> From: Linus Torvalds > Sent: 07 October 2019 04:12 ... > In this case, I think it's done a few callers up in i915_gem_pread_ioctl(): > > if (!access_ok(u64_to_user_ptr(args->data_ptr), > args->size)) > return -EFAULT; > > but honestly, trying to optimize away another "access_ok()" is just > not worth it. I'd rather have an extra one than miss one. You don't really want an extra access_ok() for every 'word' of a copy. Some copies have to be done a word at a time. And the checks someone added to copy_to/from_user() to detect kernel buffer overruns must kill performance when the buffers are way down the stack or in kmalloc()ed space. David - Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK Registration No: 1397386 (Wales)
