On Thu, Oct 31, 2019 at 02:33:32AM -0700, Brendan Higgins wrote: > 2) One of the layers in your program is too think, and you should > introduce a new layer with a new public interface that you can test > through. > > I think the second point here is problematic with how C is written in > the kernel. We don't really have any concept of public vs. private > inside the kernel outside of static vs. not static, which is much more > restricted. I don't find "2" to be a convincing argument (as you hint a bit at in the next paragraph)_. There are lots of things code is depending on (especially given the kernel's coding style guides about breaking up large functions into little ones), that you want to test to make sure is working correctly that has no public exposure, and you want to test those helper's corner cases which might be hard to (currently) reach via the higher level public APIs. -- Kees Cook
