On Thu, Nov 03, 2022 at 09:30:54AM -0700, yury.norov@xxxxxxxxx wrote:a
> Callers should pass sane arguments into internal functions if they
> expect sane output.
What internal function? It's in a global header.
> The API not exported to userspace shouldn't sanity-check all inputs
> arguments.
That doesn't have anything to do with userspace at all.
APIs exported to the rest of the kernel should very well check their
inputs. Otherwise they're not APIs - just some random functions which
are visible to the compiler.
> So, the portable code shouldn't expect from cpumasks more than
> documentation said: for a _valid_ offset cpumask_next() returns next
> set bit or >= nr_cpu_ids.
Lemme quote from my previous mail:
"First make sure cpumask_next()'s valid accepted range has been settled
upon, has been explicitly documented"
So where is that valid range documented?
> cpumask_check() has been broken for years. Attempting to fix it faced
> so much resistance, that I had to revert the patch.
The suggestion on that thread made sense: you first fix the callers and
then the interface. Just like any other "broken" kernel API.
Nothing's stopping you from fixing it properly - it'll just take a while
and if it is such a widely used interface, you probably should come up
with a strategy first how to fix it without impacting current use.
Interfaces and their in-kernel users get refactored constantly.
Thx.
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
