xen/domain: Added debug safety in the domain_create() failure path

Hitting the fail path with err = 0 causes callers to dereference a NULL
pointer, as 0 fails an IS_ERR() check.

All of the paths appear to be fine, but leave some logic to help catch stray
misuses.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>

diff --git a/xen/common/domain.c b/xen/common/domain.c
index 3cefe765a2f22b9076257ad97d067d43dc48de18..219a3e325e086d2aefaaac3e114797f76f89394e 100644 (file)
--- a/xen/common/domain.c
+++ b/xen/common/domain.c
@@ -399,6 +399,9 @@ struct domain *domain_create(domid_t domid, unsigned int domcr_flags,
     return d;
 
  fail:
+    ASSERT(err < 0);      /* Sanity check paths leading here. */
+    err = err ?: -EILSEQ; /* Release build safety. */
+
     d->is_dying = DOMDYING_dead;
     if ( hardware_domain == d )
         hardware_domain = old_hwdom;