On Thu, 23 Oct 2025, Dmytro Prokopchuk1 wrote:
> Given 'NextMemoryDescriptor()' macro is casting (UINT8 *) pointer to the
> (EFI_MEMORY_DESCRIPTOR *) pointer, which is not allowed by the MISRA C
> Rule 11.3 as they pointed to the different objects types.
>
> This macro is a part of the EFI imported code ('xen/include/efi/') and
> is deviated with a SAF comment.
>
> Signed-off-by: Dmytro Prokopchuk <[email protected]>
Reviewed-by: Stefano Stabellini <[email protected]>
I saw Jan's comment but I think this is OK
> ---
> docs/misra/safe.json | 8 ++++++++
> xen/arch/arm/efi/efi-boot.h | 1 +
> 2 files changed, 9 insertions(+)
>
> diff --git a/docs/misra/safe.json b/docs/misra/safe.json
> index 3584cb90c6..c5e193e0f7 100644
> --- a/docs/misra/safe.json
> +++ b/docs/misra/safe.json
> @@ -124,6 +124,14 @@
> },
> {
> "id": "SAF-15-safe",
> + "analyser": {
> + "eclair": "MC3A2.R11.3"
> + },
> + "name": "Rule 11.3: casting a pointer to object into a pointer
> to a different object",
> + "text": "Violation due to the use of 'NextMemoryDescriptor()'
> macro is allowed, as that is EFI imported code."
> + },
> + {
> + "id": "SAF-16-safe",
> "analyser": {},
> "name": "Sentinel",
> "text": "Next ID to be used"
> diff --git a/xen/arch/arm/efi/efi-boot.h b/xen/arch/arm/efi/efi-boot.h
> index 7844b9529e..a87004001b 100644
> --- a/xen/arch/arm/efi/efi-boot.h
> +++ b/xen/arch/arm/efi/efi-boot.h
> @@ -227,6 +227,7 @@ static EFI_STATUS __init
> efi_process_memory_map_bootinfo(EFI_MEMORY_DESCRIPTOR *
> }
> }
> #endif
> + /* SAF-15-safe casting a pointer */
> desc_ptr = NextMemoryDescriptor(desc_ptr, desc_size);
> }
>
> --
> 2.43.0
>
