[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH 4/5] x86/shadow: split a nested max() invocation
- To: Jan Beulich <jbeulich@xxxxxxxx>
- From: Nicola Vetrini <nicola.vetrini@xxxxxxxxxxx>
- Date: Thu, 14 May 2026 07:08:17 +0200
- Arc-authentication-results: i=1; bugseng.com; arc=none smtp.remote-ip=162.55.131.47
- Arc-message-signature: i=1; d=bugseng.com; s=openarc; a=rsa-sha256; c=relaxed/relaxed; t=1778735297; h=MIME-Version:Date:From:To:Cc:Subject:In-Reply-To:References: Message-ID:X-Sender:Organization:Content-Type: Content-Transfer-Encoding; bh=7WnhF5P5oyrjZcB+Lkpp4p2tNB2BJVW4TYeLJP1ZrWw=; b=d5tQ8LtNIo1oRlyHywkztgwLysYOBQlMO5yni4ahpeRe2VEFmrNb51nhdtlDwesNhX+E RVgQGhOQxltaV1bfDkVZyaGwMsAFl8nDdI+3+PhuQi6HL+g5uFCYO42POGXerRexxaGF7 LG/RKYTKGXZZ4PENaEf/2J4ZN95oFy9bvf9sNTih9oWZgfKcOl2CmBkus0GTGxLwz5JL7 r3UoKo40ndIQIpUkH21If8t1f3AvAkj2v+ulMxvIb+l66f1NlSNRaVmZhkQ865RayEUv6 gsyXZAbNd+CvZrpROaUT0MC8zCXZy5y7r/O/wkiiSWwWeAL7pRSZoc9g0+ZChI/G+VWTf E30nFn5lDP9WDwgFuQs54BtYXcE7h1a85EfF2ExzNqbC8n/7IuCH2lk/AI78ZdBG4Lmtt 7pqZZDpNti/s8unYy0I+mBzFX6TNXjBi6QYjJOHuwJZMUW7nqTYpzkuVrZ7BqiSCJnBe3 x8BV6JM5gpxK6N3a976tWvt8GGoJxVHIFbY69abf5TT2osnfZuPxYIM+BGDAmTpkchSIH JSfttKvRfMpesHWc9dX9zvCtv/oe+SNU5hjwt9HccsnLO1TVapkXbWpPvj5Qum4lMwcaK j+I6PvdJvtXACAOzembfR1hsFYr61Gtl1zkJ+udj9kdZdDQD9QxVio6PDFulmoI=
- Arc-seal: i=1; d=bugseng.com; s=openarc; a=rsa-sha256; cv=none; t=1778735297; b=HU7ir73JHh4bqBYVlghZSSy9tINrqM0O46x9IbQsS9AtmVRo44wtvXLJRL00tHKcVMU9 P3s+s+Ms4n0Mgm0q+6WxHjidXTvGiTgGTmdvzq9sd0J1dEEb01vYBrbX8UfuvL7j8Yf1V jlM8/bTJkFLfW1akiId3fUcTIK267MVRA+dUeWXLM2U3+ifLxV0jAHiObj/GKeVNr8Mcm UAc2SFmdnr1cU3eMtWFNjX34QmMYKXqa9QZzB8Ob8qWGrY15RnSWns1vSiSW+PDymUekS c0ip5hpm3N6r0u3dS/faLGMLGlepJ9N2pzeyHLqYPDlJD0AOADGCVZBrAO9NGD41ydfNr Zn24700m0Y21nqUYMCpJ3G7ui5Bf9l1j+F1lL7Un4I4cVENjT/uHF8svdJQjoO+9wpbLt 677JCK361Us6pkRSh0IPimPRWq5P4xg+tZbJnhKafJWwcCiqEACaz9Kyh7tdl0DYfj+aI PVrzKkAFIh1I1zQ29kxm8eKu3XA9sB78rmU1xRGWUCdJEY6876qMD7L0RSSsF87s9Sn9L cIgnIKpDQJ1eBNihbmEQDQWBzQ79XtLkXldfejd8VdPANDepljnUDG3P0MXtDKNSPpZiS 2s++f6BsM2wCaCLJw7/6bjgQTTk2SOI+p3nzknhKMotqRoht/yoRmjD37TFNl6Q=
- Authentication-results: eu.smtp.expurgate.cloud; none
- Authentication-results: bugseng.com; arc=none smtp.remote-ip=162.55.131.47
- Cc: xen-devel@xxxxxxxxxxxxxxxxxxxx, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Teddy Astie <teddy.astie@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>
- Delivery-date: Thu, 14 May 2026 05:08:38 +0000
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 2026-05-13 13:46, Jan Beulich wrote:
Such nesting causes the inner instance to shadow the outer instance's
macro-local variables, thus violating Misra C:2012 rule 5.3 ("An
identifier declared in an inner scope shall not hide an identifier
declared in an outer scope"). Use an intermediate variable for the
inner invocation. No difference in generated code.
Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
---
Supposedly this case is deviated (rules.rst). Does that deviation not
work
quite right? Actually, am I mis-reading deviations.ecl or is the
respective setting only covering the combination of min() and max(),
but
not multiple use of the same macro? Furthermore, why would e.g.
min(max_t(), ...) need a deviation? Even more generally, aren't those
expressions too permissive?
Yeah, it does cover only mixing max(_t)?/min(_t)? because that was the
only pattern that emerged in the safety scope originally. the _t is not
there for mixing e.g. min(max_t(...), ...) but rather for
min_t(max_t(...), ...) and viceversa; could be split if you think it's
worth it. These expressions are a tad broad, because it's way more
complicated to express the condition: "ignore overlapping only beetween
identifiers defined in the expansion of max/min when used together".
Perhaps it could be done, but then if you are already implicitly using
shadowing in those instances maybe that's not as serious a concern?
In any case, the patch looks ok to me, so
Reviewed-by: Nicola Vetrini <nicola.vetrini@xxxxxxxxxxx>
--- a/xen/arch/x86/mm/shadow/common.c
+++ b/xen/arch/x86/mm/shadow/common.c
@@ -767,11 +767,12 @@ static unsigned int sh_min_allocation(co
* megabyte of RAM (for the p2m table, minimally enough for HVM's
setting
* up of slot zero and an LAPIC page), plus one for HVM's 1-to-1
pagetable.
*/
+ unsigned int extra = max(domain_tot_pages(d) / 256,
+ is_hvm_domain(d) ? CONFIG_PAGING_LEVELS +
2 : 0U) +
+ is_hvm_domain(d);
+
return shadow_min_acceptable_pages(d) +
- max(max(domain_tot_pages(d) / 256,
- is_hvm_domain(d) ? CONFIG_PAGING_LEVELS + 2 : 0U) +
- is_hvm_domain(d),
- d->arch.paging.p2m_pages);
+ max(extra, d->arch.paging.p2m_pages);
}
int shadow_set_allocation(struct domain *d, unsigned int pages, bool
*preempted)
--
Nicola Vetrini, B.Sc.
Software Engineer
BUGSENG (https://bugseng.com)
LinkedIn: https://www.linkedin.com/in/nicola-vetrini-a42471253
|
