Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6

[pandora-kernel.git] / security / integrity / ima / ima_main.c

diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index 6f61187..4732f5e 100644 (file)
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -238,7 +238,36 @@ out:
 }
 
 /*
- * ima_opens_get - increment file counts
+ * ima_counts_put - decrement file counts
+ *
+ * File counts are incremented in ima_path_check. On file open
+ * error, such as ETXTBSY, decrement the counts to prevent
+ * unnecessary imbalance messages.
+ */
+void ima_counts_put(struct path *path, int mask)
+{
+       struct inode *inode = path->dentry->d_inode;
+       struct ima_iint_cache *iint;
+
+       if (!ima_initialized || !S_ISREG(inode->i_mode))
+               return;
+       iint = ima_iint_find_insert_get(inode);
+       if (!iint)
+               return;
+
+       mutex_lock(&iint->mutex);
+       iint->opencount--;
+       if ((mask & MAY_WRITE) || (mask == 0))
+               iint->writecount--;
+       else if (mask & (MAY_READ | MAY_EXEC))
+               iint->readcount--;
+       mutex_unlock(&iint->mutex);
+
+       kref_put(&iint->refcount, iint_free);
+}
+
+/*
+ * ima_counts_get - increment file counts
  *
  * - for IPC shm and shmat file.
  * - for nfsd exported files.
@@ -264,6 +293,8 @@ void ima_counts_get(struct file *file)
        if (file->f_mode & FMODE_WRITE)
                iint->writecount++;
        mutex_unlock(&iint->mutex);
+
+       kref_put(&iint->refcount, iint_free);
 }
 EXPORT_SYMBOL_GPL(ima_counts_get);