[Top] [All Lists]

Re: [BusyBox] 0.48 - Can't mount /proc

To: Quinn Jensen <jensenq@Lineo.COM>
Subject: Re: [BusyBox] 0.48 - Can't mount /proc
From: Ralf Baechle <>
Date: Tue, 16 Jan 2001 05:13:29 -0200
Cc: Erik Andersen <andersen@Lineo.COM>, Michael Shmulevich <>,, "" <>
In-reply-to: <3A5DD6A8.1040600@Lineo.COM>; from jensenq@Lineo.COM on Thu, Jan 11, 2001 at 08:52:08AM -0700
References: <> <> <> <> <> <3A5DD6A8.1040600@Lineo.COM>
User-agent: Mutt/1.2.5i
On Thu, Jan 11, 2001 at 08:52:08AM -0700, Quinn Jensen wrote:

> Here's a kernel patch.  The __access_ok macro looks one byte
> too far and fails.  Since copy_mount_options() isn't
> sure how long the string arguments are, it just copies
> to the end of the page.  Since this is on busybox's
> stack, the copy wants to go all the way to 0x7FFFFFF
> and hits this corner case.

I don't like this solution as it inflates the kernel noticably.  Actually
even the bug itself hasn't been one; this off by one mistake was deliberatly
accepted in the - obviously wrong - assumption that nobody would ever try to
use the last byte of userspace.  See also the Alpha variant of the code;
looks like they suffer from the same problem.

My solution will be to truncate userspace by by at least 4kb.  I've choosen
to even truncate it by 32kb; this will also make the layout of the address
space for 32-bit processes on 64-bit kernels and 32-bit kernel identical


<Prev in Thread] Current Thread [Next in Thread>