Linus Torvalds writes: (Summary) So on the one hand, in this case I'd actually be more ok with the
whole "call_with_creds()" model, because open() is actually *supposed*
to use creds.
to use creds.
At the same time, my stronger reaction is that "it's actually better to just pass down the creds as a pointer like we do". We'd only need to inc/dec the poison counter in the normal read/write/open cases, not even worrying about the odd special cases (like that cachefiles_write_page() case). Because then we'd make sure the filesystems do the right thing, and then cachefiles_write_page() etc wouldn't even have to worry, because all the _common_ open cases have already tested that yes, it uses the right cred pointer and doesn't try to get whatever "current" happens to be.
to use creds.
At the same time, my stronger reaction is that "it's actually better to just pass down the creds as a pointer like we do". We'd only need to inc/dec the poison counter in the normal read/write/open cases, not even worrying about the odd special cases (like that cachefiles_write_page() case). Because then we'd make sure the filesystems do the right thing, and then cachefiles_write_page() etc wouldn't even have to worry, because all the _common_ open cases have already tested that yes, it uses the right cred pointer and doesn't try to get whatever "current" happens to be.