From: David Laight <david.laight.linux@gmail.com>
To: Stefan Metzmacher <metze@samba.org>
Cc: linux-kernel@vger.kernel.org,
Dmitry Safonov <0x7f454c46@gmail.com>,
Dmitry Safonov <dima@arista.com>,
Francesco Ruggeri <fruggeri@arista.com>,
Salam Noureddine <noureddine@arista.com>,
David Ahern <dsahern@kernel.org>,
"David S . Miller" <davem@davemloft.net>,
Michal Luczaj <mhal@rbox.co>, David Wei <dw@davidwei.uk>,
Luiz Augusto von Dentz <luiz.von.dentz@intel.com>,
Luiz Augusto von Dentz <luiz.dentz@gmail.com>,
Marcel Holtmann <marcel@holtmann.org>,
Xin Long <lucien.xin@gmail.com>,
Eric Dumazet <edumazet@google.com>,
Kuniyuki Iwashima <kuniyu@google.com>,
Paolo Abeni <pabeni@redhat.com>,
Willem de Bruijn <willemb@google.com>,
Neal Cardwell <ncardwell@google.com>,
Jakub Kicinski <kuba@kernel.org>, Simon Horman <horms@kernel.org>,
Aleksa Sarai <cyphar@cyphar.com>,
Christian Brauner <brauner@kernel.org>,
Kees Cook <keescook@chromium.org>,
netdev@vger.kernel.org, linux-bluetooth@vger.kernel.org
Subject: Re: [PATCH 3/5] uaccess: add copy_struct_{from,to}_bounce_buffer() helpers
Date: Tue, 7 Apr 2026 19:25:40 +0100 [thread overview]
Message-ID: <20260407192540.321f3879@pumpkin> (raw)
In-Reply-To: <f29570914590c50b9b6f451eb3a38d0fe1d954df.1775576651.git.metze@samba.org>
On Tue, 7 Apr 2026 18:03:15 +0200
Stefan Metzmacher <metze@samba.org> wrote:
> These are similar to copy_struct_{from,to}_user() but operate
> on kernel buffers instead of user buffers.
>
> They can be used when there is a temporary bounce buffer used,
> e.g. in msg_control or similar places.
>
> It allows us to have the same logic to handle old vs. current
> and current vs. new structures in the same compatible way.
>
> copy_struct_from_sockptr() will also be able to
> use copy_struct_from_bounce_buffer() for the kernel
> case as follow us patch.
>
> I'll use this in my IPPROTO_SMBDIRECT work,
> but maybe it will also be useful for others...
> IPPROTO_QUIC will likely also use it.
>
> Cc: Dmitry Safonov <0x7f454c46@gmail.com>
> Cc: Dmitry Safonov <dima@arista.com>
> Cc: Francesco Ruggeri <fruggeri@arista.com>
> Cc: Salam Noureddine <noureddine@arista.com>
> Cc: David Ahern <dsahern@kernel.org>
> Cc: David S. Miller <davem@davemloft.net>
> Cc: Michal Luczaj <mhal@rbox.co>
> Cc: David Wei <dw@davidwei.uk>
> Cc: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
> Cc: Luiz Augusto von Dentz <luiz.dentz@gmail.com>
> Cc: Marcel Holtmann <marcel@holtmann.org>
> Cc: Xin Long <lucien.xin@gmail.com>
> Cc: Eric Dumazet <edumazet@google.com>
> Cc: Kuniyuki Iwashima <kuniyu@google.com>
> Cc: Paolo Abeni <pabeni@redhat.com>
> Cc: Willem de Bruijn <willemb@google.com>
> Cc: Neal Cardwell <ncardwell@google.com>
> Cc: Jakub Kicinski <kuba@kernel.org>
> Cc: Simon Horman <horms@kernel.org>
> Cc: Aleksa Sarai <cyphar@cyphar.com>
> Cc: Christian Brauner <brauner@kernel.org>
> CC: Kees Cook <keescook@chromium.org>
> Cc: netdev@vger.kernel.org
> Cc: linux-bluetooth@vger.kernel.org
> Cc: linux-kernel@vger.kernel.org
> Signed-off-by: Stefan Metzmacher <metze@samba.org>
> ---
> include/linux/uaccess.h | 63 +++++++++++++++++++++++++++++++++++++++++
> 1 file changed, 63 insertions(+)
>
> diff --git a/include/linux/uaccess.h b/include/linux/uaccess.h
> index 1234b5fa4761..a6cd4f48bb99 100644
> --- a/include/linux/uaccess.h
> +++ b/include/linux/uaccess.h
> @@ -513,6 +513,69 @@ copy_struct_to_user(void __user *dst, size_t usize, const void *src,
> return 0;
> }
>
> +static __always_inline void
> +__copy_struct_generic_bounce_buffer(void *dst, size_t dstsize,
> + const void *src, size_t srcsize,
> + bool *ignored_trailing)
> +{
> + size_t size = min(dstsize, srcsize);
> + size_t rest = max(dstsize, srcsize) - size;
> +
> + /* Deal with trailing bytes. */
> + if (dstsize > srcsize)
> + memset(dst + size, 0, rest);
> + if (ignored_trailing)
> + *ignored_trailing = dstsize < srcsize &&
> + memchr_inv(src + size, 0, rest) != NULL;
> + /* Copy the interoperable parts of the struct. */
> + memcpy(dst, src, size);
> +}
Return 'ignored_trailing' rather than pass by reference.
And this is probably too big to inline.
David
> +
> +/**
> + * This is like copy_struct_from_user(), but the
> + * src buffer was already copied into a kernel
> + * bounce buffer, so it will never return -EFAULT.
> + */
> +static __always_inline __must_check int
> +copy_struct_from_bounce_buffer(void *dst, size_t dstsize,
> + const void *src, size_t srcsize)
> +{
> + bool ignored_trailing;
> +
> + /* Double check if ksize is larger than a known object size. */
> + if (WARN_ON_ONCE(dstsize > __builtin_object_size(dst, 1)))
> + return -E2BIG;
> +
> + __copy_struct_generic_bounce_buffer(dst, dstsize,
> + src, srcsize,
> + &ignored_trailing);
> + if (unlikely(ignored_trailing))
> + return -E2BIG;
> +
> + return 0;
> +}
> +
> +/**
> + * This is like copy_struct_to_user(), but the
> + * dst buffer is a kernel bounce buffer instead
> + * of a direct userspace buffer, so it will never return -EFAULT.
> + */
> +static __always_inline __must_check int
> +copy_struct_to_bounce_buffer(void *dst, size_t dstsize,
> + const void *src,
> + size_t srcsize,
> + bool *ignored_trailing)
> +{
> + /* Double check if srcsize is larger than a known object size. */
> + if (WARN_ON_ONCE(srcsize > __builtin_object_size(src, 1)))
> + return -E2BIG;
> +
> + __copy_struct_generic_bounce_buffer(dst, dstsize,
> + src, srcsize,
> + ignored_trailing);
> + return 0;
> +}
> +
> bool copy_from_kernel_nofault_allowed(const void *unsafe_src, size_t size);
>
> long copy_from_kernel_nofault(void *dst, const void *src, size_t size);
next prev parent reply other threads:[~2026-04-07 18:25 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-07 16:03 [PATCH 0/5] uaccess/sockptr: copy_struct_ fixes and more helpers Stefan Metzmacher
2026-04-07 16:03 ` [PATCH 1/5] uaccess: fix ignored_trailing logic in copy_struct_to_user() Stefan Metzmacher
2026-04-07 16:03 ` [PATCH 2/5] sockptr: fix usize check in copy_struct_from_sockptr() for user pointers Stefan Metzmacher
2026-04-07 16:03 ` [PATCH 3/5] uaccess: add copy_struct_{from,to}_bounce_buffer() helpers Stefan Metzmacher
2026-04-07 18:25 ` David Laight [this message]
2026-04-07 16:03 ` [PATCH 4/5] sockptr: let copy_struct_from_sockptr() use copy_struct_from_bounce_buffer() Stefan Metzmacher
2026-04-07 16:03 ` [PATCH 5/5] sockptr: introduce copy_struct_to_sockptr() Stefan Metzmacher
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260407192540.321f3879@pumpkin \
--to=david.laight.linux@gmail.com \
--cc=0x7f454c46@gmail.com \
--cc=brauner@kernel.org \
--cc=cyphar@cyphar.com \
--cc=davem@davemloft.net \
--cc=dima@arista.com \
--cc=dsahern@kernel.org \
--cc=dw@davidwei.uk \
--cc=edumazet@google.com \
--cc=fruggeri@arista.com \
--cc=horms@kernel.org \
--cc=keescook@chromium.org \
--cc=kuba@kernel.org \
--cc=kuniyu@google.com \
--cc=linux-bluetooth@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=lucien.xin@gmail.com \
--cc=luiz.dentz@gmail.com \
--cc=luiz.von.dentz@intel.com \
--cc=marcel@holtmann.org \
--cc=metze@samba.org \
--cc=mhal@rbox.co \
--cc=ncardwell@google.com \
--cc=netdev@vger.kernel.org \
--cc=noureddine@arista.com \
--cc=pabeni@redhat.com \
--cc=willemb@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox