[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: MISRA violations in hypercall-defs

  • To: Stefano Stabellini <sstabellini@xxxxxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Wed, 9 Aug 2023 08:24:10 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ZcQPoU4wDplfHrsiYLp28heQKr7vwf8EIERgo5gXJWM=; b=UNcMeBu49OW/B+MK33TqQwm2SrzKDFbA4WXV6S7PLUF78WFe0rIO7NIRiRO1XW8jz2/Fd99G4evTKkCfe4K7RRfeHVD8lfyus+stjfYj1fdRkqdlTGRNCqpn+A9tbvFVE1/CKU48kM1ADQ6+Xe9s2gREtBoUn5XgR7/adWSJEPDzt/5wEllMNg9KBTs/ZlvJBXmf5jI9lEpGs9SUYG3LaZQFYgDreO27THhQKN8nC0EolSoYerxo/rFG1WQJFHxqWaTU2BHPEqoCLqcztnLOPYvrciKDolvBbrhRq4vYLte5NebajldnMCavoxTEy1L3ejTvv+NAlsWhVZNXyP6j5A==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Hm5Q5MPJkaGWVRSFijfYYlwflyp6YVPFEwnGyUTBDcz125Byvb44H/oy2jVgN3RwqL5l1LY4Cb2e1yS8bvYLVPIQN4fjEVb0qaBNT4+FhGTcw+H1HoUjqNFrLDliMAlnIpW+8cB5Vk4hlaJFA4ANkhXFV5JPYuXHjoXGItDXbWTRTCvEgSk7oyC1Ca+mv/d8n4BFMutY1+J/uas/YHHaXmRm0w44+yNZwu5D/bmERjQ8piWN12t0vXN7XX8Zv6q5Ykh/ZIJQy2AZh9ebId/2zLoQ8VDSYHerNsTqSv7u8rNb4yEcn/nXqZevHawuE/EMe9QSIBsypctLxeI2baDPHQ==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
  • Cc: Federico Serafini <federico.serafini@xxxxxxxxxxx>, jgross@xxxxxxxx, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, "consulting@xxxxxxxxxxx" <consulting@xxxxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Wed, 09 Aug 2023 06:24:36 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 09.08.2023 01:22, Stefano Stabellini wrote:
> On Tue, 8 Aug 2023, Jan Beulich wrote:
>> On 08.08.2023 10:47, Federico Serafini wrote:
>>> Hello everyone.
>>>
>>> I would like to to ask your opinion about the auto-generated file
>>> xen/include/xen/hypercall-defs.h which contains some violations of
>>> MISRA C:2012 Rule 8.3:
>>> "All declarations of an object or function shall use the same names and
>>> type qualifiers".
>>>
>>> Such violations can be seen at the following links
>>> (copy and paste the link on you browser, including also the characters
>>> after the '#'):
>>>
>>> - arm
>>> https://saas.eclairit.com:3787/fs/var/local/eclair/XEN.ecdf/ECLAIR_normal/origin/staging/ARM64-Set1/218/PROJECT.ecd;/by_service/MC3R1.R8.3.html#{"select":true,"selection":{"hiddenAreaKinds":[],"hiddenSubareaKinds":[],"show":true,"selector":{"enabled":true,"negated":false,"kind":2,"children":[{"enabled":true,"negated":false,"kind":0,"domain":"file","inputs":[{"enabled":true,"text":"xen/include/xen/hypercall-defs.h"}]}]}}}
>>>
>>> - x86
>>> https://saas.eclairit.com:3787/fs/var/local/eclair/XEN.ecdf/ECLAIR_normal/origin/staging/X86_64-Set1/218/PROJECT.ecd;/by_service/MC3R1.R8.3.html#{"select":true,"selection":{"hiddenAreaKinds":[],"hiddenSubareaKinds":[],"show":true,"selector":{"enabled":true,"negated":false,"kind":2,"children":[{"enabled":true,"negated":false,"kind":0,"domain":"file","inputs":[{"enabled":true,"text":"xen/include/xen/hypercall-defs.h"}]}]}}}
>>>
>>> Some of the violations are due to mismatches on the return types
>>> and the use of `ret_t`.
>>
>> We already said that ret_t will need deviating. For parameter names
>> it ought to be possible to suitably rename, like done elsewhere. Whether
>> that means renaming in the generator script or in the definitions likely
>> again needs judging on a case-by-case basis.
> 
> Is it the case that ret_t is purposedly defined as 'long' for 64-bit x86
> guests and 'int' for 32-bit x86 guests?

Yes.

> I am asking because it looks like we don't use ret_t at all on ARM and
> on the public interfaces.

And I wonder how you get away with this. Aiui hypercall return values are
32-bit on Arm32, so I'd expect you to be at risk of truncation issues in
a limited set of cases (see in particular the bottom of compat_memory_op(),
where out-of-range values are saturated rather than truncated). But maybe
in practice this can't happen?

Jan

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.