From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754274AbbCMOC5 (ORCPT ); Fri, 13 Mar 2015 10:02:57 -0400 Received: from mx1.redhat.com ([209.132.183.28]:47309 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751333AbbCMOCu (ORCPT ); Fri, 13 Mar 2015 10:02:50 -0400 From: Paul Moore To: Mateusz Guzik Cc: Alexander Viro , Serge Hallyn , Eric Paris , linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org Subject: Re: [PATCH 1/2] CAPABILITIES: add cap_isequal helper Date: Fri, 13 Mar 2015 10:02:46 -0400 Message-ID: <7137571.s9u0Hicdri@sifl> Organization: Red Hat User-Agent: KMail/4.14.3 (Linux/3.16.7-gentoo; KDE/4.14.3; x86_64; ; ) In-Reply-To: <1425933347-6080-2-git-send-email-mguzik@redhat.com> References: <1425933347-6080-1-git-send-email-mguzik@redhat.com> <1425933347-6080-2-git-send-email-mguzik@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Monday, March 09, 2015 09:35:46 PM Mateusz Guzik wrote: > Can be used to determine whether two given sets have the same > capabilities. > > Signed-off-by: Mateusz Guzik > --- > include/linux/capability.h | 10 ++++++++++ > 1 file changed, 10 insertions(+) > > diff --git a/include/linux/capability.h b/include/linux/capability.h > index af9f0b9..2fcf941 100644 > --- a/include/linux/capability.h > +++ b/include/linux/capability.h > @@ -155,6 +155,16 @@ static inline int cap_isclear(const kernel_cap_t a) > return 1; > } > > +static inline int cap_isequal(const kernel_cap_t a, const kernel_cap_t b) > +{ > + unsigned __capi; > + CAP_FOR_EACH_U32(__capi) { > + if (a.cap[__capi] != b.cap[__capi]) > + return 0; > + } > + return 1; > +} I realize it is currently only a two pass loop so probably not that big of a deal, but couldn't you accomplish the same with a memcmp()? I suppose the above implementation might be faster than those architectures which use the generic memcmp() implementation, but I wonder if the arch-specific memcmp() implementations would be faster. Also, what is the main motivation for this patchset? Do you have a workload that is being hit hard by prepare_creds()? -- paul moore security @ redhat