diff options
| author | Nicolin Chen <nicolinc@nvidia.com> | 2026-06-04 00:26:55 +0300 |
|---|---|---|
| committer | Jason Gunthorpe <jgg@nvidia.com> | 2026-06-12 16:44:44 +0300 |
| commit | e28bee5b445178390d63f7a93a5a219063c6434e (patch) | |
| tree | 3557c6063da8f13c109be155965cb96ea7fdee06 /include/linux | |
| parent | 5623c8cb81365f845f318135979d25a4b6671900 (diff) | |
| download | linux-e28bee5b445178390d63f7a93a5a219063c6434e.tar.xz | |
iommu: Avoid copying the user array twice in the full-array copy helper
iommu_copy_struct_from_full_user_array() copies a whole user array into a
kernel buffer. In the common case, where user entry_len equals destination
entry size, it takes a fast path and copies the whole array with a single
copy_from_user().
That fast path does not return, so it falls through into the item-by-item
copy_struct_from_user() loop and copies every entry a second time. For an
equal entry_len that loop is just a copy_from_user() of the same bytes, so
the whole array is copied twice for no benefit.
Return right after the bulk copy. The per-item loop then runs only on the
slow path, where entry_len differs and each entry needs size adaption.
Fixes: 4f2e59ccb698 ("iommu: Add iommu_copy_struct_from_full_user_array helper")
Link: https://patch.msgid.link/r/6c9eca4ff584cb977661e97799ac6fe934e7f51c.1780521606.git.nicolinc@nvidia.com
Assisted-by: Claude:claude-opus-4-8
Signed-off-by: Nicolin Chen <nicolinc@nvidia.com>
Reviewed-by: Lu Baolu <baolu.lu@linux.intel.com>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
Diffstat (limited to 'include/linux')
| -rw-r--r-- | include/linux/iommu.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/include/linux/iommu.h b/include/linux/iommu.h index e587d4ac4d33..695714426379 100644 --- a/include/linux/iommu.h +++ b/include/linux/iommu.h @@ -547,6 +547,7 @@ iommu_copy_struct_from_full_user_array(void *kdst, size_t kdst_entry_size, user_array->entry_num * user_array->entry_len)) return -EFAULT; + return 0; } /* Copy item by item */ |