From: Olaf Hering Date: Fri, 8 Mar 2019 12:24:15 +0000 (+0100) Subject: libxl: prepare environment for domcreate_stream_done X-Git-Tag: archive/raspbian/4.14.0+80-gd101b417b7-1+rpi1^2~63^2~2504 X-Git-Url: https://dgit.raspbian.org/%22http://www.example.com/cgi/%22/%22http:/www.example.com/cgi/%22?a=commitdiff_plain;h=9d840969ed92182707e0871a1fda185323fcdeaa;p=xen.git libxl: prepare environment for domcreate_stream_done The function domcreate_bootloader_done may branch early to domcreate_stream_done, in case some error occoured. Here srs->dcs will be NULL, which leads to a crash. It is unclear what the purpose of that backpointer is. Perhaps it can be removed, and domcreate_stream_done could use CONTAINER_OF. Signed-off-by: Olaf Hering Acked-by: Wei Liu [ wei: fold in comment required by Ian ] Signed-off-by: Wei Liu --- diff --git a/tools/libxl/libxl_create.c b/tools/libxl/libxl_create.c index a4e74a5cd2..89fe80fc9c 100644 --- a/tools/libxl/libxl_create.c +++ b/tools/libxl/libxl_create.c @@ -1093,6 +1093,9 @@ static void domcreate_bootloader_done(libxl__egc *egc, return; } + /* Prepare environment for domcreate_stream_done */ + dcs->srs.dcs = dcs; + /* Restore */ callbacks->restore_results = libxl__srm_callout_callback_restore_results; @@ -1116,7 +1119,6 @@ static void domcreate_bootloader_done(libxl__egc *egc, goto out; dcs->srs.ao = ao; - dcs->srs.dcs = dcs; dcs->srs.fd = restore_fd; dcs->srs.legacy = (dcs->restore_params.stream_version == 1); dcs->srs.back_channel = false; @@ -1181,6 +1183,8 @@ static void domcreate_stream_done(libxl__egc *egc, libxl__stream_read_state *srs, int ret) { + /* NB perhaps only srs->dcs is valid; eg in the case of an + * early branch to domcreate_bootloader_done's `out' block */ libxl__domain_create_state *dcs = srs->dcs; STATE_AO_GC(dcs->ao); libxl_ctx *ctx = libxl__gc_owner(gc);