Re: [BusyBox] 0.48 - Can't mount /proc

[Ralf Baechle <ralf@oss.sgi.com>]

On Thu, Jan 11, 2001 at 08:52:08AM -0700, Quinn Jensen wrote:

> Here's a kernel patch.  The __access_ok macro looks one byte
> too far and fails.  Since copy_mount_options() isn't
> sure how long the string arguments are, it just copies
> to the end of the page.  Since this is on busybox's
> stack, the copy wants to go all the way to 0x7FFFFFF
> and hits this corner case.

I don't like this solution as it inflates the kernel noticably.  Actually
even the bug itself hasn't been one; this off by one mistake was deliberatly
accepted in the - obviously wrong - assumption that nobody would ever try to
use the last byte of userspace.  See also the Alpha variant of the code;
looks like they suffer from the same problem.

My solution will be to truncate userspace by by at least 4kb.  I've choosen
to even truncate it by 32kb; this will also make the layout of the address
space for 32-bit processes on 64-bit kernels and 32-bit kernel identical
again.

  Ralf