On Tue, Nov 19, 2024 at 03:29:58PM +0100, Jan Beulich wrote: > On 19.11.2024 11:34, Roger Pau Monne wrote: > > The current guards to select whether user accesses should be speculative > > hardened violate Misra rule 20.7, as the UA_KEEP() macro doesn't (and can't) > > parenthesize the 'args' argument. > > > > Change the logic so the guard is implemented inside the assembly block using > > the .if assembly directive. > > Hmm, interesting idea. I don't overly like emitting stuff to pre-processed > and even assembly files, but doing so is probably warranted here. > Nevertheless: > Did we consider at all to deviate these macros instead?
I think the proposal is not overly ugly, as I would otherwise simply suggest to deviate. I'm assuming the preference is to attempt to fix when possible rather than deviate. > > --- a/xen/arch/x86/usercopy.c > > +++ b/xen/arch/x86/usercopy.c > > @@ -11,23 +11,23 @@ > > #include <asm/uaccess.h> > > > > #ifndef GUARD > > -# define GUARD UA_KEEP > > +# define GUARD 1 > > #endif > > At least in cases like this one I think a comment is necessary, perhaps as > terse as /* Keep */ (and /* Drop */ further down). Right, can adjust if we agree this is the way forward. Thanks, Roger.
