On 21/04/17 16:45, Jan Beulich wrote: >>>> On 21.04.17 at 16:05, <jennifer.herb...@citrix.com> wrote: >> +#define COPY_FROM_GUEST_BUF(dst, args, buf_idx) \ >> + _raw_copy_from_guest_buf(&dst, args, buf_idx, sizeof(dst)) >> + >> +#define COPY_TO_GUEST_BUF(args, buf_idx, src) \ >> + _raw_copy_to_guest_buf(args, buf_idx, &src, sizeof(src)) > Why all caps all of the sudden?
This is the start of some code improvements, given the fallout from XSA-212. This macro is not a C function and doesn't behave like one (specifically, capturing src by name rather than value). Therefore, it gets ALL_CAPS() (which is actually traditional for any macro in C) to make it more obvious to people reading the code that it *is not* a C function and doesn't behave like one. It is getting embarrassing how many security vulnerability we are seeing because macros look like they are doing one thing, yet actually do something else, and improving the quality of the code is the only way this is going to get better. Therefore, I am going to insist that they stay like this. ~Andrew _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel
