From: Chuck Lever <cel@kernel.org>
To: davem@davemloft.net, edumazet@google.com, kuba@kernel.org,
pabeni@redhat.com
Cc: David Howells <dhowells@redhat.com>, <netdev@vger.kernel.org>,
<linux-fsdevel@vger.kernel.org>,
Chuck Lever <chuck.lever@oracle.com>
Subject: [PATCH net-next] net: datagram: Bypass usercopy checks for kernel iterators
Date: Wed, 25 Feb 2026 11:25:32 -0500 [thread overview]
Message-ID: <20260225162532.30587-1-cel@kernel.org> (raw)
From: Chuck Lever <chuck.lever@oracle.com>
Profiling NFSD under an iozone workload showed that hardened
usercopy checks consume roughly 1.3% of CPU in the TCP receive path.
These checks validate memory regions during copies, but provide no
security benefit when both source (skb data) and destination (kernel
pages in BVEC/KVEC iterators) reside in kernel address space.
Modify simple_copy_to_iter() and crc32c_and_copy_to_iter() to call
_copy_to_iter() directly when the destination is a kernel-only
iterator, bypassing the usercopy hardening validation. User-backed
iterators (ITER_UBUF, ITER_IOVEC) continue to use copy_to_iter()
with full validation.
This benefits kernel consumers of TCP receive such as the NFS client
and server and NVMe-TCP, which use ITER_BVEC for their receive
buffers.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
---
net/core/datagram.c | 14 ++++++++++++--
1 file changed, 12 insertions(+), 2 deletions(-)
diff --git a/net/core/datagram.c b/net/core/datagram.c
index c285c6465923..e83cf0125008 100644
--- a/net/core/datagram.c
+++ b/net/core/datagram.c
@@ -490,7 +490,10 @@ static size_t crc32c_and_copy_to_iter(const void *addr, size_t bytes,
u32 *crcp = _crcp;
size_t copied;
- copied = copy_to_iter(addr, bytes, i);
+ if (user_backed_iter(i))
+ copied = copy_to_iter(addr, bytes, i);
+ else
+ copied = _copy_to_iter(addr, bytes, i);
*crcp = crc32c(*crcp, addr, copied);
return copied;
}
@@ -515,10 +518,17 @@ int skb_copy_and_crc32c_datagram_iter(const struct sk_buff *skb, int offset,
EXPORT_SYMBOL(skb_copy_and_crc32c_datagram_iter);
#endif /* CONFIG_NET_CRC32C */
+/*
+ * Bypass usercopy hardening for kernel-only iterators: no data
+ * crosses the user/kernel boundary, so the slab whitelist check
+ * on the source buffer is unnecessary overhead.
+ */
static size_t simple_copy_to_iter(const void *addr, size_t bytes,
void *data __always_unused, struct iov_iter *i)
{
- return copy_to_iter(addr, bytes, i);
+ if (user_backed_iter(i))
+ return copy_to_iter(addr, bytes, i);
+ return _copy_to_iter(addr, bytes, i);
}
/**
--
2.52.0
next reply other threads:[~2026-02-25 16:25 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-25 16:25 Chuck Lever [this message]
2026-02-28 3:19 ` [PATCH net-next] net: datagram: Bypass usercopy checks for kernel iterators Jakub Kicinski
-- strict thread matches above, loose matches on Subject: below --
2026-03-03 9:42 Paolo Abeni
2026-03-03 15:53 ` Chuck Lever
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260225162532.30587-1-cel@kernel.org \
--to=cel@kernel.org \
--cc=chuck.lever@oracle.com \
--cc=davem@davemloft.net \
--cc=dhowells@redhat.com \
--cc=edumazet@google.com \
--cc=kuba@kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.