Page MenuHomeFreeBSD

systm: Relax __result_use_check annotations
ClosedPublic

Authored by markj on Jan 12 2024, 3:10 PM.
Tags
None
Referenced Files
Unknown Object (File)
Fri, Jan 10, 1:05 PM
Unknown Object (File)
Nov 30 2024, 6:24 PM
Unknown Object (File)
Nov 7 2024, 3:37 PM
Unknown Object (File)
Nov 7 2024, 2:50 PM
Unknown Object (File)
Sep 20 2024, 12:57 AM
Unknown Object (File)
Sep 19 2024, 7:30 PM
Unknown Object (File)
Sep 16 2024, 11:48 AM
Unknown Object (File)
Sep 11 2024, 10:25 AM
Subscribers

Details

Summary

When compiling with gcc, functions annotated this way can not have their
return values cast away, e.g., with (void)copyout(...). clang permits
it but gcc does not. Since we have a number of such casts for calls
which copy data out of the kernel, and since failing to check for errors
when copying *in* is a much larger problem, remove some of the
annotations in order to make the gcc build happy.

Reported by: Jenkins
Fixes: 8e36732e6eb5 ("systm: Annotate copyin() and related functions with __result_use_check")

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

markj requested review of this revision.Jan 12 2024, 3:10 PM

Would it make more sense to change __result_use_check to be off for gcc for now?
It would be also useful to have some symbol that turn them forcibly on/off.

In D43418#989890, @kib wrote:

Would it make more sense to change __result_use_check to be off for gcc for now?
It would be also useful to have some symbol that turn them forcibly on/off.

I think my original change was just too aggressive. It's sometimes ok to ignore the return value of copyout(), and gcc documentation for this attribute states, "This is useful for functions where not checking the result is either a security problem or always a bug". This description applies to copyin(), but not to copyout().

This revision is now accepted and ready to land.Jan 12 2024, 4:09 PM
This revision was automatically updated to reflect the committed changes.