From: Chuck Lever <redacted>

The previous patch bypassed runtime usercopy validation in
copy_to_iter() for kernel-only iterators. The same overhead
exists in the copy_from_iter() path: check_object_size()
validates the destination buffer's slab residency on every
call, even when the iterator source is entirely kernel-backed
and the user-copy protection is redundant.

Apply the same bypass so that copy_from_iter() calls
__compiletime_check_copy_size() instead of the full
check_copy_size() when the iterator is not user-backed.

All current callers of copy_from_iter_nocache() pass user-space
addresses, so the same change is deferred for that wrapper.

Signed-off-by: Chuck Lever <redacted>
---
 include/linux/uio.h | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/include/linux/uio.h b/include/linux/uio.h
index 45b323e4be97..5a6ad2dd5627 100644
--- a/include/linux/uio.h
+++ b/include/linux/uio.h

@@ -229,8 +229,13 @@ size_t copy_to_iter(const void *addr, size_t bytes, struct iov_iter *i)
 static __always_inline __must_check
 size_t copy_from_iter(void *addr, size_t bytes, struct iov_iter *i)
 {
-	if (check_copy_size(addr, bytes, false))
-		return _copy_from_iter(addr, bytes, i);
+	if (user_backed_iter(i)) {
+		if (check_copy_size(addr, bytes, false))
+			return _copy_from_iter(addr, bytes, i);
+	} else {
+		if (__compiletime_check_copy_size(addr, bytes, false))
+			return _copy_from_iter(addr, bytes, i);
+	}
 	return 0;
 }
 

-- 
2.53.0