evm: calculate HMAC after initializing posix acl on tmpfs

Included in the EVM hmac calculation is the i_mode.  Any changes to
the i_mode need to be reflected in the hmac.  shmem_mknod() currently
calls generic_acl_init(), which modifies the i_mode, after calling
security_inode_init_security().  This patch reverses the order in
which they are called.

Reported-by: Sven Vermeulen <sven.vermeulen@siphos.be>
Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
Acked-by: Hugh Dickins <hughd@google.com>

1 files changed, 8 insertions, 8 deletions

diff --git a/mm/shmem.c b/mm/shmem.c
index 5e6a8422658b..a8e10722f8dc 100644
--- a/mm/shmem.c
+++ b/mm/shmem.c
@@ -1939,6 +1939,13 @@ shmem_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev)
 
         inode = shmem_get_inode(dir->i_sb, dir, mode, dev, VM_NORESERVE);
         if (inode) {
+#ifdef CONFIG_TMPFS_POSIX_ACL
+                error = generic_acl_init(inode, dir);
+                if (error) {
+                        iput(inode);
+                        return error;
+                }
+#endif
                 error = security_inode_init_security(inode, dir,
                                                      &dentry->d_name,
                                                      shmem_initxattrs, NULL);
@@ -1948,15 +1955,8 @@ shmem_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev)
                                 return error;
                         }
                 }
-#ifdef CONFIG_TMPFS_POSIX_ACL
-                error = generic_acl_init(inode, dir);
-                if (error) {
-                        iput(inode);
-                        return error;
-                }
-#else
+
                 error = 0;
-#endif
                 dir->i_size += BOGO_DIRENT_SIZE;
                 dir->i_ctime = dir->i_mtime = CURRENT_TIME;
                 d_instantiate(dentry, inode);