On Tue, Sep 20, 2022 at 09:36:30PM +0200, Miklos Szeredi wrote: > inode = child->d_inode; Better inode = file_inode(file); so that child would be completely ignored after dput(). > + error = vfs_tmpfile(mnt_userns, &path, file, op->mode); > + if (error) > goto out2; > - dput(path.dentry); > - path.dentry = child; > - audit_inode(nd->name, child, 0); > + audit_inode(nd->name, file->f_path.dentry, 0); > /* Don't check for other permissions, the inode was just created */ > - error = may_open(mnt_userns, &path, 0, op->open_flag); Umm... I'm not sure that losing it is the right thing - it might be argued that ->permission(..., MAY_OPEN) is to be ignored for tmpfile (and the only thing checking for MAY_OPEN is nfs, which is *not* going to grow tmpfile any time soon - certainly not with these calling conventions), but you are also dropping the call of security_inode_permission(inode, MAY_OPEN) and that's a change compared to what LSM crowd used to get...
