Ammar Faizi <ammarfaizi2@xxxxxxxxxxx> writes:
> On 11/22/22 12:29 AM, Stefan Roesch wrote:
>> +static int io_register_napi(struct io_ring_ctx *ctx, void __user *arg)
>> +{
>> +#ifdef CONFIG_NET_RX_BUSY_POLL
>> + const struct io_uring_napi curr = {
>> + .busy_poll_to = ctx->napi_busy_poll_to,
>> + };
>> + struct io_uring_napi *napi;
>> +
>> + napi = memdup_user(arg, sizeof(*napi));
>> + if (IS_ERR(napi))
>> + return PTR_ERR(napi);
>> +
>> + WRITE_ONCE(ctx->napi_busy_poll_to, napi->busy_poll_to);
>> +
>> + kfree(napi);
>> +
>> + if (copy_to_user(arg, &curr, sizeof(curr)))
>> + return -EFAULT;
>> +
>> + return 0;
>
> Considering:
>
> 1) `struct io_uring_napi` is 16 bytes in size.
>
> 2) The lifetime of `struct io_uring_napi *napi;` is brief.
>
> There is no need to use memdup_user() and kfree(). You can place it
> on the stack and use copy_from_user() instead.
The next version of the patch will use copy_from_user.
