From 7e79c3c15f39cf0ded9a38a7b2dd3926719e9446 Mon Sep 17 00:00:00 2001 From: Konstantin Belousov Date: Fri, 2 Mar 2018 16:47:02 +0000 Subject: [PATCH] Remove _Nonnull attributes from user addresses arguments for copyout(9) family. The addresses are user-controllable, and if the process ABI allows mapping at zero, then the zero address is meaningful, contradicting the definition of _Nonnull. In any case, it does not require any special code to handle NULL udaddr. It is not clear if __restrict makes sense as well, since kaddr and udaddr point to different address spaces, so equal numeric values of the pointers do not imply aliasing and a legitimate. But leave it for later. copyinstr(9) does not have its user address argument annotated. Sponsored by: The FreeBSD Foundation MFC after: 1 week --- sys/sys/systm.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/sys/sys/systm.h b/sys/sys/systm.h index 051b80d84fdf..4bb47280f1ef 100644 --- a/sys/sys/systm.h +++ b/sys/sys/systm.h @@ -277,14 +277,14 @@ int copystr(const void * _Nonnull __restrict kfaddr, int copyinstr(const void * __restrict udaddr, void * _Nonnull __restrict kaddr, size_t len, size_t * __restrict lencopied); -int copyin(const void * _Nonnull __restrict udaddr, +int copyin(const void * __restrict udaddr, void * _Nonnull __restrict kaddr, size_t len); -int copyin_nofault(const void * _Nonnull __restrict udaddr, +int copyin_nofault(const void * __restrict udaddr, void * _Nonnull __restrict kaddr, size_t len); int copyout(const void * _Nonnull __restrict kaddr, - void * _Nonnull __restrict udaddr, size_t len); + void * __restrict udaddr, size_t len); int copyout_nofault(const void * _Nonnull __restrict kaddr, - void * _Nonnull __restrict udaddr, size_t len); + void * __restrict udaddr, size_t len); int fubyte(volatile const void *base); long fuword(volatile const void *base);