diff options
author | Eric W. Biederman <ebiederm@xmission.com> | 2011-11-16 23:15:31 -0800 |
---|---|---|
committer | Eric W. Biederman <ebiederm@xmission.com> | 2012-04-07 16:55:51 -0700 |
commit | c4a4d603796c727b9555867571f89483be9c565e (patch) | |
tree | ae3b47a7b8b35c866df53cb4b4a051d49a28904a /kernel/sys.c | |
parent | 7e6bd8fadd1216f50468f965d0308f45e5109ced (diff) | |
download | lwn-c4a4d603796c727b9555867571f89483be9c565e.tar.gz lwn-c4a4d603796c727b9555867571f89483be9c565e.zip |
userns: Use cred->user_ns instead of cred->user->user_ns
Optimize performance and prepare for the removal of the user_ns reference
from user_struct. Remove the slow long walk through cred->user->user_ns and
instead go straight to cred->user_ns.
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Diffstat (limited to 'kernel/sys.c')
-rw-r--r-- | kernel/sys.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/kernel/sys.c b/kernel/sys.c index f7a43514ac65..82d8714bbede 100644 --- a/kernel/sys.c +++ b/kernel/sys.c @@ -133,11 +133,11 @@ static bool set_one_prio_perm(struct task_struct *p) { const struct cred *cred = current_cred(), *pcred = __task_cred(p); - if (pcred->user->user_ns == cred->user->user_ns && + if (pcred->user_ns == cred->user_ns && (pcred->uid == cred->euid || pcred->euid == cred->euid)) return true; - if (ns_capable(pcred->user->user_ns, CAP_SYS_NICE)) + if (ns_capable(pcred->user_ns, CAP_SYS_NICE)) return true; return false; } @@ -1498,7 +1498,7 @@ static int check_prlimit_permission(struct task_struct *task) return 0; tcred = __task_cred(task); - if (cred->user->user_ns == tcred->user->user_ns && + if (cred->user_ns == tcred->user_ns && (cred->uid == tcred->euid && cred->uid == tcred->suid && cred->uid == tcred->uid && @@ -1506,7 +1506,7 @@ static int check_prlimit_permission(struct task_struct *task) cred->gid == tcred->sgid && cred->gid == tcred->gid)) return 0; - if (ns_capable(tcred->user->user_ns, CAP_SYS_RESOURCE)) + if (ns_capable(tcred->user_ns, CAP_SYS_RESOURCE)) return 0; return -EPERM; |