Revert "UBUNTU: SAUCE: apparmor: fix lock ordering for mkdir"

BugLink: http://bugs.launchpad.net/bugs/1669611

This reverts commit f2f5c290.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Joseph Salisbury <joseph.salisbury@canonical.com>
Acked-by: Stefan Bader <stefan.bader@canonical.com>
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>

security/apparmor/apparmorfs.c

@@ -1050,7 +1050,6 @@ static int ns_mkdir_op(struct inode *dir, struct dentry *dentry, umode_t mode)
 	 */
 	inode_unlock(dir);
 	error = securityfs_pin_fs();
-	mutex_lock(&parent->lock);
 	inode_lock_nested(dir, I_MUTEX_PARENT);
 	if (error)
 		goto out;
@@ -1060,8 +1059,7 @@ static int ns_mkdir_op(struct inode *dir, struct dentry *dentry, umode_t mode)
 	if (error)
 		goto out_pin;
 
-	ns = __aa_find_or_create_ns(parent, READ_ONCE(dentry->d_name.name),
-				    dentry);
+	ns = aa_create_ns(parent, ACCESS_ONCE(dentry->d_name.name), dentry);
 	if (IS_ERR(ns)) {
 		error = PTR_ERR(ns);
 		ns = NULL;
@@ -1071,7 +1069,6 @@ static int ns_mkdir_op(struct inode *dir, struct dentry *dentry, umode_t mode)
 out_pin:
 	securityfs_release_fs();
 out:
-	mutex_unlock(&parent->lock);
 	aa_put_ns(parent);
 
 	return error;

security/apparmor/include/policy_ns.h

@@ -88,8 +88,8 @@ void aa_free_ns_kref(struct kref *kref);
 
 struct aa_ns *aa_find_ns(struct aa_ns *root, const char *name);
 struct aa_ns *aa_findn_ns(struct aa_ns *root, const char *name, size_t n);
-struct aa_ns *__aa_find_or_create_ns(struct aa_ns *parent, const char *name,
-				     struct dentry *dir);
+struct aa_ns *aa_create_ns(struct aa_ns *parent, const char *name,
+			   struct dentry *dir);
 struct aa_ns *aa_prepare_ns(struct aa_ns *root, const char *name);
 void __aa_remove_ns(struct aa_ns *ns);
 

security/apparmor/policy_ns.c

@@ -225,13 +225,12 @@ static struct aa_ns *__aa_create_ns(struct aa_ns *parent, const char *name,
  *
  * Returns: the a refcounted ns that has been add or an ERR_PTR
  */
-struct aa_ns *__aa_find_or_create_ns(struct aa_ns *parent, const char *name,
-				     struct dentry *dir)
+struct aa_ns *aa_create_ns(struct aa_ns *parent, const char *name,
+			   struct dentry *dir)
 {
 	struct aa_ns *ns;
 
-	AA_BUG(!mutex_is_locked(&parent->lock));
-
+	mutex_lock(&parent->lock);
 	/* try and find the specified ns */
 	/* released by caller */
 	ns = aa_get_ns(__aa_find_ns(&parent->sub_ns, name));
@@ -239,6 +238,7 @@ struct aa_ns *__aa_find_or_create_ns(struct aa_ns *parent, const char *name,
 		ns = __aa_create_ns(parent, name, dir);
 	else
 		ns = ERR_PTR(-EEXIST);
+	mutex_unlock(&parent->lock);
 
 	/* return ref */
 	return ns;