diff options
author | Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> | 2010-11-03 14:29:44 +0000 |
---|---|---|
committer | Anthony Liguori <aliguori@us.ibm.com> | 2010-11-16 14:35:00 -0600 |
commit | 0290b57bdfec83ca78b6d119ea9847bb17943328 (patch) | |
tree | 86226f84596042c477b12be9e990af07eb4f9afa | |
parent | 2cc59d8cb0ebcfa9cf3476c0528e50478997ab0c (diff) | |
download | qemu-0290b57bdfec83ca78b6d119ea9847bb17943328.zip |
Delete IOHandlers after potentially running them
Since commit 4bed9837309e58d208183f81d8344996744292cf an .fd_read()
handler that deletes its IOHandler is exposed to .fd_write() being
called on the deleted IOHandler.
This patch fixes deletion so that .fd_read() and .fd_write() are never
called on an IOHandler that is marked for deletion.
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
-rw-r--r-- | vl.c | 15 |
1 files changed, 8 insertions, 7 deletions
@@ -1249,17 +1249,18 @@ void main_loop_wait(int nonblocking) IOHandlerRecord *pioh; QLIST_FOREACH_SAFE(ioh, &io_handlers, next, pioh) { - if (ioh->deleted) { - QLIST_REMOVE(ioh, next); - qemu_free(ioh); - continue; - } - if (ioh->fd_read && FD_ISSET(ioh->fd, &rfds)) { + if (!ioh->deleted && ioh->fd_read && FD_ISSET(ioh->fd, &rfds)) { ioh->fd_read(ioh->opaque); } - if (ioh->fd_write && FD_ISSET(ioh->fd, &wfds)) { + if (!ioh->deleted && ioh->fd_write && FD_ISSET(ioh->fd, &wfds)) { ioh->fd_write(ioh->opaque); } + + /* Do this last in case read/write handlers marked it for deletion */ + if (ioh->deleted) { + QLIST_REMOVE(ioh, next); + qemu_free(ioh); + } } } |