From: Jakub Kicinski <kuba@kernel.org>
To: Chuck Lever <cel@kernel.org>
Cc: davem@davemloft.net, edumazet@google.com, pabeni@redhat.com,
David Howells <dhowells@redhat.com>, <netdev@vger.kernel.org>,
<linux-fsdevel@vger.kernel.org>,
Chuck Lever <chuck.lever@oracle.com>,
Alexander Viro <viro@zeniv.linux.org.uk>,
linux-block@vger.kernel.org
Subject: Re: [PATCH net-next] net: datagram: Bypass usercopy checks for kernel iterators
Date: Fri, 27 Feb 2026 19:19:56 -0800 [thread overview]
Message-ID: <20260227191956.56539ecc@kernel.org> (raw)
In-Reply-To: <20260225162532.30587-1-cel@kernel.org>
On Wed, 25 Feb 2026 11:25:32 -0500 Chuck Lever wrote:
> From: Chuck Lever <chuck.lever@oracle.com>
>
> Profiling NFSD under an iozone workload showed that hardened
> usercopy checks consume roughly 1.3% of CPU in the TCP receive path.
> These checks validate memory regions during copies, but provide no
> security benefit when both source (skb data) and destination (kernel
> pages in BVEC/KVEC iterators) reside in kernel address space.
>
> Modify simple_copy_to_iter() and crc32c_and_copy_to_iter() to call
> _copy_to_iter() directly when the destination is a kernel-only
> iterator, bypassing the usercopy hardening validation. User-backed
> iterators (ITER_UBUF, ITER_IOVEC) continue to use copy_to_iter()
> with full validation.
>
> This benefits kernel consumers of TCP receive such as the NFS client
> and server and NVMe-TCP, which use ITER_BVEC for their receive
> buffers.
If it makes such a difference why not make copy_to_iter()
check the iter type? Why force callers to check it?
> diff --git a/net/core/datagram.c b/net/core/datagram.c
> index c285c6465923..e83cf0125008 100644
> --- a/net/core/datagram.c
> +++ b/net/core/datagram.c
> @@ -490,7 +490,10 @@ static size_t crc32c_and_copy_to_iter(const void *addr, size_t bytes,
> u32 *crcp = _crcp;
> size_t copied;
>
> - copied = copy_to_iter(addr, bytes, i);
> + if (user_backed_iter(i))
> + copied = copy_to_iter(addr, bytes, i);
> + else
> + copied = _copy_to_iter(addr, bytes, i);
> *crcp = crc32c(*crcp, addr, copied);
> return copied;
> }
> @@ -515,10 +518,17 @@ int skb_copy_and_crc32c_datagram_iter(const struct sk_buff *skb, int offset,
> EXPORT_SYMBOL(skb_copy_and_crc32c_datagram_iter);
> #endif /* CONFIG_NET_CRC32C */
>
> +/*
> + * Bypass usercopy hardening for kernel-only iterators: no data
> + * crosses the user/kernel boundary, so the slab whitelist check
> + * on the source buffer is unnecessary overhead.
> + */
> static size_t simple_copy_to_iter(const void *addr, size_t bytes,
> void *data __always_unused, struct iov_iter *i)
> {
> - return copy_to_iter(addr, bytes, i);
> + if (user_backed_iter(i))
> + return copy_to_iter(addr, bytes, i);
> + return _copy_to_iter(addr, bytes, i);
> }
>
> /**
next prev parent reply other threads:[~2026-02-28 3:19 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-25 16:25 [PATCH net-next] net: datagram: Bypass usercopy checks for kernel iterators Chuck Lever
2026-02-28 3:19 ` Jakub Kicinski [this message]
-- strict thread matches above, loose matches on Subject: below --
2026-03-03 9:42 Paolo Abeni
2026-03-03 15:53 ` Chuck Lever
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260227191956.56539ecc@kernel.org \
--to=kuba@kernel.org \
--cc=cel@kernel.org \
--cc=chuck.lever@oracle.com \
--cc=davem@davemloft.net \
--cc=dhowells@redhat.com \
--cc=edumazet@google.com \
--cc=linux-block@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.