[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[xen staging] xen: rework deviation to address varargs MISRA violations

commit c89b864a8ec7317457458ff514eb1bfe778ebed8
Author:     Nicola Vetrini <nicola.vetrini@xxxxxxxxxxx>
AuthorDate: Wed Dec 31 12:22:52 2025 +0100
Commit:     Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
CommitDate: Mon Jan 5 20:34:36 2026 +0000

    xen: rework deviation to address varargs MISRA violations
    
    MISRA C Rule 17.1 prohibits the use of the features that support
    variadic functions. Make the deviation already in place for controlled
    use of such features more general, relying on the presence of the
    `format' attribute on the function declaration.
    
    Add attributes where missing in order to avoid special-casing
    certain functions that use variadic arguments.
    
    Signed-off-by: Nicola Vetrini <nicola.vetrini@xxxxxxxxxxx>
    Reviewed-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
---
 automation/eclair_analysis/ECLAIR/deviations.ecl | 12 +++++-------
 docs/misra/deviations.rst                        |  6 ++++--
 xen/common/libelf/libelf-private.h               |  4 +++-
 xen/drivers/char/console.c                       |  4 +++-
 4 files changed, 15 insertions(+), 11 deletions(-)

diff --git a/automation/eclair_analysis/ECLAIR/deviations.ecl 
b/automation/eclair_analysis/ECLAIR/deviations.ecl
index 219ba6993b..7dee4a488d 100644
--- a/automation/eclair_analysis/ECLAIR/deviations.ecl
+++ b/automation/eclair_analysis/ECLAIR/deviations.ecl
@@ -570,13 +570,11 @@ safe."
 # Series 17.
 #
 
--doc_begin="printf()-like functions are allowed to use the variadic features 
provided by stdarg.h."
--config=MC3A2.R17.1,reports+={deliberate,"any_area(^.*va_list.*$&&context(ancestor_or_self(^.*printk\\(.*\\)$)))"}
--config=MC3A2.R17.1,reports+={deliberate,"any_area(^.*va_list.*$&&context(ancestor_or_self(^.*printf\\(.*\\)$)))"}
--config=MC3A2.R17.1,reports+={deliberate,"any_area(^.*va_list.*$&&context(ancestor_or_self(name(panic)&&kind(function))))"}
--config=MC3A2.R17.1,reports+={deliberate,"any_area(^.*va_list.*$&&context(ancestor_or_self(name(elf_call_log_callback)&&kind(function))))"}
--config=MC3A2.R17.1,reports+={deliberate,"any_area(^.*va_list.*$&&context(ancestor_or_self(name(vprintk_common)&&kind(function))))"}
--config=MC3A2.R17.1,macros+={hide , "^va_(arg|start|copy|end)$"}
+-doc_begin="printf()-like or scanf()-like functions are allowed to use the 
variadic features provided by stdarg.h,
+provided that they are declared using the `format' attribute."
+-decl_selector+={format_attr, "property(format)"}
+-config=MC3A2.R17.1,reports+={deliberate, 
"any_area(^.*va_list.*$&&context(ancestor_or_self(format_attr)))"}
+-config=MC3A2.R17.1,macros+={deliberate , "^va_(arg|start|copy|end)$"}
 -doc_end
 
 -doc_begin="Not using the return value of a function does not endanger safety 
if it coincides with an actual argument."
diff --git a/docs/misra/deviations.rst b/docs/misra/deviations.rst
index b3431ef24e..0d90f5886e 100644
--- a/docs/misra/deviations.rst
+++ b/docs/misra/deviations.rst
@@ -570,8 +570,10 @@ Deviations related to MISRA C:2012 Rules:
      - Tagged as `deliberate` for ECLAIR.
 
    * - R17.1
-     - printf()-like functions  are allowed to use the variadic features 
provided
-       by `stdarg.h`.
+     - printf()-like or scanf()-like functions are allowed to use the variadic
+       features provided by `stdarg.h`, provided that they are declared using
+       __attribute__((format(...))) which enables compiler type-checking of
+       the variadic parameters.
      - Tagged as `deliberate` for ECLAIR.
 
    * - R17.7
diff --git a/xen/common/libelf/libelf-private.h 
b/xen/common/libelf/libelf-private.h
index e5c9cc1099..c19b628069 100644
--- a/xen/common/libelf/libelf-private.h
+++ b/xen/common/libelf/libelf-private.h
@@ -84,7 +84,9 @@
 #define elf_err(elf, fmt, args ... )                    \
     elf_call_log_callback(elf, 1, fmt , ## args );
 
-void elf_call_log_callback(struct elf_binary*, bool iserr, const char 
*fmt,...);
+void
+__attribute__ ((format (printf, 3, 4)))
+elf_call_log_callback(struct elf_binary *elf, bool iserr, const char *fmt, 
...);
 
 #define safe_strcpy(d,s)                        \
 do { strncpy((d),(s),sizeof((d))-1);            \
diff --git a/xen/drivers/char/console.c b/xen/drivers/char/console.c
index a996051035..2bdb4d5fb4 100644
--- a/xen/drivers/char/console.c
+++ b/xen/drivers/char/console.c
@@ -969,7 +969,9 @@ static void printk_start_of_line(const char *prefix)
     __putstr(tstr);
 }
 
-static void vprintk_common(const char *fmt, va_list args, const char *prefix)
+static void
+__attribute__ ((format (printf, 1, 0)))
+vprintk_common(const char *fmt, va_list args, const char *prefix)
 {
     struct vps {
         bool continued, do_print;
--
generated by git-patchbot for /home/xen/git/xen.git#staging

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.