On 11/22/22 6:13 AM, Ammar Faizi wrote:
> On 11/22/22 2:46 AM, Jens Axboe wrote:
>> On 11/21/22 12:14?PM, Stefan Roesch wrote:
>>> +static int io_unregister_napi(struct io_ring_ctx *ctx, void __user *arg)
>>> +{
>>> +#ifdef CONFIG_NET_RX_BUSY_POLL
>>> + const struct io_uring_napi curr = {
>>> + .busy_poll_to = ctx->napi_busy_poll_to,
>>> + };
>>> +
>>> + if (copy_to_user(arg, &curr, sizeof(curr)))
>>> + return -EFAULT;
>>> +
>>> + WRITE_ONCE(ctx->napi_busy_poll_to, 0);
>>> + return 0;
>>> +#else
>>> + return -EINVAL;
>>> +#endif
>>> +}
>>
>> Should probably check resv/pad here as well, maybe even the
>> 'busy_poll_to' being zero?
>
> Jens, this function doesn't read from __user memory, it writes to
> __user memory.
>
> @curr.resv and @curr.pad are on the kernel's stack. Both are already
> implicitly initialized to zero by the partial struct initializer.
Oh yes, guess I totally missed that we don't care about the value
at all (just zero the target) and copy back the old values.
--
Jens Axboe
