aio: fix qemu_bh_schedule() bh->ctx race condition
authorStefan Hajnoczi <stefanha@redhat.com>
Tue, 3 Jun 2014 09:21:01 +0000 (11:21 +0200)
committerMichael Roth <mdroth@linux.vnet.ibm.com>
Tue, 5 Aug 2014 18:35:17 +0000 (13:35 -0500)
commitdf54f5efed9b3be7f40e14113cc1f13f5889e644
tree4359e3aa4bc00c825a60a46eae12b541a00ae24a
parent0d38666664f9805535766c5d5feb5c849cf793db
aio: fix qemu_bh_schedule() bh->ctx race condition

qemu_bh_schedule() is supposed to be thread-safe at least the first time
it is called.  Unfortunately this is not quite true:

  bh->scheduled = 1;
  aio_notify(bh->ctx);

Since another thread may run the BH callback once it has been scheduled,
there is a race condition if the callback frees the BH before
aio_notify(bh->ctx) has a chance to run.

Reported-by: Stefan Priebe <s.priebe@profihost.ag>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Tested-by: Stefan Priebe <s.priebe@profihost.ag>
(cherry picked from commit 924fe1293c3e7a3c787bbdfb351e7f168caee3e9)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
async.c