[PATCHES][CFR][CFT] securityfs cleanups and fixes

[Al Viro <viro@zeniv.linux.org.uk>]

	Resurrected and somewhat fixed series of securityfs
cleanups and fixes:

* one extra reference is enough to pin a dentry down; no need
for two.  Switch to regular scheme, similar to shmem, debugfs,
etc. - that fixes securityfs_recursive_remove() dentry leak,
among other things.

* we need to have the filesystem pinned to prevent the contents
disappearing; what we do not need is pinning it for each file.
Doing that only for files and directories in the root is enough.

* the previous two changes allow to get rid of the racy kludges
in efi_secret_unlink(), where we can use simple_unlink() instead
of securityfs_remove().  Which does not require unlocking and
relocking the parent, with all deadlocks that invites.

* Make securityfs_remove() take the entire subtree out, turning
securityfs_recursive_remove() into its alias.  Makes a lot more
sense for callers and fixes a mount leak, while we are at it.

* Making securityfs_remove() remove the entire subtree allows for
much simpler life in most of the users - efi_secret, ima_fs,
evm, ipe, tmp get cleaner.  I hadn't touched apparmor use of
securityfs, but I suspect that it would be useful there as well.

Branch (6.16-rc1-based) lives in
git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs.git #work.securityfs
Individual patches in followups.

Help with testing and review would be very welcome.

Shortlog:
      securityfs: don't pin dentries twice, once is enough...
      securityfs: pin filesystem only for objects directly in root
      fix locking in efi_secret_unlink()
      make securityfs_remove() remove the entire subtree
      efi_secret: clean securityfs use up
      ima_fs: don't bother with removal of files in directory we'll be removing
      ima_fs: get rid of lookup-by-dentry stuff
      evm_secfs: clear securityfs interactions
      ipe: don't bother with removal of files in directory we'll be removing
      tpm: don't bother with removal of files in directory we'll be removing

Diffstat:

 drivers/char/tpm/eventlog/common.c        |  46 +++-------
 drivers/virt/coco/efi_secret/efi_secret.c |  47 ++--------
 include/linux/security.h                  |   3 +-
 include/linux/tpm.h                       |   2 +-
 security/inode.c                          |  62 +++++---------
 security/integrity/evm/evm_secfs.c        |  15 ++--
 security/integrity/ima/ima_fs.c           | 137 +++++++-----------------------
 security/ipe/fs.c                         |  32 +++----
 security/ipe/policy_fs.c                  |   4 +-
 9 files changed, 97 insertions(+), 251 deletions(-)