From patchwork Fri May 27 09:46:58 2011
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: blockdbg: Fix Bottom Half deletion
Date: Thu, 26 May 2011 23:46:58 -0000
From: Kevin Wolf <kwolf@redhat.com>
X-Patchwork-Id: 97667
Message-Id: <1306489618-9397-1-git-send-email-kwolf@redhat.com>
To: qemu-devel@nongnu.org
Cc: kwolf@redhat.com

You can only delete a BH in its BH handler if you don't call a nested
qemu_bh_poll afterwards (the nested one would free the BH and the outer one
segfaults when returning from the BH handler).

To avoid this situation, first call the callback and only then delete the BH.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>

---
block/blkdebug.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/block/blkdebug.c b/block/blkdebug.c
index cd9eb80..45bbab8 100644
--- a/block/blkdebug.c
+++ b/block/blkdebug.c
@@ -316,8 +316,8 @@ static int blkdebug_open(BlockDriverState *bs, const char *filename, int flags)
 static void error_callback_bh(void *opaque)
 {
     struct BlkdebugAIOCB *acb = opaque;
-    qemu_bh_delete(acb->bh);
     acb->common.cb(acb->common.opaque, acb->ret);
+    qemu_bh_delete(acb->bh);
     qemu_aio_release(acb);
 }