From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754125AbbCIUf7 (ORCPT ); Mon, 9 Mar 2015 16:35:59 -0400 Received: from mx1.redhat.com ([209.132.183.28]:38733 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753692AbbCIUf4 (ORCPT ); Mon, 9 Mar 2015 16:35:56 -0400 From: Mateusz Guzik To: Alexander Viro , Serge Hallyn Cc: Paul Moore , Eric Paris , linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org Subject: [PATCH 0/2] avoid prepare_creds in faccessat when possible Date: Mon, 9 Mar 2015 21:35:45 +0100 Message-Id: <1425933347-6080-1-git-send-email-mguzik@redhat.com> Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Sometimes faccessat needs to modify current thread's credentials, but calls prepare_creds unconditionally. However, typically resulting credentials are identical to original ones and in that case newcredentials are unnecessary. We can detect this before allocating anything. This patch series adds a helper which allows comparing capability sets and modifies faccessat to use it. Mateusz Guzik (2): CAPABILITIES: add cap_isequal helper fs: avoid unnecessary prepare_creds in faccessat fs/open.c | 53 ++++++++++++++++++++++++++++++---------------- include/linux/capability.h | 10 +++++++++ 2 files changed, 45 insertions(+), 18 deletions(-) -- 1.8.3.1