From nobody Fri Jan 12 21:25:43 2024
X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4TBZMc0lvBz56PQ0;
	Fri, 12 Jan 2024 21:25:48 +0000 (UTC)
	(envelope-from rpokala@freebsd.org)
Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "smtp.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4TBZMc0CcFz4YVB;
	Fri, 12 Jan 2024 21:25:48 +0000 (UTC)
	(envelope-from rpokala@freebsd.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1705094748;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=GrP/uJFh3CQ4pKjXHTPXHtxk7HQH+/fb8tex1mBalrQ=;
	b=kAfwl35+hlf4HRKhOXhpnHxTgxVmeKUNijIN/7lg0dSRL+8QHlHps/G4hA9BuaT7jMbTdX
	xECp9r+6p1rkpx1wblSM96jKalts07o/QQlRmufZauOo+Le5ukTjeaaYadY4dzg2djYySd
	xG94FcIC8sPhyt7axskyQ3qBuBZ24RuB3hEXzbXX3Azb3NhywQEYV2DBZlexSR78iG2cU7
	6IsAQf2CFoU15uCRMH6KoOnA4zzXh7iG33+dvgD0qQIYniEkGsG5Jg6infWRtfFkF/NHdU
	+uqfl376luSdmS4340OFEpwbuBUKeJnxGRQsJ6tohP47MmLsPVkL7qgidnknAg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1705094748;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=GrP/uJFh3CQ4pKjXHTPXHtxk7HQH+/fb8tex1mBalrQ=;
	b=XgwymHRUIWy4ssgBQb0/sWsfbL1CoJI/Z1P955wSyLAf3gEQu7Iv3fdi1lgcQ0vDGFU+BS
	QMn6Q9YJWsi6ju0DywaC/xkYkOn9WCAjfoeOJAqEEM1/SoXA8ghlswbfdwva9gg+P9dRi2
	vSuexyWRZ5OXfAej7XoNfPL+wohW8vx188vJNcebdi0FYbbcbQhUwzJtkktdlHB8VTcb+H
	KzuRvTYP/ILlW6VblIDtKxNPb39s37a2WkSgh8ORWs1itaS4g/HSB+FCaZ63Xrpx0a+XS7
	t1Vkf1MT14+q/Tmf6so9gKSB87kSSRm0jsmzkR8QLGIniimWo+adJtDxO8d9yg==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1705094748; a=rsa-sha256; cv=none;
	b=njXBYu5QKjqkYoLEfQw/fzAqrloK6jXUyS2BCQif+Sy7dH+LiGc3DPi/3Rm1YM1EKcrIG/
	jJvaUuKtRtdcZjl33rI/loYbtMI6y8b1Fa2iSACcuHzTyFwgcevcugJfhuuE6+lkfIHotQ
	t90hyDBF/CSqhQtmAoINSI+gfzFUNJM1Yd0jVGAyBc4QGg7YgNPbFG2Kna3nV2q6cHjy2F
	ID3gTlROL5fdfsJBaUjGOmpVQGSbF1r/0ZJwgVD2b6faYTHa/L8iECHfS62Dif7cBO8U3z
	hvovSlvIWaxlVDQB6Np+zzrRPF6hXcS5oFX0KPjpdUIBrRUa2u8ytubOgiBJIA==
Received: from [192.168.1.10] (c-73-231-46-254.hsd1.ca.comcast.net [73.231.46.254])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(Client did not present a certificate)
	(Authenticated sender: rpokala)
	by smtp.freebsd.org (Postfix) with ESMTPSA id 4TBZMb1GF2z1DT3;
	Fri, 12 Jan 2024 21:25:47 +0000 (UTC)
	(envelope-from rpokala@freebsd.org)
User-Agent: Microsoft-MacOutlook/16.80.23121017
Date: Fri, 12 Jan 2024 13:25:43 -0800
Subject: Re: d07acc58d898 - main - systm: Relax __result_use_check annotations
From: Ravi Pokala <rpokala@freebsd.org>
To: Mark Johnston <markj@FreeBSD.org>,
	<src-committers@FreeBSD.org>,
	<dev-commits-src-all@FreeBSD.org>,
	<dev-commits-src-main@FreeBSD.org>
Message-ID: <BB320FF2-6B2B-491C-903B-4D8C1F0514C4@panasas.com>
Thread-Topic: d07acc58d898 - main - systm: Relax __result_use_check
 annotations
References: <202401122112.40CLC7nM039270@gitrepo.freebsd.org>
In-Reply-To: <202401122112.40CLC7nM039270@gitrepo.freebsd.org>
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-all@freebsd.org
X-BeenThere: dev-commits-src-all@freebsd.org
Mime-version: 1.0
Content-type: text/plain;
	charset="UTF-8"
Content-transfer-encoding: quoted-printable

Hi Mark,

> failing to check for errors when copying *in* is a much more severe bug

In that you might get panics. But failing to check for errors when copying =
*out* can be a security leak; depending on the context, a panic might be pre=
ferable.

I agree with what Mateusz just said: make __result_use_check contingent on =
`clang'.

Thanks,

Ravi (rpokala@)

=EF=BB=BF-----Original Message-----
From: <owner-src-committers@freebsd.org <mailto:owner-src-committers@freebs=
d.org>> on behalf of Mark Johnston <markj@FreeBSD.org <mailto:markj@FreeBSD.=
org>>
Date: Friday, January 12, 2024 at 13:12
To: <src-committers@FreeBSD.org <mailto:src-committers@FreeBSD.org>>, <dev-=
commits-src-all@FreeBSD.org <mailto:dev-commits-src-all@FreeBSD.org>>, <dev-=
commits-src-main@FreeBSD.org <mailto:dev-commits-src-main@FreeBSD.org>>
Subject: git: d07acc58d898 - main - systm: Relax __result_use_check annotat=
ions


The branch main has been updated by markj:


URL: https://cgit.FreeBSD.org/src/commit/?id=3Dd07acc58d8987e8e1205f4a82b77e8=
47ea2d60d3 <https://cgit.FreeBSD.org/src/commit/?id=3Dd07acc58d8987e8e1205f4a8=
2b77e847ea2d60d3>


commit d07acc58d8987e8e1205f4a82b77e847ea2d60d3
Author: Mark Johnston <markj@FreeBSD.org <mailto:markj@FreeBSD.org>>
AuthorDate: 2024-01-12 15:07:28 +0000
Commit: Mark Johnston <markj@FreeBSD.org <mailto:markj@FreeBSD.org>>
CommitDate: 2024-01-12 20:56:00 +0000


systm: Relax __result_use_check annotations


When compiling with gcc, functions annotated this way can not have their
return values cast away, e.g., with `(void)copyout(...)`. clang permits
it but gcc does not. Since we have a number of such casts for calls
which copy data out of the kernel, and since failing to check for errors
when copying *in* is a much more severe bug, remove some of the
annotations in order to make the gcc build happy.


Reviewed by: kib
Reported by: Jenkins
Fixes: 8e36732e6eb5 ("systm: Annotate copyin() and related functions with _=
_result_use_check")
Differential Revision: https://reviews.freebsd.org/D43418 <https://reviews.=
freebsd.org/D43418>
---
sys/sys/systm.h | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)


diff --git a/sys/sys/systm.h b/sys/sys/systm.h
index 2da177af91f0..508690cd639e 100644
--- a/sys/sys/systm.h
+++ b/sys/sys/systm.h
@@ -289,9 +289,9 @@ int __result_use_check copyin(const void * __restrict u=
daddr,
void * _Nonnull __restrict kaddr, size_t len);
int __result_use_check copyin_nofault(const void * __restrict udaddr,
void * _Nonnull __restrict kaddr, size_t len);
-int __result_use_check copyout(const void * _Nonnull __restrict kaddr,
+int copyout(const void * _Nonnull __restrict kaddr,
void * __restrict udaddr, size_t len);
-int __result_use_check copyout_nofault(const void * _Nonnull __restrict ka=
ddr,
+int copyout_nofault(const void * _Nonnull __restrict kaddr,
void * __restrict udaddr, size_t len);


#ifdef SAN_NEEDS_INTERCEPTORS
@@ -313,11 +313,11 @@ int64_t fuword64(volatile const void *base);
int __result_use_check fueword(volatile const void *base, long *val);
int __result_use_check fueword32(volatile const void *base, int32_t *val);
int __result_use_check fueword64(volatile const void *base, int64_t *val);
-int __result_use_check subyte(volatile void *base, int byte);
-int __result_use_check suword(volatile void *base, long word);
-int __result_use_check suword16(volatile void *base, int word);
-int __result_use_check suword32(volatile void *base, int32_t word);
-int __result_use_check suword64(volatile void *base, int64_t word);
+int subyte(volatile void *base, int byte);
+int suword(volatile void *base, long word);
+int suword16(volatile void *base, int word);
+int suword32(volatile void *base, int32_t word);
+int suword64(volatile void *base, int64_t word);
uint32_t casuword32(volatile uint32_t *base, uint32_t oldval, uint32_t newv=
al);
u_long casuword(volatile u_long *p, u_long oldval, u_long newval);
int casueword32(volatile uint32_t *base, uint32_t oldval, uint32_t *oldvalp=
,