Xen project Mailing List

Re: Refactor arm64/domctl.c 'subarch_do_domctl' to avoid unreachable break.

To: Julien Grall <julien@xxxxxxx>, Nicola Vetrini <nicola.vetrini@xxxxxxxxxxx>

Date: Mon, 23 Oct 2023 17:15:05 +0200

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=+kuldSlnsq415uKZxPnLAmQCMTTneUav96+JxPDVRgo=; b=iesaaqoGMCIU1fdz7gxYMLwDOb7LeDAkkYEpRgMVT4buM457ZH5/iHpywOa5dP6oLwDExyyXSVeNFPZ6TjssFJAWb5aUwT8gQpbuY8YBvhfZN39nQbDFLAlOF8Yi+xwNe2JAuu+qxEpirPF1hC4I65G0uVmSGKN7xabwsk4S0ZtLckdecUlyJUN1h8/+OyXXLr71avAo5RCR8lhc728ILI4DukR2peJ9f4QND6kLXVZTQIqHfvNAVYi3OSYlleFcGkTc3YdZt0/6v1u1BqGBU0ma8sLudi2TV4k2C9I32Jgkn/qb3kMDZ/HBulHRY7da7u8ci+SFP9dU4R0JnhBHkw==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=laEQG/hnAr1L6cX0YNRysKfNwSibbAdnEzuKIg7GAvwAtiSmNwsyXpSz5C2507E6Sve8hzqhm+J/UPdPKjAc9e8a+4h2wtdGxHmhjI6e8X3tLs4oLE1FU5SM0bAgRJP7b5+M8OoTpmEqldOU9qj0J/SgnI6ea4OoUemo20Dzt18SsvqhDpTV+IoQ0sDdzGpZ8xQWsKfZzROVQ+njg2dcSm8ssGGovx/WrvsopfcQ2PsFvamkkKgNRHoxjfVeOCxCf6N3dJsO9qafYCMo0SzpZBKKVbJ1ZX6/FHKSHvVth9m1X8DrhdNustLqvpT86oT+Ij8wqN9rHZlW0ei5+i6EJg==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;

Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, consulting@xxxxxxxxxxx, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>

Delivery-date: Mon, 23 Oct 2023 15:15:16 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 23.10.2023 17:00, Julien Grall wrote: > > > On 23/10/2023 15:51, Nicola Vetrini wrote: >> Hi, > > Hi Nicola, > >> while taking care of some patches regarding MISRA C Rule 2.1 (code >> shouldn't be unreachable), I >> came across this function: >> >> long subarch_do_domctl(struct xen_domctl *domctl, struct domain *d, >> XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl) >> { >> switch ( domctl->cmd ) >> { >> case XEN_DOMCTL_set_address_size: >> switch ( domctl->u.address_size.size ) >> { >> case 32: >> if ( !cpu_has_el1_32 ) >> return -EINVAL; >> /* SVE is not supported for 32 bit domain */ >> if ( is_sve_domain(d) ) >> return -EINVAL; >> return switch_mode(d, DOMAIN_32BIT); >> case 64: >> return switch_mode(d, DOMAIN_64BIT); >> default: >> return -EINVAL; >> } >> break; >> >> default: >> return -ENOSYS; >> } >> } >> >> here the break after the innermost switch is clearly unreachable, but >> it's also guarding a possible fallthrough. >> I can see a couple of solutions to this: >> >> - mark the part after the switch unreachable; >> - introduce a variable 'long rc' to store the return value, and >> consequently rework the control flow of all the switches >> (e.g. rc = -EINVAL and similar); >> - remove the break, but I consider this a risky move, unless -ENOSYS >> would be an ok value to be returned if some case >> from the switch above does not have a return statement. > > - move the nested switch in a separate function, so the code in > subarch_do_domctl() can be replaced with: > > return set_address_size(...); But that would help only if inside the new function you still re- layout the switch() (or replace it by, say, if/else-if/else), wouldn't it? Jan

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.