On Tue, Sep 03, 2019 at 03:03:27PM +0200, Christoph Hellwig wrote: > Add a new iomap_dio_ops structure that for now just contains the end_io > handler. This avoid storing the function pointer in a mutable structure, > which is a possible exploit vector for kernel code execution, and prepares > for adding a submit_io handler that btrfs needs. Is it really a security win? If I can overwrite dio->end_io, I can as well overwrite dio->dops. The patch itself looks sane, but I'm not sure about this particular reason.
