[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] ide: fix double free
From: |
Paolo Bonzini |
Subject: |
Re: [Qemu-devel] [PATCH] ide: fix double free |
Date: |
Wed, 02 Jul 2014 11:04:04 +0200 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0 |
Il 02/07/2014 10:50, address@hidden ha scritto:
> if (bus->dma->aiocb) {
> -#ifdef DEBUG_AIO
> - printf("aio_cancel\n");
> -#endif
> - bdrv_aio_cancel(bus->dma->aiocb);
> - bus->dma->aiocb = NULL;
> + bdrv_drain_all();
> + bdrv_flush_all();
> + assert(bus->dma->aiocb == NULL);
> }
This is definitely a heavyweight solution, and in fact the bug should
not be there in the first place. See dma_complete:
static void dma_complete(DMAAIOCB *dbs, int ret)
{
trace_dma_complete(dbs, ret, dbs->common.cb);
dma_bdrv_unmap(dbs);
if (dbs->common.cb) {
dbs->common.cb(dbs->common.opaque, ret);
}
qemu_iovec_destroy(&dbs->iov);
if (dbs->bh) {
qemu_bh_delete(dbs->bh);
dbs->bh = NULL;
}
if (!dbs->in_cancel) {
/* Requests may complete while dma_aio_cancel is in progress. In
* this case, the AIOCB should not be released because it is still
* referenced by dma_aio_cancel. */
qemu_aio_release(dbs);
}
}
Perhaps something like this?
diff --git a/dma-helpers.c b/dma-helpers.c
index 53cbe92..21b70d12 100644
--- a/dma-helpers.c
+++ b/dma-helpers.c
@@ -181,15 +181,15 @@ static void dma_aio_cancel(BlockDriverAIOCB *acb)
trace_dma_aio_cancel(dbs);
+ dbs->in_cancel = true;
if (dbs->acb) {
BlockDriverAIOCB *acb = dbs->acb;
dbs->acb = NULL;
- dbs->in_cancel = true;
bdrv_aio_cancel(acb);
- dbs->in_cancel = false;
}
dbs->common.cb = NULL;
dma_complete(dbs, 0);
+ qemu_aio_release(dbs);
}
static const AIOCBInfo dma_aiocb_info = {
- [Qemu-devel] [PATCH] ide: fix double free, arei.gonglei, 2014/07/02
- Re: [Qemu-devel] [PATCH] ide: fix double free,
Paolo Bonzini <=
- Re: [Qemu-devel] [PATCH] ide: fix double free, ChenLiang, 2014/07/02
- Re: [Qemu-devel] [PATCH] ide: fix double free, Paolo Bonzini, 2014/07/02
- Re: [Qemu-devel] [PATCH] ide: fix double free, Gonglei (Arei), 2014/07/02
- Re: [Qemu-devel] [PATCH] ide: fix double free, Paolo Bonzini, 2014/07/02
- Re: [Qemu-devel] [PATCH] ide: fix double free, ChenLiang, 2014/07/02
- Re: [Qemu-devel] [PATCH] ide: fix double free, Paolo Bonzini, 2014/07/02
- Re: [Qemu-devel] [PATCH] ide: fix double free, ChenLiang, 2014/07/02
- Re: [Qemu-devel] [PATCH] ide: fix double free, Paolo Bonzini, 2014/07/02
- Re: [Qemu-devel] [PATCH] ide: fix double free, ChenLiang, 2014/07/02
- Re: [Qemu-devel] [PATCH] ide: fix double free, Paolo Bonzini, 2014/07/02