lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Thu, 1 Sep 2022 20:16:59 -0300
From:   Jason Gunthorpe <>
To:     Alex Williamson <>
Cc:, Yishai Hadas <>,,,,,,,,
Subject: Re: [PATCH V5 vfio 04/10] vfio: Add an IOVA bitmap support

On Thu, Sep 01, 2022 at 02:36:25PM -0600, Alex Williamson wrote:

> > Much of the bitmap helpers don't check that the offset is within the range
> > of the passed ulong array. So I followed the same thinking and the
> > caller is /provided/ with the range that the IOVA bitmap covers. The intention
> > was minimizing the number of operations given that this function sits on the
> > hot path. I can add this extra check.
> Maybe Jason can quote a standard here, audit the callers vs sanitize
> the input.  It'd certainly be fair even if the test were a BUG_ON since
> it violates the defined calling conventions and we're not taking
> arbitrary input, but it could also pretty easily and quietly go into
> the weeds if we do nothing.  Thanks,

Nope, no consensus I know of

But generally people avoid sanity checks on hot paths

Linus will reject your merge request if you put a BUG_ON :)

Turn on a check if kasn is on or something if you think it is really


Powered by blists - more mailing lists