From nobody Tue May 14 09:28:56 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=none dis=none) header.from=kernel.org ARC-Seal: i=1; a=rsa-sha256; t=1694214240; cv=none; d=zohomail.com; s=zohoarc; b=gw9WKJOQYANXCGUhVjGPGx2/zDekSKMsCfgdy8sPb8qpLFhtJkbDDA+j7quKtultb0nRlTXrl4qYKy4VDsEyWJfb39/g2eKiYoYlrpqkOTBd6fJCPSETBRc7lphSGSLDenXENSa6Gm8buhQCK7p6/BU2lBpWBwAT7NQNX1J/5fk= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1694214240; h=Content-Transfer-Encoding:Cc:Date:From:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Sender:Subject:To; bh=rfCHqidzqrSF/gpOvCu3YsQNqM7lKPdKd2yupbcLha0=; b=hXwIFePPArO8nrvjKDetbnDgqsj8+Z6NihLQ9HILYt239cG80KnBEIKa+41YIoTVVPfFV06TNJJh9oEBQcHeWJeLaphqD2enEzmBzhVI4Oi9Szi8exa3ypFyOaXeYe51qzfx95dmS3CV9EmpCs+Q3VNLHVRHi8v/L7T36PUAxB4= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1694214240569292.41053723035407; Fri, 8 Sep 2023 16:04:00 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.598267.932918 (Exim 4.92) (envelope-from ) id 1qekVj-0004cT-8z; Fri, 08 Sep 2023 23:03:35 +0000 Received: by outflank-mailman (output) from mailman id 598267.932918; Fri, 08 Sep 2023 23:03:35 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1qekVj-0004cM-6T; Fri, 08 Sep 2023 23:03:35 +0000 Received: by outflank-mailman (input) for mailman id 598267; Fri, 08 Sep 2023 23:03:33 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1qekVh-0004ax-P4 for xen-devel@lists.xenproject.org; Fri, 08 Sep 2023 23:03:33 +0000 Received: from sin.source.kernel.org (sin.source.kernel.org [145.40.73.55]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id ecd23825-4e9b-11ee-9b0d-b553b5be7939; Sat, 09 Sep 2023 01:03:31 +0200 (CEST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by sin.source.kernel.org (Postfix) with ESMTPS id 9F51BCE1CE7; Fri, 8 Sep 2023 23:03:24 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 954D5C433C9; Fri, 8 Sep 2023 23:03:21 +0000 (UTC) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: ecd23825-4e9b-11ee-9b0d-b553b5be7939 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1694214203; bh=lgwU7Z5792uj1BjLTLhQ5oE1XrVQV3QOd015unveqhA=; h=From:To:Cc:Subject:Date:From; b=F4GKMNqhKeHksxzsBxUtMc1FbMDT19L1KidBmufoXrxohcF9/YdVFvIYz6Kh6Rza4 bLqI8ynFY59mUWpdu1YnoaaD5s+mkwUFg389NiEIWbtx6QF5Zz8nFgbku4nLWbqfsV +DcOfOw9dzw1DdkJbuoOn2gvRQHqtIbQMG1bfD11YGKgtamHdwI0ejQP25GgQMJ9AV /A3FQyomM68LZaXjC5P+0aQG8LDBJgmjO00AD43U3mMa3QUUizCWqHJyqVsx2aZlwk hEW8vntMjKP5hxUWoj3kMqf2XzZop4UvuTQsyqQ96qnvfYl2/F2eztCKaJqiBBNqz4 tukLuRkKO/rdw== From: Stefano Stabellini To: xen-devel@lists.xenproject.org Cc: jbeulich@suse.com, andrew.cooper3@citrix.com, roger.pau@citrix.com, julien@xen.org, sstabellini@kernel.org, george.dunlap@citrix.com, bertrand.marquis@arm.com, roberto.bagnara@bugseng.com, nicola.vetrini@bugseng.com, Stefano Stabellini Subject: [PATCH v3] docs/misra: add rule 2.1 exceptions Date: Fri, 8 Sep 2023 16:03:18 -0700 Message-Id: <20230908230318.1719290-1-sstabellini@kernel.org> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @kernel.org) X-ZM-MESSAGEID: 1694214243054100001 Content-Type: text/plain; charset="utf-8" From: Stefano Stabellini During the discussions that led to the acceptance of Rule 2.1, we decided on a few exceptions that were not properly recorded in rules.rst. Add them now. Signed-off-by: Stefano Stabellini Acked-by: Jan Beulich --- Nicola, does this work with ECLAIR? I am referring to the locations of the SAF-2-safe tag on top of call_psci_system_off, BUG, etc. Changes in v3: - added SAF-2-safe to safe.json - added a few SAF-2-safe examples --- docs/misra/rules.rst | 13 ++++++++++++- docs/misra/safe.json | 8 ++++++++ xen/arch/arm/psci.c | 1 + xen/arch/x86/shutdown.c | 1 + xen/include/xen/bug.h | 2 ++ 5 files changed, 24 insertions(+), 1 deletion(-) diff --git a/docs/misra/rules.rst b/docs/misra/rules.rst index 34916e266a..82de4c645d 100644 --- a/docs/misra/rules.rst +++ b/docs/misra/rules.rst @@ -107,7 +107,18 @@ maintainers if you want to suggest a change. * - `Rule 2.1 `_ - Required - A project shall not contain unreachable code - - + - The following are allowed: + - Invariantly constant conditions, e.g. if(IS_ENABLED(CONFIG_HVM)= ) { S; } + - Switch with a controlling value statically determined not to + match one or more case statements + - Functions that are intended to be referenced only from + assembly code (e.g. 'do_trap_fiq') + - Deliberate unreachability caused by certain macros/functions, + e.g. BUG, assert_failed, panic, etc. See safe.json. + - asm-offsets.c, as they are not linked deliberately, because + they are used to generate definitions for asm modules + - Declarations without initializer are safe, as they are not + executed =20 * - `Rule 2.6 `_ - Advisory diff --git a/docs/misra/safe.json b/docs/misra/safe.json index 39c5c056c7..fc96a99fd5 100644 --- a/docs/misra/safe.json +++ b/docs/misra/safe.json @@ -20,6 +20,14 @@ }, { "id": "SAF-2-safe", + "analyser": { + "eclair": "MC3R1.R2.1" + }, + "name": "Rule 2.1: deliberate unreachability", + "text": "Macro or function designed to be unreachable." + }, + { + "id": "SAF-3-safe", "analyser": {}, "name": "Sentinel", "text": "Next ID to be used" diff --git a/xen/arch/arm/psci.c b/xen/arch/arm/psci.c index 695d2fa1f1..2a8527cacc 100644 --- a/xen/arch/arm/psci.c +++ b/xen/arch/arm/psci.c @@ -59,6 +59,7 @@ void call_psci_cpu_off(void) } } =20 +/* SAF-2-safe */ void call_psci_system_off(void) { if ( psci_ver > PSCI_VERSION(0, 1) ) diff --git a/xen/arch/x86/shutdown.c b/xen/arch/x86/shutdown.c index 7619544d14..47e0f59024 100644 --- a/xen/arch/x86/shutdown.c +++ b/xen/arch/x86/shutdown.c @@ -118,6 +118,7 @@ static inline void kb_wait(void) break; } =20 +/* SAF-2-safe */ static void noreturn cf_check __machine_halt(void *unused) { local_irq_disable(); diff --git a/xen/include/xen/bug.h b/xen/include/xen/bug.h index e8a4eea71a..d47c54f034 100644 --- a/xen/include/xen/bug.h +++ b/xen/include/xen/bug.h @@ -117,6 +117,7 @@ struct bug_frame { #endif =20 #ifndef BUG +/* SAF-2-safe */ #define BUG() do { \ BUG_FRAME(BUGFRAME_bug, __LINE__, __FILE__, 0, NULL); \ unreachable(); \ @@ -124,6 +125,7 @@ struct bug_frame { #endif =20 #ifndef assert_failed +/* SAF-2-safe */ #define assert_failed(msg) do { \ BUG_FRAME(BUGFRAME_assert, __LINE__, __FILE__, 1, msg); \ unreachable(); \ --=20 2.25.1