From: Nicola Vetrini <nicola.vetrini@bugseng.com>
Date: Mon, 18 Dec 2023 10:17:27 +0000 (+0100)
Subject: xen/shutdown: address MISRA C:2012 Rule 2.1
X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=bfd52e979d14ae42a8c3c9bf8c0f2fdd5ea154db;p=people%2Fandrewcoop%2Fxen.git

xen/shutdown: address MISRA C:2012 Rule 2.1

Given that 'hwdom_shutdown' is a noreturn function, unreachable
breaks can be eliminated to resolve violations of Rule 2.1.

The rename s/maybe_reboot/reboot_or_halt/ is done to clarify
that the function is noreturn.

No functional change.

Signed-off-by: Nicola Vetrini <nicola.vetrini@bugseng.com>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
---

diff --git a/automation/eclair_analysis/ECLAIR/deviations.ecl b/automation/eclair_analysis/ECLAIR/deviations.ecl
index 683f2bbfe8..85741a2c01 100644
--- a/automation/eclair_analysis/ECLAIR/deviations.ecl
+++ b/automation/eclair_analysis/ECLAIR/deviations.ecl
@@ -16,7 +16,7 @@ Constant expressions and unreachable branches of if and switch statements are ex
 
 -doc_begin="Unreachability caused by calls to the following functions or macros is deliberate and there is no risk of code being unexpectedly left out."
 -config=MC3R1.R2.1,statements+={deliberate,"macro(name(BUG||assert_failed))"}
--config=MC3R1.R2.1,statements+={deliberate, "call(decl(name(__builtin_unreachable||panic||do_unexpected_trap||machine_halt||machine_restart||maybe_reboot)))"}
+-config=MC3R1.R2.1,statements+={deliberate, "call(decl(name(__builtin_unreachable||panic||do_unexpected_trap||machine_halt||machine_restart||reboot_or_halt)))"}
 -doc_end
 
 -doc_begin="Unreachability inside an ASSERT_UNREACHABLE() and analogous macro calls is deliberate and safe."
diff --git a/xen/common/shutdown.c b/xen/common/shutdown.c
index 37901a4f33..dfd5e41097 100644
--- a/xen/common/shutdown.c
+++ b/xen/common/shutdown.c
@@ -15,7 +15,7 @@
 bool __read_mostly opt_noreboot;
 boolean_param("noreboot", opt_noreboot);
 
-static void noreturn maybe_reboot(void)
+static void noreturn reboot_or_halt(void)
 {
     if ( opt_noreboot )
     {
@@ -38,39 +38,32 @@ void hwdom_shutdown(u8 reason)
         printk("Hardware Dom%u halted: halting machine\n",
                hardware_domain->domain_id);
         machine_halt();
-        break; /* not reached */
 
     case SHUTDOWN_crash:
         debugger_trap_immediate();
         printk("Hardware Dom%u crashed: ", hardware_domain->domain_id);
         kexec_crash(CRASHREASON_HWDOM);
-        maybe_reboot();
-        break; /* not reached */
+        reboot_or_halt();
 
     case SHUTDOWN_reboot:
         printk("Hardware Dom%u shutdown: rebooting machine\n",
                hardware_domain->domain_id);
         machine_restart(0);
-        break; /* not reached */
 
     case SHUTDOWN_watchdog:
         printk("Hardware Dom%u shutdown: watchdog rebooting machine\n",
                hardware_domain->domain_id);
         kexec_crash(CRASHREASON_WATCHDOG);
         machine_restart(0);
-        break; /* not reached */
 
     case SHUTDOWN_soft_reset:
         printk("Hardware domain %d did unsupported soft reset, rebooting.\n",
                hardware_domain->domain_id);
         machine_restart(0);
-        break; /* not reached */
 
     default:
         printk("Hardware Dom%u shutdown (unknown reason %u): ",
                hardware_domain->domain_id, reason);
-        maybe_reboot();
-        break; /* not reached */
+        reboot_or_halt();
     }
-}  
-
+}