[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v5 6/8] libxl: introduce libxl__alloc_vdev

To: Stefano Stabellini <stefano.stabellini@xxxxxxxxxxxxx>
From: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>
Date: Mon, 14 May 2012 15:22:56 +0100
Cc: "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>, Ian Campbell <Ian.Campbell@xxxxxxxxxx>
Delivery-date: Mon, 14 May 2012 14:23:09 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

Stefano Stabellini writes ("Re: [PATCH v5 6/8] libxl: introduce 
libxl__alloc_vdev"):
> On Fri, 4 May 2012, Ian Jackson wrote:
> > All you need to do is actually pay attention to its error return.
> 
> OK
> 
> > > +    return NULL;
> > 
> > All the NULL error exits should log an error surely.
> 
> The error log is in the next patch. Should I add a second log here?
> Or maybe I should move the error log from the caller to the callee?

Well, my view is that a function should either always log if it
returns ERROR_FAIL (or NULL if that's its calling pattern), or never
do so.  And if it logs this should be in a doc comment.

I inferred that the function was supposed to log by the fact that the
other error paths logged (that is, I didn't read the doc comment or
the rest of the code).

I don't mind where the logging is done (although normally it's best to
do it closer to the source of the error) but I do want to make sure
that we don't have cases where there is an exit path which simply
fails without explaining why.

> > > +/* same as in Linux */
> > > +static char *encode_disk_name(char *ptr, unsigned int n)
> > > +{
> > > +    if (n >= 26)
> > > +        ptr = encode_disk_name(ptr, n / 26 - 1);
> > > +    *ptr = 'a' + n % 26;
> > > +    return ptr + 1;
> > > +}
> > 
> > This still makes it difficult to see that the buffer cannot be
> > overrun.  I mentioned this in response to a previous posting of this
> > code and IIRC you were going to do something about it, if only a
> > comment explaining what the maximum buffer length is and why it's
> > safe.
> 
> I am keen on keeping the code as is, because it is the same that is in
> Linux (see comment above).

I read the comment as "this implements the same transformation as the
Linux kernel" not "this is the same code as actually used in the Linux
kernel".  If you mean the latter, do say so.

Also, in that case why is the recursive function name, formatting,
etc. not the same as in Linux (as far as they can be) ?  Surely if
Linux changes this we will want to change our code too and that will
be easiest if we can c&p without needing to reformat, rename, etc.

> I'll add a comment.

OK.  The comments, taken together, should constitute proofs that the
code does not overrun any buffers.

Thanks,
Ian.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH v5 6/8] libxl: introduce libxl__alloc_vdev
  - From: Stefano Stabellini

References:
- [Xen-devel] [PATCH v5 0/8] qdisk local attach
  - From: Stefano Stabellini
- [Xen-devel] [PATCH v5 6/8] libxl: introduce libxl__alloc_vdev
  - From: Stefano Stabellini
- Re: [Xen-devel] [PATCH v5 6/8] libxl: introduce libxl__alloc_vdev
  - From: Ian Jackson
- Re: [Xen-devel] [PATCH v5 6/8] libxl: introduce libxl__alloc_vdev
  - From: Stefano Stabellini

Prev by Date: Re: [Xen-devel] [PATCH v4 3/4] libxl: call hotplug scripts from libxl for vbd
Next by Date: Re: [Xen-devel] [PATCH v5 7/8] xl/libxl: implement QDISK libxl_device_disk_local_attach
Previous by thread: Re: [Xen-devel] [PATCH v5 6/8] libxl: introduce libxl__alloc_vdev
Next by thread: Re: [Xen-devel] [PATCH v5 6/8] libxl: introduce libxl__alloc_vdev
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.