security: make inode_follow_link RCU-walk aware

	touch_atime(&last->link);

	error = security_inode_follow_link(dentry);

	if (error)

	error = security_inode_follow_link(dentry, inode,

					   nd->flags & LOOKUP_RCU);

	if (unlikely(error))

		return ERR_PTR(error);

	nd->last_type = LAST_BIND;

 * @inode_follow_link:

 *	Check permission to follow a symbolic link when looking up a pathname.

 *	@dentry contains the dentry structure for the link.

 *	@inode contains the inode, which itself is not stable in RCU-walk

 *	@rcu indicates whether we are in RCU-walk mode.

 *	Return 0 if permission is granted.

 * @inode_permission:

 *	Check permission before accessing an inode.  This hook is called by the

	int (*inode_rename) (struct inode *old_dir, struct dentry *old_dentry,

			     struct inode *new_dir, struct dentry *new_dentry);

	int (*inode_readlink) (struct dentry *dentry);

	int (*inode_follow_link) (struct dentry *dentry);

	int (*inode_follow_link) (struct dentry *dentry, struct inode *inode,

				  bool rcu);

	int (*inode_permission) (struct inode *inode, int mask);

	int (*inode_setattr)	(struct dentry *dentry, struct iattr *attr);

	int (*inode_getattr) (const struct path *path);

			  struct inode *new_dir, struct dentry *new_dentry,

			  unsigned int flags);

int security_inode_readlink(struct dentry *dentry);

int security_inode_follow_link(struct dentry *dentry);

int security_inode_follow_link(struct dentry *dentry, struct inode *inode,

			       bool rcu);

int security_inode_permission(struct inode *inode, int mask);

int security_inode_setattr(struct dentry *dentry, struct iattr *attr);

int security_inode_getattr(const struct path *path);

	return 0;

}

static inline int security_inode_follow_link(struct dentry *dentry)

static inline int security_inode_follow_link(struct dentry *dentry,

					     struct inode *inode,

					     bool rcu)

{

	return 0;

}

	return 0;

}

static int cap_inode_follow_link(struct dentry *dentry)

static int cap_inode_follow_link(struct dentry *dentry, struct inode *inode,

				 bool rcu)

{

	return 0;

}

	return security_ops->inode_readlink(dentry);

}

int security_inode_follow_link(struct dentry *dentry)

int security_inode_follow_link(struct dentry *dentry, struct inode *inode,

			       bool rcu)

{

	if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))

	if (unlikely(IS_PRIVATE(inode)))

		return 0;

	return security_ops->inode_follow_link(dentry);

	return security_ops->inode_follow_link(dentry, inode, rcu);

}

int security_inode_permission(struct inode *inode, int mask)

	return dentry_has_perm(cred, dentry, FILE__READ);

}

static int selinux_inode_follow_link(struct dentry *dentry)

static int selinux_inode_follow_link(struct dentry *dentry, struct inode *inode,

				     bool rcu)

{

	const struct cred *cred = current_cred();

	struct common_audit_data ad;

	struct inode_security_struct *isec;

	u32 sid;

	return dentry_has_perm(cred, dentry, FILE__READ);

	validate_creds(cred);

	ad.type = LSM_AUDIT_DATA_DENTRY;

	ad.u.dentry = dentry;

	sid = cred_sid(cred);

	isec = inode->i_security;

	return avc_has_perm_flags(sid, isec->sid, isec->sclass, FILE__READ, &ad,

				  rcu ? MAY_NOT_BLOCK : 0);

}

static noinline int audit_inode_permission(struct inode *inode,