aboutsummaryrefslogtreecommitdiff
path: root/aio.c
diff options
context:
space:
mode:
authorAlexander Graf <alex@csgraf.de>2009-05-06 02:58:48 +0200
committerAnthony Liguori <aliguori@us.ibm.com>2009-05-08 15:24:10 -0500
commit79d5ca5617cfc9be13a4f314ed800fca1267d903 (patch)
treeed554981d814ff9e0b5bc9ae9628f1833c6d24df /aio.c
parentd6ecb03610dba922cbfde42acb41603e2c658047 (diff)
downloadqemu-79d5ca5617cfc9be13a4f314ed800fca1267d903.zip
qemu-79d5ca5617cfc9be13a4f314ed800fca1267d903.tar.gz
qemu-79d5ca5617cfc9be13a4f314ed800fca1267d903.tar.bz2
AIO deletion race fix
When deleting an fd event there is a chance the object doesn't get deleted, but only ->deleted set positive and deleted somewhere later. Now, if we create a handler for the fd again before the actual deletion occurs, we end up writing data into an object that has ->deleted set, which is obviously wrong. I see two ways to fix this: 1. Don't return ->deleted objects in the search 2. Unset ->deleted in the search This patch implements 1. which feels safer to do. It fixes AIO issues I've seen with curl, as libcurl unsets fd event listeners pretty frequently. Signed-off-by: Alexander Graf <alex@csgraf.de> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Diffstat (limited to 'aio.c')
-rw-r--r--aio.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/aio.c b/aio.c
index 200320c..11fbb6c 100644
--- a/aio.c
+++ b/aio.c
@@ -44,7 +44,8 @@ static AioHandler *find_aio_handler(int fd)
LIST_FOREACH(node, &aio_handlers, node) {
if (node->fd == fd)
- return node;
+ if (!node->deleted)
+ return node;
}
return NULL;