1 files changed, 97 insertions, 54 deletions
diff --git a/fs/namei.c b/fs/namei.c
index 967c3db92724..f3c5b278895a 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -552,6 +552,17 @@ static __always_inline int link_path_walk(const char *name, struct nameidata *nd
        return result;
 }
+static __always_inline void set_root(struct nameidata *nd)
+{
+        if (!nd->root.mnt) {
+                struct fs_struct *fs = current->fs;
+                read_lock(&fs->lock);
+                nd->root = fs->root;
+                path_get(&nd->root);
+                read_unlock(&fs->lock);
+        }
+}
 static __always_inline int __vfs_follow_link(struct nameidata *nd, const char *link)
 {
        int res = 0;
@@ -560,14 +571,10 @@ static __always_inline int __vfs_follow_link(struct nameidata *nd, const char *l
                goto fail;
        if (*link == '/') {
-                struct fs_struct *fs = current->fs;
+                set_root(nd);
                path_put(&nd->path);
+                nd->path = nd->root;
-                read_lock(&fs->lock);
+                path_get(&nd->root);
-                nd->path = fs->root;
-                path_get(&fs->root);
-                read_unlock(&fs->lock);
        }
        res = link_path_walk(link, nd);
@@ -668,23 +675,23 @@ loop:
        return err;
 }
-int follow_up(struct vfsmount **mnt, struct dentry **dentry)
+int follow_up(struct path *path)
 {
        struct vfsmount *parent;
        struct dentry *mountpoint;
        spin_lock(&vfsmount_lock);
-        parent=(*mnt)->mnt_parent;
+        parent = path->mnt->mnt_parent;
-        if (parent == *mnt) {
+        if (parent == path->mnt) {
                spin_unlock(&vfsmount_lock);
                return 0;
        }
        mntget(parent);
-        mountpoint=dget((*mnt)->mnt_mountpoint);
+        mountpoint = dget(path->mnt->mnt_mountpoint);
        spin_unlock(&vfsmount_lock);
-        dput(*dentry);
+        dput(path->dentry);
-        *dentry = mountpoint;
+        path->dentry = mountpoint;
-        mntput(*mnt);
+        mntput(path->mnt);
-        *mnt = parent;
+        path->mnt = parent;
        return 1;
 }
@@ -695,7 +702,7 @@ static int __follow_mount(struct path *path)
 {
        int res = 0;
        while (d_mountpoint(path->dentry)) {
-                struct vfsmount *mounted = lookup_mnt(path->mnt, path->dentry);
+                struct vfsmount *mounted = lookup_mnt(path);
                if (!mounted)
                        break;
                dput(path->dentry);
@@ -708,32 +715,32 @@ static int __follow_mount(struct path *path)
        return res;
 }
-static void follow_mount(struct vfsmount **mnt, struct dentry **dentry)
+static void follow_mount(struct path *path)
 {
-        while (d_mountpoint(*dentry)) {
+        while (d_mountpoint(path->dentry)) {
-                struct vfsmount *mounted = lookup_mnt(*mnt, *dentry);
+                struct vfsmount *mounted = lookup_mnt(path);
                if (!mounted)
                        break;
-                dput(*dentry);
+                dput(path->dentry);
-                mntput(*mnt);
+                mntput(path->mnt);
-                *mnt = mounted;
+                path->mnt = mounted;
-                *dentry = dget(mounted->mnt_root);
+                path->dentry = dget(mounted->mnt_root);
        }
 }
 /* no need for dcache_lock, as serialization is taken care in
 * namespace.c
 */
-int follow_down(struct vfsmount **mnt, struct dentry **dentry)
+int follow_down(struct path *path)
 {
        struct vfsmount *mounted;
-        mounted = lookup_mnt(*mnt, *dentry);
+        mounted = lookup_mnt(path);
        if (mounted) {
-                dput(*dentry);
+                dput(path->dentry);
-                mntput(*mnt);
+                mntput(path->mnt);
-                *mnt = mounted;
+                path->mnt = mounted;
-                *dentry = dget(mounted->mnt_root);
+                path->dentry = dget(mounted->mnt_root);
                return 1;
        }
        return 0;
@@ -741,19 +748,16 @@ int follow_down(struct vfsmount **mnt, struct dentry **dentry)
 static __always_inline void follow_dotdot(struct nameidata *nd)
 {
-        struct fs_struct *fs = current->fs;
+        set_root(nd);
        while(1) {
                struct vfsmount *parent;
                struct dentry *old = nd->path.dentry;
-                read_lock(&fs->lock);
+                if (nd->path.dentry == nd->root.dentry &&
-                if (nd->path.dentry == fs->root.dentry &&
+                    nd->path.mnt == nd->root.mnt) {
-                    nd->path.mnt == fs->root.mnt) {
-                        read_unlock(&fs->lock);
                        break;
                }
-                read_unlock(&fs->lock);
                spin_lock(&dcache_lock);
                if (nd->path.dentry != nd->path.mnt->mnt_root) {
                        nd->path.dentry = dget(nd->path.dentry->d_parent);
@@ -775,7 +779,7 @@ static __always_inline void follow_dotdot(struct nameidata *nd)
                mntput(nd->path.mnt);
                nd->path.mnt = parent;
        }
-        follow_mount(&nd->path.mnt, &nd->path.dentry);
+        follow_mount(&nd->path);
 }
 /*
@@ -853,7 +857,8 @@ static int __link_path_walk(const char *name, struct nameidata *nd)
                        err = inode_permission(nd->path.dentry->d_inode,
                                               MAY_EXEC);
                if (!err)
-                        err = ima_path_check(&nd->path, MAY_EXEC);
+                        err = ima_path_check(&nd->path, MAY_EXEC,
+                                             IMA_COUNT_UPDATE);
                if (err)
                        break;
@@ -1016,25 +1021,23 @@ static int path_walk(const char *name, struct nameidata *nd)
        return link_path_walk(name, nd);
 }
-/* Returns 0 and nd will be valid on success; Retuns error, otherwise. */
+static int path_init(int dfd, const char *name, unsigned int flags, struct nameidata *nd)
-static int do_path_lookup(int dfd, const char *name,
-                                unsigned int flags, struct nameidata *nd)
 {
        int retval = 0;
        int fput_needed;
        struct file *file;
-        struct fs_struct *fs = current->fs;
        nd->last_type = LAST_ROOT; /* if there are only slashes... */
        nd->flags = flags;
        nd->depth = 0;
+        nd->root.mnt = NULL;
        if (*name=='/') {
-                read_lock(&fs->lock);
+                set_root(nd);
-                nd->path = fs->root;
+                nd->path = nd->root;
-                path_get(&fs->root);
+                path_get(&nd->root);
-                read_unlock(&fs->lock);
        } else if (dfd == AT_FDCWD) {
+                struct fs_struct *fs = current->fs;
                read_lock(&fs->lock);
                nd->path = fs->pwd;
                path_get(&fs->pwd);
@@ -1062,17 +1065,29 @@ static int do_path_lookup(int dfd, const char *name,
                fput_light(file, fput_needed);
        }
+        return 0;
-        retval = path_walk(name, nd);
+fput_fail:
+        fput_light(file, fput_needed);
+out_fail:
+        return retval;
+}
+/* Returns 0 and nd will be valid on success; Retuns error, otherwise. */
+static int do_path_lookup(int dfd, const char *name,
+                                unsigned int flags, struct nameidata *nd)
+{
+        int retval = path_init(dfd, name, flags, nd);
+        if (!retval)
+                retval = path_walk(name, nd);
        if (unlikely(!retval && !audit_dummy_context() && nd->path.dentry &&
                                nd->path.dentry->d_inode))
                audit_inode(name, nd->path.dentry);
-out_fail:
+        if (nd->root.mnt) {
+                path_put(&nd->root);
+                nd->root.mnt = NULL;
+        }
        return retval;
-fput_fail:
-        fput_light(file, fput_needed);
-        goto out_fail;
 }
 int path_lookup(const char *name, unsigned int flags,
@@ -1112,14 +1127,18 @@ int vfs_path_lookup(struct dentry *dentry, struct vfsmount *mnt,
        nd->path.dentry = dentry;
        nd->path.mnt = mnt;
        path_get(&nd->path);
+        nd->root = nd->path;
+        path_get(&nd->root);
        retval = path_walk(name, nd);
        if (unlikely(!retval && !audit_dummy_context() && nd->path.dentry &&
                                nd->path.dentry->d_inode))
                audit_inode(name, nd->path.dentry);
-        return retval;
+        path_put(&nd->root);
+        nd->root.mnt = NULL;
+        return retval;
 }
 /**
@@ -1515,7 +1534,8 @@ int may_open(struct path *path, int acc_mode, int flag)
                return error;
        error = ima_path_check(path,
-                               acc_mode & (MAY_READ | MAY_WRITE | MAY_EXEC));
+                               acc_mode & (MAY_READ | MAY_WRITE | MAY_EXEC),
+                               IMA_COUNT_UPDATE);
        if (error)
                return error;
        /*
@@ -1674,9 +1694,17 @@ struct file *do_filp_open(int dfd, const char *pathname,
        /*
         * Create - we need to know the parent.
         */
-        error = do_path_lookup(dfd, pathname, LOOKUP_PARENT, &nd);
+        error = path_init(dfd, pathname, LOOKUP_PARENT, &nd);
        if (error)
                return ERR_PTR(error);
+        error = path_walk(pathname, &nd);
+        if (error) {
+                if (nd.root.mnt)
+                        path_put(&nd.root);
+                return ERR_PTR(error);
+        }
+        if (unlikely(!audit_dummy_context()))
+                audit_inode(pathname, nd.path.dentry);
        /*
         * We have the parent and last component. First of all, check
@@ -1733,7 +1761,13 @@ do_last:
                        goto exit;
                }
                filp = nameidata_to_filp(&nd, open_flag);
+                if (IS_ERR(filp))
+                        ima_counts_put(&nd.path,
+                                       acc_mode & (MAY_READ | MAY_WRITE |
+                                                   MAY_EXEC));
                mnt_drop_write(nd.path.mnt);
+                if (nd.root.mnt)
+                        path_put(&nd.root);
                return filp;
        }
@@ -1787,6 +1821,9 @@ ok:
                goto exit;
        }
        filp = nameidata_to_filp(&nd, open_flag);
+        if (IS_ERR(filp))
+                ima_counts_put(&nd.path,
+                               acc_mode & (MAY_READ | MAY_WRITE | MAY_EXEC));
        /*
         * It is now safe to drop the mnt write
         * because the filp has had a write taken
@@ -1794,6 +1831,8 @@ ok:
         */
        if (will_write)
                mnt_drop_write(nd.path.mnt);
+        if (nd.root.mnt)
+                path_put(&nd.root);
        return filp;
 exit_mutex_unlock:
@@ -1804,6 +1843,8 @@ exit:
        if (!IS_ERR(nd.intent.open.file))
                release_open_intent(&nd);
 exit_parent:
+        if (nd.root.mnt)
+                path_put(&nd.root);
        path_put(&nd.path);
        return ERR_PTR(error);
@@ -1832,6 +1873,8 @@ do_link:
                 * with "intent.open".
                 */
                release_open_intent(&nd);
+                if (nd.root.mnt)
+                        path_put(&nd.root);
                return ERR_PTR(error);
        }
        nd.flags &= ~LOOKUP_PARENT;

diff --git a/fs/namei.c b/fs/namei.c index 967c3db92724..f3c5b278895a 100644 --- a/fs/namei.c +++ b/fs/namei.c
@@ -552,6 +552,17 @@ static __always_inline int link_path_walk(const char name, struct nameidata nd
552	return result;	552	return result;
553	}	553	}
554		554
		555	static __always_inline void set_root(struct nameidata *nd)
		556	{
		557	if (!nd->root.mnt) {
		558	struct fs_struct *fs = current->fs;
		559	read_lock(&fs->lock);
		560	nd->root = fs->root;
		561	path_get(&nd->root);
		562	read_unlock(&fs->lock);
		563	}
		564	}
		565
555	static __always_inline int __vfs_follow_link(struct nameidata nd, const char link)	566	static __always_inline int __vfs_follow_link(struct nameidata nd, const char link)
556	{	567	{
557	int res = 0;	568	int res = 0;
@@ -560,14 +571,10 @@ static __always_inline int __vfs_follow_link(struct nameidata nd, const char l
560	goto fail;	571	goto fail;
561		572
562	if (*link == '/') {	573	if (*link == '/') {
563	struct fs_struct *fs = current->fs;	574	set_root(nd);
564
565	path_put(&nd->path);	575	path_put(&nd->path);
566		576	nd->path = nd->root;
567	read_lock(&fs->lock);	577	path_get(&nd->root);
568	nd->path = fs->root;
569	path_get(&fs->root);
570	read_unlock(&fs->lock);
571	}	578	}
572		579
573	res = link_path_walk(link, nd);	580	res = link_path_walk(link, nd);
@@ -668,23 +675,23 @@ loop:
668	return err;	675	return err;
669	}	676	}
670		677
671	int follow_up(struct vfsmount mnt, struct dentry dentry)	678	int follow_up(struct path *path)
672	{	679	{
673	struct vfsmount *parent;	680	struct vfsmount *parent;
674	struct dentry *mountpoint;	681	struct dentry *mountpoint;
675	spin_lock(&vfsmount_lock);	682	spin_lock(&vfsmount_lock);
676	parent=(*mnt)->mnt_parent;	683	parent = path->mnt->mnt_parent;
677	if (parent == *mnt) {	684	if (parent == path->mnt) {
678	spin_unlock(&vfsmount_lock);	685	spin_unlock(&vfsmount_lock);
679	return 0;	686	return 0;
680	}	687	}
681	mntget(parent);	688	mntget(parent);
682	mountpoint=dget((*mnt)->mnt_mountpoint);	689	mountpoint = dget(path->mnt->mnt_mountpoint);
683	spin_unlock(&vfsmount_lock);	690	spin_unlock(&vfsmount_lock);
684	dput(*dentry);	691	dput(path->dentry);
685	*dentry = mountpoint;	692	path->dentry = mountpoint;
686	mntput(*mnt);	693	mntput(path->mnt);
687	*mnt = parent;	694	path->mnt = parent;
688	return 1;	695	return 1;
689	}	696	}
690		697
@@ -695,7 +702,7 @@ static int __follow_mount(struct path *path)
695	{	702	{
696	int res = 0;	703	int res = 0;
697	while (d_mountpoint(path->dentry)) {	704	while (d_mountpoint(path->dentry)) {
698	struct vfsmount *mounted = lookup_mnt(path->mnt, path->dentry);	705	struct vfsmount *mounted = lookup_mnt(path);
699	if (!mounted)	706	if (!mounted)
700	break;	707	break;
701	dput(path->dentry);	708	dput(path->dentry);
@@ -708,32 +715,32 @@ static int __follow_mount(struct path *path)
708	return res;	715	return res;
709	}	716	}
710		717
711	static void follow_mount(struct vfsmount mnt, struct dentry dentry)	718	static void follow_mount(struct path *path)
712	{	719	{
713	while (d_mountpoint(*dentry)) {	720	while (d_mountpoint(path->dentry)) {
714	struct vfsmount mounted = lookup_mnt(mnt, *dentry);	721	struct vfsmount *mounted = lookup_mnt(path);
715	if (!mounted)	722	if (!mounted)
716	break;	723	break;
717	dput(*dentry);	724	dput(path->dentry);
718	mntput(*mnt);	725	mntput(path->mnt);
719	*mnt = mounted;	726	path->mnt = mounted;
720	*dentry = dget(mounted->mnt_root);	727	path->dentry = dget(mounted->mnt_root);
721	}	728	}
722	}	729	}
723		730
724	/* no need for dcache_lock, as serialization is taken care in	731	/* no need for dcache_lock, as serialization is taken care in
725	* namespace.c	732	* namespace.c
726	*/	733	*/
727	int follow_down(struct vfsmount mnt, struct dentry dentry)	734	int follow_down(struct path *path)
728	{	735	{
729	struct vfsmount *mounted;	736	struct vfsmount *mounted;
730		737
731	mounted = lookup_mnt(mnt, dentry);	738	mounted = lookup_mnt(path);
732	if (mounted) {	739	if (mounted) {
733	dput(*dentry);	740	dput(path->dentry);
734	mntput(*mnt);	741	mntput(path->mnt);
735	*mnt = mounted;	742	path->mnt = mounted;
736	*dentry = dget(mounted->mnt_root);	743	path->dentry = dget(mounted->mnt_root);
737	return 1;	744	return 1;
738	}	745	}
739	return 0;	746	return 0;
@@ -741,19 +748,16 @@ int follow_down(struct vfsmount mnt, struct dentry dentry)
741		748
742	static __always_inline void follow_dotdot(struct nameidata *nd)	749	static __always_inline void follow_dotdot(struct nameidata *nd)
743	{	750	{
744	struct fs_struct *fs = current->fs;	751	set_root(nd);
745		752
746	while(1) {	753	while(1) {
747	struct vfsmount *parent;	754	struct vfsmount *parent;
748	struct dentry *old = nd->path.dentry;	755	struct dentry *old = nd->path.dentry;
749		756
750	read_lock(&fs->lock);	757	if (nd->path.dentry == nd->root.dentry &&
751	if (nd->path.dentry == fs->root.dentry &&	758	nd->path.mnt == nd->root.mnt) {
752	nd->path.mnt == fs->root.mnt) {
753	read_unlock(&fs->lock);
754	break;	759	break;
755	}	760	}
756	read_unlock(&fs->lock);
757	spin_lock(&dcache_lock);	761	spin_lock(&dcache_lock);
758	if (nd->path.dentry != nd->path.mnt->mnt_root) {	762	if (nd->path.dentry != nd->path.mnt->mnt_root) {
759	nd->path.dentry = dget(nd->path.dentry->d_parent);	763	nd->path.dentry = dget(nd->path.dentry->d_parent);
@@ -775,7 +779,7 @@ static __always_inline void follow_dotdot(struct nameidata *nd)
775	mntput(nd->path.mnt);	779	mntput(nd->path.mnt);
776	nd->path.mnt = parent;	780	nd->path.mnt = parent;
777	}	781	}
778	follow_mount(&nd->path.mnt, &nd->path.dentry);	782	follow_mount(&nd->path);
779	}	783	}
780		784
781	/*	785	/*
@@ -853,7 +857,8 @@ static int __link_path_walk(const char name, struct nameidata nd)
853	err = inode_permission(nd->path.dentry->d_inode,	857	err = inode_permission(nd->path.dentry->d_inode,
854	MAY_EXEC);	858	MAY_EXEC);
855	if (!err)	859	if (!err)
856	err = ima_path_check(&nd->path, MAY_EXEC);	860	err = ima_path_check(&nd->path, MAY_EXEC,
		861	IMA_COUNT_UPDATE);
857	if (err)	862	if (err)
858	break;	863	break;
859		864
@@ -1016,25 +1021,23 @@ static int path_walk(const char name, struct nameidata nd)
1016	return link_path_walk(name, nd);	1021	return link_path_walk(name, nd);
1017	}	1022	}
1018		1023
1019	/* Returns 0 and nd will be valid on success; Retuns error, otherwise. */	1024	static int path_init(int dfd, const char name, unsigned int flags, struct nameidata nd)
1020	static int do_path_lookup(int dfd, const char *name,
1021	unsigned int flags, struct nameidata *nd)
1022	{	1025	{
1023	int retval = 0;	1026	int retval = 0;
1024	int fput_needed;	1027	int fput_needed;
1025	struct file *file;	1028	struct file *file;
1026	struct fs_struct *fs = current->fs;
1027		1029
1028	nd->last_type = LAST_ROOT; /* if there are only slashes... */	1030	nd->last_type = LAST_ROOT; /* if there are only slashes... */
1029	nd->flags = flags;	1031	nd->flags = flags;
1030	nd->depth = 0;	1032	nd->depth = 0;
		1033	nd->root.mnt = NULL;
1031		1034
1032	if (*name=='/') {	1035	if (*name=='/') {
1033	read_lock(&fs->lock);	1036	set_root(nd);
1034	nd->path = fs->root;	1037	nd->path = nd->root;
1035	path_get(&fs->root);	1038	path_get(&nd->root);
1036	read_unlock(&fs->lock);
1037	} else if (dfd == AT_FDCWD) {	1039	} else if (dfd == AT_FDCWD) {
		1040	struct fs_struct *fs = current->fs;
1038	read_lock(&fs->lock);	1041	read_lock(&fs->lock);
1039	nd->path = fs->pwd;	1042	nd->path = fs->pwd;
1040	path_get(&fs->pwd);	1043	path_get(&fs->pwd);
@@ -1062,17 +1065,29 @@ static int do_path_lookup(int dfd, const char *name,
1062		1065
1063	fput_light(file, fput_needed);	1066	fput_light(file, fput_needed);
1064	}	1067	}
		1068	return 0;
1065		1069
1066	retval = path_walk(name, nd);	1070	fput_fail:
		1071	fput_light(file, fput_needed);
		1072	out_fail:
		1073	return retval;
		1074	}
		1075
		1076	/* Returns 0 and nd will be valid on success; Retuns error, otherwise. */
		1077	static int do_path_lookup(int dfd, const char *name,
		1078	unsigned int flags, struct nameidata *nd)
		1079	{
		1080	int retval = path_init(dfd, name, flags, nd);
		1081	if (!retval)
		1082	retval = path_walk(name, nd);
1067	if (unlikely(!retval && !audit_dummy_context() && nd->path.dentry &&	1083	if (unlikely(!retval && !audit_dummy_context() && nd->path.dentry &&
1068	nd->path.dentry->d_inode))	1084	nd->path.dentry->d_inode))
1069	audit_inode(name, nd->path.dentry);	1085	audit_inode(name, nd->path.dentry);
1070	out_fail:	1086	if (nd->root.mnt) {
		1087	path_put(&nd->root);
		1088	nd->root.mnt = NULL;
		1089	}
1071	return retval;	1090	return retval;
1072
1073	fput_fail:
1074	fput_light(file, fput_needed);
1075	goto out_fail;
1076	}	1091	}
1077		1092
1078	int path_lookup(const char *name, unsigned int flags,	1093	int path_lookup(const char *name, unsigned int flags,
@@ -1112,14 +1127,18 @@ int vfs_path_lookup(struct dentry dentry, struct vfsmount mnt,
1112	nd->path.dentry = dentry;	1127	nd->path.dentry = dentry;
1113	nd->path.mnt = mnt;	1128	nd->path.mnt = mnt;
1114	path_get(&nd->path);	1129	path_get(&nd->path);
		1130	nd->root = nd->path;
		1131	path_get(&nd->root);
1115		1132
1116	retval = path_walk(name, nd);	1133	retval = path_walk(name, nd);
1117	if (unlikely(!retval && !audit_dummy_context() && nd->path.dentry &&	1134	if (unlikely(!retval && !audit_dummy_context() && nd->path.dentry &&
1118	nd->path.dentry->d_inode))	1135	nd->path.dentry->d_inode))
1119	audit_inode(name, nd->path.dentry);	1136	audit_inode(name, nd->path.dentry);
1120		1137
1121	return retval;	1138	path_put(&nd->root);
		1139	nd->root.mnt = NULL;
1122		1140
		1141	return retval;
1123	}	1142	}
1124		1143
1125	/**	1144	/**
@@ -1515,7 +1534,8 @@ int may_open(struct path *path, int acc_mode, int flag)
1515	return error;	1534	return error;
1516		1535
1517	error = ima_path_check(path,	1536	error = ima_path_check(path,
1518	acc_mode & (MAY_READ \| MAY_WRITE \| MAY_EXEC));	1537	acc_mode & (MAY_READ \| MAY_WRITE \| MAY_EXEC),
		1538	IMA_COUNT_UPDATE);
1519	if (error)	1539	if (error)
1520	return error;	1540	return error;
1521	/*	1541	/*
@@ -1674,9 +1694,17 @@ struct file do_filp_open(int dfd, const char pathname,
1674	/*	1694	/*
1675	* Create - we need to know the parent.	1695	* Create - we need to know the parent.
1676	*/	1696	*/
1677	error = do_path_lookup(dfd, pathname, LOOKUP_PARENT, &nd);	1697	error = path_init(dfd, pathname, LOOKUP_PARENT, &nd);
1678	if (error)	1698	if (error)
1679	return ERR_PTR(error);	1699	return ERR_PTR(error);
		1700	error = path_walk(pathname, &nd);
		1701	if (error) {
		1702	if (nd.root.mnt)
		1703	path_put(&nd.root);
		1704	return ERR_PTR(error);
		1705	}
		1706	if (unlikely(!audit_dummy_context()))
		1707	audit_inode(pathname, nd.path.dentry);
1680		1708
1681	/*	1709	/*
1682	* We have the parent and last component. First of all, check	1710	* We have the parent and last component. First of all, check
@@ -1733,7 +1761,13 @@ do_last:
1733	goto exit;	1761	goto exit;
1734	}	1762	}
1735	filp = nameidata_to_filp(&nd, open_flag);	1763	filp = nameidata_to_filp(&nd, open_flag);
		1764	if (IS_ERR(filp))
		1765	ima_counts_put(&nd.path,
		1766	acc_mode & (MAY_READ \| MAY_WRITE \|
		1767	MAY_EXEC));
1736	mnt_drop_write(nd.path.mnt);	1768	mnt_drop_write(nd.path.mnt);
		1769	if (nd.root.mnt)
		1770	path_put(&nd.root);
1737	return filp;	1771	return filp;
1738	}	1772	}
1739		1773
@@ -1787,6 +1821,9 @@ ok:
1787	goto exit;	1821	goto exit;
1788	}	1822	}
1789	filp = nameidata_to_filp(&nd, open_flag);	1823	filp = nameidata_to_filp(&nd, open_flag);
		1824	if (IS_ERR(filp))
		1825	ima_counts_put(&nd.path,
		1826	acc_mode & (MAY_READ \| MAY_WRITE \| MAY_EXEC));
1790	/*	1827	/*
1791	* It is now safe to drop the mnt write	1828	* It is now safe to drop the mnt write
1792	* because the filp has had a write taken	1829	* because the filp has had a write taken
@@ -1794,6 +1831,8 @@ ok:
1794	*/	1831	*/
1795	if (will_write)	1832	if (will_write)
1796	mnt_drop_write(nd.path.mnt);	1833	mnt_drop_write(nd.path.mnt);
		1834	if (nd.root.mnt)
		1835	path_put(&nd.root);
1797	return filp;	1836	return filp;
1798		1837
1799	exit_mutex_unlock:	1838	exit_mutex_unlock:
@@ -1804,6 +1843,8 @@ exit:
1804	if (!IS_ERR(nd.intent.open.file))	1843	if (!IS_ERR(nd.intent.open.file))
1805	release_open_intent(&nd);	1844	release_open_intent(&nd);
1806	exit_parent:	1845	exit_parent:
		1846	if (nd.root.mnt)
		1847	path_put(&nd.root);
1807	path_put(&nd.path);	1848	path_put(&nd.path);
1808	return ERR_PTR(error);	1849	return ERR_PTR(error);
1809		1850
@@ -1832,6 +1873,8 @@ do_link:
1832	* with "intent.open".	1873	* with "intent.open".
1833	*/	1874	*/
1834	release_open_intent(&nd);	1875	release_open_intent(&nd);
		1876	if (nd.root.mnt)
		1877	path_put(&nd.root);
1835	return ERR_PTR(error);	1878	return ERR_PTR(error);
1836	}	1879	}
1837	nd.flags &= ~LOOKUP_PARENT;	1880	nd.flags &= ~LOOKUP_PARENT;