Mount options may be silently discarded
Dmitry Kasatkin
dmitry.kasatkin at gmail.com
Mon Sep 28 18:00:54 UTC 2020
On Mon, Sep 28, 2020 at 5:36 PM David Laight <David.Laight at aculab.com> wrote:
>
> From: Dmitry Kasatkin
> > Sent: 28 September 2020 15:03
> >
> > "copy_mount_options" function came to my eyes.
> > It splits copy into 2 pieces - over page boundaries.
> > I wonder what is the real reason for doing this?
> > Original comment was that we need exact bytes and some user memcpy
> > functions do not return correct number on page fault.
> >
> > But how would all other cases work?
> >
> > https://elixir.bootlin.com/linux/latest/source/fs/namespace.c#L3075
> >
> > if (size != PAGE_SIZE) {
> > if (copy_from_user(copy + size, data + size, PAGE_SIZE - size))
> > memset(copy + size, 0, PAGE_SIZE - size);
> > }
> >
> > This looks like some options may be just discarded?
> > What if it is an important security option?
> >
> > Why it does not return EFAULT, but just memset?
>
> The user doesn't supply the transfer length, the max size
> is a page.
> Since the copy can only start to fail on a page boundary
> reading in two pieces is exactly the same as knowing the
> address at which the transfer started to fail.
>
> Since the actual mount options can be much smaller than
> a page (and usually are) zero-filling is best.
>
Hi David,
Ok. This is now obvious that it is done for "proper" memseting...
But why "we" should allow "discarding" failed part instead of failing
with EFAULT as a whole?
Thanks,
> David
>
> -
> Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
> Registration No: 1397386 (Wales)
--
Thanks,
Dmitry
More information about the Linux-security-module-archive
mailing list