Revert "ucounts: Increase ucounts reference counter before the security hook"

stable inclusion
from stable-5.10.63
commit 0c1443874e1cb359b377a0e383c0dcce81aefa12
bugzilla: 182231 https://gitee.com/openeuler/kernel/issues/I4EFS1

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=0c1443874e1cb359b377a0e383c0dcce81aefa12

--------------------------------

This reverts commit b493af3a66e067f93e5e03465507866ddeabff9e which is
commit bbb6d0f3 upstream.

The "original" commit 905ae01c ("Add a reference to ucounts for each
cred"), should not have been applied to the 5.10.y tree, so revert it,
and the follow-on fixup patches as well.
Reported-by: N"Eric W. Biederman" <ebiederm@xmission.com>
Link: https://lore.kernel.org/r/87v93k4bl6.fsf@disp2133
Cc: Alexey Gladkov <legion@kernel.org>
Cc: Sasha Levin <sashal@kernel.org>
Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: NChen Jun <chenjun102@huawei.com>
Acked-by: NWeilong Chen <chenweilong@huawei.com>
Signed-off-by: NChen Jun <chenjun102@huawei.com>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>

kernel/cred.c

@@ -286,11 +286,11 @@ struct cred *prepare_creds(void)
 	new->security = NULL;
 #endif
 
-	new->ucounts = get_ucounts(new->ucounts);
-	if (!new->ucounts)
+	if (security_prepare_creds(new, old, GFP_KERNEL_ACCOUNT) < 0)
 		goto error;
 
-	if (security_prepare_creds(new, old, GFP_KERNEL_ACCOUNT) < 0)
+	new->ucounts = get_ucounts(new->ucounts);
+	if (!new->ucounts)
 		goto error;
 
 	validate_creds(new);
@@ -753,11 +753,11 @@ struct cred *prepare_kernel_cred(struct task_struct *daemon)
 #ifdef CONFIG_SECURITY
 	new->security = NULL;
 #endif
-	new->ucounts = get_ucounts(new->ucounts);
-	if (!new->ucounts)
+	if (security_prepare_creds(new, old, GFP_KERNEL_ACCOUNT) < 0)
 		goto error;
 
-	if (security_prepare_creds(new, old, GFP_KERNEL_ACCOUNT) < 0)
+	new->ucounts = get_ucounts(new->ucounts);
+	if (!new->ucounts)
 		goto error;
 
 	put_cred(old);