On Wed, Sep 25, 2019, at 3:11 AM, Dave Chinner wrote: > > We're talking about user data read/write access here, not some > special security capability. Access to the data has already been > permission checked, so why should the format that the data is > supplied to the kernel in suddenly require new privilege checks? What happens with BTRFS today if userspace provides invalid compressed data via this interface? Does that show up as filesystem corruption later? If the data is verified at write time, wouldn't that be losing most of the speed advantages of providing pre-compressed data? Ability for a user to cause fsck errors later would be a new thing that would argue for a privilege check I think.
