diff options
author | aliguori <aliguori@c046a42c-6fe2-441c-8c8c-71466251a162> | 2009-01-13 15:13:53 +0000 |
---|---|---|
committer | aliguori <aliguori@c046a42c-6fe2-441c-8c8c-71466251a162> | 2009-01-13 15:13:53 +0000 |
commit | f094a78220187996e33ba5adce29789326cf6c3c (patch) | |
tree | dbb627a96c847a251128c50473fe0d2f11acd059 | |
parent | f48c144e2481e94eba625fd637f5161d090535e5 (diff) | |
download | qemu-f094a78220187996e33ba5adce29789326cf6c3c.zip qemu-f094a78220187996e33ba5adce29789326cf6c3c.tar.gz qemu-f094a78220187996e33ba5adce29789326cf6c3c.tar.bz2 |
Fix race in POSIX AIO emulation (Jan Kiszka)
When we cancel an AIO request that is already being processed by
aio_thread, qemu_paio_cancel should return QEMU_PAIO_NOTCANCELED as long
as aio_thread isn't done with this request. But as the latter currently
updates aiocb->ret after every block of the request, we may report
QEMU_PAIO_ALLDONE too early.
Futhermore, in case some zero-length request should have been queued,
aiocb->ret is never set to != -EINPROGRESS and callers like
raw_aio_cancel could get stuck in an endless loop.
Fix those issues by updating aiocb->ret _after_ the request has been
fully processed. This also simplifies the locking.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6278 c046a42c-6fe2-441c-8c8c-71466251a162
-rw-r--r-- | posix-aio-compat.c | 9 |
1 files changed, 2 insertions, 7 deletions
diff --git a/posix-aio-compat.c b/posix-aio-compat.c index 92ec234..c919e3b 100644 --- a/posix-aio-compat.c +++ b/posix-aio-compat.c @@ -81,21 +81,16 @@ static void *aio_thread(void *unused) if (len == -1 && errno == EINTR) continue; else if (len == -1) { - pthread_mutex_lock(&lock); - aiocb->ret = -errno; - pthread_mutex_unlock(&lock); + offset = -errno; break; } else if (len == 0) break; offset += len; - - pthread_mutex_lock(&lock); - aiocb->ret = offset; - pthread_mutex_unlock(&lock); } pthread_mutex_lock(&lock); + aiocb->ret = offset; idle_threads++; pthread_mutex_unlock(&lock); |