LinuxSA Mailing list archives

  From: Dan Shearer <dan@shearer.org>
  To  : linuxsa@linuxsa.org.au
  Date: Mon, 19 Jun 2000 14:50:23 +0930 (CST)

Re: system write(2) call bounds checking

Daryl,

On Mon, 19 Jun 2000, Daryl Tester wrote:

> As Dan Shearer has just pointed out, something unusual is happening in
> the land of Oz.
> 
> Daryl Tester wrote:
> > [dt@nipnyep dt]$ ./tst
> > write: Operation not permitted
> > 
> > *Hmph* - not what I'd expected.
> 
> If you loop over a range of values of -1 to -31, the errno (implicitly
  :
> 
> Dan, where do we report something like this (after, of course,
> checking out that the latest kernel hasn't already fixed it)?

I think Alan Kennington is right. Do the fix (try ssize_t first, see what
complains, make some sensible decision about large sizes in general, I
haven't thought about it but there is sure to be some important boundary
condition) Mail the patch and an explanation with sample code to Alan Cox
(this isn't worth a kernel posting, in fact the best thing about maybe is
the worked example for linuxsa of how bugs in Linux get fixed :-)

Later on Alan Kennington wrote:

> This all reinforces the view that the linux kernel
> is lucky kludgerama. I.e. the code is not "tight" in the sense
> of checking every function return value and all function arguments
> to ensure no errors.   

I both agree and disagree. Certainly the Linux kernel needs lots of
auditing. The OpenBSD team have shown how to do this, and Linux hasn't had
nearly as much formal review. You'll find Linus and Alan (especially Alan)
talking about the need for auditing all the time. Having people stare at
every line of code trying to imagine the most perposterous things
happening is an extremely good practice.

On the other hand, 
 
  1) Compared to Linux, many (most?) other operating systems are worse. 
     Compare even QNX, which has earned a reputation for high quality. QNX
     programmers are always talking about "wonderful OS, but lots of 
     inconsistencies in the libraries and API behaviour". And Win32
     programming, well many on this list can talk about that. Funny return
     values, mismatched parameter types, inconsistent (and duplicated!) 
     structure definitions...

  2) A good rule-of-thumb measure of how well these small but important things
     are attended to is long-term stability under varied load and many
     different applications. How do you think Linux is going in that 
     department? Good :-)

So I think 'lucky kludgerama' might be true enough in absolute terms
simply due to the lack of an extra ten years or so of thrashing that a
kernel needs, but in relative terms Linux is looking good.

To anyone that understands these sorts of things, Microsoft claiming in
the same breath that "Windows 2000 has 10 million new lines of code" and
"Windows 2000 has been tested and is suitable for mission-critical
deployment" is just nonsense.

Dan

-- 
LinuxSA WWW: http://www.linuxsa.org.au/  IRC: #linuxsa on irc.linux.org.au
To unsubscribe from the LinuxSA list:
  mail linuxsa-request@linuxsa.org.au with "unsubscribe" as the subject