From owner-svn-src-head@FreeBSD.ORG Wed Oct 22 01:09:08 2014 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 45D89A87; Wed, 22 Oct 2014 01:09:08 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 1849AA0A; Wed, 22 Oct 2014 01:09:08 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id s9M197og009522; Wed, 22 Oct 2014 01:09:07 GMT (envelope-from mjg@FreeBSD.org) Received: (from mjg@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id s9M197wU009521; Wed, 22 Oct 2014 01:09:07 GMT (envelope-from mjg@FreeBSD.org) Message-Id: <201410220109.s9M197wU009521@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: mjg set sender to mjg@FreeBSD.org using -f From: Mateusz Guzik Date: Wed, 22 Oct 2014 01:09:07 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r273444 - head/sys/kern X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Oct 2014 01:09:08 -0000 Author: mjg Date: Wed Oct 22 01:09:07 2014 New Revision: 273444 URL: https://svnweb.freebsd.org/changeset/base/273444 Log: Avoid crdup when possible in kern_accessat. While here tidy up a little. Modified: head/sys/kern/vfs_syscalls.c Modified: head/sys/kern/vfs_syscalls.c ============================================================================== --- head/sys/kern/vfs_syscalls.c Wed Oct 22 01:04:16 2014 (r273443) +++ head/sys/kern/vfs_syscalls.c Wed Oct 22 01:09:07 2014 (r273444) @@ -2064,7 +2064,7 @@ int kern_accessat(struct thread *td, int fd, char *path, enum uio_seg pathseg, int flag, int amode) { - struct ucred *cred, *tmpcred; + struct ucred *cred, *usecred; struct vnode *vp; struct nameidata nd; cap_rights_t rights; @@ -2075,31 +2075,33 @@ kern_accessat(struct thread *td, int fd, /* * Create and modify a temporary credential instead of one that - * is potentially shared. + * is potentially shared (if we need one). */ - if (!(flag & AT_EACCESS)) { - cred = td->td_ucred; - tmpcred = crdup(cred); - tmpcred->cr_uid = cred->cr_ruid; - tmpcred->cr_groups[0] = cred->cr_rgid; - td->td_ucred = tmpcred; + cred = td->td_ucred; + if ((flag & AT_EACCESS) == 0 && + ((cred->cr_uid != cred->cr_ruid || + cred->cr_rgid != cred->cr_groups[0]))) { + usecred = crdup(cred); + usecred->cr_uid = cred->cr_ruid; + usecred->cr_groups[0] = cred->cr_rgid; + td->td_ucred = usecred; } else - cred = tmpcred = td->td_ucred; + usecred = cred; AUDIT_ARG_VALUE(amode); NDINIT_ATRIGHTS(&nd, LOOKUP, FOLLOW | LOCKSHARED | LOCKLEAF | AUDITVNODE1, pathseg, path, fd, cap_rights_init(&rights, CAP_FSTAT), td); if ((error = namei(&nd)) != 0) - goto out1; + goto out; vp = nd.ni_vp; - error = vn_access(vp, amode, tmpcred, td); + error = vn_access(vp, amode, usecred, td); NDFREE(&nd, NDF_ONLY_PNBUF); vput(vp); -out1: - if (!(flag & AT_EACCESS)) { +out: + if (usecred != cred) { td->td_ucred = cred; - crfree(tmpcred); + crfree(usecred); } return (error); }