[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH RFC] xen: Enable -Wwrite-strings

  • To: Jan Beulich <jbeulich@xxxxxxxx>
  • From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
  • Date: Wed, 17 May 2023 18:00:03 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=nJ8lkht6TdctiW6ejDjlY9EIEIwLigIUk3YY2jjGu5Q=; b=L0qxd37hAPl33dQH5S8t951kVx+pNM7Sz6b5wUMaS3U3GIC3T2YwvUJ/N6Fvh/bROZSe5sMo8w5Hc/kMiramv7to5SoXB9dj+vHT9llYPqskPuCDiZUl7k6Wt4b4HfnFbInNt1nlyEGQbhxOIbVAgvFqHnSuacyJf67iE1+SfJ5qrIl4ImdDzsFnnNWQ7H6AMb6kQdtwcpe7hnX6OXrp0N/M758KuwOWv3d7/SJ8i33+vOqICeIPRjtlxol1dbJvyW8yJr59r5U1fTNIZFegfk61k1EJG02qtwBSJzYFVtXw7MvTfTSiggc271Cf5WJn8wJ62aBpNl6cbTQt36yg7w==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=AyI64KRT26G6xi7wckVUjBNgoY8M+ifJs6PoriYaHelupCgrFQ3JjA0lOgL6UAn+357Oa9IbRa8mAIEm5XS2URMDDgs8srDgYIMx5lZnwnPXZe1wp2H1IAF+giSTi8gCqppA6u4+gUeu2lao8fg7mLIikTzKNmvzngXIN9TuutWDWSCnBeGoi+44jIlhbCIIlS6reAY52FQ2rZj8JWm/rb/4/ErsOkaRxRzf6FglL06fmc5FbDAodBC4qreDuKKcvjGuA4xgazLrHO0ncaUuty2XK2A2vfliQn2D2cy00Tz9TrK2YkGnuYstZvEmswChGvvhT/WPH4eWbLa3QJei8w==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
  • Cc: Roger Pau Monné <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Wed, 17 May 2023 17:00:40 +0000
  • Ironport-data: A9a23:RNTLAa1OId5kK5ow4fbD5VFwkn2cJEfYwER7XKvMYLTBsI5bpzQCy WYXDW7TMvfYZTT3e94kPoWz8U8P6pfVm9BlSgFkpC1hF35El5HIVI+TRqvS04F+DeWYFR46s J9OAjXkBJppJpMJjk71atANlVEliefTAOK6ULWeUsxIbVcMYD87jh5+kPIOjIdtgNyoayuAo tq3qMDEULOf82cc3lk8tuTS+XuDgNyo4GlD5gFnOqgR1LPjvyJ94Kw3dPnZw0TQGuG4LsbiL 87fwbew+H/u/htFIrtJRZ6iLyXm6paLVeS/oiI+t5qK23CulQRrukoPD9IOaF8/ttm8t4sZJ OOhF3CHYVxB0qXkwIzxWvTDes10FfUuFLTveRBTvSEPpqFvnrSFL/hGVSkL0YMkFulfPHt05 6BEIyo2TRWM3+Op0ZWKQPVQv5F2RCXrFNt3VnBI6xj8VapjZK+ZBqLA6JlfwSs6gd1IEbDGf c0FZDFzbRPGJRpSJlMQD5F4l+Ct7pX9W2QA9BTJ+uxouC6Kkl0ZPLvFabI5fvSjQ8lPk1nej WXB52njWTkRNcCFyCrD+XWp7gPKtXqjCdhCSuXgqpaGhnXO2kwXUyNOTWeLnvbig2j9XpVtN 0g9r39GQa8asRbDosPGdx+yrWOAvxUcc8FNCOB84waIooLL5y6JC25CSSROAPQ9r9M/TzEu0 l6PnvvqCCZpvbnTTmiSnp+WsDezNC49PWIEIygeQmMt3d7np40iiwPVefxqGqW1k97dFCn5x naBqy1Wr78el9IR3qO3u1XOmSuxp4PhRxQwoA7QWwqN/g5/IYKoeYGswVza9upbapaUSEGbu 3oJkNTY6/oBZaxhjwSISeQJWbS2vfCMNWWAhUY1RsdwsTOw53SkYIZcpilkI1tkOdoFfjmvZ 1LPvQRW59lYO37CgbJLXr9dwv8ClcDIfekJnNiONLKivrAZmNe7wRxT
  • Ironport-hdrordr: A9a23:fwOETKu0Uu2nLK6MNVd64aeZ7skCa4Aji2hC6mlwRA09TyXGra 2TdaUgvyMc1gx7ZJhBo7+90We7MArhHO1OkO4s1NCZLXTbUQqTXftfBO7ZrwEIdBeOldK1uZ 0QFpSWTeeAdmSS7vyKnjVQcexB/DDvysnB64bjJjVWPHlXgslbnnhE422gYylLrWd9dPwE/d anl6h6T23KQwVqUi33PAhMYwCFzOe75q7OUFojPVoK+QOOhTSn5PrTFAWZ5A4XV3di0Kov6m /Mli3+/+GGv+ugwhHR+mfP59AO8eGRhudrNYipsIw4Oz/sggGnaMBIXKCDhik8pKWC+Usni9 7FpjYnJoBW52nKdm+4jBPx003L0Soo6VXl1ViE6EGT7PDRdXYfMY5slIhZehzW5w4Ju8x96r tC2ya8u4BMBR3NsSzh75yQPisa3HackD4Hq6o+nnZfWYwRZPt4qpEexlpcFNMlEDjh4I4qPe FyBIX35epQc3mdc3fF11Mfi+CEbzAWJFOrU0ICssua33x/m2149VIRwIglknIJ5PsGOu55zt WBFp4tuKBFT8cQY644LvwGW9GLBmvERg+JGH6OIHz8fZt3e07lmtrS2vEY9euqcJsHwN8Zg5 LaSm5VsmY0ZgbHFdCO5ptW6RrAKV/NHAgF8vsupaSRh4eMAYYCaUa4ORQTeoqb0rsi6/TgKr WO0Mk8OY6lEYPscbw5qzEWFaMib0X2a/dlyerTa2j+0/4jFbeaxtAzUMyjUoYFQgxUE1/XMz 8kYAXZAvlmwwSCZkLY6SKhLk8FPHaPsq5NLA==
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 17/05/2023 11:34 am, Jan Beulich wrote:
> On 16.05.2023 22:34, Andrew Cooper wrote:
>> Following on from the MISRA discussions.
>>
>> On x86, most are trivial.  The two slightly suspect cases are __hvm_copy()
>> where constness is dependent on flags,
> But do we ever pass string literals into there? I certainly would
> like to avoid the explicit casts to get rid of the const there.

The thing which trips it up is the constness of the cmdline param in the
construct_dom0() calltree.  It may have been tied up in the constness
from cmdline_cook() - I wasn't paying that much attention.

Irrespective, from a conceptual point of view, we ought to be able to
use the copy_to_* helpers from a const source.

>> and kextra in __start_xen() which only
>> compiles because of laundering the pointer through strstr().
> The sole string literal there looks to be the empty string in
> cmdline_cook(), which could be easily replaced, I think:
>
> static char * __init cmdline_cook(char *p, const char *loader_name)
> {
>     static char __initdata empty[] = "";
>
>     p = p ? : empty;
>
> Yet of course only if we were unhappy with the strstr() side effect.

It's quite possible we can do something better here.  This logic looks
unnecessarily complicated and fragile.

>
>> The one case which I can't figure out how to fix is EFI:
>>
>>   In file included from arch/x86/efi/boot.c:700:
>>   arch/x86/efi/efi-boot.h: In function ‘efi_arch_handle_cmdline’:
>>   arch/x86/efi/efi-boot.h:327:16: error: assignment discards ‘const’ 
>> qualifier from pointer target type [-Werror=discarded-qualifiers]
>>     327 |         name.s = "xen";
>>         |                ^
>>   cc1: all warnings being treated as errors
>>
>> Why do we have something that looks like this ?
>>
>>   union string {
>>       CHAR16 *w;
>>       char *s;
>>       const char *cs;
>>   };
> Because that was the least clutter (at respective use sites) that I
> could think of at the time. Looks like you could simply assign to
> name.cs, now that we have that field (iirc it wasn't there originally).
> Of course that's then only papering over the issue.

Well yes.  If it's only this one, we could use the same initconst trick
and delete the cs field, but I suspect the fields existence means it
would cause problems elsewhere.

>
>> --- a/xen/include/acpi/actypes.h
>> +++ b/xen/include/acpi/actypes.h
>> @@ -281,7 +281,7 @@ typedef acpi_native_uint acpi_size;
>>   */
>>  typedef u32 acpi_status;    /* All ACPI Exceptions */
>>  typedef u32 acpi_name;              /* 4-byte ACPI name */
>> -typedef char *acpi_string;  /* Null terminated ASCII string */
>> +typedef const char *acpi_string;    /* Null terminated ASCII string */
>>  typedef void *acpi_handle;  /* Actually a ptr to a NS Node */
> For all present uses that we have this change looks okay, but changing
> this header leaves me a little uneasy. At the same time I have no
> better suggestion.

I was honestly tempted to purge this typedef with prejudice.  Hiding
indirection like this is nothing but an obfuscation technique.

~Andrew

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.