IMA: maintain i_readcount in the VFS layer

		file_take_write(file);

		WARN_ON(mnt_clone_write(path->mnt));

	}

	ima_counts_get(file);

	if ((mode & (FMODE_READ | FMODE_WRITE)) == FMODE_READ)

		i_readcount_inc(path->dentry->d_inode);

	return file;

}

EXPORT_SYMBOL(alloc_file);

	fops_put(file->f_op);

	put_pid(file->f_owner.pid);

	file_sb_list_del(file);

	if ((file->f_mode & (FMODE_READ | FMODE_WRITE)) == FMODE_READ)

		i_readcount_dec(inode);

	if (file->f_mode & FMODE_WRITE)

		drop_file_write_access(file);

	file->f_path.dentry = NULL;

		if (error)

			goto cleanup_all;

	}

	ima_counts_get(f);

	if ((f->f_mode & (FMODE_READ | FMODE_WRITE)) == FMODE_READ)

		i_readcount_inc(inode);

	f->f_flags &= ~(O_CREAT | O_EXCL | O_NOCTTY | O_TRUNC);

extern int ima_file_check(struct file *file, int mask);

extern void ima_file_free(struct file *file);

extern int ima_file_mmap(struct file *file, unsigned long prot);

extern void ima_counts_get(struct file *file);

#else

static inline int ima_bprm_check(struct linux_binprm *bprm)

	return 0;

}

static inline void ima_counts_get(struct file *file)

{

	return;

}

#endif /* CONFIG_IMA_H */

#endif /* _LINUX_IMA_H */

		printk(KERN_INFO "%s: readcount: %u\n", __func__,

		       atomic_read(&inode->i_readcount));

	atomic_set(&inode->i_readcount, 0);

	if (!IS_IMA(inode))

		return;

}

/*

 * ima_counts_get - increment file counts

 * ima_rdwr_violation_check

 *

 * Maintain read/write counters for all files, but only

 * invalidate the PCR for measured files:

 * Only invalidate the PCR for measured files:

 * 	- Opening a file for write when already open for read,

 *	  results in a time of measure, time of use (ToMToU) error.

 *	- Opening a file for read when already open for write,

 * 	  could result in a file measurement error.

 *

 */

void ima_counts_get(struct file *file)

static void ima_rdwr_violation_check(struct file *file)

{

	struct dentry *dentry = file->f_path.dentry;

	struct inode *inode = dentry->d_inode;

	int rc;

	bool send_tomtou = false, send_writers = false;

	if (!S_ISREG(inode->i_mode))

	if (!S_ISREG(inode->i_mode) || !ima_initialized)

		return;

	spin_lock(&inode->i_lock);

	if (!ima_initialized)

		goto out;

	mutex_lock(&inode->i_mutex);	/* file metadata: permissions, xattr */

	if (mode & FMODE_WRITE) {

		if (atomic_read(&inode->i_readcount) && IS_IMA(inode))

	if (atomic_read(&inode->i_writecount) > 0)

		send_writers = true;

out:

	/* remember the vfs deals with i_writecount */

	if ((mode & (FMODE_READ | FMODE_WRITE)) == FMODE_READ)

		atomic_inc(&inode->i_readcount);

	spin_unlock(&inode->i_lock);

	mutex_unlock(&inode->i_mutex);

	if (send_tomtou)

		ima_add_violation(inode, dentry->d_name.name, "invalid_pcr",

			}

			return;

		}

		atomic_dec(&inode->i_readcount);

	}

}

 * ima_file_free - called on __fput()

 * @file: pointer to file structure being freed

 *

 * Flag files that changed, based on i_version;

 * and decrement the i_readcount.

 * Flag files that changed, based on i_version

 */

void ima_file_free(struct file *file)

{

{

	int rc;

	ima_rdwr_violation_check(file);

	rc = process_measurement(file, file->f_dentry->d_name.name,

				 mask & (MAY_READ | MAY_WRITE | MAY_EXEC),

				 FILE_CHECK);