From owner-freebsd-hackers Sun Jan 26 15:41:52 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id PAA02310 for hackers-outgoing; Sun, 26 Jan 1997 15:41:52 -0800 (PST) Received: from parkplace.cet.co.jp (parkplace.cet.co.jp [202.32.64.1]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id PAA02305 for ; Sun, 26 Jan 1997 15:41:49 -0800 (PST) Received: from localhost (michaelh@localhost) by parkplace.cet.co.jp (8.8.3/CET-v2.1) with SMTP id XAA25270; Sun, 26 Jan 1997 23:40:49 GMT Date: Mon, 27 Jan 1997 08:40:49 +0900 (JST) From: Michael Hancock Reply-To: Michael Hancock To: Terry Lambert cc: bde@freefall.freebsd.org, FreeBSD Hackers Subject: Re: cvs commit: src/sys/kern kern_lockf.c In-Reply-To: <199701262024.NAA02217@phaeton.artisoft.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-hackers@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk On Sun, 26 Jan 1997, Terry Lambert wrote: > > All of the argument checking seems out of place here. The call trace is > > like this: > > > > fcntl => VOP_ADVLOCK => lf_advlock > > > > or > > > > open => VOP_ADVLOCK => lf_advlock > > > > Garbage input should be stopped at the source and lf_advlock should be > > completely free from arg checking. The original coder wanted to factor > > error checking into lf_advlock, but it seems incorrect to allow garbage to > > come in so far. > > > > A consistent division of arg checking responsibilities would make it > > easier for people to decide where to do the checks. We would need some > > comments or preconditions specified in lf_advlock to communicate what was > > expected so that we would know what to do in fcntl and open. > > > > Any comments? > > Yes. The syntactic checking should be in the system call layer, and > the grammatic checking should be in the lf_advlock layer, which should > be called from the system call layer. [..] > The call trace should be: > > fcntl(lock) <- check call syntax here > lf_advlock(lock) <- check arg values here > if( !VOP_ADVLOCK(lock)) > lf_advlock(unlock) > [..] > The place for the checking is either fcntl + open, or lf_advlock, > depending on who pulls the arguments in. Taking the preposterous lengths checking example, checking isn't necessary in open case since it is initialized to zero in the body of open. The cases you need to check are directly triggered externally in fcntl by user programs. This is why I think arg values should be checked at the system call level in this case. Regards, Mike