On Wed, May 10, 2017 at 11:12:38AM +0100, Roger Pau Monne wrote: > Current code can free the libxl__device inside of the libxl__ddomain_device > before the addition has finished if a removal happens while an addition is > still in process: > > backend_watch_callback > | > v > add_device > | backend_watch_callback > (async operation) | > | v > | remove_device > | | > | V > | device_complete > | (free libxl__device) > v > device_complete > (deref libxl__device) > > Fix this by creating a temporary copy of the libxl__device, that's tracked by > the GC of the nested async operation. This ensures that the libxl__device used > by the async operations cannot be freed while being used. > > Signed-off-by: Roger Pau Monné <roger....@citrix.com> > Reported-by: Ian Jackson <ian.jack...@eu.citrix.com>
Reviewed-by: Wei Liu <wei.l...@citrix.com> _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel
