Hannes Reinecke <hare@xxxxxxx> writes:
> On 6/1/24 18:01, Keith Busch wrote:
>> On Sat, Jun 01, 2024 at 05:36:20PM +0200, Andreas Hindborg wrote:
>>> Keith Busch <kbusch@xxxxxxxxxx> writes:
>>>
>>>> On Sat, Jun 01, 2024 at 03:40:04PM +0200, Andreas Hindborg wrote:
>>>>> +impl kernel::Module for NullBlkModule {
>>>>> + fn init(_module: &'static ThisModule) -> Result<Self> {
>>>>> + pr_info!("Rust null_blk loaded\n");
>>>>> + let tagset = Arc::pin_init(TagSet::try_new(1, 256, 1), flags::GFP_KERNEL)?;
>>>>> +
>>>>> + let disk = {
>>>>> + let block_size: u16 = 4096;
>>>>> + if block_size % 512 != 0 || !(512..=4096).contains(&block_size) {
>>>>> + return Err(kernel::error::code::EINVAL);
>>>>> + }
>>>>
>>>> You've set block_size to the literal 4096, then validate its value
>>>> immediately after? Am I missing some way this could ever be invalid?
>>>
>>> Good catch. It is because I have a patch in the outbound queue that allows setting
>>> the block size via a module parameter. The module parameter patch is not
>>> upstream yet. Once I have that up, I will send the patch with the block
>>> size config.
>>>
>>> Do you think it is OK to have this redundancy? It would only be for a
>>> few cycles.
>> It's fine, just wondering why it's there. But it also allows values like
>> 1536 and 3584, which are not valid block sizes, so I think you want the
>> check to be:
>> if !(512..=4096).contains(&block_size) || ((block_size & (block_size - 1))
>> != 0)
>>
> Can't we overload .contains() to check only power-of-2 values?
I think `contains` just compiles down to a simple bounds check. We have
to do both the bounds check and the power-of-2 check either way.
BR Andreas
