From 3443a7027d78a9ccebc6940f0a69300ec7c1ed44 Mon Sep 17 00:00:00 2001 From: John Powell Date: Fri, 20 Mar 2020 14:21:05 -0500 Subject: Fix MISRA C issues in BL1/BL2/BL31 Attempts to address MISRA compliance issues in BL1, BL2, and BL31 code. Mainly issues like not using boolean expressions in conditionals, conflicting variable names, ignoring return values without (void), adding explicit casts, etc. Change-Id: If1fa18ab621b9c374db73fa6eaa6f6e5e55c146a Signed-off-by: John Powell --- include/lib/smccc.h | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) (limited to 'include/lib/smccc.h') diff --git a/include/lib/smccc.h b/include/lib/smccc.h index 5e13e6f0a..26509aeca 100644 --- a/include/lib/smccc.h +++ b/include/lib/smccc.h @@ -122,18 +122,18 @@ */ #define DEFINE_SVC_UUID2(_name, _tl, _tm, _th, _cl, _ch, \ _n0, _n1, _n2, _n3, _n4, _n5) \ - CASSERT((uint32_t)(_tl) != (uint32_t) SMC_UNK, invalid_svc_uuid);\ + CASSERT((uint32_t)(_tl) != (uint32_t)SMC_UNK, invalid_svc_uuid);\ static const uuid_t _name = { \ - {(_tl >> 24) & 0xFF, \ - (_tl >> 16) & 0xFF, \ - (_tl >> 8) & 0xFF, \ - (_tl & 0xFF)}, \ - {(_tm >> 8) & 0xFF, \ - (_tm & 0xFF)}, \ - {(_th >> 8) & 0xFF, \ - (_th & 0xFF)}, \ - _cl, _ch, \ - { _n0, _n1, _n2, _n3, _n4, _n5 } \ + {((_tl) >> 24) & 0xFF, \ + ((_tl) >> 16) & 0xFF, \ + ((_tl) >> 8) & 0xFF, \ + ((_tl) & 0xFF)}, \ + {((_tm) >> 8) & 0xFF, \ + ((_tm) & 0xFF)}, \ + {((_th) >> 8) & 0xFF, \ + ((_th) & 0xFF)}, \ + (_cl), (_ch), \ + { (_n0), (_n1), (_n2), (_n3), (_n4), (_n5) } \ } /* -- cgit v1.2.3 From d74c6b833616a9e3398352990af78098ea14cffa Mon Sep 17 00:00:00 2001 From: Jimmy Brisson Date: Wed, 5 Aug 2020 14:05:53 -0500 Subject: Prevent colliding identifiers There was a collision between the name of the typedef in the CASSERT and something else, so we make the name of the typedef unique to the invocation of DEFFINE_SVC_UUID2 by appending the name that's passed into the macro. This eliminates the following MISRA violation: bl1/bl1_main.c:233:[MISRA C-2012 Rule 5.6 (required)] Identifier "invalid_svc_uuid" is already used to represent a typedef. This also resolves MISRA rule 5.9. These renamings are as follows: * tzram -> secram. This matches the function call name as it has sec_mem in it's name * fw_config_base -> config_base. This file does not mess with hw_conig, so there's little chance of confusion Change-Id: I8734ba0956140c8e29b89d0596d10d61a6ef351e Signed-off-by: Jimmy Brisson --- include/lib/smccc.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'include/lib/smccc.h') diff --git a/include/lib/smccc.h b/include/lib/smccc.h index 26509aeca..366f0560b 100644 --- a/include/lib/smccc.h +++ b/include/lib/smccc.h @@ -122,7 +122,8 @@ */ #define DEFINE_SVC_UUID2(_name, _tl, _tm, _th, _cl, _ch, \ _n0, _n1, _n2, _n3, _n4, _n5) \ - CASSERT((uint32_t)(_tl) != (uint32_t)SMC_UNK, invalid_svc_uuid);\ + CASSERT((uint32_t)(_tl) != (uint32_t)SMC_UNK, \ + invalid_svc_uuid_##_name); \ static const uuid_t _name = { \ {((_tl) >> 24) & 0xFF, \ ((_tl) >> 16) & 0xFF, \ -- cgit v1.2.3 From d7b5f40823d449cc79e6440174390997cf11a9d9 Mon Sep 17 00:00:00 2001 From: Jimmy Brisson Date: Tue, 4 Aug 2020 16:18:52 -0500 Subject: Increase type widths to satisfy width requirements Usually, C has no problem up-converting types to larger bit sizes. MISRA rule 10.7 requires that you not do this, or be very explicit about this. This resolves the following required rule: bl1/aarch64/bl1_context_mgmt.c:81:[MISRA C-2012 Rule 10.7 (required)] The width of the composite expression "0U | ((mode & 3U) << 2U) | 1U | 0x3c0U" (32 bits) is less that the right hand operand "18446744073709547519ULL" (64 bits). This also resolves MISRA defects such as: bl2/aarch64/bl2arch_setup.c:18:[MISRA C-2012 Rule 12.2 (required)] In the expression "3U << 20", shifting more than 7 bits, the number of bits in the essential type of the left expression, "3U", is not allowed. Further, MISRA requires that all shifts don't overflow. The definition of PAGE_SIZE was (1U << 12), and 1U is 8 bits. This caused about 50 issues. This fixes the violation by changing the definition to 1UL << 12. Since this uses 32bits, it should not create any issues for aarch32. This patch also contains a fix for a build failure in the sun50i_a64 platform. Specifically, these misra fixes removed a single and instruction, 92407e73 and x19, x19, #0xffffffff from the cm_setup_context function caused a relocation in psci_cpus_on_start to require a linker-generated stub. This increased the size of the .text section and caused an alignment later on to go over a page boundary and round up to the end of RAM before placing the .data section. This sectionn is of non-zero size and therefore causes a link error. The fix included in this reorders the functions during link time without changing their ording with respect to alignment. Change-Id: I76b4b662c3d262296728a8b9aab7a33b02087f16 Signed-off-by: Jimmy Brisson --- include/lib/smccc.h | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'include/lib/smccc.h') diff --git a/include/lib/smccc.h b/include/lib/smccc.h index 366f0560b..470317dd0 100644 --- a/include/lib/smccc.h +++ b/include/lib/smccc.h @@ -78,8 +78,8 @@ #define SMC_64 U(1) #define SMC_32 U(0) -#define SMC_TYPE_FAST ULL(1) -#define SMC_TYPE_YIELD ULL(0) +#define SMC_TYPE_FAST UL(1) +#define SMC_TYPE_YIELD UL(0) #define SMC_OK ULL(0) #define SMC_UNK -1 @@ -112,7 +112,8 @@ /* The macro below is used to identify a valid Fast SMC call */ #define is_valid_fast_smc(_fid) ((!(((_fid) >> 16) & U(0xff))) && \ - (GET_SMC_TYPE(_fid) == SMC_TYPE_FAST)) + (GET_SMC_TYPE(_fid) \ + == (uint32_t)SMC_TYPE_FAST)) /* * Macro to define UUID for services. Apart from defining and initializing a -- cgit v1.2.3