|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [RFC PATCH 1/4] xen/arm: justify or initialize conditionally uninitialized variables
On 17/07/23 23:15, Julien Grall wrote: Hi Nicola,I am currently looking at the code to check if we can avoid some SAF-*. But I need some clarification on the usage.On 14/07/2023 12:49, Nicola Vetrini wrote:@@ -2914,6 +2924,7 @@ static int __init make_vpl011_uart_node(struct kernel_info *kinfo)void *fdt = kinfo->fdt; int res; gic_interrupt_t intr;This value will be passed to set_interrupt() which contains the following code:__be32 *cells = interrupt; [...] dt_set_cells(&cells, ....); Where gic_interrupt_t is: typedef __be32 gic_interrupt[3]; This is very similar to the pattern in ...+ /* SAF-1-safe MC3R1.R9.1*/ __be32 reg[GUEST_ROOT_ADDRESS_CELLS + GUEST_ROOT_SIZE_CELLS]; __be32 *cells; struct domain *d = kinfo->d;@@ -3435,6 +3446,7 @@ static void __init initrd_load(struct kernel_info *kinfo)paddr_t paddr, len; int node; int res; + /* SAF-1-safe MC3R1.R9.1 */ __be32 val[2];... here. cellp = (__be32 *)val; dt_set_cell(&cellp, ..., load_addr);Would you be able to explain why Eclair is complaining for this one but not the previous one?Cheers, It did complain, but I specified an always_write property on the first parameter of set_interrupt, because dt_set_cell does always write it trough the argument cells. (there are three calls to dt_set_cell, which means that the array is fully initialized). The difference is that initrd_load calls dt_set_cell directly. dt_set_cell does indeed initialize val[2], but only because it's called with the appropriate size. If the latter is wrapped in a function or macro, then I can add the same property as above and avoid the deviation. Regards, -- Nicola Vetrini, BSc Software Engineer, BUGSENG srl (https://bugseng.com)
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |