From: Andi Kleen <ak@xxxxxxxxxxxxxxx> This avoids a xattr lookup on every write. Cc: tytso@xxxxxxx Signed-off-by: Andi Kleen <ak@xxxxxxxxxxxxxxx> --- fs/ext4/ialloc.c | 5 +++++ fs/ext4/inode.c | 7 +++++++ 2 files changed, 12 insertions(+), 0 deletions(-) diff --git a/fs/ext4/ialloc.c b/fs/ext4/ialloc.c index 21bb2f6..cc7878d 100644 --- a/fs/ext4/ialloc.c +++ b/fs/ext4/ialloc.c @@ -1012,6 +1012,11 @@ got: */ ei->i_flags = ext4_mask_flags(mode, EXT4_I(dir)->i_flags & EXT4_FL_INHERITED); + /* + * New inode doesn't have security xattrs. + */ + if (!is_sgid(inode->i_mode)) + inode->i_flags |= S_NOSEC; ei->i_file_acl = 0; ei->i_dtime = 0; ei->i_block_group = group; diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c index f2fa5e8..d03b2b0 100644 --- a/fs/ext4/inode.c +++ b/fs/ext4/inode.c @@ -4758,6 +4758,13 @@ void ext4_set_inode_flags(struct inode *inode) inode->i_flags |= S_NOATIME; if (flags & EXT4_DIRSYNC_FL) inode->i_flags |= S_DIRSYNC; + /* + * Don't know yet if an xattr is really security related, but the first + * write will find out. + */ + if (!is_sgid(inode->i_mode) && + !ext4_test_inode_state(inode, EXT4_STATE_XATTR)) + inode->i_flags |= S_NOSEC; } /* Propagate flags from i_flags to EXT4_I(inode)->i_flags */ -- 1.7.4.4 -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
