Hi, There are tons of short copy check for iov_iter_copy_from_user_atomic(), from the generic_performan_write() which checks the copied in the write_end(). To iomap, which checks the copied in its iomap_write_end(). But I'm wondering, all these call sites have called iov_iter_falut_in_read() to ensure the range we're copying from are accessible, and we prepared the pages by ourselves, how could a short copy happen? Is there any possible race that user space can invalidate some of its memory of the iov? If so, can we find a way to lock the iov to ensure all its content can be accessed without problem until the iov_iter_copy_from_user_atomic() finishes? Thanks, Qu
Attachment:
signature.asc
Description: OpenPGP digital signature
