From: Benjamin Herrenschmidt <benh@kernel.crashing.org>
To: "David S. Miller" <davem@redhat.com>
Cc: Linux Arch list <linux-arch@vger.kernel.org>
Subject: Re: copy_mount_options()
Date: Sat, 21 Aug 2004 09:15:46 +1000 [thread overview]
Message-ID: <1093043745.9529.254.camel@gaston> (raw)
In-Reply-To: <20040820130110.07f7c23c.davem@redhat.com>
On Sat, 2004-08-21 at 06:01, David S. Miller wrote:
> So the sparc64 user copy bug I fixed recently is pretty
> much present on every platform.
>
> Basically, copy_mount_options() requires exact byte granularity
> to exception reporting from copy_from_user(). If you don't
> do this it can break things like busybox's mount().
Yup, old problem, reported before several times. Another issue
that pops up with it and busybox is that copy_mount_options will
touch an entire page from the passed pointer. If the pointer you
pass is near the end of your data/bss area, you end up touching
the area between stack and bss, and potentially cause the stack
to grow all the way down to the bss.
We have saveguards against that now on ppc, I suppose x86 has too,
but it may be worth reminding other archs to have a look.
> Even reporting on a word boundary is illegal. On sparc64
> it was quite poignant because we can report on a 64-byte
> boundary for large copies because that is the granularity
> of the load/store we use.
>
> Other platforms will need to fix this. I recommend a two
> stage exception handling scheme. Basically, on the first
> exception, you merely note that an exception occurred
> and you retry the user copy a byte at a time until you
> hit the exact address that fails. You cannot optimize
> this to just check a page at a time, because copy_mount_options
> wants all the data to be there.
--
Benjamin Herrenschmidt <benh@kernel.crashing.org>
next prev parent reply other threads:[~2004-08-20 23:26 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-08-20 20:01 copy_mount_options() David S. Miller
2004-08-20 20:10 ` copy_mount_options() Andrew Morton
2004-08-20 21:11 ` copy_mount_options() David S. Miller
2004-08-20 21:31 ` copy_mount_options() Andrew Morton
2004-08-20 21:40 ` copy_mount_options() David S. Miller
2004-08-20 22:47 ` copy_mount_options() Andrew Morton
2004-08-20 23:18 ` copy_mount_options() Anton Blanchard
2004-08-20 23:51 ` copy_mount_options() David S. Miller
2004-08-21 0:07 ` copy_mount_options() Andrew Morton
2004-08-21 7:50 ` copy_mount_options() Rusty Russell
2004-08-20 23:15 ` Benjamin Herrenschmidt [this message]
2004-08-22 11:50 ` copy_mount_options() Ralf Baechle
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1093043745.9529.254.camel@gaston \
--to=benh@kernel.crashing.org \
--cc=davem@redhat.com \
--cc=linux-arch@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox