On Wed, Jun 15, 2016 at 2:01 PM, Andy Lutomirski <luto@xxxxxxxxxxxxxx> wrote: > > devtmpfsd does: > > *err = sys_mount("devtmpfs", "/", "devtmpfs", MS_SILENT, options); > > where options points to the kernel stack. This is bad. do_mount_root > is similarly broken. > > Is there any reason that these things use sys_mount instead of do_mount? Not that I can see. But maybe copy_mount_options could also check for KERNEL_DS, and use a strncpy instead of a copy_from_user() for that case? Linus -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html