Page MenuHomeFreeBSD
Differential D43418

systm: Relax __result_use_check annotations
ClosedPublic
Actions

Authored by markj on Jan 12 2024, 3:10 PM.
Tags
None
Referenced Files
Unknown Object (File)
Mon, Jun 24, 3:04 AM
Unknown Object (File)
Sat, Jun 22, 11:51 PM
Unknown Object (File)
Wed, Jun 5, 2:06 PM
Unknown Object (File)
Apr 27 2024, 10:41 AM
Unknown Object (File)
Apr 27 2024, 10:40 AM
Unknown Object (File)
Apr 27 2024, 10:40 AM
Unknown Object (File)
Apr 27 2024, 9:43 AM
Unknown Object (File)
Apr 27 2024, 3:53 AM
View All 13 Files
Subscribers
imp

Details

Reviewers
kib
jhb
Commits
rGd07acc58d898: systm: Relax __result_use_check annotations
Summary

When compiling with gcc, functions annotated this way can not have their
return values cast away, e.g., with (void)copyout(...). clang permits
it but gcc does not. Since we have a number of such casts for calls
which copy data out of the kernel, and since failing to check for errors
when copying *in* is a much larger problem, remove some of the
annotations in order to make the gcc build happy.

Reported by: Jenkins
Fixes: 8e36732e6eb5 ("systm: Annotate copyin() and related functions with __result_use_check")

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

markj created this revision.Jan 12 2024, 3:10 PM
Herald added a subscriber: imp. · View Herald TranscriptJan 12 2024, 3:10 PM
markj requested review of this revision.Jan 12 2024, 3:10 PM
Harbormaster completed remote builds in B55392: Diff 132671.Jan 12 2024, 3:10 PM
kib added a comment.Jan 12 2024, 3:15 PM

Would it make more sense to change __result_use_check to be off for gcc for now?
It would be also useful to have some symbol that turn them forcibly on/off.

markj added a comment.Jan 12 2024, 3:32 PM
In D43418#989890, @kib wrote:

Would it make more sense to change __result_use_check to be off for gcc for now?
It would be also useful to have some symbol that turn them forcibly on/off.

I think my original change was just too aggressive. It's sometimes ok to ignore the return value of copyout(), and gcc documentation for this attribute states, "This is useful for functions where not checking the result is either a security problem or always a bug". This description applies to copyin(), but not to copyout().

kib accepted this revision.Jan 12 2024, 4:09 PM
This revision is now accepted and ready to land.Jan 12 2024, 4:09 PM
Closed by commit rGd07acc58d898: systm: Relax __result_use_check annotations (authored by markj). · Explain WhyJan 12 2024, 9:12 PM
This revision was automatically updated to reflect the committed changes.
markj added a commit: rGd07acc58d898: systm: Relax __result_use_check annotations.

Revision Contents
Changeset List

PathSize
sys/
sys/
14 lines

Diff 132703

View Options

sys/sys/systm.h

Loading...