On Wed, Jan 24, 2024, at 12:20, Alice Ryhl wrote:
> +unsigned long
> rust_helper_copy_from_user_unsafe_skip_check_object_size(void *to,
> const void __user *from, unsigned long n)
> +{
> + unsigned long res;
> +
> + might_fault();
> + instrument_copy_from_user_before(to, from, n);
> + if (should_fail_usercopy())
> + return n;
> + res = raw_copy_from_user(to, from, n);
> + instrument_copy_from_user_after(to, from, n, res);
> + return res;
> +}
> +EXPORT_SYMBOL_GPL(rust_helper_copy_from_user_unsafe_skip_check_object_size);
> +
> +unsigned long
> rust_helper_copy_to_user_unsafe_skip_check_object_size(void __user *to,
> const void *from, unsigned long n)
> +{
> + might_fault();
> + if (should_fail_usercopy())
> + return n;
> + instrument_copy_to_user(to, from, n);
> + return raw_copy_to_user(to, from, n);
> +}
> +EXPORT_SYMBOL_GPL(rust_helper_copy_to_user_unsafe_skip_check_object_size);
These functions are almost identical to the ones in
lib/usercopy.c for !defined(INLINE_COPY_TO_USER).
That version has an extra memset() after a partial
copy_from_user(), and you probably want to have the
same thing here for consistency.
I think ideally we should only have one out-of-line copy
of these two functions and have that one shared between
rust and architectures that want the C version out of line
as well.
Arnd
