From: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Date: Wed, 3 Nov 2010 14:29:44 +0000 (+0000)
Subject: Delete IOHandlers after potentially running them
X-Git-Tag: v0.14.0-rc0~450
X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=0290b57bdfec83ca78b6d119ea9847bb17943328;p=qemu-xen-4.4-testing.git

Delete IOHandlers after potentially running them

Since commit 4bed9837309e58d208183f81d8344996744292cf an .fd_read()
handler that deletes its IOHandler is exposed to .fd_write() being
called on the deleted IOHandler.

This patch fixes deletion so that .fd_read() and .fd_write() are never
called on an IOHandler that is marked for deletion.

Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
---

diff --git a/vl.c b/vl.c
index c58583da4..9ee6479b7 100644
--- a/vl.c
+++ b/vl.c
@@ -1249,17 +1249,18 @@ void main_loop_wait(int nonblocking)
         IOHandlerRecord *pioh;
 
         QLIST_FOREACH_SAFE(ioh, &io_handlers, next, pioh) {
-            if (ioh->deleted) {
-                QLIST_REMOVE(ioh, next);
-                qemu_free(ioh);
-                continue;
-            }
-            if (ioh->fd_read && FD_ISSET(ioh->fd, &rfds)) {
+            if (!ioh->deleted && ioh->fd_read && FD_ISSET(ioh->fd, &rfds)) {
                 ioh->fd_read(ioh->opaque);
             }
-            if (ioh->fd_write && FD_ISSET(ioh->fd, &wfds)) {
+            if (!ioh->deleted && ioh->fd_write && FD_ISSET(ioh->fd, &wfds)) {
                 ioh->fd_write(ioh->opaque);
             }
+
+            /* Do this last in case read/write handlers marked it for deletion */
+            if (ioh->deleted) {
+                QLIST_REMOVE(ioh, next);
+                qemu_free(ioh);
+            }
         }
     }