On 16/12/2020 06:06, Jürgen Groß wrote: > On 15.12.20 19:09, Andrew Cooper wrote: >> >> Additionally, something in core.c should check for unknown flags and >> reject them them with EINVAL. It was buggy that this wasn't done >> before, and really needs to be implemented before we start having cases >> where people might plausibly pass something other than 0. > > Are you sure this is safe? I'm not arguing against it, but we considered > to do that and didn't dare to.
Well - you're already breaking things by adding meaning to bit 0 where it was previously ignored. But fundamentally - any caller passing non-zero to begin with is buggy, and it will be less bad to fix up our input validation and given them a clean EINVAL now. The alternative is no error and some weird side effect when we implement whichever bit they were settings. ~Andrew
