From nobody Wed May 22 03:01:15 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1711621801181105.54437700243523; Thu, 28 Mar 2024 03:30:01 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.698871.1091063 (Exim 4.92) (envelope-from ) id 1rpn0x-0006m9-Oj; Thu, 28 Mar 2024 10:29:43 +0000 Received: by outflank-mailman (output) from mailman id 698871.1091063; Thu, 28 Mar 2024 10:29:43 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rpn0x-0006m2-MA; Thu, 28 Mar 2024 10:29:43 +0000 Received: by outflank-mailman (input) for mailman id 698871; Thu, 28 Mar 2024 10:29:42 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rpn0w-0006lq-5M for xen-devel@lists.xenproject.org; Thu, 28 Mar 2024 10:29:42 +0000 Received: from support.bugseng.com (mail.bugseng.com [162.55.131.47]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id 15acc906-ecee-11ee-afe3-a90da7624cb6; Thu, 28 Mar 2024 11:29:40 +0100 (CET) Received: from beta.bugseng.com (unknown [176.206.12.122]) by support.bugseng.com (Postfix) with ESMTPSA id 26E5B4EE073C; Thu, 28 Mar 2024 11:29:40 +0100 (CET) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 15acc906-ecee-11ee-afe3-a90da7624cb6 From: Simone Ballarin To: xen-devel@lists.xenproject.org Cc: consulting@bugseng.com, Simone Ballarin , Doug Goldstein , Stefano Stabellini , Andrew Cooper , George Dunlap , Jan Beulich , Julien Grall Subject: [XEN PATCH v3 1/2] MISRA C:2012 Rule 17.1 states: The features of `' shall not be used Date: Thu, 28 Mar 2024 11:29:34 +0100 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ZM-MESSAGEID: 1711621802786100002 Content-Type: text/plain; charset="utf-8" The Xen community wants to avoid using variadic functions except for specific circumstances where it feels appropriate by strict code review. Add deviation for printf()-like functions. Signed-off-by: Simone Ballarin Reviewed-by: Stefano Stabellini --- Changes in v3: - use regex to exempt all .*printk and .*printf functions, instead of manually listing them one by one. Changes in v2: - replace "console output related" with "printf()-like". --- automation/eclair_analysis/ECLAIR/deviations.ecl | 13 +++++++++++++ docs/misra/deviations.rst | 5 +++++ 2 files changed, 18 insertions(+) diff --git a/automation/eclair_analysis/ECLAIR/deviations.ecl b/automation/= eclair_analysis/ECLAIR/deviations.ecl index de9ba723fb..936c738caf 100644 --- a/automation/eclair_analysis/ECLAIR/deviations.ecl +++ b/automation/eclair_analysis/ECLAIR/deviations.ecl @@ -386,6 +386,19 @@ explicit comment indicating the fallthrough intention = is present." -config=3DMC3R1.R16.6,switch_clauses+=3D{deliberate, "default(0)"} -doc_end =20 +# +# Series 17. +# + +-doc_begin=3D"printf()-like functions are allowed to use the variadic feat= ures provided by stdarg.h." +-config=3DMC3R1.R17.1,reports+=3D{deliberate,"any_area(^.*va_list.*$&&cont= ext(ancestor_or_self(^.*printk\(.*\)$)))"} +-config=3DMC3R1.R17.1,reports+=3D{deliberate,"any_area(^.*va_list.*$&&cont= ext(ancestor_or_self(^.*printf\(.*\)$)))"} +-config=3DMC3R1.R17.1,reports+=3D{deliberate,"any_area(^.*va_list.*$&&cont= ext(ancestor_or_self(name(panic)&&kind(function))))"} +-config=3DMC3R1.R17.1,reports+=3D{deliberate,"any_area(^.*va_list.*$&&cont= ext(ancestor_or_self(name(elf_call_log_callback)&&kind(function))))"} +-config=3DMC3R1.R17.1,reports+=3D{deliberate,"any_area(^.*va_list.*$&&cont= ext(ancestor_or_self(name(vprintk_common)&&kind(function))))"} +-config=3DMC3R1.R17.1,macros+=3D{hide , "^va_(arg|start|copy|end)$"} +-doc_end + # # Series 18. # diff --git a/docs/misra/deviations.rst b/docs/misra/deviations.rst index eb5ef2bd9d..dd254a9640 100644 --- a/docs/misra/deviations.rst +++ b/docs/misra/deviations.rst @@ -334,6 +334,11 @@ Deviations related to MISRA C:2012 Rules: improve readability. - Tagged as `deliberate` for ECLAIR. =20 + * - R17.1 + - printf()-like functions are allowed to use the variadic features p= rovided + by `stdarg.h`. + - Tagged as `deliberate` for ECLAIR. + * - R20.4 - The override of the keyword \"inline\" in xen/compiler.h is present= so that section contents checks pass when the compiler chooses not to --=20 2.34.1 From nobody Wed May 22 03:01:15 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1711621804066902.5249056909636; Thu, 28 Mar 2024 03:30:04 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.698873.1091084 (Exim 4.92) (envelope-from ) id 1rpn10-0007G7-5I; Thu, 28 Mar 2024 10:29:46 +0000 Received: by outflank-mailman (output) from mailman id 698873.1091084; Thu, 28 Mar 2024 10:29:46 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rpn10-0007G0-2L; Thu, 28 Mar 2024 10:29:46 +0000 Received: by outflank-mailman (input) for mailman id 698873; Thu, 28 Mar 2024 10:29:44 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1rpn0y-0006m1-Ge for xen-devel@lists.xenproject.org; Thu, 28 Mar 2024 10:29:44 +0000 Received: from support.bugseng.com (mail.bugseng.com [162.55.131.47]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id 11caa065-ecee-11ee-a1ef-f123f15fe8a2; Thu, 28 Mar 2024 11:29:34 +0100 (CET) Received: from beta.bugseng.com (unknown [176.206.12.122]) by support.bugseng.com (Postfix) with ESMTPSA id 73F9F4EE0744; Thu, 28 Mar 2024 11:29:40 +0100 (CET) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 11caa065-ecee-11ee-a1ef-f123f15fe8a2 From: Simone Ballarin To: xen-devel@lists.xenproject.org Cc: consulting@bugseng.com, Simone Ballarin , Andrew Cooper , George Dunlap , Jan Beulich , Julien Grall , Stefano Stabellini , Bertrand Marquis , Michal Orzel , Volodymyr Babchuk , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= Subject: [XEN PATCH v3 2/2] MISRA C Rule 20.7 states: "The features of `' shall not be used" Date: Thu, 28 Mar 2024 11:29:35 +0100 Message-Id: <97008d1b28eb922b3c0041830b09e827396aa0ec.1711621080.git.simone.ballarin@bugseng.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ZM-MESSAGEID: 1711621804596100005 Content-Type: text/plain; charset="utf-8" The Xen community wants to avoid using variadic functions except for specific circumstances where it feels appropriate by strict code review. Functions hypercall_create_continuation and hypercall_xlat_continuation are internal helper functions made to break long running hypercalls into multiple calls. They take a variable number of arguments depending on the original hypercall they are trying to continue. Add SAF deviations for the aforementioned functions. Signed-off-by: Simone Ballarin Reviewed-by: Stefano Stabellini --- Changes in v3: - rebase: change SAF-3-safe to SAF-4-safe. Changes in v2: - replaced "special hypercalls" with "internal helper functions". --- docs/misra/safe.json | 8 ++++++++ xen/arch/arm/domain.c | 1 + xen/arch/x86/hypercall.c | 2 ++ 3 files changed, 11 insertions(+) diff --git a/docs/misra/safe.json b/docs/misra/safe.json index d361d0e65c..fe2bc18509 100644 --- a/docs/misra/safe.json +++ b/docs/misra/safe.json @@ -36,6 +36,14 @@ }, { "id": "SAF-4-safe", + "analyser": { + "eclair": "MC3R1.R17.1" + }, + "name": "Rule 17.1: internal helper functions made to break lo= ng running hypercalls into multiple calls.", + "text": "They need to take a variable number of arguments depe= nding on the original hypercall they are trying to continue." + }, + { + "id": "SAF-5-safe", "analyser": {}, "name": "Sentinel", "text": "Next ID to be used" diff --git a/xen/arch/arm/domain.c b/xen/arch/arm/domain.c index f38cb5e04c..34cbfe699a 100644 --- a/xen/arch/arm/domain.c +++ b/xen/arch/arm/domain.c @@ -382,6 +382,7 @@ unsigned long hypercall_create_continuation( const char *p =3D format; unsigned long arg, rc; unsigned int i; + /* SAF-4-safe allowed variadic function */ va_list args; =20 current->hcall_preempted =3D true; diff --git a/xen/arch/x86/hypercall.c b/xen/arch/x86/hypercall.c index 01cd73040d..133e9f221c 100644 --- a/xen/arch/x86/hypercall.c +++ b/xen/arch/x86/hypercall.c @@ -31,6 +31,7 @@ unsigned long hypercall_create_continuation( const char *p =3D format; unsigned long arg; unsigned int i; + /* SAF-4-safe allowed variadic function */ va_list args; =20 curr->hcall_preempted =3D true; @@ -115,6 +116,7 @@ int hypercall_xlat_continuation(unsigned int *id, unsig= ned int nr, struct cpu_user_regs *regs; unsigned int i, cval =3D 0; unsigned long nval =3D 0; + /* SAF-4-safe allowed variadic function */ va_list args; =20 ASSERT(nr <=3D ARRAY_SIZE(mcs->call.args)); --=20 2.34.1