From: Russell King
Date: Sat Apr 17 2004 - 14:20:11 EST

On Sat, Apr 17, 2004 at 12:09:24PM -0700, Trond Myklebust wrote:
> On Sat, 2004-04-17 at 12:01, Marc Singer wrote:
> > I think you are talking about the fstab mount option. Is there a
> > kernel command line option for this? That's what I've been looking
> > for. I'm not using an initrd.
> No. I'm talking about the built-in parser to enable NFSROOT to pass
> mount options. As in:
> nfsroot=[<server-ip>:]<root-dir>[,<nfs-options>]
> See Documentation/nfsroot.txt. Put "tcp" as one of the "<nfs-options>",
> and your root partition will use TCP instead of UDP.


Can you explain how this works?

static int __init root_nfs_parse(char *name, char *buf)
while ((p = strsep (&name, ",")) != NULL) {
int token;
if (!*p)
token = match_token(p, tokens, args);

/* %u tokens only */
if (match_int(&args[0], &option))
return 0;

Firstly, as far as I can see, args[] is uninitialised. If match_token
doesn't touch args[] then we pass match_int some uninitialised kernel

Secondly, we seem to exit if match_int doesn't parse a number. Not
all options in "tokens" have a number associated with them, including
ones like "tcp".

So, given that "tcp" is the only option, I think we'll end up passing
match_int() some uninitialised memory which may cause a kernel oops.
If not, it probably won't be a valid number, so we'll ignore the option.

However, it will appear to work as long as the first option has a
number associated with it (ie, is one of the first 9 options.)

