On Fri, Jul 2, 2010 at 9:50 AM, Paolo Bonzini <pbonz...@redhat.com> wrote: > On 07/01/2010 09:42 PM, Blue Swirl wrote: >> >> I still maintain that 'env' may not be unpoisoned until the name is >> less likely to invite accidents. > > The *global* env is still unavailable (i.e. no difference WRT poisoning), by > virtue of being defined in exec.h which is not available unless -DNEED_CPU_H > is defined. > > So: > > | before | after > ------------+---------------------------------+-------------------------- > NEED_CPU_H | env not poisoned, global env | same > | available iff exec.h included | > ------------+---------------------------------+-------------------------- > !NEED_CPU_H | env poisoned; CPUState | env not poisoned; > | not available, so exec.h cannot | exec.h requires cpu.h > | be included | so it cannot be included
But why would it be necessary to unpoison 'env' for the lower right case? Poisoning protects against accidents (in addition to exec.h thing) and there are no downsides.
