On 11/22/22 12:29 AM, Stefan Roesch wrote:
+static int io_register_napi(struct io_ring_ctx *ctx, void __user *arg)
+{
+#ifdef CONFIG_NET_RX_BUSY_POLL
+ const struct io_uring_napi curr = {
+ .busy_poll_to = ctx->napi_busy_poll_to,
+ };
+ struct io_uring_napi *napi;
+
+ napi = memdup_user(arg, sizeof(*napi));
+ if (IS_ERR(napi))
+ return PTR_ERR(napi);
+
+ WRITE_ONCE(ctx->napi_busy_poll_to, napi->busy_poll_to);
+
+ kfree(napi);
+
+ if (copy_to_user(arg, &curr, sizeof(curr)))
+ return -EFAULT;
+
+ return 0;
Considering:
1) `struct io_uring_napi` is 16 bytes in size.
2) The lifetime of `struct io_uring_napi *napi;` is brief.
There is no need to use memdup_user() and kfree(). You can place it
on the stack and use copy_from_user() instead.
--
Ammar Faizi
