On Fri, Aug 7, 2020 at 4:02 PM Al Viro <viro@xxxxxxxxxxxxxxxxxx> wrote: > > On Fri, Aug 07, 2020 at 03:49:39PM -0700, Lokesh Gidra wrote: > > > The new functions accept an optional context_inode parameter that > > callers can use to provide additional contextual information to > > security modules, e.g., indicating that one anonymous struct file is a > > logical child of another, allowing a security model to propagate > > security information from one to the other. > > What the hell is "logical child" and what are the lifetime rules implied > by that relationship? context_inode provides the security context required by the security modules for granting/denying permission to create an anon inode of the same type. In case of userfaultfd, the relationship between the context_inode and the created inode is described as that of ‘logical child’ because the context_inode (userfaultfd inode of the parent process) provides the security context required for creation of child process’ userfaultfd inode. But there is no relationship beyond this point. Therefore, no reference to context_inode is held anywhere.