The canonical code to read iov[] from userspace is currently: struct iovec iovstack[UIO_FASTIOV]; struct iovec *iov; ... iov = iovstack; rc = import_iovec(..., UIO_FASTIOV, &iov, &iter); if (rc < 0) return rc; ... kfree(iov); Note that the 'iov' parameter is used for two different things. On input it is an iov[] that can be used. On output it is an iov[] array that must be freed. If 'iovstack' is passed, the count is actually always UIO_FASTIOV (8) although in some places the array definition is in a different file (never mind function) from the constant used. import_iovec() itself is just a wrapper to rw_copy_check_uvector(). So everything is passed through to a second function. Several items are 'passed by reference' - adding to the code paths. On success import_iovec() returned the transfer count. Only one caller looks at it, the count is also in iter.count. The new canonical code is: struct iov_cache cache; struct iovec *iov; ... iov = iovec_import(..., &cache, &iter); if (IS_ERR(iov)) return PTR_ERR(iov); ... kfree(iov); Since 'struct iov_cache' is a fixed size there is no need to pass in a length (correct or not!). It can still be NULL (used by the scsi code). iovec_import() contains the code that used to be in rw_copy_check_uvector() and then sets up the iov_iter. rw_copy_check_uvector() is no more. The only other caller was in mm/process_vm_access.c when reading the iov[] for the target process addresses when copying from a different process. This can extract the iov[] from an extra 'struct iov_iter'. In passing I noticed an access_ok() call on each fragment. I hope this is just there to bail out early! It is also skipped in process_vm_rw(). I did a quick look but couldn't see an obvious equivalent check. I've only done minimal changes to fs/io_uring.c Once it has been converted to use iovec_import() the import_iovec() functions can be deleted. Patches 1, 2 and 3 need to be applied first. Patches 4 to 9 can be applied in any order. There should be measurable (if small) improvements to the recvmmsg() and sendmmsg() system calls. David Laight (9): 1) mm:process_vm_access Call import_iovec() instead of rw_copy_check_uvector() 2) fs: Move rw_copy_check_uvector() into lib/iov_iter.c and make static. 3) lib/iov_iter: Improved function for importing iovec[] from userpace. 4) fs/io_uring Don't use the return value from import_iovec(). 5) scsi: Use iovec_import() instead of import_iovec(). 6) security/keys: Use iovec_import() instead of import_iovec(). 7) mm/process_vm_access: Use iovec_import() instead of import_iovec(). 8) fs: Use iovec_import() instead of import_iovec(). 9) net/socket: Use iovec_import() instead of import_iovec(). block/scsi_ioctl.c | 14 ++- drivers/scsi/sg.c | 14 +-- fs/aio.c | 34 +++--- fs/io_uring.c | 21 ++-- fs/read_write.c | 248 ++++++----------------------------------- fs/splice.c | 22 ++-- include/linux/compat.h | 6 - include/linux/fs.h | 5 - include/linux/socket.h | 15 +-- include/linux/uio.h | 14 +++ include/net/compat.h | 5 +- lib/iov_iter.c | 200 +++++++++++++++++++++++++++++---- mm/process_vm_access.c | 82 +++++++------- net/compat.c | 17 ++- net/socket.c | 66 +++++------ security/keys/compat.c | 11 +- security/keys/keyctl.c | 10 +- 17 files changed, 386 insertions(+), 398 deletions(-) - Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK Registration No: 1397386 (Wales)
