From: Wei Liu <liuw@liuw.name>
To: Ian Campbell <Ian.Campbell@eu.citrix.com>
Cc: "xen-devel@lists.xensource.com" <xen-devel@lists.xensource.com>,
Stefano Stabellini <Stefano.Stabellini@eu.citrix.com>
Subject: Re: [PATCH] libxl: initialize domid to 0 in libxl__create_stubdom
Date: Thu, 09 Jun 2011 19:03:25 +0800 [thread overview]
Message-ID: <1307617405.31235.76.camel@limbo> (raw)
In-Reply-To: <1307615031.775.810.camel@zakaz.uk.xensource.com>
On Thu, 2011-06-09 at 11:23 +0100, Ian Campbell wrote:
> On Thu, 2011-06-09 at 09:31 +0100, Wei Liu wrote:
> > On Thu, 2011-06-09 at 08:55 +0100, Ian Campbell wrote:
> > > On Thu, 2011-06-09 at 06:03 +0100, Wei Liu wrote:
> > > > The uninitialized domid may cause libxl__domain_make to fail.
> > > >
> > > > In libxl__domain_make:
> > > > assert(!libxl_domid_valid_guest(*domid)).
> > > >
> > > > Signed-off-by: Wei Liu <liuw@liuw.name>
> > >
> > > That check seems pretty odd to me at first but the commit message of
> > > 22842:ccfa0527893e does a good job of explaining why so:
> > >
> > > Acked-by: Ian Campbell <ian.campbell@citrix.com>
> > >
> > > although it's not clear why libxl__domain_make doesn't just set an
> > > invalid value as it's first act and save the callers the effort, the net
> > > result would still be the correct semantics for libxl_domid_valid_guest
> > > when the function exits.
> > >
> >
> > I think the commit message of 22842:ccfa0527893e says pretty clear that
> > it is caller's responsibility to initialize domid to a invalid value.
>
> Only because that's how 22842 causes libxl__make_domain to be
> implemented, we are free to change it.
>
I'm not against changing it. But I won't do this until I completely
understand what it does and why it does.
My patch is based on similar use case in
libxc_create.c:do_domain_create, which initializes domid to 0 before
calling libxl__domain_make. That's safer (not likely to misunderstand
its usage and introduce new bug) and solve my problem.
> > However, libxl__make_domain sets domid=-1 a few lines after the check.
> > This confuses me.
>
> Yeah, me too, that line could just be hoisted up to the first thing the
> function does with no loss of safety AFAICT.
>
> Ian.
>
next prev parent reply other threads:[~2011-06-09 11:03 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-06-09 5:03 [PATCH] libxl: initialize domid to 0 in libxl__create_stubdom Wei Liu
2011-06-09 7:55 ` Ian Campbell
2011-06-09 8:31 ` Wei Liu
2011-06-09 10:23 ` Ian Campbell
2011-06-09 11:03 ` Wei Liu [this message]
2011-06-09 11:35 ` Ian Campbell
2011-06-09 14:41 ` Stefano Stabellini
2011-06-09 14:43 ` Ian Campbell
2011-06-17 17:46 ` Ian Jackson
2011-06-20 19:06 ` Stefano Stabellini
2011-06-21 3:29 ` ZhouPeng
2011-06-21 7:31 ` ZhouPeng
2011-06-21 12:28 ` Ian Jackson
2011-06-21 13:31 ` ZhouPeng
2011-06-21 12:25 ` Ian Jackson
2011-06-21 14:05 ` Stefano Stabellini
2011-06-21 14:25 ` Ian Jackson
2011-06-22 17:59 ` Stefano Stabellini
2011-06-24 14:37 ` Ian Jackson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1307617405.31235.76.camel@limbo \
--to=liuw@liuw.name \
--cc=Ian.Campbell@eu.citrix.com \
--cc=Stefano.Stabellini@eu.citrix.com \
--cc=xen-devel@lists.xensource.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.