On 11/22/22 2:46 AM, Jens Axboe wrote:
On 11/21/22 12:14?PM, Stefan Roesch wrote:+static int io_unregister_napi(struct io_ring_ctx *ctx, void __user *arg) +{ +#ifdef CONFIG_NET_RX_BUSY_POLL + const struct io_uring_napi curr = { + .busy_poll_to = ctx->napi_busy_poll_to, + }; + + if (copy_to_user(arg, &curr, sizeof(curr))) + return -EFAULT; + + WRITE_ONCE(ctx->napi_busy_poll_to, 0); + return 0; +#else + return -EINVAL; +#endif +}Should probably check resv/pad here as well, maybe even the 'busy_poll_to' being zero?
Jens, this function doesn't read from __user memory, it writes to __user memory. @curr.resv and @curr.pad are on the kernel's stack. Both are already implicitly initialized to zero by the partial struct initializer. -- Ammar Faizi
