From: Wei Liu <liuw@liuw.name>
To: Ian Campbell <Ian.Campbell@eu.citrix.com>
Cc: "xen-devel@lists.xensource.com" <xen-devel@lists.xensource.com>,
Stefano Stabellini <Stefano.Stabellini@eu.citrix.com>
Subject: Re: [PATCH] libxl: initialize domid to 0 in libxl__create_stubdom
Date: Thu, 09 Jun 2011 19:03:25 +0800 [thread overview]
Message-ID: <1307617405.31235.76.camel@limbo> (raw)
In-Reply-To: <1307615031.775.810.camel@zakaz.uk.xensource.com>
On Thu, 2011-06-09 at 11:23 +0100, Ian Campbell wrote:
> On Thu, 2011-06-09 at 09:31 +0100, Wei Liu wrote:
> > On Thu, 2011-06-09 at 08:55 +0100, Ian Campbell wrote:
> > > On Thu, 2011-06-09 at 06:03 +0100, Wei Liu wrote:
> > > > The uninitialized domid may cause libxl__domain_make to fail.
> > > >
> > > > In libxl__domain_make:
> > > > assert(!libxl_domid_valid_guest(*domid)).
> > > >
> > > > Signed-off-by: Wei Liu <liuw@liuw.name>
> > >
> > > That check seems pretty odd to me at first but the commit message of
> > > 22842:ccfa0527893e does a good job of explaining why so:
> > >
> > > Acked-by: Ian Campbell <ian.campbell@citrix.com>
> > >
> > > although it's not clear why libxl__domain_make doesn't just set an
> > > invalid value as it's first act and save the callers the effort, the net
> > > result would still be the correct semantics for libxl_domid_valid_guest
> > > when the function exits.
> > >
> >
> > I think the commit message of 22842:ccfa0527893e says pretty clear that
> > it is caller's responsibility to initialize domid to a invalid value.
>
> Only because that's how 22842 causes libxl__make_domain to be
> implemented, we are free to change it.
>
I'm not against changing it. But I won't do this until I completely
understand what it does and why it does.
My patch is based on similar use case in
libxc_create.c:do_domain_create, which initializes domid to 0 before
calling libxl__domain_make. That's safer (not likely to misunderstand
its usage and introduce new bug) and solve my problem.
> > However, libxl__make_domain sets domid=-1 a few lines after the check.
> > This confuses me.
>
> Yeah, me too, that line could just be hoisted up to the first thing the
> function does with no loss of safety AFAICT.
>
> Ian.
>
next prev parent reply other threads:[~2011-06-09 11:03 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-06-09 5:03 [PATCH] libxl: initialize domid to 0 in libxl__create_stubdom Wei Liu
2011-06-09 7:55 ` Ian Campbell
2011-06-09 8:31 ` Wei Liu
2011-06-09 10:23 ` Ian Campbell
2011-06-09 11:03 ` Wei Liu [this message]
2011-06-09 11:35 ` Ian Campbell
2011-06-09 14:41 ` Stefano Stabellini
2011-06-09 14:43 ` Ian Campbell
2011-06-17 17:46 ` Ian Jackson
2011-06-20 19:06 ` Stefano Stabellini
2011-06-21 3:29 ` ZhouPeng
2011-06-21 7:31 ` ZhouPeng
2011-06-21 12:28 ` Ian Jackson
2011-06-21 13:31 ` ZhouPeng
2011-06-21 12:25 ` Ian Jackson
2011-06-21 14:05 ` Stefano Stabellini
2011-06-21 14:25 ` Ian Jackson
2011-06-22 17:59 ` Stefano Stabellini
2011-06-24 14:37 ` Ian Jackson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1307617405.31235.76.camel@limbo \
--to=liuw@liuw.name \
--cc=Ian.Campbell@eu.citrix.com \
--cc=Stefano.Stabellini@eu.citrix.com \
--cc=xen-devel@lists.xensource.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).