On Thu, Sep 05, 2019 at 07:07:50PM +0100, Al Viro wrote: > On Thu, Sep 05, 2019 at 06:19:22AM +1000, Aleksa Sarai wrote: > > +/* > > + * "memset(p, 0, size)" but for user space buffers. Caller must have already > > + * checked access_ok(p, size). > > + */ > > +static int __memzero_user(void __user *p, size_t s) > > +{ > > + const char zeros[BUFFER_SIZE] = {}; > > + while (s > 0) { > > + size_t n = min(s, sizeof(zeros)); > > + > > + if (__copy_to_user(p, zeros, n)) > > + return -EFAULT; > > + > > + p += n; > > + s -= n; > > + } > > + return 0; > > +} > > That's called clear_user(). > > > +int copy_struct_to_user(void __user *dst, size_t usize, > > + const void *src, size_t ksize) > > +{ > > + size_t size = min(ksize, usize); > > + size_t rest = abs(ksize - usize); > > + > > + if (unlikely(usize > PAGE_SIZE)) > > + return -EFAULT; > > Why? Because every caller of that function right now has that limit set anyway iirc. So we can either remove it from here and place it back for the individual callers or leave it in the helper. Also, I'm really asking, why not? Is it unreasonable to have an upper bound on the size (for a long time probably) or are you disagreeing with PAGE_SIZE being used? PAGE_SIZE limit is currently used by sched, perf, bpf, and clone3 and in a few other places.