summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStefan Hajnoczi <stefanha@linux.vnet.ibm.com>2010-11-03 14:29:44 +0000
committerAnthony Liguori <aliguori@us.ibm.com>2010-11-16 14:35:00 -0600
commit0290b57bdfec83ca78b6d119ea9847bb17943328 (patch)
tree86226f84596042c477b12be9e990af07eb4f9afa
parent2cc59d8cb0ebcfa9cf3476c0528e50478997ab0c (diff)
downloadqemu-0290b57bdfec83ca78b6d119ea9847bb17943328.zip
Delete IOHandlers after potentially running them
Since commit 4bed9837309e58d208183f81d8344996744292cf an .fd_read() handler that deletes its IOHandler is exposed to .fd_write() being called on the deleted IOHandler. This patch fixes deletion so that .fd_read() and .fd_write() are never called on an IOHandler that is marked for deletion. Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
-rw-r--r--vl.c15
1 files changed, 8 insertions, 7 deletions
diff --git a/vl.c b/vl.c
index c58583da48..9ee6479b7c 100644
--- a/vl.c
+++ b/vl.c
@@ -1249,17 +1249,18 @@ void main_loop_wait(int nonblocking)
IOHandlerRecord *pioh;
QLIST_FOREACH_SAFE(ioh, &io_handlers, next, pioh) {
- if (ioh->deleted) {
- QLIST_REMOVE(ioh, next);
- qemu_free(ioh);
- continue;
- }
- if (ioh->fd_read && FD_ISSET(ioh->fd, &rfds)) {
+ if (!ioh->deleted && ioh->fd_read && FD_ISSET(ioh->fd, &rfds)) {
ioh->fd_read(ioh->opaque);
}
- if (ioh->fd_write && FD_ISSET(ioh->fd, &wfds)) {
+ if (!ioh->deleted && ioh->fd_write && FD_ISSET(ioh->fd, &wfds)) {
ioh->fd_write(ioh->opaque);
}
+
+ /* Do this last in case read/write handlers marked it for deletion */
+ if (ioh->deleted) {
+ QLIST_REMOVE(ioh, next);
+ qemu_free(ioh);
+ }
}
}