From owner-svn-src-all@freebsd.org Fri Mar 2 18:19:48 2018 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E31ACF3A706; Fri, 2 Mar 2018 18:19:47 +0000 (UTC) (envelope-from kostikbel@gmail.com) Received: from kib.kiev.ua (kib.kiev.ua [IPv6:2001:470:d5e7:1::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 6223E6FCBE; Fri, 2 Mar 2018 18:19:47 +0000 (UTC) (envelope-from kostikbel@gmail.com) Received: from tom.home (kib@localhost [127.0.0.1]) by kib.kiev.ua (8.15.2/8.15.2) with ESMTPS id w22IJYCt036866 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Fri, 2 Mar 2018 20:19:37 +0200 (EET) (envelope-from kostikbel@gmail.com) DKIM-Filter: OpenDKIM Filter v2.10.3 kib.kiev.ua w22IJYCt036866 Received: (from kostik@localhost) by tom.home (8.15.2/8.15.2/Submit) id w22IJYnX036865; Fri, 2 Mar 2018 20:19:34 +0200 (EET) (envelope-from kostikbel@gmail.com) X-Authentication-Warning: tom.home: kostik set sender to kostikbel@gmail.com using -f Date: Fri, 2 Mar 2018 20:19:34 +0200 From: Konstantin Belousov To: Pedro Giffuni Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org, Eitan Adler Subject: Re: svn commit: r330285 - head/sys/sys Message-ID: <20180302181934.GF3194@kib.kiev.ua> References: <201803021647.w22Gl2t7092316@repo.freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.9.3 (2018-01-21) X-Spam-Status: No, score=-2.0 required=5.0 tests=ALL_TRUSTED,BAYES_00, DKIM_ADSP_CUSTOM_MED,FREEMAIL_FROM,NML_ADSP_CUSTOM_MED autolearn=no autolearn_force=no version=3.4.1 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on tom.home X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Mar 2018 18:19:48 -0000 On Fri, Mar 02, 2018 at 12:43:34PM -0500, Pedro Giffuni wrote: > (cc in Eitan as he may be interested in the extra restrict cases) > > > On 02/03/2018 11:47, Konstantin Belousov wrote: > > Author: kib > > Date: Fri Mar 2 16:47:02 2018 > > New Revision: 330285 > > URL: https://svnweb.freebsd.org/changeset/base/330285 > > > > Log: > > Remove _Nonnull attributes from user addresses arguments for > > copyout(9) family. > > > > The addresses are user-controllable, and if the process ABI allows > > mapping at zero, then the zero address is meaningful, contradicting > > the definition of _Nonnull. In any case, it does not require any > > special code to handle NULL udaddr. > > > > FWIW, the _Nonnull attributes didn't do much at all beyond producing a > warning. > They replaced the GNU __nonnull() attributes which were much more dangerous. > I am OK with seeing both gone here though. > > > It is not clear if __restrict makes sense as well, since kaddr and > > udaddr point to different address spaces, so equal numeric values of > > the pointers do not imply aliasing and a legitimate. But leave it for > > later. > > > > copyinstr(9) does not have its user address argument annotated. > > I think use of _Nonnull attributes in the threading functions may also > be a waste (I introduced them mostly to be compatible with Android). > FWIW, Dragonfly sprinkled some restrict there recently: > > http://gitweb.dragonflybsd.org/dragonfly.git/commit/d33005aaee6af52c80428b59b52aee522c002492 > > Just in case someone is considering more cleanups. This is not a cleanup for me, but a needed change. Right now x86 copyouts are implemented in asm, so whatever damage is done to the prototypes, only effect is at the caller side. In my work, i386 copyouts are done in C, so it starts matter. Also I looked at the dragonfly commit because I become curious what do you mean by threading functions. The first example was int pthread_attr_getguardsize(const pthread_attr_t * __restrict, - size_t *); + size_t * __restrict); POSIX agrees with the dragonfly change, but I do not understand it. Aliasing rules already disallow the first and second arguments to point to the same memory, because they have different types.