On 22 May 00 at 21:36, Tigran Aivazian wrote:
> On Mon, 22 May 2000, Petr Vandrovec wrote:
> > Hi Al,
> > your change to copy_mount_option in 2.3.99-pre9-pre3 revealed that
> > copy_from_user does not work as expected :-( At least on ia32.
> hey, there is no such thing as copy_mount_option() but if you meant
> copy_mount_options() then it was actually my change (well Ben's mainly
> which I tweaked and added to the other changes to fs/super.c I made
> recently)
> What appears to be a problem?
Alexander, sorry, I thought that it was your change if it is in filesystem
area.
Tigran, problem is that copy_from_user does not correctly handle if
copied region crosses top of user memory (0xC0000000), instead of
doing partial copy like it does when pagefaults happens, it does no
copy at all.
ncpmount calls mount() with
mount("CDROM/VANDROVE", "/root/cdrom", "ncpfs", 0xc0ed0000, 0xbffff730)
("CDROM/VANDROVE" is at 0xbffffc30).
So copy_mount_options is called once with source = 0xbffff730 and once
with 0xbffffc30. And copy_from_user(0xbffff730, kernel, 0x1000) fails
with returning 0x1000 (no data copied) instead of doing correct partial
copy and return 0x730 (uncopied data length) :-( So whole mount fails
with -EFAULT :-(
I do not see how fix it except with either (1) reverting to vmas walking
or (2) copy it byte after byte, as fixing copy_from_user is not supported
by others (due to slowdown), although it is unexpected.
Petr Vandrovec
vandrove@vc.cvut.cz
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Tue May 23 2000 - 21:00:22 EST