Mount options may be silently discarded

Dmitry Kasatkin dmitry.kasatkin at gmail.com
Mon Sep 28 14:02:50 UTC 2020


Hi,

"copy_mount_options" function came to my eyes.
It splits copy into 2 pieces - over page boundaries.
I wonder what is the real reason for doing this?
Original comment was that we need exact bytes and some user memcpy
functions  do not return correct number on page fault.

But how would all other cases work?

https://elixir.bootlin.com/linux/latest/source/fs/namespace.c#L3075

if (size != PAGE_SIZE) {
       if (copy_from_user(copy + size, data + size, PAGE_SIZE - size))
            memset(copy + size, 0, PAGE_SIZE - size);
}

This looks like some options may be just discarded?
What if it is an important security option?

Why it does not return EFAULT, but just memset?

-- 
Thanks,
Dmitry



More information about the Linux-security-module-archive mailing list