Commit f094a78220187996e33ba5adce29789326cf6c3c
1 parent
f48c144e
Fix race in POSIX AIO emulation (Jan Kiszka)
When we cancel an AIO request that is already being processed by aio_thread, qemu_paio_cancel should return QEMU_PAIO_NOTCANCELED as long as aio_thread isn't done with this request. But as the latter currently updates aiocb->ret after every block of the request, we may report QEMU_PAIO_ALLDONE too early. Futhermore, in case some zero-length request should have been queued, aiocb->ret is never set to != -EINPROGRESS and callers like raw_aio_cancel could get stuck in an endless loop. Fix those issues by updating aiocb->ret _after_ the request has been fully processed. This also simplifies the locking. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6278 c046a42c-6fe2-441c-8c8c-71466251a162
Showing
1 changed file
with
2 additions
and
7 deletions
posix-aio-compat.c
| @@ -81,21 +81,16 @@ static void *aio_thread(void *unused) | @@ -81,21 +81,16 @@ static void *aio_thread(void *unused) | ||
| 81 | if (len == -1 && errno == EINTR) | 81 | if (len == -1 && errno == EINTR) |
| 82 | continue; | 82 | continue; |
| 83 | else if (len == -1) { | 83 | else if (len == -1) { |
| 84 | - pthread_mutex_lock(&lock); | ||
| 85 | - aiocb->ret = -errno; | ||
| 86 | - pthread_mutex_unlock(&lock); | 84 | + offset = -errno; |
| 87 | break; | 85 | break; |
| 88 | } else if (len == 0) | 86 | } else if (len == 0) |
| 89 | break; | 87 | break; |
| 90 | 88 | ||
| 91 | offset += len; | 89 | offset += len; |
| 92 | - | ||
| 93 | - pthread_mutex_lock(&lock); | ||
| 94 | - aiocb->ret = offset; | ||
| 95 | - pthread_mutex_unlock(&lock); | ||
| 96 | } | 90 | } |
| 97 | 91 | ||
| 98 | pthread_mutex_lock(&lock); | 92 | pthread_mutex_lock(&lock); |
| 93 | + aiocb->ret = offset; | ||
| 99 | idle_threads++; | 94 | idle_threads++; |
| 100 | pthread_mutex_unlock(&lock); | 95 | pthread_mutex_unlock(&lock); |
| 101 | 96 |