xnu-3248.40.184.tar.gz

[apple/xnu.git] / bsd / vfs / vfs_cache.c

diff --git a/bsd/vfs/vfs_cache.c b/bsd/vfs/vfs_cache.c
index 36b1d24e6c88b01ab3ff35949855980cb2d05c31..b91ca2e445742f7aea211f4f46cb4b3a49eb5c00 100644 (file)
--- a/bsd/vfs/vfs_cache.c
+++ b/bsd/vfs/vfs_cache.c
@@ -1173,9 +1173,15 @@ skiprsrcfork:
 
                /*
                 * NAME_CACHE_LOCK holds these fields stable
+                *
+                * We can't cache KAUTH_VNODE_SEARCHBYANYONE for root correctly
+                * so  we make an ugly check for root here. root is always
+                * allowed and breaking out of here only to find out that is
+                * authorized by virtue of being root is very very expensive.
                 */
                if ((dp->v_cred != ucred || !(dp->v_authorized_actions & KAUTH_VNODE_SEARCH)) &&
-                   !(dp->v_authorized_actions & KAUTH_VNODE_SEARCHBYANYONE))
+                   !(dp->v_authorized_actions & KAUTH_VNODE_SEARCHBYANYONE) &&
+                   !vfs_context_issuser(ctx))
                        break;
 
                /*