On Mon, Sep 21, 2020 at 9:09 AM Christoph Hellwig <hch@xxxxxx> wrote:
>
> So we obviously should not break existing user space and need to fix
> this ASAP. The trivial "fix" would be to export __kernel_write again
> and switch autofs to use it. The other option would be a FMODE flag
> to bypass security checks, only to be set if the callers ensures
> they've been valided (i.e. in autofs_prepare_pipe).
>
> Any opinions?
I'd much rather do the former than add a new dynamic flag that we then
have to worry about somebody being able to set thanks to a bug.
Static behavior is a lot easier to verify and document (ie just a
comment in the code explaining why autofs cannot use the regular
kernel_write()). There's no chance of that static behavior then
leaking to other call sites.
Linus
