On 11/03/2010 09:29 AM, Stefan Hajnoczi wrote:
Since commit 4bed9837309e58d208183f81d8344996744292cf an .fd_read()
handler that deletes its IOHandler is exposed to .fd_write() being
called on the deleted IOHandler.
This patch fixes deletion so that .fd_read() and .fd_write() are never
called on an IOHandler that is marked for deletion.
Signed-off-by: Stefan Hajnoczi<stefa...@linux.vnet.ibm.com>
Applied. Thanks.
Regards,
Anthony Liguori
---
vl.c | 15 ++++++++-------
1 files changed, 8 insertions(+), 7 deletions(-)
diff --git a/vl.c b/vl.c
index 7038952..6f56123 100644
--- a/vl.c
+++ b/vl.c
@@ -1252,17 +1252,18 @@ void main_loop_wait(int nonblocking)
IOHandlerRecord *pioh;
QLIST_FOREACH_SAFE(ioh,&io_handlers, next, pioh) {
- if (ioh->deleted) {
- QLIST_REMOVE(ioh, next);
- qemu_free(ioh);
- continue;
- }
- if (ioh->fd_read&& FD_ISSET(ioh->fd,&rfds)) {
+ if (!ioh->deleted&& ioh->fd_read&& FD_ISSET(ioh->fd,&rfds)) {
ioh->fd_read(ioh->opaque);
}
- if (ioh->fd_write&& FD_ISSET(ioh->fd,&wfds)) {
+ if (!ioh->deleted&& ioh->fd_write&& FD_ISSET(ioh->fd,&wfds)) {
ioh->fd_write(ioh->opaque);
}
+
+ /* Do this last in case read/write handlers marked it for deletion
*/
+ if (ioh->deleted) {
+ QLIST_REMOVE(ioh, next);
+ qemu_free(ioh);
+ }
}
}