ima: delay template descriptor lookup until use

[mirror_ubuntu-bionic-kernel.git] / security / integrity / ima / ima_main.c

diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index 09baa335ebc79ed9c7054272dc38534e02c85175..f474c608fa1194ebde04e21f2bdabc5be64c5d4a 100644 (file)
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -88,8 +88,6 @@ static void ima_rdwr_violation_check(struct file *file)
        if (!S_ISREG(inode->i_mode) || !ima_initialized)
                return;
 
-       mutex_lock(&inode->i_mutex);    /* file metadata: permissions, xattr */
-
        if (mode & FMODE_WRITE) {
                if (atomic_read(&inode->i_readcount) && IS_IMA(inode)) {
                        struct integrity_iint_cache *iint;
@@ -104,8 +102,6 @@ static void ima_rdwr_violation_check(struct file *file)
                        send_writers = true;
        }
 
-       mutex_unlock(&inode->i_mutex);
-
        if (!send_tomtou && !send_writers)
                return;
 
@@ -163,7 +159,7 @@ static int process_measurement(struct file *file, const char *filename,
 {
        struct inode *inode = file_inode(file);
        struct integrity_iint_cache *iint;
-       struct ima_template_desc *template_desc = ima_template_desc_current();
+       struct ima_template_desc *template_desc;
        char *pathbuf = NULL;
        const char *pathname = NULL;
        int rc = -ENOMEM, action, must_appraise, _func;
@@ -207,6 +203,7 @@ static int process_measurement(struct file *file, const char *filename,
                goto out_digsig;
        }
 
+       template_desc = ima_template_desc_current();
        if (strcmp(template_desc->name, IMA_TEMPLATE_IMA_NAME) == 0) {
                if (action & IMA_APPRAISE_SUBMASK)
                        xattr_ptr = &xattr_value;