On Mon, Jan 12, 2026 at 03:30:34PM +0800, Fushuai Wang wrote: > From: Fushuai Wang <[email protected]> > > Many places call copy_from_user() to copy a buffer from user space, > and then manually add a NULL terminator to the destination buffer, > e.g.:
6 is not many > > if (copy_from_user(dest, src, len)) > return -EFAULT; > dest[len] = '\0'; > > This is repetitive and error-prone. Add a copy_from_user_nul() helper to > simplify such patterns. It copied n bytes from user space to kernel space, > and NUL-terminates the destination buffer. > > Signed-off-by: Fushuai Wang <[email protected]> I checked the cases you've found, and all them clearly abuse copy_from_user(). For example, #2 in tlbflush_write_file(): if (copy_from_user(buf, user_buf, len)) return -EFAULT; buf[len] = '\0'; if (kstrtoint(buf, 0, &ceiling)) return -EINVAL; should be: len = strncpy_from_user(buf, user_buf, len); if (len < 0) return len; ret = kstrtoint(buf, 0, &ceiling); if (ret) return ret; See, if you use the right API, you don't need this weird copy_from_user_nul(). Also notice how nice the original version hides possible ERANGE in kstrtoint(). Patches #3-5 in the series again copy strings with raw non-string API, so should be converted to some flavor of strcpy(). #6 patches lib/kstrtox, which makes little sense because the whole purpose of that library is to handle raw pieces of memory as valid C strings. One would expect such patterns in library code, and I'd prefer having them explicit. I find copy_{from,to}_user_nul() useful for objects that must be null-terminated, and may have \0 somewhere in the middle. Those are not C strings. I suspect this isn't a popular format across the kernel. On the other hand, adding the _nul() version of copy_from_user() would make an API abuse like above simpler, which is a bad thing. Can you drop copy_from_user_nul() and submit a series that switches string manipulations to the dedicated string functions? Thanks, Yury
