| Message ID | 475daa82f5be77644b1f32ecd3f6e66ccd9ac904.1717236930.git.nicola.vetrini@bugseng.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | address violations of MISRA C rules | expand |
On 01.06.2024 12:16, Nicola Vetrini wrote: > --- a/xen/arch/x86/include/asm/shared.h > +++ b/xen/arch/x86/include/asm/shared.h > @@ -76,6 +76,7 @@ static inline void arch_set_##field(struct vcpu *v, \ > > GET_SET_SHARED(unsigned long, max_pfn) > GET_SET_SHARED(xen_pfn_t, pfn_to_mfn_frame_list_list) > +/* SAF-6-safe Rule 20.12: expansion of macro nmi_reason */ > GET_SET_SHARED(unsigned long, nmi_reason) Before we go this route, were alternatives at least considered? Plus didn't we special-case function-like macros already, when used in situations where only object-like macros would be expanded anyway? As to alternatives: nmi_reason() is used in exactly one place. Dropping the #define and expanding the one use instead would be an option. I further wonder whether moving the #define-s past the piece of code you actually modify would also be an option (i.e. the tool then no longer complaining). Jan
On 2024-06-04 08:08, Jan Beulich wrote: > On 01.06.2024 12:16, Nicola Vetrini wrote: >> --- a/xen/arch/x86/include/asm/shared.h >> +++ b/xen/arch/x86/include/asm/shared.h >> @@ -76,6 +76,7 @@ static inline void arch_set_##field(struct vcpu *v, >> \ >> >> GET_SET_SHARED(unsigned long, max_pfn) >> GET_SET_SHARED(xen_pfn_t, pfn_to_mfn_frame_list_list) >> +/* SAF-6-safe Rule 20.12: expansion of macro nmi_reason */ >> GET_SET_SHARED(unsigned long, nmi_reason) > > Before we go this route, were alternatives at least considered? Plus > didn't we special-case function-like macros already, when used in > situations where only object-like macros would be expanded anyway? > It may be the case that this is already deviated, hence meaning that the patch can be dropped: I'll recheck. In that case, thanks for pointing this out. > As to alternatives: nmi_reason() is used in exactly one place. > Dropping the #define and expanding the one use instead would be an > option. I further wonder whether moving the #define-s past the > piece of code you actually modify would also be an option (i.e. the > tool then no longer complaining). > > Jan
diff --git a/xen/arch/x86/include/asm/shared.h b/xen/arch/x86/include/asm/shared.h index 60b67fa4b427..c26d4b2b3f0f 100644 --- a/xen/arch/x86/include/asm/shared.h +++ b/xen/arch/x86/include/asm/shared.h @@ -76,6 +76,7 @@ static inline void arch_set_##field(struct vcpu *v, \ GET_SET_SHARED(unsigned long, max_pfn) GET_SET_SHARED(xen_pfn_t, pfn_to_mfn_frame_list_list) +/* SAF-6-safe Rule 20.12: expansion of macro nmi_reason */ GET_SET_SHARED(unsigned long, nmi_reason) GET_SET_VCPU(unsigned long, cr2)
MISRA C Rule 20.12 states: "A macro parameter used as an operand to the # or ## operators, which is itself subject to further macro replacement, shall only be used as an operand to these operators". When the second parameter of GET_SET_SHARED is a macro and is used as both a regular parameter and for token pasting the rule deliberately violated. A SAF-x-safe comment is used to deviate the usage. No functional change. Signed-off-by: Nicola Vetrini <nicola.vetrini@bugseng.com> --- xen/arch/x86/include/asm/shared.h | 1 + 1 file changed, 1 insertion(+)