Stefan Hajnoczi <stefa...@linux.vnet.ibm.com> wrote:
> Since commit 4bed9837309e58d208183f81d8344996744292cf an .fd_read()
> handler that deletes its IOHandler is exposed to .fd_write() being
> called on the deleted IOHandler.
>
> This patch fixes deletion so that .fd_read() and .fd_write() are never
> called on an IOHandler that is marked for deletion.
Reviewed by: Juan Quintela <quint...@redhat.com>
But once here, what (appart from networking) reads and writes to the
same fd? And that removes the IOHandler on read while there are write
stuff pending?
Later, Juan.
> Signed-off-by: Stefan Hajnoczi <stefa...@linux.vnet.ibm.com>
> ---
> vl.c | 15 ++++++++-------
> 1 files changed, 8 insertions(+), 7 deletions(-)
>
> diff --git a/vl.c b/vl.c
> index 7038952..6f56123 100644
> --- a/vl.c
> +++ b/vl.c
> @@ -1252,17 +1252,18 @@ void main_loop_wait(int nonblocking)
> IOHandlerRecord *pioh;
>
> QLIST_FOREACH_SAFE(ioh, &io_handlers, next, pioh) {
> - if (ioh->deleted) {
> - QLIST_REMOVE(ioh, next);
> - qemu_free(ioh);
> - continue;
> - }
> - if (ioh->fd_read && FD_ISSET(ioh->fd, &rfds)) {
> + if (!ioh->deleted && ioh->fd_read && FD_ISSET(ioh->fd, &rfds)) {
> ioh->fd_read(ioh->opaque);
> }
> - if (ioh->fd_write && FD_ISSET(ioh->fd, &wfds)) {
> + if (!ioh->deleted && ioh->fd_write && FD_ISSET(ioh->fd, &wfds)) {
> ioh->fd_write(ioh->opaque);
> }
> +
> + /* Do this last in case read/write handlers marked it for
> deletion */
> + if (ioh->deleted) {
> + QLIST_REMOVE(ioh, next);
> + qemu_free(ioh);
> + }
> }
> }
