| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CACT4Y+Y04JC359J3DnLzLzhMRPNLem11oj+u04GoEazhpmzWTw@mail.gmail.com> Date: Wed, 25 Jun 2025 10:52:46 +0200 From: Dmitry Vyukov <dvyukov@...gle.com> To: Sasha Levin <sashal@...nel.org> Cc: kees@...nel.org, elver@...gle.com, linux-api@...r.kernel.org, linux-kernel@...r.kernel.org, tools@...nel.org, workflows@...r.kernel.org Subject: Re: [RFC 00/19] Kernel API Specification Framework On Tue, 24 Jun 2025 at 22:04, Sasha Levin <sashal@...nel.org> wrote: > >6. What's the goal of validation of the input arguments? > >Kernel code must do this validation anyway, right. > >Any non-trivial validation is hard, e.g. even for open the validation function > >for file name would need to have access to flags and check file precense for > >some flags combinations. That may add significant amount of non-trivial code > >that duplicates main syscall logic, and that logic may also have bugs and > >memory leaks. > > Mostly to catch divergence from the spec: think of a scenario where > someone added a new param/flag/etc but forgot to update the spec - this > will help catch it. How exactly is this supposed to work? Even if we run with a unit test suite, a test suite may include some incorrect inputs to check for error conditions. The framework will report violations on these incorrect inputs. These are not bugs in the API specifications, nor in the test suite (read false positives).
Powered by blists - more mailing lists