IMA: fix the ToMToU logic

[net-next-2.6.git] / security / integrity / ima / ima_main.c

diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index 60dd61527b1e0881eb1818e97cde3034b0d2d026..203de979d30565811c2da951cae458e08645d6ab 100644 (file)
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -112,22 +112,23 @@ void ima_counts_get(struct file *file)
        if (!ima_initialized)
                goto out;
 
-       rc = ima_must_measure(NULL, inode, MAY_READ, FILE_CHECK);
-       if (rc < 0)
-               goto out;
-
        if (mode & FMODE_WRITE) {
-               if (inode->i_readcount)
+               if (inode->i_readcount && IS_IMA(inode))
                        send_tomtou = true;
                goto out;
        }
 
+       rc = ima_must_measure(NULL, inode, MAY_READ, FILE_CHECK);
+       if (rc < 0)
+               goto out;
+
        if (atomic_read(&inode->i_writecount) > 0)
                send_writers = true;
 out:
        /* remember the vfs deals with i_writecount */
        if ((mode & (FMODE_READ | FMODE_WRITE)) == FMODE_READ)
                inode->i_readcount++;
+
        spin_unlock(&inode->i_lock);
 
        if (send_tomtou)