3 files changed, 23 insertions, 24 deletions
diff --git a/kernel/audit.h b/kernel/audit.h
index 704d5b01d9fd..bb1c0d69db08 100644
--- a/kernel/audit.h
+++ b/kernel/audit.h
@@ -109,10 +109,7 @@ extern dev_t audit_watch_dev(struct audit_watch *watch);
 extern void audit_put_watch(struct audit_watch *watch);
 extern void audit_get_watch(struct audit_watch *watch);
 extern int audit_to_watch(struct audit_krule *krule, char *path, int len, u32 op);
-extern int audit_get_nd(char *path, struct nameidata **ndp, struct nameidata **ndw);
+extern int audit_add_watch(struct audit_krule *krule);
-extern void audit_put_nd(struct nameidata *ndp, struct nameidata *ndw);
-extern int audit_add_watch(struct audit_krule *krule, struct nameidata *ndp,
-                           struct nameidata *ndw);
 extern void audit_remove_watch(struct audit_watch *watch);
 extern void audit_remove_watch_rule(struct audit_krule *krule, struct list_head *list);
 extern void audit_inotify_unregister(struct list_head *in_list);
diff --git a/kernel/audit_watch.c b/kernel/audit_watch.c
index da8be6d39c1a..b49ab019fdff 100644
--- a/kernel/audit_watch.c
+++ b/kernel/audit_watch.c
@@ -345,7 +345,7 @@ void audit_inotify_unregister(struct list_head *in_list)
 }
 /* Get path information necessary for adding watches. */
-int audit_get_nd(char *path, struct nameidata **ndp, struct nameidata **ndw)
+static int audit_get_nd(char *path, struct nameidata **ndp, struct nameidata **ndw)
 {
        struct nameidata *ndparent, *ndwatch;
        int err;
@@ -380,7 +380,7 @@ int audit_get_nd(char *path, struct nameidata **ndp, struct nameidata **ndw)
 }
 /* Release resources used for watch path information. */
-void audit_put_nd(struct nameidata *ndp, struct nameidata *ndw)
+static void audit_put_nd(struct nameidata *ndp, struct nameidata *ndw)
 {
        if (ndp) {
                path_put(&ndp->path);
@@ -426,14 +426,24 @@ static void audit_add_to_parent(struct audit_krule *krule,
 /* Find a matching watch entry, or add this one.
 * Caller must hold audit_filter_mutex. */
-int audit_add_watch(struct audit_krule *krule, struct nameidata *ndp,
+int audit_add_watch(struct audit_krule *krule)
-                    struct nameidata *ndw)
 {
        struct audit_watch *watch = krule->watch;
        struct inotify_watch *i_watch;
        struct audit_parent *parent;
+        struct nameidata *ndp = NULL, *ndw = NULL;
        int ret = 0;
+        mutex_unlock(&audit_filter_mutex);
+        /* Avoid calling path_lookup under audit_filter_mutex. */
+        ret = audit_get_nd(watch->path, &ndp, &ndw);
+        if (ret) {
+                /* caller expects mutex locked */
+                mutex_lock(&audit_filter_mutex);
+                goto error;
+        }
        /* update watch filter fields */
        if (ndw) {
                watch->dev = ndw->path.dentry->d_inode->i_sb->s_dev;
@@ -445,15 +455,14 @@ int audit_add_watch(struct audit_krule *krule, struct nameidata *ndp,
         * inotify watch is found, inotify_find_watch() grabs a reference before
         * returning.
         */
-        mutex_unlock(&audit_filter_mutex);
        if (inotify_find_watch(audit_ih, ndp->path.dentry->d_inode,
                               &i_watch) < 0) {
                parent = audit_init_parent(ndp);
                if (IS_ERR(parent)) {
                        /* caller expects mutex locked */
                        mutex_lock(&audit_filter_mutex);
-                        return PTR_ERR(parent);
+                        ret = PTR_ERR(parent);
+                        goto error;
                }
        } else
                parent = container_of(i_watch, struct audit_parent, wdata);
@@ -468,7 +477,11 @@ int audit_add_watch(struct audit_krule *krule, struct nameidata *ndp,
        /* match get in audit_init_parent or inotify_find_watch */
        put_inotify_watch(&parent->wdata);
+error:
+        audit_put_nd(ndp, ndw);         /* NULL args OK */
        return ret;
 }
 void audit_remove_watch_rule(struct audit_krule *krule, struct list_head *list)
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
index 9d4c93437de6..21b623595aad 100644
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c
@@ -864,7 +864,6 @@ static inline int audit_add_rule(struct audit_entry *entry)
        struct audit_entry *e;
        struct audit_watch *watch = entry->rule.watch;
        struct audit_tree *tree = entry->rule.tree;
-        struct nameidata *ndp = NULL, *ndw = NULL;
        struct list_head *list;
        int h, err;
 #ifdef CONFIG_AUDITSYSCALL
@@ -878,8 +877,8 @@ static inline int audit_add_rule(struct audit_entry *entry)
        mutex_lock(&audit_filter_mutex);
        e = audit_find_rule(entry, &list);
-        mutex_unlock(&audit_filter_mutex);
        if (e) {
+                mutex_unlock(&audit_filter_mutex);
                err = -EEXIST;
                /* normally audit_add_tree_rule() will free it on failure */
                if (tree)
@@ -887,17 +886,9 @@ static inline int audit_add_rule(struct audit_entry *entry)
                goto error;
        }
-        /* Avoid calling path_lookup under audit_filter_mutex. */
-        if (watch) {
-                err = audit_get_nd(audit_watch_path(watch), &ndp, &ndw);
-                if (err)
-                        goto error;
-        }
-        mutex_lock(&audit_filter_mutex);
        if (watch) {
                /* audit_filter_mutex is dropped and re-taken during this call */
-                err = audit_add_watch(&entry->rule, ndp, ndw);
+                err = audit_add_watch(&entry->rule);
                if (err) {
                        mutex_unlock(&audit_filter_mutex);
                        goto error;
@@ -942,11 +933,9 @@ static inline int audit_add_rule(struct audit_entry *entry)
 #endif
        mutex_unlock(&audit_filter_mutex);
-        audit_put_nd(ndp, ndw);         /* NULL args OK */
        return 0;
 error:
-        audit_put_nd(ndp, ndw);         /* NULL args OK */
        if (watch)
                audit_put_watch(watch); /* tmp watch, matches initial get */
        return err;