Since process handles are the responsability of the
object manager,
it is the lowest place and the only place that should report this
failure. Rtl code shouldn't make assumptions about what is a valid
handle and what is not. If one day a new object manager is created
which uses negative handles as correct handles, and the 0 handle as
"Current process" handle, then thousands of lines of code woul dhave
to be changed. By leaving the responsability of determing what is and
what isn't a valid handle to the object manager itself, this keeps
the kernel componentized and mostly independent.
So what you're saying is that the functions in the modules of code
which actually do the work should perform the checking. What about
this: If a parameter is passed straight through a function to another
no checking should take place, but if any manipulation of the
parameters occurs then they should be checked? I think this might be
slightly different to your idea Alex. What does everyone think? I
personally think this is the best approach as it requires little, if
any duplicated checking code.
Comments welcome,
Martin