| Message ID | d65fde9a39546d0b7c8433d2f8884ddb7b039fb9.1725958417.git.federico.serafini@bugseng.com (mailing list archive) |
|---|---|
| State | Superseded |
| Headers | show |
| Series | x86: address violations of MISRA C Rule 16.3 | expand |
On 10.09.2024 12:09, Federico Serafini wrote: > --- a/xen/drivers/vpci/msix.c > +++ b/xen/drivers/vpci/msix.c > @@ -364,6 +364,8 @@ static int adjacent_read(const struct domain *d, const struct vpci_msix *msix, > > default: > ASSERT_UNREACHABLE(); > + spin_unlock(&vpci->lock); > + return X86EMUL_UNHANDLEABLE; > } > spin_unlock(&vpci->lock); > > @@ -512,6 +514,8 @@ static int adjacent_write(const struct domain *d, const struct vpci_msix *msix, > > default: > ASSERT_UNREACHABLE(); > + spin_unlock(&vpci->lock); > + return X86EMUL_UNHANDLEABLE; > } > spin_unlock(&vpci->lock); Both functions only ever return X86EMUL_OKAY right now. I expect your change wants to be simple "break" insertions, yet I wonder why these functions aren't returning void then. Jan
diff --git a/xen/drivers/vpci/msix.c b/xen/drivers/vpci/msix.c index fbe710ab92..037f9a0449 100644 --- a/xen/drivers/vpci/msix.c +++ b/xen/drivers/vpci/msix.c @@ -364,6 +364,8 @@ static int adjacent_read(const struct domain *d, const struct vpci_msix *msix, default: ASSERT_UNREACHABLE(); + spin_unlock(&vpci->lock); + return X86EMUL_UNHANDLEABLE; } spin_unlock(&vpci->lock); @@ -512,6 +514,8 @@ static int adjacent_write(const struct domain *d, const struct vpci_msix *msix, default: ASSERT_UNREACHABLE(); + spin_unlock(&vpci->lock); + return X86EMUL_UNHANDLEABLE; } spin_unlock(&vpci->lock);
Add defensive code in unreachable program points. This also meets the requirements to deviate a violation of MISRA C:2012 Rule 16.3: "An unconditional `break' statement shall terminate every switch-clause". Signed-off-by: Federico Serafini <federico.serafini@bugseng.com> --- xen/drivers/vpci/msix.c | 4 ++++ 1 file changed, 4 insertions(+)