On Thu, Sep 01, 2022 at 02:36:25PM -0600, Alex Williamson wrote: > > Much of the bitmap helpers don't check that the offset is within the range > > of the passed ulong array. So I followed the same thinking and the > > caller is /provided/ with the range that the IOVA bitmap covers. The intention > > was minimizing the number of operations given that this function sits on the > > hot path. I can add this extra check. > > Maybe Jason can quote a standard here, audit the callers vs sanitize > the input. It'd certainly be fair even if the test were a BUG_ON since > it violates the defined calling conventions and we're not taking > arbitrary input, but it could also pretty easily and quietly go into > the weeds if we do nothing. Thanks, Nope, no consensus I know of But generally people avoid sanity checks on hot paths Linus will reject your merge request if you put a BUG_ON :) Turn on a check if kasn is on or something if you think it is really important? Jason
