On Tue, 20 Sept 2022 at 22:57, Al Viro <viro@xxxxxxxxxxxxxxxxxx> wrote: > > On Tue, Sep 20, 2022 at 09:36:30PM +0200, Miklos Szeredi wrote: > > > inode = child->d_inode; > > Better > inode = file_inode(file); > > so that child would be completely ignored after dput(). > > > + error = vfs_tmpfile(mnt_userns, &path, file, op->mode); > > + if (error) > > goto out2; > > - dput(path.dentry); > > - path.dentry = child; > > - audit_inode(nd->name, child, 0); > > + audit_inode(nd->name, file->f_path.dentry, 0); > > /* Don't check for other permissions, the inode was just created */ > > - error = may_open(mnt_userns, &path, 0, op->open_flag); > > Umm... I'm not sure that losing it is the right thing - it might > be argued that ->permission(..., MAY_OPEN) is to be ignored for > tmpfile (and the only thing checking for MAY_OPEN is nfs, which is > *not* going to grow tmpfile any time soon - certainly not with these > calling conventions), but you are also dropping the call of > security_inode_permission(inode, MAY_OPEN) and that's a change > compared to what LSM crowd used to get... Not losing it, just moving it into vfs_tmpfile(). Thanks, Miklos
