On Thu, Jan 07, 2021 at 06:33:58PM +0000, Al Viro wrote:
> On Thu, Jan 07, 2021 at 09:43:54AM -0800, Linus Torvalds wrote:
>
> > Before, it would do the whole CLAC/STAC dance inside that loop for
> > every entry (and with that commit d55564cfc22 it would be a function
> > call, of course).
> >
> > Can you verify that this fixes the regression (and in fact I'd expect
> > it to improve that test-case)?
>
> I'm not sure it's the best approach, TBH. How about simply
> for (walk = head; walk; ufds += walk->len, walk = walk->next) {
> if (copy_to_user(ufds, walk->entries,
> walk->len * sizeof(struct pollfd))
> goto out_fds;
> }
> in there? It's both simpler (obviously matches the copyin side) and
> might very well be faster...
Something like
do_sys_poll(): do the wholesale copyout
Don't bother with patching up just one field - 16 bits out of each 64.
The amount of memory traffic is not going to be greater (might be
smaller, actually) and the loop in copy_to_user() is optimized for
bulk copy.
Signed-off-by: Al Viro <v...@zeniv.linux.org.uk>
---
diff --git a/fs/select.c b/fs/select.c
index ebfebdfe5c69..288633053c7f 100644
--- a/fs/select.c
+++ b/fs/select.c
@@ -1011,12 +1011,9 @@ static int do_sys_poll(struct pollfd __user *ufds,
unsigned int nfds,
fdcount = do_poll(head, &table, end_time);
poll_freewait(&table);
- for (walk = head; walk; walk = walk->next) {
- struct pollfd *fds = walk->entries;
- int j;
-
- for (j = 0; j < walk->len; j++, ufds++)
- if (__put_user(fds[j].revents, &ufds->revents))
+ for (walk = head; walk; ufds += walk->len, walk = walk->next) {
+ if (copy_to_user(ufds, walk->entries,
+ walk->len * sizeof(struct pollfd)))
goto out_fds;
}
