@@ -490,7 +490,7 @@ int devcgroup_inode_permission(struct inode *inode, int mask)
490		490
491	list_for_each_entry_rcu(wh, &dev_cgroup->whitelist, list) {	491	list_for_each_entry_rcu(wh, &dev_cgroup->whitelist, list) {
492	if (wh->type & DEV_ALL)	492	if (wh->type & DEV_ALL)
493	goto acc_check;	493	goto found;
494	if ((wh->type & DEV_BLOCK) && !S_ISBLK(inode->i_mode))	494	if ((wh->type & DEV_BLOCK) && !S_ISBLK(inode->i_mode))
495	continue;	495	continue;
496	if ((wh->type & DEV_CHAR) && !S_ISCHR(inode->i_mode))	496	if ((wh->type & DEV_CHAR) && !S_ISCHR(inode->i_mode))
@@ -499,11 +499,12 @@ int devcgroup_inode_permission(struct inode *inode, int mask)
499	continue;	499	continue;
500	if (wh->minor != ~0 && wh->minor != iminor(inode))	500	if (wh->minor != ~0 && wh->minor != iminor(inode))
501	continue;	501	continue;
502	acc_check:	502
503	if ((mask & MAY_WRITE) && !(wh->access & ACC_WRITE))	503	if ((mask & MAY_WRITE) && !(wh->access & ACC_WRITE))
504	continue;	504	continue;
505	if ((mask & MAY_READ) && !(wh->access & ACC_READ))	505	if ((mask & MAY_READ) && !(wh->access & ACC_READ))
506	continue;	506	continue;
		507	found:
507	rcu_read_unlock();	508	rcu_read_unlock();
508	return 0;	509	return 0;
509	}	510	}
@@ -527,7 +528,7 @@ int devcgroup_inode_mknod(int mode, dev_t dev)
527		528
528	list_for_each_entry_rcu(wh, &dev_cgroup->whitelist, list) {	529	list_for_each_entry_rcu(wh, &dev_cgroup->whitelist, list) {
529	if (wh->type & DEV_ALL)	530	if (wh->type & DEV_ALL)
530	goto acc_check;	531	goto found;
531	if ((wh->type & DEV_BLOCK) && !S_ISBLK(mode))	532	if ((wh->type & DEV_BLOCK) && !S_ISBLK(mode))
532	continue;	533	continue;
533	if ((wh->type & DEV_CHAR) && !S_ISCHR(mode))	534	if ((wh->type & DEV_CHAR) && !S_ISCHR(mode))
@@ -536,9 +537,10 @@ int devcgroup_inode_mknod(int mode, dev_t dev)
536	continue;	537	continue;
537	if (wh->minor != ~0 && wh->minor != MINOR(dev))	538	if (wh->minor != ~0 && wh->minor != MINOR(dev))
538	continue;	539	continue;
539	acc_check:	540
540	if (!(wh->access & ACC_MKNOD))	541	if (!(wh->access & ACC_MKNOD))
541	continue;	542	continue;
		543	found:
542	rcu_read_unlock();	544	rcu_read_unlock();
543	return 0;	545	return 0;
544	}	546	}