Subject: Re: kauth machdep actions (Re: CVS commit: src)
To: YAMAMOTO Takashi <>
From: Elad Efrat <>
List: tech-kern
Date: 12/23/2006 08:47:09
YAMAMOTO Takashi wrote:

> i meant, don't bother to have __HAVE_*, and just do:
> 	switch (action) {
> 			:
> 			:
> 		break;
> 			:
> 			:
> 		break;
> 	}

and, on machines with no 'iopl' request, what would KAUTH_MACHDEP_IOPL
be? and would that mean that there's code that appears to be handled in
the secmodel, but really isn't?

> in the case of UNMANAGEDMEM, i don't see why they require
> different handlings.  i suggest just to unify them.

I've asked about it in the past, twice:

you had this to say:

do you suggest to change security semantics so that we can have shorter
code? :)

> if something really needs different handling, we can use either of
> separate KAUTH_MACHDEP_xxx or an MD helper function.

what will happen eventually, I'm afraid, is that we can end up with
a lot of #ifdefs, per-arch functions, and much more disorder than what
we have now.

your point that it's duplicate or dead code is well justified, but
I don't like any of the alternatives.