Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752677AbdFUOzu (ORCPT ); Wed, 21 Jun 2017 10:55:50 -0400 Received: from mail.kernel.org ([198.145.29.99]:45386 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752413AbdFUOzs (ORCPT ); Wed, 21 Jun 2017 10:55:48 -0400 DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 1FDBC23A0A Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=kernel.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=luto@kernel.org MIME-Version: 1.0 In-Reply-To: <20170620214024.GA121654@beast> References: <20170620214024.GA121654@beast> From: Andy Lutomirski Date: Wed, 21 Jun 2017 07:55:26 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH] fs: Reorder inode_owner_or_capable() to avoid needless To: Kees Cook Cc: Alexander Viro , Solar Designer , "Serge E. Hallyn" , Andy Lutomirski , Linux FS Devel , "linux-kernel@vger.kernel.org" Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 349 Lines: 7 On Tue, Jun 20, 2017 at 2:40 PM, Kees Cook wrote: > Checking for capabilities should be the last operation when performing > access control tests so that PF_SUPERPRIV is set only when it was required > for success (implying that the capability was needed for the operation). > Reviewed-by: Andy Lutomirski