Re: [PATCH] erofs: use the opener's credential when verifing metadata accesses

Next message: Ruidong Tian: "[PATCH 2/3] riscv: Introduce HEST HEE notification handlers for APEI"
Previous message: Ruidong Tian: "[PATCH 0/3] riscv: log Hardware Error Exception via APEI"
Next in thread: Tatsuyuki Ishi: "Re: [PATCH] erofs: use the opener's credential when verifing metadata accesses"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Christoph Hellwig

Date: Fri May 08 2026 - 04:21:59 EST

On Tue, May 05, 2026 at 11:56:15PM +0800, Gao Xiang wrote:
> Similar to commit 905eeb2b7c33 ("erofs: impersonate the opener's
> credentials when accessing backing file"), rw_verify_area() needs
> the same too.

Two things here:

- rw_verify_area is a helper for use inside the VFS and file system
read/write method implementation. Erofs as a user of the VFS should
not use it at all.
- using the opener credentials when accessing the backing file seems
wrong. The entity accessing it is the file system, so it should
have system or mounter credentials, not that of someone causing
metadata / fs data access. And this applies to all access by
a file system backed by a backing file.