On Tue, 20 Sept 2022 at 03:41, Al Viro <viro@xxxxxxxxxxxxxxxxxx> wrote: > > On Mon, Sep 19, 2022 at 04:10:29PM +0200, Miklos Szeredi wrote: > > > - child = d_alloc(dentry, &slash_name); > > + child = d_alloc(parentpath->dentry, &slash_name); > > if (unlikely(!child)) > > goto out_err; > > + file->f_path.mnt = parentpath->mnt; > > + file->f_path.dentry = child; > > mode = vfs_prepare_mode(mnt_userns, dir, mode, mode, mode); > > error = dir->i_op->tmpfile(mnt_userns, dir, child, mode); > > + error = finish_open_simple(file, error); > > + dput(child); > > + if (error) > > + goto out_err; > > + error = may_open(mnt_userns, &file->f_path, 0, file->f_flags); > > if (error) > > goto out_err; > > error = -ENOENT; > > inode = child->d_inode; > > if (unlikely(!inode)) > > goto out_err; > > Ugh... First of all, goto out_err leading to immediate return error; > is obfuscation for no good reason. What's more, how the hell can > we get a negative dentry here? The only thing that makes this check > valid is that after successful open child is pinned as file->f_path.dentry - > otherwise dput() above might have very well freed it. And if we ever > end up with a negative dentry in file->f_path.dentry of an opened > file, we are really screwed... OK. Thanks, Miklos
