On 18/02/2026 9:03 am, Jan Beulich wrote: > As per the standard this is UB, i.e. we're building on a defacto extension > in the compilers we use. Misra C:2012 rule 20.6 disallows this altogether, > though. Use helper always-inline functions instead. > > In sh_audit_l1_table(), along with reducing the scope of "gfn", which now > isn't used anymore by the if() side of the conditional, also reduce the > scope of two other adjacent variables. > > For audit_magic() note that both which parameters are needed and what > their types are is attributed to AUDIT_FAIL() accessing variables which > aren't passed as arguments to it. > > No functional change intended. Of course codegen does change with this, > first and foremost in register allocation. > > Reported-by: Andrew Cooper <[email protected]> > Signed-off-by: Jan Beulich <[email protected]>
I included this patch on an interim branch of other MISRA fixes of mine to get a run. https://gitlab.com/xen-project/hardware/xen-staging/-/jobs/13198988953 There's one more violation still to fix: if ( unlikely((level == 1) && sh_mfn_is_a_page_table(target_mfn) #if (SHADOW_OPTIMIZATIONS & SHOPT_OUT_OF_SYNC ) /* Unless the page is out of sync and the guest is writing to it. */ && !(mfn_oos_may_write(target_mfn) && (ft == ft_demand_write)) #endif /* OOS */ ) ) sflags &= ~_PAGE_RW; I also looked at this one previously. Making mfn_oos_may_write() visible outside of SHOPT_OUT_OF_SYNC is quite invasive. Here, I suggest dropping the unlikely() as the easiest fix. It's almost certainly useless anyway. ~Andrew
