Re: [PATCH 1/2] bitmap: new bitmap_copy_safe and bitmap_{from,to}_arr32

From: Yury Norov
Date: Tue Jan 09 2018 - 00:16:27 EST


On Tue, Jan 09, 2018 at 12:29:23AM +0100, Rasmus Villemoes wrote:
> On 28 December 2017 at 16:00, Yury Norov <ynorov@xxxxxxxxxxxxxxxxxx> wrote:
> >
> > In this patch, bitmap_copy_safe and bitmap_{from,to}_arr32 are introduced.
> >
> > 'Safe' in bitmap_copy_safe() stands for clearing unused bits in bitmap
> > beyond last bit till the end of last word. It is useful for hardening
> > API when bitmap is assumed to be exposed to userspace.
>
> I agree completely with getting rid of the complexity of the u32array
> functions, and also think they should simply be implemented as a
> memcpy() when possible.
>
> I'm not a fan of the _safe suffix, though. It doesn't say what it's
> safe from. For example, one possible interpretation is that it allows
> src or dst to be NULL (becoming a noop in such a case). Why not say
> what it does? _clear_tail, _clear_rest, something like that.

OK, _clear_tail sounds good. I have to send v2 anyway because there's
new driver coming that uses u32array, and I'll also do rename.
https://www.spinics.net/lists/arm-kernel/msg627220.html

> Or maybe,
> can we simply make bitmap_copy behave that way? Hm, probably not, a
> bit too many users to check they'd all be ok with that.

Yep, and there's explicit comment in lib/bitmap.c:
* The possible unused bits in the last, partially used word
* of a bitmap are 'don't care'. The implementation makes
* no particular effort to keep them zero. It ensures that
* their value will not affect the results of any operation.
* The bitmap operations that return Boolean (bitmap_empty,
* for example) or scalar (bitmap_weight, for example) results
* carefully filter out these unused bits from impacting their
* results.

Changing this may potentially affect performance, and anyway, too
revolutionary to me.

Yury