On 12.09.2023 12:05, Simone Ballarin wrote:
> On 12/09/23 11:52, Jan Beulich wrote:
>> On 12.09.2023 11:36, Simone Ballarin wrote:
>>> --- a/docs/misra/safe.json
>>> +++ b/docs/misra/safe.json
>>> @@ -36,6 +36,14 @@
>>> },
>>> {
>>> "id": "SAF-4-safe",
>>> + "analyser": {
>>> + "eclair": "MC3R1.D4.10"
>>> + },
>>> + "name": "Dir 4.10: direct inclusion guard before",
>>> + "text": "Headers with just the direct inclusion guard before
>>> the inclusion guard are safe."
>>> + },
>>> + {
>>> + "id": "SAF-5-safe",
>>> "analyser": {},
>>> "name": "Sentinel",
>>> "text": "Next ID to be used"
>>> diff --git a/xen/arch/arm/include/asm/hypercall.h
>>> b/xen/arch/arm/include/asm/hypercall.h
>>> index ccd26c5184..24f8c61a73 100644
>>> --- a/xen/arch/arm/include/asm/hypercall.h
>>> +++ b/xen/arch/arm/include/asm/hypercall.h
>>> @@ -1,3 +1,4 @@
>>> +/* SAF-3-safe direct inclusion guard before */
>>> #ifndef __XEN_HYPERCALL_H__
>>> #error "asm/hypercall.h should not be included directly - include
>>> xen/hypercall.h instead"
>>> #endif
>>> diff --git a/xen/arch/x86/include/asm/hypercall.h
>>> b/xen/arch/x86/include/asm/hypercall.h
>>> index ec2edc771e..dfdfe80021 100644
>>> --- a/xen/arch/x86/include/asm/hypercall.h
>>> +++ b/xen/arch/x86/include/asm/hypercall.h
>>> @@ -2,6 +2,7 @@
>>> * asm-x86/hypercall.h
>>> */
>>>
>>> +/* SAF-3-safe direct inclusion guard before */
>>> #ifndef __XEN_HYPERCALL_H__
>>> #error "asm/hypercall.h should not be included directly - include
>>> xen/hypercall.h instead"
>>> #endif
>>> diff --git a/xen/include/xen/unaligned.h b/xen/include/xen/unaligned.h
>>> index 0a2b16d05d..190ada7800 100644
>>> --- a/xen/include/xen/unaligned.h
>>> +++ b/xen/include/xen/unaligned.h
>>> @@ -3,6 +3,7 @@
>>> * without faulting, and at least reasonably efficiently. Other
>>> architectures
>>> * will need to have a custom asm/unaligned.h.
>>> */
>>> +/* SAF-3-safe direct inclusion guard before */
>>> #ifndef __ASM_UNALIGNED_H__
>>> #error "xen/unaligned.h should not be included directly - include
>>> asm/unaligned.h instead"
>>> #endif
>>
>> Apart from the recurring off-by-1, will this have the intended effect of
>> Eclair still choking if there's then no inclusion guard following these
>> early constructs?
>
> No, if you put something between the direct inclusion guard and the
> inclusion guard, no violation will be generated.
Hmm, that's not good. But the question was also the other way around: Will
there be a violation reported if the ordinary inclusion guard is missing
altogether? I.e. will the tool continue looking for the guard it expects
despite the SAF-<n>-safe comment?
Jan
