Hi! > > >6. What's the goal of validation of the input arguments? > > >Kernel code must do this validation anyway, right. > > >Any non-trivial validation is hard, e.g. even for open the validation > > >function > > >for file name would need to have access to flags and check file precense > > >for > > >some flags combinations. That may add significant amount of non-trivial > > >code > > >that duplicates main syscall logic, and that logic may also have bugs and > > >memory leaks. > > > > Mostly to catch divergence from the spec: think of a scenario where > > someone added a new param/flag/etc but forgot to update the spec - this > > will help catch it. > > How exactly is this supposed to work? > Even if we run with a unit test suite, a test suite may include some > incorrect inputs to check for error conditions. The framework will > report violations on these incorrect inputs. These are not bugs in the > API specifications, nor in the test suite (read false positives).
This is what I tried to respond to but I guess that it didn't go well. Let me try to reiterate. I my opinion you shouldn't really put this part into the kernel, but rather than that include more type and semantic information into the data so that tests can be generated and executed in userspace. I do not see how can we validate that we get proper errors from a syscall if one of the input parameters is invalid other than generating and running a C test in userspace. For that part the syscall description does not need to be build into the kernel either, it may be just a build artifact that gets installed with the kernel image. -- Cyril Hrubis chru...@suse.cz
