Subject: Re: Implementation of POSIX message queue
To: Mindaugas R. <rmind@NetBSD.org>
From: David Laight <david@l8s.co.uk>
List: tech-kern
Date: 08/17/2007 20:20:19
On Fri, Aug 17, 2007 at 03:02:48AM +0300, Mindaugas R. wrote:
>
> > /*
> > * According to POSIX - no message should be removed on
> > * failing case, thus we will check the pointers here.
> > */
> > if (subyte(msg_ptr, 0) == -1)
> > return EFAULT;
> > if (msg_prio && (subyte(msg_prio, 0) == -1))
> > return EFAULT;
> >
> > There's no real point to this and it's expensive to do. Does it make the
> > system call pass some conformance test?
> >
> > <...>
> >
> > (void)copyout(msg->msg_ptr, msg_ptr, msg->msg_len);
> >
> > The system call shouldn't fail silently, even if it means throwing the
> > message away. The value from copyout should be returned.
>
> POSIX defines, that if call fails - no message should be removed. In such
> case, I think it is reasonable to validate the user-space pointer at start,
> and ignore it later (as wrote in comment). Otherwise, if copyout() fails,
> revert of message removal would be needed - that is problematic..
That is also (probably) stated for many other calls.
In practise if a copyout fails the data is always deleted.
David
--
David Laight: david@l8s.co.uk