On Fri, Aug 17, 2007 at 03:02:48AM +0300, Mindaugas R. wrote:
> 
> > 	/*
> > 	 * According to POSIX - no message should be removed on
> > 	 * failing case, thus we will check the pointers here.
> > 	 */
> > 	if (subyte(msg_ptr, 0) == -1)
> > 		return EFAULT;
> > 	if (msg_prio && (subyte(msg_prio, 0) == -1))
> > 		return EFAULT;
> > 
> > There's no real point to this and it's expensive to do. Does it make the
> > system call pass some conformance test?
> >
> > <...>
> >
> > 	(void)copyout(msg->msg_ptr, msg_ptr, msg->msg_len);
> > 
> > The system call shouldn't fail silently, even if it means throwing the
> > message away. The value from copyout should be returned.
> 
> POSIX defines, that if call fails - no message should be removed. In such
> case, I think it is reasonable to validate the user-space pointer at start,
> and ignore it later (as wrote in comment). Otherwise, if copyout() fails,
> revert of message removal would be needed - that is problematic..

That is also (probably) stated for many other calls.
In practise if a copyout fails the data is always deleted.

	David

-- 
David Laight: david@l8s.co.uk