[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH] Fix race in POSIX AIO emulation
|
From: |
Jan Kiszka |
|
Subject: |
[Qemu-devel] [PATCH] Fix race in POSIX AIO emulation |
|
Date: |
Fri, 19 Dec 2008 13:38:36 +0100 |
|
User-agent: |
Mozilla/5.0 (X11; U; Linux i686 (x86_64); de; rv:1.8.1.12) Gecko/20080226 SUSE/2.0.0.12-1.1 Thunderbird/2.0.0.12 Mnenhy/0.7.5.666 |
When we cancel an AIO request that is already being processed by
aio_thread, qemu_paio_cancel should return QEMU_PAIO_NOTCANCELED as long
as aio_thread isn't done with this request. But as the latter currently
updates aiocb->ret after every block of the request, we may report
QEMU_PAIO_ALLDONE too early.
Futhermore, in case some zero-length request should have been queued,
aiocb->ret is never set to != -EINPROGRESS and callers like
raw_aio_cancel could get stuck in an endless loop.
Fix those issues by updating aiocb->ret _after_ the request has been
fully processed. This also simplifies the locking.
Signed-off-by: Jan Kiszka <address@hidden>
---
posix-aio-compat.c | 9 ++-------
1 files changed, 2 insertions(+), 7 deletions(-)
diff --git a/posix-aio-compat.c b/posix-aio-compat.c
index 92ec234..c919e3b 100644
--- a/posix-aio-compat.c
+++ b/posix-aio-compat.c
@@ -81,21 +81,16 @@ static void *aio_thread(void *unused)
if (len == -1 && errno == EINTR)
continue;
else if (len == -1) {
- pthread_mutex_lock(&lock);
- aiocb->ret = -errno;
- pthread_mutex_unlock(&lock);
+ offset = -errno;
break;
} else if (len == 0)
break;
offset += len;
-
- pthread_mutex_lock(&lock);
- aiocb->ret = offset;
- pthread_mutex_unlock(&lock);
}
pthread_mutex_lock(&lock);
+ aiocb->ret = offset;
idle_threads++;
pthread_mutex_unlock(&lock);
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Qemu-devel] [PATCH] Fix race in POSIX AIO emulation,
Jan Kiszka <=