After the label is matched successful, any other levels judgements
are meaningless. Therefore, add break to return early

Signed-off-by: Cai Xinchen <caixinchen1@huawei.com>
---
 security/lockdown/lockdown.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/security/lockdown/lockdown.c b/security/lockdown/lockdown.c
index 8d46886d2cca..263dcc80d839 100644
--- a/security/lockdown/lockdown.c
+++ b/security/lockdown/lockdown.c
@@ -139,8 +139,10 @@ static ssize_t lockdown_write(struct file *file, const char __user *buf,
 		enum lockdown_reason level = lockdown_levels[i];
 		const char *label = lockdown_reasons[level];
 
-		if (label && !strcmp(state, label))
+		if (label && !strcmp(state, label)) {
 			err = lock_kernel_down("securityfs", level);
+			break;
+		}
 	}
 
 	kfree(state);
-- 
2.34.1

On 1/19/2026 5:12 PM, Cai Xinchen wrote:
> After the label is matched successful, any other levels judgements
> are meaningless. Therefore, add break to return early
> 
> Signed-off-by: Cai Xinchen <caixinchen1@huawei.com>

Looks good to me, thanks.

Acked-by: Xiu Jianfeng <xiujianfeng@huawei.com>

Paul,

Would you mind if this patch went through the LSM tree? :)

Best regards
Xiu Jianfeng

On Thu, Jan 22, 2026 at 4:31 AM Xiu Jianfeng <xiujianfeng@huawei.com> wrote:
> On 1/19/2026 5:12 PM, Cai Xinchen wrote:
> > After the label is matched successful, any other levels judgements
> > are meaningless. Therefore, add break to return early
> >
> > Signed-off-by: Cai Xinchen <caixinchen1@huawei.com>
>
> Looks good to me, thanks.
>
> Acked-by: Xiu Jianfeng <xiujianfeng@huawei.com>
>
> Paul,
>
> Would you mind if this patch went through the LSM tree? :)

Assuming Nicolas is okay with that, I can take this through the LSM tree.

-- 
paul-moore.com