Xen project Mailing List

Re: [PATCH] x86: remove memcmp calls non-compliant with Rule 21.16.

From: Demi Marie Obenour <demiobenour@xxxxxxxxx>

Date: Thu, 5 Jun 2025 11:25:01 -0400

Autocrypt: addr=demiobenour@xxxxxxxxx; keydata= xsFNBFp+A0oBEADffj6anl9/BHhUSxGTICeVl2tob7hPDdhHNgPR4C8xlYt5q49yB+l2nipd aq+4Gk6FZfqC825TKl7eRpUjMriwle4r3R0ydSIGcy4M6eb0IcxmuPYfbWpr/si88QKgyGSV Z7GeNW1UnzTdhYHuFlk8dBSmB1fzhEYEk0RcJqg4AKoq6/3/UorR+FaSuVwT7rqzGrTlscnT DlPWgRzrQ3jssesI7sZLm82E3pJSgaUoCdCOlL7MMPCJwI8JpPlBedRpe9tfVyfu3euTPLPx wcV3L/cfWPGSL4PofBtB8NUU6QwYiQ9Hzx4xOyn67zW73/G0Q2vPPRst8LBDqlxLjbtx/WLR 6h3nBc3eyuZ+q62HS1pJ5EvUT1vjyJ1ySrqtUXWQ4XlZyoEFUfpJxJoN0A9HCxmHGVckzTRl 5FMWo8TCniHynNXsBtDQbabt7aNEOaAJdE7to0AH3T/Bvwzcp0ZJtBk0EM6YeMLtotUut7h2 Bkg1b//r6bTBswMBXVJ5H44Qf0+eKeUg7whSC9qpYOzzrm7+0r9F5u3qF8ZTx55TJc2g656C 9a1P1MYVysLvkLvS4H+crmxA/i08Tc1h+x9RRvqba4lSzZ6/Tmt60DPM5Sc4R0nSm9BBff0N m0bSNRS8InXdO1Aq3362QKX2NOwcL5YaStwODNyZUqF7izjK4QARAQABzTxEZW1pIE1hcmll IE9iZW5vdXIgKGxvdmVyIG9mIGNvZGluZykgPGRlbWlvYmVub3VyQGdtYWlsLmNvbT7CwXgE EwECACIFAlp+A0oCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJELKItV//nCLBhr8Q AK/xrb4wyi71xII2hkFBpT59ObLN+32FQT7R3lbZRjVFjc6yMUjOb1H/hJVxx+yo5gsSj5LS 9AwggioUSrcUKldfA/PKKai2mzTlUDxTcF3vKx6iMXKA6AqwAw4B57ZEJoMM6egm57TV19kz PMc879NV2nc6+elaKl+/kbVeD3qvBuEwsTe2Do3HAAdrfUG/j9erwIk6gha/Hp9yZlCnPTX+ VK+xifQqt8RtMqS5R/S8z0msJMI/ajNU03kFjOpqrYziv6OZLJ5cuKb3bZU5aoaRQRDzkFIR 6aqtFLTohTo20QywXwRa39uFaOT/0YMpNyel0kdOszFOykTEGI2u+kja35g9TkH90kkBTG+a EWttIht0Hy6YFmwjcAxisSakBuHnHuMSOiyRQLu43ej2+mDWgItLZ48Mu0C3IG1seeQDjEYP tqvyZ6bGkf2Vj+L6wLoLLIhRZxQOedqArIk/Sb2SzQYuxN44IDRt+3ZcDqsPppoKcxSyd1Ny 2tpvjYJXlfKmOYLhTWs8nwlAlSHX/c/jz/ywwf7eSvGknToo1Y0VpRtoxMaKW1nvH0OeCSVJ itfRP7YbiRVc2aNqWPCSgtqHAuVraBRbAFLKh9d2rKFB3BmynTUpc1BQLJP8+D5oNyb8Ts4x Xd3iV/uD8JLGJfYZIR7oGWFLP4uZ3tkneDfYzsFNBFp+A0oBEAC9ynZI9LU+uJkMeEJeJyQ/ 8VFkCJQPQZEsIGzOTlPnwvVna0AS86n2Z+rK7R/usYs5iJCZ55/JISWd8xD57ue0eB47bcJv VqGlObI2DEG8TwaW0O0duRhDgzMEL4t1KdRAepIESBEA/iPpI4gfUbVEIEQuqdqQyO4GAe+M kD0Hy5JH/0qgFmbaSegNTdQg5iqYjRZ3ttiswalql1/iSyv1WYeC1OAs+2BLOAT2NEggSiVO txEfgewsQtCWi8H1SoirakIfo45Hz0tk/Ad9ZWh2PvOGt97Ka85o4TLJxgJJqGEnqcFUZnJJ riwoaRIS8N2C8/nEM53jb1sH0gYddMU3QxY7dYNLIUrRKQeNkF30dK7V6JRH7pleRlf+wQcN fRAIUrNlatj9TxwivQrKnC9aIFFHEy/0mAgtrQShcMRmMgVlRoOA5B8RTulRLCmkafvwuhs6 dCxN0GNAORIVVFxjx9Vn7OqYPgwiofZ6SbEl0hgPyWBQvE85klFLZLoj7p+joDY1XNQztmfA rnJ9x+YV4igjWImINAZSlmEcYtd+xy3Li/8oeYDAqrsnrOjb+WvGhCykJk4urBog2LNtcyCj kTs7F+WeXGUo0NDhbd3Z6AyFfqeF7uJ3D5hlpX2nI9no/ugPrrTVoVZAgrrnNz0iZG2DVx46 x913pVKHl5mlYQARAQABwsFfBBgBAgAJBQJafgNKAhsMAAoJELKItV//nCLBwNIP/AiIHE8b oIqReFQyaMzxq6lE4YZCZNj65B/nkDOvodSiwfwjjVVE2V3iEzxMHbgyTCGA67+Bo/d5aQGj gn0TPtsGzelyQHipaUzEyrsceUGWYoKXYyVWKEfyh0cDfnd9diAm3VeNqchtcMpoehETH8fr RHnJdBcjf112PzQSdKC6kqU0Q196c4Vp5HDOQfNiDnTf7gZSj0BraHOByy9LEDCLhQiCmr+2 E0rW4tBtDAn2HkT9uf32ZGqJCn1O+2uVfFhGu6vPE5qkqrbSE8TG+03H8ecU2q50zgHWPdHM OBvy3EhzfAh2VmOSTcRK+tSUe/u3wdLRDPwv/DTzGI36Kgky9MsDC5gpIwNbOJP2G/q1wT1o Gkw4IXfWv2ufWiXqJ+k7HEi2N1sree7Dy9KBCqb+ca1vFhYPDJfhP75I/VnzHVssZ/rYZ9+5 1yDoUABoNdJNSGUYl+Yh9Pw9pE3Kt4EFzUlFZWbE4xKL/NPno+z4J9aWemLLszcYz/u3XnbO vUSQHSrmfOzX3cV4yfmjM5lewgSstoxGyTx2M8enslgdXhPthZlDnTnOT+C+OTsh8+m5tos8 HQjaPM01MKBiAqdPgksm1wu2DrrwUi6ChRVTUBcj6+/9IJ81H2P2gJk3Ls3AVIxIffLoY34E +MYSfkEjBz0E8CLOcAw7JIwAaeBT

Delivery-date: Thu, 05 Jun 2025 15:25:29 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 6/5/25 02:31, Jan Beulich wrote: > On 05.06.2025 01:35, Stefano Stabellini wrote: >> From: Alessandro Zucchelli <alessandro.zucchelli@xxxxxxxxxxx> >> >> MISRA C Rule 21.16 states the following: "The pointer arguments to >> the Standard Library function `memcmp' shall point to either a pointer >> type, an essentially signed type, an essentially unsigned type, an >> essentially Boolean type or an essentially enum type". >> >> Comparing string literals with char arrays is more appropriately >> done via strncmp. > > More appropriately - maybe. Yet less efficiently. IOW I view ... > >> No functional change. > > ... this as at the edge of not being true. > >> Signed-off-by: Alessandro Zucchelli <alessandro.zucchelli@xxxxxxxxxxx> > > Missing your own S-o-b. > > Also (nit) may I ask that you drop the full stop from the patch subject? > >> --- a/xen/arch/x86/dmi_scan.c >> +++ b/xen/arch/x86/dmi_scan.c >> @@ -233,7 +233,7 @@ void __init dmi_efi_get_table(const void *smbios, const >> void *smbios3) >> const struct smbios_eps *eps = smbios; >> const struct smbios3_eps *eps3 = smbios3; >> >> - if (eps3 && memcmp(eps3->anchor, "_SM3_", 5) == 0 && >> + if (eps3 && strncmp(eps3->anchor, "_SM3_", 5) == 0 && > > Unlike the last example given in the doc, this does not pose the risk of > false "not equal" returns. Considering there's no example there exactly > matching this situation, I'm not convinced a change is actually needed. > (Applies to all other changes here, too.) > >> @@ -302,7 +302,7 @@ const char *__init dmi_get_table(paddr_t *base, u32 *len) >> continue; >> memcpy_fromio(&eps.dmi + 1, q + sizeof(eps.dmi), >> sizeof(eps.smbios3) - sizeof(eps.dmi)); >> - if (!memcmp(eps.smbios3.anchor, "_SM3_", 5) && >> + if (strncmp(eps.smbios3.anchor, "_SM3_", 5) == 0 && > > Here and below there's a further (style) change, moving from ! to "== 0" > (or from implicit boolean to "!= 0"). As we use the original style in many > other places, some justification for this extra change would be needed in > the description (or these extra adjustments be dropped). > >> @@ -720,10 +720,10 @@ static void __init efi_check_config(void) >> __set_fixmap(FIX_EFI_MPF, PFN_DOWN(efi.mps), __PAGE_HYPERVISOR); >> mpf = fix_to_virt(FIX_EFI_MPF) + ((long)efi.mps & (PAGE_SIZE-1)); >> >> - if (memcmp(mpf->mpf_signature, "_MP_", 4) == 0 && >> - mpf->mpf_length == 1 && >> - mpf_checksum((void *)mpf, 16) && >> - (mpf->mpf_specification == 1 || mpf->mpf_specification == 4)) { >> + if (strncmp(mpf->mpf_signature, "_MP_", 4) == 0 && >> + mpf->mpf_length == 1 && >> + mpf_checksum((void *)mpf, 16) && >> + (mpf->mpf_specification == 1 || mpf->mpf_specification == 4)) { >> smp_found_config = true; >> printk(KERN_INFO "SMP MP-table at %08lx\n", efi.mps); >> mpf_found = mpf; > > There are extra (indentation) changes here which ought to be dropped. What about using an array of const uint8_t[] instead of a string literal? -- Sincerely, Demi Marie Obenour (she/her/hers)

Attachment: OpenPGP_0xB288B55FFF9C22C1.asc
Description: OpenPGP public key

Attachment: OpenPGP_signature.asc
Description: OpenPGP digital signature

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.