The CIDs below are all for the PV side of things, but also take care of
the HVM side.
Coverity-ID: 1485896, 1485901, 1485906, 1485910, 1485911,
Signed-off-by: Jan Beulich <jbeulich@suse.com>
---
Let's see whether Coverity actually understands the (relatively) new
pseudo-keyword.
--- a/xen/arch/x86/hvm/hypercall.c
+++ b/xen/arch/x86/hvm/hypercall.c
@@ -246,11 +246,11 @@ int hvm_hypercall(struct cpu_user_regs *
/* Deliberately corrupt parameter regs not used by this hypercall. */
switch ( hypercall_args_table[eax].native )
{
- case 0: rdi = 0xdeadbeefdeadf00dUL;
- case 1: rsi = 0xdeadbeefdeadf00dUL;
- case 2: rdx = 0xdeadbeefdeadf00dUL;
- case 3: r10 = 0xdeadbeefdeadf00dUL;
- case 4: r8 = 0xdeadbeefdeadf00dUL;
+ case 0: rdi = 0xdeadbeefdeadf00dUL; fallthrough;
+ case 1: rsi = 0xdeadbeefdeadf00dUL; fallthrough;
+ case 2: rdx = 0xdeadbeefdeadf00dUL; fallthrough;
+ case 3: r10 = 0xdeadbeefdeadf00dUL; fallthrough;
+ case 4: r8 = 0xdeadbeefdeadf00dUL; fallthrough;
case 5: r9 = 0xdeadbeefdeadf00dUL;
}
#endif
@@ -264,11 +264,11 @@ int hvm_hypercall(struct cpu_user_regs *
/* Deliberately corrupt parameter regs used by this hypercall. */
switch ( hypercall_args_table[eax].native )
{
- case 6: regs->r9 = 0xdeadbeefdeadf00dUL;
- case 5: regs->r8 = 0xdeadbeefdeadf00dUL;
- case 4: regs->r10 = 0xdeadbeefdeadf00dUL;
- case 3: regs->rdx = 0xdeadbeefdeadf00dUL;
- case 2: regs->rsi = 0xdeadbeefdeadf00dUL;
+ case 6: regs->r9 = 0xdeadbeefdeadf00dUL; fallthrough;
+ case 5: regs->r8 = 0xdeadbeefdeadf00dUL; fallthrough;
+ case 4: regs->r10 = 0xdeadbeefdeadf00dUL; fallthrough;
+ case 3: regs->rdx = 0xdeadbeefdeadf00dUL; fallthrough;
+ case 2: regs->rsi = 0xdeadbeefdeadf00dUL; fallthrough;
case 1: regs->rdi = 0xdeadbeefdeadf00dUL;
}
}
--- a/xen/arch/x86/pv/hypercall.c
+++ b/xen/arch/x86/pv/hypercall.c
@@ -149,11 +149,11 @@ void pv_hypercall(struct cpu_user_regs *
/* Deliberately corrupt parameter regs not used by this hypercall. */
switch ( hypercall_args_table[eax].native )
{
- case 0: rdi = 0xdeadbeefdeadf00dUL;
- case 1: rsi = 0xdeadbeefdeadf00dUL;
- case 2: rdx = 0xdeadbeefdeadf00dUL;
- case 3: r10 = 0xdeadbeefdeadf00dUL;
- case 4: r8 = 0xdeadbeefdeadf00dUL;
+ case 0: rdi = 0xdeadbeefdeadf00dUL; fallthrough;
+ case 1: rsi = 0xdeadbeefdeadf00dUL; fallthrough;
+ case 2: rdx = 0xdeadbeefdeadf00dUL; fallthrough;
+ case 3: r10 = 0xdeadbeefdeadf00dUL; fallthrough;
+ case 4: r8 = 0xdeadbeefdeadf00dUL; fallthrough;
case 5: r9 = 0xdeadbeefdeadf00dUL;
}
#endif
@@ -172,11 +172,11 @@ void pv_hypercall(struct cpu_user_regs *
/* Deliberately corrupt parameter regs used by this hypercall. */
switch ( hypercall_args_table[eax].native )
{
- case 6: regs->r9 = 0xdeadbeefdeadf00dUL;
- case 5: regs->r8 = 0xdeadbeefdeadf00dUL;
- case 4: regs->r10 = 0xdeadbeefdeadf00dUL;
- case 3: regs->rdx = 0xdeadbeefdeadf00dUL;
- case 2: regs->rsi = 0xdeadbeefdeadf00dUL;
+ case 6: regs->r9 = 0xdeadbeefdeadf00dUL; fallthrough;
+ case 5: regs->r8 = 0xdeadbeefdeadf00dUL; fallthrough;
+ case 4: regs->r10 = 0xdeadbeefdeadf00dUL; fallthrough;
+ case 3: regs->rdx = 0xdeadbeefdeadf00dUL; fallthrough;
+ case 2: regs->rsi = 0xdeadbeefdeadf00dUL; fallthrough;
case 1: regs->rdi = 0xdeadbeefdeadf00dUL;
}
}
On 09/06/2021 11:34, Jan Beulich wrote: > The CIDs below are all for the PV side of things, but also take care of > the HVM side. > > Coverity-ID: 1485896, 1485901, 1485906, 1485910, 1485911, > Signed-off-by: Jan Beulich <jbeulich@suse.com> > --- > Let's see whether Coverity actually understands the (relatively) new > pseudo-keyword. This is exceedingly disappointing. Coverity used to have the only sensible rule for not causing spurious fallthrough warnings, but this has apparently regressed. Coverity works on the AST, so ought to be after GCC has interpreted __attribute__((__fallthrough__)) if applicable. However, I doubt it will work in the fallback case, because #define fallthrough looks dubious. To trigger the older logic, the /* fallthrough */ comment needs to be the final thing before the next case label, and it isn't with the added semicolon. Given that this pseudo-keyword is restricted to the SMMU driver for now, we don't actually know if Coverity likes it or not. ~Andrew
On 09.06.2021 14:49, Andrew Cooper wrote: > On 09/06/2021 11:34, Jan Beulich wrote: >> The CIDs below are all for the PV side of things, but also take care of >> the HVM side. >> >> Coverity-ID: 1485896, 1485901, 1485906, 1485910, 1485911, >> Signed-off-by: Jan Beulich <jbeulich@suse.com> >> --- >> Let's see whether Coverity actually understands the (relatively) new >> pseudo-keyword. > > This is exceedingly disappointing. Coverity used to have the only > sensible rule for not causing spurious fallthrough warnings, but this > has apparently regressed. > > Coverity works on the AST, so ought to be after GCC has interpreted > __attribute__((__fallthrough__)) if applicable. > > However, I doubt it will work in the fallback case, because #define > fallthrough looks dubious. To trigger the older logic, the /* > fallthrough */ comment needs to be the final thing before the next case > label, and it isn't with the added semicolon. > > Given that this pseudo-keyword is restricted to the SMMU driver for now, > we don't actually know if Coverity likes it or not. When it was introduced, I did specifically ask whether it pleases Coverity. I was told it would, and I had no proof to the contrary, so I had to accept what I was told. My asking at the time was precisely to avoid having to have two forms of annotation on every single legitimate / intentional fall-through case. Jan
On 09.06.2021 14:49, Andrew Cooper wrote: > On 09/06/2021 11:34, Jan Beulich wrote: >> The CIDs below are all for the PV side of things, but also take care of >> the HVM side. >> >> Coverity-ID: 1485896, 1485901, 1485906, 1485910, 1485911, >> Signed-off-by: Jan Beulich <jbeulich@suse.com> >> --- >> Let's see whether Coverity actually understands the (relatively) new >> pseudo-keyword. > > This is exceedingly disappointing. Coverity used to have the only > sensible rule for not causing spurious fallthrough warnings, but this > has apparently regressed. > > Coverity works on the AST, so ought to be after GCC has interpreted > __attribute__((__fallthrough__)) if applicable. > > However, I doubt it will work in the fallback case, because #define > fallthrough looks dubious. To trigger the older logic, the /* > fallthrough */ comment needs to be the final thing before the next case > label, and it isn't with the added semicolon. > > Given that this pseudo-keyword is restricted to the SMMU driver for now, > we don't actually know if Coverity likes it or not. My reply from the 9th had no further reaction, so let me ask more directly: Besides leaving the Coverity issues open, what alternatives do you see? IOW I'm missing from your reply any indication what it would rework of the patch you want me to do, if any. Or if none, what it is that stands in the way of getting this change in. Jan
On 09.06.2021 14:49, Andrew Cooper wrote: > On 09/06/2021 11:34, Jan Beulich wrote: >> The CIDs below are all for the PV side of things, but also take care of >> the HVM side. >> >> Coverity-ID: 1485896, 1485901, 1485906, 1485910, 1485911, >> Signed-off-by: Jan Beulich <jbeulich@suse.com> >> --- >> Let's see whether Coverity actually understands the (relatively) new >> pseudo-keyword. > > This is exceedingly disappointing. Coverity used to have the only > sensible rule for not causing spurious fallthrough warnings, but this > has apparently regressed. Actually - where do you see a regression here? These cases of fall-through have been entirely un-annotated so far, so I'm instead surprised that apparently there were no warnings so far. Or maybe they had been marked false-positive in some database, and some unrelated code change made Coverity think this was new / changed code. Jan
© 2016 - 2024 Red Hat, Inc.