On Fri, Oct 13, 2023 at 07:49:19AM +0530, Kanchan Joshi wrote: > > precedent to start doing it. > In my mind, this was about dealing with the specific case when the > kernel memory is being used for device DMA. > We have just two cases: (i) separate meta buffer, and (ii) bounce > buffer for data (+metadata). > I had not planned sanity checks for user inputs for anything beyond that. > As opposed to being preventive (in all cases), it was about failing > only when we are certain that DMA will take place and it will corrupt > kernel memory. > > In the long-term, it may be possible for the path to do away with > memory copies. The checks can disappear with that. As soon as the user buffer is unaligned we need to bounce buffer, including for the data buffer.