On Wed, Sep 21, 2016 at 2:56 PM, Jan Beulich <jbeul...@suse.com> wrote:
> Again this looks like much clutter with little benefit to me, i.e. I'd
> then rather go with the unmodified original proposal. That's largely
> because nothing really enforces anyone to use the (disconnected)
> xen_dmop_foo_entry type. I.e. it continues to be a matter of the
> programmer's and the reviewers' attention/discipline.
But is "Must use hypercall dmop, subop foo with struct dmop_foo" any
different than "Must use hypercall bar with struct bar"?
In theory there could be a mismatch between the struct libxc expected
to use for a whole hypercall with the struct Xen expected to find for
an entire hypercall. But in practice that never happens because we set
up the call with the appropriate struct once and then never change it.
(That is, we may change the struct elements, but not the name.) This
seems to me like a fairly similar case.
Note that I'm not arguing for the extra "clutter" per se, I just think
that it will be pretty effective in mitigating the type safety issue.
Xen-devel mailing list