| Message ID | 1595eac56587d20c7f86128bc5652c31c3a72772.1708436010.git.federico.serafini@bugseng.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | [XEN] x86/uaccess: add attribute noreturn to __{get,put}_user_bad() | expand |
On 20.02.2024 14:35, Federico Serafini wrote: > __get_user_bad() and __put_user_bad() are undefined symbols used > to assert the unreachability of a program point: > a call to one of such functions is optimized away if it is considered > unreachable by the compiler. Otherwise, a linker error is reported. > > In accordance with the purpose of such constructs: > 1) add the attribute noreturn to __get_user_bad() and __put_user_bad(); > 2) change return type of __get_user_bad() to void (returning long is a > leftover from the past). > > Point (1) meets the requirements to deviate MISRA C:2012 Rule 16.3 > ("An unconditional break statement shall terminate every switch > clause") since functions with noreturn attribute are considered > as allowed terminals for switch clauses. > > Point (2) addresses several violations of MISRA C:2012 Rule 17.7 > ("The value returned by a function having non-void return type > shall be used"). > > No functional change. > > Signed-off-by: Federico Serafini <federico.serafini@bugseng.com> Reviewed-by: Jan Beulich <jbeulich@suse.com> preferably ... > --- a/xen/arch/x86/include/asm/uaccess.h > +++ b/xen/arch/x86/include/asm/uaccess.h > @@ -21,8 +21,8 @@ unsigned int copy_from_guest_ll(void *to, const void __user *from, unsigned int > unsigned int copy_to_unsafe_ll(void *to, const void *from, unsigned int n); > unsigned int copy_from_unsafe_ll(void *to, const void *from, unsigned int n); > > -extern long __get_user_bad(void); > -extern void __put_user_bad(void); > +extern void noreturn __get_user_bad(void); > +extern void noreturn __put_user_bad(void); ... with the "extern" dropped at the same time (see other function decls in context). I'll try to remember to drop them while committing. Jan
diff --git a/xen/arch/x86/include/asm/uaccess.h b/xen/arch/x86/include/asm/uaccess.h index 7443519d5b..c7bafaf10f 100644 --- a/xen/arch/x86/include/asm/uaccess.h +++ b/xen/arch/x86/include/asm/uaccess.h @@ -21,8 +21,8 @@ unsigned int copy_from_guest_ll(void *to, const void __user *from, unsigned int unsigned int copy_to_unsafe_ll(void *to, const void *from, unsigned int n); unsigned int copy_from_unsafe_ll(void *to, const void *from, unsigned int n); -extern long __get_user_bad(void); -extern void __put_user_bad(void); +extern void noreturn __get_user_bad(void); +extern void noreturn __put_user_bad(void); #define UA_KEEP(args...) args #define UA_DROP(args...)
__get_user_bad() and __put_user_bad() are undefined symbols used to assert the unreachability of a program point: a call to one of such functions is optimized away if it is considered unreachable by the compiler. Otherwise, a linker error is reported. In accordance with the purpose of such constructs: 1) add the attribute noreturn to __get_user_bad() and __put_user_bad(); 2) change return type of __get_user_bad() to void (returning long is a leftover from the past). Point (1) meets the requirements to deviate MISRA C:2012 Rule 16.3 ("An unconditional break statement shall terminate every switch clause") since functions with noreturn attribute are considered as allowed terminals for switch clauses. Point (2) addresses several violations of MISRA C:2012 Rule 17.7 ("The value returned by a function having non-void return type shall be used"). No functional change. Signed-off-by: Federico Serafini <federico.serafini@bugseng.com> --- xen/arch/x86/include/asm/uaccess.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)