This works, thanks.
On 16.10.2019 01:03, Al Viro wrote:
On Tue, Oct 15, 2019 at 07:40:34PM +0100, Al Viro wrote:
On Tue, Oct 15, 2019 at 09:09:02PM +0300, Pavel V. Panteleev wrote:
Hello,
copy_mount_options() checks that data doesn't cross TASK_SIZE boundary. It's
not correct. Really it should check USER_DS boudary, because some archs have
TASK_SIZE not equal to USER_DS. In this case (USER_DS != TASK_SIZE)
exact_copy_from_user() will stop on access_ok() check, if data cross
USER_DS, but doesn't cross TASK_SIZE.
Details of the call chain, please.
FWIW, what I want to do with copy_mount_options() is this:
void *copy_mount_options(const void __user * data)
{
unsigned offs, size;
char *copy;
if (!data)
return NULL;
copy = kmalloc(PAGE_SIZE, GFP_KERNEL);
if (!copy)
return ERR_PTR(-ENOMEM);
offs = (unsigned long)data & (PAGE_SIZE - 1);
if (copy_from_user(copy, data, PAGE_SIZE - offs)) {
kfree(copy);
return ERR_PTR(-EFAULT);
}
if (offs) {
if (copy_from_user(copy, data + PAGE_SIZE - offs, offs))
memset(copy + PAGE_SIZE - offs, 0, offs);
}
return copy;
}
which should get rid of any TASK_SIZE references whatsoever, but I really
wonder where have you run into the problem.
