libxl: prepare environment for domcreate_stream_done

The function domcreate_bootloader_done may branch early to
domcreate_stream_done, in case some error occoured. Here srs->dcs will be
NULL, which leads to a crash.

It is unclear what the purpose of that backpointer is. Perhaps it can be
removed, and domcreate_stream_done could use CONTAINER_OF.

Signed-off-by: Olaf Hering <olaf@aepfle.de>
Acked-by: Wei Liu <wei.liu2@citrix.com>
[ wei: fold in comment required by Ian ]
Signed-off-by: Wei Liu <wei.liu2@citrix.com>

diff --git a/tools/libxl/libxl_create.c b/tools/libxl/libxl_create.c
index a4e74a5cd2bbdc770a46f6675b6d03f662c46d9e..89fe80fc9c60ecbfef8d629bfffa388e0c2c80c2 100644 (file)
--- a/tools/libxl/libxl_create.c
+++ b/tools/libxl/libxl_create.c
@@ -1093,6 +1093,9 @@ static void domcreate_bootloader_done(libxl__egc *egc,
         return;
     }
 
+    /* Prepare environment for domcreate_stream_done */
+    dcs->srs.dcs = dcs;
+
     /* Restore */
     callbacks->restore_results = libxl__srm_callout_callback_restore_results;
 
@@ -1116,7 +1119,6 @@ static void domcreate_bootloader_done(libxl__egc *egc,
         goto out;
 
     dcs->srs.ao = ao;
-    dcs->srs.dcs = dcs;
     dcs->srs.fd = restore_fd;
     dcs->srs.legacy = (dcs->restore_params.stream_version == 1);
     dcs->srs.back_channel = false;
@@ -1181,6 +1183,8 @@ static void domcreate_stream_done(libxl__egc *egc,
                                   libxl__stream_read_state *srs,
                                   int ret)
 {
+    /* NB perhaps only srs->dcs is valid; eg in the case of an
+     * early branch to domcreate_bootloader_done's `out' block */
     libxl__domain_create_state *dcs = srs->dcs;
     STATE_AO_GC(dcs->ao);
     libxl_ctx *ctx = libxl__gc_owner(gc);