aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authoraliguori <aliguori@c046a42c-6fe2-441c-8c8c-71466251a162>2009-01-13 15:13:53 +0000
committeraliguori <aliguori@c046a42c-6fe2-441c-8c8c-71466251a162>2009-01-13 15:13:53 +0000
commitf094a78220187996e33ba5adce29789326cf6c3c (patch)
treedbb627a96c847a251128c50473fe0d2f11acd059
parentf48c144e2481e94eba625fd637f5161d090535e5 (diff)
downloadqemu-f094a78220187996e33ba5adce29789326cf6c3c.zip
qemu-f094a78220187996e33ba5adce29789326cf6c3c.tar.gz
qemu-f094a78220187996e33ba5adce29789326cf6c3c.tar.bz2
Fix race in POSIX AIO emulation (Jan Kiszka)
When we cancel an AIO request that is already being processed by aio_thread, qemu_paio_cancel should return QEMU_PAIO_NOTCANCELED as long as aio_thread isn't done with this request. But as the latter currently updates aiocb->ret after every block of the request, we may report QEMU_PAIO_ALLDONE too early. Futhermore, in case some zero-length request should have been queued, aiocb->ret is never set to != -EINPROGRESS and callers like raw_aio_cancel could get stuck in an endless loop. Fix those issues by updating aiocb->ret _after_ the request has been fully processed. This also simplifies the locking. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6278 c046a42c-6fe2-441c-8c8c-71466251a162
-rw-r--r--posix-aio-compat.c9
1 files changed, 2 insertions, 7 deletions
diff --git a/posix-aio-compat.c b/posix-aio-compat.c
index 92ec234..c919e3b 100644
--- a/posix-aio-compat.c
+++ b/posix-aio-compat.c
@@ -81,21 +81,16 @@ static void *aio_thread(void *unused)
if (len == -1 && errno == EINTR)
continue;
else if (len == -1) {
- pthread_mutex_lock(&lock);
- aiocb->ret = -errno;
- pthread_mutex_unlock(&lock);
+ offset = -errno;
break;
} else if (len == 0)
break;
offset += len;
-
- pthread_mutex_lock(&lock);
- aiocb->ret = offset;
- pthread_mutex_unlock(&lock);
}
pthread_mutex_lock(&lock);
+ aiocb->ret = offset;
idle_threads++;
pthread_mutex_unlock(&lock);