On Thu, Jan 07, 2021 at 10:47:07AM -0800, Linus Torvalds wrote:
> On Thu, Jan 7, 2021 at 10:34 AM Al Viro <v...@zeniv.linux.org.uk> wrote:
> >
> > I'm not sure it's the best approach, TBH. How about simply
> > for (walk = head; walk; ufds += walk->len, walk = walk->next) {
> > if (copy_to_user(ufds, walk->entries,
> > walk->len * sizeof(struct pollfd))
> > goto out_fds;
> > }
> > in there? It's both simpler (obviously matches the copyin side) and
> > might very well be faster...
>
> I started doing that, but .. Nope.
>
> It's not copying the whole entry. It's literally just modifying one
> 16-bit word in each entry.
>
> Now, the "whole entry" is just 8 bytes, so it's possible that it would
> actually be faster to do a copy of the whole thing rather than write
> just the 16 bits. But I got very nervous about it, because I could
> easily see some threaded app actually changing the 'fd' (or the
> 'event' field) in place (ie writing -1 to it as they close and re-use
> it)
Point... Pity, that.
