[PATCH v3 05/15] Apparmor: Use simple_start_creating() / simple_done_creating()
Christian Brauner
brauner at kernel.org
Fri Mar 6 09:42:02 UTC 2026
On Wed, Feb 25, 2026 at 09:16:50AM +1100, NeilBrown wrote:
> From: NeilBrown <neil at brown.name>
>
> Instead of explicitly locking the parent and performing a look up in
> apparmor, use simple_start_creating(), and then simple_done_creating()
> to unlock and drop the dentry.
>
> This removes the need to check for an existing entry (as
> simple_start_creating() acts like an exclusive create and can return
> -EEXIST), simplifies error paths, and keeps dir locking code
> centralised.
>
> Reviewed-by: Jeff Layton <jlayton at kernel.org>
> Signed-off-by: NeilBrown <neil at brown.name>
> ---
Fwiw, I think this fixes a reference count leak:
The old aafs_create returned dentries with refcount=2 (one from
lookup_noperm, one from dget in __aafs_setup_d_inode). The cleanup path
aafs_remove puts one reference leaving one reference that didn't get
cleaned up.
After your changes this is now correct as simple_done_creating() puts
the lookup reference.
More information about the Linux-security-module-archive
mailing list