git.ipfire.org Git - thirdparty/kernel/linux.git/commit

author	Nicolin Chen <nicolinc@nvidia.com>
	Wed, 3 Jun 2026 21:26:55 +0000 (14:26 -0700)
committer	Jason Gunthorpe <jgg@nvidia.com>
	Fri, 12 Jun 2026 13:44:44 +0000 (10:44 -0300)
commit	e28bee5b445178390d63f7a93a5a219063c6434e
tree	3557c6063da8f13c109be155965cb96ea7fdee06	tree \| snapshot
parent	5623c8cb81365f845f318135979d25a4b6671900	commit \| diff

iommu: Avoid copying the user array twice in the full-array copy helper

iommu_copy_struct_from_full_user_array() copies a whole user array into a
kernel buffer. In the common case, where user entry_len equals destination
entry size, it takes a fast path and copies the whole array with a single
copy_from_user().

That fast path does not return, so it falls through into the item-by-item
copy_struct_from_user() loop and copies every entry a second time. For an
equal entry_len that loop is just a copy_from_user() of the same bytes, so
the whole array is copied twice for no benefit.

Return right after the bulk copy. The per-item loop then runs only on the
slow path, where entry_len differs and each entry needs size adaption.

Fixes: 4f2e59ccb698 ("iommu: Add iommu_copy_struct_from_full_user_array helper")
Link: https://patch.msgid.link/r/6c9eca4ff584cb977661e97799ac6fe934e7f51c.1780521606.git.nicolinc@nvidia.com
Assisted-by: Claude:claude-opus-4-8
Signed-off-by: Nicolin Chen <nicolinc@nvidia.com>
Reviewed-by: Lu Baolu <baolu.lu@linux.intel.com>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>