Commit 0290b57b authored by Stefan Hajnoczi's avatar Stefan Hajnoczi Committed by Anthony Liguori
Browse files

Delete IOHandlers after potentially running them 



Since commit 4bed9837 an .fd_read()
handler that deletes its IOHandler is exposed to .fd_write() being
called on the deleted IOHandler.

This patch fixes deletion so that .fd_read() and .fd_write() are never
called on an IOHandler that is marked for deletion.

Signed-off-by: default avatarStefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: default avatarAnthony Liguori <aliguori@us.ibm.com>
parent 2cc59d8c

vl.c

+8 −7
Original line number Diff line number Diff line
@@ -1249,17 +1249,18 @@ void main_loop_wait(int nonblocking) 
        IOHandlerRecord *pioh;



        QLIST_FOREACH_SAFE(ioh, &io_handlers, next, pioh) {

            if (ioh->deleted) {

                QLIST_REMOVE(ioh, next);

                qemu_free(ioh);

                continue;

            }

            if (ioh->fd_read && FD_ISSET(ioh->fd, &rfds)) {

            if (!ioh->deleted && ioh->fd_read && FD_ISSET(ioh->fd, &rfds)) {

                ioh->fd_read(ioh->opaque);

            }

            if (ioh->fd_write && FD_ISSET(ioh->fd, &wfds)) {

            if (!ioh->deleted && ioh->fd_write && FD_ISSET(ioh->fd, &wfds)) {

                ioh->fd_write(ioh->opaque);

            }



            /* Do this last in case read/write handlers marked it for deletion */

            if (ioh->deleted) {

                QLIST_REMOVE(ioh, next);

                qemu_free(ioh);

            }

        }

    }