From patchwork Mon Aug 23 00:55:23 2010 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoshiaki Tamura X-Patchwork-Id: 62420 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.gnu.org (lists.gnu.org [199.232.76.165]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by ozlabs.org (Postfix) with ESMTPS id 27D34B70AA for ; Mon, 23 Aug 2010 10:59:15 +1000 (EST) Received: from localhost ([127.0.0.1]:41651 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1OnLNY-0001tJ-KZ for incoming@patchwork.ozlabs.org; Sun, 22 Aug 2010 20:59:12 -0400 Received: from [140.186.70.92] (port=53459 helo=eggs.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1OnLMI-0001UJ-P8 for qemu-devel@nongnu.org; Sun, 22 Aug 2010 20:57:55 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.69) (envelope-from ) id 1OnLMH-0001Nd-Ix for qemu-devel@nongnu.org; Sun, 22 Aug 2010 20:57:54 -0400 Received: from sh.osrg.net ([192.16.179.4]:34425) by eggs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1OnLMH-0001Mn-48 for qemu-devel@nongnu.org; Sun, 22 Aug 2010 20:57:53 -0400 Received: from fs.osrg.net (postfix@fs.osrg.net [10.0.0.12]) by sh.osrg.net (8.14.3/8.14.3/OSRG-NET) with ESMTP id o7N0vYD4004375; Mon, 23 Aug 2010 09:57:35 +0900 Received: from localhost (hype-nh0.osrg.net [10.72.1.48]) by fs.osrg.net (Postfix) with ESMTP id 7414F3E00A4; Mon, 23 Aug 2010 09:57:34 +0900 (JST) From: Yoshiaki Tamura To: qemu-devel@nongnu.org Date: Mon, 23 Aug 2010 09:55:23 +0900 Message-Id: <1282524923-2368-1-git-send-email-tamura.yoshiaki@lab.ntt.co.jp> X-Mailer: git-send-email 1.7.1.1 X-Dispatcher: imput version 20070423(IM149) Lines: 34 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-3.0 (sh.osrg.net [192.16.179.4]); Mon, 23 Aug 2010 09:57:36 +0900 (JST) X-Virus-Scanned: clamav-milter 0.96.1 at sh X-Virus-Status: Clean X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 2) Cc: corentincj@iksaif.net, aliguori@us.ibm.com, Yoshiaki Tamura Subject: [Qemu-devel] [PATCH] vl.c: set NULL upon deleting handlers in qemu_set_fd_handler2() X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Currently qemu_set_fd_handler2() is only setting ioh->deleted upon deleting. This may cause a crash when a read handler calls qemu_set_fd_handler2() to delete handlers, but a write handler is still invoked from main_loop_wait(). Because main_loop_wait() checks handlers before calling, setting NULL upon deleting will protect handlers being called if already deleted. One example is the new threaded vnc server. When an error occurs in the context of a read handler, it'll releases resources and deletes handlers. However, because the write handler still exists, it'll be called, and then crashes because of lack of resources. This patch fixes it. Signed-off-by: Yoshiaki Tamura Reviewed-by: Corentin Chary --- vl.c | 2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) diff --git a/vl.c b/vl.c index ccc8d57..7ae69ab 100644 --- a/vl.c +++ b/vl.c @@ -966,6 +966,8 @@ int qemu_set_fd_handler2(int fd, QLIST_FOREACH(ioh, &io_handlers, next) { if (ioh->fd == fd) { ioh->deleted = 1; + ioh->fd_read = NULL; + ioh->fd_write = NULL; break; } }