On Fri, Sep 18, 2009 at 01:05:45PM -0700, akpm@xxxxxxxxxxxxxxxxxxxx wrote:
> From: Vegard Nossum <vegard.nossum@xxxxxxxxx>
>
> On 2009/6/17 Ingo Molnar <mingo@xxxxxxx> reported:
> >
> > btw., here's an old friend of a warning:
> >
[snip]
> @@ -1640,7 +1640,7 @@ static int do_new_mount(struct path *pat
> {
> struct vfsmount *mnt;
>
> - if (!type || !memchr(type, 0, PAGE_SIZE))
> + if (!type)
> return -EINVAL;
>
> /* we need capabilities... */
> @@ -1871,6 +1871,23 @@ int copy_mount_options(const void __user
> return 0;
> }
> @@ -1900,8 +1917,6 @@ long do_mount(char *dev_name, char *dir_
>
> if (!dir_name || !*dir_name || !memchr(dir_name, 0, PAGE_SIZE))
> return -EINVAL;
> - if (dev_name && !memchr(dev_name, 0, PAGE_SIZE))
> - return -EINVAL;
>
> if (data_page)
> ((char *)data_page)[PAGE_SIZE - 1] = 0;
In this form it's simply b0rken - you need to take care of other do_mount()
callers. arch/alpha/kernel/osf_sys.c is safe, but fs/compat.c isn't...
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
