Mount options may be silently discarded

From: Dmitry Kasatkin
Date: Mon Sep 28 2020 - 10:02:14 EST

Next message: Paul E. McKenney: "Re: [PATCH] kvfree_rcu(): fix ifnullfree.cocci warnings"
Previous message: Hans Verkuil: "Re: [PATCH RFT/RFC v2 00/47] staging: media: bring back zoran driver"
Next in thread: David Laight: "RE: Mount options may be silently discarded"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

"copy_mount_options" function came to my eyes.
It splits copy into 2 pieces - over page boundaries.
I wonder what is the real reason for doing this?
Original comment was that we need exact bytes and some user memcpy
functions do not return correct number on page fault.

But how would all other cases work?

https://elixir.bootlin.com/linux/latest/source/fs/namespace.c#L3075

if (size != PAGE_SIZE) {
if (copy_from_user(copy + size, data + size, PAGE_SIZE - size))
memset(copy + size, 0, PAGE_SIZE - size);
}

This looks like some options may be just discarded?
What if it is an important security option?

Why it does not return EFAULT, but just memset?

--
Thanks,
Dmitry

Next message: Paul E. McKenney: "Re: [PATCH] kvfree_rcu(): fix ifnullfree.cocci warnings"
Previous message: Hans Verkuil: "Re: [PATCH RFT/RFC v2 00/47] staging: media: bring back zoran driver"
Next in thread: David Laight: "RE: Mount options may be silently discarded"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]