From: George Dunlap <george.dunlap@eu.citrix.com>
To: Andrew Cooper <andrew.cooper3@citrix.com>,
Xen-devel <xen-devel@lists.xen.org>
Cc: Ian Jackson <Ian.Jackson@eu.citrix.com>,
Ian Campbell <Ian.Campbell@citrix.com>
Subject: Re: [PATCH v2] tools/libxc: Prevent erroneous success from xc_domain_restore
Date: Wed, 5 Feb 2014 14:55:35 +0000 [thread overview]
Message-ID: <52F250E7.1090008@eu.citrix.com> (raw)
In-Reply-To: <1391536870-22809-1-git-send-email-andrew.cooper3@citrix.com>
On 02/04/2014 06:01 PM, Andrew Cooper wrote:
> The variable 'rc' is set to 1 at the top of xc_domain_restore, and for the
> most part is left alone until success, at which point it is set to 0.
>
> There is a separate 'frc' which for the most part is used to check function
> calls, keeping errors separate from 'rc'.
>
> For a toolstack which sets callbacks->toolstack_restore(), and the function
> returns 0, any subsequent error will end up with code flow going to "out;",
> resulting in the migration being declared a success.
>
> For consistency, update the callsites of xc_dom_gnttab{,_hvm}_seed() to use
> 'frc', even though their use of 'rc' is currently safe.
>
> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
> CC: Ian Campbell <Ian.Campbell@citrix.com>
> CC: Ian Jackson <Ian.Jackson@eu.citrix.com>
> CC: George Dunlap <george.dunlap@eu.citrix.com>
>
> ---
>
> Changes in v2:
> * Dont drop rc = -1 from toolstack_restore().
>
> Regarding 4.4: If the two "for consistency" changes to
> xc_dom_gnttab{,_hvm}_seed() are considered too risky, they can be dropped
> without affecting the bugfix nature of the patch, but I would argue that
> leaving some examples of "rc = function_call()" leaves a bad precident which
> is likely to lead to similar bugs in the future.
Yes, these are all pretty clear bug fixes.
Release-acked-by: George Dunlap <george.dunlap@eu.citrix.com>
next prev parent reply other threads:[~2014-02-05 14:55 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-01-27 16:25 [Xen-devel Patch 0/2] Prevent xc_domain_restore() returning success despite errors Andrew Cooper
2014-01-27 16:25 ` [Patch 1/2] tools/libxc: goto correct label on error paths Andrew Cooper
2014-01-28 11:41 ` George Dunlap
2014-02-04 15:55 ` Ian Campbell
2014-01-27 16:25 ` [Patch 2/2] tools/libxc: Prevent erroneous success from xc_domain_restore Andrew Cooper
2014-02-04 17:16 ` Andrew Cooper
2014-02-04 17:22 ` Ian Campbell
2014-02-04 17:26 ` Andrew Cooper
2014-02-04 17:43 ` Ian Campbell
2014-02-04 18:01 ` [PATCH v2] " Andrew Cooper
2014-02-05 9:21 ` Ian Campbell
2014-02-05 14:55 ` George Dunlap [this message]
2014-02-06 12:37 ` Ian Campbell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=52F250E7.1090008@eu.citrix.com \
--to=george.dunlap@eu.citrix.com \
--cc=Ian.Campbell@citrix.com \
--cc=Ian.Jackson@eu.citrix.com \
--cc=andrew.cooper3@citrix.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.