From owner-svn-src-all@freebsd.org Thu Apr 5 20:31:46 2018 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 08DE7FA0A79; Thu, 5 Apr 2018 20:31:45 +0000 (UTC) (envelope-from brooks@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 76F256FCD5; Thu, 5 Apr 2018 20:31:45 +0000 (UTC) (envelope-from brooks@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 71A092789C; Thu, 5 Apr 2018 20:31:45 +0000 (UTC) (envelope-from brooks@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w35KVjCF032633; Thu, 5 Apr 2018 20:31:45 GMT (envelope-from brooks@FreeBSD.org) Received: (from brooks@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w35KVjQE032631; Thu, 5 Apr 2018 20:31:45 GMT (envelope-from brooks@FreeBSD.org) Message-Id: <201804052031.w35KVjQE032631@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: brooks set sender to brooks@FreeBSD.org using -f From: Brooks Davis Date: Thu, 5 Apr 2018 20:31:45 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r332086 - head/sys/kern X-SVN-Group: head X-SVN-Commit-Author: brooks X-SVN-Commit-Paths: head/sys/kern X-SVN-Commit-Revision: 332086 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Apr 2018 20:31:46 -0000 Author: brooks Date: Thu Apr 5 20:31:45 2018 New Revision: 332086 URL: https://svnweb.freebsd.org/changeset/base/332086 Log: Added SAL annotatations to system calls. Modify makesyscalls.sh to strip out SAL annotations. No functional change. This is based on work I started in CheriBSD and use to validate fat pointers at the syscall boundary. Tal Garfinkel reviewed the changes, added annotations to COMPAT* syscalls and is using them in a record and playback framework. One can envision other uses such as a WITNESS-like validator for copyin/out as speculated on in the review. As this time we are only annotating sys/kern/syscalls.master as that is sufficient for userspace work. If kernel use cases materialize, we can annotate other syscalls.master as needed. Submitted by: Tal Garfinkel Sponsored by: DARPA, AFRL (in part) Differential Revision: https://reviews.freebsd.org/D14285 Modified: head/sys/kern/makesyscalls.sh head/sys/kern/syscalls.master Modified: head/sys/kern/makesyscalls.sh ============================================================================== --- head/sys/kern/makesyscalls.sh Thu Apr 5 19:45:30 2018 (r332085) +++ head/sys/kern/makesyscalls.sh Thu Apr 5 20:31:45 2018 (r332086) @@ -400,6 +400,16 @@ sed -e ' } if (argtype[argc] == "") parserr($f, "argument definition") + + # The parser adds space around parens. + # Remove it from annotations. + gsub(/ \( /, "(", argtype[argc]); + gsub(/ \)/, ")", argtype[argc]); + + #remove annotations + gsub(/_In[^ ]*[_)] /, "", argtype[argc]); + gsub(/_Out[^ ]*[_)] /, "", argtype[argc]); + argname[argc]=$f; f += 2; # skip name, and any comma } Modified: head/sys/kern/syscalls.master ============================================================================== --- head/sys/kern/syscalls.master Thu Apr 5 19:45:30 2018 (r332085) +++ head/sys/kern/syscalls.master Thu Apr 5 20:31:45 2018 (r332086) @@ -43,7 +43,32 @@ ; function prototype in sys/sysproto.h. Does add a ; definition to syscall.h besides adding a sysent. ; NOTSTATIC syscall is loadable + +; annotations: +; SAL 2.0 annotations are used to specify how system calls treat +; arguments that are passed using pointers. There are three basic +; annotations. ; +; _In_ Object pointed to will be read and not modified. +; _Out_ Object pointed to will be written and not read. +; _Inout_ Object pointed to will be written and read. +; +; These annotations are used alone when the pointer refers to a single +; object i.e. scalar types, structs, and pointers, and not NULL. Adding +; the _opt_ suffix, e.g. _In_opt_, implies that the pointer may also +; refer to NULL. +; +; For pointers to arrays, additional suffixes are added: +; +; _In_z_, _Out_z_, _Inout_z_: +; for a NUL terminated array e.g. a string. +; _In_reads_z_(n),_Out_writes_z_(n), _Inout_updates_z_(n): +; for a NUL terminated array e.g. a string, of known length n bytes. +; _In_reads_(n),_Out_writes_(n),_Inout_updates_(n): +; for an array of n elements. +; _In_reads_bytes_(n), _Out_writes_bytes_(n), _Inout_updates_bytes(n): +; for a buffer of n-bytes. + ; Please copy any additions and changes to the following compatability tables: ; sys/compat/freebsd32/syscalls.master @@ -63,143 +88,181 @@ 1 AUE_EXIT STD { void sys_exit(int rval); } exit \ sys_exit_args void 2 AUE_FORK STD { int fork(void); } -3 AUE_READ STD { ssize_t read(int fd, void *buf, \ +3 AUE_READ STD { ssize_t read(int fd, \ + _Out_writes_bytes_(nbyte) void *buf, \ size_t nbyte); } -4 AUE_WRITE STD { ssize_t write(int fd, const void *buf, \ +4 AUE_WRITE STD { ssize_t write(int fd, \ + _In_reads_bytes_(nbyte) const void *buf, \ size_t nbyte); } -5 AUE_OPEN_RWTC STD { int open(char *path, int flags, int mode); } +5 AUE_OPEN_RWTC STD { int open( \ + _In_z_ char *path, \ + int flags, \ + int mode); } ; XXX should be { int open(const char *path, int flags, ...); } ; but we're not ready for `const' or varargs. ; XXX man page says `mode_t mode'. 6 AUE_CLOSE STD { int close(int fd); } -7 AUE_WAIT4 STD { int wait4(int pid, int *status, \ - int options, struct rusage *rusage); } -8 AUE_CREAT COMPAT { int creat(char *path, int mode); } -9 AUE_LINK STD { int link(char *path, char *link); } -10 AUE_UNLINK STD { int unlink(char *path); } +7 AUE_WAIT4 STD { int wait4(int pid, \ + _Out_opt_ int *status, \ + int options, \ + _Out_opt_ struct rusage *rusage); } +8 AUE_CREAT COMPAT { int creat(_In_z_ char *path, int mode); } +9 AUE_LINK STD { int link(_In_z_ char *path, \ + _In_z_ char *link); } +10 AUE_UNLINK STD { int unlink(_In_z_ char *path); } 11 AUE_NULL OBSOL execv -12 AUE_CHDIR STD { int chdir(char *path); } +12 AUE_CHDIR STD { int chdir(_In_z_ char *path); } 13 AUE_FCHDIR STD { int fchdir(int fd); } -14 AUE_MKNOD COMPAT11 { int mknod(char *path, int mode, int dev); } -15 AUE_CHMOD STD { int chmod(char *path, int mode); } -16 AUE_CHOWN STD { int chown(char *path, int uid, int gid); } -17 AUE_NULL STD { int obreak(char *nsize); } break \ +14 AUE_MKNOD COMPAT11 { int mknod(_In_z_ char *path, int mode, \ + int dev); } +15 AUE_CHMOD STD { int chmod(_In_z_ char *path, int mode); } +16 AUE_CHOWN STD { int chown(_In_z_ char *path, \ + int uid, int gid); } +17 AUE_NULL STD { int obreak(_In_ char *nsize); } break \ obreak_args int -18 AUE_GETFSSTAT COMPAT4 { int getfsstat(struct ostatfs *buf, \ +18 AUE_GETFSSTAT COMPAT4 { int getfsstat( \ + _Out_writes_bytes_opt_(bufsize) \ + struct ostatfs *buf, \ long bufsize, int mode); } 19 AUE_LSEEK COMPAT { long lseek(int fd, long offset, \ int whence); } 20 AUE_GETPID STD { pid_t getpid(void); } -21 AUE_MOUNT STD { int mount(char *type, char *path, \ - int flags, caddr_t data); } +21 AUE_MOUNT STD { int mount(_In_z_ char *type, \ + _In_z_ char *path, int flags, \ + _In_opt_ caddr_t data); } ; XXX `path' should have type `const char *' but we're not ready for that. -22 AUE_UMOUNT STD { int unmount(char *path, int flags); } +22 AUE_UMOUNT STD { int unmount(_In_z_ char *path, int flags); } 23 AUE_SETUID STD { int setuid(uid_t uid); } 24 AUE_GETUID STD { uid_t getuid(void); } 25 AUE_GETEUID STD { uid_t geteuid(void); } 26 AUE_PTRACE STD { int ptrace(int req, pid_t pid, \ - caddr_t addr, int data); } -27 AUE_RECVMSG STD { int recvmsg(int s, struct msghdr *msg, \ + _Inout_opt_ caddr_t addr, int data); } +27 AUE_RECVMSG STD { int recvmsg(int s, \ + _Inout_ struct msghdr *msg, int flags); } +28 AUE_SENDMSG STD { int sendmsg(int s, _In_ struct msghdr *msg, \ int flags); } -28 AUE_SENDMSG STD { int sendmsg(int s, struct msghdr *msg, \ - int flags); } -29 AUE_RECVFROM STD { int recvfrom(int s, caddr_t buf, \ +29 AUE_RECVFROM STD { int recvfrom(int s, \ + _Out_writes_bytes_(len) caddr_t buf, \ size_t len, int flags, \ + _Out_writes_bytes_opt_(*fromlenaddr) \ struct sockaddr * __restrict from, \ + _Inout_opt_ \ __socklen_t * __restrict fromlenaddr); } 30 AUE_ACCEPT STD { int accept(int s, \ + _Out_writes_bytes_opt_(*anamelen) \ struct sockaddr * __restrict name, \ + _Inout_opt_ \ __socklen_t * __restrict anamelen); } 31 AUE_GETPEERNAME STD { int getpeername(int fdes, \ + _Out_writes_bytes_(*alen) \ struct sockaddr * __restrict asa, \ + _Inout_opt_ \ __socklen_t * __restrict alen); } 32 AUE_GETSOCKNAME STD { int getsockname(int fdes, \ + _Out_writes_bytes_(*alen) \ struct sockaddr * __restrict asa, \ - __socklen_t * __restrict alen); } -33 AUE_ACCESS STD { int access(char *path, int amode); } -34 AUE_CHFLAGS STD { int chflags(const char *path, u_long flags); } + _Inout_ __socklen_t * __restrict alen); } +33 AUE_ACCESS STD { int access(_In_z_ char *path, int amode); } +34 AUE_CHFLAGS STD { int chflags(_In_z_ const char *path, \ + u_long flags); } 35 AUE_FCHFLAGS STD { int fchflags(int fd, u_long flags); } 36 AUE_SYNC STD { int sync(void); } 37 AUE_KILL STD { int kill(int pid, int signum); } -38 AUE_STAT COMPAT { int stat(char *path, struct ostat *ub); } +38 AUE_STAT COMPAT { int stat(_In_z_ char *path, \ + _Out_ struct ostat *ub); } 39 AUE_GETPPID STD { pid_t getppid(void); } -40 AUE_LSTAT COMPAT { int lstat(char *path, struct ostat *ub); } +40 AUE_LSTAT COMPAT { int lstat(_In_z_ char *path, \ + _Out_ struct ostat *ub); } 41 AUE_DUP STD { int dup(u_int fd); } 42 AUE_PIPE COMPAT10 { int pipe(void); } 43 AUE_GETEGID STD { gid_t getegid(void); } -44 AUE_PROFILE STD { int profil(caddr_t samples, size_t size, \ - size_t offset, u_int scale); } -45 AUE_KTRACE STD { int ktrace(const char *fname, int ops, \ - int facs, int pid); } +44 AUE_PROFILE STD { int profil( \ + _Out_writes_bytes_(size) caddr_t samples, \ + size_t size, size_t offset, u_int scale); } +45 AUE_KTRACE STD { int ktrace(_In_z_ const char *fname, \ + int ops, int facs, int pid); } 46 AUE_SIGACTION COMPAT { int sigaction(int signum, \ - struct osigaction *nsa, \ - struct osigaction *osa); } + _In_opt_ struct osigaction *nsa, \ + _Out_opt_ struct osigaction *osa); } 47 AUE_GETGID STD { gid_t getgid(void); } 48 AUE_SIGPROCMASK COMPAT { int sigprocmask(int how, osigset_t mask); } ; XXX note nonstandard (bogus) calling convention - the libc stub passes ; us the mask, not a pointer to it, and we return the old mask as the ; (int) return value. -49 AUE_GETLOGIN STD { int getlogin(char *namebuf, u_int \ - namelen); } -50 AUE_SETLOGIN STD { int setlogin(char *namebuf); } -51 AUE_ACCT STD { int acct(char *path); } +49 AUE_GETLOGIN STD { int getlogin( \ + _Out_writes_z_(namelen) char *namebuf, \ + u_int namelen); } +50 AUE_SETLOGIN STD { int setlogin(_In_z_ char *namebuf); } +51 AUE_ACCT STD { int acct(_In_z_ char *path); } 52 AUE_SIGPENDING COMPAT { int sigpending(void); } -53 AUE_SIGALTSTACK STD { int sigaltstack(stack_t *ss, \ - stack_t *oss); } +53 AUE_SIGALTSTACK STD { int sigaltstack(_In_opt_ stack_t *ss, \ + _Out_opt_ stack_t *oss); } 54 AUE_IOCTL STD { int ioctl(int fd, u_long com, \ - caddr_t data); } + _Inout_opt_ caddr_t data); } 55 AUE_REBOOT STD { int reboot(int opt); } -56 AUE_REVOKE STD { int revoke(char *path); } -57 AUE_SYMLINK STD { int symlink(char *path, char *link); } -58 AUE_READLINK STD { ssize_t readlink(char *path, char *buf, \ +56 AUE_REVOKE STD { int revoke(_In_z_ char *path); } +57 AUE_SYMLINK STD { int symlink(_In_z_ char *path, \ + _In_z_ char *link); } +58 AUE_READLINK STD { ssize_t readlink(_In_z_ char *path, \ + _Out_writes_z_(count) char *buf, \ size_t count); } -59 AUE_EXECVE STD { int execve(char *fname, char **argv, \ - char **envv); } +59 AUE_EXECVE STD { int execve( \ + _In_z_ char *fname, \ + _In_z_ char **argv, \ + _In_z_ char **envv); } 60 AUE_UMASK STD { int umask(int newmask); } umask umask_args \ int -61 AUE_CHROOT STD { int chroot(char *path); } -62 AUE_FSTAT COMPAT { int fstat(int fd, struct ostat *sb); } -63 AUE_NULL COMPAT { int getkerninfo(int op, char *where, \ - size_t *size, int arg); } getkerninfo \ - getkerninfo_args int +61 AUE_CHROOT STD { int chroot(_In_z_ char *path); } +62 AUE_FSTAT COMPAT { int fstat(int fd, _Out_ struct ostat *sb); } +63 AUE_NULL COMPAT { int getkerninfo(int op, \ + _Out_writes_bytes_opt(*size) char *where, \ + _Inout_opt_ size_t *size, \ + int arg); } getkerninfo getkerninfo_args int 64 AUE_NULL COMPAT { int getpagesize(void); } getpagesize \ getpagesize_args int -65 AUE_MSYNC STD { int msync(void *addr, size_t len, \ +65 AUE_MSYNC STD { int msync(_In_ void *addr, size_t len, \ int flags); } 66 AUE_VFORK STD { int vfork(void); } 67 AUE_NULL OBSOL vread 68 AUE_NULL OBSOL vwrite 69 AUE_SBRK STD { int sbrk(int incr); } 70 AUE_SSTK STD { int sstk(int incr); } -71 AUE_MMAP COMPAT { int mmap(void *addr, int len, int prot, \ +71 AUE_MMAP COMPAT { int mmap(_In_ void *addr, int len, int prot, \ int flags, int fd, long pos); } 72 AUE_O_VADVISE STD { int ovadvise(int anom); } vadvise \ ovadvise_args int -73 AUE_MUNMAP STD { int munmap(void *addr, size_t len); } -74 AUE_MPROTECT STD { int mprotect(void *addr, size_t len, \ - int prot); } -75 AUE_MADVISE STD { int madvise(void *addr, size_t len, \ - int behav); } +73 AUE_MUNMAP STD { int munmap(_In_ void *addr, size_t len); } +74 AUE_MPROTECT STD { int mprotect(_In_ void *addr, \ + size_t len, int prot); } +75 AUE_MADVISE STD { int madvise(_In_ void *addr, \ + size_t len, int behav); } 76 AUE_NULL OBSOL vhangup 77 AUE_NULL OBSOL vlimit -78 AUE_MINCORE STD { int mincore(const void *addr, size_t len, \ +78 AUE_MINCORE STD { int mincore( \ + _In_ const void *addr, \ + size_t len, \ + _Out_writes_bytes_(len/PAGE_SIZE) \ char *vec); } 79 AUE_GETGROUPS STD { int getgroups(u_int gidsetsize, \ + _Out_writes_opt_(gidsetsize) \ gid_t *gidset); } 80 AUE_SETGROUPS STD { int setgroups(u_int gidsetsize, \ - gid_t *gidset); } + _In_reads_(gidsetsize) gid_t *gidset); } 81 AUE_GETPGRP STD { int getpgrp(void); } 82 AUE_SETPGRP STD { int setpgid(int pid, int pgid); } -83 AUE_SETITIMER STD { int setitimer(u_int which, struct \ - itimerval *itv, struct itimerval *oitv); } +83 AUE_SETITIMER STD { int setitimer(u_int which, \ + _In_ struct itimerval *itv, \ + _Out_opt_ struct itimerval *oitv); } 84 AUE_WAIT4 COMPAT { int wait(void); } -85 AUE_SWAPON STD { int swapon(char *name); } +85 AUE_SWAPON STD { int swapon(_In_z_ char *name); } 86 AUE_GETITIMER STD { int getitimer(u_int which, \ - struct itimerval *itv); } -87 AUE_SYSCTL COMPAT { int gethostname(char *hostname, \ + _Out_ struct itimerval *itv); } +87 AUE_SYSCTL COMPAT { int gethostname( \ + _Out_writes_z_(len) char *hostname, \ u_int len); } gethostname \ gethostname_args int -88 AUE_SYSCTL COMPAT { int sethostname(char *hostname, \ +88 AUE_SYSCTL COMPAT { int sethostname( \ + _In_reads_z_(len) char *hostname, \ u_int len); } sethostname \ sethostname_args int 89 AUE_GETDTABLESIZE STD { int getdtablesize(void); } @@ -208,98 +271,129 @@ 92 AUE_FCNTL STD { int fcntl(int fd, int cmd, long arg); } ; XXX should be { int fcntl(int fd, int cmd, ...); } ; but we're not ready for varargs. -93 AUE_SELECT STD { int select(int nd, fd_set *in, fd_set *ou, \ - fd_set *ex, struct timeval *tv); } +93 AUE_SELECT STD { int select(int nd, \ + _Inout_opt_ fd_set *in, \ + _Inout_opt_ fd_set *ou, \ + _Inout_opt_ fd_set *ex, \ + _In_opt_ struct timeval *tv); } 94 AUE_NULL UNIMPL setdopt 95 AUE_FSYNC STD { int fsync(int fd); } 96 AUE_SETPRIORITY STD { int setpriority(int which, int who, \ int prio); } 97 AUE_SOCKET STD { int socket(int domain, int type, \ int protocol); } -98 AUE_CONNECT STD { int connect(int s, caddr_t name, \ +98 AUE_CONNECT STD { int connect(int s, \ + _In_reads_bytes_(namelen) caddr_t name, \ int namelen); } -99 AUE_ACCEPT COMPAT|NOARGS { int accept(int s, caddr_t name, \ - int *anamelen); } accept accept_args int +99 AUE_ACCEPT COMPAT|NOARGS { int accept(int s, \ + _Out_writes_bytes_opt_(*anamelen) \ + caddr_t name, int *anamelen); } \ + accept accept_args int 100 AUE_GETPRIORITY STD { int getpriority(int which, int who); } -101 AUE_SEND COMPAT { int send(int s, caddr_t buf, int len, \ +101 AUE_SEND COMPAT { int send(int s, \ + _In_reads_bytes_(len) caddr_t buf, \ + int len, \ int flags); } -102 AUE_RECV COMPAT { int recv(int s, caddr_t buf, int len, \ - int flags); } +102 AUE_RECV COMPAT { int recv(int s, \ + _Out_writes_bytes_(len) caddr_t buf, \ + int len, int flags); } 103 AUE_SIGRETURN COMPAT { int sigreturn( \ - struct osigcontext *sigcntxp); } -104 AUE_BIND STD { int bind(int s, caddr_t name, \ + _In_ struct osigcontext *sigcntxp); } +104 AUE_BIND STD { int bind(int s, \ + _In_reads_bytes_(namelen) caddr_t name, \ int namelen); } 105 AUE_SETSOCKOPT STD { int setsockopt(int s, int level, int name, \ - caddr_t val, int valsize); } + _In_reads_bytes_opt_(valsize) caddr_t val, \ + int valsize); } 106 AUE_LISTEN STD { int listen(int s, int backlog); } 107 AUE_NULL OBSOL vtimes -108 AUE_NULL COMPAT { int sigvec(int signum, struct sigvec *nsv, \ - struct sigvec *osv); } +108 AUE_NULL COMPAT { int sigvec(int signum, \ + _In_opt_ struct sigvec *nsv, \ + _Out_opt_ struct sigvec *osv); } 109 AUE_NULL COMPAT { int sigblock(int mask); } 110 AUE_NULL COMPAT { int sigsetmask(int mask); } 111 AUE_NULL COMPAT { int sigsuspend(osigset_t mask); } ; XXX note nonstandard (bogus) calling convention - the libc stub passes ; us the mask, not a pointer to it. -112 AUE_NULL COMPAT { int sigstack(struct sigstack *nss, \ - struct sigstack *oss); } -113 AUE_RECVMSG COMPAT { int recvmsg(int s, struct omsghdr *msg, \ +112 AUE_NULL COMPAT { int sigstack(_In_opt_ struct sigstack *nss, \ + _Out_opt_ struct sigstack *oss); } +113 AUE_RECVMSG COMPAT { int recvmsg(int s, \ + _Inout_ struct omsghdr *msg, \ int flags); } -114 AUE_SENDMSG COMPAT { int sendmsg(int s, caddr_t msg, \ +114 AUE_SENDMSG COMPAT { int sendmsg(int s, _In_ caddr_t msg, \ int flags); } 115 AUE_NULL OBSOL vtrace -116 AUE_GETTIMEOFDAY STD { int gettimeofday(struct timeval *tp, \ - struct timezone *tzp); } +116 AUE_GETTIMEOFDAY STD { int gettimeofday( \ + _Out_ struct timeval *tp, \ + _Out_opt_ struct timezone *tzp); } 117 AUE_GETRUSAGE STD { int getrusage(int who, \ - struct rusage *rusage); } + _Out_ struct rusage *rusage); } 118 AUE_GETSOCKOPT STD { int getsockopt(int s, int level, int name, \ - caddr_t val, int *avalsize); } + _Out_writes_bytes_opt_(*avalsize) \ + caddr_t val, _Inout_ int *avalsize); } 119 AUE_NULL UNIMPL resuba (BSD/OS 2.x) -120 AUE_READV STD { int readv(int fd, struct iovec *iovp, \ +120 AUE_READV STD { int readv(int fd, \ + _Inout_updates_(iovcnt) struct iovec *iovp, \ + u_int iovcnt); } +121 AUE_WRITEV STD { int writev(int fd, \ + _In_reads_opt_(iovcnt) struct iovec *iovp, \ u_int iovcnt); } -121 AUE_WRITEV STD { int writev(int fd, struct iovec *iovp, \ - u_int iovcnt); } -122 AUE_SETTIMEOFDAY STD { int settimeofday(struct timeval *tv, \ - struct timezone *tzp); } +122 AUE_SETTIMEOFDAY STD { int settimeofday( \ + _In_ struct timeval *tv, \ + _In_opt_ struct timezone *tzp); } 123 AUE_FCHOWN STD { int fchown(int fd, int uid, int gid); } 124 AUE_FCHMOD STD { int fchmod(int fd, int mode); } -125 AUE_RECVFROM COMPAT|NOARGS { int recvfrom(int s, caddr_t buf, \ - size_t len, int flags, caddr_t from, int \ - *fromlenaddr); } recvfrom recvfrom_args \ - int +125 AUE_RECVFROM COMPAT|NOARGS { int recvfrom(int s, \ + _Out_writes_(len) caddr_t buf, \ + size_t len, int flags, \ + _Out_writes_bytes_(*fromlenaddr) \ + caddr_t from, \ + _Inout_ int *fromlenaddr); } \ + recvfrom recvfrom_args int 126 AUE_SETREUID STD { int setreuid(int ruid, int euid); } 127 AUE_SETREGID STD { int setregid(int rgid, int egid); } -128 AUE_RENAME STD { int rename(char *from, char *to); } -129 AUE_TRUNCATE COMPAT { int truncate(char *path, long length); } +128 AUE_RENAME STD { int rename(_In_z_ char *from, \ + _In_z_ char *to); } +129 AUE_TRUNCATE COMPAT { int truncate(_In_z_ char *path, \ + long length); } 130 AUE_FTRUNCATE COMPAT { int ftruncate(int fd, long length); } 131 AUE_FLOCK STD { int flock(int fd, int how); } -132 AUE_MKFIFO STD { int mkfifo(char *path, int mode); } -133 AUE_SENDTO STD { int sendto(int s, caddr_t buf, size_t len, \ - int flags, caddr_t to, int tolen); } +132 AUE_MKFIFO STD { int mkfifo(_In_z_ char *path, int mode); } +133 AUE_SENDTO STD { int sendto(int s, \ + _In_reads_bytes_(len) caddr_t buf, \ + size_t len, int flags, \ + _In_reads_bytes_opt_(tolen) caddr_t to, \ + int tolen); } 134 AUE_SHUTDOWN STD { int shutdown(int s, int how); } 135 AUE_SOCKETPAIR STD { int socketpair(int domain, int type, \ - int protocol, int *rsv); } -136 AUE_MKDIR STD { int mkdir(char *path, int mode); } -137 AUE_RMDIR STD { int rmdir(char *path); } -138 AUE_UTIMES STD { int utimes(char *path, \ - struct timeval *tptr); } + int protocol, _Out_writes_(2) int *rsv); } +136 AUE_MKDIR STD { int mkdir(_In_z_ char *path, int mode); } +137 AUE_RMDIR STD { int rmdir(_In_z_ char *path); } +138 AUE_UTIMES STD { int utimes(_In_z_ char *path, \ + _In_ struct timeval *tptr); } 139 AUE_NULL OBSOL 4.2 sigreturn -140 AUE_ADJTIME STD { int adjtime(struct timeval *delta, \ - struct timeval *olddelta); } -141 AUE_GETPEERNAME COMPAT { int getpeername(int fdes, caddr_t asa, \ - int *alen); } +140 AUE_ADJTIME STD { int adjtime(_In_ struct timeval *delta, \ + _Out_opt_ struct timeval *olddelta); } +141 AUE_GETPEERNAME COMPAT { int getpeername(int fdes, \ + _Out_writes_bytes_(*alen) \ + caddr_t asa, \ + _Inout_opt_ int *alen); } 142 AUE_SYSCTL COMPAT { long gethostid(void); } 143 AUE_SYSCTL COMPAT { int sethostid(long hostid); } -144 AUE_GETRLIMIT COMPAT { int getrlimit(u_int which, struct \ +144 AUE_GETRLIMIT COMPAT { int getrlimit(u_int which, _Out_ struct \ orlimit *rlp); } 145 AUE_SETRLIMIT COMPAT { int setrlimit(u_int which, \ - struct orlimit *rlp); } + _Out_ struct orlimit *rlp); } 146 AUE_KILLPG COMPAT { int killpg(int pgid, int signum); } 147 AUE_SETSID STD { int setsid(void); } -148 AUE_QUOTACTL STD { int quotactl(char *path, int cmd, int uid, \ - caddr_t arg); } +148 AUE_QUOTACTL STD { int quotactl( \ + _In_z_ char *path, int cmd, int uid, \ + _In_ caddr_t arg); } 149 AUE_O_QUOTA COMPAT { int quota(void); } 150 AUE_GETSOCKNAME COMPAT|NOARGS { int getsockname(int fdec, \ - caddr_t asa, int *alen); } getsockname \ + _Out_writes_bytes_(*alen) \ + caddr_t asa, \ + _Inout_ int *alen); } getsockname \ getsockname_args int ; Syscalls 151-180 inclusive are reserved for vendor-specific @@ -310,28 +404,34 @@ 152 AUE_NULL UNIMPL sem_wakeup (BSD/OS 2.x) 153 AUE_NULL UNIMPL asyncdaemon (BSD/OS 2.x) ; 154 is initialised by the NLM code, if present. -154 AUE_NULL NOSTD { int nlm_syscall(int debug_level, int grace_period, int addr_count, char **addrs); } +154 AUE_NULL NOSTD { int nlm_syscall(int debug_level, \ + int grace_period, int addr_count, \ + _In_reads_(addr_count) \ + char **addrs); } ; 155 is initialized by the NFS code, if present. -155 AUE_NFS_SVC NOSTD { int nfssvc(int flag, caddr_t argp); } -156 AUE_GETDIRENTRIES COMPAT { int getdirentries(int fd, char *buf, \ - u_int count, long *basep); } -157 AUE_STATFS COMPAT4 { int statfs(char *path, \ - struct ostatfs *buf); } +155 AUE_NFS_SVC NOSTD { int nfssvc(int flag, _In_ caddr_t argp); } +156 AUE_GETDIRENTRIES COMPAT { int getdirentries(int fd, \ + _Out_writes_bytes_(count) char *buf, \ + u_int count, _Out_ long *basep); } +157 AUE_STATFS COMPAT4 { int statfs(_In_z_ char *path, \ + _Out_ struct ostatfs *buf); } 158 AUE_FSTATFS COMPAT4 { int fstatfs(int fd, \ - struct ostatfs *buf); } + _Out_ struct ostatfs *buf); } 159 AUE_NULL UNIMPL nosys -160 AUE_LGETFH STD { int lgetfh(char *fname, \ - struct fhandle *fhp); } -161 AUE_NFS_GETFH STD { int getfh(char *fname, \ - struct fhandle *fhp); } -162 AUE_SYSCTL COMPAT4 { int getdomainname(char *domainname, \ +160 AUE_LGETFH STD { int lgetfh(_In_z_ char *fname, \ + _Out_ struct fhandle *fhp); } +161 AUE_NFS_GETFH STD { int getfh(_In_z_ char *fname, \ + _Out_ struct fhandle *fhp); } +162 AUE_SYSCTL COMPAT4 { int getdomainname( \ + _Out_writes_z_(len) char *domainname, \ int len); } -163 AUE_SYSCTL COMPAT4 { int setdomainname(char *domainname, \ +163 AUE_SYSCTL COMPAT4 { int setdomainname( \ + _In_reads_z_(len) char *domainname, \ int len); } -164 AUE_NULL COMPAT4 { int uname(struct utsname *name); } -165 AUE_SYSARCH STD { int sysarch(int op, char *parms); } +164 AUE_NULL COMPAT4 { int uname(_Out_ struct utsname *name); } +165 AUE_SYSARCH STD { int sysarch(int op, _In_z_ char *parms); } 166 AUE_RTPRIO STD { int rtprio(int function, pid_t pid, \ - struct rtprio *rtp); } + _Inout_ struct rtprio *rtp); } 167 AUE_NULL UNIMPL nosys 168 AUE_NULL UNIMPL nosys 169 AUE_SEMSYS NOSTD { int semsys(int which, int a2, int a3, \ @@ -344,13 +444,15 @@ int a4); } ; XXX should be { int shmsys(int which, ...); } 172 AUE_NULL UNIMPL nosys -173 AUE_PREAD COMPAT6 { ssize_t pread(int fd, void *buf, \ +173 AUE_PREAD COMPAT6 { ssize_t pread(int fd, \ + _Out_writes_bytes_(nbyte) void *buf, \ size_t nbyte, int pad, off_t offset); } 174 AUE_PWRITE COMPAT6 { ssize_t pwrite(int fd, \ + _In_reads_bytes_(nbyte) \ const void *buf, \ size_t nbyte, int pad, off_t offset); } 175 AUE_SETFIB STD { int setfib(int fibnum); } -176 AUE_NTP_ADJTIME STD { int ntp_adjtime(struct timex *tp); } +176 AUE_NTP_ADJTIME STD { int ntp_adjtime(_Inout_ struct timex *tp); } 177 AUE_NULL UNIMPL sfork (BSD/OS 2.x) 178 AUE_NULL UNIMPL getdescriptor (BSD/OS 2.x) 179 AUE_NULL UNIMPL setdescriptor (BSD/OS 2.x) @@ -364,46 +466,58 @@ 185 AUE_NULL UNIMPL lfs_markv 186 AUE_NULL UNIMPL lfs_segclean 187 AUE_NULL UNIMPL lfs_segwait -188 AUE_STAT COMPAT11 { int stat(char *path, \ - struct freebsd11_stat *ub); } +188 AUE_STAT COMPAT11 { int stat(_In_z_ char *path, \ + _Out_ struct freebsd11_stat *ub); } 189 AUE_FSTAT COMPAT11 { int fstat(int fd, \ - struct freebsd11_stat *sb); } -190 AUE_LSTAT COMPAT11 { int lstat(char *path, \ - struct freebsd11_stat *ub); } -191 AUE_PATHCONF STD { int pathconf(char *path, int name); } + _Out_ struct freebsd11_stat *sb); } +190 AUE_LSTAT COMPAT11 { int lstat(_In_z_ char *path, \ + _Out_ struct freebsd11_stat *ub); } +191 AUE_PATHCONF STD { int pathconf(_In_z_ char *path, int name); } 192 AUE_FPATHCONF STD { int fpathconf(int fd, int name); } 193 AUE_NULL UNIMPL nosys 194 AUE_GETRLIMIT STD { int getrlimit(u_int which, \ - struct rlimit *rlp); } getrlimit \ + _Out_ struct rlimit *rlp); } getrlimit \ __getrlimit_args int 195 AUE_SETRLIMIT STD { int setrlimit(u_int which, \ - struct rlimit *rlp); } setrlimit \ + _In_ struct rlimit *rlp); } setrlimit \ __setrlimit_args int -196 AUE_GETDIRENTRIES COMPAT11 { int getdirentries(int fd, char *buf, \ - u_int count, long *basep); } -197 AUE_MMAP COMPAT6 { caddr_t mmap(caddr_t addr, \ - size_t len, int prot, int flags, int fd, \ - int pad, off_t pos); } +196 AUE_GETDIRENTRIES COMPAT11 { int getdirentries(int fd, \ + _Out_writes_bytes_(count) char *buf, \ + u_int count, _Out_ long *basep); } +197 AUE_MMAP COMPAT6 { caddr_t mmap(_In_ caddr_t addr, size_t len, \ + int prot, int flags, int fd, int pad, \ + off_t pos); } 198 AUE_NULL NOPROTO { int nosys(void); } __syscall \ __syscall_args int 199 AUE_LSEEK COMPAT6 { off_t lseek(int fd, int pad, \ off_t offset, int whence); } -200 AUE_TRUNCATE COMPAT6 { int truncate(char *path, int pad, \ +200 AUE_TRUNCATE COMPAT6 { int truncate(_In_z_ char *path, int pad, \ off_t length); } 201 AUE_FTRUNCATE COMPAT6 { int ftruncate(int fd, int pad, \ off_t length); } -202 AUE_SYSCTL STD { int __sysctl(int *name, u_int namelen, \ - void *old, size_t *oldlenp, void *new, \ - size_t newlen); } __sysctl sysctl_args int -203 AUE_MLOCK STD { int mlock(const void *addr, size_t len); } -204 AUE_MUNLOCK STD { int munlock(const void *addr, size_t len); } -205 AUE_UNDELETE STD { int undelete(char *path); } -206 AUE_FUTIMES STD { int futimes(int fd, struct timeval *tptr); } +202 AUE_SYSCTL STD { int __sysctl( \ + _In_reads_(namelen) int *name, \ + u_int namelen, \ + _Out_writes_bytes_opt_(*oldlenp) \ + void *old, \ + _Inout_opt_ size_t *oldlenp, \ + _In_reads_bytes_opt_(newlen) \ + void *new, \ + size_t newlen); } \ + __sysctl sysctl_args int +203 AUE_MLOCK STD { int mlock(_In_ const void *addr, \ + size_t len); } +204 AUE_MUNLOCK STD { int munlock(_In_ const void *addr, \ + size_t len); } +205 AUE_UNDELETE STD { int undelete(_In_z_ char *path); } +206 AUE_FUTIMES STD { int futimes(int fd, \ + _In_reads_(2) struct timeval *tptr); } 207 AUE_GETPGID STD { int getpgid(pid_t pid); } 208 AUE_NULL UNIMPL nosys -209 AUE_POLL STD { int poll(struct pollfd *fds, u_int nfds, \ - int timeout); } - +209 AUE_POLL STD { int poll( \ + _Inout_updates_(nfds) \ + struct pollfd *fds, \ + u_int nfds, int timeout); } ; ; The following are reserved for loadable syscalls ; @@ -422,67 +536,84 @@ int cmd, union semun_old *arg); } 221 AUE_SEMGET NOSTD { int semget(key_t key, int nsems, \ int semflg); } -222 AUE_SEMOP NOSTD { int semop(int semid, struct sembuf *sops, \ +222 AUE_SEMOP NOSTD { int semop(int semid, \ + _In_reads_(nsops) struct sembuf *sops, \ size_t nsops); } 223 AUE_NULL UNIMPL semconfig 224 AUE_MSGCTL COMPAT7|NOSTD { int msgctl(int msqid, int cmd, \ struct msqid_ds_old *buf); } 225 AUE_MSGGET NOSTD { int msgget(key_t key, int msgflg); } -226 AUE_MSGSND NOSTD { int msgsnd(int msqid, const void *msgp, \ +226 AUE_MSGSND NOSTD { int msgsnd(int msqid, \ + _In_reads_bytes_(msgsz) const void *msgp, \ size_t msgsz, int msgflg); } -227 AUE_MSGRCV NOSTD { ssize_t msgrcv(int msqid, void *msgp, \ +227 AUE_MSGRCV NOSTD { ssize_t msgrcv(int msqid, \ + _Out_writes_bytes_(msgsz) void *msgp, \ size_t msgsz, long msgtyp, int msgflg); } -228 AUE_SHMAT NOSTD { int shmat(int shmid, const void *shmaddr, \ +228 AUE_SHMAT NOSTD { int shmat(int shmid, \ + _In_ const void *shmaddr, \ int shmflg); } 229 AUE_SHMCTL COMPAT7|NOSTD { int shmctl(int shmid, int cmd, \ struct shmid_ds_old *buf); } -230 AUE_SHMDT NOSTD { int shmdt(const void *shmaddr); } +230 AUE_SHMDT NOSTD { int shmdt(_In_ const void *shmaddr); } 231 AUE_SHMGET NOSTD { int shmget(key_t key, size_t size, \ int shmflg); } ; 232 AUE_NULL STD { int clock_gettime(clockid_t clock_id, \ - struct timespec *tp); } -233 AUE_CLOCK_SETTIME STD { int clock_settime( \ - clockid_t clock_id, \ - const struct timespec *tp); } + _Out_ struct timespec *tp); } +233 AUE_CLOCK_SETTIME STD { int clock_settime(clockid_t clock_id, \ + _In_ const struct timespec *tp); } 234 AUE_NULL STD { int clock_getres(clockid_t clock_id, \ - struct timespec *tp); } -235 AUE_NULL STD { int ktimer_create(clockid_t clock_id, \ - struct sigevent *evp, int *timerid); } + _Out_ struct timespec *tp); } +235 AUE_NULL STD { int ktimer_create( \ + clockid_t clock_id, \ + _In_ struct sigevent *evp, \ + _Out_ int *timerid); } 236 AUE_NULL STD { int ktimer_delete(int timerid); } -237 AUE_NULL STD { int ktimer_settime(int timerid, int flags, \ - const struct itimerspec *value, \ - struct itimerspec *ovalue); } -238 AUE_NULL STD { int ktimer_gettime(int timerid, struct \ - itimerspec *value); } +237 AUE_NULL STD { int ktimer_settime(int timerid, \ + int flags, \ + _In_ const struct itimerspec *value, \ + _Out_opt_ struct itimerspec *ovalue); } +238 AUE_NULL STD { int ktimer_gettime(int timerid, \ + _Out_ struct itimerspec *value); } 239 AUE_NULL STD { int ktimer_getoverrun(int timerid); } -240 AUE_NULL STD { int nanosleep(const struct timespec *rqtp, \ - struct timespec *rmtp); } -241 AUE_NULL STD { int ffclock_getcounter(ffcounter *ffcount); } +240 AUE_NULL STD { int nanosleep( \ + _In_ const struct timespec *rqtp, \ + _Out_opt_ struct timespec *rmtp); } +241 AUE_NULL STD { int ffclock_getcounter( \ + _Out_ ffcounter *ffcount); } 242 AUE_NULL STD { int ffclock_setestimate( \ - struct ffclock_estimate *cest); } + _In_ struct ffclock_estimate *cest); } 243 AUE_NULL STD { int ffclock_getestimate( \ - struct ffclock_estimate *cest); } + _Out_ struct ffclock_estimate *cest); } 244 AUE_NULL STD { int clock_nanosleep(clockid_t clock_id, \ - int flags, const struct timespec *rqtp, \ - struct timespec *rmtp); } + int flags, \ + _In_ const struct timespec *rqtp, \ + _Out_opt_ struct timespec *rmtp); } 245 AUE_NULL UNIMPL nosys 246 AUE_NULL UNIMPL nosys -247 AUE_NULL STD { int clock_getcpuclockid2(id_t id,\ - int which, clockid_t *clock_id); } -248 AUE_NULL STD { int ntp_gettime(struct ntptimeval *ntvp); } +247 AUE_NULL STD { int clock_getcpuclockid2(id_t id, \ + int which, _Out_ clockid_t *clock_id); } +248 AUE_NULL STD { int ntp_gettime( \ + _Out_ struct ntptimeval *ntvp); } 249 AUE_NULL UNIMPL nosys -250 AUE_MINHERIT STD { int minherit(void *addr, size_t len, \ - int inherit); } +; syscall numbers initially used in OpenBSD +250 AUE_MINHERIT STD { int minherit( \ + _In_ void *addr, \ + size_t len, int inherit); } 251 AUE_RFORK STD { int rfork(int flags); } 252 AUE_POLL OBSOL openbsd_poll 253 AUE_ISSETUGID STD { int issetugid(void); } -254 AUE_LCHOWN STD { int lchown(char *path, int uid, int gid); } -255 AUE_AIO_READ STD { int aio_read(struct aiocb *aiocbp); } -256 AUE_AIO_WRITE STD { int aio_write(struct aiocb *aiocbp); } +254 AUE_LCHOWN STD { int lchown(_In_z_ char *path, int uid, \ + int gid); } +255 AUE_AIO_READ STD { int aio_read( \ + _Inout_ struct aiocb *aiocbp); } +256 AUE_AIO_WRITE STD { int aio_write( \ + _Inout_ struct aiocb *aiocbp); } 257 AUE_LIO_LISTIO STD { int lio_listio(int mode, \ - struct aiocb * const *acb_list, \ - int nent, struct sigevent *sig); } + _Inout_updates_(nent) \ + struct aiocb* const *acb_list, \ + int nent, \ + _In_opt_ struct sigevent *sig); } 258 AUE_NULL UNIMPL nosys 259 AUE_NULL UNIMPL nosys 260 AUE_NULL UNIMPL nosys @@ -497,20 +628,23 @@ 269 AUE_NULL UNIMPL nosys 270 AUE_NULL UNIMPL nosys 271 AUE_NULL UNIMPL nosys -272 AUE_O_GETDENTS COMPAT11 { int getdents(int fd, char *buf, \ +272 AUE_O_GETDENTS COMPAT11 { int getdents(int fd, \ + _Out_writes_bytes_(count) char *buf, \ size_t count); } 273 AUE_NULL UNIMPL nosys -274 AUE_LCHMOD STD { int lchmod(char *path, mode_t mode); } +274 AUE_LCHMOD STD { int lchmod(_In_z_ char *path, mode_t mode); } 275 AUE_LCHOWN NOPROTO { int lchown(char *path, uid_t uid, \ gid_t gid); } netbsd_lchown lchown_args \ int -276 AUE_LUTIMES STD { int lutimes(char *path, \ - struct timeval *tptr); } -277 AUE_MSYNC NOPROTO { int msync(void *addr, size_t len, \ +276 AUE_LUTIMES STD { int lutimes(_In_z_ char *path, \ + _In_ struct timeval *tptr); } +277 AUE_MSYNC NOPROTO { int msync(_In_ void *addr, size_t len, \ int flags); } netbsd_msync msync_args int -278 AUE_STAT COMPAT11 { int nstat(char *path, struct nstat *ub); } -279 AUE_FSTAT COMPAT11 { int nfstat(int fd, struct nstat *sb); } -280 AUE_LSTAT COMPAT11 { int nlstat(char *path, struct nstat *ub); } +278 AUE_STAT COMPAT11 { int nstat(_In_z_ char *path, \ + _Out_ struct nstat *ub); } +279 AUE_FSTAT COMPAT11 { int nfstat(int fd, _Out_ struct nstat *sb); } +280 AUE_LSTAT COMPAT11 { int nlstat(_In_z_ char *path, \ + _Out_ struct nstat *ub); } 281 AUE_NULL UNIMPL nosys 282 AUE_NULL UNIMPL nosys 283 AUE_NULL UNIMPL nosys @@ -519,10 +653,13 @@ 286 AUE_NULL UNIMPL nosys 287 AUE_NULL UNIMPL nosys 288 AUE_NULL UNIMPL nosys -289 AUE_PREADV STD { ssize_t preadv(int fd, struct iovec *iovp, \ - u_int iovcnt, off_t offset); } -290 AUE_PWRITEV STD { ssize_t pwritev(int fd, struct iovec *iovp, \ - u_int iovcnt, off_t offset); } +289 AUE_PREADV STD { ssize_t preadv(int fd, \ + _In_reads_(iovcnt) \ + struct iovec *iovp, \ + u_int iovcnt, off_t offset); } +290 AUE_PWRITEV STD { ssize_t pwritev(int fd, \ + _In_reads_(iovcnt) struct iovec *iovp, \ + u_int iovcnt, off_t offset); } 291 AUE_NULL UNIMPL nosys 292 AUE_NULL UNIMPL nosys 293 AUE_NULL UNIMPL nosys @@ -530,23 +667,25 @@ 295 AUE_NULL UNIMPL nosys 296 AUE_NULL UNIMPL nosys 297 AUE_FHSTATFS COMPAT4 { int fhstatfs( \ - const struct fhandle *u_fhp, \ - struct ostatfs *buf); } -298 AUE_FHOPEN STD { int fhopen(const struct fhandle *u_fhp, \ + _In_ const struct fhandle *u_fhp, \ + _Out_ struct ostatfs *buf); } +298 AUE_FHOPEN STD { int fhopen( \ + _In_ const struct fhandle *u_fhp, \ int flags); } -299 AUE_FHSTAT COMPAT11 { int fhstat(const struct fhandle *u_fhp, \ - struct freebsd11_stat *sb); } +299 AUE_FHSTAT COMPAT11 { int fhstat( \ + _In_ const struct fhandle *u_fhp, \ + _Out_ struct freebsd11_stat *sb); } 300 AUE_NULL STD { int modnext(int modid); } 301 AUE_NULL STD { int modstat(int modid, \ - struct module_stat *stat); } + _Out_ struct module_stat* stat); } 302 AUE_NULL STD { int modfnext(int modid); } -303 AUE_NULL STD { int modfind(const char *name); } -304 AUE_MODLOAD STD { int kldload(const char *file); } +303 AUE_NULL STD { int modfind(_In_z_ const char *name); } +304 AUE_MODLOAD STD { int kldload(_In_z_ const char *file); } 305 AUE_MODUNLOAD STD { int kldunload(int fileid); } -306 AUE_NULL STD { int kldfind(const char *file); } +306 AUE_NULL STD { int kldfind(_In_z_ const char *file); } 307 AUE_NULL STD { int kldnext(int fileid); } -308 AUE_NULL STD { int kldstat(int fileid, struct \ - kld_file_stat* stat); } +308 AUE_NULL STD { int kldstat(int fileid, \ + _Out_ struct kld_file_stat *stat); } 309 AUE_NULL STD { int kldfirstmod(int fileid); } 310 AUE_GETSID STD { int getsid(pid_t pid); } 311 AUE_SETRESUID STD { int setresuid(uid_t ruid, uid_t euid, \ @@ -554,109 +693,140 @@ 312 AUE_SETRESGID STD { int setresgid(gid_t rgid, gid_t egid, \ gid_t sgid); } 313 AUE_NULL OBSOL signanosleep -314 AUE_AIO_RETURN STD { ssize_t aio_return(struct aiocb *aiocbp); } +314 AUE_AIO_RETURN STD { ssize_t aio_return( \ + _Inout_ struct aiocb *aiocbp); } 315 AUE_AIO_SUSPEND STD { int aio_suspend( \ - struct aiocb * const * aiocbp, int nent, \ + _Inout_updates_(nent) \ + struct aiocb * const * aiocbp, \ + int nent, \ + _In_opt_ \ const struct timespec *timeout); } 316 AUE_AIO_CANCEL STD { int aio_cancel(int fd, \ - struct aiocb *aiocbp); } -317 AUE_AIO_ERROR STD { int aio_error(struct aiocb *aiocbp); } -318 AUE_AIO_READ COMPAT6 { int aio_read(struct oaiocb *aiocbp); } -319 AUE_AIO_WRITE COMPAT6 { int aio_write(struct oaiocb *aiocbp); } + _In_opt_ struct aiocb *aiocbp); } +317 AUE_AIO_ERROR STD { int aio_error( \ + _In_ struct aiocb *aiocbp); } +318 AUE_AIO_READ COMPAT6 { int aio_read( \ + _Inout_ struct oaiocb *aiocbp); } +319 AUE_AIO_WRITE COMPAT6 { int aio_write( \ + _Inout_ struct oaiocb *aiocbp); } 320 AUE_LIO_LISTIO COMPAT6 { int lio_listio(int mode, \ + _Inout_updates_(nent) \ struct oaiocb * const *acb_list, \ - int nent, struct osigevent *sig); } + int nent, \ + _In_opt_ struct osigevent *sig); } 321 AUE_NULL STD { int yield(void); } 322 AUE_NULL OBSOL thr_sleep 323 AUE_NULL OBSOL thr_wakeup 324 AUE_MLOCKALL STD { int mlockall(int how); } 325 AUE_MUNLOCKALL STD { int munlockall(void); } -326 AUE_GETCWD STD { int __getcwd(char *buf, size_t buflen); } - +326 AUE_GETCWD STD { int __getcwd( \ + _Out_writes_z_(buflen) char *buf, \ + size_t buflen); } 327 AUE_NULL STD { int sched_setparam (pid_t pid, \ - const struct sched_param *param); } -328 AUE_NULL STD { int sched_getparam (pid_t pid, struct \ - sched_param *param); } - + _In_ const struct sched_param *param); } +328 AUE_NULL STD { int sched_getparam (pid_t pid, \ + _Out_ struct sched_param *param); } 329 AUE_NULL STD { int sched_setscheduler (pid_t pid, int \ - policy, const struct sched_param \ + policy, _In_ const struct sched_param \ *param); } 330 AUE_NULL STD { int sched_getscheduler (pid_t pid); } - 331 AUE_NULL STD { int sched_yield (void); } 332 AUE_NULL STD { int sched_get_priority_max (int policy); } 333 AUE_NULL STD { int sched_get_priority_min (int policy); } 334 AUE_NULL STD { int sched_rr_get_interval (pid_t pid, \ - struct timespec *interval); } -335 AUE_NULL STD { int utrace(const void *addr, size_t len); } + _Out_ struct timespec *interval); } +335 AUE_NULL STD { int utrace( \ + _In_reads_bytes_(len) const void *addr, \ + size_t len); } 336 AUE_SENDFILE COMPAT4 { int sendfile(int fd, int s, \ off_t offset, size_t nbytes, \ - struct sf_hdtr *hdtr, off_t *sbytes, \ - int flags); } + _In_opt_ struct sf_hdtr *hdtr, \ + _Out_opt_ off_t *sbytes, int flags); } 337 AUE_NULL STD { int kldsym(int fileid, int cmd, \ - void *data); } -338 AUE_JAIL STD { int jail(struct jail *jail); } + _In_ void *data); } +338 AUE_JAIL STD { int jail( \ + _In_ struct jail *jail); } + 339 AUE_NULL NOSTD|NOTSTATIC { int nnpfs_syscall(int operation, \ char *a_pathP, int a_opcode, \ - void *a_paramsP, int a_followSymlinks); } + void *a_paramsP, \ + int a_followSymlinks); } 340 AUE_SIGPROCMASK STD { int sigprocmask(int how, \ - const sigset_t *set, sigset_t *oset); } -341 AUE_SIGSUSPEND STD { int sigsuspend(const sigset_t *sigmask); } -342 AUE_SIGACTION COMPAT4 { int sigaction(int sig, const \ - struct sigaction *act, \ - struct sigaction *oact); } -343 AUE_SIGPENDING STD { int sigpending(sigset_t *set); } + _In_opt_ const sigset_t *set, \ + _Out_opt_ sigset_t *oset); } +341 AUE_SIGSUSPEND STD { int sigsuspend( \ + _In_ const sigset_t *sigmask); } +342 AUE_SIGACTION COMPAT4 { int sigaction(int sig, \ + _In_opt_ const struct sigaction *act, \ + _Out_opt_ struct sigaction *oact); } +343 AUE_SIGPENDING STD { int sigpending(_In_ sigset_t *set); } 344 AUE_SIGRETURN COMPAT4 { int sigreturn( \ - const struct ucontext4 *sigcntxp); } -345 AUE_SIGWAIT STD { int sigtimedwait(const sigset_t *set, \ - siginfo_t *info, \ - const struct timespec *timeout); } -346 AUE_NULL STD { int sigwaitinfo(const sigset_t *set, \ - siginfo_t *info); } -347 AUE_ACL_GET_FILE STD { int __acl_get_file(const char *path, \ - acl_type_t type, struct acl *aclp); } -348 AUE_ACL_SET_FILE STD { int __acl_set_file(const char *path, \ - acl_type_t type, struct acl *aclp); } + _In_ const struct ucontext4 *sigcntxp); } +345 AUE_SIGWAIT STD { int sigtimedwait(_In_ const sigset_t *set, \ + _Out_opt_ siginfo_t *info, \ + _In_opt_ const struct timespec *timeout); } +346 AUE_NULL STD { int sigwaitinfo(_In_ const sigset_t *set, \ + _Out_opt_ siginfo_t *info); } +347 AUE_ACL_GET_FILE STD { int __acl_get_file( \ + _In_z_ const char *path, \ + acl_type_t type, \ + _Out_ struct acl *aclp); } +348 AUE_ACL_SET_FILE STD { int __acl_set_file( \ + _In_z_ const char *path, \ + acl_type_t type, _In_ struct acl *aclp); } 349 AUE_ACL_GET_FD STD { int __acl_get_fd(int filedes, \ - acl_type_t type, struct acl *aclp); } + acl_type_t type, _Out_ struct acl *aclp); } 350 AUE_ACL_SET_FD STD { int __acl_set_fd(int filedes, \ - acl_type_t type, struct acl *aclp); } -351 AUE_ACL_DELETE_FILE STD { int __acl_delete_file(const char *path, \ + acl_type_t type, _In_ struct acl *aclp); } +351 AUE_ACL_DELETE_FILE STD { int __acl_delete_file( \ + _In_z_ const char *path, \ acl_type_t type); } 352 AUE_ACL_DELETE_FD STD { int __acl_delete_fd(int filedes, \ acl_type_t type); } -353 AUE_ACL_CHECK_FILE STD { int __acl_aclcheck_file(const char *path, \ - acl_type_t type, struct acl *aclp); } +353 AUE_ACL_CHECK_FILE STD { int __acl_aclcheck_file( \ + _In_z_ const char *path, \ + acl_type_t type, _In_ struct acl *aclp); } 354 AUE_ACL_CHECK_FD STD { int __acl_aclcheck_fd(int filedes, \ - acl_type_t type, struct acl *aclp); } -355 AUE_EXTATTRCTL STD { int extattrctl(const char *path, int cmd, \ - const char *filename, int attrnamespace, \ - const char *attrname); } + acl_type_t type, _In_ struct acl *aclp); } +355 AUE_EXTATTRCTL STD { int extattrctl(_In_z_ const char *path, \ + int cmd, _In_z_opt_ const char *filename, \ + int attrnamespace, \ + _In_z_ const char *attrname); } 356 AUE_EXTATTR_SET_FILE STD { ssize_t extattr_set_file( \ - const char *path, int attrnamespace, \ - const char *attrname, void *data, \ + _In_z_ const char *path, \ + int attrnamespace, \ + _In_z_ const char *attrname, \ + _In_reads_bytes_(nbytes) void *data, \ size_t nbytes); } 357 AUE_EXTATTR_GET_FILE STD { ssize_t extattr_get_file( \ - const char *path, int attrnamespace, \ - const char *attrname, void *data, \ + _In_z_ const char *path, \ *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***