On Wed, Apr 29, 2020 at 02:52:25PM +0100, Catalin Marinas wrote: > On Wed, Apr 29, 2020 at 11:26:51AM +0100, Dave P Martin wrote: > > On Tue, Apr 21, 2020 at 03:26:00PM +0100, Catalin Marinas wrote: > > > diff --git a/arch/arm64/include/asm/uaccess.h b/arch/arm64/include/asm/uaccess.h > > > index 32fc8061aa76..566da441eba2 100644 > > > --- a/arch/arm64/include/asm/uaccess.h > > > +++ b/arch/arm64/include/asm/uaccess.h > > > @@ -416,6 +416,17 @@ extern unsigned long __must_check __arch_copy_in_user(void __user *to, const voi > > > #define INLINE_COPY_TO_USER > > > #define INLINE_COPY_FROM_USER > > > > > > +static inline bool arch_has_exact_copy_from_user(unsigned long n) > > > +{ > > > + /* > > > + * copy_from_user() aligns the source pointer if the size is greater > > > + * than 15. Since all the loads are naturally aligned, they can only > > > + * fail on the first byte. > > > + */ > > > + return n > 15; > > > +} > > > +#define arch_has_exact_copy_from_user > > > > Did you mean: > > > > #define arch_has_exact_copy_from_user arch_has_exact_copy_from_user > > Yes (and I shouldn't write patches late in the day). > > > Mind you, if this expands to 1 I'd have expected copy_mount_options() > > not to compile, so I may be missing something. > > I think arch_has_exact_copy_from_user() (with the braces) is looked up > in the function namespace, so the macro isn't expanded. So arguably the > patch is correct but pretty dodgy ;). > > I scrapped this in my second attempt in reply to Kevin. Problem solved! > > > diff --git a/fs/namespace.c b/fs/namespace.c > > > index a28e4db075ed..8febc50dfc5d 100644 > > > --- a/fs/namespace.c > > > +++ b/fs/namespace.c > > > @@ -3025,13 +3025,16 @@ void *copy_mount_options(const void __user * data) > > > > [ Is this applying a band-aid to duct tape? > > > > The fs presumably knows ahead of time whether it's expecting a string or > > a fixed-size blob for data, so I'd hope we could just DTRT rather than > > playing SEGV roulette here. > > > > This might require more refactoring than makes sense for this series > > though. ] > > That's possible but it means moving the copy from sys_mount() to the > specific places where it has additional information (the filesystems). > I'm not even sure it's guaranteed to be strings. If it is, we could just > replace all this with a strncpy_from_user(). Fair enough. I'll add it to my wishlist... Cheers ---Dave