On Wed, Jun 15, 2016 at 2:01 PM, Andy Lutomirski <luto@xxxxxxxxxxxxxx> wrote:
>
> devtmpfsd does:
>
> *err = sys_mount("devtmpfs", "/", "devtmpfs", MS_SILENT, options);
>
> where options points to the kernel stack. This is bad. do_mount_root
> is similarly broken.
>
> Is there any reason that these things use sys_mount instead of do_mount?
Not that I can see. But maybe copy_mount_options could also check for
KERNEL_DS, and use a strncpy instead of a copy_from_user() for that
case?
Linus
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html