On 11/03/2010 09:29 AM, Stefan Hajnoczi wrote:
Since commit 4bed9837309e58d208183f81d8344996744292cf an .fd_read()
handler that deletes its IOHandler is exposed to .fd_write() being
called on the deleted IOHandler.

This patch fixes deletion so that .fd_read() and .fd_write() are never
called on an IOHandler that is marked for deletion.

Signed-off-by: Stefan Hajnoczi<stefa...@linux.vnet.ibm.com>

Applied.  Thanks.

Regards,

Anthony Liguori
---
  vl.c |   15 ++++++++-------
  1 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/vl.c b/vl.c
index 7038952..6f56123 100644
--- a/vl.c
+++ b/vl.c
@@ -1252,17 +1252,18 @@ void main_loop_wait(int nonblocking)
          IOHandlerRecord *pioh;

          QLIST_FOREACH_SAFE(ioh,&io_handlers, next, pioh) {
-            if (ioh->deleted) {
-                QLIST_REMOVE(ioh, next);
-                qemu_free(ioh);
-                continue;
-            }
-            if (ioh->fd_read&&  FD_ISSET(ioh->fd,&rfds)) {
+            if (!ioh->deleted&&  ioh->fd_read&&  FD_ISSET(ioh->fd,&rfds)) {
                  ioh->fd_read(ioh->opaque);
              }
-            if (ioh->fd_write&&  FD_ISSET(ioh->fd,&wfds)) {
+            if (!ioh->deleted&&  ioh->fd_write&&  FD_ISSET(ioh->fd,&wfds)) {
                  ioh->fd_write(ioh->opaque);
              }
+
+            /* Do this last in case read/write handlers marked it for deletion 
*/
+            if (ioh->deleted) {
+                QLIST_REMOVE(ioh, next);
+                qemu_free(ioh);
+            }
          }
      }



Reply via email to