diff options
author | Alexander Graf <alex@csgraf.de> | 2009-05-06 02:58:48 +0200 |
---|---|---|
committer | Anthony Liguori <aliguori@us.ibm.com> | 2009-05-08 15:24:10 -0500 |
commit | 79d5ca5617cfc9be13a4f314ed800fca1267d903 (patch) | |
tree | ed554981d814ff9e0b5bc9ae9628f1833c6d24df /aio.c | |
parent | d6ecb03610dba922cbfde42acb41603e2c658047 (diff) | |
download | qemu-79d5ca5617cfc9be13a4f314ed800fca1267d903.zip qemu-79d5ca5617cfc9be13a4f314ed800fca1267d903.tar.gz qemu-79d5ca5617cfc9be13a4f314ed800fca1267d903.tar.bz2 |
AIO deletion race fix
When deleting an fd event there is a chance the object doesn't get
deleted, but only ->deleted set positive and deleted somewhere later.
Now, if we create a handler for the fd again before the actual
deletion occurs, we end up writing data into an object that has
->deleted set, which is obviously wrong.
I see two ways to fix this:
1. Don't return ->deleted objects in the search
2. Unset ->deleted in the search
This patch implements 1. which feels safer to do. It fixes AIO issues
I've seen with curl, as libcurl unsets fd event listeners pretty
frequently.
Signed-off-by: Alexander Graf <alex@csgraf.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Diffstat (limited to 'aio.c')
-rw-r--r-- | aio.c | 3 |
1 files changed, 2 insertions, 1 deletions
@@ -44,7 +44,8 @@ static AioHandler *find_aio_handler(int fd) LIST_FOREACH(node, &aio_handlers, node) { if (node->fd == fd) - return node; + if (!node->deleted) + return node; } return NULL; |