From: Paolo Bonzini <pbonzini@redhat.com>
Date: Thu, 27 Sep 2012 13:57:43 +0000 (+0530)
Subject: aio: Another fix to the walking_handlers logic
X-Git-Tag: v1.3.0-rc0~394^2~25
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=2db2bfc0ccac5fd68dbf0ceb70fbc372c5d8a8c7;p=thirdparty%2Fqemu.git

aio: Another fix to the walking_handlers logic

The AIO dispatch loop will call QLIST_REMOVE and g_free even if there
are other pending calls to qemu_aio_wait outside the current one.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Bharata B Rao <bharata@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---

diff --git a/aio.c b/aio.c
index 99b8b722631..c738a4e15d6 100644
--- a/aio.c
+++ b/aio.c
@@ -159,14 +159,14 @@ bool qemu_aio_wait(void)
 
     /* if we have any readable fds, dispatch event */
     if (ret > 0) {
-        walking_handlers++;
-
         /* we have to walk very carefully in case
          * qemu_aio_set_fd_handler is called while we're walking */
         node = QLIST_FIRST(&aio_handlers);
         while (node) {
             AioHandler *tmp;
 
+            walking_handlers++;
+
             if (!node->deleted &&
                 FD_ISSET(node->fd, &rdfds) &&
                 node->io_read) {
@@ -181,13 +181,13 @@ bool qemu_aio_wait(void)
             tmp = node;
             node = QLIST_NEXT(node, node);
 
-            if (tmp->deleted) {
+            walking_handlers--;
+
+            if (!walking_handlers && tmp->deleted) {
                 QLIST_REMOVE(tmp, node);
                 g_free(tmp);
             }
         }
-
-        walking_handlers--;
     }
 
     return true;