IMA: maintain i_readcount in the VFS layer

ima_counts_get() updated the readcount and invalidated the PCR, as necessary. Only update the i_readcount in the VFS layer. Move the PCR invalidation checks to ima_file_check(), where it belongs. Maintaining the i_readcount in the VFS layer, will allow other subsystems to use i_readcount. Signed-off-by: Mimi Zohar <zohar@us.ibm.com> Acked-by: Eric Paris <eparis@redhat.com>
author: Mimi Zohar <zohar@linux.vnet.ibm.com> 2010-11-02 10:13:07 -0400
committer: Mimi Zohar <zohar@linux.vnet.ibm.com> 2011-02-10 07:51:44 -0500
commit: 890275b5eb79e9933d12290473eab9ac38da0051 (patch)
tree: 8fa529a6fdfa7647ed4e14287658b71df8636ddd /fs/file_table.c
parent: a5c96ebf1d71df0c5fb77ab58c9aeb307cf02372 (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/fs/file_table.c b/fs/file_table.c
index c3dee381f1b4..0c724deb46f9 100644
--- a/fs/file_table.c
+++ b/fs/file_table.c
@@ -190,7 +190,8 @@ struct file *alloc_file(struct path *path, fmode_t mode,
                file_take_write(file);
                WARN_ON(mnt_clone_write(path->mnt));
        }
-        ima_counts_get(file);
+        if ((mode & (FMODE_READ | FMODE_WRITE)) == FMODE_READ)
+                i_readcount_inc(path->dentry->d_inode);
        return file;
 }
 EXPORT_SYMBOL(alloc_file);
@@ -251,6 +252,8 @@ static void __fput(struct file *file)
        fops_put(file->f_op);
        put_pid(file->f_owner.pid);
        file_sb_list_del(file);
+        if ((file->f_mode & (FMODE_READ | FMODE_WRITE)) == FMODE_READ)
+                i_readcount_dec(inode);
        if (file->f_mode & FMODE_WRITE)
                drop_file_write_access(file);
        file->f_path.dentry = NULL;
author	Mimi Zohar <zohar@linux.vnet.ibm.com>	2010-11-02 10:13:07 -0400
committer	Mimi Zohar <zohar@linux.vnet.ibm.com>	2011-02-10 07:51:44 -0500
commit	890275b5eb79e9933d12290473eab9ac38da0051 (patch)
tree	8fa529a6fdfa7647ed4e14287658b71df8636ddd /fs/file_table.c
parent	a5c96ebf1d71df0c5fb77ab58c9aeb307cf02372 (diff)