On 2023-11-06 23:57, Julien Grall wrote:
Hi Nicola,
On 03/11/2023 18:05, Nicola Vetrini wrote:
The comment-based justifications for MISRA C:2012 Rule 8.4 are
replaced
by the asmlinkage pseudo-attribute, for the sake of uniformity.
The deviation with a comment based on the SAF framework
On 2023-11-06 15:27, Jan Beulich wrote:
On 06.11.2023 15:24, Nicola Vetrini wrote:
On 2023-10-19 09:55, Nicola Vetrini wrote:
The constant 0 is used instead of NULL in '__ACCESS_ONCE' as a
compile-time check to detect non-scalar types; its usage for this
purpose is deviated.
Furthermore
On 2023-10-19 09:55, Nicola Vetrini wrote:
The constant 0 is used instead of NULL in '__ACCESS_ONCE' as a
compile-time check to detect non-scalar types; its usage for this
purpose is deviated.
Furthermore, the 'typeof_field' macro is introduced as a general way
to access the type of a struct
On 2023-10-27 23:38, Stefano Stabellini wrote:
On Thu, 26 Oct 2023, Jan Beulich wrote:
On 26.10.2023 14:32, Nicola Vetrini wrote:
> On 25/10/2023 09:56, Jan Beulich wrote:
>> On 24.10.2023 22:27, Stefano Stabellini wrote:
>>> On Tue, 24 Oct 2023, Jan Beulich wrote:
>&g
On 2023-11-03 18:58, Nicola Vetrini wrote:
Static analysis tools may detect a possible null
pointer dereference at line 760 (the memcpy call)
of xen/common/domain.c. This ASSERT helps them in
detecting that such a condition is not possible
and also provides a basic sanity check.
Suggested
in docs/misra/deviations.rst is modified to reflect this change.
Signed-off-by: Nicola Vetrini
---
docs/misra/deviations.rst | 6 +++---
xen/arch/arm/cpuerrata.c| 7 +++
xen/arch/arm/setup.c| 5 ++---
xen/arch/arm/smpboot.c | 3 +--
xen/arch/arm/traps.c| 21
Static analysis tools may detect a possible null
pointer dereference at line 760 (the memcpy call)
of xen/common/domain.c. This ASSERT helps them in
detecting that such a condition is not possible
and also provides a basic sanity check.
Signed-off-by: Nicola Vetrini
---
The check may be later
As specified in rules.rst, these constants can be used
in the code.
Signed-off-by: Nicola Vetrini
---
Changes in v2:
- replace some SAF deviations with configurations
Changes in v3:
- refine configurations and justifications
Changes in v4:
- updated deviation record comment.
Changes in v5:
- use
On 2023-11-02 14:27, Jan Beulich wrote:
On 02.11.2023 00:10, Stefano Stabellini wrote:
On Wed, 1 Nov 2023, Nicola Vetrini wrote:
As stated in rules.rst, functions used only in asm modules
are allowed to have no prior declaration visible when being
defined, hence these functions are marked
Hi Julien, Stefano
On 2023-10-31 22:41, Stefano Stabellini wrote:
On Tue, 30 Oct 2023, Julien Grall wrote:
Hi Stefano,
On 30/10/2023 22:49, Stefano Stabellini wrote:
> On Mon, 30 Oct 2023, Julien Grall wrote:
> > Hi Nicola,
> >
> > On 27/10/2023 16:11, Nicola Vetrini wr
Hi Julien,
On 2023-11-02 00:42, Julien Grall wrote:
Hi Stefano,
On 01/11/2023 23:10, Stefano Stabellini wrote:
On Wed, 1 Nov 2023, Nicola Vetrini wrote:
As stated in rules.rst, functions used only in asm modules
are allowed to have no prior declaration visible when being
defined, hence
On 2023-11-01 10:15, Nicola Vetrini wrote:
The patches in this series aim to fix or deviate various instances
where a
function or variable do not have a declaration visible when such entity
is
defined (in violation of MISRA C:2012 Rule 8.4).
An exception listed under docs/misra/rules.rst
These files should not conform to MISRA guidelines at the moment,
therefore they are added to the exclusion list.
Signed-off-by: Nicola Vetrini
Reviewed-by: Stefano Stabellini
---
These exclusions are automatically picked up by ECLAIR's automation
to hide reports originating from these files
The declarations for {create,replace}_grant_p2m_mapping are
not visible when these functions are defined, therefore the right
header needs to be included to allow them to be visible.
Signed-off-by: Nicola Vetrini
Reviewed-by: Stefano Stabellini
Acked-by: Jan Beulich
---
Changes in v3:
- asm
The stub definition of 'consoled_guest_tx' can be removed, since its
its single caller uses the implementation built with PV_SHIM enabled.
Fixes: 5ef49f185c2d ("x86/pv-shim: shadow PV console's page for L2 DomU")
Signed-off-by: Nicola Vetrini
Reviewed-by: Stefano Stabellini
---
x
As stated in rules.rst, functions used only in asm modules
are allowed to have no prior declaration visible when being
defined, hence these functions are marked with an
'asmlinkage' macro, which is then deviated for MISRA C:2012
Rule 8.4.
Signed-off-by: Nicola Vetrini
---
Changes in v3:
- added
The function is used only within this file, and therefore can be static.
No functional change.
Signed-off-by: Nicola Vetrini
Acked-by: Tamas K Lengyel
---
Changes in v3:
- style fix
---
xen/arch/x86/mm/mem_access.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/xen
The missing header makes the declaration visible when the function
is defined, thereby fixing a violation of MISRA C:2012 Rule 8.4.
Fixes: 1366a0e76db6 ("x86/vm_event: add hvm/vm_event.{h,c}")
Signed-off-by: Nicola Vetrini
Acked-by: Tamas K Lengyel
---
xen/arch/x86/hvm/vm_event.c | 1
To avoid a violation of MISRA C:2012 Rule 8.4, as permitted
by docs/misra/rules.rst.
The current_stack_pointer is a declaration: mark it as such
for ECLAIR.
Signed-off-by: Nicola Vetrini
---
Changes in v3:
- Edited commit message
- Add two new variables
Changes in v5:
- Mark
/ while making
the variable static.
Signed-off-by: Nicola Vetrini
Reviewed-by: Stefano Stabellini
Acked-by: Jan Beulich
---
Jan's ack is for the x86 part, but no other concerns have been
raised for the arm files.
Changes in v2:
- make xenpf_lock static on ARM
Changes in v3:
- moved back code from
to be exempted, while the other instances are either changed
(e.g., making them static) or a missing header inclusion is added.
Nicola Vetrini (8):
xen: modify or add declarations for variables where needed
x86: add deviation for asm-only functions
x86: add asmlinkage macro to variables only used in asm
On 2023-10-31 15:13, Luca Fancellu wrote:
On 31 Oct 2023, at 13:27, Julien Grall wrote:
Hi Stefano,
On 30/10/2023 22:49, Stefano Stabellini wrote:
On Mon, 30 Oct 2023, Julien Grall wrote:
Hi Nicola,
On 27/10/2023 16:11, Nicola Vetrini wrote:
diff --git a/docs/misra/deviations.rst b/docs
On 2023-10-31 11:20, Jan Beulich wrote:
On 31.10.2023 11:03, Nicola Vetrini wrote:
On 2023-10-31 09:28, Nicola Vetrini wrote:
On 2023-10-31 08:43, Jan Beulich wrote:
On 30.10.2023 23:44, Stefano Stabellini wrote:
On Mon, 30 Oct 2023, Jan Beulich wrote:
On 27.10.2023 15:34, Nicola Vetrini
On 2023-10-31 09:28, Nicola Vetrini wrote:
On 2023-10-31 08:43, Jan Beulich wrote:
On 30.10.2023 23:44, Stefano Stabellini wrote:
On Mon, 30 Oct 2023, Jan Beulich wrote:
On 27.10.2023 15:34, Nicola Vetrini wrote:
--- a/xen/include/xen/macros.h
+++ b/xen/include/xen/macros.h
@@ -8,8 +8,14
On 2023-10-27 22:50, Stefano Stabellini wrote:
On Fri, 27 Oct 2023, Nicola Vetrini wrote:
The definition of MC_NCLASSES contained a violation of MISRA C:2012
Rule 10.1, therefore by moving it as an enumeration constant resolves
the
violation and makes it more resilient to possible additions
On 2023-10-31 08:43, Jan Beulich wrote:
On 30.10.2023 23:44, Stefano Stabellini wrote:
On Mon, 30 Oct 2023, Jan Beulich wrote:
On 27.10.2023 15:34, Nicola Vetrini wrote:
--- a/xen/include/xen/macros.h
+++ b/xen/include/xen/macros.h
@@ -8,8 +8,14 @@
#define DIV_ROUND(n, d) (((n) + (d) / 2
On 2023-10-30 16:12, Jan Beulich wrote:
On 30.10.2023 10:11, Nicola Vetrini wrote:
--- a/automation/eclair_analysis/ECLAIR/deviations.ecl
+++ b/automation/eclair_analysis/ECLAIR/deviations.ecl
@@ -163,6 +163,15 @@ Therefore the absence of prior declarations is
safe."
-config=MC3R1
On 2023-10-31 08:50, Jan Beulich wrote:
On 31.10.2023 00:02, Stefano Stabellini wrote:
On Mon, 30 Oct 2023, Jan Beulich wrote:
On 30.10.2023 10:11, Nicola Vetrini wrote:
--- a/automation/eclair_analysis/ECLAIR/deviations.ecl
+++ b/automation/eclair_analysis/ECLAIR/deviations.ecl
@@ -163,6
On 2023-10-30 23:54, Stefano Stabellini wrote:
On Mon, 30 Oct 2023, Julien Grall wrote:
Hi Nicola,
On 30/10/2023 09:11, Nicola Vetrini wrote:
> As stated in rules.rst, functions used only in asm modules
> are allowed to have no prior declaration visible when being
> defin
to be exempted, while the other instances are either changed
(e.g., making them static) or a missing header inclusion is added.
Nicola Vetrini (8):
xen: modify or add declarations for variables where needed
x86: add deviation for asm-only functions
x86: add asmlinkage macro to variables only used in asm
The function is used only within this file, and therefore can be static.
No functional change.
Signed-off-by: Nicola Vetrini
Acked-by: Tamas K Lengyel
---
Changes in v3:
- style fix
---
xen/arch/x86/mm/mem_access.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/xen
/ while making
the variable static.
Signed-off-by: Nicola Vetrini
Reviewed-by: Stefano Stabellini
Acked-by: Jan Beulich
---
Jan's ack is for the x86 part, but no other concerns have been
raised for the arm files.
Changes in v2:
- make xenpf_lock static on ARM
Changes in v3:
- moved back code from
These files should not conform to MISRA guidelines at the moment,
therefore they are added to the exclusion list.
Signed-off-by: Nicola Vetrini
Reviewed-by: Stefano Stabellini
---
These exclusions are automatically picked up by ECLAIR's automation
to hide reports originating from these files
To avoid a violation of MISRA C:2012 Rule 8.4, as permitted
by docs/misra/rules.rst.
Signed-off-by: Nicola Vetrini
---
Changes in v3:
- Edited commit message
- Add two new variables
Changes in v5:
- Mark current_stack_pointer as a declaration.
- Use asmlinkage instead of SAF.
---
xen/arch/x86
The stub definition of 'consoled_guest_tx' can be removed, since its
its single caller uses the implementation built with PV_SHIM enabled.
Fixes: 5ef49f185c2d ("x86/pv-shim: shadow PV console's page for L2 DomU")
Signed-off-by: Nicola Vetrini
Reviewed-by: Stefano Stabellini
---
x
, not a definition,
and is thus marked as safe for ECLAIR.
Signed-off-by: Nicola Vetrini
---
Changes in v3:
- added SAF deviations for vmx counterparts to svm functions.
Changes in v5:
- drop SAF deviations in favour of the pseudo-attribute asmlinkage
---
automation/eclair_analysis/ECLAIR
The missing header makes the declaration visible when the function
is defined, thereby fixing a violation of MISRA C:2012 Rule 8.4.
Fixes: 1366a0e76db6 ("x86/vm_event: add hvm/vm_event.{h,c}")
Signed-off-by: Nicola Vetrini
Acked-by: Tamas K Lengyel
---
xen/arch/x86/hvm/vm_event.c | 1
The declarations for {create,replace}_grant_p2m_mapping are
not visible when these functions are defined, therefore the right
header needs to be included to allow them to be visible.
Signed-off-by: Nicola Vetrini
Reviewed-by: Stefano Stabellini
Acked-by: Jan Beulich
---
Changes in v3:
- asm
As specified in rules.rst, these constants can be used
in the code.
Signed-off-by: Nicola Vetrini
---
Changes in v2:
- replace some SAF deviations with configurations
Changes in v3:
- refine configurations and justifications
Changes in v4:
- updated deviation record comment.
Changes in v5:
- use
On 26/10/2023 10:38, Jan Beulich wrote:
On 26.10.2023 10:18, Nicola Vetrini wrote:
--- a/automation/eclair_analysis/ECLAIR/deviations.ecl
+++ b/automation/eclair_analysis/ECLAIR/deviations.ecl
@@ -85,10 +85,12 @@ conform to the directive."
# Series 7.
#
--doc_begin="Usage of the
No functional change.
Signed-off-by: Nicola Vetrini
Reviewed-by: Stefano Stabellini
---
Changes in v2:
- Changed macro name
---
xen/common/vmap.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/xen/common/vmap.c b/xen/common/vmap.c
index 4fd6b3067ec1..1e498a6e525b 100644
This series replaces two instances of the pattern (x & -x) with the
macro ISOLATE_LOW_BIT, introduced by the series [1]. Therefore, these patches
should
be applied on top of that series.
[1] https://marc.info/?l=xen-devel=169841347803987=2
Changes in v2:
- s/LOWEST_BIT/ISOLATE_LOW_BIT/
Ni
No functional change.
Signed-off-by: Nicola Vetrini
Reviewed-by: Stefano Stabellini
---
Changes in v2:
- Changed macro name
---
xen/drivers/passthrough/iommu.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/xen/drivers/passthrough/iommu.c b/xen/drivers/passthrough/iommu.c
-off-by: Nicola Vetrini
Reviewed-by: Stefano Stabellini
---
Changes in v3:
- edited comment
---
docs/misra/safe.json| 8
xen/include/xen/iommu.h | 1 +
xen/include/xen/types.h | 5 +
3 files changed, 14 insertions(+)
diff --git a/docs/misra/safe.json b/docs/misra/safe.json
index
TMAP(features, IOMMU_FEAT_count);' is deviated, to avoid
harming code readability.
On the contrary, other uses of inappropriate types are changed.
Changes in v3:
- Patch [6/8] has already been picked up in Andrew's for-next tree
Changes in v4:
- s/LOWEST_BIT/ISOLATE_LOW_BIT/
Nicola Vetrini (8):
-by: Nicola Vetrini
Acked-by: Jan Beulich
---
Eventually __fix_to_virt may become an inline function; in that case,
it should retain unsigned int as its parameter type.
Changes in v3:
- style fix
- Add missing S-o-b
---
xen/arch/x86/include/asm/io_apic.h | 7 ---
1 file changed, 4 insertions
-off-by: Nicola Vetrini
---
Changes in v2:
- rename to LOWEST_BIT
Changes in v3:
- entry for deviations.rst
- comment on the macro defn
Changes in v4:
- Change the macro's name to ISOLATE_LOW_BIT
---
automation/eclair_analysis/ECLAIR/deviations.ecl | 7 +++
docs/misra/deviations
The definition of MC_NCLASSES contained a violation of MISRA C:2012
Rule 10.1, therefore by moving it as an enumeration constant resolves the
violation and makes it more resilient to possible additions to that enum.
Signed-off-by: Nicola Vetrini
---
This patch has already been picked up
BUILD_BUG_ON is the preferred way to induce a build error
upon statically determined incorrect conditions.
This also fixes a MISRA C:2012 Rule 10.1 violation in the
previous formulation.
Signed-off-by: Nicola Vetrini
Acked-by: Jan Beulich
---
Changes in v2:
- replace the construct
The various definitions of macro CNT (and the related BUILD_BUG_ON)
can be rewritten using ISOLATE_LOW_BIT, encapsulating a violation of
MISRA C:2012 Rule 10.1.
Signed-off-by: Nicola Vetrini
Reviewed-by: Stefano Stabellini
---
Changes in v4:
- Changed macro name
---
xen/arch/x86/x86_64/mm.c
The definition of PDX_GROUP_COUNT causes violations of
MISRA C:2012 Rule 10.1, therefore the problematic part now uses
the ISOLATE_LOW_BIT macro, which encapsulates the pattern.
Signed-off-by: Nicola Vetrini
Reviewed-by: Stefano Stabellini
---
Changes in v4:
-CChanged macro name.
---
xen
The definitions of ffs{l}? violate Rule 10.1, by using the well-known
pattern (x & -x); its usage is wrapped by the ISOLATE_LOW_BIT macro.
No functional change.
Signed-off-by: Nicola Vetrini
Reviewed-by: Stefano Stabellini
Changes in v4:
- Changed macro name.
---
xen/arch/arm/include
On 25/10/2023 09:56, Jan Beulich wrote:
On 24.10.2023 22:27, Stefano Stabellini wrote:
On Tue, 24 Oct 2023, Jan Beulich wrote:
On 24.10.2023 16:31, Nicola Vetrini wrote:
Partially explicitly initalized .matches arrays result in violations
of Rule 9.3; this is resolved by using designated
On 26/10/2023 08:52, Jan Beulich wrote:
On 26.10.2023 00:38, Stefano Stabellini wrote:
On Wed, 25 Oct 2023, Jan Beulich wrote:
On 25.10.2023 16:50, Nicola Vetrini wrote:
Ok, I'll send a revised version using MASK_LOWEST_BIT, taking into
account also the
other comments about the explanation
On 26/10/2023 00:36, Stefano Stabellini wrote:
On Wed, 25 Oct 2023, Nicola Vetrini wrote:
On 24/10/2023 21:50, Stefano Stabellini wrote:
> On Tue, 24 Oct 2023, Nicola Vetrini wrote:
> > On 24/10/2023 10:14, Jan Beulich wrote:
> > > On 24.10.2023 10:01, Nicola Vetrini wrote
As specified in rules.rst, these constants can be used
in the code.
Signed-off-by: Nicola Vetrini
---
Changes in v2:
- replace some SAF deviations with configurations
Changes in v3:
- refine configurations and justifications
Changes in v4:
- updated deviation record comment.
---
automation
On 26/10/2023 08:49, Jan Beulich wrote:
On 26.10.2023 00:34, Stefano Stabellini wrote:
On Wed, 25 Oct 2023, Jan Beulich wrote:
On 24.10.2023 22:30, Stefano Stabellini wrote:
On Tue, 24 Oct 2023, Nicola Vetrini wrote:
As specified in rules.rst, these constants can be used
in the code.
Signed
On 24/10/2023 08:14, Jan Beulich wrote:
On 23.10.2023 22:44, Stefano Stabellini wrote:
On Mon, 23 Oct 2023, Jan Beulich wrote:
On 23.10.2023 15:19, Nicola Vetrini wrote:
On 23/10/2023 11:19, Nicola Vetrini wrote:
On 23/10/2023 09:48, Jan Beulich wrote:
On 20.10.2023 17:28, Nicola Vetrini
On 25/10/2023 15:44, Jan Beulich wrote:
On 25.10.2023 15:22, Nicola Vetrini wrote:
The clauses of a switch should be enclosed directly by a switch
statement to make the code more easily understandable and less
prone to errors.
Signed-off-by: Nicola Vetrini
---
This patch is mainly indended
On 24/10/2023 21:50, Stefano Stabellini wrote:
On Tue, 24 Oct 2023, Nicola Vetrini wrote:
On 24/10/2023 10:14, Jan Beulich wrote:
> On 24.10.2023 10:01, Nicola Vetrini wrote:
> > On 24/10/2023 09:50, Jan Beulich wrote:
> > > On 23.10.2023 11:56, Nicola Vetrini wrote:
The clauses of a switch should be enclosed directly by a switch
statement to make the code more easily understandable and less
prone to errors.
Signed-off-by: Nicola Vetrini
---
This patch is mainly indended to probe how the community, especially the
maintainers, would receive such modifications
On 24/10/2023 16:56, Jan Beulich wrote:
On 24.10.2023 16:31, Nicola Vetrini wrote:
@@ -225,8 +225,8 @@ static const struct dmi_system_id __initconstrel
reboot_dmi_table[] = {
.ident = "Dell OptiPlex 745",
.matches = {
DMI_MATCH(DMI_SYS_VENDOR,
Fully explicit initialization of the cmd array resolves a violation of
MISRA C:2012 Rule 9.3.
Signed-off-by: Nicola Vetrini
---
xen/drivers/passthrough/amd/iommu_cmd.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/xen/drivers/passthrough/amd/iommu_cmd.c
b/xen/drivers
_BOARD_NAME, "30B7"),
+{}, {}
}
Note that Rule 9.3 is not about array elements that may be uninitialized, but
the fact of having some explicitly initialized elements and some implicitly
initialized elements.
Nicola Vetrini (4):
x86/ioemul: address MISRA C:2012 Rule 9.3
Partially explicitly initalized .matches arrays result in violations
of Rule 9.3; this is resolved by using designated initializers,
which is permitted by the Rule.
Mechanical changes.
Signed-off-by: Nicola Vetrini
---
xen/arch/x86/shutdown.c | 152
1
Partially explicitly initalized .matches arrays result in violations
of Rule 9.3; this is resolved by using designated initializers,
which is permitted by the Rule.
Mechanical changes.
Signed-off-by: Nicola Vetrini
---
xen/arch/x86/hvm/quirks.c | 20 ++--
1 file changed, 10
Partially explicitly initalized .matches arrays result in violations
of Rule 9.3; this is resolved by using designated initializers,
which is permitted by the Rule.
Mechanical changes.
Signed-off-by: Nicola Vetrini
---
xen/arch/x86/ioport_emulate.c | 32
1 file
As specified in rules.rst, these constants can be used
in the code.
Signed-off-by: Nicola Vetrini
---
Changes in v2:
- replace some SAF deviations with configurations
Changes in v3:
- refine configurations and justifications
---
automation/eclair_analysis/ECLAIR/deviations.ecl | 10
On 24/10/2023 10:14, Jan Beulich wrote:
On 24.10.2023 10:01, Nicola Vetrini wrote:
On 24/10/2023 09:50, Jan Beulich wrote:
On 23.10.2023 11:56, Nicola Vetrini wrote:
As stated in rules.rst, functions used only in asm code
are allowed to have no prior declaration visible when being
defined
On 24/10/2023 10:12, Jan Beulich wrote:
On 24.10.2023 09:58, Nicola Vetrini wrote:
On 24/10/2023 09:32, Jan Beulich wrote:
On 23.10.2023 11:56, Nicola Vetrini wrote:
--- a/xen/arch/x86/include/asm/asm_defns.h
+++ b/xen/arch/x86/include/asm/asm_defns.h
@@ -31,6 +31,7 @@ asm ( "\
On 24/10/2023 09:50, Jan Beulich wrote:
On 23.10.2023 11:56, Nicola Vetrini wrote:
As stated in rules.rst, functions used only in asm code
are allowed to have no prior declaration visible when being
defined, hence these functions are deviated.
This also fixes violations of MISRA C:2012 Rule 8.4
On 24/10/2023 09:32, Jan Beulich wrote:
On 23.10.2023 11:56, Nicola Vetrini wrote:
--- a/xen/arch/x86/include/asm/asm_defns.h
+++ b/xen/arch/x86/include/asm/asm_defns.h
@@ -31,6 +31,7 @@ asm ( "\t.equ CONFIG_INDIRECT_THUNK, "
* gets set up by the containing function.
On 23/10/2023 17:00, Julien Grall wrote:
On 23/10/2023 15:51, Nicola Vetrini wrote:
Hi,
Hi Nicola,
while taking care of some patches regarding MISRA C Rule 2.1 (code
shouldn't be unreachable), I
came across this function:
long subarch_do_domctl(struct xen_domctl *domctl, struct domain *d
EINVAL and similar);
- remove the break, but I consider this a risky move, unless -ENOSYS
would be an ok value to be returned if some case
from the switch above does not have a return statement.
What would be the preferred way of addressing this violation?
--
Nicola Vetrini, BSc
Software Engineer, BUGSE
On 23/10/2023 11:19, Nicola Vetrini wrote:
On 23/10/2023 09:48, Jan Beulich wrote:
On 20.10.2023 17:28, Nicola Vetrini wrote:
--- a/automation/eclair_analysis/ECLAIR/deviations.ecl
+++ b/automation/eclair_analysis/ECLAIR/deviations.ecl
@@ -246,6 +246,12 @@ constant expressions are required
On 18/10/2023 23:33, Stefano Stabellini wrote:
On Wed, 18 Oct 2023, Julien Grall wrote:
On 18/10/2023 13:52, Nicola Vetrini wrote:
> On 18/10/2023 14:38, Julien Grall wrote:
> > Hi Nicola,
> >
> > On 18/10/2023 13:30, Nicola Vetrini wrote:
> > > On 17/10/2023 15:2
On 23/10/2023 12:23, Jan Beulich wrote:
On 23.10.2023 11:56, Nicola Vetrini wrote:
These files should not conform to MISRA guidelines at the moment,
therefore they are added to the exclusion list.
Signed-off-by: Nicola Vetrini
---
These exclusions are automatically picked up by ECLAIR's
On 23/10/2023 12:21, Jan Beulich wrote:
On 23.10.2023 11:56, Nicola Vetrini wrote:
The stub definition of 'consoled_guest_tx' can be removed, since its
its single caller uses the implementation built with PV_SHIM enabled.
Fixes: 5ef49f185c2d ("x86/pv-shim: shadow PV console's page f
These files should not conform to MISRA guidelines at the moment,
therefore they are added to the exclusion list.
Signed-off-by: Nicola Vetrini
---
These exclusions are automatically picked up by ECLAIR's automation
to hide reports originating from these files.
Changes in v4:
- Fixed typo
The missing header makes the declaration visible when the function
is defined, thereby fixing a violation of MISRA C:2012 Rule 8.4.
Fixes: 1366a0e76db6 ("x86/vm_event: add hvm/vm_event.{h,c}")
Signed-off-by: Nicola Vetrini
Acked-by: Tamas K Lengyel
---
xen/arch/x86/hvm/vm_event.c | 1
As stated in rules.rst, functions used only in asm code
are allowed to have no prior declaration visible when being
defined, hence these functions are deviated.
This also fixes violations of MISRA C:2012 Rule 8.4.
Signed-off-by: Nicola Vetrini
Reviewed-by: Stefano Stabellini
---
Changes in v3
To avoid a violation of MISRA C:2012 Rule 8.4, as permitted
by docs/misra/rules.rst.
Signed-off-by: Nicola Vetrini
Reviewed-by: Stefano Stabellini
---
Changes in v3:
- Edited commit message
- Add two new variables
---
xen/arch/x86/include/asm/asm_defns.h | 1 +
xen/arch/x86/setup.c
The function is used only within this file, and therefore can be static.
No functional change.
Signed-off-by: Nicola Vetrini
Acked-by: Tamas K Lengyel
---
Changes in v3:
- style fix
---
xen/arch/x86/mm/mem_access.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/xen
The declarations for {create,replace}_grant_p2m_mapping are
not visible when these functions are defined, therefore the right
header needs to be included to allow them to be visible.
Signed-off-by: Nicola Vetrini
Reviewed-by: Stefano Stabellini
---
Changes in v3:
- asm/paging.h can be replaced
to be exempted, while the other instances are either changed
(e.g., making them static) or a missing header inclusion is added.
Nicola Vetrini (8):
xen: modify or add declarations for variables where needed
x86: add deviations for variables only used in asm code
x86: add deviation comments for asm-only
The stub definition of 'consoled_guest_tx' can be removed, since its
its single caller uses the implementation built with PV_SHIM enabled.
Fixes: 5ef49f185c2d ("x86/pv-shim: shadow PV console's page for L2 DomU")
Signed-off-by: Nicola Vetrini
---
xen/include/xen/consoled.h | 7 -
/ while making
the variable static.
Signed-off-by: Nicola Vetrini
---
Changes in v2:
- make xenpf_lock static on ARM
Changes in v3:
- moved back code from symbols.h to symbols.c
- dropped two declarations, now deviated
Changes in v4:
- revise commit message
---
xen/arch/arm/include/asm/setup.h | 3
On 23/10/2023 09:48, Jan Beulich wrote:
On 20.10.2023 17:28, Nicola Vetrini wrote:
--- a/automation/eclair_analysis/ECLAIR/deviations.ecl
+++ b/automation/eclair_analysis/ECLAIR/deviations.ecl
@@ -246,6 +246,12 @@ constant expressions are required.\""
"any()"}
-
On 23/10/2023 10:47, Jan Beulich wrote:
On 23.10.2023 10:44, Nicola Vetrini wrote:
3. an use of MASK_EXTR() in x86/hvm/svm/emulate.c appears, with
octal
constants in the expansion. This will be deviated;
This is what I'm concerned of: How do you know up front whether
such
new
uses
On 23/10/2023 10:44, Nicola Vetrini wrote:
3. an use of MASK_EXTR() in x86/hvm/svm/emulate.c appears, with
octal
constants in the expansion. This will be deviated;
This is what I'm concerned of: How do you know up front whether such
new
uses want deviating?
I understand you concern now
== MASK_EXTR(instr_modrm, 0007) ) /* octal-ok */
return emul_len;
It does not really fit in the SAF framework, because the deviation is
still done with a
configuration, but at least it gives some clear indication on how to
introduce an octal
constant in this file.
--
Nicola Vetrin
On 23/10/2023 08:34, Jan Beulich wrote:
On 20.10.2023 16:58, Nicola Vetrini wrote:
On 20/10/2023 15:24, Jan Beulich wrote:
On 20.10.2023 12:33, Nicola Vetrini wrote:
On 20/10/2023 08:38, Jan Beulich wrote:
On 19.10.2023 18:34, Nicola Vetrini wrote:
On 19/10/2023 17:57, Jan Beulich wrote
On 20/10/2023 19:03, Julien Grall wrote:
Hi Nicola,
On 20/10/2023 16:28, Nicola Vetrini wrote:
diff --git a/xen/include/xen/macros.h b/xen/include/xen/macros.h
index d0caae7db298..49f3ebf848e9 100644
--- a/xen/include/xen/macros.h
+++ b/xen/include/xen/macros.h
@@ -8,8 +8,11 @@
#define
-by: Nicola Vetrini
---
Eventually __fix_to_virt may become an inline function; in that case,
it should retain unsigned int as its parameter type.
Changes in v3:
- style fix
- Add missing S-o-b
---
xen/arch/x86/include/asm/io_apic.h | 7 ---
1 file changed, 4 insertions(+), 3 deletions(-)
diff
-off-by: Nicola Vetrini
---
Changes in v3:
- edited comment
---
docs/misra/safe.json| 8
xen/include/xen/iommu.h | 1 +
xen/include/xen/types.h | 5 +
3 files changed, 14 insertions(+)
diff --git a/docs/misra/safe.json b/docs/misra/safe.json
index 39c5c056c7d4..952324f85cf9
The definition of PDX_GROUP_COUNT causes violations of
MISRA C:2012 Rule 10.1, therefore the problematic part now uses
the LOWEST_BIT macro, which encapsulates the pattern.
Signed-off-by: Nicola Vetrini
Reviewed-by: Stefano Stabellini
---
xen/include/xen/pdx.h | 2 +-
1 file changed, 1
The purpose of this macro is to encapsulate the well-known expression
'x & -x', that in 2's complement architectures on unsigned integers will
give 2^ffs(x), where ffs(x) is the position of the lowest set bit in x.
A deviation for ECLAIR is also introduced.
Signed-off-by: Nicola Vet
The definition of MC_NCLASSES contained a violation of MISRA C:2012
Rule 10.1, therefore by moving it as an enumeration constant resolves the
violation and makes it more resilient to possible additions to that enum.
Signed-off-by: Nicola Vetrini
---
This patch has already been picked up
The various definitions of macro CNT (and the related BUILD_BUG_ON)
can be rewritten using LOWEST_BIT, encapsulating a violation of
MISRA C:2012 Rule 10.1.
Signed-off-by: Nicola Vetrini
Reviewed-by: Stefano Stabellini
---
xen/arch/x86/x86_64/mm.c | 12 ++--
1 file changed, 6 insertions
BUILD_BUG_ON is the preferred way to induce a build error
upon statically determined incorrect conditions.
This also fixes a MISRA C:2012 Rule 10.1 violation in the
previous formulation.
Signed-off-by: Nicola Vetrini
---
Changes in v2:
- replace the construct with a BUILD_BUG_ON.
Changes in v3
401 - 500 of 947 matches
Mail list logo